Aggregates + IPMP with zones?

Similar Messages

• Configuring IPMP with several zones

  I am trying to configure IPMP with 2 zones on Solaris 10 but it seems that an interface has failed.
  ce1: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,Failed> mtu 1500 index 3
  inet 10.177.6.91 netmask ffffff00 broadcast 10.177.6.255
  groupname zone1
  ether 0:14:4f:24:87:c1
  ce1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  zone v08k39-zone1
  inet 10.177.6.90 netmask ffffff00 broadcast 10.177.6.255
  ce5: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 6
  inet 10.177.6.92 netmask ffffff00 broadcast 10.177.6.255
  groupname zone1
  ether 0:14:4f:24:87:c5
  root@sys # cat hostname.ce1
  sys-zone1-test1 deprecated -failover netmask + broadcast + group zone1 up
  root@sys # cat hostname.ce5
  sys-zone1-test2 deprecated -failover netmask + broadcast + group zone1 up
  Is the IPMP configuration correct or can i do away with link checking...
  TIA

  177499-02 wrote:
  Hi can you tell me how to configure IPMP in solaris 10
  following are the steps which i havae followed.
  root@sun4401:/> cat /etc/hostname.ce0
  sun4401netmask + broadcast + group ipmp0 up
  root@sun4401:/> cat /etc/hostname.ce1
  group ipmp0 up
  hosts file entrie are also proper, i don't know eher is the problem.
  and after that taken a reboot.
  Thanks
  gopalYou're missing the second configuration line on your "primary" interface.
  addif IPMP-hostname netmask + broadcast + up

• IPMP with two subnets

  Hello from Spain,
  I have configured IPMP with two interfaces on Solaris 10. It works.
  Now I need to configure a zone with a different subnet mask because I need the zone to be invisible to global, but not to the firewall, because I need to exit with this zone.
  Here is an example of what I'm trying to do
  Global
  /etc/hosts
  172.24.100.20 WK1
  172.24.100.21 WK1-bge0
  172.24.100.22 WK1-bge1
  /etc/netmasks
  172.24.100.0 255.255.255.0
  172.24.110.0 255.255.255.0
  /etc/defaultrouter
  172.24.100.1
  /etc/hostname.bge0
  WK1 netmask + broadcast + group localhost up addif WK1-bge0 deprecated -failover netmask + broadcast + up
  /etc/hostname.bge1
  WK1-bge1deprecated -failover netmask + broadcast + group localhost up
  Zone IP's
  172.24.100.101 zone1 (global see it, it sees global and firewall)
  172.24.110.101 zone2 (global see it, it sees global, but doesn't see firewall)
  zone2 /etc/defaultrouter
  172.24.110.1
  ¿Is it possible to do this? ¿any ideas?
  Thanks.
  Pd. Excuse my english

  General advice, since you don't indicate which type of zone you have (shared IP or exclusive IP):
  if you are dealing with zones and routing, best to configure your local zones as "exclusive IP" (bge can do this) meaning you dedicate a physical interface to the local zone and configure the interface from within the new zone. Otherwise all interfaces and routing belong to the global zone and routing can be a problem. Then you can configure IPSEC or ipf to allow/deny access as desired b/t the zones or other network nodes.
  If you have S10 u4 (8/07), exclusive IP is available:
  docs.sun.com Home > Solaris 10 System Administrator Collection > System Administration Guide: Solaris Containers-Resource Management and Solaris Zones > Zones > 17. Non-Global Zone Configuration (Overview) > Zone Components > Zone Network Interfaces > Solaris 10 8/07: Exclusive-IP Non-Global Zones
  docs.sun.com Home > Solaris 10 System Administrator Collection > System Administration Guide: Solaris Containers-Resource Management and Solaris Zones > Zones > 17. Non-Global Zone Configuration (Overview) > Zone Components > Zone Network Interfaces > Security Differences Between Shared-IP and Exclusive-IP Non-Global Zones

• Deferred patching broken for machines with zones

  For a while I've noticed that Ive had trouble patching a couple of machines.
  I've managed to determine the significant characteristic identifying them.
  All the machines with a non global zone have the problem.
  To confirm, I added a test zone to a machine that was fine. And it immediately it developed the problem.
  Anyway, the symptom is that no deferred patches will install.
  So patches delayed by a "smpatch update" till the reboot fail to install.
  The sunucLog displays the following error
  Sep 17 10:30:05 webdb1 123186-03 [notice] Status Install Begin 123186-03
  Sep 17 10:30:05 webdb1 123186-03 [ALERT] Validating patches...
  Sep 17 10:30:05 webdb1 123186-03 [ALERT] Loading patches installed on the system...
  Sep 17 10:30:05 webdb1 123186-03 [ALERT] Loading patches requested to install.
  Sep 17 10:30:05 webdb1 123186-03 [ALERT] Checking patches that you specified for installation.
  Sep 17 10:30:05 webdb1 123186-03 [ALERT] svcadm: Instance "svc:/system/filesystem/local:default" has been disabled by another entity.
  Sep 17 10:30:05 webdb1 123186-03 [ALERT] ERROR: Enabling filesystem/local service failed.
  Sep 17 10:30:05 webdb1 123186-03 [ALERT] Status Install End 123186-03 Install Update installation failed
  Anyone got any workarounds for this problem.
  Is it a known issue.
  Or should I log a support request.

  Any progress on this? Its been 2 months. And sun has managed to put out an entire new update to Solaris.
  And a 119254-59 has been released. But neither includes a fix for this issue as far as I can tell...
  Its now basically impossible to patch machines with zones up to the latest kernel 137137-09 since that has a dependency on 119254-58.
  And machines with zones can't be patched if a version higher than 119254-53 is installed....

• How to use aggregate function with Date

  Hi All,
  I have a group of date from that is it possible to Max and Min of date.
  I have tried like this but its errored out <?MIN (current-group()/CREATION_DATE)?>.
  I have also tried like this but it doesnt works
  <?xdoxslt:minimum(CREATION_DATE)?>
  Is it possible to use aggregate function with date values.
  Thanks & Regards
  Srikkanth

  Hi KAVI PRIYA,
  if date is not in cannonical format, how can we change it in BI publisher, then how to calcualte minimum and as well as maximum.
  please advise me,
  Thanks,
  Sri

• Aggregate fuction with group by clause

  Hello,
  Following is assignment is given but i dont get correct output 
  so please i am request to all of us write code to solve my problem.
  There can be multiple records for one customer in VBAK tables with different combinations.
  Considering that we do not need details of each sales order,
  use Aggregate functions with GROUP BY clause in SELECT to read the fields.
  <garbled code removed>
  Moderator Message: Please paste the relevant portions of the code
  Edited by: Suhas Saha on Nov 18, 2011 1:48 PM

  So if you need not want all the repeated records, then you select all the values to an Internal table,
  and declare an internal table of same type and Usee COLLECT
  for ex:
  itab1 type  <xxxx>.
  wa_itba like line of itab1.
  itab2 type  <xxxx>. "<-This should be same type of above.
  select * from ..... into table itab1.
  and now...
  loop at itab1 into wa_itab.
  collect wa_itab1 into itab2.
  endloop.
  then you will get your desired result..

• Cloning Solaris 10 with zones

  What is the best method to use when cloning a Solaris machine with zones, to ensure all software is included and can be easily installed
  on new hardware?
  Thank you!

  If you use UFS, then ufsdump/ufsrestore
  If you use ZFS, then zfs send/zfs receive
  But, if you are using hardware or software RAID, you can also try to move one disk to an another machine.
  You can see with these simple examples, that you have several methods and it depends how you configured your machine, Solaris and the zones. And finally, it depends too what is the source machine and what is the target machine, and how they are configured.

• Live migration with zones

  Hi all,
  I have been reading into making "SPARC Private Cloud" whitepapers with LDOM's from Oracle. One thing really pops out from the text which really confuses me:
  from Page 8 and 10:
  "VMs may also be securely live migrated or automatically started or restarted across any servers in their respective pools. *Zones are cold migrated*"
  "Secure live migration—Move domains off of servers that are undergoing planned maintenance. *Zones are cold-migrated*."
  Does this really mean that if I have zones inside LDOM guest, I can live migrate the LDOM guests but not the zones? Hence zones will go down if I do this? If so, whats the reason behind this, its hard to grasp the idea that the OS itself can be live migrated, but not zones inside it that are using the same kernel, binaries etc from it....
  Links:
  https://blogs.oracle.com/infrared/entry/building_private_iaas_with_sparc
  http://www.oracle.com/us/groups/public/@otn/documents/webcontent/1659149.pdf
  - Jukka

  Lumi, I'm pretty sure they are comparing LDOMs with zones on a standalone system (i.e. no LDOMs).
  When you migrate a domain, everything the guest kernel is doing should emerge as it was before.
  Migration might take a bit longer than for the GZ alone, since you're using more virtual memory.
  To move an NGZ between standalone GZ's, you would indeed have to halt, detach, attach, and boot it.
  But please don't take my word for it... feel free to try both methods for yourself. =-)
  The only limitation for zones in LDOMs that I'm aware of: You cannot currently set elastic power policy.
  Other than that, I don't see why you couldn't keep zones running inside your guest as it moves around.
  Hope that helps... -cheers, CSB

• Live Upgrade with Zones - still not working ?

  Hi Guys,
  I'm trying to do LiveUpdate from Solaris update 3 to update 4 with non-global zone installed. It's driving me crazy now.
  I did everything as described in documentation, installed SUNWlucfg and supposedly updated SUNWluu and SUNWlur (supposedly because they are exactly the same as were in update 3) both from packages and with script from update 4 DVD, installed all patches mentioned in 72099, but lucreate process still complains about missing patches and I've checked if they're installed five times. They are. It doesn't even allow to create second BE. Once I detached Zone - everything went smooth, but I had an impression that Live Upgrade with Zones will work in Update 4.
  It did create second BE before SUNWlucfg was installed, but failed on update stage with exactly the same message - install patches according to 72099. After installation of SUNWlucfg Live Upgrade process fails instantly, that's a real progress, must admit.
  Is it still "mission impossible" to Live Upgrade with non-global zones installed ? Or am I missed something ?
  Any ideas or success stories are greatly appreciated. Thanks.

  I upgraded from u3 to u5.
  The upgrade went fine, the zones boot up but there are problems.
  sshd doesn't work
  svsc -vx prints out this.
  svc:/network/rpc/gss:default (Generic Security Service)
  State: uninitialized since Fri Apr 18 09:54:33 2008
  Reason: Restarter svc:/network/inetd:default is not running.
  See: http://sun.com/msg/SMF-8000-5H
  See: man -M /usr/share/man -s 1M gssd
  Impact: 8 dependent services are not running:
  svc:/network/nfs/client:default
  svc:/system/filesystem/autofs:default
  svc:/system/system-log:default
  svc:/milestone/multi-user:default
  svc:/system/webconsole:console
  svc:/milestone/multi-user-server:default
  svc:/network/smtp:sendmail
  svc:/network/ssh:default
  svc:/network/inetd:default (inetd)
  State: maintenance since Fri Apr 18 09:54:41 2008
  Reason: Restarting too quickly.
  See: http://sun.com/msg/SMF-8000-L5
  See: man -M /usr/share/man -s 1M inetd
  See: /var/svc/log/network-inetd:default.log
  Impact: This service is not running.
  It seems as thought the container is not upgraded.
  more /etc/release in the container shows this
  Solaris 10 11/06 s10s_u3wos_10 SPARC
  Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
  Use is subject to license terms.
  Assembled 14 November 2006
  How do I get it to fix the inetd service?

• Is patching Sol 10 machines with zones safe?

  Now that Sun update has been released, "smpatch update" explicitly checks for the presence of non global zones and refused to run.
  Now, its fairly trival to reproduce the "smpatch update" functionality from "smpatch download" which still works and a bit of scripting.
  Ive done this on a test machine with zones with no obvious ill effects.
  However since Sun went to the trouble of disabling "smpatch update", you have to presume there was a good reason.
  So is patching machines with zones safe. Or is there some known problem with doing this.

  The problem was that the underlying tool patchadd was not zones aware and then changes (I believe for bug: 6200143 ) changed the exit codes that smpatch relies on.
  Now in Solaris 10 patchadd/patchrm now returns only an exit code of 1 or 0 when using zones which is insufficient both for smpatch and for the Update Manager.
  So there are two options:
  If the system does not have any local zones configured then you can run "patchadd -t" in transitional mode which reverts back to the old pre Solaris 10 rich return codes that smpatch needs.
  If there are zones on the system, using smpatch download + patchadd will work, but you cannot get rich status from patchadd:
  Running "patchadd -t" on a system with local zones gives:
  # patchadd -t
  Transition patching (-t option) is not supported in a zones environment.
  HTH
  ethan

• Firefox 5 will not start with Zone Alarm Ver 10.0.240.000

  Firefox updated yesterday and now it will no longer start, it looks like the probem may be with Zone Alarm Forcefield. Does anyone have any ideas how to get Firefox 5 to tun under Zone Alarm Extreme Security? Thanks

  Hi,
  I'm running Win7 x64 with ZoneAlarm Extreme Security 10.0.241.000
  I had the same problem with Firefox 4. After turning off ForceField Toolbar, it started working fine.
  Then I updated to Firefox 5 and it wouldn't start, instead it was showing an error message from ZA...
  I searched mozilla support and followed the instructions here: http://kb.mozillazine.org/Browser_will_not_start_up
  on the topic"Firefox does not start after updating with ZoneAlarm ForceField enabled".
  The correct instructions for this ZA version should be: "'''Internet '''-> '''Web Security '''-> '''Settings''', and click '''Clear Virtual Data'''"
  After that I could open Firefox again! Then I realized it was still version 4...
  I installed the update, and everything went smooth. Checked again if Forcefield toolbar was inactive (it was) and opened a few pages, closed Firefox and opened again. After a while it wouldn't open...
  AGAIN the "Clear Virtual Data" did the trick...
  This time I clicked on '''Settings '''(next to "Clear Virtual Data") -> '''Advanced Settings''', and turned off "'''Enable Virtualization'''".
  Until ZA get a fix for this, either we turn it off or clear virtual data every few moves...
  Working fine.
  Best regards

• Upgrading Solaris with Zones

  I have just found the following statement in the Solaris 10 Install Guide, section "Upgrade Limitations":
  "If you have configured Solaris Zones on your system, you are not able to upgrade until you have unconfigured and uninstalled your non-global zones"
  I have a serious problem with this limitation. It seems to be impossible to upgrade a Solaris 10 system with zones configured. I would have to shut down and uninstall my zones and applications to upgrade the OS.
  There's not even a way to move the affected zones to another system to keep the application running if the host with the global zone needs maintenance due to OS upgrade, HW maintenance or if simply has too many zones configured on it and all resources are exhausted.
  With these limitations I don't see much reasonable use for zones. In particular, once a zone and an application is set up on a physical box with a particular OS release I am stuck with it for all times.
  How are you going to solve these problems. And when? What are zones good for in the current implementation? I am still waiting for convincing arguments to use zones ...

  I guess I'll state for the record, lest anyone should be confused by my last post, that LiveUpgrade doesn't allow upgrade anymore. I guess I got away with it before LU was upgraded to restrict such activity.
  ERROR: Unable to upgrade boot environment <Solaris10-B58>.
  INFORMATION: Boot environment <Solaris10-B58> has one or more non-global
  zones installed. This version of Live Upgrade cannot upgrade a boot
  Guess I'd better figure out how to backup my zones so I clean remove them. A simple tar will probly do the trick for now.
  benr.

• IP/Interface setup with zones

  Moin!
  Am trying to configure my first server with zones and am new to it so please forgive me if I aske dumb questions.
  I wanted to use zones to protect my machine setup from possible intrusions from the internet. So I wanted to create a global zone that is only connected to a backend network (10.x.x.x.) over say hme0 and then a zone that has access to hme1 which is connected to public internet.
  However as it is only possible to configure routes from the global zone I have to give that interface (hme1) an address in the global zone also as I have to configure different default routes. This however exposes the global zone to the internet.
  Is there anything I missed that makes it possible to achive this (without fireing up ipfilter)?
  TIA and so long
  -Ralf Weber

  You should be able to add the default routes with configuring a global zone address on hme1. However, you need to boot the zone before you install the routes. For security, you should also:
  - enable strict destination multihoming:
  # ndd -set /dev/ip ip_strict_dst_multihoming 1- add reject routes to block the zone from accessing the global zone (see older posts on this forum)
  Blaise

• 3.2cluster with zone

  Hi. all . need help to take a look. tks a lot......
  3.2cluster with zones.
  node1: orchard :zone1
  node2: somerset:zone2
  my data services 4 is unable to create(even add bacic ) ,dont know why?
  1.#clrg create -n orchard:zone1,somerset:zone2 cluster_RG (ok)
  2.#clrslh create -g cluster_RG -h zone1-lh -N sc_ipmp0@orchard,sc_ipmp0@somerset zone1_rs (ok)
  3. #clrs create -g cluter_RG -t SUNW.HAStoragePlus -p AffinityOn=TRUE \
  -p FilesystemMountPoints=/mount1:/zones/shared/mount1 metaset-21a_rs (ok)
  4 . there are some errors
  #clrs create -g cluter_RG -t SUNW.gds -p Scalable=false
  -p Start_command="/opt/SUNWscgds/scripts/app/start.sh" \
  -p Stop_command="/opt/SUNWscgds/scripts/app/stop.sh" \
  -p Probe_command="/global/kannel/bin/probe.sh" \
  -p Port_list="2222/tcp" \
  -p Network_resources_used=zone1_rs \
  -p Stop_signal=9 \
  -p Log_level=NONE my-21a_rs
  clrs: (C189917) VALIDATE on resource my-21a_rs, resource group cluster_RG , exited with non-zero exit status.
  clrs: (C720144) Validation of resource my-21a_rs in resource group cluster_RG on node orchard:zone1 failed.
  clrs: (C891200) Failed to create resource "my-21a_rs".

  Hi . thank u very much for advices, actualy it though out the same error msg.
  looks like error from zoning. if I add resources without zone, every thing comes fine.
  #clrs create -g cluter_RG -t SUNW.gds -p Scalable=false
  -p Start_command="/opt/SUNWscgds/scripts/app/start.sh" \
  -p Stop_command="/opt/SUNWscgds/scripts/app/stop.sh" \
  -p Probe_command="/global/kannel/bin/probe.sh" \
  -p Port_list="2222/tcp" \
  -p Network_resources_used=zone1_rs \
  -p Resource_dependencies=metaset-21a_rs
  -p Stop_signal=9 \
  -p Log_level=NONE my-21a_rs
  clrs: (C189917) VALIDATE on resource my-21a_rs, resource group cluster_RG , exited with non-zero exit status.
  clrs: (C720144) Validation of resource my-21a_rs in resource group cluster_RG on node orchard:zone1 failed.
  clrs: (C891200) Failed to create resource "my-21a_rs

• Heading 1:  Sun Cluster with Zones using IP type=exclusive

  Dear Forums Members,
  I am trying to install a Sun Cluster with Clustered Zones that the IP type=exclusive.
  This does not seem possible as the IPMP does not work.
  Any ideas?
  Thanks
  Wayne

  Hi,
  The network interface should NOT be a legacy one.
  To Check run the following
  dladm show-link the interface should not be legacy type
  Also when zonecfg add net just set the physical attribute, set the address inside the zone when it is up.