Re: [zones-discuss] set physical=e1000g0

2009-06-12 Thread David . Comay
Thank you guys for your answers! Regarding this networking problem, I think I don't have time to investigate into it and I have decided to deploy on Solaris 10 instead. The changes in OpenSolaris is too overwhelming and even Sun cannot catch up with the documentation (for example, sparse

Re: [zones-discuss] NTP client in non-global zone

2009-02-19 Thread David . Comay
What is best practice here? Do not run {x}ntpd in the zones. Actually there is a use-case for doing so - given that it's a network-facing appliction, one might want to run xntpd in a non-global zone for isolation reasons. ___ zones-discuss mailing

Re: [zones-discuss] cannot negotiate hypervisor

2007-12-07 Thread David . Comay
I just jumpstarted a T2000 twice. Once with 118833-33 and once with 120011-14. The first time there was no problems with the November 2006 118833-33 but when I re-jumpstarted it with the 120011-14 8-07 release I ended up with multiple messages stating cannot negotiate hypervisor. I checked

Re: [zones-discuss] netmask warning, misconfiguration

2007-11-30 Thread David . Comay
zoneadm: zone 'int-sagent-1-z1': WARNING: bge0:1: no matching subnet found in netmasks(4) for 172.20.46.188; using default of 255.255.0.0. but my /etc/netmasks (on both the global and local zone) looks good: What does the netmasks entry in /etc/nsswitch.conf say? A common issue is that a

Re: [zones-discuss] zonecfg and dhcp for shared interface?

2007-06-14 Thread David . Comay
# zonecfg -z zone1 zone1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone1 create zonecfg:zone1 set zonepath=/localzones/zone1 zonecfg:zone1 add net zonecfg:zone1:net set physical=e1000g0 zonecfg:zone1:net set address=dhcp zonecfg:zone1:net end zonecfg:zone1

Re: [zones-discuss] pidentd

2007-05-04 Thread David . Comay
Oh. I though that pidentd was supposed to resolve UIDs locally. That's one of the features of the protocol; it provides here's who *I* think the user is information back to the requester. Of course, that's why I thought IDENT was a fairly bogus mechanism since you're asking the remote system

Re: [zones-discuss] A seperate /usr/local/

2007-05-03 Thread David . Comay
I installed my zones, in a sparse zone format. question is, is there a way to NOT use /usr/local from the global zone and use a local copy or start with a clean /usr/local on the zone besides in a whole root format where it copies the global over to the zone. I do not want to rebuild the zone if

Re: [zones-discuss] Re: nevada zone with NAT and NFS

2007-05-03 Thread David . Comay
At least some of the servers that I can't access are using NFSv3 It has been my experience that NFSv4 on Solaris 10 and NFSv3 on other hosts, including NetApp filers, cause all sorts of problems. Either you get No Directory or the directory/files are owned by nobody. I don't know about

Re: [zones-discuss] NFS server in zones

2007-02-15 Thread David . Comay
I think we already have this as a potentially serious problem for non-global zones that are NFS clients of the global zone, don't we? Making it work right would involve either resolving the underlying deadlock or somehow identifying those self-mounts and doing a lofs mount from the global zone

Re: [zones-discuss] NFS server in zones

2007-02-14 Thread David . Comay
2) Lack of requirements - we don't know what people want. In addition to the requirements already stated by others, another crucial one is a resolution of the infamous NFS/VM deadlock. There have been numerous bugs filed over the years concerning it but I believe the current one is

Re: [zones-discuss] New zone, sysidtool:net isn't starting

2007-01-29 Thread David . Comay
FYI, you can also use create -b (blank) so you don't have to run remove-pkg-dir 4 times. Actually, the documented way to create a whole-root zone *is* to remove the default inherit-pkg-dir resources. The reason for this is create -b says to use a blank template - namely, no properties set and

Re: [Fwd: Re: [zones-discuss] Re: zonemgr -s syntax]

2007-01-25 Thread David . Comay
My desire is to have zones be part of the core in Nevada, possibly by folding them right into SUNWcsu/SUNWcsr. There's also a related CR open 6421453 RFE: SUNWCzone should be available in SUNWCmreq and above Fixing is involves an examination of SUNWzoneu's dependencies

Re: [zones-discuss] Questions on zoneadm in Sol 10 11/06

2007-01-23 Thread David . Comay
My question is about the features that were added to zoneadm in the 11/06 release. The options for zoneadm move and clone, etc. We want to know whether or not we can simply patch our current Solaris 10 servers to gain these options or if we'll be required to do an entirely new install. Yes,

Re: [zones-discuss] Re: [networking-discuss] Re: [crossbow-discuss] Design review of IP Instances part of Crossbow

2006-11-08 Thread David . Comay
If we want any form of internal consistency, wouldn't we also need to change were we assign datalink names from zonecfg to dladm? Thus no more 'net' resource in zonecfg for exclusive-IP zones, but instead some dladm set-zone zoneA bge1 Only having dladm show it, and not be able to

Re: [zones-discuss] Re: [networking-discuss] Re: [crossbow-discuss] Design review of IP Instances part of Crossbow

2006-11-08 Thread David . Comay
As Dan pointed out, there are already other commands such as ifconfig(1M) and mount(1M) which manipulate or observe resources assigned to a zones so using dladm(1M) wouldn't be that inconsistent. Yes, but those provide for manipulation (aka change) and observability in the same place.

Re: [zones-discuss] Re: [networking-discuss] Re: [crossbow-discuss]Design review of IP Instances part of Crossbow

2006-11-08 Thread David . Comay
I tried the kill and AFAICT root in the global zone can kill a process in a non-global zone: OK. I must be misremembering this. I thought the restriction was more complex than that. Within the global zone, the ability to kill a process in a non-global zone is controlled by the proc_zone

Re: [zones-discuss] Re: [networking-discuss] Re: [crossbow-discuss] Design review of IP Instances part of Crossbow

2006-11-06 Thread David . Comay
The reason is that ifconfig in the global is not involved in configuring IP for the exclusive-IP zones; that is done by ifconfig running inside the exclusive-IP zones. This is by design different than the IP configuration for the shared-IP zones; those are both configurable as well as

[zones-discuss] Re: [crossbow-discuss] Design review of IP Instances part of Crossbow

2006-11-01 Thread David . Comay
Erik, Here are my belated comments on the IP Instances design. There are two documents which describe the design si-interfaces - a high-level design focusing on the problem the project solves, and what the user-visible changes are A general comment that in both documents page

[zones-discuss] Re: [crossbow-discuss] Design review of IP Instances part of Crossbow

2006-11-01 Thread David . Comay
Erik, One additional comment I meant to include is that I think it would be useful to add a paragraph on what is possible today with the current stack in terms of sharing a link versus what will be possible with IP instances (using separate physical NICs or VLANs) versus what will be possible

Re: [zones-discuss] zone management and security

2006-10-13 Thread David . Comay
I propose that zlogin be split into two different programs, one for console access and one for running programs and/or shell. A simple way to do this (and would be backward compatible) would be to create a hard link to zlogin, say 'zconsole' that when it is executed the program can test arg0 and

Re: [zones-discuss] zones, upgrades, and vxvm

2006-09-14 Thread David . Comay
Does it make any difference as to where or what kind of fs that the zoneroot is mounted? and is there any difference with a whole root zone? The situation is the same for both sparse and whole-root zones. The key is whether or not the file system is available under the miniroot since the

Re: [zones-discuss] traceroute to a zone creates extra hops

2006-09-13 Thread David . Comay
Fernando, I have two systems named fdo5 and fdoclt4. All the NICs in both systems are connected to the same switch. fdoclt4 has 3 zones in it. When I traceroute from fdo5 to any of the zones, the route has an extra hop (always 18.1.1.142). shouldn't this example resolve to 18.1.1.145

Re: [zones-discuss] Creating a zone with the -b option

2006-08-30 Thread David . Comay
zonecfg:whole-1 remove inherit-pkg-dir dir=/sbin zonecfg:whole-1 remove inherit-pkg-dir dir=/usr zonecfg:whole-1 remove inherit-pkg-dir dir=/platform zonecfg:whole-1 remove inherit-pkg-dir dir=/lib As Enda points out, this is the supported method for creating whole root zones. The create -b

Re: [zones-discuss] Re: Re: Question: Zones/Mpxio + Disk Array (HDS 9970V

2006-08-04 Thread David . Comay
Hmmm, I have been doing this for a long time (though on nevada) with no problems. If this document is correct it looks like Sun has shot itself in the foot and released ZFS to Solaris 10 with a zery large bug. Is UFS safe??? There isn't a run-time issue but rather the issue is around

Re: [zones-discuss] Re: core dump during zone install

2006-07-21 Thread David . Comay
libc.so.1`realfree+0x68(2a3f0, 871, 93ac8, 3a4d8, 0, d) libc.so.1`_free_unlocked+0xb0(ff1efa54, 0, 932f4, ff1efad4, ff1e8284, 2e460) libc.so.1`free+0x24(2e460, 1084, 93334, 0, ff1e8284, 1000) libcurses.so.1`delwin+0x80(0, 2df58, 2c068, fef03994, 0, 0) libcurses.so.1`delscreen+0x5c(29748,

Re: [zones-discuss] improved zones/RM integration

2006-07-18 Thread David . Comay
Could we somehow work the zone name into this? It would be nice for e.g. poolstat(1) observability. Otherwise the user experience is going to be all about trying to work out what 'SUNWzone34' maps to, which seems poor. We need to have the name begin with SUNW or we could have collisions with

Re: [zones-discuss] zones, upgrades, and vxvm

2006-06-19 Thread David . Comay
Christine, LU doesn't work for boxes with zones yet, afaik. zonepath on vxvm volumes won't work for upgrade from 3/05 (granted, upgrade from 3/05 with zones isn't supported anyway). I have no reason to think this would work with 1/06 Just to clarify that upgrade from 3/05 when zones are

Re: [zones-discuss] zones, upgrades, and vxvm

2006-06-19 Thread David . Comay
S10 1/06: Will not update a zoned system. You must remove the zones before updating. Actually, that's not quite right. Standard upgrade is supported in upgrading from 3/05 to 1/06. S10 6/06: Will not use LiveUpgrade to update a zoned system. If you want to update a zoned system, you must