Re: [zones-discuss] Zone associated to which pool
there is one more command we can do it with .. #zlogin zonename poolstat will also show that .. i want to get that information without loging to the zone and the pools are not yet added to zonecfg . :-) ksh: for z in $(zoneadm list); do print -n $z\t; poolbind -q $(pgrep -xz $z init) | cut -f 2;done ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Get users associated to projects
Ketan wrote: I have 3 projects for 3 oracle instances and 10-15 users associated with different projects is there any way i can list the users associated with all the projects .. i know one method of id -p but for that i have to su to each user The system was handed over to me configured by external vendor and how do we associate a new user to existing project ? projects username shows you the projects to which a user belongs. Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Get users associated to projects
Menno Lageman wrote: Ketan wrote: I have 3 projects for 3 oracle instances and 10-15 users associated with different projects is there any way i can list the users associated with all the projects .. i know one method of id -p but for that i have to su to each user The system was handed over to me configured by external vendor and how do we associate a new user to existing project ? projects username shows you the projects to which a user belongs. ... and 'projects -l' shows you all projects and their users (which is probably what you want because 'projects username' requires you to know the user names). Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Using zones for simple usage
type in something like this # pkg set-authority -P global crossbow and voila! Everything is done. The server could even be disconnected from the internet and ipkg zones would still install because they use crossbow to download their packages from the repository in the global zone. Any latency issues with installing IPS packages are now also resolved. We in the OpenSolaris community just need to lobby Sun's developers to implement something like this and I think it would be a huge win for everyone. Then the just released OpenSolaris Release Repository Image would be of interest to you: -8-- OpenSolarisTM 2009.06 Release Repository Image 1. Overview For some deployments, direct access to the repository at http://pkg.opensolaris.org/release is not possible, or provides insufficient performance. This product contains the package metadata and content to allow the construction of a local copy of the release/ repository, which can then be made available on the local system or over a private network to other systems. It can be installed on multiple systems, which can in turn be configured as mirrors, to increase the available aggregate resources available to packaging clients. -8-- More at http://www.genunix.org/dist/indiana/README.osol-repo Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] cli zone configuration
On 06/12/09 21:13, Patrick J. McEvoy wrote: Folks, I am trying to configure zones by running a series of commands because I want to script setting up zones. The man page for zonecfg only shows interactive examples, and the PDF documentation suggests exporting a config, then editing it, then using zonecfg -f. I don't want to write expect scripts or edit files -- I just want to run some commands to create and modify zones. For the global scope, this works: zonecfg -z zfoo set zonepath=/zonefs/zfoo But for other scopes I can't find an invocation that works. For example, if I would do this interactively: zonecfg:zfoo add net zonecfg:zfoo:net set physical=foonic0 zonecfg:zfoo:net end zonecfg:zfoo how would I do it non-interactively? I can't find any invocation of zonecfg that lets me both specify scope and set a property. This works, but is dorky: printf add net\nset physical=foonic0\nend\n | zonecfg -z zfoo So...is there any good general way to configure zones by running a command or series of commands? You can do that like this: # zonecfg -z foo 'create; set zonepath=/zones/foo; add net; set physical=e1000g0; set address=192.168.1.123/24; end' (Insert a ; where you would use the enter key in interactive mode.) Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] cli zone configuration
On 06/12/09 22:39, Patrick J. McEvoy wrote: menno, flippedb, Sweet! The semi-colon-spearated list of commands works perfectly. How do I file an RFE to add that to the man page? You can file the bug at http://bugs.opensolaris.org. Category solaris/manpage, subcategory section1m. Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] S10 brand spec.
On 05/12/09 13:28, Jerry Jelinek wrote: Enclosed is a first draft of a spec. for the S10 brand which we plan to submit for a PSARC inception review. Please send us any comments or questions. Thanks, Jerry Hi Jerry, Cool stuff! A couple of questions: - it is stated that the minimum supported S10 release in a branded container is S10U8. What is the plan for migrating from S10 releases below U8? Will the update on attach feature be able to update pre-U8 systems and/or zones? Or should the source system/zones be upgraded to U8 first? - can multiple versions of the Solaris 10 brand coexist? I.e if a future Solaris 10 version requires a newer version of the brand to run, will existing zones running an earlier Solaris version still run with their current required version of the brand? Or must they be upgraded in some way? Cheers, Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] S10 brand spec.
On 05/12/09 14:20, Jerry Jelinek wrote: It wouldn't really be multiple versions of the brand. The idea is that any enhancements to the brand module will need to continue to support all versions of S10 that are supported in the zone (i.e. S10u8 and beyond). So, there may be conditional code in the brand module to determine which KU is installed in a specific zone so that the emulation would behave differently based on that. Thats what we're trying to describe in the 'versioning' section of the spec. If that seems confusing we can try to clarify it. Thanks, that clears it up. Adding some text at the start of the Versioning section that newer versions of the brand will provide compatibility for older versions of the brand would help I think. Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Reconfig of existing Zone
Michael Barto wrote: After you create a zone, can you later set up CPU caps, numbers of CPU's, memory and any of the other parameters. Is there list of what cannot be change after its creation? Yes, you can change those after zone creation. About the only thing you can't change afterwards is the 'sparseness' of the zone. You cannot change a sparse root zone into a whole root zone and vice versa, without reinstalling the zone. Menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] heads-up: zlogin fails if root has no password (nv105)
Steffen Weiberle wrote: For my test zones, I usually don't set a password via /etc/sysidcfg. Usually I don't configure ssh to allow root login, and the zones are configured with limited network services (secure by default), so I don't worry. With build 105 (the one with Crossbow integrated), all of a sudden zlogin fails if the zone does not have a root password. The error is an incorrect password type of message. # zlogin master [Connected to zone 'master' pts/4] Login incorrect So does logging in on the console. The error messages for this on the console are: Jan 5 15:04:33 master login: pam_unix_account: zlogin: empty password not allowed for account root from local host Jan 5 15:04:33 master login: login account failure: Permission denied Is this intentional, or a side effect (especially for zlogin)? I looked for a flag day and did not find one. Not sure how long this has been happening. I don't remember it with 101[a]. If not intentional, I can file a bug. It's intentional and present since build 104. See http://opensolaris.org/os/community/on/flag-days/pages/2008111501/ Menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] whole root zones in nv_98?
On 10/12/08 01:14, John Stanford wrote: Hi, I recently tried to use zonemgr 1.8.1 to install a whole root zone (for a database) on nv_98, and it errored out: -bash-3.2# ./zonemgr-1.8.1.sh -a add -t w -n ultra1z3 -z /zones -P extrap01ate -I 192.168.1.203|skge0|24|ultra1z3 Checking to see if the zone IP address (192.168.1.203) is already in use...IP is available. On line 4 of /root/.zonemgr/zone1197: remove inherit-pkg-dir: No such resource with that id Error: Error configuring ultra1z3, return value: 0 Use -h flag to see proper usage or -l flag to see the license. [...] It appears that something has changed since Sol10 (and maybe earlier versions of OpenSolaris with the way the default zone spec is defined. Here is the config from a sparse zone created with zonemgr using -t s: -bash-3.2# zonecfg -z ultra1z1 info zonename: ultra1z1 zonepath: /zones/ultra1z1 brand: ipkg autoboot: true bootargs: pool: limitpriv: scheduling-class: ip-type: shared net: address: 192.168.1.201/24 physical: skge0 defrouter not specified attr: name: comment type: string value: Zone ultra1z1 -bash-3.2# So, two questions: 1) What has changed between Solaris 10 and nv_98 (relevant to this issue of course)? John, OpenSolaris 2008.05 has introduced a new zone brand, ipkg, which is different from the native zones in Solaris 10. (I'm not familiar with Zone Manager, so I don't know if it supports ipkg zones.) 2) Since I don't have any inherit_pkg_dir entries when I use the -t s argument, am I creating a full zone by default? No, the ipkg brand has no concept of sparse root or whole root zones. ipkg zones are not sparse, but still smaller than the traditional whole root zones in Solaris 10. See Dan Price's Field Guide to Zones in OpenSolaris 2008.05 (http://blogs.sun.com/dp/date/20080512) for more information. Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Confirming Zone running Container
On 10/02/08 22:42, Nicolas Dorfsman wrote: Phillip, Le 2 oct. 08 à 22:38, Bruce, Phillip a écrit : Mike, Using zonecfg command can ONLY be used at the global zone level not at the container level. [EMAIL PROTECTED]:/var/adm# zonecfg zonecfg can only be run from the global zone. What are you trying to do exactly ? The Mike's tip need to be used on the global-zone AND a non-global zone reboot is mandatory. Actually, the reboot is not mandatory: [EMAIL PROTECTED] # touch /zones/aap/root/etc/globalname [EMAIL PROTECTED] # mount -F lofs -o ro /etc/nodename \ /zones/aap/root/etc/globalname [EMAIL PROTECTED] # zlogin aap cat /etc/globalname blondie Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Per-process/user resource limits within zones
Lewis Thompson wrote: Hi Zones experts :) I have a query regarding specifying per-process and/or per-user resource limits within local zones Having read the FAQ at http://www.opensolaris.org/os/community/zones/faq/ I get the impression that resource limits within zones are either: 1. defined with zonecfg when creating/updating the zone 2. by adding a zone to a resource pool and manipulating that way What I am not clear on is: whether a local zone can have an /etc/project file of its own; Yes, a zone has an /etc/project of its own. The zone.* resource controls are defined at the zone level by the global zone admin (in the global zone). The non-global zone admin can define project.*, task.* and process.* rctls inside the zone. If a zone version of the resource control exists, this will clamp the project version; i.e. if zone.max-lpws is set to 1000, setting project.max-lwps to 2000 in /etc/project in the zone is legal, but the max number of lwps for the while zone is limited to 1000. Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] can non-zones see less RAM than global?
Anne Moore wrote: I doubt it. If Oracle is taking 1/2 of physical memory by default, it will probably do so whether you have 4GB or 40GB. Probably so. But I'm using Zones here, so it may be a different story all together. page 94 of http://www.sun.com/blueprints/0505/819-2679.pdf has tunables for Oracle 9 Thanks. I'm using Oracle 10g 2. I'll see if I can find a article for that. (Unfortunately, I don't have a sun solve service plan!) For Oracle 10g you'll probably want to look at the sga_target and sga_max_size initialization parameters to limit Oracle's use of memory. Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] libvirt for Zones
Now that we have libvirt support for both xVM and LDoms, are there any plans to add libvirt support for Zones too? Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] FYI: fixes for IP Instances using ce NICs now on OpenSolaris and coming in Nevada/Solaris Express build 80
Robert Milkowski wrote: Hello Steffen, Friday, December 21, 2007, 1:05:53 PM, you wrote: SW [attempt to bcc this alias seemed to have failed] SW If you have been waiting for the fixes to be able to use IP Instances SW with the GigaSwift NICs (ce), they are now in OpenSolaris, and I have SW tested them with Nevada build 80, currently available within Sun. I SW don't know when build 80 ISOs will be on opensolaris.org. The bits have SW to go through at least four to six week soak testing in Nevada before a SW back port to Solaris 10 can be released. http://sunsolve.sun.com/search/document.do?assetkey=1-21-118777-12-1 Problem Description: 6606507 ce driver needs to work with Solaris 10 IP Instances Well, according to patch 118777-12 CR 6606507 is fixed by it. I guess it's a mistake... ??? Robert, You'll also need the fix for: 6616075 ce driver needs to work with solaris 10 IP Instances (ON part). That is de zoneadmd part of the fix. As far as I can see there is no Solaris 10 patch for that yet. Patch 118777-12 the ce driver part of the fix. Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Changing the output of uname for all zones from within a zone
Bernd Schemmer wrote: Hi, (second try; my email to the list seems to got lost) Using sloggi (http://www.roqe.org/sloggi/ http://www.roqe.org/sloggi/) I can change the output of uname for all zones (including the global zone) from within a zone: global zone [Mon Dec 31 17:36:11 [EMAIL PROTECTED] /export/install/profiles/sol3] # uname -a SunOS sol9 5.11 snv_78 sun4u sparc sun4u sunstudio12 zone [Mon Dec 31 17:36:23 [EMAIL PROTECTED] /] # uname -a SunOS sunstudio12 5.11 snv_78 sun4u sparc sun4u gcc zone [Mon Dec 31 17:37:12 [EMAIL PROTECTED] /] # uname -a SunOS gcc 5.11 snv_78 sun4u sparc sun4u sunstudio12 zone [Mon Dec 31 17:37:34 [EMAIL PROTECTED] /] # slogctl -s MyOS MyOS sol9 5.11 snv_78 sun4u sunstudio12 zone [Mon Dec 31 17:37:37 [EMAIL PROTECTED] /] # uname -a MyOS sol9 5.11 snv_78 sun4u sparc sun4u gcc zone [Mon Dec 31 17:37:18 [EMAIL PROTECTED] /] # uname -a MyOS sol9 5.11 snv_78 sun4u sparc sun4u global zone [Mon Dec 31 17:36:12 [EMAIL PROTECTED] /export/install/profiles/sol3] # uname -a MyOS sol9 5.11 snv_78 sun4u sparc sun4u The sloggi module was installed before creating the zones; the zones are all sparse zones. I think this is a bug. It is a bug. In sloggi. It does not properly virtualize the uname data; it only has a single copy of its fake uname struct. So when you change the data using slogctl it shows up everywhere, even in the global zone. Which is what I assume, you think to be the bug: the fact that you change data in the global zone form a non-global zone. But that is just what you asked for by loading the sloggi kernel module. It hooks the uname system call so there is nothing Solaris can do for you after that... Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zone.max-processes
Steve Lawrence wrote: We have a generic rctl/global-zone safety issue that needs to be addressed. It would seem simple enough to just make project 0 processes in the global zone exempt from zone rctls. This would allow apps in the global zone to be capped without affecting system daemons. The rational is that system daemons need resources or the system can become unusable. The hole in this solution is that, by default, root logins join the user.root project. A fix could be to make root's default project system instead of user.root. This would be a significant change. Another option would be to document that admin's change root's default project to system if configuring rctls on the global zone. We could even print a warning if configuring via zonecfg -z global. Comments? Steve, making only the system project exempt from the zone rctl to ensure proper system operation seems reasonable to me. I am not sure about the 'make the system project root's default project' bit. We don't do that for zone.max-lwps, do we? Setting zone.max-lwps too low in the global zone will render the system as unusable as when setting zone.max-processes too low, yet we don't cater specifically for the well being of the system in the zone.max-lwps case, so why do it for zone.max-processes? We threaten the admin with fire and brimstone when he/she sets max-lwps using zonecfg, but other than that, we do nothing else. Given that the intended use of zone.max-processes is mainly for non-global zones, I think it is reasonable to expect that the majority of admins won't be setting zone.* rctls on the global zone. Preventing those that want to from doing so by making the global zone exempt from the zone rctl seems overly protective. The current warning by zonecfg(1M) and a new stern warning in the zonecfg(1M) man page should suffice to make the admin aware of the dangers. So the only thing exempt from project.max-processes and zone.max-processes would be processes in the system project in the global zone for the reason you stated. For non-global zones, the zone limit will be an unconditional limit (no exemption for anyone since the rctl is meant to protect the system and other non-global zones from a rogue zone). Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Default and max values for new rctls
Jeff Victor wrote: What are the default and maximum values for the new zone-specific resource controls: zone.max-shm-memory zone.max-shm-ids zone.max-msg-ids zone.max-sem-ids Jeff, These resource controls have no 'privileged' limit by default, only a 'system' limit, so the default value is unlimited. The maximum for the max-*-ids resource controls is IPC_IDS_MAX (16.8M), for max-shm-memory the maximum is UINT64_MAX (16 EB). Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] silent zone install?
Russ Petruzzelli wrote:
Hello Huafeng Lu and zone-mgr script authors,
After several attempts, I have identified why the zonemgr script
(zonemgr-1.8.1.sh) is not finishing a silent OS installation for me.
zonemgr is in fact creating a sysidcfg file. However there is one line
that it burps on...
name_service=DNS {domain_name=red.iplanet.com
name_server=mf-usca19-12}
This is what works for me in SWAN...
name_service=NIS {domain_name=red.iplanet.com
name_server=mf-usca19-12(192.18.56.149)}
I'm not sure how to modify the script to get it to use NIS rather than
DNS, and to put the name-server's IP on the line.
Is there maybe something else that will allow DNS to work in the
script? For instance, if /etc/hosts had the nameserver's entry hostname/IP?
Is the hostname of your zone present in DNS? I seem to remember that the
sysid tools try to resolve the hostname and that they will go
interactive if the name can't be resolved by the name server you specified.
Menno
--
Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] Default RM controls for Containers?
Jeff Victor wrote:
Here we have a difficult non-technical decision to make. Which is
'better':
1) No out-of-the-box controls - the current situation. The
unsuspecting zone creator will unwittingly allow DoS attacks by zones
until it becomes clear that RM controls should be used, either through
education or a negative experience. Possible solutions to this include
A) One enable-RM knob which applies defaults that can be overridden
B) Templates that have default RM controls
C) Others
2) Out-of-the-box controls: all zones have default RM controls unless
the creator overrides those controls. These values would be generous
enough to prevent DoS attacks and the effects of very badly written
software, but not affect most workloads, as Mads suggests. Templates
could also be added to enable simple RM tuning.
On the premise that we're trying to give the regular[1] Zones user a
good, default RM setup, I'd vote for option 2 ('safe' OOB controls).
Experienced users that have more insight into what good values for their
zones should be, can override these defaults if needed. Which of course
leads to the question what the default out-of-the-box values should be.
This might be the hardest part.
Menno
[1] someone who has no in-depth knowledge of/experience with Zones and
Resource Management and just needs a zone to run his applications in.
--
Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] How to tell if you're in a zone
James Falkner wrote: What's the best way to determine if you're in a sparse root local zone vs. a whole root local zone? Merely the presence of loopback-mounted OS filesystems like /usr? It would seem pkgcond for the tool for that: $ pkgcond no condition to check specified; usage is: pkgcond [-nv] condition [ option(s) ] command options: -n - negate results of condition test -v - verbose output of condition testing condition may be any one of: can_add_driver [path] can_remove_driver [path] can_update_driver [path] is_alternative_root [path] is_boot_environment [path] is_diskless_client [path] is_global_zone [path] is_mounted_miniroot [path] is_netinstall_image [path] is_nonglobal_zone [path] is_path_writable path is_running_system [path] is_sparse_root_nonglobal_zone [path] is_what [path] is_whole_root_nonglobal_zone [path] option(s) are specific to the condition used pkgcond -? - Shows this help message It doesn't have a man page (at least on my system), so it might not be a stable interface for general consumption though... Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zone deporting question
Krzys wrote: I have a question. Is there a way to deport running zone? Yeah I know what I am talking about... please read to see what I want to acomplish. Ok, I have aproduction zone running. It is all set on zfs pool, so what I wanted to do is to duplicate my curent environment without actually bringing it down... I did try to create a snap of my zone. I did then move it to a different system via zfs send/receive option. So I had file system all set and ready to go, but I was not able to import my zone since I did not have SUNWdetached.xml in there. Is there any way to make a clone of a zone (since I have it on zfs) and then import it somehow on a different system? I was even trying to recreate zone using config file, but when I got to the poit of setting it up on a partition it complaioned that already root directory exists in that path... Hi, if you are using a recent build of Nevada ( 48-ish) you can create SUNWdefault.xml by performing a dry-run detach of your zone. This does not require the zone to be stopped and it will output the manifest to stdout. Save this output as SUNWdetached.xml in your new zonepath and create and attach the zone there. So something like this should do the trick: (src) # zoneadm -z myzone detach -n /tmp/SUNWdetached.xml (src) # scp /tmp/SUNWdetached.xml [EMAIL PROTECTED]:/zones/myzone (target) # zonecfg -z myzone create -a /zones/myzone (target) # zoneadm -z myzone attach (target) # zoneadm -z myzone boot (assuming that your new zone's zonepath is at /zones/myzone). Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [nfs-discuss] Re: [sysadmin-discuss] NFS server in zones
Robert Gordon wrote: So could we all agree that: An NFS Server in a zone means that the namespace it exports is restricted to that zone only. By that i mean no global zone access to that namespace, nor would that namespace be re-exported within another NFS Server zone instance ? I have some trouble parsing that, but my perception of the desired behaviour is: - a zone can only export resources that are within that zone (i.e. everything below it's zonepath), - a resource exported from a zone, may not at the same time be exported from the global zone; i.e. if zone a exports /export/foo then /zones/a/root/export/foo may not be exported by the global zone) - zone A and zone B may both export their own /export/foo since those are two distinct resources. -- Menno Lageman http://blogs.sun.com/menno Sun Microsystems ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Defining Multiple RCTL Entries in Zone Config
Ben Rockwood wrote: I'm interested in adding multiple entries for a single rctl that have diffrent actions to a zone config. Using the latest build (55 archives) I can only have one defined which means I can't create a layered plan of attack. For example, I'd like to be able to do this: rctl: name: zone.max-lwps value: (priv=privileged,limit=1000,action=none) rctl: name: zone.max-lwps value: (priv=privileged,limit=2000,action=deny) Is this possible? If not, does an RFE exist for this? This is currently not possible, you can have only one rctl of a given type per zone. I can see why you would want that though. There is no existing RFE for this; please file one. Menno -- Menno Lageman http://blogs.sun.com/menno Sun Microsystems ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: Zones and Solaris upgrade
Dick Davies wrote: On 01/12/06, James Carlson [EMAIL PROTECTED] wrote: Peter Baer Galvin writes: Hi, any update on the status of the Zulu project!? thanks. It integrated into build 53. Work is continuing now on cleaning up some related bugs and backporting for S10. There's nothing in the changelog - am I looking in the right place ( http://dlc.sun.com/osol/on/downloads/b53/on-changelog-b53.html )? That is the changelog for the ON consolidation only; LiveUpgrade is part of another consolidation. Solaris the product consists of multiple consolidations such as ON, X, etc. ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Attach dry-run fails with missing or invalid brand
Hi, doing a dry-run attach of a detached zone fails with the message zoneadm: missing or invalid brand and exit code 1. Attaching the zone for real succeeds though. I would expect the dry-run to succeed too because the zone was created on this system so everything (packages, patches, network interface etc. are the same). This is on build 52. # zoneadm list -vc ID NAME STATUS PATH BRAND 0 global running/ native - test installed /zones/testnative - aap installed /zones/aap native Detach the zone: # zoneadm -z aap detach # zoneadm list -vc ID NAME STATUS PATH BRAND 0 global running/ native - test installed /zones/testnative - aap configured /zones/aap native Try a dry-run attach on the same system: # zoneadm attach -n /zones/aap/SUNWdetached.xml zoneadm: missing or invalid brand # echo $? 1 Now, try to attach the zone for real: # zoneadm -z aap attach /zones/aap/SUNWdetached.xml # echo $? 0 # zoneadm list -vc ID NAMESTATUS PATH BRAND 0 global running/ native - testinstalled /zones/testnative - aap installed /zones/aap native This succeeds so the manifest created by the detach seems to be fine. The zone is a very simple one: # zonecfg -z aap info zonename: aap zonepath: /zones/aap brand: native autoboot: false bootargs: pool: limitpriv: inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr Menno ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Re: Attach dry-run fails with missing or invalid brand
Menno Lageman wrote: Hi, doing a dry-run attach of a detached zone fails with the message zoneadm: missing or invalid brand and exit code 1. Attaching the zone for real succeeds though. I would expect the dry-run to succeed too because the zone was created on this system so everything (packages, patches, network interface etc. are the same). This is on build 52. Ok, I figured this one out. According to the spec for dry-run (http://www.opensolaris.org/os/community/arc/caselog/2006/307/spec/) The syntax for dry-run attaching a zone will be: # zoneadm attach -n path_to_manifest This leads to the 'zoneadm: missing or invalid brand' error message. However, according to the man page it should in fact be: 'zoneadm -z aap attach -n path_to_manifest This works ok. I'll file a bug for the fact that 'zoneadm attach' isn't flagged as a usage error but issues a bogus error message. Menno -- Menno Lageman http://blogs.sun.com/menno Sun Microsystems ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: Attach dry-run fails with missing or invalid brand
Jerry Jelinek wrote: Menno, No, this is not correct. The dry-run spec in the arc case has the correct definition. The man page is in error and the way you were using it is correct. This got broken with the brandz putback. Yeah, I noticed that when I tried it between two systems instead of on my laptop. On my laptop 'zoneadm -z zonename attach -n blah' happens to work because the zone already exists there. Your first message arrived just after I sent my incorrect analysis. The bug I filed (6494678) is for the real issue. Menno -- Menno Lageman http://blogs.sun.com/menno Sun Microsystems ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Attach dry-run fails with missing or invalid brand
Jerry Jelinek wrote: Menno Lageman wrote: Hi, doing a dry-run attach of a detached zone fails with the message zoneadm: missing or invalid brand and exit code 1. Attaching the zone for real succeeds though. I would expect the dry-run to succeed too because the zone was created on this system so everything (packages, patches, network interface etc. are the same). This is on build 52. Menno, Please file a bug for this. This is being caused because there is no zone specified when running a dry-run attach so the brand verification fails. 6494678 Zone attach dry-run fails with 'missing or invalid brand' -- Menno Lageman http://blogs.sun.com/menno Sun Microsystems ___ zones-discuss mailing list zones-discuss@opensolaris.org
