Re: [zones-discuss] a little scripting problem with zonecfg
Hi Cristine, I tried both methods on OpenSolaris 2008.11 and they worked for me. My guess is that there's something wrong with your script. Perhaps you forgot to close a control construct (e.g., end an if block with fi). If it's not the script, then what version of Solaris/OpenSolaris are you running? Jordan /* * Jordan Vaughan * Solaris Kernel Developer * jordan.vaug...@sun.com * blogs.sun.com/lunchware */ On 02/13/09 16:48, Christine Tran wrote: I'm writing a script that adds an LOFS to a zone, using a pre-made batch file it works but I rather generate this on the fly. It looks something like this: if [ something ]; then zonecfg -z $myzone EOF add fs set dir=/tmp/foo set special=/tmp/foo set type=lofs add options rw add options nodevices end commit exit EOF zoneadm -z $ZONENAME boot This should work, but I get a syntax error at line 78: `end of file' unexpected, (script is only 77 lines long, btw.) I also tried cat /tmp/foo EOF ... EOF zonecfg -z $myzone -f /tmp/foo but same problem. How can I solve this? I prefer not to keep a batch file around to slice dice with sed. CT ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] solaris10 brand project proposal
+1 Jordan On 04/23/09 09:02, Jerry Jelinek wrote: I would like to propose a project to be sponsored by the zones community. This project would create a solaris10 branded zone for use on OpenSolaris. We will use the BrandZ infrastructure to deliver a solaris10 brand. This will be provided as an adoption and compatibility aid to enable users currently running S10 to easily adopt OpenSolaris while also continuing to run their S10 software within branded zones. As with the existing solaris8 and solaris9 brands on Solaris 10, this project will provide a 'physical to virtual' (p2v) capability that can migrate an existing S10 software stack on a physical system into a solaris10-branded zone running on a OpenSolaris system. In addition, the project will provide a 'virtual to virtual' (v2v) capability that can migrate existing native S10-based zones into solaris10-branded zones running on a OpenSolaris system. This brand would be available on all architectures that run OpenSolaris (sun4u, sun4v and x86). We've started working on this in the zones team. It will be hard for the community to actually contribute to the emulation layer since the Solaris 10 source code in not open sourced, but we would like to have the full source for the brand and its emulation be open source and part of OpenSolaris. The community could easily contribute to the p2v v2v code as well as provide feedback on the brand itself. Thanks, Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] cli zone configuration
Hi swagman, You can lump the commands into a single zonecfg execution by passing them as a single string argument in which the commands are separated by semicolons. Using your example: zonecfg -z zfoo set zonepath=/zonefs/zfoo; add net; set physical=foonic0; end Hope that helps, Jordan On 06/12/09 12:13, Patrick J. McEvoy wrote: Folks, I am trying to configure zones by running a series of commands because I want to script setting up zones. The man page for zonecfg only shows interactive examples, and the PDF documentation suggests exporting a config, then editing it, then using zonecfg -f. I don't want to write expect scripts or edit files -- I just want to run some commands to create and modify zones. For the global scope, this works: zonecfg -z zfoo set zonepath=/zonefs/zfoo But for other scopes I can't find an invocation that works. For example, if I would do this interactively: zonecfg:zfoo add net zonecfg:zfoo:net set physical=foonic0 zonecfg:zfoo:net end zonecfg:zfoo how would I do it non-interactively? I can't find any invocation of zonecfg that lets me both specify scope and set a property. This works, but is dorky: printf add net\nset physical=foonic0\nend\n | zonecfg -z zfoo So...is there any good general way to configure zones by running a command or series of commands? Thanks for any help, swagman ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] 2 line code review...
Edward Pilatowicz wrote: hey all, could i get a code review for this two line change: http://cr.opensolaris.org/~edp/onnv-bugs1/ 6850112 zonecfg verify should verify the native brand type thanks ed ___ zones-discuss mailing list zones-discuss@opensolaris.org LGTM. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] clone -m copy works on OpenSolaris?
Hi Robinsky,
The ipkg brand does not support '-m copy' because the IPS packaging
system requires that zones have specific ZFS dataset hierarchies. A
straight file-to-file copy without setting up the requisite datasets
(which is what '-m copy' normally does) would incapacitate the new zone.
So, contrary to what the error/help messages say, ipkg does not
support '-m copy'.
Why do you need to use '-m copy'? Are you trying to clone zones across
ZFS zpools?
Hope that helps,
Jordan
On 07/21/09 03:38 AM, taiyo K wrote:
Hello all,
I am using OpenSolaris 2009.06 and creating lots of zones on there. Creating
zones on ZFS works fine and I am very happy about it.
My question now is about creating zones by copy function on OpenSolaris.
Dose anyone know -m copy option works on OpenSolaris as it can on Solaris 10
5/09? (http://docs.sun.com/app/docs/doc/817-1592/gigwk?a=view)
man zoneadm tells me clone -m copy exists, but I got an error when I ran it.
hits...@cubeville02:~# zoneadm -z cloned clone -m copy OpenDS
/usr/lib/brand/ipkg/clone: -m: unknown option
Usage: /usr/lib/brand/ipkg/clone {sourcezone}
usage: clone [-m method] [-s ZFS snapshot] [brand-specific args] zonename
Clone the installation of another zone. The -m option can be used to
specify 'copy' which forces a copy of the source zone. The -s option
can be used to specify the name of a ZFS snapshot that was taken from
a previous clone command. The snapshot will be used as the source
instead of creating a new ZFS snapshot. All other arguments are passed
to the brand clone function; see brands(5) for more information.
Does anybody know if this option is supported or not on OpenSolaris?
Thanks,
Robinky
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] Problem downloading packages within non-global zone
On 07/28/09 09:42 AM, Steffen Weiberle wrote: On 07/27/09 23:40, Jack LING wrote: dear all, I've installed mysql and glassfish packages in my OpenSolaris 2009.06 installation in VirtualBox. Then I created a non-global zone (I think it is sparse-root, by default). Within the non-global zone, mysql glassfish are unavailable. Actually I wanted to confine them to hv them run in non-global zone not global zone. Questions: 1. would the non-global zone hv access to mysql glassfish install if I've had created the non-global zone 1st THEN downloaded/installed the packages from Package Manager? 2. Or by creating a whole root zone would have solved the problem? 3. Networking issue: leaving my non-global zone as it is, I tried to use pkg to get and install the mysql glassfish packages. But it came out error stating it could not find the package server. Obviously, it is networking problem within the non-global zone whereby it can't locate and connect to the Internet WHILE the global zone has no such network problems. Does the non-global zone follows the dns configurations of the global zone upon creation or I've to manually configure it and how? thanks in advance, jackling OpenSolaris IPS and zones don't have a concept of sparse and whole root. You have a 'separate' set of IPS packages, and you will have to install the applications into the zone, similar to how you did it for the global zone. You have to separately configuring networking in the non-global zone. ___ zones-discuss mailing list zones-discuss@opensolaris.org That's right. OpenSolaris doesn't have anything like sparse-root zones. Each non-global zone (NGZ) has its own set of packages: each has to be managed separately. As Steffen said, you have to configure each NGZ's networking features separately. Did you grab the zone's console after booting it for the first time and walk it through the sysid config screens? They ask you for network configuration parameters. Hope that helps, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Configure a zone through sysidcfg
On 08/14/09 02:55 PM, v wrote:
I created an exclusive IP zone. Now I want to configure it using sysidcfg and
avoid the prompts at the initial login.
I created the below sysidcfg file:
timezone=US/Eastern
system_locale=C
terminal=xterms
network_interface=vnic1 {dhcp protocol_ipv6=yes}
root_password=abc123
security_policy=none
name_service=DNS
nfs4_domain=dynamic
I wanted to copy this file to the zone's etc directory, but there is no such
directory at this time (I already installed and booted the zone). I go to
/export/zones/zone1/root but the directory is empty. There is nothing in
there. There is no .../zone1/etc either. So, I created an etc directory under
root directory, put my sysidcfg file, and logged into the zone. I still got
the initial configuration prompts. Apparently, it didn't looked at the
sysidcfg file. What I am doing wrong?
Thanks...
How can a zone's root directory be empty after the zone is installed and
booted?
For starters, please post the output of zoneadm list -cv, zonecfg -z
your-zone-name info, and zfs list -t all. That'll clarify how you
should proceed.
Regards,
Jordan
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] creating zones in open solaris on x86
On 08/20/09 01:59 PM, sai prasath wrote: Hi I have installed open solaris on HP Proliant ML 370 G6.While creating zones I am getting error message for the following command. #zfs create -o canmount=noauto rpool/ROOT/S10be/zones cannot create 'rpool/ROOT/S10be/zones': parent does not exist. please let me know the best way to resolve this issue and also steps involved in creating local zones in open solaris Thanks for your help Regard Sai Hi Sai, You probably forgot to pass the '-p' flag to 'zfs'. Try this instead: #zfs create -p -o canmount=noauto rpool/ROOT/S10be/zones Hope that helps, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] folding brandz into zones on os.o
On 09/14/09 01:55 PM, Edward Pilatowicz wrote: hey all, just a quick heads up. it's been on my todo list for a very long time (and i figured that i really should get it done before the xwiki migration), so i finally merged all the brandz community content into the zones community. you can see all the moved content here: http://opensolaris.org/os/community/zones/brandz The only updates i made to the content in the process of moving it was changes to make links self consistent. (ie, so all the brandz referencing links in the moved pages now point to the new pages.) ed ___ zones-discuss mailing list zones-discuss@opensolaris.org Cool. It makes more sense to incorporate BrandZ into the zones community than to separate them into two communities. Is your update the first step towards killing the BrandZ community? Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] s10 brand Phase I webrev
On 10/ 1/09 05:40 AM, Jerry Jelinek wrote: Edward Pilatowicz wrote: i'm not done yet, but i've attached what i've got so far. Ed, Thanks for your comments. I'll start to work through these while we're waiting for the rest of your input and respond if there is anything we're not going to address. Thank again, Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org Hi Jerry, I have a few nits and questions aside from Ed's. Thanks, Jordan -- usr/src/lib/brand/solaris10/cmd/s10_automount.sh usr/src/lib/brand/solaris10/cmd/s10_automountd.sh Shouldn't the scripts' parameters be included at the end of the last line (the exec command) as in s10_isaexec_wrapper.sh? -- usr/src/lib/brand/solaris10/librtld_db/common/solaris10_librtld_db.c The ps_plog() invocation in s10_ldb_fini32() displays lx_ldb_fini when it should be s10_ldb_fini (right?). According to the diff, the sn1 version also uses lx_ldb_fini. -- usr/src/uts/common/brand/solaris10/s10_brand.c 165-171: Are we going to retain the lx brand comments? I remember asking this two or three months ago, but someone answered that we wanted it to look the same as in the lx brand file from which the comment originated. Why? 740-743: I could've simplified this a bit by combining both cases. These lines can be condensed to case CT_TGET: case CT_TSET: return (ctfs_ioctl(rval, fdes, cmd, arg)); 927-928: I could've improved this comment by stating that the path of the *dynamic linker* is the second parameter of s10_native_exec(). 1260-1261,1286-1287,1313,etc.: Couldn't we make arg1 a zoneid_t, arg2 an int, arg3 a char *, and arg4 a size_t and eliminate some of the casts in s10_zone() (as well as some of the automatic variables, e.g., buf and bufsize)? 1298: Shouldn't we move this truss point below the switch block? As it currently stands, if a process issues SYS_zone to get an attribute of the global zone other than ZONE_ATTR_NAME and ZONE_ATTR_BRAND, then truss would report two SYS_zone syscalls instead of one. -- usr/src/lib/brand/solaris10/s10_support/s10_support.c 289-296: Isn't this whole loop simply looking for SUNWcakr's pkginfo file in the zone? If so, then looping through the zone's /var/sadm/pkg directory's entries for SUNWcakr is superfluous: get_ku_patchlist() could simply construct the path $ZONEPATH/root/var/sadm/pkg/SUNWcakr/pkginfo and stat() will fail if it doesn't exist. (Are we planning to examine other packages for patch lists?) get_image_emul_version(): I agree with Ed that get_image_emul_version() is superfluous. Now that I've thought about it, $ZONEROOT/usr/lib/brand/solaris10/version should be sufficient for the brand to determine whether it can host the associated S10C. All we need to do is hard-code the maximum version number supported by the brand (for example, as a preprocessor constant), fetch the version number stored in $ZONEROOT/usr/lib/brand/solaris10/version (or zero if the file does not exist), check whether the latter exceeds the former, and set the brand's emulation number to that stored in $ZONEROOT/usr/lib/brand/solaris10/version. 467,471-472,476-477: The first conditional can be changed to argc != 3 and the other two can be deleted along with their invocations of usage(). ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] review needed for scratch zone mount fix
Hi Ed, usr/src/head/libzonecfg.h This isn't critical, but shouldn't zonecfg_default_brand() be declared somewhere other than the group of privilege-related functions? Perhaps it should go under higher-level routines. Other than that, this looks good to me. Thanks, Jordan On 10/16/09 05:12 PM, Edward Pilatowicz wrote: hey all, so it seems that in opensolaris b120 i broke scratch zones with the following fix: 9392 native zones should fail to install on opensolaris so now i've got a fix for that breakage: http://cr.opensolaris.org/~edp/onnv-zmount/ 6889379 zoneadm mount fails on opensolaris the basic problem was that a bunch of the zones code used for mounting scratch zones would attempt to use the native brand parameters. when i removed the native brand i broke that code. so now i'm fixing that code by introducing the concept of a default brand. in most places where we used to hard code native, i've changed it so that we do a lookup to determine the default brand name, and then use that in place of native. currently the default brand is defined as whatever is the brand specified in /etc/zones/SUNWdefault.xml. (which on opensolaris means we default to ipkg.) thanks ed ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] one line webrev...
On 11/ 4/09 11:53 AM, Edward Pilatowicz wrote: hey all, so with my recent zoneadm mount putback i broke the native brand on nevada. i've got a webrev with the one line fix here: http://cr.opensolaris.org/~edp/onnv-zmount2 6898056 native zones no longer boot: zone 'public': missing or invalid brand ed ___ zones-discuss mailing list zones-discuss@opensolaris.org Ed, This looks good to me. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] One a Question
On 11/18/09 11:19 AM, Christian Tovar Duran wrote: Hi I have the application RSA, but I dont know is supported in Solaris 10 containers, can you help me? Gracias y saludos Hi Christian, If RSA is supported in native Solaris 10u8+ zones, then it should work in Solaris 10 Containers as long as the devices it accesses exist on OpenSolaris and can be added to zones. Hope that helps, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] quick bug fix webrev...
On 11/19/09 09:16 PM, Edward Pilatowicz wrote: hey all, i need a review for the following bugfix: http://cr.opensolaris.org/~edp/onnv-zmount3/ 6901952 zoneadm fails with unable to determine default brand thanks ed ___ zones-discuss mailing list zones-discuss@opensolaris.org Hi Ed, This fix is fine. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] create New Zone error
On 11/21/09 15:26, Bryan Allen wrote: +-- | On 2009-11-21 15:25:22, Hosam Al Ali wrote: | | aho...@xx:~# zoneadm -z myzone install | /mnt/zone/myzone must not be group readable. | /mnt/zone/myzone must not be group executable. | /mnt/zone/myzone must not be world readable. | /mnt/zone/myzone must not be world executable. | could not verify zonepath /mnt/zone/myzone because of the above errors. | zoneadm: zone myzone failed to verify | | I won't just to asq there is any special fs for the Directory or any think els chmod 700 /mnt/zone/myzone As for why it's not doing it on creation, no idea... zoneadm(1M) won't modify the zonepath directory's permissions if it already exists. My guess is that he created /mnt/zone/myzone before he executed zoneadm(1M) install but forgot to change its permissions to 0700. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] ERROR: no active dataset. w/ migration from Indiana snv_125 to Indiana snv_127
If I remember correctly, zbe datasets' mountpoints should be set to legacy. rpool/var/zones/oracle-1/ROOT/zbe's mountpoint isn't legacy on your snv_127 system. What was rpool/var/zones/oracle-1/ROOT/zbe's mountpoint property's value on the snv_125 system prior to the zfs send operation? Regards, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] preferred way to image-update zones
On 12/ 4/09 02:28 PM, Anil wrote: Once a the global zone is upgraded (and rebooted with the new BE), what is the best way to update the zones? It seems like all I would need to do is: pkg -R zone path/root image-update reboot zone This seems like a hack, how would post package processing happen if this is not done from the zone itself? Should I instead *from the zone* take a clone, update parentbe zfs option, set it to active. Then, imate-update the snapshot/clone? This seems like a hack too! Try detaching and attaching the zones that need to be upgraded: # zoneadm -z zone detach [image-update the global zone] [reboot the machine to the new BE] # zoneadm -z zone attach -U You might be able to perform the detach/attach operations while in the updated global zone BE. Please see the Zones FAQ (http://hub.opensolaris.org/bin/view/Community+Group+zones/faq) for details. Hope that helps, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] preferred way to image-update zones
On 12/ 4/09 03:02 PM, Anil wrote: Ah, thanks. I knew that was available on Solaris but not in OpenSolaris. The man page had no reference to the -u option (I take it you meant -u and not -U). I will try that out later. It probably is -u but I used -U and it worked fine. Go with -u just to be safe. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] solaris 10 branded zone
On 12/ 7/09 04:19 PM, xx wrote: i am following the zonecfg script at the bottom of: http://hub.opensolaris.org/bin/view/Community+Group+zones/s10brand_dev_guide however i fail to create the SUNWsolaris10 zone: init...@dogpatch:~# uname -a SunOS dogpatch 5.11 snv_128a i86pc i386 i86pc init...@dogpatch:~# zonecfg -z xx xx: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:xx create -t SUNWsolaris10 SUNWsolaris10: No such zone configured zonecfg:xx info xx: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:xx what am i doing wrong? I forgot to include a step in the developer guide: You have to install SUNWs10brand first: ---8--- # pkg install SUNWs10brand ---8--- I apologize for not including this step. I thought that the brand's files would be installed by default. Thanks for pointing this out! I'll update the guide immediately. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] why not just bury zoneadm [-x nodataset] option ?
Hi Frank, I'd be happy with ditching -x nodataset and requiring that zonepaths be backed by ZFS datasets. Only lx-branded zones would be able to support the option but I don't know any reasons why someone wouldn't want his lx-branded zones to be backed by ZFS datasets. Is managing an additional dataset detrimental to filesystem performance? Ed might have reasons for not burying -x nodataset but I recall him stating that zones will be backed by ZFS datasets/zpools/zvols on remote storage devices. It's time for me to research ZFS internals... :) Jordan On 12/ 8/09 07:31 AM, Frank Batschulat (Home) wrote: friends, I went back and forth with th bug pertaining the [-x nodataset] option 6880288 zoneadm install -x nodataset option should be brand-specifc http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6880288 and eventually I decided to ask for quorum to just bury this option entirely. When Jerry filed it, his intent was to make it brand specific as that option means no zfs dataset should be created for a zoneroot. the zone will be just put onder a zoneroot directory instead. this really only makes sense for native brands that do not rely on all the fancy beadm/ips features used in OSOL. point is you can not really make this option brand specific. the code to create datasets is generic (and for obvious reasons should be) and thus lives in zoneadm.c:install_func() and is executed prior calling the brand specific install_func(). so one can only special case this in zoneadm.c:install_func() itself and remove the mentioning of this option from zoneadm.c and put it into the native brands sw_support.c:install_usage() func. however I've been asking around people that use zones pretty much since Solaris 10 came out the door, they do not even know about that option. also I think it would be a reasonable thing to just always have datasets for zoneroots created going forward in terms of managability and usage. it's not applicable to UFS zoneroots and neither to all the other brands except the native brand, which we're not going to use much anymore going forward with the ipkg brand. so may I ask for a positive vote to bury that thing rather then attempting handstands ? that'd be marvellous... thanks! ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris10-Branded Zones Webrev: CR 6882732
On 12/ 9/09 03:04 PM, Edward Pilatowicz wrote: On Wed, Dec 09, 2009 at 02:54:05PM -0800, Jordan Vaughan wrote: I need someone to review my fix for 6882732 unpacking archive with extended file attributes reports errors The webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c lgtm. ed Thanks Ed. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris10-Branded Zones Webrev: CR 6882732
On 12/ 9/09 03:45 PM, Jerry Jelinek wrote: Jordan Vaughan wrote: I need someone to review my fix for 6882732 unpacking archive with extended file attributes reports errors The webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c Jordan, Nice job, this looks good to me. Thanks, Jerry Thanks Jerry! ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] preferred way to image-update zones
On 12/ 8/09 11:50 AM, xx wrote: when updating from 126 to 128, one zone would attach: init...@dogpatch:~/.VirtualBox/HardDisks$ pfexec zoneadm -z ldap attach -U Log File: /var/tmp/ldap.attach_log.9hay7p Attaching... Global zone version: ent...@0.5.11,5.11-0.128:20091125T051747Z Non-Global zone version: ent...@0.5.11,5.11-0.111:20090514T145840Z Publisher Check: Zone preferred publisher does not contain ent...@0.5.11,5.11-0.128:20091125T051747Z. Publisher Reset: Copying preferred publisher from global zone. Cache: Using /var/pkg/download. Updating non-global zone: (Stage 1). Output follows DOWNLOAD PKGS FILESXFER (MB) Completed 112/112 10121/10121 126.3/126.3 PHASEACTIONS Removal Phase 4727/4727 Install Phase10622/10622 Update Phase 5073/5073 Updating non-global zone: (Stage 2). Output follows No updates necessary for this image. ERROR: Could not update attaching zone init...@dogpatch:~/.VirtualBox/HardDisks$ zoneadm list -v ID NAME STATUS PATH BRANDIP 0 global running/ ipkg shared init...@dogpatch:~/.VirtualBox/HardDisks$ pfexec zoneadm -z ldap attach Log File: /var/tmp/ldap.attach_log.8ea4wq Attaching... Global zone version: ent...@0.5.11,5.11-0.128:20091125T051747Z Non-Global zone version: ent...@0.5.11,5.11-0.128:20091125T051747Z Evaluation: Packages in ldap are in sync with global zone. Attach complete. and one won't attach: init...@dogpatch:~/.VirtualBox/HardDisks$ pfexec zoneadm -z ldapclient attach -U Log File: /var/tmp/ldapclient.attach_log.E6aOvx Attaching... Global zone version: ent...@0.5.11,5.11-0.128:20091125T051747Z Non-Global zone version: ent...@0.5.11,5.11-0.126:20091022T214456Z Qt WARNING: QClipboard: Unknown SelectionClear event received Publisher Check: Zone preferred publisher does not contain ent...@0.5.11,5.11-0.128:20091125T051747Z. Publisher Reset: Copying preferred publisher from global zone. Cache: Using /var/pkg/download. Updating non-global zone: (Stage 1). Output follows Creating Plan ERROR: Could not update attaching zone init...@dogpatch:~/.VirtualBox/HardDisks$ pfexec zoneadm -z ldapclient attach Log File: /var/tmp/ldapclient.attach_log.aeayVx Attaching... Global zone version: ent...@0.5.11,5.11-0.128:20091125T051747Z Non-Global zone version: ent...@0.5.11,5.11-0.126:20091022T214456Z Evaluation: ldapclient is downrev of the global zone. ERROR: Zone is downrev of global zone. Specify -u to update it. how do you go about figuring out why it won't update? i tried both -U and -u. You might be hitting bug 13190 (http://defect.opensolaris.org/bz/show_bug.cgi?id=13190). Try Jerry Jelinek's workaround as described in the bug report. (NOTE: The attach script that he mentions is /usr/lib/brand/ipkg/attach) Make sure that the publishers used by your zones exist and can be reached from the global zone. Hope that helps, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] code review for 6495558
On 12/11/09 05:24 AM, Frank Batschulat (Home) wrote: friends, may I request code review for the earth-shattering fix to: 6495558 zoneadm -z zone boot should not only check but repair filesystems http://cr.opensolaris.org/~batschul/onnv-vplat/ backround: Evaluation when booting a zone, zoneadm ( ie. vplat.c:dofsck() ) should perform the same tasks as the /usr/sbin/mountall script, which does a 'is suitable for mounting' (fsck -m) check first, followed by a preen fsck (fsck -p) if the former failed. the obvious quick fix would be to change the code in vplat.c:dofsck() 825 argv[0] = fsck; 826 argv[1] = -m; 827 argv[2] = (char *)rawdev; 828 argv[3] = NULL; 829 830 status = forkexec(zlogp, cmdbuf, argv); 831 if (status == 0 || status == -1) 832 return (status); 833 zerror(zlogp, B_FALSE, fsck of '%s' failed with exit status %d; 834 run fsck manually, rawdev, status); 835 return (-1); to always just run fsck in preen mode (shouldn't cause any real problem) or fork off a 2nd fsck in preen mode if the first fsck -m failed. actually the fix will be to just execute fsck in preen mode (fsck -p) rather then doing the 'is suitable for mounting' and preen fsck dance. if the former fails, the latter will have to be done anyways. the latter however kind of implies the former. thanks! Hi Frank, Your fix looks fine to me. Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Webrev for CR 6782448
I need someone to review my fix for 6782448 libzonecfg may return uninitialized memory to zoneadm and zoneadmd The webrev is temporarily accessible via http://cr.opensolaris.org/~flippedb/onnv-zone2 Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zones code review
On 12/15/09 07:39 AM, Jerry Jelinek wrote: I have an initial code review for the fix for bug: 6768950 panic[cpu1]/thread=ff084ce0b3e0: syscall_asm_amd64.s:480 lwp ff0756a8cdc0, pcb_rupdate != 0 There is a webrev at: http://cr.opensolaris.org/~gjelinek/webrev.6768950/ The code changes in the sn1 and solaris10 brands are basically identical. I know there is a lot of common code there but I didn't want to clutter up this bug fix with the unrelated changes necessary to make the code common. I'll be addressing that with a separate fix. My initial testing of these changes looks good but I still need to run more extensive tests. Thanks, Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org Hi Jerry, I'll add one question to Ed's suggestions: -- usr/src/lib/brand/sn1/sn1_brand/amd64/sn1_handler.s 44: Shouldn't this function be named sn1_handler_table? Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] code review for 6911329
On 12/17/09 10:17 AM, Frank Batschulat (Home) wrote:
May I have 2 code reviewers for:
6911329 Incorrect code in kstat_delete causes panic
http://cr.opensolaris.org/~batschul/onnvkstat/
Description
A colleague was looking into a crash and the reason turned out to be a NULL
pointer dereference in kstat_delete():
kstat_delete(kstat_t *ksp)
{ kmutex_t *lp;
ekstat_t *e = (ekstat_t *)ksp;
zoneid_t zoneid = e-e_zone.zoneid;
kstat_zone_t *kz;
if (ksp == NULL)
return;
Note that there is a dereference of 'ksp' [via 'e'] before the check for ksp being NULL.
unfortunately we don't have a dump/stacktrace anymore to inspect who
called kstat_delete(NULL) and why.
thanks
frankB
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Hi Frank,
This looks fine to me.
Thanks,
Jordan
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] Application leaking on local zone
As Steve said, libumem will be your best tool for this job. Is the program zone-aware? The program might behave differently (i.e., its logic is different) while running in non-global zones and the alternative code paths might be leaking memory. Jordan On 12/17/09 11:23 AM, Steve Lawrence wrote: I recommend using libumem on the application. Some folks were nice enough to write about it. http://blogs.sun.com/pnayak/entry/finding_memory_leaks_within_solaris http://blogs.sun.com/dlutz/entry/memory_leak_detection_with_libumem -Steve On Thu, Dec 17, 2009 at 12:09:11PM +0200, AdinaKalin wrote: Hello, I'm struggling with the following problem and I have no idea how to solve it. I'm testing an application which is running fine on a global zone,but memory leaking when installed on a local zone. The local zone has its whole root and a very simple, basic configuration: bash-3.00# zonecfg -z mdmMDMzone zonecfg:mdmMDMzone info zonename: mdmMDMzone zonepath: /mdmMDMzone brand: native autoboot: true bootargs: pool: limitpriv: default,dtrace_proc,dtrace_user,proc_priocntl,proc_lock_memory scheduling-class: FSS ip-type: shared net: address: 192.168.109.14 physical: e1000g0 defrouter not specified One of the application processes, when started on global zone, has an rss of about 5 GB ( prstat -s rss ) and it keeps this size to the end of the test. If I stop the application on global zone and I start it on local zone, the same process starts with the normal size ( 5gb on prstat -s rss ) but is growing during the test ( I saw it 25GB on a server with 32 gb RAM ) until is failing. I don't understand why is this behavior and if the application has a memory leak, why I don't see it on the global zone. Any help is more than welcome!!! ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6782448
I expanded my webrev to include my fix for 6910339 zonecfg coredumps with badly formed 'select net defrouter' I need someone to review my changes. The webrev is still accessible via http://cr.opensolaris.org/~flippedb/onnv-zone2 Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Webrev for CR 6909222
I need someone to review my fix for 6909222 reboot of system upgraded from 128 to build 129 generated error from an s10 zone due to boot-archive My webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6782448
That's a good idea. I updated the webrev.
Thanks,
Jordan
On 12/21/09 05:08 PM, Steve Lawrence wrote:
Minor nit. You could use != POC_STRING, put the Z_NO_ENTRY in the {}, and
put the success case after. Not a required change.
LGTM.
-Steve
On Fri, Dec 18, 2009 at 07:28:52PM -0800, Jordan Vaughan wrote:
I expanded my webrev to include my fix for
6910339 zonecfg coredumps with badly formed 'select net defrouter'
I need someone to review my changes. The webrev is still accessible via
http://cr.opensolaris.org/~flippedb/onnv-zone2
Thanks,
Jordan
___
zones-discuss mailing list
zones-discuss@opensolaris.org
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6909222
Excellent suggestion. I'll update CR 6912451. Meanwhile, I removed the XXX comments and regenerated the webrev. Thanks, Jordan On 12/21/09 06:12 PM, Edward Pilatowicz wrote: i'd probably leave out the XXX comment and instead update 6912451 to mention that part of the fix for 6912451 would involve removing the fix for 6909222 (since it would essentially be obsoleting this fix.) ed On Mon, Dec 21, 2009 at 03:46:00PM -0800, Jordan Vaughan wrote: I need someone to review my fix for 6909222 reboot of system upgraded from 128 to build 129 generated error from an s10 zone due to boot-archive My webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6909222
Hi Frank, Thanks for reviewing my fix. Native-branded zones will disappear when Solaris Express dies (which should happen in a few builds); therefore, it isn't worthwhile to fix this problem for native-branded zones. No special script code is needed for ipkg-branded zones because IPS package variants will handle the problem. Yes, I added the same code to s10_boot.ksh in case administrators inadvertently resurrect create_ramdisk. However, your comment raises an issue: My fix won't prevent the mkisofs(8) error message in all cases. If a zone administrator somehow reinstalls create_ramdisk (say, through an update) without rebooting the zone, then if an administrator in the global zone updates boot archives via bootadm(1M), then the global zone administrator will see the mkisofs(8) error. This isn't a problem because the error is harmless and the aforementioned scenario will rarely occur. Thanks again for the review, Jordan On 12/22/09 07:06 AM, Frank Batschulat (Home) wrote: On Tue, 22 Dec 2009 00:46:00 +0100, Jordan Vaughan jordan.vaug...@sun.com wrote: I need someone to review my fix for 6909222 reboot of system upgraded from 128 to build 129 generated error from an s10 zone due to boot-archive My webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c Jordan, looks good to me. what about /usr/lib/brand/ipkg/p2v and perhaps /usr/lib/brand/ipkg/pkgcreatezone for the ipkg brand ? and usr/src/lib/brand/native/zone/p2v.ksh and usr/src/lib/brand/native/zone/image_install.ksh for the native brand ? I'd assume that in the future running an s10u9 update for an s10u8 branded zone, could that potentially put back the ' /boot/solaris/bin/create_ramdisk' script but that'd be taken care of by the s10_boot.ksh then. cheers frankB ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6782448
Hi Frank, Thanks for reviewing my fix. I'll respond to your questions below. On 12/22/09 05:55 AM, Frank Batschulat (Home) wrote: On Sat, 19 Dec 2009 04:28:52 +0100, Jordan Vaughan jordan.vaug...@sun.com wrote: I expanded my webrev to include my fix for 6910339 zonecfg coredumps with badly formed 'select net defrouter' I need someone to review my changes. The webrev is still accessible via http://cr.opensolaris.org/~flippedb/onnv-zone2 Hey Jordan looks good to me modulo this in zonecfg_lookup_nwif() size_t addrspec;/* nonzero if tabptr has IP addr */ size_t physspec;/* nonzero if tabptr has interface */ +size_t defrouterspec; /* nonzero if tabptr has def. router */ if (tabptr == NULL) return (Z_INVAL); + * zone_nwif_address, zone_nwif_physical, and zone_nwif_defrouter are + * arrays, so no NULL checks are necessary. */ addrspec = strlen(tabptr-zone_nwif_address); physspec = strlen(tabptr-zone_nwif_physical); -assert(addrspec 0 || physspec 0); +defrouterspec = strlen(tabptr-zone_nwif_defrouter); +assert(addrspec != 0 || physspec != 0 || defrouterspec != 0); so we do consider any of them being 0 a fault given the assert(), fine, but yet we do check for this again inside the loop: +if (physspec != 0 (fetchprop(cur, DTD_ATTR_PHYSICAL, +physical, sizeof (physical)) != Z_OK || +strcmp(tabptr-zone_nwif_physical, physical) != 0)) +continue; +if (addrspec != 0 (fetchprop(cur, DTD_ATTR_ADDRESS, address, +sizeof (address)) != Z_OK || +!zonecfg_same_net_address(tabptr-zone_nwif_address, +address))) +continue; +if (defrouterspec != 0 (fetchprop(cur, DTD_ATTR_DEFROUTER, +address, sizeof (address)) != Z_OK || +!zonecfg_same_net_address(tabptr-zone_nwif_defrouter, +address))) +continue; a good argument could probably be made to turn this assert into a real check and return Z_INVAL for any of those 3 being 0 and get rid of the checks inside the xml parsing loop ? The assertion doesn't fail if any of the three variables is zero; it fails if all of them are zero. However, your suggestion that we transform the assertion into a real check that returns Z_INVAL or Z_INSUFFICIENT_SPEC is good. I was able to easily produce a core dump on my system even without my fix: ---8--- root arrakis [16:12:49]# zonecfg -z mojo zonecfg:mojo select net address= Assertion failed: addrspec 0 || physspec 0, file ../common/libzonecfg.c, line 2170 zsh: IOT instruction (core dumped) cz mojo ---8--- I verified that changing the assertion into a real check that returns Z_INSUFFICIENT_SPEC eliminates the problem: ---8--- root tcm3000-01 [16:13:03 1]# cz mojo zonecfg:mojo select net address= select net: Insufficient specification ---8--- However, the three checks in the loop (physspec != 0, etc.) are necessary even after converting the assertion into a non-asserting test. Suppose that a zone were to have the following net configuration: ---8--- zonecfg:mojo info net net: address: 10.5.234.15/24 physical: bge0 defrouter not specified ---8--- If I were to eliminate the three checks in the loop, then if I were to issue a select net address=10.5.234.15/24, then zonecfg(1M) would claim that the zone doesn't have a network resource with an address of 10.5.234.15/24! This follows from the way the three if statements would work without the three aforementioned checks: physspec would be zero (because the query doesn't specify a physical interface) but the network resource's physical property would be nonempty, which would make the strcmp(3C) invocation in the first if statement return a nonzero value and cause the function to skip the network resource that it would have otherwise selected! Here is some output from zonecfg(1M) while it's using a libzonecfg that lacks the three loop checks: ---8--- root tcm3000-01 [16:25:12 1]# cz mojo zonecfg:mojo info zonename: mojo zonepath: /export/mojo brand: solaris10 autoboot: true bootargs: pool: limitpriv: scheduling-class: ip-type: shared hostid: net: address: 10.5.234.15/24 physical: bge0 defrouter not specified zonecfg:mojo select net address=10.5.234.15/24 select net: No such resource with that id zonecfg:mojo ---8--- zone_lookup_nwif() needs the three loop checks. I regenerated the webrev. You'll notice that the assertion was replaced by a check that returns Z_INSUFFICIENT_SPEC. Thanks again for reviewing my fix, Jordan cheers frankB ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6782448
Frank Batschulat (Home) wrote: On Wed, 23 Dec 2009 01:34:59 +0100, Jordan Vaughan jordan.vaug...@sun.com wrote: http://cr.opensolaris.org/~flippedb/onnv-zone2 [...] zone_lookup_nwif() needs the three loop checks. I regenerated the webrev. You'll notice that the assertion was replaced by a check that returns Z_INSUFFICIENT_SPEC. Hey Jordan, thanks for the exhaustive reply. understood. I was ignoring the fact that without these checks the xml parsing loop would generate false alarm for such conditions: net: address: 10.5.234.15/24 physical: bge0 defrouter not specified zonecfg:mojo select net address=10.5.234.15/24 select net: No such resource with that id lgtm! cheers frankB Thanks Frank. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6909222
On 01/ 4/10 07:26 AM, Jerry Jelinek wrote: Jordan Vaughan wrote: I need someone to review my fix for 6909222 reboot of system upgraded from 128 to build 129 generated error from an s10 zone due to boot-archive My webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c Jordan, This looks ok to me but don't we need to do a similar fix for the ipkg brand since we can also do p2v with that brand? Can you file a bug to track that? Thanks, Jerry Hi Jerry, Thanks for reviewing my fix. Won't package variants solve the problem for the ipkg brand? Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6909222
On 12/23/09 12:40 AM, Frank Batschulat (Home) wrote: On Tue, 22 Dec 2009 00:46:00 +0100, Jordan Vaughan jordan.vaug...@sun.com wrote: I need someone to review my fix for 6909222 reboot of system upgraded from 128 to build 129 generated error from an s10 zone due to boot-archive My webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c Jordan, we probably should update the s10container dev guide to point out that we remove $ZONEROOT/boot/solaris/bin/create_ramdisk and essentially disable bootarchive update within the s10 branded zone ? http://hub.opensolaris.org/bin/view/Community+Group+zones/s10brand_dev_guide there may be ISVs/OEMs that potentially add/change stuff there ? cheers frankB The developer guide is not the best place to post such notices. I don't know which document is most suitable or whether posting such a notice is worthwhile. Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6909222
On 01/ 4/10 09:57 AM, Enda O'Connor wrote: Hi Jordan Not being too familiar with the underlying technology, I assume s10_boot.ksh is run every boot, as otherwise a patch can deliver create_ramdisk to the system after it's removed. Enda Correct. Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6909222
On 01/ 4/10 09:54 AM, Jerry Jelinek wrote: Jordan Vaughan wrote: On 01/ 4/10 07:26 AM, Jerry Jelinek wrote: Jordan Vaughan wrote: I need someone to review my fix for 6909222 reboot of system upgraded from 128 to build 129 generated error from an s10 zone due to boot-archive My webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c [...] Jordan, I don't think so since the boot_archive files are not delivered by any pkg. Thus, there is nothing in the change-variant process which will touch those files. Thanks, Jerry /boot/solaris/bin/create_ramdisk is installed by SUNWckr, right? ---8--- jv227347 arrakis [10:13:45 0]% pkg search /boot/solaris/bin/create_ramdisk INDEX ACTION VALUE PACKAGE path file boot/solaris/bin/create_ramdisk pkg:/sunwc...@0.5.11-0.79 path file boot/solaris/bin/create_ramdisk pkg:/sunw...@0.5.11-0.108 [...] pkg:/sunw...@0.5.11-0.127 path file boot/solaris/bin/create_ramdisk pkg:/sunw...@0.5.11-0.128 path file boot/solaris/bin/create_ramdisk pkg:/sunw...@0.5.11-0.129 path file boot/solaris/bin/create_ramdisk pkg:/sunw...@0.5.11-0.130 ---8--- Will changing variants not affect SUNWckr? Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Webrev for CR 6909222
On 01/ 4/10 10:25 AM, Jerry Jelinek wrote: Jordan Vaughan wrote: On 01/ 4/10 09:54 AM, Jerry Jelinek wrote: Jordan Vaughan wrote: On 01/ 4/10 07:26 AM, Jerry Jelinek wrote: Jordan Vaughan wrote: I need someone to review my fix for 6909222 reboot of system upgraded from 128 to build 129 generated error from an s10 zone due to boot-archive My webrev is accessible via http://cr.opensolaris.org/~flippedb/onnv-s10c [...] Jordan, I don't think so since the boot_archive files are not delivered by any pkg. Thus, there is nothing in the change-variant process which will touch those files. Thanks, Jerry /boot/solaris/bin/create_ramdisk is installed by SUNWckr, right? ---8--- jv227347 arrakis [10:13:45 0]% pkg search /boot/solaris/bin/create_ramdisk INDEX ACTION VALUE PACKAGE path file boot/solaris/bin/create_ramdisk pkg:/sunwc...@0.5.11-0.79 path file boot/solaris/bin/create_ramdisk pkg:/sunw...@0.5.11-0.108 [...] pkg:/sunw...@0.5.11-0.127 path file boot/solaris/bin/create_ramdisk pkg:/sunw...@0.5.11-0.128 path file boot/solaris/bin/create_ramdisk pkg:/sunw...@0.5.11-0.129 path file boot/solaris/bin/create_ramdisk pkg:/sunw...@0.5.11-0.130 ---8--- Will changing variants not affect SUNWckr? Jordan, Maybe I'm not understanding the bug's evaluation but it seems to say that the problem is caused by the presence of boot archive files. Jerry Jerry, It is. However, bootadm(1M) infers the existence of boot archives from the existence of /boot/solaris/bin/create_ramdisk. If we remove the latter from a zone, then bootadm(1M) won't try to update boot archives in the zone's root filesystem. Changing package variants during ipkg p2v should remove /boot/solaris/bin/create_ramdisk and thus prevent bootadm(1M) from updating ipkg-branded zones' boot archives. Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zones code review
On 01/14/10 08:18 AM, Jerry Jelinek wrote: I need a code review for my proposed fix for: 6887823 brandz on x86 should ignore %gs and simplify brand hooks There is a webrev at: http://cr.opensolaris.org/~gjelinek/webrev.6887823/ This simplifies some of the handling for the %gs register, cleans up the interfaces with the brand modules, and consolidates common code into a single file. Although the webrev looks large, most of this is because of moving the common code. Thanks, Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org Hi Jerry, This looks fine to me. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] move ZFS fs to a zone
Hi Dick, Use the dataset resource in zonecfg(1M): ---8--- root arrakis [14:20:17]# zfs list rpool/test NAME USED AVAIL REFER MOUNTPOINT rpool/test19K 190G19K /rpool/test root arrakis [14:20:18]# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running/ ipkg shared 2 mojo running/export/zones/mojo solaris10 shared - godelinstalled /export/zones/godelipkg shared root arrakis [14:20:24]# zonecfg -z godel zonecfg:godel add dataset zonecfg:godel:dataset set name=rpool/test zonecfg:godel:dataset end zonecfg:godel exit ---8--- Hope that helps, Jordan On 02/ 7/10 01:23 AM, dick hoogendijk wrote: # zfs list rpool/www 3.64G 377G 3.64G /var/www rpool/zones 3.00G 377G24K /zones rpool/zones/anduin1.94G 377G24K /zones/anduin rpool/zones/anduin/ROOT 1.94G 377G21K legacy rpool/zones/anduin/ROOT/zbe 1.94G 377G 1.91G legacy rpool/zones/midgard 1.06G 377G24K /zones/midgard rpool/zones/midgard/ROOT 1.06G 377G21K legacy rpool/zones/midgard/ROOT/zbe 1.06G 377G 1.06G legacy I want to move the rpool/www zfs filesystem to zone midgard. Is this possible and how is this done? I guess it will no longer be accessible from the GZ then. That would be good, because I want to seperate my webserver from my global zone. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] OpenSolaris zone migration
On 02/ 3/10 04:11 PM, Ted Ward wrote: Hello all. I am trying to migrate a zone on OpenSolaris from one identical system to another. It's going from x86 to sparc, but even when going from x86 to x86 I get the same error. Here's the build of both systems SunOS hostname 5.11 snv_111b i86pc i386 i86pc Solaris (source system) SunOS hostname 5.11 snv_111b sun4u sparc SUNW,Sun-Blade-100 Solaris (target system) After creating the zone on zfs per expectations, I detach it it and get the typical directory you would expect: # ls SUNWdetached.xml dev root I then run the following command to migrate the zone: zfs send rpool/tedz...@migrate | ssh u...@hostname pfexec /usr/sbin/zfs receive -F rpool/tedz...@migrate Everything looks good at that point. The zfs file system is mounted at rpool/tedzone automatically, and so I create a zone configuration to match that. However, when I run the attach I get the following error message: zoneadm -z tedzone attach cannot open 'rpool/tedzone/ROOT': dataset does not exist ERROR: The -a, -d or -r option is required when there is no active root dataset The funny thing here is that the zfs list on the source system doesn't mention this zfs file system: rpool/tedzone 242M 64.1G 22.5K /tedzone rpool/tedzone/ROOT 242M 64.1G19K legacy rpool/tedzone/ROOT/zbe 242M 64.1G 242M /tedzone/root Are we looking at a bug here? Hi Ted, First, I don't think that we support sparc -- x86 zone migrations. (Someone please correct me if I'm wrong.) Second, did you create recursive snapshots of tedzone's datasets and send each snapshot to the destination system? Try the following after you detach tedzone: ---8--- # zfs snapshot -r rpool/tedz...@migrate ---8--- Then send each dataset snapshot to the destination system: ---8--- # zfs send rpool/tedz...@migrate | ssh u...@hostname pfexec /usr/sbin/zfs receive -F rpool/tedz...@migrate # zfs send rpool/tedzone/r...@migrate | ssh u...@hostname pfexec /usr/sbin/zfs receive -F rpool/tedzone/r...@migrate # zfs send rpool/tedzone/ROOT/z...@migrate | ssh u...@hostname pfexec /usr/sbin/zfs receive -F rpool/tedzone/ROOT/z...@migrate ---8--- Then attach the zone on the destination system. BTW, as Frank mentioned, your output shows that the source system's tedzone contained the ROOT and ROOT/zbe filesystems. Hope that helps, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] global vs non-global zones
On 02/15/10 01:01 PM, Dombrowski, Neil wrote: If I have a non-global zone running sendmail, and I run “ps –ef |grep sendmail” in the global zone, will I see the sendmail processes running for the non-global zone and the global zone? Thanks, Neil ___ zones-discuss mailing list zones-discuss@opensolaris.org Yes, you will see sendmail process in all zones. You can restrict the results to a subset of zones by using ps(1)'s -z option. Hope that helps, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] codereview for 6914152 (zonecfg)
On 02/19/10 10:32 AM, Frank Batschulat (Home) wrote: On Fri, 19 Feb 2010 15:39:21 +0100, Jerry Jelinekgerald.jeli...@sun.com wrote: On 02/19/10 06:53, Frank Batschulat (Home) wrote: May I request 2 code reviewers for the changes for: 6914152 zonecfg fails when less(1M) is missing http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6914152 http://cr.opensolaris.org/~batschul/zpager/ This looks fine to me. One nit: 911 5192 The error says Could not stat PAGER. This error message might be useful to a developer but isn't that useful for a sysadmin. Can you print something more meaningful like PAGER %s does not exist Thanks Jerry, that is indeed a valid concern, I changed it to be: snip PAGER /usr/bin/nonsense does not exist (No such file or directory). snip end I included the real error string in case of permission errors where the file does indeed exist and I am now dropping the mysterious stat part. updated webrev: http://cr.opensolaris.org/~batschul/zpager/ cheers frankB ___ zones-discuss mailing list zones-discuss@opensolaris.org Hi Frank, This looks fine to me. Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] renaming zonepath
On 02/21/10 08:33 AM, Anil wrote: Never mind. I will not do this rename. It's not worth the trouble. r...@vps1:~# zoneadm -z note move /zones/note Moving across file systems; copying zonepath /zones/bugs...sh[1]: cd: /zones/bugs: [No such file or directory] zoneadm: zone 'note': 'copy' failed with exit code 1. The copy failed. More information can be found in /var/log/zoneAAA2XaapU Cleaning up zonepath /zones/note...The ZFS file system for this zone has been destroyed. I believe the zones are not mounted when the zone is not running so the cp fails. Luckily it did not delete the data *phew*. Thanks! Anil, My response is for future reference. The zoneadm move command should preserve the ZFS filesystem's properties because zoneadm(1M) merely changes the filesystem's mountpoint. What you're seeing is odd because zoneadm(1M) should never have to manually copy files across filesystems as long as you're moving a zone with a ZFS-based zonepath. (zoneadm(1M) only copies files across filesystems when it can't set the ZFS filesystem's mountpoint.) What version of Solaris are you using? Thanks, Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Not all zones will start at system boot on b133
Hi Paul, I wrote the code that introduced the zcons (zone console) ioctl that's failing on your system. I'll investigate this problem as soon as possible. Does this problem occur consistently (i.e., every time you boot your system)? Does it ever happen when you manually boot a zone? Thanks, Jordan On 03/ 1/10 04:20 AM, Paul van der Zwan wrote: When I boot my b133 system not all zones will get started, even when they are marked with auto-boot = yes. In the smf log /var/svc/log/system-zones:default.log I see: [ Feb 26 21:14:44 Enabled. ] [ Feb 26 21:15:09 Executing start method (/lib/svc/method/svc-zones start). ] Booting zones: webzone mailzone buildzone dns devERROR: error while acquiring slave handle of zone console for dev: No such device or address console setup: device initialization failed ERROR: error while acquiring slave handle of zone console for buildzone: No such device or address console setup: device initialization failed zone 'dev': could not start zoneadmd zoneadm: zone 'dev': call to zoneadmd failed zone 'buildzone': could not start zoneadmd zoneadm: zone 'buildzone': call to ERROR: error while acquiring slave handle of zone console for mailzone: No such device or address console setup: device initialization failed zoneadmd failed zone 'mailzone': could not start zoneadmd zoneadm: zone 'mailzone': call to zoneadmd failed . [ Feb 26 21:15:24 Method start exited with status 0. ] When I do a zoneadm boot for the zones that have failed to boot they start without any problem. Any ideas ? Paul ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Sendmail is mising from my zone.
keegam wrote: I just built a new opensolaris server. This is my first time using opensolaris. I'm mirroring a sol10 environment, so that could be where i went wrong. Here is the zonecfg info: zonecfg -z myzone info zonename: myzone zonepath: /zones/myzone brand: ipkg autoboot: true bootargs: pool: limitpriv: scheduling-class: ip-type: shared hostid: inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr fs: dir: /usr/local special: /opt/zones/myzone/usr/local raw not specified type: lofs options: [] net: address: 10.93.67.179 physical: bnx0 defrouter not specified ## Coming from solaris 10, i added the inherit-pkg-dir because a lot of stuff was missing from /lib that i needed (like the X11 libs). When I'm on the broken zone, i get this error (which does not happen in the global): r...@myzone:/var/spool/pkg/pre# svcs -xv sendmail svcs: Pattern 'sendmail' doesn't match any instances Also, /var/spool/clientmqueue/ didn't exist. Odd. If anyone has any idea what I did wrong, I would appreciate some information. Don't use inherit-pkg-dirs in ipkg-branded zones: You will break the zones' packaging configurations. The ipkg brand only supports whole root zones. Install required applications and libraries via pkg(5). Jordan ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] no pkgadd in zone
Try pkg search /usr/sbin/pkgadd: ---8--- arrakis [12:39:03 0]% pkg search `whence pkgadd` [...] path file usr/sbin/pkgadd pkg:/sunwpkgc...@0.5.11-0.132 path file usr/sbin/pkgadd pkg:/package/s...@0.5.11-0.133 path file usr/sbin/pkgadd pkg:/package/s...@0.5.11-0.134 ---8--- Try installing the package/svr4 package. Hope that helps, Jordan On 07/ 1/10 12:28 PM, Dennis wrote: Hi, I want to install the blastwave install script. But there is no pkgadd in the container. What is the name of the IPS package for pkgadd? Or what is the fix for this? Thanks ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] v2v solaris 8-9 zone to solaris 10 zone
Hi Gael, No, there is no supported way to convert an S8- or S9-branded zone to a native Solaris 10 zone. Regards, Jordan On 09/17/10 06:27 PM, Gael wrote: Hello Now that p2v supports S10 with U9, is there some automated easier way to convert existing solaris 8/9 branded zones into native S10 whole zones using the global zone os version ? Regards -- Gael Martinez ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Assigning Qlogic HBA to Virtual domain in LDOMS
Try the ldoms-discuss mailing list. Jordan On 09/27/10 11:13 AM, Sanjay Akula wrote: Hi, Need help, How can I assign Qlogic HBA's to virtual domain in Ldoms? Thanks, -- Regards, SysAdmin ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Possible to use zones for hardening? Security?
Is there a way to disable all remote connections to the GZ? In other words, couldn't you use a firewall to reject connections on all ports to the GZ? That would effectively deny remote access to the GZ without having to disable any network interfaces. Of course, disabling the GZ's interface(s) is preferable (it's simpler), but I'm not sure if it's possible. I haven't tried it. Jordan On 09/29/10 10:33 AM, Orvar Korvar wrote: Ok, so it is impossible to shutdown internet connection to the global zone and surf only from the local zones. If I want to surf from the local zones, the global zone's NIC must be activated. I suspect a hacker will attack the global zone, instead of the local zone that I surf from. Are there any other ways to increase security instead of my original plan (shutting down the global zone and surf from local zones)? I am afraid the global zone will be attacked... ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Zones zone.max-shm-memory setting.
Locked memory is the same as pinned memory: In other words, pages that won't be paged to disk. Applications can request that pages be locked into memory. The pager won't page locked pages to disk. Regarding an appropriate value for desktop usage: It depends on what kinds of applications you're using. Most applications don't use locked/pinned pages. I don't set this property on my desktop, but you could set it to a small value. (0M?) Jordan On 11/27/10 01:15 PM, Orvar Korvar wrote: At the same time, I would like to ask exactly what is locked RAM? How much is an apropriate value for desktop usage? 2GB? add capped-memory set locked=2GB end ___ zones-discuss mailing list zones-discuss@opensolaris.org
