Re: [zones-discuss] need help with zonecfg and networking

2012-02-09 Thread Will Fiveash 
On Thu, Feb 09, 2012 at 07:45:34AM -0600, Mike Gerdts wrote:
> On Wed 08 Feb 2012 at 07:24PM, Will Fiveash wrote:
> > BTW, when I look at the man page I see this similar example:
> > 
> > Example 3 Creating a Shared-IP Zone
> > 
> > The following example creates a zone that shares an IP stack with the 
> > global zone, and is assigned a single IP address and default router.
> > 
> > example# zonecfg -b -z shared
> > zonecfg:shared> create
> 
> That's broken.  I've opened:
> 
> 7144106 zonecfg(1M) examples 3 and 13 improperly use -b

Thanks, I was about to do the same.  Once Ian mentioned that -b was a
create option and not global my config script worked.

-- 
Will Fiveash
Oracle Solaris Software Engineer
Austin, TX, USA
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] need help with zonecfg and networking

2012-02-09 Thread Mike Gerdts 
On Wed 08 Feb 2012 at 07:24PM, Will Fiveash wrote:
> BTW, when I look at the man page I see this similar example:
> 
> Example 3 Creating a Shared-IP Zone
> 
> The following example creates a zone that shares an IP stack with the global 
> zone, and is assigned a single IP address and default router.
> 
> example# zonecfg -b -z shared
> zonecfg:shared> create

That's broken.  I've opened:

7144106 zonecfg(1M) examples 3 and 13 improperly use -b

-- 
Mike Gerdts
Solaris Core OS / Zones http://blogs.oracle.com/zoneszone/
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] need help with zonecfg and networking

2012-02-09 Thread Mike Gerdts 
On Wed 08 Feb 2012 at 07:45PM, Will Fiveash wrote:
> 
> When I do:
> 
> create
> set zonepath=/zone/newzone
> set limitpriv="default,dtrace_proc,dtrace_user"
> 
> set ip-type=shared
> 
> add net
> set physical=nge0
> set address=10.0.0.2/8
> end

remove anet linkname=net0

> commit
> exit
> 
> I see:
> 
> On line 19 of /tmp/createzone.yuaalI:
> anet resources can only be specified if ip-type = exclusive
> Zone master failed to verify
> master: Incompatible settings
> 
> ?

The default zone configuration (SYSdefault) contains an anet resource.
anet resources require ip-type = exclusive.  The command I inserted
above will remove that default anet resource.  The 'create -b' option is
also a fine route to go, but is not ideal if you are trying to switch an
already configured zone between exclusive and shared stack.

-- 
Mike Gerdts
Solaris Core OS / Zones http://blogs.oracle.com/zoneszone/
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] need help with zonecfg and networking

2012-02-08 Thread Glenn Faden 

On Feb 8, 2012, at 5:13 PM, Will Fiveash wrote:

> I used to be able to configure zones a while back but now I'm stumped
> (using released S11).  What I want is a set of zones, each with a unique
> IP address such that they can ping each other and the global zone.  I used to 
> use a zonecfg
> of:
> 
> create
> set zonepath=/zone/newzone
> set limitpriv="default,dtrace_proc,dtrace_user"
> add net
> set physical=nge0
> set address=10.0.0.2/8
> end
> commit
> exit

If you want to do it this way you need to add

set ip-type=shared

since the default for the solaris brand is now exclusive. With exclusive you 
can't set the IP address this way. You need to use the anet resource instead.

--Glenn

> 
> and that did want I want.  Now I see:
> 
> n line 19 of /tmp/createzone.qEaOyF:
> net: address cannot be specified if ip-type = exclusive
> ip-type is set to 'exclusive' by default.
> Zone master failed to verify
> master: Invalid argument
> 
> Note that in the global zone:
> $ ifconfig -a
> lo0: flags=2001000849 mtu 8232 
> index 1
>   inet 127.0.0.1 netmask ff00 
> nge0: flags=1000843 mtu 1500 index 2
>   inet 10.135.188.58 netmask fc00 broadcast 10.135.191.255
> nge0:1: flags=1000843 mtu 1500 index 2
>   inet 10.0.0.1 netmask fc00 broadcast 10.0.3.255
> vboxnet0: flags=201000843 mtu 1500 
> index 3
>   inet 192.168.56.1 netmask ff00 broadcast 192.168.56.255
> lo0: flags=2002000849 mtu 8252 
> index 1
>   inet6 ::1/128 
> 
> nge0:1 is the interface I use to get to the other zones.
> 
> Any help is appreciated.
> 
> -- 
> Will Fiveash
> Oracle Solaris Software Engineer
> http://opensolaris.org/os/project/kerberos/
> Sent using mutt, a sweet, text based e-mail app 
> ___
> zones-discuss mailing list
> zones-discuss@opensolaris.org

Glenn Faden | Senior Principal Software Engineer
Phone: +1 408 276-6884 | Mobile: +1 415 637 8181 
Oracle Solaris Security, Solaris Core OS Technology Engineering

___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] need help with zonecfg and networking

2012-02-08 Thread Will Fiveash 
On Thu, Feb 09, 2012 at 03:28:24PM +1300, Ian Collins wrote:
> On 02/ 9/12 02:24 PM, Will Fiveash wrote:
> >On Wed, Feb 08, 2012 at 07:13:10PM -0600, Will Fiveash wrote:
> >>I used to be able to configure zones a while back but now I'm stumped
> >>(using released S11).  What I want is a set of zones, each with a unique
> >>IP address such that they can ping each other and the global zone.  I used 
> >>to use a zonecfg
> >>of:
> >>
> >>create
> >>set zonepath=/zone/newzone
> >>set limitpriv="default,dtrace_proc,dtrace_user"
> >>add net
> >>set physical=nge0
> >>set address=10.0.0.2/8
> >>end
> >>commit
> >>exit
> >>
> >>and that did want I want.  Now I see:
> >BTW, when I look at the man page I see this similar example:
> >
> >Example 3 Creating a Shared-IP Zone
> >
> >The following example creates a zone that shares an IP stack with the global 
> >zone, and is assigned a single IP address and default router.
> >
> >example# zonecfg -b -z shared
> >zonecfg:shared>  create
> 
> You probably want create -b

That was the problem.  The example in the man page is wrong.

> >zonecfg:shared>  set zonepath=/export/zones/shared
> >zonecfg:shared>  set ip-type=shared
> >zonecfg:shared>  add net
> >zonecfg:shared:net>  set physical=nge0
> >zonecfg:shared:net>  set address=192.168.0.3/24
> >zonecfg:shared:net>  set defrouter=192.168.0.1
> >zonecfg:shared:net>  end
> >zonecfg:shared>  exit
> 
> I don't see a 'commit' in there before the exit.

In my example I do have commit.  Again, the above is a literal copy and
paste from the man page. 

> Did you have an old zone with the same name?  Check with
> 
> zonecfg -z shared export
> 
> 
> >That fails because -b isn't supported and if I remove that then I see:
> 
> Expand "fails", that example works fine (with the commit).

I got zonecfg to work using create -b, thanks

-- 
Will Fiveash
Oracle Solaris Software Engineer
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app 
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] need help with zonecfg and networking

2012-02-08 Thread Ian Collins 

On 02/ 9/12 02:24 PM, Will Fiveash wrote:

On Wed, Feb 08, 2012 at 07:13:10PM -0600, Will Fiveash wrote:

I used to be able to configure zones a while back but now I'm stumped
(using released S11).  What I want is a set of zones, each with a unique
IP address such that they can ping each other and the global zone.  I used to 
use a zonecfg
of:

create
set zonepath=/zone/newzone
set limitpriv="default,dtrace_proc,dtrace_user"
add net
set physical=nge0
set address=10.0.0.2/8
end
commit
exit

and that did want I want.  Now I see:

BTW, when I look at the man page I see this similar example:

Example 3 Creating a Shared-IP Zone

The following example creates a zone that shares an IP stack with the global 
zone, and is assigned a single IP address and default router.

example# zonecfg -b -z shared
zonecfg:shared>  create


You probably want create -b

zonecfg:shared>  set zonepath=/export/zones/shared
zonecfg:shared>  set ip-type=shared
zonecfg:shared>  add net
zonecfg:shared:net>  set physical=nge0
zonecfg:shared:net>  set address=192.168.0.3/24
zonecfg:shared:net>  set defrouter=192.168.0.1
zonecfg:shared:net>  end
zonecfg:shared>  exit


I don't see a 'commit' in there before the exit.

Did you have an old zone with the same name?  Check with

zonecfg -z shared export



That fails because -b isn't supported and if I remove that then I see:


Expand "fails", that example works fine (with the commit).

--
Ian.

___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] need help with zonecfg and networking

2012-02-08 Thread Will Fiveash 
On Thu, Feb 09, 2012 at 02:23:52PM +1300, Ian Collins wrote:
> On 02/ 9/12 02:13 PM, Will Fiveash wrote:
> >I used to be able to configure zones a while back but now I'm stumped
> >(using released S11).  What I want is a set of zones, each with a unique
> >IP address such that they can ping each other and the global zone.  I used 
> >to use a zonecfg
> >of:
> >
> >create
> >set zonepath=/zone/newzone
> >set limitpriv="default,dtrace_proc,dtrace_user"
> >add net
> >set physical=nge0
> >set address=10.0.0.2/8
> >end
> >commit
> >exit
> >
> >and that did want I want.  Now I see:
> >
> >n line 19 of /tmp/createzone.qEaOyF:
> >net: address cannot be specified if ip-type = exclusive
> >ip-type is set to 'exclusive' by default.
> >Zone master failed to verify
> >master: Invalid argument
> 
> You either need to set ip-type=shared in the config, or remove the address
> setting and give the zone a dedicated (v)nic.  I don't use shared ip zones
> on 11, its easy to create a vnic and give it to the zone.

When I do:

create
set zonepath=/zone/newzone
set limitpriv="default,dtrace_proc,dtrace_user"

set ip-type=shared

add net
set physical=nge0
set address=10.0.0.2/8
end
commit
exit

I see:

On line 19 of /tmp/createzone.yuaalI:
anet resources can only be specified if ip-type = exclusive
Zone master failed to verify
master: Incompatible settings

?
-- 
Will Fiveash
Oracle Solaris Software Engineer
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app 
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] need help with zonecfg and networking

2012-02-08 Thread Ian Collins 

On 02/ 9/12 02:13 PM, Will Fiveash wrote:

I used to be able to configure zones a while back but now I'm stumped
(using released S11).  What I want is a set of zones, each with a unique
IP address such that they can ping each other and the global zone.  I used to 
use a zonecfg
of:

create
set zonepath=/zone/newzone
set limitpriv="default,dtrace_proc,dtrace_user"
add net
set physical=nge0
set address=10.0.0.2/8
end
commit
exit

and that did want I want.  Now I see:

n line 19 of /tmp/createzone.qEaOyF:
net: address cannot be specified if ip-type = exclusive
ip-type is set to 'exclusive' by default.
Zone master failed to verify
master: Invalid argument


You either need to set ip-type=shared in the config, or remove the 
address setting and give the zone a dedicated (v)nic.  I don't use 
shared ip zones on 11, its easy to create a vnic and give it to the zone.


--
Ian.

___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] need help with zonecfg and networking

2012-02-08 Thread Will Fiveash 
On Wed, Feb 08, 2012 at 07:13:10PM -0600, Will Fiveash wrote:
> I used to be able to configure zones a while back but now I'm stumped
> (using released S11).  What I want is a set of zones, each with a unique
> IP address such that they can ping each other and the global zone.  I used to 
> use a zonecfg
> of:
> 
> create
> set zonepath=/zone/newzone
> set limitpriv="default,dtrace_proc,dtrace_user"
> add net
> set physical=nge0
> set address=10.0.0.2/8
> end
> commit
> exit
> 
> and that did want I want.  Now I see:

BTW, when I look at the man page I see this similar example:

Example 3 Creating a Shared-IP Zone

The following example creates a zone that shares an IP stack with the global 
zone, and is assigned a single IP address and default router.

example# zonecfg -b -z shared
zonecfg:shared> create
zonecfg:shared> set zonepath=/export/zones/shared
zonecfg:shared> set ip-type=shared
zonecfg:shared> add net
zonecfg:shared:net> set physical=nge0
zonecfg:shared:net> set address=192.168.0.3/24
zonecfg:shared:net> set defrouter=192.168.0.1
zonecfg:shared:net> end
zonecfg:shared> exit

That fails because -b isn't supported and if I remove that then I see:

On line 20 of /tmp/createzone.3LaG5F:
anet resources can only be specified if ip-type = exclusive
Zone master failed to verify
master: Incompatible settings

?
-- 
Will Fiveash
Oracle Solaris Software Engineer
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app 
___
zones-discuss mailing list
zones-discuss@opensolaris.org

[zones-discuss] need help with zonecfg and networking

2012-02-08 Thread Will Fiveash 
I used to be able to configure zones a while back but now I'm stumped
(using released S11).  What I want is a set of zones, each with a unique
IP address such that they can ping each other and the global zone.  I used to 
use a zonecfg
of:

create
set zonepath=/zone/newzone
set limitpriv="default,dtrace_proc,dtrace_user"
add net
set physical=nge0
set address=10.0.0.2/8
end
commit
exit

and that did want I want.  Now I see:

n line 19 of /tmp/createzone.qEaOyF:
net: address cannot be specified if ip-type = exclusive
ip-type is set to 'exclusive' by default.
Zone master failed to verify
master: Invalid argument

Note that in the global zone:
$ ifconfig -a
lo0: flags=2001000849 mtu 8232 
index 1
inet 127.0.0.1 netmask ff00 
nge0: flags=1000843 mtu 1500 index 2
inet 10.135.188.58 netmask fc00 broadcast 10.135.191.255
nge0:1: flags=1000843 mtu 1500 index 2
inet 10.0.0.1 netmask fc00 broadcast 10.0.3.255
vboxnet0: flags=201000843 mtu 1500 
index 3
inet 192.168.56.1 netmask ff00 broadcast 192.168.56.255
lo0: flags=2002000849 mtu 8252 
index 1
inet6 ::1/128 

nge0:1 is the interface I use to get to the other zones.

Any help is appreciated.

-- 
Will Fiveash
Oracle Solaris Software Engineer
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app 
___
zones-discuss mailing list
zones-discuss@opensolaris.org