Re: [zones-discuss] VCS failover of non-global zones between systems.
Peter Wilk wrote: This implies that both (all) systems in the cluster MUST be at identical patch levels. Yes, you want this. Does Sun support the migration of zones from one machine to another via this technique? Is there an official position? A note that Sun Cluster 3.1 08/05 offers what appears to be similar to what you describe - so seems to be a common way to go with current capabilities... http://docs.sun.com/app/docs/doc/819-2664/6n4uhp5gm?q=zone+patcha=view /jason Thanks Peter ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] VCS failover of non-global zones between systems.
Hi, This procedure was changed in the release notes. Modifying /etc/zones/index or the zonname.xml is unsupported. Keep in mind, that the comments in these files tell you to keep your hand off. Kind regards Detlef Ulherr On Fri, May 12, 2006 at 10:23:42AM -0400, Jason Schroeder wrote: Peter Wilk wrote: This implies that both (all) systems in the cluster MUST be at identical patch levels. Yes, you want this. Does Sun support the migration of zones from one machine to another via this technique? Is there an official position? A note that Sun Cluster 3.1 08/05 offers what appears to be similar to what you describe - so seems to be a common way to go with current capabilities... http://docs.sun.com/app/docs/doc/819-2664/6n4uhp5gm?q=zone+patcha=view /jason Thanks Peter ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org -- ~~ NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ~~ * Detlef Ulherr Project Engineer Tel: (++49 6103) 752-248 Client Solutions Fax: (++49 6103) 752-167 Sun Microsystems GmbH Amperestraße 6 mailto:[EMAIL PROTECTED] 63225 Langen http://www.sun.de/ * ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] query re zones and trusted solaris
Enda o'Connor - Sun Microsystems Ireland - Software Engineer writes: What is the impact on the use of non-global zones and trusted Solaris? i.e. if I install trusted Solaris, are there any restrictions on the use of non-global zones, expecially with respect to networking? In effect, you can't use any independent zones on a Solaris system with TX (Trusted Extensions) installed. Each zone on a TX system represents a security label. The system as a whole (the global zone and _all_ of the non-global zones) appears as a unified system with multiple labels to the user. This means that zones on a TX system are essentially an implementation detail, and can't be used to create independent Solaris environments. -- James Carlson, KISS Network[EMAIL PROTECTED] Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: Non-global zone sending TCP SYN-ACK packet over
Tobias Oberstein writes: One more Q: does stateful IPF work if I'd connect e1000g0-3 to a LACP-capable Switch and combine the ifcs using Solaris 10 1/06 link aggregation to a logical, aggregated interface? Yes, assuming that driver is supported for aggregation. In that case, you'll have the 'ipf' module plumbed atop the 'aggr0' driver, so you'll have a single stream. If you were to use the older Sun Trunking solution, it would work only if there were a single IP stream plumbed for the trunk. -- James Carlson, KISS Network[EMAIL PROTECTED] Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] query re zones and trusted solaris
Enda o'Connor - Sun Microsystems Ireland - Software Engineer writes: I was looking at a box this am that was setup with this scenario, and the non-global zones were apparently not able to see outside the box, they could ping the global etc, but nothing else. Guess that explains that then, need to familarise myself with TX. The situation is a bit complicated, and you should talk with the Rampart team to get some help with it. The non-global zones can have a mix of shared network connectivity and local IP addresses. The latter are typically used for multi-level services contained within a zone, but could be used for other things. For the shared IP address(es), packets are distinguished by the IP security label option. Each zone has a label, and the label on the packet maps it to a particular zone. -- James Carlson, KISS Network[EMAIL PROTECTED] Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] patching a full non-global zone solaris 10 1/06
Hi Peter I know that there are problems with the patch clusters at present see bug-id 6407693 06.04.01 S10 Recommended Cluster has an incorrect patch install order basically 119254-19 is being installed before it's required patches, which leads to it not installing. Possibly this might have caused some problems for you Do you have a log of the recommended cluster installation? I have installed this patch to whole-root zones and not seen any issues, I suspect that somehow the patch utiltis patch dod not install before 118712? Enda Peter Wilk wrote: IHAC that has a full non-global zone and is having an issue patching the zone. Customer goes to install the recommended patch list and it installs on the global zone fine. On the full non-global zone he gets errors similiar tothe following: sedona% more 118712-09.log.9307 Package not patched: PKG=SUNWpfb.u Original package not installed. Package not patched: PKG=SUNWpfb.us Original package not installed. This appears to be an attempt to install the same architecture and version of a package which is already installed. This installation will attempt to overwrite this package. Dryrun complete. No changes were made to the system. This appears to be an attempt to install the same architecture and version of a package which is already installed. This installation will attempt to overwrite this package. Dryrun complete. No changes were made to the system. This appears to be an attempt to install the same architecture and version of a package which is already installed. This installation will attempt to overwrite this package. pkgadd: ERROR: unable to create unique temporary file /usr/lib/fbconfig/SUNWpfb_configIxaOBs: (3 0) Read-only file system Installation of SUNWpfbcf partially failed. * I seen calls in sunsolve that seem similiar and they point to patch 119254-19 Title: SunOS 5.10: Install and Patch Utilities Patch. Customer is at release 19 on the global zone. So, is this a known issue or if not what is the correct procedure to patch a full non-global zone Thanks Peter Please respond to me directly for I may not be on this alias ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] query re zones and trusted solaris
James Carlson wrote: Enda o'Connor - Sun Microsystems Ireland - Software Engineer writes: I was looking at a box this am that was setup with this scenario, and the non-global zones were apparently not able to see outside the box, they could ping the global etc, but nothing else. Guess that explains that then, need to familarise myself with TX. The situation is a bit complicated, and you should talk with the Rampart team to get some help with it. The non-global zones can have a mix of shared network connectivity and local IP addresses. The latter are typically used for multi-level services contained within a zone, but could be used for other things. For the shared IP address(es), packets are distinguished by the IP security label option. Each zone has a label, and the label on the packet maps it to a particular zone. Hi James/Jarrett Thanks for the info. Will be brushing up on my TX! Enda ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] patching a full non-global zone solaris 10 1/06
Enda, if you want to check here are all the files /net/cores.central/cores/dir23/65009511 sedona% ls * 119689-07.log.22068 118712-09.log.9307119985-02.log.8349 118822-30.log.9404121308-03.log.18339 118918-14.log.27743 122032-02.log.13334 119059-11.log.29911 NCB-patch-logs.tar.gz 119254-19.log.6615README.cores_server_policy 119578-18.log.15160 Solaris_10_Recommended_Patch_Cluster_log 119596-03.log.4724 Peter Enda o'Connor - Sun Microsystems Ireland - Software Engineer wrote On 05/12/06 11:57,: Hi Peter I know that there are problems with the patch clusters at present see bug-id 6407693 06.04.01 S10 Recommended Cluster has an incorrect patch install order basically 119254-19 is being installed before it's required patches, which leads to it not installing. Possibly this might have caused some problems for you Do you have a log of the recommended cluster installation? I have installed this patch to whole-root zones and not seen any issues, I suspect that somehow the patch utiltis patch dod not install before 118712? Enda Peter Wilk wrote: IHAC that has a full non-global zone and is having an issue patching the zone. Customer goes to install the recommended patch list and it installs on the global zone fine. On the full non-global zone he gets errors similiar tothe following: sedona% more 118712-09.log.9307 Package not patched: PKG=SUNWpfb.u Original package not installed. Package not patched: PKG=SUNWpfb.us Original package not installed. This appears to be an attempt to install the same architecture and version of a package which is already installed. This installation will attempt to overwrite this package. Dryrun complete. No changes were made to the system. This appears to be an attempt to install the same architecture and version of a package which is already installed. This installation will attempt to overwrite this package. Dryrun complete. No changes were made to the system. This appears to be an attempt to install the same architecture and version of a package which is already installed. This installation will attempt to overwrite this package. pkgadd: ERROR: unable to create unique temporary file /usr/lib/fbconfig/SUNWpfb_configIxaOBs: (3 0) Read-only file system Installation of SUNWpfbcf partially failed. * I seen calls in sunsolve that seem similiar and they point to patch 119254-19 Title:SunOS 5.10: Install and Patch Utilities Patch. Customer is at release 19 on the global zone. So, is this a known issue or if not what is the correct procedure to patch a full non-global zone Thanks Peter Please respond to me directly for I may not be on this alias ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org