Front cover z/VM and Linux on IBM System z The Virtualization Cookbook for Red Hat Enterprise Linux 5.2 Hands-on instructions for installing z/VM and Linux on the mainframe Updated information for z/VM 5.4 and Red Hat Enterprise Linux 5.2 New, more versatile file system layout Michael MacIsaac Bradford Hinson Lester Peckover ibm.
International Technical Support Organization The Virtualization Cookbook for Red Hat Enterprise Linux 5.
Note: Before using this information and the product it supports, read the information in “Notices” on page ix. First Edition (October 2008) This edition applies to Version 5, Release 4, Modification 0 of z/VM (product number 5741-A05) and Version 5, Release 2 of Red Hat Enterprise Linux. © Copyright International Business Machines Corporation 2008. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .x Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi The team that wrote this book . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv 4.1 Installing z/VM from DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.1 Booting z/VM from DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.2 Copying a vanilla z/VM system to DASD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.3 IPL the vanilla z/VM from DASD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.4 Completing the z/VM installation. . . . . .
Chapter 6. Configuring a Network File System server for RHEL 5.2 . . . . . . . . . . . . . . 6.1 Installing Linux on the PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2 Downloading files associated with this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.3 Setting up a RHEL 5.2 install tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.3.1 Copying from physical DVD . . . . . . . . . . . . . .
vi 9.1 Formatting DASD for minidisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.1 Defining a new user ID for a virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.2 Adding LINUX01 to AUTOLOG1’s PROFILE EXEC . . . . . . . . . . . . . . . . . . . . . . 9.2 Cloning a virtual server manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.3 Cloning one new virtual server . . . . . . . . . . . . . . . . . . .
Chapter 13. Miscellaneous recipes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1 Adding a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.1 Adding minidisks to the z/VM directory entry . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.2 Making the new minidisks available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.1.3 Formatting and partitioning the minidisks . . . . . . . .
How to get Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 viii The Virtualization Cookbook for Red Hat Enterprise Linux 5.
Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used.
Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries.
Preface This IBM® Redbooks® publication describes how to “roll your own” Linux® virtual servers on IBM System z® hardware under z/VM®. This edition applies to Version 5, Release 4, Modification 0 of z/VM (product number 5741-A05) and Version 5, Release 2 of Red Hat Enterprise Linux. With a z/VM and Linux infrastructure, you can reduce the time between deciding on the acquisition of new servers and then implementing them because new servers can be deployed in a matter of minutes.
Production of this IBM Redbooks publication was managed by: Lydia Parziale is a Project Leader for the ITSO team in Poughkeepsie, New York with domestic and international experience in technology management including software development, project leadership, and strategic planning. Her areas of expertise include e-business development and database management technologies.
2008 In October 2008, two cookbooks were published, one targeting the Novell/SUSE® SLES distribution, the other targeting the Red Hat RHEL distribution: z/VM and Linux on IBM System z The Virtualization Cookbook for SLES 10 SP2, SG24-7493 This book: z/VM and Linux on IBM System z The Virtualization Cookbook for Red Hat Enterprise Linux 5.2, SG24-7492 Associated with the Redbooks are REXX™ EXECs and Linux scripts to help you install and configure z/VM and Linux.
Chapter 6, “Configuring a Network File System server for RHEL 5.2” on page 85, explains how to set up a temporary NFS server on a Linux PC for the purpose of installing the first two Linux images. After the System z controller Linux is installed, you can copy the Linux install tree to it and retire the Linux PC server. Chapter 7, “Installing RHEL 5.
Conventions The following font conventions are used in this book: Monospace and bold Commands entered by the user on the command line Values inside angle brackets are examples and are to be replaced with values correct for your enterprise.
xvi The Virtualization Cookbook for Red Hat Enterprise Linux 5.
1 Chapter 1. Introduction to z/VM and Linux Virtualization is a hot topic in the IT industry. The IBM mainframe, z/VM and its predecessors have been performing virtualization for four decades. Today, it is the most functionally rich virtualization platform available. When Linux came to the IBM mainframe in 2000, it was a natural fit to run under z/VM. You can run many tens of Linux images on the same System z logical partition (LPAR). Some customers are running hundreds in production mode.
z/VM 5.3 z/VM 5.3 became generally available in June 2007. Scalability was extended to allow 256 GB of real memory, a total of 8 TB of virtual storage, and 32 real processors. z/VM V5.3 also added support for the Collaborative Memory Management Assist (CMMA) on the z9® EC and the z9 BC processors or later. Virtual Machine Resource Manager (VMRM) detects when memory is constrained and notifies the Linux guests, which can then adjust their memory consumption to help relieve the memory constraint.
1.2 This book’s approach Today there are numerous technical publications that discuss virtualization, but few of them demonstrate how to achieve it. This book gives you the “hands on” instructions needed to achieve a virtualized environment on your enterprise. The approach adopted is to keep all solutions simple, as expressed in the well-known quote from Albert Einstein “Everything should be made as simple as possible, but not simpler”.
Use of manual installation versus cloning script or EXEC Two methods of cloning are described: manually, and using a Linux bash script. The manual method was chosen so that you will better learn the described concepts. However, the Linux script is also provided so you can save time. 1.4 Infrastructure design To install and configure z/VM, and install, configure and clone Linux, or to provision virtual servers, there must be a certain infrastructure design in place.
SLES10S2 or RHEL52 This is the SLES10 SP2 or RHEL 5.2 golden image. This is the Linux system that is cloned. 1.5 Usability tests performed for this book During the writing of this book, many usability tests were conducted. The participants had a variety of skills, but none had both Linux and z/VM system administration skills.
6 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
2 Chapter 2. Planning This chapter covers the planning needed before you install z/VM. It begins by discussing a bill of materials, or all the resources that you need. Then it describes conventions adopted for labeling 3390 volumes. Finally, it presents resource worksheets for: z/VM resources other than direct access storage device (DASD) DASD resources Linux resources Linux user IDs © Copyright IBM Corp. 2008. All rights reserved.
2.1 Bill of materials The resources needed for a Linux on System z project can be divided into: Hardware Software Networking 2.1.1 Hardware resources The following hardware is needed: A System z or zSeries logical partition (LPAR); z800, z900, z890 or z990, System z9® or System z10 – Processors or CPUs: One IFL (or CP) minimum; using two or more is strongly recommended – Memory: 3 GB central/1 GB expanded minimum; using 6 GB/2 GB or more is recommended.
These resources are described in more detail in the chapters that follow. 2.1.3 Networking resources The following network resources are needed: A TCP/IP address for z/VM One TCP/IP address for each Linux virtual server Associated TCP/IP information: – – – – – – – DNS host name DNS domain DNS server TCP/IP address TCP/IP gateway TCP/IP subnet mask TCP/IP broadcast address (usually calculated from address and subnet mask) TCP/IP MTU size The TCP/IP addresses must be routed to the OSA cards. 2.
For example, Figure 2-1 shows the labeling convention for the DASD in LPAR M, of type minidisk at real address A700. M M A 7 0 0 R eal address D A S D type - M inidisk or P E R M space LP A R identifier Figure 2-1 DASD labeling convention The letter M is hard-coded into REXX EXECs that adopt this convention. If you want a different LPAR identifier character, they can easily be changed. 2.2.
DASD versus SCSI/FCP This book describes how to use conventional ECKD DASD and does not discuss FBA disks accessed over SCSI/FCP. This is not because either technology is superior, but simply because DASD seems to be much more common than SCSI/FCP disks. If you were to use SCSI/FCP disks, cloning using the clone.sh script would have to be modified to account for World Wide Port Names and Numbers.
2.4 Memory planning Planning memory may be the most difficult issue with z/VM and Linux on System z, but it is the most important to ensure adequate performance. The simplest solution may appear to involve having enough central memory (storage) in the LPAR so that z/VM never pages and Linux never swaps. However, realistically such resource is often not available. A useful rule of thumb is to allocate memory on a “just enough” basis for each Linux server.
You may want to define a finer granularity for passwords based on the following system administration roles: The main z/VM system administrator (MAINT) The z/VM network administrator (TCPMAINT) The z/VM Linux administrator (LNXMAINT, Linux controller, Linux virtual server user IDs) The Linux virtual server users (with or without access to 3270 sessions, with or without the root passwords) The sets of passwords that you define will depend on the roles that your organization will adopt. 2.
Name Value Comment MTU size 1500 Check with network administrator Primary OSA device number for VSWITCH 3024 Specify the first device number (must be even number) and the next two device numbers will also be used Secondary OSA device number for VSWITCH 3028 Should be on a different CHPID/OSA card 2.6.2 z/VM DASD used in this book Table 2-3 lists the z/VM DASD resource values used in the examples in this book.
Device number Label Type Notes DA56 MMDA56 System minidisk LINUX04 100 DA57 MMDA57 System minidisk LINUX04 101 DB50 MPDB50 CP owned Paging volume 6 2.6.3 Linux resources used in this book Table 2-4 lists the Linux PC NFS server resources used for the first System z Linux install: Table 2-4 Linux NFS server resources used in this book Name Value Comment TCP/IP address 9.12.4.
2.7 Blank worksheets Blank copies of the same four worksheets are provided for your use. 2.7.1 z/VM resources worksheet Use the worksheet in Table 2-7 to document the z/VM resources that you will use.
2.7.2 z/VM DASD worksheet Use the worksheet in Table 2-8 to document the z/VM DASD that you will use. Table 2-8 z/VM DASD blank worksheet Device number Label Type Notes Chapter 2.
2.7.3 Linux resources worksheet Use the worksheet in Table 2-10 to document the resources associated with the NFS server that will be used to be the install source of the first System z Linux. Table 2-9 Linux NFS server resources blank worksheet Name Value Comment TCP/IP address User/password NFS-exported install directory Use the worksheet in Table 2-11 to document your System z Linux resources.
3 Chapter 3. Configuring a desktop machine Many people use Microsoft® Windows as a desktop operating system. This chapter addresses the use of the following tools, which are recommended for accessing z/VM and Linux from a Windows desktop: An SSH client: PuTTY is recommended A VNC client: RealVNC is recommended A 3270 emulator: Many choices are available © Copyright IBM Corp. 2008. All rights reserved.
3.1 PuTTY: a free SSH client for Windows Throughout this book, SSH is used to log into Linux systems. It is easy to use and cryptographically secure. If you are using a Linux desktop system, an SSH client is built in. But if you are using a Windows desktop, you will need a useful SSH client. PuTTY is probably the most commonly used SSH client. You can find a PuTTY client for Windows on CD1 of a SLES 10 distribution in the /dosutils/putty directory. You can download PuTTY from the Web at: http://www.chiark.
Figure 3-2 Setting logging 4. In the left window, click SSH near the bottom, as shown in Figure 3-3. 5. On the right side, under Preferred SSH protocol version, click the 2 only radio button. Figure 3-3 Setting SSH Protocol 2 6. In the left Category window, click Terminal as shown in Figure 3-4 on page 22. Chapter 3.
7. Select the Use background colour to erase screen check box, which results in a better job of painting the window for applications that use curses (block graphics). Figure 3-4 Customizing PuTTY SSH settings (Part 1 of 4) 8. Click Window in the left pane, as shown in Figure 3-5. 9. You may choose a larger window size and more lines of scrollback. In this example, 50 rows, 100 columns are and 1000 lines of scrollback are set.
10.Click Session in the left pane, as shown in Figure 3-6. 11.Click Default Settings in the Saved Sessions pane, then click the Save button. This makes all future sessions that you define inherit the preferences you just set. Figure 3-6 Saving new default settings Saving sessions To save sessions, perform the following steps. In this example a session for LINUX00, or the controller, is saved.
2. Under the Saved Sessions text area, choose a name that you will remember. In this example, the name LINUX00 (controller) is used. 3. Again click Save and you should see the name added to the Saved Session list. Now whenever you start PuTTY, you can simply double-click any saved session name, and an SSH session to the desired Linux system will be invoked. 3.2 Setting up a VNC client A VNC client allows access to a graphical windowing environment with System z Linux.
3.2.2 Customizing RealVNC The latest VNC protocol is Version 4, which is the default with the VNC client. This version will work with the VNC servers shipped with SLES 10 or RHEL5. If, however, you need to use protocol Version 3.3 for SLES 9, open the VNC client and click the Options button, as shown in the left side of Figure 3-9. Click the Misc tab. Click the check box Use only protocol version 3.3 as shown in the center of the figure. Finally, click the Load/Save tab and click Save to save the changes.
Have the session automatically reconnect after logoff. Having a new logon window come back immediately after you log off can also save you time in the long run. This is often not the default behavior. Save your connection sessions. Rather than continually typing in the IP address or DNS name of the z/VM system to which you want to connect, spend a few minutes defining and saving a session for each system to which you may connect, as described for PuTTY.
4 Chapter 4. Installing and configuring z/VM To complete this chapter, you must complete the majority of Chapter 6, “Configuring a Network File System server for RHEL 5.2” on page 85. However, we recommend that you start here, because the instdvd step (used when installing z/VM) listed in 4.1.2, “Copying a vanilla z/VM system to DASD” on page 31, takes two or more hours to complete. While that process is running, you can configure the Network File System (NFS) server.
4.1 Installing z/VM from DVD The section that follows assumes a first-level installation of z/VM from DVD onto DASD. If you have not already done so, complete the worksheet that is provided in 2.7.1, “z/VM resources worksheet” on page 16. Note the following points: For System z9 hardware and older, you will need access to the Hardware Management Console (HMC) with a user ID that has authority to go into single object operations mode.
Figure 4-1 Integrated 3270 Console icon A window entitled Integrated 3270 Console for will open. (On earlier HMC levels, the window may be entitled Personal Communications). Hint: It is convenient to use the Alt-Tab key sequence to move between the HMC window and the 3270 console. 5. Insert the z/VM Product Package Version 5 Release 4.0 DVD into the HMC DVD drive. Important: On z10 HMCs and later, it is no longer required to be in Single Object Operations mode in order to install z/VM. 6.
Figure 4-2 CPC Recovery menu with Load from CD-ROM or Server icon present 8. On the Load CD-ROM or Server window as shown in Figure 4-3, the radio button Hardware Management Console CD-ROM / DVD should be selected. 9. In the same Load CD-ROM or Server window, fill in the File location field with /cpdvd. This is the directory on the DVD with the z/VM 5.4 installation code. 10.Click OK. Figure 4-3 Load from CD-ROM or Server window 11.Load the RAMDISK: a.
Figure 4-4 Selecting z/VM 5.4 RAMdisk system b. From the Confirm the action window, click Yes. You should see the Load from CD-ROM, DVD or Server Progress window. The green light on the DVD drive should light up. c. When you see the message Completed successfully., click OK to close. This should normally take about two to four minutes. Important: Normally, the z/VM RAMdisk (IBMVMRAM) loads in about four minutes. However, slow load times have been observed (15 to 18 minutes).
Figure 4-5 z/VM first boot on Integrated console 3. Invoke the instplan command. This will allow you to choose associated z/VM products to install, as well as the language to use and the type of DASD on which to install: ==> instplan 4. You should see the Installation Planning window display shown in Figure 4-6 on page 33. We recommend that you leave the Ms in the top section as is. 32 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
l ur Figure 4-6 Installation Planning window 5. On this window, type X next to AMENG (or select your language) and type 3390 Mod 3 (or the type of DASD you will use), as shown in Figure 4-6. 6. Press F5. You should the message HCPINP8392I INSTPLAN EXEC ENDED SUCCESSFULLY. 7. Attach the DASD devices onto which z/VM will be installed as defined in your planning worksheet in 2.7.2, “z/VM DASD worksheet” on page 17. In this example, the devices are d850-d854.
Important: The angle brackets <> in the example should not be typed. They are used throughout the book to signify that you should replace the example value with the correct value for your site. For example, if you are installing z/VM onto DASD 1200-1204, you would type the following: ==> att 1200-1204 * Running INSTDVD The INSTDVD EXEC copies the z/VM system from DVD to disk. 1. Execute the INSTDVD EXEC: ==> instdvd 2.
5. At the Integrated 3270 Console, type GO. You should see a messages of the form DVDLOAD: LOADING FILE CKD5000x IMAGE *. This step should take two to four minutes. 6. Finally, you should see the message HCPIDV8329I INSTDVD EXEC ENDED SUCCESSFULLY. 4.1.3 IPL the vanilla z/VM from DASD IPL your initial z/VM system now on DASD. Your 3270 Integrated Console session should still be running. 1. From the HMC Workplace window, select your LPAR by clicking it. You may have to first double-click Groups. 2.
6. Move back to the Integrated 3270 console window. You should see the Standalone Program Loader window as shown in Figure 4-9 on page 36. a. Press the Tab key to traverse to the IPL Parameters section and enter the value cons=sysg. This specifies the use of the Integrated 3270 console. Figure 4-9 The Standalone Program Loader window b. Press the F10 key to continue the IPL of your z/VM system. This should take about 1 to 3 minutes. 7.
Important: When logging onto a z/VM user ID that runs CMS, you should usually press Enter at the VM READ prompt. This will result in a prompt of the form: Ready; T=0.01/0.01 11:14:20 2. IPL CMS, then press Enter at the VM READ prompt in the lower right corner. You should see the Ready; prompt. ==> ipl cms ==> Press Enter at the VM READ prompt 3. Run the instvm dvd command: ==> instvm dvd ... HCPPLD8329I POSTLOAD EXEC ENDED SUCCESSFULLY ...
9. You will lose the current session on the Integrated 3270 Console, but the system should come back in about 2 to 4 minutes. 10.After it comes back, the last message should be Press enter or clear key to continue. Press Enter and you should see a z/VM logon window. At this point, you should now have a vanilla z/VM system installed. 4.2 Configuring TCP/IP We recommend that you initially configure TCP/IP using the IPWIZARD command, which is generally used just once.
3. The z/VM TCP/IP Configuration Wizard opens as shown in Figure 4-10. The first field, User ID, should always be TCPIP. Obtain the remaining values from the 2.7.1, “z/VM resources worksheet” on page 16 and press F8. Figure 4-11 IPWIZARD window 2 4. An Interface Name of ETH0 is arbitrary but recommended. The Device Number will be the starting address of the OSA triplet that the z/VM stack will use. The IP address that must be routed to the OSA card will become the TCP/IP address of the z/VM system.
Figure 4-12 IPWIZARD window 3 5. In general, a value for the Port Name is no longer necessary and a Router Type of None is recommended. Press F5 to complete the wizard. DTCIPW2508I DTCIPWIZ EXEC is attempting to create the necessary DTCIPW2508I configuration files 6. Enter 1 to restart the TCP/IP stack: The TCP/IP stack (TCPIP) must be restarted as part of this procedure Would you like to restart and continue? Enter 0 (No), 1 (Yes) 1 USER DSC LOGOFF AS TCPIP USERS = 2 FORCED BY MAINT ...
HMC Integrated 3270 Console or 3270 emulator? At this point, z/VM should be accessible over the network. You can continue working at the HMC, or you can access your new system using a 3270 emulator. If you want to switch to 3270 emulator, first LOGOFF from MAINT or issue DISConnect on the Integrated 3270 Console. Note the following points: If you log off, the session is ended; it is analogous to shutting and powering down a PC.
4.4 Customizing the SYSTEM CONFIG file The first configuration file read when z/VM IPLs is the SYSTEM CONFIG file. The following changes are recommended: Change the system name. Increase retrieve key capacity. Allow virtual disks (VDISKs) to be created. Turn off the Disconnect Timeout. This will prevent idle disconnected users from being forced off the system. Define a virtual switch (VSWITCH) that will be used for Linux networking. To make these changes, perform the following steps: 1.
Features , Disable , Set_Privclass , Auto_Warm_IPL , Clear_TDisk , Retrieve , Default 99 , Maximum 255 , MaxUsers noLimit , Passwords_on_Cmds , Autolog yes , Link yes , Logon yes , Disconnect_Timeout off , Vdisk , Syslim infinite , Userlim infinite /* /* /* /* /* /* /* /* /* /* /* /* /* /* Disable the following features Disallow SET PRIVCLASS command Prompt at IPL always Don't clear TDisks at IPL time Retrieve options Default.... default is 20 Maximum....
4.5 Configuring TCP/IP to start at IPL time Configure the TCPIP service machine to be started when z/VM IPLs. This is commonly accomplished from the AUTOLOG1 PROFILE EXEC. If the noautolog parameter is not specified when z/VM is IPLed, then the AUTOLOG1 virtual machine is started. Because this virtual machine IPLs CMS, the PROFILE EXEC that is found on its A disk is run. This is analogous to the /etc/profile file on Linux and the autoexec.bat on DOS systems. 1. Logoff from MAINT. ==> log 2.
'CP 'CP 'CP 'CP XAUTOLOG XAUTOLOG XAUTOLOG XAUTOLOG VMSERVU' VMSERVR' DTCVSW1' DTCVSW2' After: /***************************/ /* Autolog1 Profile Exec */ /***************************/ 'cp xautolog tcpip' 'CP XAUTOLOG VMSERVS' 'CP XAUTOLOG VMSERVU' 'CP XAUTOLOG VMSERVR' 'CP XAUTOLOG DTCVSW1' 'CP XAUTOLOG DTCVSW2' 'cp logoff' /* start up TCPIP */ /* logoff when done */ 7. Save your changes with the FILE subcommand: ====> file 8.
ENTER READ PASSWORD: read DMSVML2060I MAINT 191 linked as 0120 file mode Z 2. Copy the PROFILE XEDIT to your A disk: ==> copy profile xedit z = = a Now, XEDIT sessions on TCPMAINT will have the same configuration as on MAINT. 4.5.3 Configuring the FTP server Turn on the FTP server by editing the renamed configuration file: 1. Add an AUTOLOG statement near the top of the file with FTPSERVE as the only entry. 2.
4.5.4 Shutting down and reIPLing the system You may want to be able to shut down and reIPL z/VM without having to access the HMC. Often, the HMC will be logged off and thus the Integrated 3270 console (SYSG) will not be available. Because of these factors, it is useful to use the System Console (SYSC, which has a title of Operating System Messages on the HMC) in order to shut down z/VM and reIPL it without needing to use the console.
If you do not have sufficient DASD, this number can be reduced. Having adequate paging space will give you plenty of headroom to add more Linux virtual machines. A rule of thumb for the amount of paging space is to have twice as much as the total of all memory for all running Linux user IDs combined. 4.6.1 Formatting the paging volumes Before adding paging volumes to the system, the DASD volumes to be used for minidisk space (PERM) and paging space (PAGE) must be formatted.
ftp> put CPFORMAT.EXEC ... ftp> quit Using the CPFORMAT EXEC Log back into MAINT. You should now have access to the CPFORMAT EXEC. You can get brief help on CPFORMAT by using a parameter of ?: ==> cpformat ? Synopsis: Format one or a range of DASD as page, perm, spool or temp disk space The label written to each DASD is M where: is type - P (page), M (perm), S (spool) or T (Temp disk) is the 4 digit address Syntax is: .-PAGE-. >>--CPFORMAT--.-rdev--------------.
MAINT TargetID MAINT TargetID MAINT D951 Tdev DA50 Tdev DB50 MAINT OwnerID MAINT OwnerID MAINT D951 Odev DA50 Odev DB50 3390 Dtype 3390 Dtype 3390 NWD951 Vol-ID NWDA50 Vol-ID NWDB50 D951 Rdev DA50 Rdev DB50 0 StartLoc 0 StartLoc 0 3339 Size 3339 Size 3339 WARNING - this will destroy data! ARE YOU SURE you want to format the DASD as PAGE space (y/n)? y ... ICK00002I ICKDSF PROCESSING COMPLETE.
4. Attach the eight volumes that will be used for the controller, the common CMS disk, and the golden image.
4.6.3 Updating the SYSTEM CONFIG file Now that the PAGE and PERM volumes are ready for use, they must be added to the SYSTEM CONFIG file so that z/VM can use them. Follow these steps to update the SYSTEM CONFIG file: 1. Logon to MAINT. 2.
User_Volume_Include MM* /* User_Volume_List USRP01 /* User_Volume_List USRP02 ... ====> file */ */ 6. Save your changes with the FILE subcommand. Verify the integrity of the changes with the CPSYNTAX command: ==> acc 193 g ==> cpsyntax system config f CONFIGURATION FILE PROCESSING COMPLETE -- NO ERRORS ENCOUNTERED. 7. After you confirm that there are no syntax errors, put the MAINT CF1 disk back online.
SUMMARY USABLE ------ -----3521K 12 3521K 12 ---1% 1% The output shows there are six paging volumes constituting 3521 KB pages, or about 14 GB of page space (there are 4 KB per page). 4.7 Creating a user ID for common files Now it is time to define your first z/VM user ID, LNXMAINT. It will be used to store files that will be shared by Linux user IDs. Before starting, make a copy of the original USER DIRECT file: ==> copy user direct c = direorig = (oldd 4.7.
The minidisks with the END option specified in this directory will not be includ ed in the following DISKMAP file. File USER DISKMAP A has been created. 3. The file created, USER DISKMAP, contains a mapping of all minidisk volumes defined in the USER DIRECT file. It will list any overlaps or gaps found on the volumes. Edit the file and turn off the prefix area with the XEDIT PREFIX OFF subcommand to view 80 columns: ==> x user diskmap ====> prefix off 4.
7. Save your changes and run DISKMAP again. Edit the USER DISKMAP file. This time you should see just two gaps for volumes with labels $$$$$$ and $$$LNX. If you search for $ALLOC$ user ID, you should see the disk map of the volume you added for LNXMAINT: ==> diskmap user ==> x user diskmap ====> prefix off ====> /$ALLOC MMD857 $ALLOC$ LNXMAINT LNXMAINT ... A04 0191 0192 3390 3390 3390 00000 00001 00021 00000 00020 00320 00001 00020 00300 8.
3. Format the larger 192 disk as the D minidisk, which should take a minute or two: ==> format 192 d DMSFOR603R FORMAT will erase all files on disk D(192). Do you wish to continue? Enter 1 (YES) or 0 (NO). 1 DMSFOR605R Enter disk label: lxm192 DMSFOR733I Formatting disk D DMSFOR732I 300 cylinders formatted on D(192) At this point, you have formatted the two minidisks and accessed them as file modes A and D.
3. By default, CMS tries to access the 191 disk as A and the 192 disk as D. Also, you should have the TCPMAINT 592 disk accessed as E.
CHPW540 CPFORMAT LABEL540 LABEL540 LBL540-9 LBL540-9 PROFILE SAMPLE SLES10S2 SWAPGEN XEDIT EXEC EXEC XEDIT EXEC XEDIT EXEC PARM-S10 EXEC EXEC D1 D1 D1 D1 D1 D1 D1 D1 D1 D1 V V V V V V V V V V 77 79 77 77 77 77 63 80 69 72 194 252 116 50 105 49 17 9 9 358 3 3 2 1 2 1 1 1 1 5 7/01/08 7/01/08 7/01/08 7/01/08 7/01/08 7/01/08 7/01/08 7/01/08 7/01/08 7/01/08 4:30:39 4:30:39 4:30:39 4:30:39 4:30:39 4:30:39 4:30:39 4:30:39 4:30:39 4:30:39 4.
'CP 'CP 'cp 'cp 'cp 'cp 'cp 'cp XAUTOLOG DTCVSW1' XAUTOLOG DTCVSW2' set pf12 ret' /* set the retrieve key */ set mdc stor 0m 128m' /* Limit minidisk cache in CSTOR */ set mdc xstore 0m 0m' /* Disable minidisk cache in XSTOR */ set srm storbuf 300% 250% 200%' /* Overcommit memory */ set signal shutdown 300' /* Allow guests 5 min to shut down */ logoff' /* logoff when done */ Save your changes with the FILE subcommand. Important: The set mdc and set srm lines are z/VM tuning values.
4.9.1 VM security products You might want to use a z/VM security product such as IBM RACF® or CA VM:Secure. They allow you to address more security issues such as password aging and the auditing of user access attempts. 4.9.2 High level z/VM security The paper z/VM Security and Integrity discusses the isolation and integrity of virtual servers under z/VM. It is available on the Web at: http://www-1.ibm.com/servers/eserver/zseries/library/techpapers/pdf/gm130145.
DMSXDC546E Target not found ====> quit The Target not found message shows that the string lnx4vm is not used in the USER DIRECT file, so it is a useful candidate for a password. 4. Edit the USER DIRECT file with a parameter of (profile chpw540) followed by the new password. Rather than invoking the default profile of PROFILE XEDIT, this command will invoke the XEDIT macro named CHPW540 XEDIT and pass it the new password.
To learn how to back up these volumes to tape, refer to Step 11, Store a backup copy of the z/VM system on tape, which you can find in Chapter 8 “Load the system image” in z/VM Guide for Automated Installation and Service, GC204-6099. 4.11 Relabeling the system volumes Relabeling the system volumes is optional, but recommended. There are times when you will want to change the volume labels of the five z/VM system volumes (or three, if you installed onto 3390-3s).
4.11.1 Modifying labels in the SYSTEM CONFIG file An HMC 3270 session is needed because z/VM will have to be restarted with a FORCE option. 1. Start an Integrated 3270 Console session on the HMC from the CPC Recovery (or just Recovery) menu. 2. If you have not already done so, logon to MAINT and link and access the LNXMAINT 192 disk to pick up the LABEL540 EXEC and XEDIT macro: ==> vmlink lnxmaint 192 DMSVML2060I LNXMAINT 192 linked as 0120 file mode Z 3.
DMSXCG517I 1 occurrence(s) changed on 1 line(s) DMSXCG517I 1 occurrence(s) changed on 1 line(s) For 3390-9s: If z/VM is installed onto 3390-9s, there is a macro named LBL540-9 XEDIT that takes only three parameters.
4.11.2 Modifying labels in the USER DIRECT file In this section you will modify the system volume labels in the USER DIRECT file. 1. Modify the USER DIRECT file again using the LABEL540 XEDIT macro.
For 3390-9s: The LBL540-9 EXEC should be used for systems installed onto 3390-9s. For example, if the system volumes are 9300-9302, the command to relabel the system volumes would be as follows: ==> lbl540-9 <9300 The volumes are: DASD 9300 CP OWNED DASD 9301 CP OWNED DASD 9302 CP OWNED 9301 9302> 540RES 540SPL 540PAG 142 2 0 The system volume labels will become: MV9300 MV9301 MV9302 ARE YOU SURE you want to relabel the DASD (y/n)? y ... 2.
8. Go back to the Integrated 3270 console. After a few minutes, the Standalone Program Loader window should appear. Use the Tab key to traverse to the section IPL Parameters and enter the value cons=sysg. 9. Press the F10 key to continue the IPL of your z/VM system. This should take 1 to 3 minutes. 10.At the Start prompt you have to specify a FORCE start, again because the spool volume label has changed: ==> force drain 11.Do not change the time-of-day clock: ==> no 12.
Perform this step only if you successfully completed 4.10, “Backing up your z/VM system to tape” on page 62, and 4.11, “Relabeling the system volumes” on page 63. If you have done both, then the system on tape has volume labels of 540xxx and the system on DASD has volume labels MVyyyy. You can restore this system to five other 3390-3s, as explained in Appendix E, “Restore the z/VM system backup copy from tape” in z/VM Guide for Automated Installation and Service, GC204-6099. Chapter 4.
70 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
5 Chapter 5. Servicing z/VM This chapter describes how to apply: A Programming Temporary Fix (PTF) A Recommended Service Upgrade (RSU) from “envelope files” Both processes are basically the same. Note that this chapter is based on z/VM 5.2, and not on 5.4, due to the timing of the writing of this book. However, the process has not changed significantly, so it should be just as useful. Keep in mind, however, that your output messages and so on will be slightly different.
5.1 Applying a PTF You may determine that you need to apply a specific fix or PTF to your system. For example, an Authorized Program Analysis Report (APAR), VM63895, was opened to address the problems reported with virtual NIC support. There are three known symptoms addressed by this APAR: Linux guests may lose connectivity after shutdown -r now (or any device reset). Using an External Security Manager (ESM) to authorize a VLAN list may lead to an FRF002 abend.
_ _ _ s _ SEGBLD SERVP2P UCENG ZVM 4OSASF40 PPF PPF PPF PPF PPF D2 D1 D2 D2 D1 3. Because the description of the PTF cites a component name of “VM CP”, select CP on the Component Name window. 4. Select PTFs/APARs on the VMFINFO Main window. 5. Type in the PTF number UM31613 in the PTF number field, then select Status of PTF on the PTF/APAR Queries window: PTF/APAR Queries Enter a PTF or APAR number and type an option code. Then press Enter. PPF fileid ...... ZVM PPF D Component name .. CP Setup ...
1. Click Support and Downloads at the top menu. 2. Click Downloads and Drivers on the left frame. 3. Under Category, select zSeries (mainframe) 4. Under Operating Systems, select z/VM and click Software Only. This should take you to a page entitled Support for VM. 5. Click on Download selective fixes by PTF. You may be prompted for your IBM ID and password. 6. In the text box Enter PTF numbers below [e.g: U412345, U467890], enter UM31613. All other defaults should be correct. Click Continue. 7.
150 Opening BINARY mode data connection for vlst1585.bin (7168 bytes). 7168 bytes transferred in 0.231 seconds. Transfer rate 31.03 Kbytes/sec. ftp> get vptf1585.bin ... 551936 bytes transferred in 22.272 seconds. Transfer rate 24.78 Kbytes/sec. ftp> quit 4. Use the BROWSE command to view the first text file and verify that the correct number of bytes were downloaded for each file. Press the F3 key to quit.
3. The SERVICE command will write to the current A disk. Again access minidisk 500 as A: ==> acc 500 a DMSACC724I 500 replaces A (191) 4. Use the SERVICE ALL command, specifying the envelope files you downloaded. Many, many windows of output will scroll by and the windows will automatically be cleared. Important messages will be saved to the A (500) disk. This process may take many minutes. Following is an example: ==> service all vptf1585 ...
USER DSC LOGOFF AS BLDCMS USERS = 7 FORCED BY MAINT VMFP2P2760I PUT2PROD processing completed successfully for SAVECMS VMFP2P2760I PUT2PROD processing completed successfully Your PTF should now be “put into production”. You may or may not have to reIPL the system, depending on the nature of the PTF applied. It is safest to reIPL using the SHUTDOWN REIPL command to completely test the changes: ==> shutdown reipl iplparms cons=sysc SYSTEM SHUTDOWN STARTED ...
Point a Web browser to: https://techsupport.services.ibm.com/server/login 1. If you have an IBM user ID and password, use that. If you do not, you can fill out the form to create an IBM ID and password. You should then be at the following Web site: https://www.ibm.com/account/profile/us 2. Click Support and Downloads at the top menu. 3. In the Choose support type field, choose System z. 4. On the Support for mainframes page, choose z/VM in the Hardware or operating system field. 5.
4. Use the FTP client to obtain the RSU envelopes from the Internet. The envelope files can be large, so this may take some time. We recommend that you rename the file type from BIN to SERVLINK using FTP, because this is the file type that the SERVICE command expects. As you are downloading the files, note the file sizes. Following is an example. ==> ftp ptf.boulder.ibm.com ftp> ftp> ftp> cd ftp> ascii ftp> get ftp7166.txt ftp> binary f 1024 ftp> get rlst7166.
5.2.3 Receiving, applying, and building the service You must receive, apply, and build the service. Then it can be put into production. In the past, this was a cumbersome procedure.
5. Invoke the VMFVIEW SERVICE command to review the results of the previous SERVICE command. Following is an example: ==> vmfview service ************************************************************************ **** SERVICE USERID: MAINT **** ************************************************************************ **** Date: 11/10/05 Time: 11:43:15 **** ************************************************************************ CK:VMFSUI2104I PTF UM30896 contains user information.
To invoke the new CP load module, use the SHUTDOWN REIPL command. When your system comes back up, it should be at the new CP service level; in this example, 0702: ==> shutdown reipl iplparms cons=sysc ... ==> q cplevel z/VM Version 5 Release 3.0, service level 0702 (64-bit) Generated at 05/29/07 18:39:52 EST IPL at 11/12/07 14:53:28 EST This shows that the new CP load module is now being used. 5.3 Determining the z/VM service level Often you will want to be able to query more than just the service level.
This shows information about the TCPIP MODULE. Use the TCPSLVL command and the complete file specification (TCPIP MODULE E, in this example) to get more information. Of particular interest is the latest APAR applied to TCTOOSD: ==> tcpslvl tcpip module e SLVL TCPIP PQ22678 ... SLVL TCTOOSD PK00905 ... Summary At this point, you have completed installing, configuring, and servicing z/VM. A valuable attribute of z/VM is that it normally runs with little maintenance required.
84 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
6 Chapter 6. Configuring a Network File System server for RHEL 5.2 A common method of installing Linux on z/VM is over the network from another server using the Network File System (NFS). To accomplish this, we recommend using a PC Linux system. This server supplies both the RHEL 5.2 distribution and the files associated with this book. The server must have at least 4 GB of free disk space. It can be a Linux PC, but it can also be a UNIX machine (Sun™ Solaris™, Hewlett Packard HP-UX, IBM AIX® or other).
6.1 Installing Linux on the PC If you do not have a Linux PC, then you must obtain access to one in the network and install Linux onto it. Describing that process is beyond the scope of this book. However, installing the same distribution onto a PC server that you plan to install on System z is recommended.
6.3.1 Copying from physical DVD RHEL 5.2 is distributed on physical CDs or files that are ISO images of CDs. RHEL 5.2 is also distributed on a single physical DVD disc or a single ISO image. It is easier to work with a single DVD ISO image than to work with multiple CD ISO images, so this approach is recommended. If you have a physical DVD, but not an ISO image, we recommend that you create an ISO image.
6.3.3 Copying the DVD contents Copy the contents of the ISO image to the file system. Temporarily mount it over a new directory tmp/ using a loopback device: # cd /nfs # mkdir tmp # mount -o loop rhel-5-server-s390x-dvd.iso tmp List the contents of the mounted ISO image: # ls tmp EULA eula.en_US generic.ins ... README-pa.html README-pt_BR.html README-ru.html RELEASE-NOTES-ml.html RELEASE-NOTES-mr.html RELEASE-NOTES-or.html Make a new directory, /nfs/rhel5.
make the files associated with this book available. First make a backup copy of the file. Then edit the original copy and add the two directories as follows: # cd /etc # cp exports exports.orig # vi exports // add two lines /nfs/rhel5.2 *(ro,sync) /nfs/virt-cookbook-RH5.2 *(ro,sync) The *(ro,sync) parameter specifies that any client with access to this server can get the NFS mount read-only. You may want to be more restrictive than allowing any client (using the *) for security reasons.
90 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
7 Chapter 7. Installing RHEL 5.2 on the controller Note: Before proceeding with this chapter, you must complete the tasks described in Chapter 4, “Installing and configuring z/VM” on page 27, Chapter 5, “Servicing z/VM” on page 71, and Chapter 6, “Configuring a Network File System server for RHEL 5.2” on page 85. At this point, you must have created a new z/VM user ID, LNXMAINT. Now it is time to create the first Linux user ID, LNXINST.
7.1 Installing the controller In this section you will install the RHEL 5.2 controller under the user LNXINST. This is the guest that will serve as the installation and file server for future Linux guests. 7.1.1 Creating the user ID LNXINST In this section you will define the LNXINST user ID to z/VM. 1. Logon to MAINT and edit the USER DIRECT file: ==> x user direct c In the USER DIRECT file, you can group statements that will be common to many user definitions in a construct called a profile.
5 This provides read access to the LNXMAINT 192 disk as the user’s 191 disk. 6 This provides read access to the TCPMAINT 592 disk, so that the user has access to TCP/IP services such as FTP. 4. Go to the bottom of the file and add the definition for a new user ID named RHEL52. This user ID is given the class B privilege (aside from the typical class G) in order to run the FLASHCOPY command.
====> all /gap/|/overlap/ -------------------- 4 line(s) not displayed -------------------0 500 501 -------------------- 6 line(s) not displayed -------------------0 0 1 -------------------- 355 line(s) not displayed -------------------====> quit GAP GAP 7. When the disk layout is correct, run DIRECTXA to bring the changes online: ==> directxa user z/VM USER DIRECTORY CREATION PROGRAM - VERSION 5 RELEASE 3.
file, and an initial RAMdisk. The fourth file is a configuration file stored on a CMS disk that the parameter file points to. Think of these as the files that are on as a PC Linux boot CD (or floppy disk). Also, a small REXX EXEC is commonly used to clean out the reader, punch the three files, and IPL the reader. A sample RHEL52 parameter file, configuration file, and RHEL52 EXEC are supplied and should be on the LNXMAINT 192 disk. This is described in 7.1.1, “Creating the user ID LNXINST” on page 92.
RHEL52 EXEC SWAPGEN EXEC D1 V D1 V 69 72 9 358 1 7/15/08 5 7/15/08 9:43:52 9:43:52 5. Quit by pressing F3. 6. Verify that the file RHEL52 EXEC has the correct information. Note the kernel and RAMdisk have hardcoded file names (RHEL52), but the file name of the parameter file will be the user ID (userid() function) of the user running the EXEC: ==> type rhel52 exec d /* EXEC to punch RHEL 5.
After: ==> x lnxinst conf-rh5 DASD=100-10f,300-30f HOSTNAME= NETTYPE=qeth IPADDR=<9.12.5.30> SUBCHANNELS=0.0.0600,0.0.0601,0.0.0602 NETWORK=<9.12.5.255> NETMASK=<255.255.252.0> SEARCHDNS= BROADCAST=<9.12.4.255> GATEWAY=<9.12.4.1> DNS=<9.12.6.7> MTU=1500 PORTNAME=DONTCARE LAYER2=0 VSWITCH=1 Note: The RHEL 5.2 installer supports OSA/NIC in layer 2 (Ethernet) mode. In the preceding example, we are connecting to a layer 3 VSWITCH, so we set the parameter LAYER2=0.
NICDEF statement in the USER DIRECT file), and that two VDISKs have been created at virtual addresses 300 and 301 (using the SWAPGEN EXEC called from the PROFILE EXEC): LOGON LNXINST 00: NIC 0600 is created; devices 0600-0602 defined 00: z/VM Version 5 Release 3.0, Service Level 0702 (64-bit), 00: built on IBM Virtualization Technology 00: There is no logmsg data 00: FILES: NO RDR, NO PRT, NO PUN 00: LOGON AT 11:10:42 EST WEDNESDAY 12/12/07 z/VM V5.3.
DMSACP723I A (191) R/O DMSACP723I C (592) R/O DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space) DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space) Do you want to IPL Linux from minidisk 100? y/n n 7. Verify that you have a 512 MB virtual machine: ==> q v stor 00: STORAGE = 512M This change is for the duration of the user ID session. When you log off and log back on this user ID, the storage will revert to 256 MB.
Important: If the DASD you are using has never been formatted for Linux, you may get many windows of warning messages similar to the following on your 3270 session: dasd(eckd): dasd(eckd): dasd(eckd): dasd(eckd): I/O status report for device 0.0.0100: in req: 000000000e027ee8 CS: 0x40 DS: 0x0E device 0.0.0100: Failing CCW: 000000000e027fd0 Sense(hex) 0- 7: 00 08 00 00 04 ff ff 00 This is not a problem, you simply have to clear the window many times or else the install process will freeze.
Figure 7-2 NFS setup window 6. Now the curses windows should end and the install program (anaconda) should start a VNC server. You should see messages similar to the following: Welcome to the anaconda install environment 1.1 for zSeries Running anaconda, the Red Hat Enterprise Linux Server system installer - please wait... Starting VNC... The VNC server is now running. Please connect to 9.12.5.30:1 to begin the install... Starting graphical installation...
Figure 7-4 Enter installation number 3. Because the disks were just formatted by CPFMTXA (using the CPFORMAT EXEC wrapper), you will be prompted to format each of them. Click Yes to format dasda through dasde (minidisks 100-104) as shown in Figure 7-5 on page 103. A progress indicator will be shown. You will be asked to format disks 300 and 301 because they are the VDISK swap spaces, even though they do not appear in the installer. The VDISK swap spaces will be configured after installation. 4.
Figure 7-5 Formatting DASD for Linux use 5. The installer now searches for a previous installation. If this is the first installation, nothing will be found. If a previous installation is found, the installer prompts you whether to Upgrade or Install. Choose Install here. 6. At the disk partitioning setup window, choose Create Custom Layout as shown in Figure 7-6 on page 104. Click Next to proceed to the Disk Setup window. Chapter 7. Installing RHEL 5.
Figure 7-6 Choosing custom disk partitioning 7. Disks dasda through dasde should show free space. Click the New button to add a /boot file system to the 100 disk. Enter /boot in the field Mount Point, choose to format the file system as ext3, and deselect all drives except dasda, as shown in Figure 7-7. Leave the default size of 100 in the Size (MB) field and click OK. Figure 7-7 Adding the /boot file system 104 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
8. Click the New button again, again deselecting all drives except dasda. Under Mount Point, select / (forward slash) to specify the root partition. Choose Fill to maximum allowable size and click OK. 9. Create the LVM by clicking the New button again. Under File System Type, choose physical volume (LVM). Deselect all drives except dasdb as Figure 7-8 shows. Under Additional Size Options, select Fill to maximum allowable size and click OK. Figure 7-8 Adding the LVM partitions 10.
Figure 7-9 Configuring the /nfs logical volume 13.Enter install_lv for the Logical Volume Name and /nfs for the Mount Point. Accept the maximum size, then click OK. 14.Click OK again. 15.Click Next. You will see a warning about missing swap a partition. You can safely ignore this because there will be VDISK swap defined later. Click Yes. 106 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
16.At the Network Configuration window, network settings have been automatically taken from the LNXINST CONF-RH5 file, as shown in Figure 7-10. Click Next. Figure 7-10 Configuring the network device 17.At the Time Zone Selection window, highlight the nearest city in your time zone. Deselect System clock uses UTC and click Next. 18.Set the root password, then click Next. 19.At the package selection window, deselect all package groups, select Customize Now and click Next.
20.Remove the majority of the package groups as follows: a. Under Desktop Environments, deselect Gnome so nothing is selected b. Under Applications, deselect all package groups c. Under Development, nothing should be selected d. Under Servers, deselect Printing Support so nothing is selected e. Under Base System, leave Base and X Window System selected and deselect everything else, as shown in Figure 7-12. f. Under Languages, select a package group if you need specific language support. g.
7.2 Configuring the controller Now that your controller is installed, it must be configured. The following steps are involved: Copying files to the controller Retiring the PC NFS server Configuring VDISK swap Configuring yum Adding additional RPMs Turning off unneeded services Configuring the VNC server Setting the system to halt on SIGNAL SHUTDOWN Turning on the NFS server Configuring SSH keys Inserting the vmcp module Rebooting the system Verifying the changes 7.2.
7.2.2 Retiring the PC NFS server You have now copied all files related to this book to the controller. You should be in a position to retire your PC NFS server, if appropriate. The remainder of the book uses files located on the controller instead of the files on the PC NFS server. 7.2.3 Configuring VDISK swap Recall that you were warned during the installation that you were not using any swap spaces.
Import the RPM key: # cd /nfs/rhel5.2 # rpm --import RPM-GPG-KEY-redhat-release Note: Red Hat signs each RPM with a private GPG key, which is compared to your public key each time a package is installed. This method ensures that the RPM is a genuine, unaltered package.
Important: If you get an error of the following form, it means that there is a problem: Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for openmotif to pack into transaction set. media://1169877309.407096%233/openmotif-2.3.0-0.3.el5.s390x.rpm: [Errno 4] IOError: Trying other mirror. Error: failed to retrieve openmotif-2.3.0-0.3.el5.s390x.rpm from RHEL5.
Turn off the following services using the chkconfig command: # # # # # # # # # # # # # chkconfig chkconfig chkconfig chkconfig chkconfig chkconfig chkconfig chkconfig chkconfig chkconfig chkconfig chkconfig chkconfig cups off iptables off ip6tables off auditd off haldaemon off atd off kudzu off mdmonitor off rpcgssd off rpcidmapd off anacron off mcstrans off yum-updatesd off Note: Only disable the iptables service if you are on a trusted network.
Set a VNC password using the vncpasswd command. This password will be needed to connect to the VNC server: # vncpasswd Password: Verify: First stop the firewall: # service iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK Unloading iptables modules: [ OK ] ] Start the VNC server. This will create some initial configuration files under the /root/.
Figure 7-13 VNC client session to the VNC server Note that the VNC server will not be started automatically across reboots. When you need a graphical environment, you can either start the vncserver process manually (which is recommended), or you can use chkconfig to enable automatic startup. 7.2.8 Setting the system to halt on SIGNAL SHUTDOWN By default, RHEL 5.2 reboots when a Ctrl-Alt-Del key sequence is trapped. This key sequence is simulated by z/VM when it issues a SIGNAL SHUTDOWN command.
Set the NFS server to start at boot time and for this session. # chkconfig nfs on # service nfs start Starting NFS services: Starting NFS quotas: [ Starting NFS daemon: [ Starting NFS mountd: [ [ OK ] OK ] OK ] OK ] You could test mounting the directories locally if you choose to. 7.2.10 Configuring SSH keys SSH sessions are typically authenticated using passwords typed in from the keyboard.
... touch /var/lock/subsys/local modprobe vmcp The vmcp command will now be available after the next reboot. 7.2.12 Rebooting the system Reboot the system to test the changes: # reboot After your system comes back in a couple of minutes, start a new SSH session to the controller. 7.2.13 Verifying the changes You are now finished customizing the Linux controller. SSH back into the controller and check a few settings.
118 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
8 Chapter 8. Installing and configuring RHEL 5.2 Note: Before proceeding with this chapter, you must complete the tasks described in Chapter 4, “Installing and configuring z/VM” on page 27, Chapter 5, “Servicing z/VM” on page 71, and Chapter 6, “Configuring a Network File System server for RHEL 5.2” on page 85. In this chapter, you will install the copy of Linux which will be cloned. This is referred to as the golden image.
8.1 Installing the golden image In this section you will install the RHEL 5.2 golden image onto the user ID RHEL52. 8.1.1 Creating the user ID RHEL52 In this section you will define the RHEL52 user ID to z/VM. 1. Logon to MAINT and edit the USER DIRECT file: ==> x user direct c 2. Go to the bottom of the file and add the definition for a new user ID named RHEL52. This user ID is given class G privilege only.
====> all /gap/|/overlap/ -------------------- 4 line(s) not displayed -------------------0 500 501 -------------------- 322 line(s) not displayed -------------------====> quit GAP 5. When the disk layout is correct, run DIRECTXA to bring the changes online: ==> directxa user z/VM USER DIRECTORY CREATION PROGRAM - VERSION 5 RELEASE 3.0 EOJ DIRECTORY UPDATED AND ON LINE You have now defined the user ID that will be the master Linux image. 8.1.
8.1.3 Preparing RHEL52 bootstrap files Now that the RHEL52 user is defined, you must create the PARM and CONF configuration files used by the RHEL 5.2 installer. To save time, copy the LNXINST PARM-RH5 and LNXINST CONF-RH5 files, then make the necessary changes. 1. Now in your 3270 session, logoff from MAINT and logon to LNXMAINT. 2. The files LNXINST PARM-RH5, LNXINST CONF-RH5, and RHEL52 EXEC should exist on the LNXMAINT 192 (D) disk as they were copied in 4.7.
8.1.4 Installing RHEL 5.2 to the golden image Install Linux again as described in 7.1.4, “Beginning the Linux installation” on page 97. However, because the controller is now up and running, install RHEL 5.2 using the installation tree exported using NFS from the controller. You follow the same steps as when installing Linux to the controller, except that you will create a different disk layout. If necessary, review 7.1.6, “Stage 2 of the RHEL 5.
1. Select Choose custom layout. from the dropdown menu, then click Next. 2. Create the /boot file system on dasda with the default size of 100 MB. Use the remaining disk space on dasda to create an LVM. Then, use all of disk space on dasdb as an LVM physical volume. 3. Click the LVM button, and create the logical volumes as specified in Table 8-2 on page 123. The LVM setup should look similar to Figure 8-2. Figure 8-2 Disk partitioning window 4.
/dev/mapper/system_vg-root_lv on / type ext3 (rw) /dev/mapper/system_vg-usr_lv on /usr type ext3 (rw) /dev/mapper/system_vg-opt_lv on /opt type ext3 (rw) /dev/mapper/system_vg-tmp_lv on /tmp type ext3 (rw) /dev/mapper/system_vg-var_lv on /var type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) # df -h Filesystem Size Used /dev/dasda1 97M 12M /dev/mapper/system_vg-root_lv 496M 228M /dev/mapper/system_vg
Make a backup copy of the file /etc/auto.master, then add the following line at the bottom: # cd /etc # cp auto.master auto.master.orig # vi /etc/auto.master // add one line at the bottom ... # +auto.master /nfs /etc/auto.controller The new line specifies that the file system mounted beneath the directory /nfs/ will be configured in the file /etc/auto.controller. Now create the file /etc/auto.controller, and add one line which points to the RHEL 5.
8.2.4 Adding additional RPMs We recommend that you install the same packages as you did on the controller; refer to 7.2.5, “Adding additional RPMs” on page 111. Use the yum -y install command to install the openmotif and xinetd packages from the remote RPM repository: # yum -y install openmotif xinetd 8.2.5 Turning off unneeded services As with the golden image, follow the steps in 7.2.6, “Turning off unneeded services” on page 112.
Copy the public key to the name authorized_keys using the secure copy command scp: # scp virtc530.itso.ibm.com:/etc/ssh/id_dsa.pub /root/.ssh/authorized_keys This allows the controller to initiate an encrypted SSH connection to the Linux server without the need to type the root password. 8.2.9 Rebooting the system Now reboot to test your changes: # reboot Broadcast message from root (pts/0) (Sun Nov 19 08:57:32 2006): The system is going down for reboot NOW! 8.2.
9 Chapter 9. Configuring RHEL 5.2 for cloning At this point you have completed the install of LNXINST, the Linux controller, and RHEL52, the golden image. The controller must be up and running. In this chapter, you perform the following steps: Formatting DASD for minidisks Cloning a virtual server manually Cloning one new virtual server Cloning three more virtual servers Reviewing system status © Copyright IBM Corp. 2008. All rights reserved.
9.1 Formatting DASD for minidisks In 4.6.2, “Formatting DASD for minidisks” on page 50, DASD was formatted to become minidisks for the controller and the golden image. The CPFMTXA command can be used to format one DASD at a time, but the CPFORMAT EXEC is a wrapper around CPFMTXA that allows the formatting of multiple DASD.
MAINT DA57 MAINT DA57 3390 MMDA57 DA57 0 3339 Detach the seven volumes from MAINT using the DETACH command: ==> det DA51-DA57 DETACHED Attach the newly formatted DASD to SYSTEM so they can be used for minidisks: ==> att system DASD DA51 ATTACHED TO SYSTEM DASD DA52 ATTACHED TO SYSTEM DASD DA53 ATTACHED TO SYSTEM DASD DA54 ATTACHED TO SYSTEM DASD DA55 ATTACHED TO SYSTEM DASD DA56 ATTACHED TO SYSTEM DASD DA57 ATTACHED TO SYSTEM MMDA51 MMDA52 MMDA53 MMDA54 MMDA55 MMDA56 MMDA57 T
4. Again check for gaps and overlaps. You can use the ALL subcommand with the logical OR operator (|) to check for both strings. You should see only one 501 cylinder gap. ==> diskmap user ==> x user diskmap ====> all /gap/|/overlap/ -------------------- 4 line(s) not displayed -------------------0 500 501 -------------------- 368 line(s) not displayed -------------------====> quit GAP 5.
9.2 Cloning a virtual server manually Before using the clone script to clone a server, it is recommended that you clone a server manually to better understand the process. There are many ways to clone Linux under z/VM. The steps in this section are just one way to do it. The following assumptions are made based on what you have done so far: The source user ID, RHEL52 in this example, has a root file system on LVM located on minidisks 100-101.
Attention: If you do not have FLASHCOPY support, you can use the Linux dasdfmt and dd commands. You must first enable the 1100-1101 and 2100-2101 disks using the chccwdev -e command, then determine the newly created device nodes using the lsdasd command: # chccwdev -e 1100-1101,2100-2101 Setting device 0.0.1100 online Done Setting device 0.0.1101 online Done Setting device 0.0.2100 online Done Setting device 0.0.2101 online Done # lsdasd ... 0.0.1100(ECKD) at ( 94:128) is dasdag 2347 MB 0.0.
Done Setting device 0.0.2101 online Done Now run vgscan and vgchange to activate the newly cloned LVM: # vgscan Reading all physical volumes. This may take a while... Found volume group "system_vg" using metadata type lvm2 Found volume group "install_vg" using metadata type lvm2 # vgchange -a y system_vg 5 logical volume(s) in volume group "system_vg" now active Mount the newly copied root file system Run lvdisplay to show the new root logical volume: # lvdisplay --- Logical volume --LV Name VG Name ...
# IBM QETH DEVICE=eth0 BOOTPROTO=static IPADDR=9.12.5.31 SUBCHANNELS=0.0.0600,0.0.0601,0.0.0602 MTU=1500 NETMASK=255.255.252.0 NETTYPE=qeth ONBOOT=yes PORTNAME=DONTCARE SUBCHANNELS=0.0.0600,0.0.0601,0.0.0602 MTU=1500 ARP=no Detach the target disks Change to the default directory.
Linux version 2.6.18-92.el5 (brewbuilder@btest1.z900.redhat.com) (gcc version 4.1.2 20071124 (Red Hat 4.1.2-41)) #1 SMP Tue Apr 1 19:03:24 EDT 2008 We are running under VM (64 bit mode) ... Red Hat Enterprise Linux Server release 5.2 (Tikanga) Kernel 2.6.18-92.el5 on an s390x virtc531 login: Your new system should come up cleanly using the modified IP address and host name. Modify the SSH keys on the target system Start an SSH session to the new clone as root.
3. Copy and then edit the supplied sample configuration file to reflect the values of the new Linux system: # cp /etc/clone/rhel.conf.sample /etc/clone/linux01.conf # vi /etc/clone/linux01.conf 4. Edit the new configuration file with the appropriate values for your system. This file is based on the RHEL52 CONF file that you used earlier when building the RHEL 5.2 golden image; see 7.1.3, “Preparing LNXINST bootstrap files” on page 94.
00: 00: ... 00: 00: DASD 0100 3390 LXAE23 R/W DASD 0101 3390 LXAE24 R/W 3338 CYL ON DASD AE23 SUBCHANNEL = 0000 3338 CYL ON DASD AE24 SUBCHANNEL = 0001 DASD 0300 9336 (VDSK) R/W DASD 0301 9336 (VDSK) R/W 524288 BLK ON DASD VDSK SUBCHANNEL = 000E 1048576 BLK ON DASD VDSK SUBCHANNEL = 000F... 8. Log off LINUX01. You are now ready to clone to this new user ID. 9.3.2 Using the clone script Go back to your an SSH session to the controller.
Host name will be: linux01.example.com IP address will be: 10.1.40.91 Do you want to continue? (y/n): y The script makes sure the golden image user ID and the target user ID exist and are logged off. Then, it confirms the order of the cloning and displays information collected from the /etc/clone/linux01.conf file. Following this, it asks if you are sure you want to overwrite the disks on the target user ID. Next, the script links to the master clone minidisk and the target minidisk.
Successfully cloned RHEL52 to LINUX01 In the final section, the LINUX01 user ID is logged on using XAUTOLOG. Because the shared PROFILE EXEC detects that the user ID is in a disconnected mode, it carries out an IPL of Linux from minidisk 100. Note: If the clone script fails, you can check that: The configuration contains all of the correct information in /etc/clone/. No other users have links to the clone’s read-write disks. A block diagram of this process is displayed in Figure 9-1.
9.4.1 Defining three more user IDs Define three more user IDs for Linux virtual servers in the USER DIRECT file named LINUX02 LINUX04. You will need to use the DASD volumes you just formatted: two for each virtual server. You can repeat the definition of LINUX01 three times with the block copy ""3 prefix command. For example: ==> x ====> ...
====> pre off ====> all /gap/|/overlap/ -------------------- 4 line(s) not displayed -------------------0 500 501 -------------------- 368 line(s) not displayed -------------------====> quit GAP Bring the changes online with the DIRECTXA USER command: ==> directxa user z/VM USER DIRECTORY CREATION PROGRAM - VERSION 5 RELEASE 1.0 EOJ DIRECTORY UPDATED AND ON LINE You have now created three new user IDs that can be cloned to. 9.4.
'CP 'CP 'CP 'CP 'CP 'CP SET SET SET SET SET SET VSWITCH VSWITCH VSWITCH VSWITCH VSWITCH VSWITCH VSW1 VSW1 VSW1 VSW1 VSW1 VSW1 GRANT GRANT GRANT GRANT GRANT GRANT LNXINST' RHEL52' LINUX01' LINUX02' LINUX03' LINUX04' /* XAUTOLOG each Linux user that should be started */ 'CP XAUTOLOG LNXINST' 'CP XAUTOLOG LINUX01' 'CP XAUTOLOG LINUX02' 'CP XAUTOLOG LINUX03' 'CP XAUTOLOG LINUX04' ====> file It is easiest to grant access to the new user IDs for the current z/VM session with the SET VSWITCH command: ==> se
If you forgot to grant access to the VSWITCH you will see an error message. Verify that you have OSA devices at addresses 600-602: ==> q osa 00: OSA 0600 ON NIC 0600 UNIT 000 SUBCHANNEL = 0002 00: 0600 QDIO-ELIGIBLE QIOASSIST-ELIGIBLE ... Verify that you have two read/write devices at addresses 100-101 using the QUERY DASD command: ==> 00: 00: 00: 00: ...
MVD850 M VD851 M VD853 M V D 8 54 M VD852 M PD855 M PD950 M PD951 z/V M syste m (5 vo lu m es) M PDA50 M PDB50 z/V M p a g in g (5 m o re vo lum es) VMD857 L N X M A IN T 1 9 1 /1 9 2 : c o m m o n file s (3 2 0 cyl) R o le: z/V M sysad m in VM D857 VM D856 VM D955 VMD957 VM D957 VMDA51 VM DA52 VM DA53 VM D952 VM D954 VM D953 RHEL52 L IN U X 0 1 (2 v o lu m e s) (5 v o lu m e s ) R ole : Linu x sysa dm in (2 v o lu m e s) R o le : L in u x u sers VM DA54 ...
10 Chapter 10. Installing Linux with kickstart Kickstart is an automated way of installing RHEL 5.2. Using kickstart, you can create a single file that answers all of the questions usually asked during an interactive installation. In Chapter 9, “Configuring RHEL 5.2 for cloning” on page 129, you cloned to LINUX01 and created three new user IDs for virtual servers. In this chapter, you will kickstart a RHEL 5.2 system to LINUX02.
10.1 Configure the controller for kickstart In this section, you configure the controller to host the kickstart file, which you use to perform the automated installation of the Linux virtual server called LINUX02. This section assumes you have already set up the RHEL 5.2 install tree as described in 7.2, “Configuring the controller” on page 109. The installer generates a kickstart file at the end of every installation. It is based on the answers provided during the interactive install.
@base-x device-mapper-multipath -sysreport %post echo /dev/dasdq1 swap swap defaults 0 0 >> /etc/fstab echo /dev/dasdr1 swap swap defaults 0 0 >> /etc/fstab 13 14 The numbers in bold font on the command lines refer to the descriptions that follow. 1 The IP address of the installation server and the path to install the tree. 2 The IP address of the new Linux server. 3 The host name of the new Linux server. 4 Disable the firewall. This is only advisable if the server is not on an external network.
Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] # showmount -e Export list for virtc530.itso.ibm.com: /nfs/ks * /nfs/rhel5.2 * /nfs/virt-cookbook-RH5.2 * 10.2 Configure the LINUX02 user for kickstart Earlier you should have created the user ID LINUX02, and at this point you configure it for kickstart. LINUX02 must have its own parameter and configuration files, which are based on the RHEL52 user ID. LOGOFF from MAINT and logon to LNXMAINT.
00: STORAGE = 512M 00: Storage cleared - system reset. ==> ipl cms ... Do you want to IPL Linux from minidisk 100? y/n n Verify that you have a 512MB virtual machine: ==> q v stor 00: STORAGE = 512M This change is for the duration of the user ID session. When you logoff and log back on this user ID, the storage will revert to 256 MB. 3. Run rhel52 exec to initiate the kickstart. You see some initial kernel messages, followed by the file system format and Red Hat Package Manager (RPM) package installation.
152 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
11 Chapter 11. Servicing Linux with Red Hat Network This chapter describes Red Hat Network (RHN) and its ability to manage the virtual servers. Using the yum command, the virtual servers can be updated when Red Hat errata are released. You can also use yum to install new packages with automatic dependency resolution. RHN is accessed by the following link: http://rhn.redhat.
11.1 Registering your system with RHN This section assumes you have already obtained a valid entitlement for RHEL 5 on System z, or have completed the steps to obtain an evaluation copy. To receive a free 90-day evaluation, visit: http://www.redhat.com/rhel/details/eval Select the link named Red Hat Enterprise Linux AS for IBM eServer™ zSeries and IBM S/390® and create an account. Before using yum for the first time, you must import the Red Hat GPG key and register your Linux guest with RHN.
Updated: cpp.s390x 0:4.1.1-43.el5 Complete! Now query the cpp package and you should see that it has been updated. # rpm -q cpp cpp-4.1.1-43.el5 To update every installed package on the system, run: # yum upgrade For more information about the yum command see the yum(8) man page. 11.3 Managing your Linux guest through RHN You can also manage the packages on this Linux guest through the Web interface at: http://rhn.redhat.
Figure 11-2 RHN system details For more information about managing your systems through RHN, including usage guides and frequently asked questions, see: http://rhn.redhat.com/help 11.4 Updating a system without Internet access The yum command communicates with RHN using secure Web traffic. If your Linux guest is not connected to the Internet, or is behind a firewall that prevents access to RHN, you can still use all of the yum functionality. 11.4.
Next, create the file /etc/auto.controller and add the following line, substituting the IP address of your controller: # vi /etc/auto.controller rhel5.2 -ro,hard,intr <9.12.5.30>:/nfs/rhel5.2 Create the /nfs directory. Restart the autofs service to pick up the configuration changes, then list the contents of the automounted directory: # mkdir /nfs # service autofs restart Stopping automount: [ OK ] Starting automount: [ OK ] # ls /nfs/rhel5.2 EULA README-or.html eula.en_US README-pa.html ...
Next, back up the current repository and create a new one with the createrepo command: # cd /nfs/rhel5.2/Server # mv repodata repodata.orig # createrepo /nfs/rhel5.2/Server 96/2480 - system-config-network-1.3.97-1.el5.noarch.rpm ... It should take about five minutes to build the new repository data, depending on the number of RPMs. You now have a new repository based on the RPMs in /nfs/rhel5.2/Server. Repeat this procedure any time an RPM (or set of RPMs) change.
12 Chapter 12. Cloning open source virtual servers This chapter describes how to clone and customize the following Linux virtual servers: Creating a virtual Web server Creating a virtual LDAP server Creating a virtual file and print server Creating a virtual application development server Conceptual discussions and detailed explanations about these types of servers is beyond the scope of this book.
12.1 Creating a virtual Web server The example in this section uses the LINUX01 user ID to create a virtual Web server. You should have a vanilla virtual server cloned to the user ID LINUX01 as described in Chapter 9, “Configuring RHEL 5.2 for cloning” on page 129. 12.1.1 Installing Apache RPMs SSH into the IP address of the new LINUX01 server. Install the following Apache RPMs using the yum -y install command. The -y flag prevents the Is this OK? question from being presented.
httpd 0:off 1:off # chkconfig httpd on # chkconfig --list httpd httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off 2:on 3:on 4:on 5:on 6:off 12.1.2 Testing Apache Start the Apache Web server to verify that it is installed successfully: # service httpd start Starting httpd: [ OK ] To verify that Apache is installed correctly, after it has been started, bring up a Web browser and point it to the server.
Verify that the firewall is off using the chkconfig --list command. The service name is iptables: # chkconfig --list iptables iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off Turn on the firewall at boot time with the chkconfig command, and for this session with the service command: # chkconfig iptables on # service iptables start Applying iptables firewall rules: [ OK ] Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ] Go back to your browser and click refresh.
12.1.4 Configuring SSL for Apache Use the Secure Sockets Layer (SSL) to encrypt data between the client (browser) and the server. This is done by specifying an https prefix in the URL which uses port 443, rather than using the conventional http prefix which uses port 80. To use SSL, the mod_ssl package is required. You can demonstrate that SSL communications do not work by changing http to https in your browser: https://<9.12.5.31>/ Click reload in your browser; you should receive a communications error.
12.1.6 Apache resources The following Web sites contain additional information about Apache: http://www.samspublishing.com/articles/article.asp?p=30115&seqNum=4 http://www.sitepoint.com/article/securing-apache-2-server-ssl http://www.securityfocus.com/infocus/1786 12.2 Creating a virtual LDAP server The Lightweight Directory Access Protocol (LDAP) is commonly implemented using the OpenLDAP package, which comes standard with most Linux distributions.
============================================================================= Installing: openldap-clients s390x 2.3.27-4 RHEL5 189 k openldap-servers s390x 2.3.27-4 RHEL5 2.3 M Installing for dependencies: libtool-ltdl s390x 1.5.22-6.1 RHEL5 37 k Transaction Summary ============================================================================= Install 3 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 2.5 M Downloading Packages: Running Transaction Test warning: openldap-clients-2.3.
rootdn "cn=ldaproot,dc=itso,dc=ibm,dc=com" ... Set the rootpw line to a value of the encrypted password that was the output of the slappasswd command: ... # rootpw secret # rootpw {crypt}ijFYNcSNctBYg rootpw {SSHA}4FiGwLm+cy+I96TyiWMn4evNXSXa5aJ2 ... Save the slapd.conf file. Your LDAP server should now be minimally configured.
The PADL tools have a shared configuration file named migrate_common.ph. Make a backup copy of this file and modify it. There are two lines to be changed which set the domain name and suffix (or root) of LDAP tree. In this example, the suffix is itso.ibm.com: # cd /usr/share/openldap/migration # cp migrate_common.ph migrate_common.ph.orig # vi migrate_common.ph ... # Default DNS domain $DEFAULT_MAIL_DOMAIN = ""; # Default base $DEFAULT_BASE = ""; ...
Now it is time to populate the LDAP server. This can be done while the server is not running using the slapadd -l command. First stop the LDAP service, then add the data in the LDIF file: # service ldap stop Stopping slapd: [ OK ] # slapadd -l accounts.ldif bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) Expect poor performance for suffix dc=itso,dc=ibm,dc=com. The database is stored in the directory /var/lib/ldap/.
Delete the ldapuser1 from the file system with the userdel command, and delete root from LDAP using the ldapdelete command: # userdel ldapuser1 # ldapdelete -x -D cn=ldaproot,dc=itso,dc=ibm,dc=com -W \ uid=root,ou=People,dc=itso,dc=ibm,dc=com Enter LDAP Password: Now ldapuser1’s credentials are only in LDAP and the root password is only in the local file system. 12.2.5 Configuring an LDAP client You are now ready to configure a system to authenticate users using the new LDAP server.
On the next window, set the Server value to point to the LDAP server. In this example, it is ldap://9.12.5.32/. Set the Base DN to your suffix value. In this example it is dc=itso,dc=ibm,dc=com. Press OK. Your LDAP client should now be pointing to the LDAP server. Test it using the id ldapuser1 command: # id ldapuser1 uid=500(ldapuser1) gid=500(ldapuser1) groups=500(ldapuser1) context=root:system_r:unconfined_t:s0-s0:c0.c1023 Authentication should also allow LDAP.
objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 13515 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 501 gidNumber: 500 homeDirectory: /home/ldapuser2 You now have created a new LDIF file containing the entries for a new LDAP user with a unique UID. Now you can add the user to the LDAP database using the following ldapadd command: # ldapadd -x -D cn=ldaproot,dc=itso,dc=ibm,dc=com -W -f ldapuser.
12.3.1 Cloning a Linux virtual server From the controller, clone a basic virtual server. In this example, the user ID LINUX03 is used. # clone rhel52 linux03 100-101 Invoking CP command: QUERY rhel52 Invoking CP command: QUERY linux02 This will copy disks from rhel52 to linux02 Host name will be: virtc533.itso.ibm.com IP address will be: 9.12.5.33 Do you want to continue? (y/n): y ... Booting linux03 Successfully cloned rhel52 to linux03 Start an SSH session to the new virtual server. 12.3.
Confirm that the RPMs were added: # rpm -qa | grep samba samba-common-3.0.28-0.el5.8 samba-client-3.0.28-0.el5.8 samba-3.0.28-0.el5.8 samba-common-3.0.28-0.el5.8 12.3.3 Configuring the Samba configuration file The one configuration file for Samba is /etc/samba/smb.conf. It is easy to add an SMB share that will be made available by the Samba server. A good test directory is /usr/share/doc/ because it contains a significant amount of useful Linux documentation.
Retype new SMB password: startsmbfilepwent_internal: file /etc/samba/smbpasswd did not exist. File successfully created. account_policy_get: tdb_fetch_uint32 failed for field 1 (min passwd length), returning 0 ... Added user sambauser1.
You may have to click different user name if the user or password on the new Samba server is different from the Windows system you are connecting from. Then click Finish. If all the steps were correct, you should see the files in a new Explorer window as shown in the bottom right corner of Figure 12-2. Figure 12-2 Mapping a network drive to the Samba server You should now have Samba configured and running with one new share available.
12.4 Creating a virtual application development server Most Linux distributions come with a basic set of application development tools, making Linux one of the most versatile development systems. These basic tools are ideal for projects of any size. The development languages used in implementation range from scripting languages such as Python or Tcl, to compiled languages such as C/C++ and Java™.
C/C++ http://gcc.gnu.org/onlinedocs/gcc/ http://en.wikipedia.org/wiki/GNU_Compiler_Collection#External_links http://vertigo.hsrl.rutgers.edu/ug/make_help.htmsll http://www.gnu.org/software/make/manual/html_chapter/make_toc.html Java http://www-130.ibm.com/developerworks/java/ http://java.sun.com/ http://csdl.ics.hawaii.edu/~johnson/613f99/modules/04/jar-files.html http://java.sun.com/j2se/1.3/docs/tooldocs/solaris/jdb.html Linux kernel development http://www.kernel.
178 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
13 Chapter 13. Miscellaneous recipes This chapter has the following sections of miscellaneous tasks that you might want to perform: Adding a logical volume Extending an existing logical volume Centralizing home directories for LDAP users Rescuing a Linux system © Copyright IBM Corp. 2008. All rights reserved.
13.1 Adding a logical volume There are times when you require more disk space than a single direct access storage device (DASD) volume provides. For example, if you want to have a shared /home/ directory, you will want it to be of sufficient size. When this is the case, you can use the Logical Volume Manager (LVM) to combine multiple DASD volumes into one logical volume.
Adding module ext3 Adding module dasd_mod with options dasd=100-104 Adding module dasd_eckd_mod Adding module dasd_fba_mod # zipl Using config file '/etc/zipl.conf' Building bootmap in '/boot/' Building menu 'rh-automatic-menu' Adding #1: IPL section 'linux' (default) Preparing boot device: dasda (0100). Done. # shutdown -h now ... When your system comes back up, start an SSH session to it. Use the lsdasd command to verify that the new minidisks have been recognized: # lsdasd 0.0.0100(ECKD) 0.0.
13.1.4 Create the logical volume and file system The overall steps involved in creating a logical volume are: Create physical volumes from the two DASD. Create a single volume group. Create a single logical volume. Make a file system from the logical volume. Figure 13-1 shows a block diagram of the logical volume manager (LVM) reflecting this example.
--- NEW Physical volume --PV Name /dev/dasde1 VG Name PV Size 4.59 GB Allocatable NO PE Size (KByte) 0 Total PE 0 Free PE 0 Allocated PE 0 PV UUID y6lMf2-PkCk-w46g-lSkl-3M9d-7vUZ-rtvaJX Creating a single volume group The vgcreate command can be used to create a volume group named homevg from the two DASDs.
Segments Allocation Read ahead sectors Block device 2 inherit 0 253:0 Making a file system from the logical volume Now you have a logical volume. Use the mke2fs command to create a file system out of it. The -j flag adds a journal so it will be of type ext3: # mke2fs -j /dev/homevg/homelv mke2fs 1.36 (05-Feb-2005) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) 402400 inodes, 803840 blocks 40192 blocks (5.00%) reserved for the super user ...
In this example, there is only one subdirectory. You can move the contents from the root file system to the new logical volume a number of different ways. Following is one method: # cd /home # mkdir /tmp/home # mv * /tmp/home # cd .. # mount /home # cd /home # mv /tmp/home/* . # ls -F ldapuser1/ lost+found/ Even though you tested mounting the file system using reading the /etc/fstab file, you may want to test a reboot to verify that the logical volume is successfully mounted. 13.
0.0.0100(ECKD) 0.0.0101(FBA ) 0.0.0102(FBA ) 0.0.0103(ECKD) 0.0.0104(ECKD) 0.0.
# df -h | grep home /dev/mapper/homevg-homelv 12G 152M 11G 2% /home You have now added the new minidisk as free space to the existing logical volume. Test your changes by rebooting your system: # reboot ... 13.3 Centralizing home directories for LDAP users If you have completed 12.2, “Creating a virtual LDAP server” on page 164, you have a working LDAP authentication server that provides centralized login authentication. If you have completed 13.
# service nfs start Starting NFS services: Starting NFS quotas: [ Starting NFS daemon: [ Starting NFS mountd: [ [ OK OK ] OK ] OK ] ] Test mounting the newly exported file system locally: # mount localhost:/home /mnt # ls /mnt ldapuser1 lost+found You now have /home/ available for NFS mounting. 13.3.2 Configuring the golden image for LDAP and automount In this section you will shut down the controller and boot the golden image.
Under User Information, select Cache Information and Use LDAP. Under Authentication, select Use LDAP Authentication and Local authorization is sufficient. Press Enter when you have tabbed to the Next button. +-----------------¦ LDAP Settings +-----------------+ ¦ ¦ ¦ [ ] Use TLS ¦ ¦ Server: ldap://<9.12.5.
9.12.5.32:/home/ldapuser1 on /home/ldapuser1 type nfs (rw,addr=9.12.5.32) You have now configured the automounter to mount a remote LDAP user’s home directory at login. Shut down the golden image, and IPL the controller (200). Clone a new virtual server using the clone.sh script. Start an SSH session to the new virtual server and LDAP authentication, and the automounting of /home/ using NFS should work. 13.
To enter a rescue environment, initiate an interactive Linux installation. Perform the following steps to enter a rescue environment on the LINUX03 user ID: 1. Logon to LNXMAINT. Copy the RHEL5 EXEC file to a new file named RESCUE EXEC, and copy the user’s PARM-RH5 file to a new file (LINUX03 RESCUE, in this example): ==> copy rhel52 exec d rescue = = ==> copy linux03 parm-rh5 d = rescue = 2. Next, edit RESCUE EXEC to point to the new LINUX03 RESCUE file: ==> xedit RESCUE EXEC ...
be no device nodes under /dev). If you need to rewrite the master boot record (MBR), run zipl from the chroot shell. To exit the shell, type: exit. If the rescue image cannot find your partition, or if you chose Skip when prompted to search for the existing file systems, you can mount the file systems manually. First, bring the LVM logical volumes online with the following two commands: sh-3.2# lvm vgscan Reading all physical volumes. This may take a while...
14 Chapter 14. Monitoring z/VM and Linux This chapter briefly describes how to monitor z/VM and Linux. For more detailed information about z/VM performance and monitoring, see Chapter 11, “Monitoring performance and capacity”, in the Getting Started With Linux, SC24-6096, which is available on the Web at: http://publibz.boulder.ibm.
14.1 Using INDICATE and other commands z/VM has many commands to monitor the state of the system. CP INDICATE is the most commonly used, and there are other commands that are addressed. 14.1.1 Using the INDICATE command z/VM has basic commands such as INDICATE. This command can be useful if there are no other tools with more extended function present on the system, such as when undertaking a completely new system installation.
2 Paging to expanded storage is displayed here. Most z/VM systems on z9 class machines can sustain several thousands of this type of paging operations a second without any problems. The MIGRATE rate is the number of pages per second being moved from expanded storage out to paging space on DASD. A healthy system will have a MIGRATE rate significantly lower than the XSTORE rate, probably being measures in hundreds rather than thousands.
EDLWRK6 EDLWRK3 EDLWRK17 EDLWRK9 EDLWRK5 EDLWRK14 EDLLIB19 EDLWRK19 EDLWRK15 EDLWRK1 Q3 Q3 Q3 Q3 Q3 Q3 Q3 Q3 Q3 Q3 IO AP AP AP IO AP IO AP AP AP 00000750/00000302 00005098/00005096 00004786/00004766 00002372/00002334 00002376/00002376 00002426/00002323 00001226/00001100 00002322/00002298 00002839/00002781 00002969/00002935 .... .... .... .... .... .... .... .... .... .... .0969 .0999 .1061 .1107 .1205 .1238 .1309 .1705 .2205 .
Determining storage or memory To see how much central and expanded storage (memory) are installed and allocated to a system, use the QUERY STORAGE and QUERY XSTOR commands. For example: ==> q stor STORAGE = 4G CONFIGURED = 4G INC = 256M STANDBY = 0 RESERVED = 0 ==> q xstor XSTORE= 2048M online= 2048M XSTORE= 2048M userid= SYSTEM usage= 0% retained= 0M pending= 0M XSTORE MDC min=0M, max=0M, usage=0% XSTORE= 2048M userid= (none) max.
The following list gives the short form of these commands, without associated output: ==> ==> ==> ==> ==> q q q q q da da free osa osa free v all 14.2 z/VM Performance Toolkit To use the z/VM Performance Toolkit, the product must be licensed. Only configure the product if you have licensed it.
3. At IPL time, the SYSTEM CONFIG file is modified by having a line appended to the end. Verify this with the following commands: ==> acc cf1 f ==> x system config f ====> bot ====> -2 ====> pre off ... PRODUCT PRODID 5VMPTK40 STATE ENABLED DESCRIPTION '05/22/08.10:08:55.MAINT RFKIT Minidisk Install and Service' PE The Performance Toolkit is now enabled. 14.2.
Active IPv6 Transmission Blocks: None In this case, the PERFSVM service was shown to be listening on port 80. 14.2.3 Configuring PERFSVM The PERFSVM user ID is the Performance Toolkit service machine. 1. Logon to PERFSVM.
====> file 6. Create a remote data retrieval authorization file with your z/VM system identifier; replace with your z/VM system name: ==> x fconrmt authoriz ====> a 2 PERFSVM S&FSERV MAINT DATA CMD EXCPMSG 7. Create a system identification file; replace with your z/VM system name: ==> x fconrmt systems ====> a PERFSVM z/VM5.4 N FCXRES00 8. Create a Linux system definition file. Add the TCP/IP addresses of your Linux system(s).
/* Increase the size of the SAMPLE CONFIG and EVENT CONFIG */ 'CP MONITOR SAMPLE CONFIG SIZE 1200' 'CP MONITOR EVENT CONFIG SIZE 350' 'PERFKIT' /* Invoke the PERFKIT module @FC012BD*/ Exit ====> file You should now be ready to run the Performance Toolkit. 14.2.
Figure 14-1 Performance Toolkit logon window 3. Enter any valid user ID and password (in this example, MAINT). 4. You should see the Central Monitoring System Load Overview with your system name on the left side. 5. Click your system name and you should see the Initial Performance Data Selection Menu window, as shown in Figure 14-2 on page 204. Chapter 14.
Figure 14-2 Browser interface to the Performance Toolkit Using a 3270 interface Logon to PERFSVM. Run the PROFILE EXEC and you should be put into the Performance Toolkit for z/VM environment. The subcommand monitor should present the following window. ==> profile FCXBAS500I Performance Toolkit for VM FL530 Monitor event started -- recording is activated Monitor sample started -- recording is activated ...
FCX124 Performance Screen Selection General System Data 1. CPU load and trans. 2. Storage utilization 3. Reserved 4. Priv. operations 5. System counters 6. CP IUCV services 7. SPOOL file display* 8. LPAR data 9. Shared segments A. Shared data spaces B. Virt. disks in stor. C. Transact. statistics D. Monitor data E. Monitor settings F. System settings G. System configuration H. VM Resource Manager I. Exceptions K. User defined data* I/O 11. 12. 13. 14. 15. 16. 17. 18. 19. 1A.
and Red Hat RHEL 4 and RHEL 5 have been enabled for the kernel to gather performance data. There is a package called the Linux RMF™ PM Data Gatherer (also called rmfpms) that runs as a user application. Both of these data gatherers work in conjunction with the IBM z/VM Performance Toolkit. 14.3.1 Monitoring Linux with rmfpms As a user application, the Linux RMF PM Data Gatherer (rmfpms) can be used. Currently it is not part of an IBM product and is intended for evaluation purposes only.
# ls .rmfpms_config README bin .rmfpms_config_autostart autostart_rmfpms doc enable_autostart rmfpms 5. You should now be able to start rmfpms in the bin/ directory with the following command: # bin/rmfpms start Creating /root/rmfpms/.rmfpms ... Starting performance gatherer backends ... DDSRV: RMF-DDS-Server/Linux-Beta (Sep 8 2007) started. DDSRV: Functionality Level=2.339 DDSRV: Reading exceptions from gpmexsys.ini and gpmexusr.ini. DDSRV: Server will now run as a daemon process. done! 6.
For the second requirement, SLES 9, SLES 10 and RHEL 5 now have this function built in. Details of this function are described in Chapter 15, “Linux monitor stream support for z/VM” in Device Drivers, Features, and Commands documentation for the October 2005 stream, which is available on the Web at: http://www-128.ibm.com/developerworks/linux/linux390/october2005_documentation.html A brief explanation of how to use this built-in monitoring function is given here. 1.
view that data, drill down into menu 29, Linux systems. This can be done either from the browser interface or the 3270 interface as shown in Figure 14-5. Figure 14-5 Linux Guest Systems sub menu Type S over the period on the left side of the submenu window in the row corresponding to the report you want to see. You should see a new report window with the Linux guest systems CPU overview. 14.
In this example, it starts at x3300 and ends at x6FFF (this is a PAGE boundary). You also need to issue q nss all map to determine where the new MONDCSS can be located with no overlap. Important: Check carefully to make sure that the new MONDCSS does not overlap any other NSS. If it does, PERKIT may not be able to use it. One way to test whether the MONDCSS segment can be loaded is to issue SEGMENT LOAD MONDCSS before you start PERFKIT.
A Appendix A. References This appendix describes the location and content of z/VM configuration files, and provides quick reference sheets for the XEDIT and vi text editors. © Copyright IBM Corp. 2008. All rights reserved.
z/VM configuration files z/VM differs from Linux in regard to the location and number of configuration files. In Linux, there are many configuration files and most of them are in or under the /etc/ directory. On z/VM, there are relatively few configuration files. However, they are on many different minidisks. Table 1 summarizes the location and content of z/VM configuration files.
quit qquit left right get : ? = x x Exit XEDIT if no changes have been made Exit XEIDT even if changes have not been saved Shift ‘n’ characters to the left Shift ‘n’ characters to the right Copy file and insert past the current line Move to line ‘n’ Display last command Execute last command Edit ‘file’ and put it into the XEDIT “ring” Move to the next file in the ring Prefix commands a a c cc d dd f p i i m mm " " "" Add one line Add 'n' lines Copies one line Copies a bl
: go to line number :r read into the current file :1,$s/old/new/g globally replace with :help give help 214 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
B Appendix B. z/VM source code This appendix lists the source code associated with this book. Obtaining and using the Web material The pdf of this book is available on the Internet at the following address: http://www.redbooks.ibm.com/abstracts/sg247493.html The files associated with this book are in a gzipped tar file at the following address: ftp://www.redbooks.ibm.com/redbooks/SG247493 Download the tar file to your NFS server and use it as is described in 7.2.
z/VM REXX EXECs and XEDIT macros This section lists z/VM REXX EXECs and XEDIT macros. The CPFORMAT EXEC Following is the code for the EXEC that formats multiple disks using CPFMTXA (described in 4.6.
say '' say ' Format one or a range of DASD as page, perm, spool or temp disk space' say ' The label written to each DASD is V where:' say ' is type - P (page), M (perm), S (spool) or T (Temp disk)' say ' is the 4 digit address' say '' say 'Syntax is:' say " .-PAGE-." say " >>--CPFORMAT--.-rdev--------------.
parse upper var dasds dasd dasds dashPos = pos('-', dasd) if (dashPos = 0) then /* there is just one DASD */ do numDasd = numDasd + 1 dasdList.numDasd = dasd 'CP Q MDISK' dasdList.numDasd 'LOCATION' if (rc <> 0) then do say 'Return code from Q MDISK =' rc say 'Are all DASD ATTached?' exit 3 end call checkReserved(dasdList.
/*| parm 1: source |*/ /*| parm 2: target |*/ /*| parm 3: label |*/ /*+------------------------------------------------------------------+*/ arg dasd /* create a list of reserved dasd - this is somewhat hokey to be sure but it's better to be hokey than to format system minidisks! */ resvd1 = "0122 0123 0124 0125 0190 0191 0193 0194 019D 019E 0201 02A2" resvd2 = "02A4 02A6 02C2 02C4 02CC 02D2 0319 03A2 03A4 03A6 03B2 03C2" resvd3 = "03C4 03D2 0400 0401 0402 0405 0490 0493 049B 049E 04A2 04A4" resvd4 = "04A6
return retVal /* from formatOne */ /*+------------------------------------------------------------------+*/ getLabel: procedure /*| Compose the six character label of a minidisk |*/ /*| parm 1: labelPrefix - first two characters of label |*/ /*| parm 2: disk - vaddr of length 1, 2, 3 or 4 |*/ /*| return: the 6 character label |*/ /*+------------------------------------------------------------------+*/ arg labelPrefix disk diskLen = length(disk) select when (diskLen = 1) then /* insert 3 zeros */ label = lab
'command 'command 'command 'command 'command 'command 'command 'command 'command 'command set set set set set set set set set set num on' nulls on' serial off' cmdline bottom' curline on 3' serial off' scale off' case m i' pre off' v 1 80' /* change user ID passwords */ 'command c/MAINT MAINT/MAINT' newPass'/*' 'command c/AVSVM AVSVM/AVSVM' newPass'/*' 'command c/TSAFVM TSAFVM/TSAFVM' newPass'/*' 'command c/GCS GCS/GCS' newPass'/*' 'command c/GCSXA GCSXA/GCSXA' newPass'/*' 'command c/AUDITOR AUDITOR/AUDI
'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command c/OSASF OSASF/OSASF' newPass'/*' c/5VMRSC40 5VMRSC40/5VMRSC40' newPass'/*' c/RSCS RSCS/RSCS' newP
'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command 'command c/RDVF WDVF MDVF/'newPass newPass newPass'/*' c/READ WRITE MULTIPLE/'newPass newPass newPass'/*' c/READ WRITE/'newPass newPass'/*' c/RFTPSERV WFTPSERV MFTPSERV/'newPass
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES -------------------------------------------------------------------*/ /* Construct the two ch
say "Syntax is:" say "" say " >>---LABEL540--res--spl--pag--w01--w02------------------------><" say "" say " where res, spl, pag, w01 and w02 are 4 digit virtual addresses" say " of the volumes that z/VM 5.
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES -------------------------------------------------------------------*/ firstChar = 'M' /* change this for an LPAR ID other than 'M' */ parse upper arg res spl pag w01 w02 . parse upper arg fn ft fm '(' options ')' res spl pag w01 w02 .
C Appendix C. Linux source code This section lists the Linux source code associated with this book. Following is the clone script. Obtaining and using the Web material The pdf of this book is available on the Internet at: http://www.redbooks.ibm.com/abstracts/sg247492.html The files associated with this book are in a zipped tar file at: ftp://www.redbooks.ibm.com/redbooks/SG247492 Download the tar file to your NFS server and use it as is described in 7.2.
# # # # # # # # # # # # # # # # "z/VM and Linux on IBM System z: The Virtualization Cookbook for RHEL4" on the Web at: http://www.redbooks.ibm.com/abstracts/sg247272.html ---------------------------------------------------------------------------THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
# If the host has a id_dsa.pub file then append that to the clone's # authorized_keys file. #+--------------------------------------------------------------------------+ { if [ -e /root/.ssh/id_dsa.pub ] ; then [ ! -d /mnt/clone/root/.ssh/ ] && mkdir -p /mnt/clone/root/.ssh/ echo "# LNXINST" >> /mnt/clone/root/.ssh/authorized_keys cat /root/.ssh/id_dsa.pub >> /mnt/clone/root/.ssh/authorized_keys chmod 600 /mnt/clone/root/.
fi done # Expand DASD ranges if they have been defined if [ -n "$DASD" ] ; then split=$(echo $DASD | tr ',' ' ') DASD="" for s in $split do out=$(echo $s | grep \-) rc=$? [ $rc -eq 0 ] && DASD=${DASD}$(seq -s" " $(echo $s | tr '-' ' ' | tr '\n' ' ')) [ $rc -ne 0 ] && DASD=${DASD}$(echo -n "$s ") done [ -n "$DASD_ROOT" ] && DASD=$(echo $DASD | sed "s/$DASD_ROOT//") DASD="$DASD_ROOT $DASD" # Assuming that if no DASD_ROOT is specified then the first DASD device will be # take as root if [ -z "$DASD_ROOT" ] ; t
if [ $ret_val -eq 0 ] ; then nblks=`cat /proc/dasd/devices | grep $target_dev_node | awk '{ print $13 }'` [ -n "$VERBOSE" ] && \ echo "Invoking Linux command: dd bs=4096 count=$nblks if=/dev/$source_dev_node of=/dev/$target_dev_node" dd bs=4096 count=$nblks if=/dev/$source_dev_node of=/dev/$target_dev_node >/dev/null [ $? -ne 0 ] && echo "Error: dd failed" && ret_val=1 fi # Put the source and target devices offline set_offline $target_mdisk set_offline $source_mdisk return $ret_val } #+---------------------
# Arg 1: Source minidisk # Arg 2: Target minidisk #+--------------------------------------------------------------------------+ { source_mdisk=$1 target_mdisk=$2 if [ "$COPY_METHOD" == "AUTO" -o "$COPY_METHOD" == "auto" ] ; then cp_cmd FLASHCOPY $source_mdisk 0 END $target_mdisk 0 END rc=$? if [ $rc -ne 0 ]; then # FLASHCOPY failed [ -n "$VERBOSE" ] && echo "FLASHCOPY $source_mdisk $target_mdisk failed with $rc using Linux dd" else return 0 fi fi dd_copy $source_mdisk $target_mdisk [ $? -ne 0 ] && return 1
{ [ -n "$VERBOSE" ] && echo "Unlinking minidisks ..." while [ $# -gt 0 ]; do set_offline 400$# unlink_one 400$# [ $? -eq 0 ] && echo "$1 disk unlinked ...
source_host=$(echo $source_hostname| awk -F. '{print $1}') [ ! -d $CLONE_MNT_PT/etc ] && echo "Error: no $CLONE_MNT_PT/etc found" && abort 1 [ -n "$VERBOSE" ] && echo "Modifying networking info under $CLONE_MNT_PT..." sed -i \ -e "s/$source_ipaddr/$IPADDR/g" \ -e "s/$source_hostname/$HOSTNAME/g" \ -e "s/$source_host/$target_host/g" \ $CLONE_MNT_PT/etc/hosts sed -i \ -e "s/HOSTNAME=.*/HOSTNAME=$HOSTNAME/g"\ -e "s/GATEWAY=.*/GATEWAY=$GATEWAY/g"\ $CLONE_MNT_PT/etc/sysconfig/network sed -i \ -e "s/IPADDR=.
set_offline $target_mdisk abort 1 fi } #+--------------------------------------------------------------------------+ function set_offline # This will set offline the target minidisk. # Arg1 - Minidisk virtual address to set offline #+--------------------------------------------------------------------------+ { target_mdisk=$(echo $1 | tr 'A-Z' 'a-z') chccwdev -d 0.0.$target_mdisk > /dev/null 2>&1 rc=$? #if [ $rc -ne 0 ]; then # echo "Error: chccwdev -d 0.0.
} #+--------------------------------------------------------------------------+ function umount_cloned_image # Unmount the cloned root filesystem #+--------------------------------------------------------------------------+ { /bin/umount $CLONE_MNT_PT >/dev/null 2>&1 return $? } #+--------------------------------------------------------------------------+ function check_for_conf # Check that the configuration file exists for the ID that we are cloning to.
function autolog # Issue an XAUTOLOG command to bring up the new cloned image.
echo "Cloning $master_linux_id to $cloned_linux_id ..." [ -z "$DASD" ] && echo "Error: no DASD defined in /etc/clone/${cloned_linux_id}.conf" && exit copy_disks $DASD # Update the newly cloned image locally, so link, set online then mount the # clone's root filesystem. Then call modify_cloned_image to update # configuration files with the proper settings. Finally unmount, # set offline and unlink the disk. echo "Updating cloned image ...
Related publications The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this book. IBM Redbooks publications For information about ordering these publications, see “How to get Redbooks” on page 240.
Online resources These Web sites are also relevant as further information sources: The Linux for zSeries and S/390 portal: http://linuxvm.org/ The linux-390 list server: http://www2.marist.edu/htbin/wlvindex?linux-390 Linux on System z and S/390 developerWorks: http://awlinux1.alphaworks.ibm.com/developerworks/linux390/index.shtml Information about Apache: http://www.samspublishing.com/articles/article.asp?p=30115&seqNum=4 http://www.sitepoint.com/article/securing-apache-2-server-ssl http://www.
Index Symbols $ALLOC$, z/VM user ID 55, 93, 120, 131, 142 /etc/auto.master 126 /etc/fstab 110, 184 /etc/inittab file 115 /etc/samba/smb.conf file 173 /etc/samba/smbpasswd file 173 /etc/yum.repos.
creating 184 F fdasd command 181 Features statement 42 FILELIST command 95 Firewall configuring 161 FLASHCOPY command 93 font conventions xv FORMAT command 56 formatting DASD fast 48 FTP site fix 80 subcommand 95 FTP server 46 G golden image xiv, 119 H hardware resources 8 HELP command 196 HMC 28 CD-ROM/DVD 30 Load icon 35 Operating System Messages 47 Single Object Operations 29 SYSG 35 System Console (SYSC) 47 Hummingbird Host Explorer 25 hypervisor 2 I IBM Personal Communications 25 IBM RACF 61 IBM Ti
monitor stream support 208 monitoring Linux 206–207 mount command 124 MySQL 176 N Network File System (NFS) 85 networking resources 9 NFS installation method 100 NFS server configuration on Linux PC 88 O OpenLDAP 164 configuring 165 openmotif 111 OPTION APPLMON 131 overlaps searching for 55 P PADL Software Pty Ltd 166 paging space 48 paging volumes 47 location 49 parameter file 94, 96 copying 143 copying, for new user ID 138 PARMFILE 96 passwd command 173 passwords planning 12 Performance Toolkit 198 PER
ldap 168 smb 174 vncserver 114 services turning off unneeded 112 SET SIGNAL command 59 SET SRM command 59 SET VSWITCH command 94, 121, 132 SET VSWITCH GRANT command 94, 132, 144 share /usr/ file system 3 SHUTDOWN command 47 SHUTDOWN REIPL command 53, 60 SIGNAL SHUTDOWN setting Linux to halt 115 Single Object Operations 29 site fix 80, FTP subcommand 95 slapadd command 167 slappasswd command 165 smbclient command 174 smbpasswd command 173–174 smbpasswd file 174 software resources 8 SSH Configuring keys 116,
W What is virtualization 2 which command 139 worksheets examples in the book 13 X XAUTOLOG command 44, 59, 94, 121 XEDIT "" prefix command 92, 142 ? subcommand 10 add subcommand 43 BOTTOM subcommand 43 CHANGE subcommand 62 FILE subcommand 43 PREFIX OFF subcommand 55 search subcommand (/) 42 XEDIT command 41 XEDIT PROFILE 41 xinetd 111 xstartup 114 Y yum RPM GPG key 126 yum command 126, 164 yum -y command 172 Z z/VM adding paging volumes 47 backing up to tape 62 cons=sysg 36 conventions 9 CPFMTXA command
246 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
The Virtualization Cookbook for Red Hat Enterprise Linux 5.2 The Virtualization Cookbook for Red Hat Enterprise Linux 5.2 The Virtualization Cookbook for Red Hat Enterprise Linux 5.2 The Virtualization Cookbook for Red Hat Enterprise Linux 5.2 (0.5” spine) 0.475”<->0.
The Virtualization Cookbook for Red Hat Enterprise Linux 5.2 The Virtualization Cookbook for Red Hat Enterprise Linux 5.
Back cover ® z/VM and Linux on IBM System z The Virtualization Cookbook for Red Hat Enterprise Linux 5.2 ® Hands-on instructions for installing z/VM and Linux on the mainframe Updated information for z/VM 5.4 and Red Hat Enterprise Linux 5.2 New, more versatile file system layout This IBM Redbooks publication describes how to roll your own Linux virtual servers on IBM System z hardware under z/VM.
