The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z:<br />
<strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong><br />
Red Hat Enterprise Linux 6<br />
A cookbook <strong>for</strong> installing and customizing z/<strong>VM</strong> 6.1<br />
and RHEL 6 Linux on the mainframe<br />
Brad Hinson<br />
Michael MacIsaac
Contents<br />
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix<br />
Chapters and Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix<br />
Summary of changes in November 20<strong>10</strong> version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .x<br />
History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .x<br />
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi<br />
<strong>The</strong> team that wrote this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi<br />
Special thanks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi<br />
Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii<br />
Chapter 1. Introduction to z/<strong>VM</strong> and Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1<br />
1.1 What is virtualization? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3<br />
1.2 A philosophy adopted in this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3<br />
1.3 Choices and decisions made in this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3<br />
1.4 Infrastructure design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4<br />
1.5 Usability tests per<strong>for</strong>med <strong>for</strong> this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5<br />
Chapter 2. Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7<br />
2.1 Bill of materials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7<br />
2.1.1 Hardware resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7<br />
2.1.2 Software resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8<br />
2.1.3 Networking resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8<br />
2.2 z/<strong>VM</strong> conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9<br />
2.2.1 Volume labeling convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9<br />
2.2.2 Backup file naming convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong><br />
2.2.3 <strong>The</strong> command retrieve convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong><br />
2.3 Disk planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong><br />
2.4 Memory planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11<br />
2.5 Password planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12<br />
2.6 Planning worksheets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
2.6.1 z/<strong>VM</strong> resources used in this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13<br />
2.6.2 z/<strong>VM</strong> DASD used in this book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
2.6.3 Linux resources used in this book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14<br />
2.6.4 Linux user IDs used in this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15<br />
2.7 Blank worksheets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
2.7.1 z/<strong>VM</strong> resources worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16<br />
2.7.2 z/<strong>VM</strong> DASD worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17<br />
2.7.3 Linux resources worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18<br />
2.7.4 Linux user ID worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18<br />
Chapter 3. Configuring a desktop machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19<br />
3.1 PuTTY: a free SSH client <strong>for</strong> Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19<br />
3.2 Setting up a VNC client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23<br />
3.2.1 Downloading and running RealVNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23<br />
3.3 3270 emulators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24<br />
Chapter 4. Installing and configuring z/<strong>VM</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27<br />
4.1 Installing z/<strong>VM</strong> from DVD or FTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28<br />
4.1.1 Obtaining z/<strong>VM</strong> through electronic download . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28<br />
4.1.2 Starting the z/<strong>VM</strong> install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30<br />
Contents iii
4.1.3 Copying a vanilla z/<strong>VM</strong> system to DASD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34<br />
4.1.4 IPL the vanilla z/<strong>VM</strong> from DASD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37<br />
4.1.5 Completing the z/<strong>VM</strong> installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39<br />
4.2 Configuring TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41<br />
4.2.1 Use the IPWIZARD tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41<br />
4.3 Configuring the XEDIT profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43<br />
4.4 Customizing the SYSTEM CONFIG file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44<br />
4.5 Configuring TCP/IP to start at IPL time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46<br />
4.5.1 Renaming the TCPIP configuration file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47<br />
4.5.2 Copy the PROFILE XEDIT file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48<br />
4.5.3 Configuring the FTP server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48<br />
4.5.4 Shutting down and reIPLing the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49<br />
4.6 Adding paging volumes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50<br />
4.6.1 Formatting the paging volumes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50<br />
4.6.2 Formatting DASD <strong>for</strong> minidisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52<br />
4.6.3 Updating the SYSTEM CONFIG file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53<br />
4.6.4 Testing the changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55<br />
4.7 Creating a user ID <strong>for</strong> common files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55<br />
4.7.1 Define the user in the USER DIRECT file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55<br />
4.7.2 Logging and customizing the new user ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58<br />
4.7.3 Copying a PROFILE XEDIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58<br />
4.7.4 Creating a PROFILE EXEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59<br />
4.7.5 Copying files associated with this book to LNXMAINT . . . . . . . . . . . . . . . . . . . . . 60<br />
4.8 Customizing system startup and shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60<br />
4.8.1 Configuring the AUTOLOG1 PROFILE EXEC . . . . . . . . . . . . . . . . . . . . . . . . . . . 60<br />
4.8.2 Testing the changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62<br />
4.9 Addressing z/<strong>VM</strong> security issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62<br />
4.9.1 Changing passwords in USER DIRECT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63<br />
4.<strong>10</strong> Backing up your z/<strong>VM</strong> system to tape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64<br />
4.11 Relabeling system volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64<br />
4.11.1 Modifying labels in the SYSTEM CONFIG file . . . . . . . . . . . . . . . . . . . . . . . . . . 65<br />
4.11.2 Modifying labels in the USER DIRECT file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67<br />
4.11.3 Changing the labels on the five volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67<br />
4.11.4 Shutting down your system and restarting it . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68<br />
4.12 Restoring your z/<strong>VM</strong> system from tape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69<br />
Chapter 5. Servicing z/<strong>VM</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71<br />
5.1 Applying a Recommended Service Upgrade or RSU . . . . . . . . . . . . . . . . . . . . . . . . . . 72<br />
5.1.1 Getting service from the Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73<br />
5.1.2 Downloading the service files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74<br />
5.1.3 Creating a new MAINT minidisk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74<br />
5.1.4 Receiving, applying, and building the service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76<br />
5.1.5 Putting the service into production . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78<br />
5.2 PTFs <strong>for</strong> the zEnterprise 196 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79<br />
5.2.1 Ordering service <strong>for</strong> the zEnterprise 196 PTFs. . . . . . . . . . . . . . . . . . . . . . . . . . . 80<br />
5.2.2 Applying the non-SES PTF UV61111 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82<br />
5.2.3 Verifying the zEnterprise 196 is applied . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84<br />
5.3 Determining z/<strong>VM</strong>’s service level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84<br />
5.4 Applying a PTF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85<br />
5.4.1 Getting service using ShopzSeries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86<br />
5.4.2 Determining if a PTF has been applied. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87<br />
5.4.3 Downloading the service to z/<strong>VM</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87<br />
5.4.4 Receiving, applying, and building service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89<br />
iv <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
5.4.5 Putting the service into production . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90<br />
5.4.6 Checking <strong>for</strong> APARMEMO files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91<br />
5.5 Moving on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91<br />
Chapter 6. Configuring an NFS/FTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93<br />
6.1 Installing Linux on the PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94<br />
6.2 Downloading files associated with this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94<br />
6.3 Setting up a RHEL 6 install tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94<br />
6.3.1 Copying from physical DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95<br />
6.3.2 Verifying the ISO image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95<br />
6.3.3 Copying the DVD contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96<br />
6.3.4 Building the repository directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96<br />
6.4 Enabling the NFS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96<br />
6.5 Configuring an FTP server <strong>for</strong> z/<strong>VM</strong> installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98<br />
6.5.1 Preparing the z/<strong>VM</strong> product install files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98<br />
6.5.2 Installing and configuring the FTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99<br />
6.5.3 Testing the anonymous FTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong>0<br />
Chapter 7. Installing RHEL 6 on the cloner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong>1<br />
7.1 Installing the cloner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong>1<br />
7.1.1 Creating the user ID RH6CLONE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong>1<br />
7.1.2 Adding RH6CLONE to AUTOLOG1’s PROFILE EXEC . . . . . . . . . . . . . . . . . . . <strong>10</strong>4<br />
7.1.3 Preparing RH6CLONE bootstrap files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong>5<br />
7.1.4 Beginning the Linux installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <strong>10</strong>7<br />
7.1.5 Stage 2 of the RHEL 6 installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111<br />
7.1.6 Working around a known issue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112<br />
7.1.7 Continuing the installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113<br />
7.1.8 Booting your new Linux system from disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119<br />
7.2 Configuring the cloner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119<br />
7.2.1 Copying files to the cloner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119<br />
7.2.2 Retiring the PC NFS server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120<br />
7.2.3 Configuring yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121<br />
7.2.4 Turning off unneeded services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121<br />
7.2.5 Configuring the VNC server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122<br />
7.2.6 Setting system to halt on SIGNAL SHUTDOWN . . . . . . . . . . . . . . . . . . . . . . . . 123<br />
7.2.7 Turning on the NFS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124<br />
7.2.8 Configuring SSH keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125<br />
7.2.9 Inserting the vmcp module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125<br />
7.2.<strong>10</strong> Changing the order of the swap disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125<br />
7.2.11 Setting the system to logoff when Linux is shut down. . . . . . . . . . . . . . . . . . . . 126<br />
7.2.12 Rebooting the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126<br />
7.2.13 Verifying the changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127<br />
Chapter 8. Installing and configuring the golden image . . . . . . . . . . . . . . . . . . . . . . . 129<br />
8.1 Installing the golden image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129<br />
8.1.1 Creating the user ID RH6GOLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129<br />
8.1.2 Adding RH6GOLD to AUTOLOG1’s PROFILE EXEC . . . . . . . . . . . . . . . . . . . . 130<br />
8.1.3 Preparing RH6GOLD bootstrap files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131<br />
8.1.4 Installing RHEL 6 to the golden image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132<br />
8.1.5 Verifying the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137<br />
8.2 Configuring the golden image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138<br />
8.2.1 Configuring automount of install tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138<br />
8.2.2 Configuring yum <strong>for</strong> online updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139<br />
8.2.3 Turning off unneeded services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140<br />
Contents v
8.2.4 Configuring the VNC server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140<br />
8.2.5 Setting system to halt on SIGNAL SHUTDOWN . . . . . . . . . . . . . . . . . . . . . . . . 140<br />
8.2.6 Setting the system to logoff when Linux is shut down. . . . . . . . . . . . . . . . . . . . . 141<br />
8.2.7 Configuring SSH keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141<br />
8.2.8 Changing the order of the swap disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142<br />
8.2.9 Other configuration changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142<br />
8.2.<strong>10</strong> Rebooting the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142<br />
8.2.11 Verifying the changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145<br />
9.1 Formatting DASD <strong>for</strong> minidisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145<br />
9.2 Defining a new user ID <strong>for</strong> a virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146<br />
9.2.1 Adding LINUX01 to AUTOLOG1’s PROFILE EXEC. . . . . . . . . . . . . . . . . . . . . . 147<br />
9.3 Cloning a virtual server manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147<br />
9.4 Cloning one new virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152<br />
9.4.1 Using the configuration file /etc/sysconfig/clone . . . . . . . . . . . . . . . . . . . . . . . . . 152<br />
9.4.2 Creating a configuration file <strong>for</strong> LINUX01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153<br />
9.4.3 Using the clone script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154<br />
9.5 Defining three more virtual machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157<br />
9.5.1 Defining three more user IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157<br />
9.5.2 Creating three new configuration files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158<br />
9.5.3 Adding new virtual machines to startup process. . . . . . . . . . . . . . . . . . . . . . . . . 159<br />
9.5.4 Testing logging on to a new user ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160<br />
9.6 Reviewing system status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160<br />
Chapter <strong>10</strong>. Installing Linux with kickstart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163<br />
<strong>10</strong>.1 Configure the cloner <strong>for</strong> kickstart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163<br />
<strong>10</strong>.2 Configure the LINUX02 user <strong>for</strong> kickstart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165<br />
<strong>10</strong>.3 Kickstart the LINUX02 user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166<br />
Chapter 11. Cloning open source virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169<br />
11.1 Creating a virtual Web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169<br />
11.1.1 Installing Apache RPMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169<br />
11.1.2 Testing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170<br />
11.1.3 Turning on a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171<br />
11.1.4 Configuring SSL <strong>for</strong> Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172<br />
11.1.5 Populating your Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173<br />
11.1.6 Apache resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173<br />
11.2 Creating a virtual LDAP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173<br />
11.2.1 Installing the OpenLDAP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173<br />
11.2.2 Configuring the OpenLDAP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174<br />
11.2.3 Adding an LDAP user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175<br />
11.2.4 Configuring an LDAP client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177<br />
11.3 Creating a virtual file and print server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178<br />
11.3.1 Cloning a Linux virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178<br />
11.3.2 Installing necessary RPMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179<br />
11.3.3 Configuring Samba configuration file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179<br />
11.3.4 Adding a Samba user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180<br />
11.3.5 Starting Samba at boot time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180<br />
11.3.6 Testing your changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180<br />
11.3.7 Configuring printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182<br />
11.4 Creating a virtual application development server . . . . . . . . . . . . . . . . . . . . . . . . . . 182<br />
11.4.1 Additional resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184<br />
vi <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 12. Servicing Linux with Red Hat Network. . . . . . . . . . . . . . . . . . . . . . . . . . . 187<br />
12.1 Registering your system with RHN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187<br />
12.2 Installing and updating packages using yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187<br />
12.3 Managing your Linux guest through RHN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189<br />
Chapter 13. Miscellaneous recipes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191<br />
13.1 Adding DASD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191<br />
13.1.1 Adding minidisks to a virtual machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191<br />
13.1.2 Making new minidisks available to RHEL 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . 192<br />
13.2 Adding a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194<br />
13.2.1 Creating a logical volume and file system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194<br />
13.2.2 Updating the file system table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197<br />
13.3 Extending an existing logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198<br />
13.4 Adding SCSI/FCP disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200<br />
13.4.1 Adding a single LUN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200<br />
13.4.2 Configuring multipath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203<br />
13.4.3 Making the changes persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205<br />
13.5 Rescuing a Linux system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205<br />
13.5.1 Entering single user mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205<br />
13.5.2 Entering a rescue environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206<br />
13.6 Setting up Memory Hotplugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208<br />
13.7 Utilizing the cpuplugd service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2<strong>10</strong><br />
13.7.1 Determining the virtual CPUs being used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2<strong>10</strong><br />
13.7.2 Generating a workload to see cpuplugd work. . . . . . . . . . . . . . . . . . . . . . . . . . 212<br />
13.7.3 Setting memory sizes with cpuplugd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213<br />
13.8 Hardware cryptographic support <strong>for</strong> OpenSSH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213<br />
13.9 <strong>The</strong> X Window System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216<br />
13.9.1 VNC Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217<br />
13.9.2 X Server on workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217<br />
13.<strong>10</strong> Centralizing home directories <strong>for</strong> LDAP users . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220<br />
13.<strong>10</strong>.1 Recommendations <strong>for</strong> centralizing home directories . . . . . . . . . . . . . . . . . . . 220<br />
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . 223<br />
14.1 Using INDICATE and other commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223<br />
14.1.1 Using the INDICATE command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224<br />
14.1.2 Using other basic commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226<br />
14.2 <strong>The</strong> z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227<br />
14.2.1 Configuring the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228<br />
14.2.2 Configuring Web Browser support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229<br />
14.2.3 Configuring PERFS<strong>VM</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229<br />
14.2.4 Increasing the size of the MONDCSS DCSS . . . . . . . . . . . . . . . . . . . . . . . . . . 232<br />
14.2.5 Starting the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233<br />
14.2.6 Using the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233<br />
14.3 Monitoring Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236<br />
14.3.1 Monitoring Linux per<strong>for</strong>mance data from the kernel . . . . . . . . . . . . . . . . . . . . . 237<br />
Contents vii
14.4 Viewing Linux data in the Per<strong>for</strong>mance Toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238<br />
Appendix A. References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239<br />
A.1 Related books. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239<br />
A.2 Online resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240<br />
A.3 Important z/<strong>VM</strong> files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240<br />
A.4 Cheat sheets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241<br />
A.4.1 XEDIT cheat sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241<br />
A.4.2 vi cheat sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241<br />
Appendix B. Source code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243<br />
B.1 Obtaining and using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243<br />
B.2 z/<strong>VM</strong> REXX EXECs and XEDIT macros. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244<br />
B.2.1 <strong>The</strong> CPFORMAT EXEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244<br />
B.2.2 <strong>The</strong> CHPW6<strong>10</strong> XEDIT macro. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248<br />
B.2.3 PROFILE EXEC <strong>for</strong> Linux user IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251<br />
B.3 Linux code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252<br />
viii <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Preface<br />
“<strong>The</strong> search <strong>for</strong> truth is more precious than its possession.”<br />
— Albert Einstein<br />
This book describes how to roll your own Linux virtual servers on <strong>IBM</strong>® System z hardware<br />
under z/<strong>VM</strong>®. It adopts a cookbook <strong>for</strong>mat that provides a concise, repeatable set of<br />
procedures <strong>for</strong> installing and configuring z/<strong>VM</strong> in an LPAR and then installing and<br />
customizing Linux. You need an <strong>IBM</strong> System z logical partition (LPAR) with associated<br />
resources, z/<strong>VM</strong> 6.1 media, and a Linux distribution.<br />
This book assumes that you have a general familiarity with System z technology and<br />
terminology. It does not assume an in-depth understanding of z/<strong>VM</strong> and Linux. It is written <strong>for</strong><br />
those who want to get a quick start with z/<strong>VM</strong> and Linux on the mainframe.<br />
Chapters and Appendices<br />
<strong>The</strong> remaining chapters and appendices in this book are summarized in the following list:<br />
► Chapter 1, “Introduction to z/<strong>VM</strong> and Linux” on page 1 gives a brief introduction of the<br />
book.<br />
► Chapter 2, “Planning” on page 7 describes how to plan hardware, software and<br />
networking resources. It discusses DASD labeling conventions used in the book and<br />
password planning. Sample worksheets are provided <strong>for</strong> the examples used in the book,<br />
as are blank copies <strong>for</strong> your use.<br />
► Chapter 3, “Configuring a desktop machine” on page 19 describes how to set up<br />
Windows® desktops. Specifically, the following tools are discussed:<br />
– How to get and set up PuTTY: a commonly used SSH client<br />
– How to get and set up a VNC client: a tool <strong>for</strong> running graphical applications<br />
– 3270 emulator applications<br />
► Chapter 4, “Installing and configuring z/<strong>VM</strong>” on page 27 shows how to install and<br />
configure z/<strong>VM</strong>. This is where you roll up your sleeves and start to work.<br />
► Chapter 5, “Servicing z/<strong>VM</strong>” on page 71 describes how to apply service to z/<strong>VM</strong> both in<br />
the <strong>for</strong>m of Programming Temporary Fixes (PTFs) and Recommended Service Upgrades<br />
(RSUs).<br />
► Chapter 6, “Configuring an NFS/FTP server” on page 93, explains how to set up a<br />
temporary NFS server on a Linux PC <strong>for</strong> the purpose of installing the first two Linux<br />
images. After the cloner Linux is installed, you can copy the Linux install tree to it and<br />
retire the Linux PC server.<br />
► Chapter 7, “Installing RHEL 6 on the cloner” on page <strong>10</strong>1, describes how to install and<br />
configure two Linux images onto the first Linux user ID: the golden image, which it is<br />
cloned from, and the cloner, which does the cloning among other tasks.<br />
► Chapter 8, “Installing and configuring the golden image” on page 129, describes how to<br />
install and configure two Linux images onto the first Linux user ID: the golden image,<br />
which it is cloned from, and the cloner, which does the cloning among other tasks.<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. ix
► Chapter 9, “Configuring RHEL 6 <strong>for</strong> cloning” on page 145 explains how to prepare z/<strong>VM</strong><br />
user IDs and clone your first virtual server.<br />
► Chapter <strong>10</strong>, “Installing Linux with kickstart” on page 163, describes how to use Red Hat’s<br />
kickstart tool to create Linux systems. This is fundamentally different from cloning as this<br />
tool is a script <strong>for</strong> an automated install. You may try kickstart and you may also try cloning.<br />
Understand that they try to accomplish the same goal of being able to quickly get Linux<br />
systems up and running, and that you do not need to use both.<br />
► Chapter 11, “Cloning open source virtual servers” on page 169, shows how to configure<br />
cloned Linux images into the following appliances:<br />
– Web server virtual server<br />
– LDAP virtual server<br />
– File and print virtual server<br />
– Application development system<br />
► Chapter 12, “Servicing Linux with Red Hat Network” on page 187, describes how the Red<br />
Hat Network works. It provides centralized management and provisioning <strong>for</strong> multiple<br />
RHEL 6 systems.<br />
► Chapter 13, “Miscellaneous recipes” on page 191 describes how to add and extend logical<br />
volumes to Linux, and many other miscellanous tasks.<br />
► Chapter 14, “Monitoring and tuning z/<strong>VM</strong> and Linux” on page 223, describes basic steps<br />
to begin monitoring z/<strong>VM</strong> and your new Linux virtual servers.<br />
► Appendix A, “References” on page 239, provides references Web sites, books and other<br />
pertinent in<strong>for</strong>mation.<br />
► Appendix B, “Source code” on page 243 lists all the z/<strong>VM</strong> and Linux source code<br />
associated with this book.<br />
Summary of changes in November 20<strong>10</strong> version<br />
History<br />
<strong>The</strong>re are significant changes in this book:<br />
► <strong>The</strong> z/<strong>VM</strong> sections are updated <strong>for</strong> V6.1.<br />
► <strong>The</strong> Linux sections are updated <strong>for</strong> RHEL 6.<br />
► <strong>The</strong>re are new sections on how to order z/<strong>VM</strong> electronically, and how to make the z/<strong>VM</strong><br />
product files available <strong>for</strong> installation from an FTP server. See sections 4.1.1, “Obtaining<br />
z/<strong>VM</strong> through electronic download” on page 28 and 6.5, “Configuring an FTP server <strong>for</strong><br />
z/<strong>VM</strong> installation” on page 98.<br />
► Chapter 5, “Servicing z/<strong>VM</strong>” on page 71 has been updated to include in<strong>for</strong>mation on<br />
service <strong>for</strong> the new zEnterprise 196 - see section 5.2, “PTFs <strong>for</strong> the zEnterprise 196” on<br />
page 79.<br />
► Section 13.4, “Adding SCSI/FCP disks” on page 200 is new.<br />
► Section 13.6, “Setting up Memory Hotplugging” on page 208 is new.<br />
► Section 13.7, “Utilizing the cpuplugd service” on page 2<strong>10</strong> is new.<br />
► Section 13.8, “Hardware cryptographic support <strong>for</strong> OpenSSH” on page 213 is new.<br />
<strong>The</strong>re are quite a number of copies of <strong>Virtualization</strong> <strong>Cookbook</strong>s, so a short history follows.<br />
x <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Conventions<br />
20<strong>10</strong><br />
In November 20<strong>10</strong>, this book was published targeting Red Hat’s RHEL 6 distribution, with the<br />
changes listed just above.<br />
2008<br />
In August 2008, an <strong>IBM</strong> Redbook was published targeting Red Hat’s RHEL 5.2 distribution:<br />
► z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z: <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 5.2, SG24-7492<br />
http://www.redbooks.ibm.com/abstracts/sg247272.html<br />
2007<br />
In March 2007, two books were published on http://linuxvm.org/present, each book<br />
targeting a different distribution:<br />
► z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z: <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> <strong>SLES</strong> <strong>10</strong><br />
► z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z: <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 5<br />
2006<br />
In September 2006 an <strong>IBM</strong> Redbook was published that addressed both 31-bit and 64-bit<br />
RHEL 4:<br />
► <strong>IBM</strong> z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z: <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> Red Hat Enterprise<br />
Linux 4, SG24-7272 on the Web at:<br />
http://www.redbooks.ibm.com/abstracts/sg247272.html?Open<br />
<strong>The</strong> following font conventions are used in this book:<br />
Monospace and bold Commands entered by the user on the command line<br />
Values inside angle brackets are examples and are to be replaced<br />
with values correct <strong>for</strong> your enterprise.<br />
monospace File, directories, user ID and minidisk names<br />
<strong>The</strong> following command conventions are used in this book:<br />
► z/<strong>VM</strong> commands are prefixed with ==><br />
► z/<strong>VM</strong> XEDIT subcommands are prefixed with ====><br />
► Linux commands running as root are prefixed with #<br />
► Linux commands running as non-root are usually prefixed with $<br />
<strong>The</strong> team that wrote this book<br />
Special thanks<br />
This book was updated <strong>for</strong> z/<strong>VM</strong> 6.1 and RHEL 6 by Brad Hinson of Red Hat and Michael<br />
MacIsaac of <strong>IBM</strong> in late 20<strong>10</strong>.<br />
Sincere thanks goes out to the following people who contributed to this project in many<br />
different ways:<br />
Preface xi
Sue Baloga, Bill Bitner, Carol Everitt, George Madl, Tami Zebrowski-Darrow<br />
<strong>IBM</strong> Endicott<br />
Roy Costa, Eileen Digan, Lydia Parziale<br />
<strong>IBM</strong> Poughkeepsie<br />
Dr. Manfred Gnirss, Steffen Maier, Hans-Joachim Picht<br />
<strong>IBM</strong> Boeblingen<br />
Marian Gasparovic<br />
<strong>IBM</strong> Slovakia<br />
David Boyes<br />
Sine Nomine<br />
Jeremy Agee, Justin Payne<br />
Red Hat in Raleigh NC<br />
Thanks to many others in <strong>IBM</strong> Poughkeepsie and to the many who answered questions on<br />
the linux-390 and <strong>IBM</strong><strong>VM</strong> list servers.<br />
Comments welcome<br />
Your comments are important to us. We want our books to be as helpful as possible. Send<br />
your comments directly to the authors:<br />
bhinson at redhat.com<br />
mikemac at us.ibm.com<br />
xii <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 1. Introduction to z/<strong>VM</strong> and Linux<br />
“Everything should be made as simple as possible, but not simpler.”<br />
— Albert Einstein<br />
1<br />
<strong>Virtualization</strong> is hot in the IT industry. <strong>The</strong> <strong>IBM</strong> mainframe, z/<strong>VM</strong> and its predecessors have<br />
been doing virtualization <strong>for</strong> four different decades. Today, it is the most functionally rich<br />
virtualization plat<strong>for</strong>m available. When Linux came to the <strong>IBM</strong> mainframe in 2000, it was a<br />
natural fit to run under z/<strong>VM</strong>. You can run many tens of Linux images on the same System z<br />
logical partition (LPAR). Some customers are running hundreds in production mode.<br />
With a z/<strong>VM</strong> and Linux infrastructure, you can reduce the time between deciding on the<br />
acquisition of new servers and then implementing them because new servers can be<br />
deployed in a matter of minutes. This powerful build and clone capability can enable you to<br />
launch new products and services without the exhaustive planning, purchasing, installing and<br />
configuring new hardware and software that can be associated with conventional discrete<br />
hardware servers. Development groups who need test environments built and rebuilt rapidly<br />
to enable them to efficiently deliver their projects, handling change management in the<br />
process can also benefit from this unique advantage.<br />
Some of the mainframe’s and z/<strong>VM</strong>’s best strengths are:<br />
► <strong>The</strong>ir virtualization capabilities are more mature and robust than any other hardware and<br />
hypervisor combination.<br />
► z/<strong>VM</strong> provides a rich, functional and sophisticated level of systems management which<br />
can greatly benefit running large numbers of Linux servers.<br />
► z/<strong>VM</strong>’s virtual switch (VSWITCH) makes networking Linux much simpler.<br />
► Full volume backup of systems allows <strong>for</strong> complete disaster recovery when another data<br />
center is available.<br />
► z/<strong>VM</strong> is one of the easiest operating systems to customize at the base installation level.<br />
<strong>The</strong>re is only a relatively small number of configuration files. Properly set up, z/<strong>VM</strong> can run<br />
<strong>for</strong> months with little maintenance or administration required.<br />
Much function has been added to z/<strong>VM</strong> since version 5.2. Following is a brief summary of the<br />
function added in the last three releases.<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 1
z/<strong>VM</strong> 6.1<br />
z/<strong>VM</strong> 6.1, available in October of 2009 is intended to be the base <strong>for</strong> all future z/<strong>VM</strong><br />
enhancements. This release implements a new Architecture Level Set (ALS) available only<br />
on the <strong>IBM</strong> System z<strong>10</strong> Enterprise Class server and System z<strong>10</strong> Business Class server and<br />
future generations of System z® servers. Requiring z<strong>10</strong> technology or later allows z/<strong>VM</strong> to<br />
take advantage of newer hardware technology <strong>for</strong> future exploitation.<br />
Enhancements in z/<strong>VM</strong> V6.1 provide:<br />
► Enhanced per<strong>for</strong>mance of virtual networking environments running heavy guest-to-guest<br />
streaming workloads<br />
► Faster access to data when utilizing FICON Express8<br />
► Closer integration with <strong>IBM</strong> Systems Director to eliminate the need to download agents<br />
and help simplify the installation of those agents<br />
► Significantly better and more highly secure guest transactions when using Crypto<br />
Express3 as compared to Crypto Express2<br />
► Guest support <strong>for</strong> <strong>IBM</strong> System Storage DS8000 Extended Address Volumes (EAVs) to<br />
help simplify storage management and relieve address constraints<br />
Read more about System z virtualization capabilities on the Web at:<br />
http://www.vm.ibm.com<br />
z/<strong>VM</strong> 5.4<br />
z/<strong>VM</strong> 5.4, available in August of 2008, provides major improvements when operating on<br />
System z servers with large memory configurations. It improves scalability and can help<br />
support increased workloads on <strong>IBM</strong> System z servers. This release exploits new capabilities<br />
of the System z<strong>10</strong> including:<br />
► Greater flexibility, with support <strong>for</strong> the new z/<strong>VM</strong>-mode logical partitions, allowing all<br />
System z processor-types (CPs, IFLs, zIIPs, zAAPs, and ICFs) to be defined in the same<br />
z/<strong>VM</strong> LPAR <strong>for</strong> use by various guest operating systems<br />
► Capability to install Linux on System z from the HMC that eliminates network setup or a<br />
connection between an LPAR and the HMC<br />
► Enhanced physical connectivity by exploiting all OSA-Express3 ports, helping service the<br />
network and reducing the number of required resources<br />
z/<strong>VM</strong> 5.4 dynamic memory upgrade support allows real memory to be added to a running<br />
z/<strong>VM</strong> system, avoiding the need to shut down z/<strong>VM</strong> and its guests, deactivate the LPAR,<br />
change its memory allocation, reactivate the LPAR, re-IPL z/<strong>VM</strong>, and restart its guests.<br />
Memory can be added non-disruptively to individual guests that support the dynamic memory<br />
reconfiguration architecture.<br />
Read more about System z virtualization capabilities on the Web at:<br />
http://www.vm.ibm.com<br />
z/<strong>VM</strong> 5.3<br />
z/<strong>VM</strong> 5.3 became generally available in June of 2007. Scalability was extended to allow<br />
256GB of real memory, a total of 8TB of virtual storage, and 32 real processors. z/<strong>VM</strong> V5.3<br />
also added support <strong>for</strong> the Collaborative Memory Management Assist (CMMA) on the z9<br />
EC and the z9 BC processors or later. Virtual Machine Resource Manager (<strong>VM</strong>RM) detects<br />
when memory is constrained and notifies the Linux guests, which can then adjust their<br />
memory consumption to help relieve the memory constraint. In the previous major release,<br />
z/<strong>VM</strong> 5.2, many memory contention issues were removed with the Control Program (CP) now<br />
2 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
using memory above 2 GB <strong>for</strong> a much broader set of operations. Previously, guest pages had<br />
to be moved below 2GB <strong>for</strong> many reasons, <strong>for</strong> example in both standard I/O and Queued<br />
Direct I/O (QDIO). Now I/O can be done using buffers anywhere in real memory, and QDIO<br />
structures can reside above 2 GB, as can most CP control blocks. <strong>The</strong>se improvements offer<br />
constraint relief <strong>for</strong> large-real-memory virtual server environments that are memory intensive<br />
1.1 What is virtualization?<br />
<strong>Virtualization</strong> is the ability <strong>for</strong> a computer system to share resources so that one physical<br />
server can act as many virtual servers. z/<strong>VM</strong> allows the sharing of the mainframe’s physical<br />
resources such as disk (DASD), memory (sometimes called storage), network adapters (OSA<br />
cards) and CPU (CPs or IFLs). <strong>The</strong>se resources are managed by a hypervisor. z/<strong>VM</strong>'s<br />
hypervisor is called Control Program (CP). When the user logs onto z/<strong>VM</strong>, the hypervisor<br />
creates a virtual machine which can run one of many different operating systems. <strong>The</strong> two<br />
operating systems that are discussed in this book are the z/<strong>VM</strong> native one, the<br />
Conversational Monitoring System (CMS which can be thought of as a z/<strong>VM</strong> shell.) and<br />
Linux. Virtual machines running Linux as guests of a z/<strong>VM</strong> host become the virtual servers.<br />
1.2 A philosophy adopted in this book<br />
An important philosophy adopted in this book is to keep all solutions simple. Two common<br />
expressions used are “the KISS method” (Keep It Simple, Stupid) and the quote from Albert<br />
Einstein at the start of this chapter: Everything should be made as simple as possible, but not<br />
simpler. This book will use the latter, in an aim to use the same clear and insightful<br />
presentation.<br />
A lot of books and papers are talking about virtualization today, but not telling you how to do<br />
it. <strong>The</strong> remainder of this book gives you the HOWTO that backup these marketing words.<br />
1.3 Choices and decisions made in this book<br />
When deciding on installing, maintaining and provisioning (cloning) Linux virtual servers<br />
under z/<strong>VM</strong>, there are many basic choices to make. Here are some of the choices and<br />
assumptions made in this book:<br />
► Use of a Cloning product versus “roll your own” cloning: Cloning products, such as<br />
Aduva’s Onstage, Mainstar’s Provisioning Expert, <strong>IBM</strong> Tivoli® Provisioning Manager and<br />
<strong>IBM</strong> Systems Director, are outside the scope of this book. While these are all viable<br />
solutions, the cloning described in this book allows you to roll your own Linux images<br />
without requiring such products. However, these products are more sophisticated than the<br />
simple clone script and z/<strong>VM</strong> configuration described in this book.<br />
► Directory Maintenance product versus the USER DIRECT file: <strong>The</strong> USER DIRECT file is chosen<br />
over a directory maintenance product such as <strong>IBM</strong> DirMaint or CA’s <strong>VM</strong>:Direct. If you<br />
feel that DirMaint as a directory maintenance product is better <strong>for</strong> your enterprise, you can<br />
use the book Getting Started With Linux, SC24-6096, to configure z/<strong>VM</strong>, and can still use<br />
this book to configure Linux.<br />
► Provisioning versus predefined user IDs: z/<strong>VM</strong> user IDs must be predefined to clone.<br />
<strong>The</strong>re is no attempt to provision them (define and bring Linux user IDs online<br />
automatically) as part of the cloning process. <strong>The</strong> target Linux user ID must exist with the<br />
appropriate minidisks defined.<br />
Chapter 1. Introduction to z/<strong>VM</strong> and Linux 3
► Shared read-only Linux /usr/ file system versus read-write: Some cloning solutions use<br />
an environment which shares the /usr/ file system. This choice often makes the solution<br />
more complex, especially when adding software to the virtual servers. A read-write /usr/<br />
file system on the virtual servers is chosen to keep things as simple as possible.<br />
► Conventional 3390 ECKD DASD versus FBA disks accessed with SCSI over FCP: <strong>The</strong><br />
System z server has traditionally only supported 3390 DASD. Support has been extended<br />
to include SCSI/FBA disks in storage area networks (SANs). <strong>The</strong> support of FBA disks is<br />
slightly more complicated than conventional DASD. In keeping things as simple as<br />
possible, only conventional DASD is described in this book.<br />
► Cloning script or EXEC versus manual installation: Two methods of cloning are described:<br />
manually and with a Linux bash script. <strong>The</strong> manual method is described so will better learn<br />
the concepts. <strong>The</strong> Linux script is provided so you can save time.<br />
1.4 Infrastructure design<br />
To install and configure z/<strong>VM</strong>, install, configure and clone Linux, or provision virtual servers,<br />
there must be a certain infrastructure design in place. A System z server with associated<br />
resources and the z/<strong>VM</strong> operating system define much of this infrastructure. Figure 1-1 on<br />
page 4 shows a block diagram of a System z<strong>10</strong> with multiple LPARs. z/<strong>VM</strong> 5.4 is installed in<br />
one of these LPARs. z/<strong>VM</strong> comes with many user IDs predefined. <strong>The</strong> most important six IDs<br />
are shown in the z/<strong>VM</strong> LPAR above the dashed line. Below the dashed line, you see the user<br />
IDs described in this book.<br />
Figure 1-1 System infrastructure and z/<strong>VM</strong> user IDs<br />
<strong>The</strong> user IDs that are described in this book have the following functions:<br />
► LNXMAINT: A user ID on which to store files that will be used by both CMS and Linux<br />
4 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► RH6CLONE: <strong>The</strong> cloner that does the cloning. It also serves as the Linux install server,<br />
and has other functions.<br />
► LINUX01-04: <strong>The</strong> user IDs that will be cloned to. Each virtual server is configured with a<br />
two 3390-3 minidisks to allow <strong>for</strong> slightly more than 4 GB of space.<br />
► RH6GOLD: <strong>The</strong> RHEL 6 golden image. This is the Linux system that is cloned.<br />
1.5 Usability tests per<strong>for</strong>med <strong>for</strong> this book<br />
During the writing of this book, many usability tests were conducted. <strong>The</strong> participants had a<br />
variety of skills, but none had both Linux and z/<strong>VM</strong> system administration skills. By the end of<br />
the first day in all of the <strong>for</strong>mal tests, most participants had all completed up to and including<br />
Chapter 5, “Servicing z/<strong>VM</strong>” on page 71, so z/<strong>VM</strong> was installed, serviced and customized <strong>for</strong><br />
TCP/IP communications with a highly available VSWITCH. By the end of the second day,<br />
most participants had cloned their first Linux virtual server. You should be able to complete<br />
most steps in the book in four solid days of work, if all goes well and you work hard.<br />
Chapter 1. Introduction to z/<strong>VM</strong> and Linux 5
6 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 2. Planning<br />
“<strong>The</strong> only reason <strong>for</strong> time is so that everything doesn’t happen at once.”<br />
— Albert Einstein<br />
This chapter covers the planning that should be done be<strong>for</strong>e installing z/<strong>VM</strong>. It begins by<br />
discussing a bill of materials, or all the resources that you need. <strong>The</strong>n it describes<br />
conventions adopted <strong>for</strong> labeling 3390 volumes. Finally resource worksheets are presented<br />
<strong>for</strong>:<br />
► z/<strong>VM</strong> resources other than direct access storage device (DASD)<br />
► DASD resources<br />
► Linux resources<br />
► Linux user IDs<br />
2.1 Bill of materials<br />
<strong>The</strong> resources needed <strong>for</strong> a Linux on System z project can be divided into the following:<br />
► Hardware<br />
► Software<br />
► Networking<br />
2.1.1 Hardware resources<br />
<strong>The</strong> following hardware is needed:<br />
► A System z logical partition (LPAR); System z<strong>10</strong> or System z196<br />
– Processors or CPUs: One IFL (or CP) minimum, two or more are recommended<br />
– Memory: 3 GB central/1 GB expanded minimum, 6 GB/2 GB or more recommended.<br />
This 3:1 ratio of central to expanded storage is a good starting point <strong>for</strong> relatively small<br />
systems. See the following Web site <strong>for</strong> a discussion of how to apportion memory:<br />
http://www.vm.ibm.com/perf/tips/storconf.html<br />
2<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 7
– DASD: 27 3390-3s or 9 3390-9s at a minimum<br />
– Open Systems Adapter (OSA) network cards: One card minimum with 8 device<br />
numbers (technically 6, but OSA “triplets” usually start on an even address). Two OSA<br />
Express cards with eight device numbers on one and four on the other is<br />
recommended <strong>for</strong> high availability.<br />
► A network-attached computer that will act as an NFS server and possibly an FTP server<br />
with at least 6 GB of disk space Setting up a Linux PC or UNIX® server is described.<br />
If you only have access to a Windows machine, AllegroNFS has been suggested as an<br />
NFS server. See http://nfs<strong>for</strong>windows.com/home<br />
► A workstation or desktop that has network access to the mainframe<br />
2.1.2 Software resources<br />
<strong>The</strong> following software resources are needed:<br />
► z/<strong>VM</strong> 6.1 install media with documentation. <strong>The</strong> physical media of DVDs is described. In<br />
addtion, there are now sections describing how to use electronic delivery of z/<strong>VM</strong> utilizing<br />
an FTP server, such that physical media is not needed.<br />
► RHEL 6 Linux install media. If you do not have it, you can request a free 180-day<br />
evaluation copy at:<br />
http://www.redhat.com/z<br />
See section 6.3, “Setting up a RHEL 6 install tree” <strong>for</strong> details.<br />
► An operating system <strong>for</strong> the NFS server<br />
► <strong>The</strong> code associated with this book - on the Web at:<br />
ftp://www.redbooks.ibm.com/redbooks/SG247932/SG247932.tgz<br />
► Tools on the workstation and desktop:<br />
– A 3270 Emulator such as Attachmate Extra, Hummingbird Host Explorer, or <strong>IBM</strong><br />
Personal Communications <strong>for</strong> Windows desktops<br />
– A Linux SSH client such as PuTTY (recommended) or TeraTerm<br />
– A VNC viewer<br />
<strong>The</strong>se resources are described in more detail in the chapters that follow.<br />
2.1.3 Networking resources<br />
<strong>The</strong> following network resources are needed:<br />
► A TCP/IP address <strong>for</strong> z/<strong>VM</strong><br />
► One TCP/IP address <strong>for</strong> each Linux virtual server<br />
► Associated TCP/IP in<strong>for</strong>mation:<br />
– DNS host name<br />
– DNS domain<br />
– DNS server TCP/IP address<br />
– TCP/IP gateway<br />
– TCP/IP subnet mask<br />
– TCP/IP broadcast address (usually calculated from address and subnet mask)<br />
– TCP/IP MTU size<br />
8 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
<strong>The</strong> TCP/IP addresses must be routed to the OSA card(s).<br />
2.2 z/<strong>VM</strong> conventions<br />
It is good to use conventions so that you and others can recognize z/<strong>VM</strong> resources by their<br />
names. This section discusses conventions <strong>for</strong> DASD volume names and backup file names.<br />
2.2.1 Volume labeling convention<br />
You should have a convention <strong>for</strong> labeling DASD. Your shop may already have a labeling<br />
convention which will largely determine the labels to be given to the DASD used by your z/<strong>VM</strong><br />
and Linux LPAR.<br />
Each System z DASD is addressed with a device number consisting of four hexadecimal<br />
digits. Each System z DASD has a six character label. It is convenient to include the four-digit<br />
address in the label so that you can easily tell the address of each DASD from its label. When<br />
followed, this convention guarantees that no two DASDs will have the same label. This can<br />
be an important issue especially when z/OS® has access to the DASD.<br />
Sometimes DASD is shared among LPARs in which case your z/<strong>VM</strong> LPAR can see DASD<br />
owned by other LPARs. In this situation, it is convenient to identify the LPAR that owns the<br />
DASD. <strong>The</strong>re<strong>for</strong>e the volume labeling convention used in this book identifies the LPAR with<br />
the first character. That leaves the second character in the label to identify the basic function<br />
of the DASD.<br />
<strong>The</strong> LPAR used in this book is identified by the character M. <strong>The</strong> following characters are<br />
used <strong>for</strong> the types of DASD in the second character of the label:<br />
M Minidisk space (PERM)<br />
P Paging space (PAGE)<br />
S Spool space (SPOL)<br />
T Temporary disk space (TDISK)<br />
V z/<strong>VM</strong> operating system volumes<br />
For example, Figure 2-1 shows the labeling convention <strong>for</strong> the DASD in LPAR M, of type<br />
minidisk at real address A700.<br />
M M<br />
A 7 0 0<br />
Real address<br />
DASD type - Minidisk or PERM space<br />
LPAR identifier<br />
Figure 2-1 DASD labeling convention<br />
<strong>The</strong> letter M is hard-coded into REXX EXECs that adopt this convention. If you want a<br />
different LPAR identifier character, they can easily be changed (search <strong>for</strong> the firstChar<br />
variable).<br />
Chapter 2. Planning 9
2.2.2 Backup file naming convention<br />
It is recommend that you keep copies of important z/<strong>VM</strong> and Linux configuration files. You<br />
should always keep copies of original configuration files in case you need to go back to them.<br />
Since z/<strong>VM</strong> file names are limited to 16 characters (eight <strong>for</strong> the file name and eight <strong>for</strong> the file<br />
type), only the last four characters of the file type are used. This often requires some<br />
characters to be overwritten. For the original file, the suffix ORIG is used, and <strong>for</strong> the most<br />
recent working copy, the suffix WRKS (<strong>for</strong> “it WoRKS”!) is used. For example, the original USER<br />
DIRECT file is copied to the file USER DIREORIG be<strong>for</strong>e it is modified the first time.<br />
2.2.3 <strong>The</strong> command retrieve convention<br />
2.3 Disk planning<br />
<strong>The</strong> ability to retrieve past commands is a common tool. Often it is nice to retrieve in both<br />
directions in case you “pass” the command you’re looking <strong>for</strong>. <strong>The</strong> default Linux shell, bash,<br />
does this by default with the up arrow and down arrow keys.<br />
<strong>The</strong>re is a convention in z/<strong>VM</strong> to use the F12 function key (labeled PF12 on physical 3270<br />
devices) to retrieve the last command, though it is not defined to all user IDs. <strong>The</strong>re is no<br />
convention retrieve commands in the other direction but it is possible to set another key to<br />
that function. <strong>The</strong>re<strong>for</strong>e, F11 is used to retrieve <strong>for</strong>ward since it is right next to F12. Also, the<br />
same function is useful in the editor, XEDIT. <strong>The</strong> ? subcommand retrieves past commands, so<br />
it is recommended that you assign it to F12.<br />
<strong>The</strong>re are different aspects to consider when planning how to choose and allocate disk<br />
storage. Some aspects include the following<br />
► Conventional ECKD DASD vs. FBA disks over SCSI/FCP<br />
► 3390-3s vs. 3390-9s or large disk support<br />
► Amount of disk storage per Linux image and how to allocate file systems<br />
DASD vs. SCSI/FCP<br />
This book describes how to use conventional ECKD DASD and does not discuss FBA disks<br />
accessed over SCSI/FCP. This is not because either technology is superior, but simply<br />
because DASD seems to be much more common than SCSI/FCP disks. If you were to use<br />
SCSI/FCP disks, cloning with the clone.sh script would have to be modified to account <strong>for</strong><br />
World Wide Port Names and Numbers. Sometimes a combination of these two types of disk<br />
storage is used - when that is the case the ECKD emulated DASD is often used <strong>for</strong> the root<br />
file system and SCSI/FCP disks are used <strong>for</strong> large data storage areas.<br />
3390-3s vs. 3390-9s<br />
Emulated 3390-3s <strong>for</strong>mat to about 2.3GB, while 3390-9s are three times the size or about<br />
6.8GB. Either size will work, though 3390-3s have been recommended over 3390-9s by some<br />
per<strong>for</strong>mance analysts. This book describes mainly using 3390-3s, however, comments are<br />
added where using 3390-9s differs - especially with installing z/<strong>VM</strong>.<br />
Disk storage per Linux image<br />
Disk storage has the following characteristics<br />
<strong>10</strong> <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► This version of the book now recommends two 3390-3 DASD to create minidisks at virtual<br />
addresses <strong>10</strong>0 and <strong>10</strong>1. Previous versions only recommended a single minidisk at virtual<br />
address <strong>10</strong>0.<br />
► <strong>The</strong> root file system is on /dev/dasda1 with a recommended size of 384MB. It is not a<br />
logical volume so that if there are any problems with L<strong>VM</strong>, the system will still be able to<br />
boot.<br />
► Other file systems are on logical volumes that are part of single volume group with the<br />
following characteristics:<br />
Table 2-1 Recommended logical volume file systems and sizes<br />
Mount point Logical volume name Size<br />
/usr/ usr-lv 2 GB<br />
/var/ var-lv 512 MB<br />
/opt/ opt-lv 384 MB<br />
/tmp/ tmp-lv 384 MB<br />
This layout uses about 3.5 GB out of 4.5 GB of disk space. You could choose to use other<br />
disk sizes than 3338 cylinders (3390-3 minus cylinder 0). For example, if you chose to use<br />
3390-9s, you could give <strong>10</strong>0 and <strong>10</strong>1 each half of the volume, giving each Linux about 6.8 GB<br />
of disk space.<br />
Important: However you choose to layout the minidisks, it is important that the golden<br />
image and all target Linux user IDs have two minidisks of the same size at virtual<br />
addresses <strong>10</strong>0 and <strong>10</strong>1. <strong>The</strong>se assumptions are coded into the clone.sh script.<br />
2.4 Memory planning<br />
Planning memory may be the most difficult issue with z/<strong>VM</strong> and Linux on System z, yet the<br />
most important to ensure adequate per<strong>for</strong>mance. <strong>The</strong> simplest solution may appear to<br />
involve having enough central memory (storage) in the LPAR so that z/<strong>VM</strong> never pages and<br />
Linux never swaps. However, such resource is often not be realistically available. A good rule<br />
of thumb is to allocate memory on a just enough basis <strong>for</strong> each Linux server. A good starting<br />
point is to set a virtual machine size by changing the memory allocation value at just over the<br />
value at which the guest starts to swap at the Linux system level when under normal loading.<br />
If some level of sustained swapping is inevitable due to the nature of the workloads, then<br />
ensure virtual disks are used <strong>for</strong> the swap media.<br />
An understanding of memory planning is recommended, here are some resources that cover<br />
this important topic:<br />
► <strong>The</strong> Redbook Linux on <strong>IBM</strong> System z: Per<strong>for</strong>mance Measurement and Tuning,<br />
SG24-6926-01, 2008, on the Web at:<br />
http://www.redbooks.ibm.com/redpieces/abstracts/sg246926.html?Open<br />
► <strong>The</strong> <strong>IBM</strong> z/<strong>VM</strong> Per<strong>for</strong>mance Resource pages in general, on the Web at:<br />
http://www.vm.ibm.com/perf/<br />
► <strong>The</strong> <strong>IBM</strong> z/<strong>VM</strong> page specifically discussing memory allocation:<br />
http://www.vm.ibm.com/perf/tips/storconf.html<br />
Chapter 2. Planning 11
One rule that can be recommended is to only have as few virtual machines logged on (or<br />
disconnected) as possible to handle the workload being presented. Every virtual machine that<br />
is not required should be logged off where appropriate, as this will mean more memory <strong>for</strong> the<br />
other virtual servers which remain running.<br />
2.5 Password planning<br />
Good passwords are critical to good security. However, requiring many different passwords<br />
generally leads to people writing them down, which clearly detracts from good security.<br />
Sometimes it is difficult to balance these two extremes.<br />
This book considers different system administration roles:<br />
► <strong>The</strong> z/<strong>VM</strong> system administrator<br />
► <strong>The</strong> Linux system administrator<br />
► <strong>The</strong> Linux virtual server end users<br />
<strong>The</strong> z/<strong>VM</strong> and Linux system administrator may be the same person.<br />
<strong>The</strong> method of backing up z/<strong>VM</strong> data onto the Linux cloner means that the Linux<br />
administrator will have access to all z/<strong>VM</strong> passwords. <strong>The</strong>re<strong>for</strong>e, the examples in this book<br />
set all z/<strong>VM</strong> and Linux system administration passwords to the same value, lnx4vm. If the<br />
z/<strong>VM</strong> and Linux system administrator roles must be kept separate and the Linux administrator<br />
is not to have access to the z/<strong>VM</strong> passwords, then a different method of backing up z/<strong>VM</strong><br />
data must be chosen.<br />
You may want to define a finer granularity <strong>for</strong> passwords based on the following system<br />
administration roles:<br />
► <strong>The</strong> main z/<strong>VM</strong> system administrator (MAINT)<br />
► <strong>The</strong> z/<strong>VM</strong> network administrator (TCPMAINT)<br />
► <strong>The</strong> z/<strong>VM</strong> Linux administrator (LNXMAINT, Linux cloner, Linux virtual server user IDs)<br />
► <strong>The</strong> Linux virtual server end users (with or without access to 3270 sessions, with or<br />
without the root passwords)<br />
<strong>The</strong> sets of passwords that you define will depend on the roles that your organization will<br />
adopt.<br />
12 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
2.6 Planning worksheets<br />
Four worksheets are included in this section. <strong>The</strong>y are populated with the resources used in<br />
writing this book. <strong>The</strong>re are also four corresponding blank worksheets in 2.7, “Blank<br />
worksheets” on page 16.<br />
2.6.1 z/<strong>VM</strong> resources used in this book<br />
Table 2-2 lists the z/<strong>VM</strong> resource values used in the examples in this book. You can use<br />
these values as a reference <strong>for</strong> completing the blank worksheets that follow.<br />
Table 2-2 z/<strong>VM</strong> resources worksheet<br />
Name Value Comment<br />
LPAR name L<strong>VM</strong>2 16 GB central storage/2 GB expanded, <strong>10</strong><br />
shared IFLs<br />
CPC name H15C Name of CPC on which the LPAR is located<br />
z/<strong>VM</strong> system name POKSND61 Name to be assigned to z/<strong>VM</strong> system<br />
TCP/IP host name gpok249 Assigned by a network administrator; helpful<br />
to set in DNS be<strong>for</strong>ehand, but not necessary<br />
TCP/IP domain name endicott.ibm.com Helpful to set in DNS be<strong>for</strong>ehand<br />
TCP/IP gateway 9.60.18.129 <strong>The</strong> router to and from the local subnet<br />
DNS server 1 9.0.2.11 Assigned by the network administrator<br />
DNS server 2/3 (optional) 9.0.3.1 Not used<br />
OSA device name eth0 Name of the interface to be assigned by<br />
IPWIZARD<br />
OSA starting device<br />
number<br />
B420 Start of OSA triplet <strong>for</strong> the z/<strong>VM</strong> TCP/IP<br />
stack<br />
TCP/IP address 9.60.18.249 <strong>The</strong> TCP/IP address of the z/<strong>VM</strong> system<br />
Subnet mask 255.255.255.128 Assigned by network administrator<br />
OSA device type QDIO Often “QDIO” <strong>for</strong> OSA/Express cards<br />
Network type Ethernet Usually “Ethernet”<br />
Port name (optional) Not required by z/<strong>VM</strong><br />
Router type None Usually “None”<br />
MTU size 1500 Check with network administrator<br />
Primary OSA device<br />
number <strong>for</strong> VSWITCH<br />
Secondary OSA device<br />
number <strong>for</strong> VSWITCH<br />
B440 Specify the first device number (must be<br />
even number) and the next two device<br />
numbers will also be used<br />
B424 Should be on a different CHPID/OSA card<br />
Chapter 2. Planning 13
2.6.2 z/<strong>VM</strong> DASD used in this book<br />
Table 2-3 lists the z/<strong>VM</strong> DASD resource values used in the examples in this book.<br />
Table 2-3 z/<strong>VM</strong> DASD used in this book<br />
Device<br />
number<br />
2.6.3 Linux resources used in this book<br />
Table 2-4 lists the Linux PC NFS server resources used <strong>for</strong> the first System z Linux install:<br />
Table 2-4 Linux NFS server resources used in this book<br />
14 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6<br />
Label Type Notes<br />
6280 6<strong>10</strong>RES CP owned z/<strong>VM</strong> system residence volume<br />
6281 UV6281 CP owned z/<strong>VM</strong> spool volume 1<br />
6282 UV6282 CP owned z/<strong>VM</strong> paging volume 1<br />
6283 UV6283 CP owned z/<strong>VM</strong> first work volume<br />
6284 UV6284 CP owned z/<strong>VM</strong> second work volume<br />
6285 UP6285 CP owned Paging volume 2<br />
6286 UP6286 CP Owned Paging volume 3<br />
6287 UM6287 CP Owned Paging volume 4<br />
6289 UM6289 System (3390-3) LNXMAINT 191, LNXMAINT 192,<br />
6290 UM6290 System (3390-3) RH6CLONE <strong>10</strong>0<br />
6293 UM6293 System (3390-3) RH6CLONE <strong>10</strong>1<br />
6294 UM6294 System (3390-3) RH6CLONE <strong>10</strong>2<br />
63A2 UM63A2 System (3390-9) RH6GOLD <strong>10</strong>0<br />
63A9 UM63A9 System (3390-9) RH6GOLD <strong>10</strong>1, LINUX01 <strong>10</strong>0 and <strong>10</strong>1<br />
63AA UM63AA System (3390-9) LINUX02 <strong>10</strong>0 and <strong>10</strong>1, LINUX03 <strong>10</strong>0<br />
63AB UM3F09 System (3390-9) LINUX03 <strong>10</strong>1, LINUX04 <strong>10</strong>0 and <strong>10</strong>1<br />
6339 UM6339 System (3390-3) For adding logical volumes<br />
6360 UM6360 System (3390-3) For extending logical volumes<br />
Name Value Comment<br />
TCP/IP address 9.60.18.240<br />
User/password root/lnx4vm<br />
NFS-exported install directory /nfs/rhel6/ Directory with DVD 1
Table 2-5 lists the Linux resources used in the examples in this book.<br />
Table 2-5 Linux resources used in this book<br />
Name Value Comment<br />
Linux root password lnx4vm<br />
TCP/IP gateway 9.60.18.129 Obtain from network administrator<br />
Subnet mask 255.255.255.128 Obtain from network administrator<br />
DNS server 9.0.2.11, 9.0.3.1 Obtain from network administrator<br />
VNC installation password 12345678 Must be 8 characters<br />
2.6.4 Linux user IDs used in this book<br />
Table 2-6 lists the z/<strong>VM</strong> user IDs <strong>for</strong> Linux used in the examples in this book.<br />
Table 2-6 Linux user ID used in this book<br />
User ID IP address DNS name Notes<br />
RH6GOLD 9.60.18.222 gpok222.endicott.ibm.com RHEL 6golden image<br />
RH6CLONE 9.60.18.223 gpok223.endicott.ibm.com <strong>The</strong> cloner<br />
LINUX01 9.60.18.224 gpok224.endicott.ibm.com A Web virtual server<br />
LINUX02 9.60.18.225 gpok246.endicott.ibm.com An LDAP virtual server<br />
LINUX03 9.60.18.226 gpok247.endicott.ibm.com A file and print virtual server<br />
LINUX04 9.60.18.227 gpok248.endicott.ibm.com An application development server<br />
Chapter 2. Planning 15
2.7 Blank worksheets<br />
Blank copies of the same four worksheets are provided <strong>for</strong> your use.<br />
2.7.1 z/<strong>VM</strong> resources worksheet<br />
Use the worksheet in Table 2-7 to document the z/<strong>VM</strong> resources that you will use.<br />
Table 2-7 z/<strong>VM</strong> resources blank worksheet<br />
Name Value Comment<br />
LPAR name<br />
CPC name<br />
System name<br />
TCP/IP host name<br />
TCP/IP domain name<br />
TCP/IP gateway<br />
DNS server 1<br />
DNS server 2/3 (optional)<br />
OSA device name Often “eth0”<br />
OSA starting device number<br />
TCP/IP address<br />
Subnet mask<br />
OSA device type Often “QDIO”<br />
Network Type Often “Ethernet<br />
Port name (optional)<br />
Router Type Often “None”<br />
Primary OSA device number<br />
<strong>for</strong> VSWITCH<br />
Secondary OSA device<br />
number <strong>for</strong> VSWITCH<br />
16 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6<br />
Should be on a different<br />
CHPID/OSA card than primary
2.7.2 z/<strong>VM</strong> DASD worksheet<br />
Use the worksheet in Table 2-8 to document the z/<strong>VM</strong> DASD that you will use.<br />
Table 2-8 z/<strong>VM</strong> DASD blank worksheet<br />
Device<br />
number<br />
Label Type Notes<br />
Chapter 2. Planning 17
2.7.3 Linux resources worksheet<br />
Use the worksheet in Table 2-<strong>10</strong> to document the resources associated with the NFS server<br />
that will be used to be the install source of the first System z Linux.<br />
Table 2-9 Linux NFS server resources blank worksheet<br />
Name Value Comment<br />
TCP/IP address<br />
User/password<br />
NFS-exported install directory<br />
Use the worksheet in Table 2-11 to document your System z Linux resources.<br />
Table 2-<strong>10</strong> Linux resources blank worksheet<br />
Name Value Comment<br />
Linux install password<br />
Linux root password<br />
Apache user ID and password<br />
Linux TCP/IP gateway<br />
Linux TCP/IP broadcast<br />
Linux DNS server<br />
VNC Installation password<br />
2.7.4 Linux user ID worksheet<br />
Use the worksheet in Table 2-11 to document the Linux user IDs that you will create.<br />
Table 2-11 Linux user ID blank worksheet<br />
Linux user ID IP address DNS name Notes<br />
18 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 3. Configuring a desktop machine<br />
“Technological progress is like an axe in the hands of a pathological criminal.”<br />
— Albert Einstein<br />
Many people use Microsoft® Windows as a desktop operating system. This chapter<br />
addresses the following tools that are recommended <strong>for</strong> accessing z/<strong>VM</strong> and Linux from a<br />
Windows desktop:<br />
► An SSH client: PuTTY is recommended<br />
► A VNC client: RealVNC is recommended<br />
► A 3270 emulator: Many choices are available<br />
3.1 PuTTY: a free SSH client <strong>for</strong> Windows<br />
3<br />
Throughout this book, SSH is used to log into Linux systems. It is easy to use and<br />
cryptographically secure. If you are using a Linux desktop system, an SSH client is built in.<br />
But if you are using a Windows desktop, you will need a good SSH client.<br />
PuTTY is probably the most commonly used. You can download PuTTY from the Web at:<br />
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html<br />
To download from this page, click on the putty.exe link <strong>for</strong> your architecture. Save the file in a<br />
directory path such as C:\WINNT. PuTTY is a stand-alone executable (no installation needed<br />
other than copying the file). You may also want to create a shortcut on your desktop or task<br />
bar.<br />
Open PuTTY and the configuration window shown in Figure 3-4 should open. If you spend a<br />
few minutes to configure PuTTY it may pay off in time savings. <strong>The</strong> examples shown below<br />
are using PuTTY Release 0.60.<br />
1. In the PuTTY Configuration window, in the left Category panel, click Session.<br />
2. Under the Connection Type heading on the top right, click the SSH radio button as shown<br />
in Figure 3-1. This specifies to use the SSH protocol.<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 19
Figure 3-1 PuTTY Configuration window<br />
3. Click on Logging in the left panel as shown in Figure 3-2.<br />
– Click the radio button Printable output in the Session logging radio group. This will<br />
allow you to go back and check on the output of certain commands.<br />
– Set the Log file name to &H&M&D&T.log so a timestamp will be in the file name.<br />
Figure 3-2 Setting logging<br />
4. In the left panel, click SSH near the bottom as shown in Figure 3-3.<br />
20 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
5. On the right side, under Preferred SSH protocol version, click the 2 only radio button.<br />
Figure 3-3 Setting SSH Protocol 2<br />
6. In the left Category panel, click Terminal as shown in Figure 3-4.<br />
7. Select the Use background colour to erase screen check box, which results in a better<br />
job of painting the screen <strong>for</strong> applications that uses curses (block graphics).<br />
Figure 3-4 Customizing PuTTY SSH settings (Part 1 of 4)<br />
8. Click Window in the left pane as shown in Figure 3-5.<br />
Chapter 3. Configuring a desktop machine 21
9. You may choose a larger screen size and more lines of scrollback. In this example, 50<br />
rows, <strong>10</strong>0 columns are and <strong>10</strong>00 lines of scrollback are set.<br />
Figure 3-5 Setting Window and scrollback size<br />
<strong>10</strong>.Click Session in the left pane as shown in Figure 3-6.<br />
11.Click Default Settings in the Saved Sessions pane, then click the Save button. This<br />
makes all future sessions that you define inherit the preferences you just set.<br />
Figure 3-6 Saving new default settings<br />
22 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Saving sessions<br />
To save sessions per<strong>for</strong>m the following steps. In this example a session <strong>for</strong> LINUX00, or the<br />
cloner, is saved<br />
Figure 3-7 Customizing PuTTY window settings (Part 4 of 4)<br />
Now to save a session <strong>for</strong> each virtual server, per<strong>for</strong>m the following:<br />
1. In the Host Name (or IP address) field, enter the TCP/IP address (or DNS name).<br />
2. Under Saved Sessions text area, choose a name that you will remember. In this example,<br />
the name LINUX00 (cloner) is used.<br />
3. Again click Save and you should see the name added to the Saved Session list.<br />
Now whenever you start PuTTY, you can simply double-click any saved session name,<br />
and an SSH session to the desired Linux system will be invoked.<br />
3.2 Setting up a VNC client<br />
A VNC client allows access to a graphical windowing environment with System z Linux.<br />
If you are using a Linux desktop you probably have, or at least have access to a VNC client,<br />
named vncviewer. It is part of the tightvnc package.<br />
3.2.1 Downloading and running RealVNC<br />
If you have a Windows desktop, the VNC client from RealVNC is a popular choice. You can<br />
purchase a full function RealVNC client, or there is a free version. <strong>The</strong> RealVNC home page<br />
is:<br />
http://www.realvnc.com<br />
<strong>The</strong> download page is:<br />
http://www.realvnc.com/download.html<br />
Chapter 3. Configuring a desktop machine 23
Click the Download and Use button. Fill out the Web <strong>for</strong>m and download the executable.<br />
When you have downloaded it, run it and an install program will start. At the time of writing of<br />
this book, RealVNC 4.1.2 was the current version.<br />
Accept all defaults, however, you probably do not need a VNC server on your desktop. So<br />
you can deselect VNC Server from the Select Components panel as shown in Figure 3-8.<br />
Figure 3-8 RealVNC Select Components panel<br />
Complete the screens and the installation process should go quickly.<br />
3.3 3270 emulators<br />
To access a logon session with z/<strong>VM</strong>, it is common to use a 3270 emulator that runs on<br />
Windows. Many commercial products are available. Some of the more common ones are:<br />
► Attachmate Extra!<br />
► Hummingbird Host Explorer<br />
► <strong>IBM</strong> Personal Communications<br />
► Quick3270<br />
► others ...<br />
It is beyond the scope of this book to explain the details of configuring all the various<br />
emulators. However, it is recommended that you investigate the following settings <strong>for</strong> your<br />
emulator:<br />
► Set the Enter and Clear function keys to be where you would expect them. On some<br />
emulators, the default Enter key action is set to the right Ctrl key of modern keyboards.<br />
Likewise the Clear key action is sometimes set to the Esc key in the upper left corner of<br />
modern keyboards or the Pause key in the upper right.<br />
► Set a larger screen. Often the default number of lines in an emulator session is 24. You<br />
will probably be more productive with a 32, 43 or more lines if they can easily fit in a<br />
window given your desktop display size and resolution.<br />
► Have the session automatically reconnect after logoff. Having a new logon screen come<br />
back immediately after you log off can also save you time in the long run. This is often not<br />
the default behavior.<br />
24 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Save your connection sessions. Rather than continually typing in the IP address or DNS<br />
name of the z/<strong>VM</strong> system to which you want to connect, spend a few minutes to define<br />
and save a session <strong>for</strong> each system to which you may connect, as was described <strong>for</strong><br />
PuTTY. <strong>The</strong>n you can usually double-click the saved connection to quickly access a new<br />
3270 session.<br />
Chapter 3. Configuring a desktop machine 25
26 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 4. Installing and configuring z/<strong>VM</strong><br />
“Example isn't another way to teach. It is the only way to teach.”<br />
— Albert Einstein<br />
z/<strong>VM</strong> can be installed first level from tape, from DVD or from an FTP server. Installing from<br />
tape is not described in this book, however, both installing from the physical media of DVDs,<br />
or without physical media, from an FTP server, are.<br />
To complete this chapter, you must complete the majority of Chapter 6, “Configuring an<br />
NFS/FTP server” on page 93. If you are installing z/<strong>VM</strong> from an an FTP server, you should<br />
complete section 4.1, “Installing z/<strong>VM</strong> from DVD or FTP server” on page 28, then complete<br />
chapter 6.<br />
It is recommended that you start here, because there is a step when installing z/<strong>VM</strong> (instdvd)<br />
that can take two or more hours, to complete. While that process is running, you can<br />
complete chapter 6. Alternatively, if you have other personnel who can work on the project,<br />
you can start both chapters at the same time on the different systems.<br />
This chapter consists of the following sections that should be completed:<br />
► “Installing z/<strong>VM</strong> from DVD or FTP server” on page 28<br />
► “Configuring TCP/IP” on page 41<br />
► “Configuring the XEDIT profile” on page 43<br />
► “Customizing the SYSTEM CONFIG file” on page 44<br />
► “Configuring TCP/IP to start at IPL time” on page 46<br />
► “Adding paging volumes” on page 50<br />
► “Creating a user ID <strong>for</strong> common files” on page 55<br />
In addition, there are optional sections:<br />
► “Addressing z/<strong>VM</strong> security issues” on page 62<br />
► “Backing up your z/<strong>VM</strong> system to tape” on page 64<br />
► “Relabeling system volumes” on page 64<br />
► “Restoring your z/<strong>VM</strong> system from tape” on page 69<br />
4<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 27
4.1 Installing z/<strong>VM</strong> from DVD or FTP server<br />
<strong>The</strong> section that follows assumes a first level installation of z/<strong>VM</strong> from DVD onto 3390 DASD.<br />
If you have not already done so, complete the worksheet in 2.7.1, “z/<strong>VM</strong> resources<br />
worksheet” on page 16.<br />
For System z9 hardware and older, you will need access to the Hardware Management<br />
Console (HMC) with a user ID that has authority to go into single object operations mode,<br />
though this is not pertinent <strong>for</strong> z/<strong>VM</strong> 6.1 as it installs onto System z<strong>10</strong> or later. <strong>The</strong><br />
requirement to be in single object operations mode <strong>for</strong> z<strong>10</strong> or later has been removed.<br />
z/<strong>VM</strong> 6.1 is shipped on tape, on DVD and is available from the Internet through electronic<br />
download. z/<strong>VM</strong> should install faster from tape due to better I/O speeds, however, installing<br />
from tape is becoming less common.<br />
If you are not familiar with the HMC and z/ <strong>VM</strong>, you may want to use the complete installation<br />
manual z/<strong>VM</strong> Guide <strong>for</strong> Automated Installation and Service, Version 6 Release 1.0,<br />
GC24-6097. If you are installing z/<strong>VM</strong> at the second level (z/<strong>VM</strong> under z/<strong>VM</strong>) or onto<br />
FCP/SCSI disk, you will want to use this z/<strong>VM</strong> manual as the sections that follow do not<br />
address these options.<br />
4.1.1 Obtaining z/<strong>VM</strong> through electronic download<br />
z/<strong>VM</strong> can be ordered and delivered electronically through <strong>IBM</strong> ShopzSeries. A detailed<br />
discussion is outside the scope of this book, however short steps are documented. Note that<br />
the steps and links may change over time, but the basic process should remain the same.<br />
You may download the z/<strong>VM</strong> product install files to a staging machine, such as a Windows<br />
desktop, as was done in this example, and later upload them to an FTP server. However, you<br />
may also download them directly to the machine that will be the FTP server, such as a Linux<br />
PC if it has access to the Internet and a browser.<br />
To order z/<strong>VM</strong>, per<strong>for</strong>m the following steps:<br />
► Go to the z/<strong>VM</strong> service page:<br />
http://www.vm.ibm.com/service/<br />
► Click on the link <strong>IBM</strong> ShopzSeries in the section <strong>IBM</strong> Support Portals.<br />
► Sign in by clicking on the link Sign in <strong>for</strong> registered users in the upper right.<br />
► Click on the link create new software orders.<br />
► On Step 1, click on the radio button z/<strong>VM</strong> Products and choose <strong>VM</strong> SDO version 6 in the<br />
dropdown menu to the right. Click Continue.<br />
► On Step 2, select a hardware system on which you plan to run z/<strong>VM</strong> from the list of<br />
Hardware systems <strong>for</strong> your customer number, and click Continue.<br />
► On Step 3, <strong>for</strong> the Filter, select <strong>VM</strong> - <strong>VM</strong> Base Product, select your language and <strong>for</strong> the<br />
Filter, select Show all products. then click Show catalog. A sub-menu appears.<br />
– Select z/<strong>VM</strong> V6 3390 System DDR and click Continue.<br />
► On Step 4, verify the order and click Continue.<br />
► On Step 5, verify the entitlements and click Continue.<br />
► On Step 6, <strong>for</strong> the Prefered media, select Internet and click Continue.<br />
► On Step 7, review and click Submit.<br />
28 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► It may take some time <strong>for</strong> the order to be prepared. In this example, the e-mail stating that<br />
the order was ready <strong>for</strong> download was received after about four hours. When you receive<br />
the e-mail, it will contain the URL <strong>for</strong> downloading your order. Use a browser to go to that<br />
URL.<br />
► From that URL, there will be links to investigate as shown in Figure 4-1. It has the<br />
following five sections:<br />
– Order Packing List - the list of available products and manuals<br />
– Installation Instructions - clicking View now will take you to a Web page:<br />
http://www.vm.ibm.com/install/vm61inst.pdf<br />
This PDF will describe in general terms how to go from the product install files to<br />
physical DVDs or to an FTP server. If you want to go from the product install files to<br />
physical DVDs, you should complete this section, but will not need to use the later<br />
section on how to set up an FTP server. If you want to use an FTP server to avoid<br />
physical media altogether, you can read the PDF <strong>for</strong> a general approach, and then<br />
complete this section and section 6.5, “Configuring an FTP server <strong>for</strong> z/<strong>VM</strong> installation”<br />
on page 98 <strong>for</strong> specific details.<br />
– Product Publications - will allow you to access different z/<strong>VM</strong> publications related to<br />
installation<br />
– Additional Publications - will allow you to download a z/<strong>VM</strong> SDO document (4 pages)<br />
– <strong>VM</strong> product material - This is the most important section as it is where you go to<br />
download z/<strong>VM</strong> product installation files. In the example used in this book, the link<br />
Download to your workstation using <strong>IBM</strong> Download Director was clicked as shown<br />
in the figure.<br />
Figure 4-1 Web page <strong>for</strong> downloading z/<strong>VM</strong> electronically<br />
► Clicking this link brought up the screen shown in Figure 4-2 on page 30. <strong>The</strong> first and third<br />
check boxes were selected as the z/<strong>VM</strong> is being installed onto 3390 DASD. <strong>The</strong> 1.3 GB of<br />
data was downloaded relatively quickly due to multiple connections being opened through<br />
the use of <strong>IBM</strong> Download Director.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 29
Figure 4-2 Choosing two files to be downloaded<br />
► <strong>The</strong> z/<strong>VM</strong> install code should now be staged or ready <strong>for</strong> the FTP server to be set up. In<br />
this example where the files are staged on a Windows workstation, the two files are shown<br />
from a DOS prompt:<br />
C:\zvm61> dir<br />
...<br />
11/11/20<strong>10</strong> 08:54 AM 1,277,435,798 cd813250.zip<br />
11/11/20<strong>10</strong> 08:54 AM 45,088,2<strong>10</strong> CD813270.ZIP<br />
► To configure an FTP server, complete all of chapter 6 and especially section 6.5,<br />
“Configuring an FTP server <strong>for</strong> z/<strong>VM</strong> installation” on page 98.<br />
When these steps are complete, you should be able to point the z/<strong>VM</strong> install to the FTP<br />
server that was just set up.<br />
4.1.2 Starting the z/<strong>VM</strong> install<br />
This section explains how to install z/<strong>VM</strong> 6.1 from an HMC onto 3390-3 equivalent DASD.<br />
Some words are included <strong>for</strong> installing onto the larger 3390-9 DASD. For alternative<br />
configurations such as installing from tape or onto SCSI disks, refer to the z/<strong>VM</strong><br />
documentation.<br />
Per<strong>for</strong>m the following steps<br />
► Logon to the Hardware Management Console. You should see the HMC Workplace<br />
window.<br />
► Select the LPAR on which you want to install z/<strong>VM</strong> - often by clicking on CPC images<br />
icon. Note: BE SURE you have the correct LPAR selected. If you are not completely sure,<br />
check with someone who is.<br />
► If necessary, click the racetrack buttons (two buttons that are circular arrows on the<br />
bottom right corner) to traverse to the Recovery or CPC Recovery menu.<br />
► On the Recovery or CPC Recovery menu, double-click the Integrated 3270 Console as<br />
shown at the bottom of Figure 4-3. A window entitled Integrated 3270 Console <strong>for</strong> will open (on older HMC levels, the window may be entitled Personal<br />
Communications).<br />
Hint: It is convenient to use the Alt-Tab key sequence to move between the HMC<br />
window and 3270 console.<br />
30 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 4-3 Recovery menu<br />
► Place the z/<strong>VM</strong> Product Package Version 6 Release 1.0 DVD in the HMC DVD drive.<br />
Important: On z<strong>10</strong> HMCs and later, it is no longer required to be in Single Object<br />
Operations mode in order to install z/<strong>VM</strong>.<br />
► On a z9 HMC and older, get into Single Object Operations mode by per<strong>for</strong>ming the<br />
following steps:<br />
a. Double-click the Groups icon in the Views Area<br />
b. Double-click Defined CPCs in the Groups Work Area.<br />
c. Select your CPC.<br />
d. If necessary, go around the racetrack (the buttons with circular arrows on the bottom<br />
right corner) to the CPC Recovery menu.<br />
e. Double-click the Single Object Operations icon. Click yes to confirm. Now a new<br />
window Primary Support Element Workplace should appear (on older HMC levels it<br />
will be a “window within a window”). A window about a certificate not being valid<br />
may appear. If so, click OK.<br />
f. Double-click Groups near the top of this window.<br />
g. Double-click Images in the Groups Work Area.<br />
If you are unable to get into Single Object Operations mode, it may be because you do not<br />
have sufficient permission. Check with the system administrator.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 31
► <strong>The</strong> LPAR that z/<strong>VM</strong> will be installed into should still be selected. On the right you should<br />
still see the (CPC) Recovery menu. Double-click the Load from Removable Media or<br />
Server icon :<br />
Important: If you received the z/<strong>VM</strong> product electronically, you will need to create your<br />
own DVDs. This step is not covered in this book. See the z/<strong>VM</strong> manual Installation<br />
Instructions <strong>for</strong> Electronically Delivered <strong>IBM</strong> z/<strong>VM</strong> Operating System Deliverable,<br />
GI11-2900, on the Web at:<br />
http://www.vm.ibm.com/install/prodinst.html<br />
If the DVD is not burned correctly you may see the error message:<br />
ACT36201 "An error has occurred while trying to obtain a list of the software that<br />
can be loaded. ...".<br />
Further, this error may have the side effect of locking the DVD drive. <strong>The</strong> HMC may need<br />
to be rebooted. To prevent this from happening, be sure you create the DVDs correctly.<br />
Use newer copies of DVD-burning software that has an option <strong>for</strong> the ISO9660 <strong>for</strong>mat,<br />
which is recommended.<br />
► On the Load from Removable Media or Server window as shown in Figure 4-4 on<br />
page 32, the radio button Hardware Management Console CD-ROM/DVD should be<br />
selected.<br />
► In the same Load from Removable Media or Server window, fill in File Location with<br />
/cpdvd.This is the directory on the DVD with the z/<strong>VM</strong> 6.1 installation code. Click OK.<br />
Figure 4-4 Load from Removable Media or Server panel<br />
32 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Important: If you do not have physical DVDs, but there is an FTP server set up with the<br />
z/<strong>VM</strong> install code, then you can use FTP as an install method. If such an FTP server is set<br />
up, you can click the FTP Source radio button and fill in the fields, Host Computer, User<br />
ID, Password and File location as shown in Figure 4-5.<br />
Setting up an FTP server so as to provide the z/<strong>VM</strong> product files <strong>for</strong> installation is<br />
described in section 6.5, “Configuring an FTP server <strong>for</strong> z/<strong>VM</strong> installation” on page 98.<br />
Figure 4-5 Load from Removable Media or Server panel with FTP source<br />
► Load the RAMDISK:<br />
a. From the Load from Removable Media or Server panel, the file 6<strong>10</strong>vm.ins should be<br />
selected as shown in Figure 4-6. Click OK. If you are at the HMC installing from DVD,<br />
you should see the green light on the DVD drive light up.<br />
Figure 4-6 Selecting z/<strong>VM</strong> 6.1 RAMdisk system<br />
b. From the Confirm the action window, click Yes.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 33
c. You should see the Disruptive Task Confirmation: Load from CD-ROM, DVD or Server<br />
Progress window. You will be prompted <strong>for</strong> the password as shown in Figure 4-7.<br />
Figure 4-7 Supplying password <strong>for</strong> disruptive task<br />
d. When you see the message Completed successfully. Click OK to close. This should<br />
normally take about two minutes or less.<br />
You should now have an in-memory z/<strong>VM</strong> 6.1 system running.<br />
4.1.3 Copying a vanilla z/<strong>VM</strong> system to DASD<br />
This section describes the steps to copy z/<strong>VM</strong> to DASD.<br />
► You can now get out of Single object operations mode (if you are in it). To do so, log off<br />
the primary SE window by closing that window.<br />
► Move to the Integrated 3270 Console window (you can use the Alt-Tab sequence). <strong>The</strong><br />
RAMdisk should IPL and you should see z/<strong>VM</strong> boot as shown in Figure 4-8. If the<br />
Integrated 3270 Console window is still blank, be patient - it may take a minute or two to<br />
initialize.<br />
Note: <strong>The</strong> “Esc” key in the upper left clears the Integrated 3270 console on the HMC.<br />
34 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 4-8 z/<strong>VM</strong> first boot on Integrated console<br />
► Invoke the instplan command. This will allow you to choose associated z/<strong>VM</strong> products to<br />
install, the language to use and the type of DASD on which to install:<br />
==> instplan<br />
Figure 4-9 Installation planning panel<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 35
► You may need to clear the screen with the Esc key. You should then see the display as<br />
shown in Figure 4-9. It is recommended that you leave the M’s in the top section alone.<br />
► Type the letter X next to AMENG (or select your language) and 3390 Mod 3 (or the type of<br />
DASD you will use) as shown above. You can use the Tab key to move to the next input<br />
field.<br />
► Press F5. You should the message HCPINP8392I INSTPLAN EXEC ENDED SUCCESSFULLY<br />
after a list of what will be installed.<br />
► Attach the DASD devices onto which z/<strong>VM</strong> will be installed defined in your planning<br />
worksheet in 2.7.2, “z/<strong>VM</strong> DASD worksheet” on page 17. In this example, the devices are<br />
6280-6284.<br />
==> att 6280-6284 *<br />
6280-6284 ATTACHED TO MAINT<br />
Important: <strong>The</strong> devices 6280-6284 are in bold italics to signify that you should replace the<br />
example value with the correct value <strong>for</strong> your site. For example, if you are installing z/<strong>VM</strong><br />
onto DASD 1200-1204, you would type the following:<br />
==> att 1200-1204 *<br />
This convention is used throughout the book.<br />
Running INSTDVD<br />
<strong>The</strong> INSTDVD EXEC copies the z/<strong>VM</strong> system from DVD to disk.<br />
► Execute INSTDVD:<br />
==> instdvd<br />
► If you are using 3390-3s, you see a panel asking <strong>for</strong> the five volumes as shown in<br />
Figure 4-<strong>10</strong> (if you are using 3390-9s, you will only see three lines).<br />
Figure 4-<strong>10</strong> INSTDVD DASD address panel<br />
a. Enter the addresses of the five volumes (or three <strong>for</strong> 3390-9s) that z/<strong>VM</strong> will be<br />
installed on. <strong>The</strong> labels <strong>for</strong> the last four volumes are changed because the LPAR in this<br />
example had access to other z/<strong>VM</strong> systems. Changing the labels prevents the problem<br />
described in 4.11, “Relabeling system volumes” from occurring.<br />
b. Press F5 to start the installation.<br />
► Verify that the five DASD addresses to be installed onto are correct. When you see the<br />
question DO YOU WANT TO CONTINUE?, type Y. You should see the message NOW FORMATTING<br />
DASD 6280.<br />
36 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Important: INSTDVD can take from 45 minutes to two hours. Now may be a good time<br />
to go to chapter 6 to set up an NFS server.<br />
Also, read errors have been observed resulting in INSTDVD failing. If this is the case, you<br />
can try the command instdvd (restart and the install process should pick up where<br />
the read error occurred. This can be caused by dirt or fingerprints on the DVD.<br />
► You are asked to place the system RSU in the drive. Insert the z/<strong>VM</strong> Stacked<br />
Recommended Service Upgrade 6<strong>10</strong>1 DVD into the HMC DVD-ROM drive<br />
► At the Integrated 3270 Console, type GO. You should see a messages of the <strong>for</strong>m DVDLOAD:<br />
LOADING FILE CKD5000x IMAGE *. This step should take two to four minutes.<br />
► Finally, you should see the message HCPIDV8329I INSTDVD EXEC ENDED SUCCESSFULLY.<br />
4.1.4 IPL the vanilla z/<strong>VM</strong> from DASD<br />
IPL your initial z/<strong>VM</strong> system now on DASD. Your 3270 Integrated Console session should still<br />
be running.<br />
► In the HMC Workplace window, your LPAR should still be selected. If not, select your<br />
LPAR by clicking it. You may have to first double-click Groups.<br />
► You should see the Recovery menu. Double-click the Load icon in the menu at the right<br />
side.<br />
► <strong>The</strong> Load window opens as shown in Figure 4-11. Follow these steps:<br />
a. Set the load address to the new system residence (6<strong>10</strong>RES) volume which is 6280 in<br />
this example.<br />
b. Set the load parameter to SYSG. This specifies to use the Integrated 3270 console.<br />
c. Click OK to IPL.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 37
Figure 4-11 Load window<br />
► When you see the Load Task Confirmation window, click Yes.<br />
► After 1-3 minutes you should see a status of Success in the Load Progress window. Click<br />
OK.<br />
► Move back to the Integrated 3270 console window. You should see the Standalone<br />
Program Loader panel as shown in the following diagram.<br />
a. Press the Tab key to traverse to the IPL Parameters section and enter the value<br />
cons=sysg. This specifies to use the Integrated 3270 console.<br />
38 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 4-12 Stand Alone Program Loader<br />
b. Press the F<strong>10</strong> key to continue the IPL of your z/<strong>VM</strong> system. This should take around<br />
1-3 minutes.<br />
► At the Start (Warm|Force|COLD|CLEAN) prompt, enter the following:<br />
==> cold drain noautolog<br />
► At the Change TOD clock prompt enter:<br />
==> no<br />
► <strong>The</strong> last message should be HCPCRC8082I EREP records are accumulating <strong>for</strong> userID<br />
EREP. Disconnect from the OPERATOR user ID using the DISCONNECT command:<br />
==> disc<br />
Press Enter to get a new logon screen.<br />
4.1.5 Completing the z/<strong>VM</strong> installation<br />
Follow these steps to complete the z/<strong>VM</strong> installation<br />
► On the HMC z/<strong>VM</strong> login screen, logon as MAINT. <strong>The</strong> password is MAINT. You may receive<br />
messages HCPLNM<strong>10</strong>2E or HCPLNM<strong>10</strong>1E about disks not linked or attached. This is not a<br />
problem. Press Enter when you see the <strong>VM</strong> Read prompt in the lower right corner.<br />
Important: When logging onto a z/<strong>VM</strong> user ID that runs CMS, you should usually press<br />
Enter at the <strong>VM</strong> READ prompt. Doing so will run the PROFILE EXEC and will result in a prompt<br />
of the <strong>for</strong>m:<br />
Ready; T=0.01/0.01 11:14:20<br />
► IPL CMS then press Enter at the <strong>VM</strong> READ prompt in the lower right corner. You should see<br />
the Ready; prompt.<br />
==> ipl cms<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 39
==> Press Enter at the <strong>VM</strong> READ prompt<br />
► Run the instvm dvd command:<br />
==> instvm dvd<br />
...<br />
HCPPLD8329I POSTLOAD EXEC ENDED SUCCESSFULLY<br />
...<br />
HCPI<strong>VM</strong>8392I INST<strong>VM</strong> ENDED SUCCESSFULLY<br />
This EXEC continues the installation process. This step should take about 4-8 minutes.<br />
<strong>The</strong> last message should be HCPI<strong>VM</strong>8392I INST<strong>VM</strong> ENDED SUCCESSFULLY<br />
► Load the recommended service. First IPL CMS then press Enter at the <strong>VM</strong> READ prompt:<br />
==> ipl cms<br />
==> Press Enter at the <strong>VM</strong> READ prompt<br />
Ready;<br />
► For z/<strong>VM</strong> 6.1, the service name is 6<strong>10</strong>1RSU1. Verify this file exists on the MAINT 500 disk:<br />
==> acc 500 c<br />
DMSACC724I 500 replaces C (2CC)<br />
==> listfile * * c<br />
6<strong>10</strong>1RSU1 SERVLINK C1<br />
► Run the SERVICE ALL command to apply the service:<br />
==> service all 6<strong>10</strong>1rsu1<br />
...<br />
This step should take about 3-6 minutes. <strong>The</strong> last message should be:<br />
40 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully.<br />
► IPL CMS and run the put2prod command. This puts the service into production:<br />
==> ipl cms<br />
==> Press Enter<br />
Ready;<br />
==> put2prod<br />
This step should take about 2-4 minutes. <strong>The</strong> last message should be:<br />
<strong>VM</strong>FP2P2760I PUT2PROD processing completed successfully.<br />
A return code of 0 is ideal. You may get a return code of 4 and the message:<br />
<strong>VM</strong>FP2P2760I PUT2PROD process completed with warnings.<br />
In general on z/<strong>VM</strong>, a return code of 4 is acceptable. That means that only warnings were<br />
issued. A return code of 8 or greater generally means that errors were encountered.<br />
► Enter the following command to shutdown and re-IPL your system:<br />
==> shutdown reipl<br />
SYSTEM SHUTDOWN STARTED<br />
► You will lose the current session on the Integrated 3270 Console, but the system should<br />
come back in about 2-4 minutes.<br />
► After it comes back, the last message should be “Press enter or clear key to<br />
continue”. Press Enter and you should see a z/<strong>VM</strong> logon screen.<br />
Congratulations! You should now have a vanilla z/<strong>VM</strong> system installed.
4.2 Configuring TCP/IP<br />
It is recommended that you initially configure TCP/IP using the IPWIZARD command which is<br />
generally used just once. After IPWIZARD creates the initial configuration files, they are<br />
typically maintained manually.<br />
From the HMC z/<strong>VM</strong> logon panel, logon to MAINT. <strong>The</strong> default password <strong>for</strong> all z/<strong>VM</strong> user IDs<br />
is the same as the user ID. So enter a password of maint which will not be echoed on the<br />
screen.<br />
USERID ==> maint<br />
PASSWORD ==><br />
After entering the user ID and password, press Enter when the status area in the lower right<br />
reads “<strong>VM</strong> READ”.<br />
4.2.1 Use the IPWIZARD tool<br />
<strong>The</strong> IPWIZARD command is on the MAINT 193 disk. You will need to access it file mode G using<br />
the ACCESS command so you will pick up IPWIZARD from that minidisk.<br />
► Access the MAINT 193 disk:<br />
==> acc 193 g<br />
► Invoke IPWIZARD.<br />
==> ipwizard<br />
Figure 4-13 IPWIZARD screen 1<br />
► <strong>The</strong> z/<strong>VM</strong> TCP/IP Configuration Wizard opens as shown in the preceding example. <strong>The</strong><br />
first field, User ID, should always be TCPIP. Obtain the remaining values from the 2.7.1,<br />
“z/<strong>VM</strong> resources worksheet” on page 16 and press F8.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 41
Figure 4-14 IPWIZARD screen 2<br />
► An Interface Name of ETH0 is arbitrary but recommended. <strong>The</strong> Device Number will be<br />
the starting address of the OSA triplet that the z/<strong>VM</strong> stack will use. <strong>The</strong> IP address which<br />
must be routed to the OSA card will become the TCP/IP address of the z/<strong>VM</strong> system. <strong>The</strong><br />
Interface Type will typically be QDIO (layer 3) with modern OSA devices. When<br />
completed, press F8.<br />
Note: to utilize QDIO (layer 2), certain prerequisites must be met. Consult with the system<br />
administrator.<br />
Figure 4-15 IPWIZARD screen 3 (<br />
► In general, a value <strong>for</strong> the Port Name is no longer necessary. Press F5 to complete the<br />
wizard.<br />
DTCIPW2508I DTCIPWIZ EXEC is attempting to create the necessary<br />
DTCIPW2508I configuration files<br />
42 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Enter 1 to restart the TCP/IP stack (you may see other warnings):<br />
<strong>The</strong> TCP/IP stack (TCPIP) must be restarted as part of this procedure<br />
Would you like to restart and continue?<br />
Enter 0 (No), 1 (Yes) 1<br />
USER DSC LOGOFF AS TCPIP USERS = 2 FORCED BY MAINT<br />
...<br />
Successfully PINGed Interface (9.12.5.22)<br />
Successfully PINGed Gateway (9.12.4.1)<br />
Successfully PINGed DNS (9.12.6.7)<br />
DTCIPW2519I Configuration complete; connectivity has been verified<br />
DTCIPW2520I File PROFILE TCPIP created on TCPIP 198<br />
DTCIPW2520I File TCPIP DATA created on TCPIP 592<br />
DTCIPW2520I File SYSTEM DTCPARMS created on TCPIP 198<br />
HCPINP8392I IPWIZARD EXEC ENDED SUCCESSFULLY<br />
DMS<strong>VM</strong>L2061I TCPIP 592 released<br />
► At this point your z/<strong>VM</strong> TCP/IP stack should be up. You should now be able to ping it from<br />
another system.<br />
If the IPWIZARD fails you must continue debugging it until it succeeds. Double check all<br />
values. Verify that the TCP/IP network and OSA in<strong>for</strong>mation you were given are properly<br />
associated.<br />
HMC Integrated 3270 Console or 3270 emulator? At this point z/<strong>VM</strong> should be<br />
accessible over the network. You can continue working at the HMC, or you can access<br />
your new system using a 3270 emulator. See 3.3, “3270 emulators” on page 24 <strong>for</strong> some<br />
brief words on that subject.<br />
If you want to switch to 3270 emulator, first LOGOFF of MAINT or DISConnect on the<br />
Integrated 3270 Console.<br />
If you logoff the session is ended - it is analogous to shutting and powering down a PC. If<br />
you disconnect, your session remains where it is and is resumed when you log back on. It<br />
is analogous to turning a PC’s monitor off. In general, you should LOGOFF of system<br />
administration user IDs such as MAINT. However, you should always DISCONNECT from z/<strong>VM</strong><br />
service machines such as TCPIP and user IDs running Linux. Logging off of them will<br />
terminate the service or crash Linux.<br />
4.3 Configuring the XEDIT profile<br />
Logon to MAINT if you are not already.<br />
<strong>The</strong> XEDIT command looks <strong>for</strong> the file XEDIT PROFILE configuration file when it is invoked.<br />
Many z/<strong>VM</strong> user IDs do not have such a personal or shared system file, so all XEDIT default<br />
values are in effect. <strong>The</strong> MAINT 191 (A) disk has a PROFILE XEDIT so when you are editing files<br />
on MAINT, the values in this profile are usually in effect.<br />
If you have never used XEDIT be<strong>for</strong>e, there is a cheat sheet in Appendix A.4.1, “XEDIT cheat<br />
sheet” on page 241. <strong>The</strong> z/<strong>VM</strong> 6.1 PDF library is on the Web at:<br />
http://www-03.ibm.com/systems/z/os/zos/bkserv/zvmpdf/#zvm61<br />
Search <strong>for</strong> the XEDIT User’s Guide and Command Reference. Also there is an old manual<br />
available online:<br />
http://ukcc.uky.edu/ukccinfo/391/xeditref.html<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 43
One default setting that can be dangerous, especially if you use F12 to retrieve commands, is<br />
that PF12 is set to the FILE subcommand. Sometimes you may not want to save your<br />
changes with the stroke of one key. It is recommended that you set PF12 to the ?<br />
subcommand which has the effect of a retrieve key:<br />
==> copy profile xedit a profile xediorig a (oldd<br />
==> x profile xedit a<br />
Be<strong>for</strong>e:<br />
After:<br />
SET PF12 FILE<br />
SET PF12 ?<br />
Save your changes with the FILE subcommand.<br />
4.4 Customizing the SYSTEM CONFIG file<br />
<strong>The</strong> first configuration file read when z/<strong>VM</strong> IPLs is the SYSTEM CONFIG file. <strong>The</strong> following<br />
changes are recommended:<br />
► Change the system name<br />
► Increase retrieve key capacity<br />
► Allow virtual disks (VDISKs) to be created<br />
► Turn off the Disconnect Timeout (this will prevent idle disconnected users from being<br />
<strong>for</strong>ced off the system)<br />
► Define a virtual switch (VSWITCH) that will be used <strong>for</strong> Linux networking<br />
To make these changes, per<strong>for</strong>m the following steps:<br />
► To edit the SYSTEM CONFIG file, the MAINT CF1 minidisk must be released as a CP disk<br />
using the CPRELASE command. <strong>The</strong> CP disks are queried using the QUERY CPDISK command.<br />
Note the MAINT CF1 disk is accessed as CP disk A be<strong>for</strong>e it is released but not after.<br />
==> q cpdisk<br />
Label Userid Vdev Mode Stat Vol-ID Rdev Type StartLoc EndLoc<br />
MNTCF1 MAINT 0CF1 A R/O 6<strong>10</strong>RES 6280 CKD 39 158<br />
MNTCF2 MAINT 0CF2 B R/O 6<strong>10</strong>RES 6280 CKD 159 278<br />
MNTCF3 MAINT 0CF3 C R/O 6<strong>10</strong>RES 6280 CKD 279 398<br />
==> cprel a<br />
CPRELEASE request <strong>for</strong> disk A scheduled.<br />
HCPZAC6730I CPRELEASE request <strong>for</strong> disk A completed.<br />
==> q cpdisk<br />
Label Userid Vdev Mode Stat Vol-ID Rdev Type StartLoc EndLoc<br />
MNTCF2 MAINT 0CF2 B R/O 6<strong>10</strong>RES 6280 CKD 159 278<br />
MNTCF3 MAINT 0CF3 C R/O 6<strong>10</strong>RES 6280 CKD 279 398<br />
► Once it is released you are able to access the MAINT CF1 disk read-write. Use the LINK<br />
command with multi-read (MR) parameter and ACCESS command to get read-write access<br />
as your F disk.<br />
==> link * cf1 cf1 mr<br />
==> acc cf1 f<br />
► Make a backup copy of the vanilla SYSTEM CONFIG file using the COPYFILE command with<br />
the OLDDATE parameter so the timestamp of the file is not modified. Note that because the<br />
target file name (system) and mode (f) are the same, the equal sign (=) can be used as a<br />
wildcard.<br />
44 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
==> copy system config f = con<strong>for</strong>ig = (oldd<br />
► Edit the original file:<br />
==> x system config f<br />
► <strong>The</strong> system name is set to Z<strong>VM</strong>V6R<strong>10</strong> by default in the System_Identifier_Default<br />
statement. You can search <strong>for</strong> it using the / subcommand:<br />
====> /System_Identifier_D<br />
Modify this to the new name of your system. In this example POKSND61 is used.<br />
System_Identifier_Default POKSND61<br />
► Next look <strong>for</strong> the Features statement. You can search <strong>for</strong> it again or you can use F8 to<br />
page down. <strong>The</strong> following changes and additions are recommended:<br />
– Increase the number of commands that can be retrieved from 20 to 99.<br />
– Set the Disconnect_Timeout to off so disconnected users do not get <strong>for</strong>ced off.<br />
– Allow unlimited VDISKs to be created by users by changing Userlim to infinite and<br />
by adding the Syslim infinite clause:<br />
Features ,<br />
Disable , /* Disable the following features */<br />
Set_Privclass , /* Disallow SET PRIVCLASS command */<br />
Auto_Warm_IPL , /* Prompt at IPL always */<br />
Clear_TDisk , /* Don't clear TDisks at IPL time */<br />
Retrieve , /* Retrieve options */<br />
Default 99 , /* Default.... default is 20 */<br />
Maximum 255 , /* Maximum.... default is 255 */<br />
MaxUsers noLimit , /* No limit on number of users */<br />
Passwords_on_Cmds , /* What commands allow passwords? */<br />
Autolog yes , /* ... AUTOLOG does */<br />
Link yes , /* ... LINK does */<br />
Logon yes , /* ... and LOGON does, too */<br />
Disconnect_Timeout off , /* Don't <strong>for</strong>ce disconnected users */<br />
Vdisk , /* Allow VDISKS <strong>for</strong> Linux swaps */<br />
Syslim infinite ,<br />
Userlim infinite<br />
► Define a VSWITCH:<br />
Use the BOTTOM subcommand to go to the bottom of the file. Add some lines (you can use<br />
the XEDIT add subcommand a3). Define a VSWITCH and set the MAC address prefix. This<br />
will set the first three bytes of the MAC address created <strong>for</strong> each virtual NIC. If you have a<br />
multiple z/<strong>VM</strong> systems, increment this value to avoid having identical MAC addresses<br />
created. <strong>The</strong> last three bytes of the MAC address are automatically incremented by z/<strong>VM</strong><br />
as they are assigned, so they will be unique on each z/<strong>VM</strong> system. Modify the two starting<br />
addresses of the OSA triplets (B440 and B424 in this example) to those you specified in<br />
2.7.1, “z/<strong>VM</strong> resources worksheet” on page 16.<br />
====> bot<br />
====> a3<br />
/* define vswitch named vsw1 and set MAC address prefixes to 02-00-01 */<br />
define vswitch vsw1 rdev B440 B424<br />
vmlan macprefix 020001<br />
► Save your changes with the XEDIT FILE subcommand:<br />
====> file<br />
► Test your changes with the CPSYNTAX command which is on the MAINT 193 disk:<br />
==> acc 193 g<br />
==> cpsyntax system config f<br />
CONFIGURATION FILE PROCESSING COMPLETE -- NO ERRORS ENCOUNTERED.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 45
Pay attention to the output. If you get any syntax errors, fix them be<strong>for</strong>e proceeding.<br />
► Release and detach the MAINT CF1 disk with the RELEASE command. <strong>The</strong>n put it back online<br />
with the CPACCESS command:<br />
==> rel f (det<br />
DASD 0CF1 DETACHED<br />
==> cpacc * cf1 a<br />
CPACCESS request <strong>for</strong> mode A scheduled.<br />
HCPZAC6732I CPACCESS request <strong>for</strong> MAINT's 0CF1 in mode A completed.<br />
► Verify that the CP disk A has been accessed using the QUERY CPDISK command:<br />
==> q cpdisk<br />
Label Userid Vdev Mode Stat Vol-ID Rdev Type StartLoc EndLoc<br />
MNTCF1 MAINT 0CF1 A R/O 6<strong>10</strong>RES 6280 CKD 39 158<br />
MNTCF2 MAINT 0CF2 B R/O 6<strong>10</strong>RES 6280 CKD 159 278<br />
MNTCF3 MAINT 0CF3 C R/O 6<strong>10</strong>RES 6280 CKD 279 398<br />
Note that all three CP disks are now accessed.<br />
4.5 Configuring TCP/IP to start at IPL time<br />
Configure the TCPIP service machine to be started when z/<strong>VM</strong> IPLs. This is commonly<br />
accomplished from AUTOLOG1’s PROFILE EXEC. If the noautolog parameter is not specified<br />
when z/<strong>VM</strong> is IPLed, the AUTOLOG1 virtual machine is started. Because this virtual machine<br />
IPLs CMS, the PROFILE EXEC that is found on its A disk is run. This is analogous to the<br />
/etc/profile file on Linux and the autoexec.bat on DOS systems.<br />
► Logoff of MAINT.<br />
==> log<br />
► You should see a new logon panel. Logon to AUTOLOG1. Again the password is the same<br />
as the user ID.<br />
► At the <strong>VM</strong> READ prompt enter the command ACCESS (NOPROF so that the PROFILE EXEC is not<br />
run.<br />
z/<strong>VM</strong> Version 6 Release 1.0, Service Level 0901 (64-bit),<br />
built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
<strong>The</strong>re is no logmsg data<br />
FILES: NO RDR, NO PRT, NO PUN<br />
LOGON AT 09:29:16 EST FRIDAY 11/20/09<br />
DMSIND2015W Unable to access the Y-disk. Filemode Y (19E) not accessed<br />
z/<strong>VM</strong> V6.1.0 2009-11-19 13:47<br />
==> acc (noprof<br />
► Copy the PROFILE XEDIT from the MAINT 191 disk so XEDIT sessions will have a common<br />
interface among user IDs.<br />
a. Use the <strong>VM</strong>LINK command to both link to the disk read-only and to access it as the<br />
highest available file mode. <strong>The</strong> default read password is read:<br />
==> vmlink maint 191<br />
ENTER READ PASSWORD:<br />
==> read<br />
DMS<strong>VM</strong>L2060I MAINT 191 linked as 0120 file mode Z<br />
b. Copy the PROFILE XEDIT to your A disk:<br />
==> copy profile xedit z = = a<br />
► Make a backup copy of the PROFILE EXEC and edit it:<br />
46 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
==> copy profile exec a = execorig =<br />
==> x profile exec<br />
► You should see the text in the top half of the following example. Modify it as follows.<br />
a. You can safely delete the Address Command line.<br />
b. Add a line to start the TCPIP user ID using the XAUTOLOG command and keep two<br />
statements that start the VSWITCH cloners.<br />
c. Add a line to logoff of AUTOLOG1 when the EXEC is complete. <strong>The</strong>re is no need to keep<br />
that virtual machine running as its sole purpose is to run the PROFILE EXEC.<br />
Be<strong>for</strong>e:<br />
/***************************/<br />
/* Autolog1 Profile Exec */<br />
/***************************/<br />
Address Command<br />
'CP XAUTOLOG <strong>VM</strong>SERVS'<br />
'CP XAUTOLOG <strong>VM</strong>SERVU'<br />
'CP XAUTOLOG <strong>VM</strong>SERVR'<br />
'CP XAUTOLOG DTCVSW1'<br />
'CP XAUTOLOG DTCVSW2'<br />
After:<br />
/***************************/<br />
/* Autolog1 Profile Exec */<br />
/***************************/<br />
'cp xautolog tcpip' /* start up TCPIP */<br />
'CP XAUTOLOG <strong>VM</strong>SERVS'<br />
'CP XAUTOLOG <strong>VM</strong>SERVU'<br />
'CP XAUTOLOG <strong>VM</strong>SERVR'<br />
'CP XAUTOLOG DTCVSW1'<br />
'CP XAUTOLOG DTCVSW2'<br />
'cp logoff' /* logoff when done */<br />
► Save your changes with the FILE subcommand<br />
====> file<br />
► Logoff of AUTOLOG1:<br />
==> log<br />
When your z/<strong>VM</strong> system IPLs, the TCP/IP stack should now come up automatically (as long<br />
as you do not specify the notautolog parameter at IPL time).<br />
4.5.1 Renaming the TCPIP configuration file<br />
It is recommended that you change the name of the main TCPIP configuration file from<br />
PROFILE TCPIP to TCPIP, where is the name of your new z/<strong>VM</strong><br />
system. This is to avoid the possibility that the PROFILE TCPIP file will be overwritten when<br />
applying maintenance.<br />
► Logon to TCPMAINT. <strong>The</strong> PROFILE TCPIP file is on the TCPMAINT 198 disk which is accessed<br />
as the D disk.<br />
► Make a backup copy the original PROFILE TCPIP, then rename it to TCPIP<br />
(where is POKSND61 in this example). When the TCPIP service machine<br />
starts, it will search <strong>for</strong> this file be<strong>for</strong>e the file PROFILE TCPIP.<br />
==> copy profile tcpip d = tcpiorig = (oldd<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 47
==> rename profile tcpip d poksnd61 = =<br />
► You have now backed up and renamed your TCP/IP profile. You can verify using the<br />
LISTFILE command:<br />
==> listfile * * d<br />
POKSND61 TCPIP D1<br />
PROFILE $TCPBAK D1<br />
SYSTEM $DTCBAK D1<br />
SYSTEM DTCPARMS D1<br />
TCPIORIG PROFILE D1<br />
4.5.2 Copy the PROFILE XEDIT file<br />
Again copy the PROFILE XEDIT from the MAINT 191 disk so XEDIT sessions will have a<br />
common interface among user IDs.<br />
► Use the <strong>VM</strong>LINK command to both link to the disk read-only and to access it as the highest<br />
available file mode. <strong>The</strong> default read password is read:<br />
==> vmlink maint 191<br />
ENTER READ PASSWORD:<br />
read<br />
DMS<strong>VM</strong>L2060I MAINT 191 linked as 0120 file mode Z<br />
► Copy the PROFILE XEDIT to your A disk:<br />
==> copy profile xedit z = = a<br />
Now, XEDIT sessions on TCPMAINT will have the same configuration as on MAINT.<br />
4.5.3 Configuring the FTP server<br />
Turn on the FTP server by editing the renamed configuration file:<br />
► Edit the file<br />
==> x poksnd61 tcpip d<br />
► Add an AUTOLOG statement near the top of the file with FTPSERVE as the only entry.<br />
► In the PORT statement, remove the semicolons to uncomment the lines with FTPSERVE on<br />
them (ports 20 and 21). <strong>The</strong>se changes will cause the FTP server to start when TCPIP is<br />
started. <strong>The</strong> important lines be<strong>for</strong>e the file is edited and after are shown:<br />
==> x poksnd61 tcpip d<br />
Be<strong>for</strong>e:<br />
; ----------------------------------------------------------------------<br />
OBEY<br />
OPERATOR TCPMAINT MAINT MPROUTE DHCPD REXECD SNMPD SNMPQE LDAPSRV<br />
ENDOBEY<br />
; ----------------------------------------------------------------------<br />
PORT<br />
; 20 TCP FTPSERVE NOAUTOLOG ; FTP Server<br />
; 21 TCP FTPSERVE ; FTP Server<br />
23 TCP INTCLIEN ; TELNET Server<br />
; 25 TCP SMTP ; SMTP Server<br />
...<br />
After:<br />
; ----------------------------------------------------------------------<br />
OBEY<br />
48 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
OPERATOR TCPMAINT MAINT MPROUTE ROUTED DHCPD REXECD SNMPD SNMPQE<br />
ENDOBEY<br />
; ----------------------------------------------------------------------<br />
AUTOLOG<br />
FTPSERVE 0<br />
ENDAUTOLOG<br />
PORT<br />
20 TCP FTPSERVE NOAUTOLOG ; FTP Server<br />
21 TCP FTPSERVE ; FTP Server<br />
23 TCP INTCLIEN ; TELNET Server<br />
; 25 TCP SMTP ; SMTP Server<br />
...<br />
► Save your changes with the FILE subcommand:<br />
====> file<br />
You could continue to configure the system, but at this time it is recommended that you test<br />
your changes by shutting down and reIPLing the system.<br />
4.5.4 Shutting down and reIPLing the system<br />
You may want to be able to shutdown and reIPL z/<strong>VM</strong> without having to access the HMC.<br />
Often, the HMC will be logged off and thus the Integrated 3270 console (SYSG) will not be<br />
available. Because of these factors it is useful to use the System Console (SYSC - which has a<br />
title of Operating System Messages on the HMC) in order to shut down z/<strong>VM</strong> and reIPL it<br />
without needing to use the console. This console is always accessible whether you are<br />
logged on to the HMC or not. z/<strong>VM</strong> messages during both the shutdown and reIPL process<br />
will be written to the system console, but often you will be able to ignore them - you just want<br />
your system back in a few minutes over the network.<br />
To shut down and re-IPL the system, per<strong>for</strong>m the following steps:<br />
► Pass the parameter IPLPARMS CONS=SYSC to the SHUTDOWN REPIL command:<br />
==> shutdown reipl iplparms cons=sysc<br />
You will lose your session, but it should come back in a few minutes as described above.<br />
► When your system is back up, start a 3270 session and logon as MAINT. This shows that<br />
there is TCP/IP access to z/<strong>VM</strong>.<br />
Important: If you cannot start another 3270 session, do not despair - consider this a good<br />
learning experience :)) You must go back to an Integrated 3270 session from the HMC.<br />
Verify that TCPIP is logged on. If it is logged on and you still can’t get to your system, log<br />
TCPIP off (or just re-IPL CMS), log back on, press Enter and watch the messages <strong>for</strong><br />
errors.<br />
► Query the new VSWITCH:<br />
==> q vswitch<br />
VSWITCH SYSTEM VSW1 Type: VSWITCH Connected: 0 Maxconn: INFINITE<br />
PERSISTENT RESTRICTED NONROUTER Accounting: OFF<br />
VLAN Unaware<br />
MAC address: 02-00-01-00-00-01<br />
State: Ready<br />
IPTimeout: 5 QueueStorage: 8<br />
Isolation Status: OFF<br />
RDEV: B440.P00 VDEV: B440 Controller: DTCVSW2<br />
RDEV: B424.P00 VDEV: B424 Controller: DTCVSW1 BACKUP<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 49
You should see that the VSWITCH VSW1 exists, that the OSA devices you specified are<br />
being used and that there are two built-in VSWITCH controllers, DTCVSW1 and DTCVSW2.<br />
4. Use the QUERY RETRIEVE and QUERY VDISK commands to see the changes made to the<br />
Features statement in the SYSTEM CONFIG file:<br />
==> q retrieve<br />
99 buffers available. Maximum of 255 buffers may be selected.<br />
==> q vdisk userlim<br />
VDISK USER LIMIT IS INFINITE<br />
==> q vdisk syslim<br />
VDISK SYSTEM LIMIT IS INFINITE, 0 BLK IN USE<br />
This shows that the changes to the SYSTEM CONFIG file have taken effect.<br />
4.6 Adding paging volumes<br />
<strong>The</strong> z/<strong>VM</strong> operating system resides on the first three CP volumes (or one volume if installing<br />
onto 3390-9s). z/<strong>VM</strong> 6.1 is installed with one full paging volume and one full spool volume. A<br />
single spool volume is probably adequate <strong>for</strong> Linux needs, however, a single paging volume<br />
is probably not.<br />
It is recommended that you add at least three paging volumes so you will have a total of four<br />
(or one more 3390-9). Having adequate paging space will give you plenty of headroom to add<br />
more Linux virtual machines. A rule of thumb <strong>for</strong> the amount of paging space is to have twice<br />
as much as the total of all memory <strong>for</strong> all running Linux user IDs combined.<br />
4.6.1 Formatting the paging volumes<br />
Be<strong>for</strong>e adding paging volumes to the system, the DASD volumes to be used <strong>for</strong> minidisk<br />
space (PERM) and paging space (PAGE) must be <strong>for</strong>matted. Normally this is done one volume at<br />
a time using the CPFMTXA command. If you have just a few volumes, that is fine, but when you<br />
have many volumes to <strong>for</strong>mat, the process of running CPFMTXA can become time consuming<br />
and tedious which can lead to errors.<br />
<strong>The</strong>re<strong>for</strong>e, a REXX EXEC named CPFORMAT has been provided to allow you to <strong>for</strong>mat many<br />
volumes with a single command. <strong>The</strong> source code <strong>for</strong> this EXEC is in the section B.2.1, “<strong>The</strong><br />
CPFORMAT EXEC” on page 244. It is a wrapper around CPFMTXA. To use this EXEC, each<br />
DASD to be <strong>for</strong>matted must first be attached with the virtual device address the same real<br />
device address (using ATTACH realDev *).<br />
Note: This EXEC will label the volumes according to the convention described in 2.2.1,<br />
“Volume labeling convention” on page 9. If you want different volume labels, you can use the<br />
CPFMTXA command and manually specify each volume label, or you can modify the REXX<br />
EXEC.<br />
Getting the CPFORMAT EXEC to z/<strong>VM</strong><br />
Per<strong>for</strong>m the following steps:<br />
► Logoff of MAINT so you will be able to get the MAINT 191 disk in read-write mode using<br />
FTP.<br />
Important: At this point, you will need access to the NFS server described in chapter 6, in<br />
order to get the files CPFORMAT EXEC. If you did not complete that chapter, it is required in<br />
order to proceed.<br />
50 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Start an SSH (putty) session to the NFS server and change to the vm/ directory which<br />
was created when you untarred the files associated with this book. Verify that the file<br />
CPFORMAT.EXEC exists:<br />
# cd /nfs/virt-cookbook-RH6/vm<br />
# ls cp<strong>for</strong>mat*<br />
cp<strong>for</strong>mat.exec<br />
► Start an FTP session to z/<strong>VM</strong>. If you get a reply from the FTP server it shows that you<br />
correctly configured it on the z/<strong>VM</strong> TCPMAINT user ID. Issue the PUT subcommand to copy<br />
the file.<br />
# ftp 9.60.18.249<br />
Name (9.12.5.22:root): maint<br />
331-Password: maint<br />
230-MAINT logged in; working directory = MAINT 191<br />
...<br />
ftp> put cp<strong>for</strong>mat.exec<br />
...<br />
ftp> quit<br />
You should now have the CPFORMAT EXEC on MAINT 191 disk.<br />
Using the CPFORMAT EXEC<br />
To use the CPFORMAT EXEC, per<strong>for</strong>m the following steps:<br />
► Log back into MAINT. You should now have access to the CPFORMAT EXEC. You can get<br />
brief help on CPFORMAT by using a parameter of “?”:<br />
==> cp<strong>for</strong>mat ?<br />
Synopsis:<br />
Format one or a range of DASD as page, perm, spool or temp disk space<br />
<strong>The</strong> label written to each DASD is U where:<br />
is type - P (page), M (perm), S (spool) or T (Temp disk)<br />
is the 4 digit address<br />
Syntax is:<br />
.-PAGE-.<br />
>>--CPFORMAT--.-rdev--------------.--AS---+-PERM-+---------><<br />
| q 6285 6286 6287<br />
DASD 6285 UM6285 , DASD 6286 UM6286 , DASD 6287 UM6287<br />
► Attach the devices to MAINT (the last parameter of * means the current user ID) using the<br />
ATTACH command:<br />
==> att 6285-6287 *<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 51
6285-6287 ATTACHED TO MAINT<br />
► Use the CPFORMAT command with the AS PAGE parameter:<br />
==> cp<strong>for</strong>mat 6285-6287 as page<br />
Format the following DASD:<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6285 MAINT 6285 3390 FR6285 6285 0 3339<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6286 MAINT 6286 3390 FR6286 6286 0 3339<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6287 MAINT 6287 3390 FR6287 6287 0 3339<br />
WARNING - this will destroy data!<br />
ARE YOU SURE you want to <strong>for</strong>mat the DASD as PAGE space (y/n)?<br />
y<br />
...<br />
DASD status after:<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6285 MAINT 6285 3390 UP6285 6285 0 3339<br />
MAINT 6286 MAINT 6286 3390 UP6286 6286 0 3339<br />
MAINT 6287 MAINT 6287 3390 UP6287 6287 0 3339<br />
This <strong>for</strong>matting job should run <strong>for</strong> about <strong>10</strong>-30 minutes depending on many factors.<br />
4.6.2 Formatting DASD <strong>for</strong> minidisks<br />
In addition to CP disks such as page space, System disks will be needed to create minidisks<br />
<strong>for</strong> the virtual machines. In this section the DASD which will be used <strong>for</strong> the minidisks of<br />
LNXMAINT, RH6CLONE and RH6GOLD will be <strong>for</strong>matted<br />
► Query the DASD that will be used <strong>for</strong> minidisks. In this example they are 6289, 6290, 6293,<br />
6294 (3390-3s), 63A2 and 63A9 (3390-9s):<br />
==> q 6289 6290 6293 6294 63a2 63a9<br />
DASD 6289 FR6289 , DASD 6290 FR6290 , DASD 6293 FR6293 , DASD 6294 FR6294<br />
DASD 63A2 FR63A2 , DASD 63A9 FR63A9<br />
► Attach the six volumes that will be used <strong>for</strong> the cloner, the common CMS disk and the<br />
golden image. Note that in this example the DASD are four 3390-3s and two 3390-9s. If<br />
you are using all 3390-3s, you will need eight devices:<br />
==> att 6289 6290 6293 6294 63a2 63a9 *<br />
6289 6290 6293 6294 63A2 63A9 ATTACHED TO MAINT<br />
► Invoke the CPFORMAT command against these volumes using the parameter as perm:<br />
==> cp<strong>for</strong>mat 6289 6290 6293 6294 63a2 63a9 as perm<br />
Format the following DASD:<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6289 MAINT 6289 3390 FR6289 6289 0 3339<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6290 MAINT 6290 3390 FR6290 6290 0 3339<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6293 MAINT 6293 3390 FR6293 6293 0 3339<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6294 MAINT 6294 3390 FR6294 6294 0 3339<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 63A2 MAINT 63A2 3390 FR63A2 63A2 0 <strong>10</strong>017<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 63A9 MAINT 63A9 3390 FR63A2 63A9 0 <strong>10</strong>017<br />
52 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
WARNING - this will destroy data!<br />
ARE YOU SURE you want to <strong>for</strong>mat the DASD as PERM space (y/n)? y<br />
...<br />
DASD successfully <strong>for</strong>matted: UM6289 UM6290 UM6293 UM6294 UM63A2 UM63A9<br />
6289 6290 6293 6294 63A2 63A9 DETACHED<br />
6289 6290 6293 6294 63A2 63A9 ATTACHED TO MAINT<br />
DASD status after:<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 6289 MAINT 6289 3390 UM6289 6289 0 3339<br />
MAINT 6290 MAINT 6290 3390 UM6290 6290 0 3339<br />
MAINT 6293 MAINT 6293 3390 UM6293 6293 0 3339<br />
MAINT 6294 MAINT 6294 3390 UM6294 6294 0 3339<br />
MAINT 63A2 MAINT 63A2 3390 UM63A2 63A2 0 <strong>10</strong>017<br />
MAINT 63A9 MAINT 63A9 3390 UM63A9 63A9 0 <strong>10</strong>017<br />
You should now have newly <strong>for</strong>matted volumes that can be used <strong>for</strong> minidisks.<br />
4.6.3 Updating the SYSTEM CONFIG file<br />
Now that the PAGE and PERM volumes are ready <strong>for</strong> use, they must be added to the SYSTEM<br />
CONFIG file so that z/<strong>VM</strong> can use them. Follow these steps to update the SYSTEM CONFIG file:<br />
► Logon to MAINT.<br />
► <strong>The</strong> following example uses the same steps to access the MAINT CF1 disk read-write that<br />
you used earlier:<br />
==> q cpdisk<br />
Label Userid Vdev Mode Stat Vol-ID Rdev Type StartLoc EndLoc<br />
MNTCF1 MAINT 0CF1 A R/O 6<strong>10</strong>RES 61A2 CKD 39 158<br />
MNTCF2 MAINT 0CF2 B R/O 6<strong>10</strong>RES 61A2 CKD 159 278<br />
MNTCF3 MAINT 0CF3 C R/O 6<strong>10</strong>RES 61A2 CKD 279 398<br />
==> cprel a<br />
CPRELEASE request <strong>for</strong> disk A scheduled.<br />
HCPZAC6730I CPRELEASE request <strong>for</strong> disk A completed.<br />
==> link * cf1 cf1 mr<br />
==> acc cf1 f<br />
It is good to remember this sequence of steps.<br />
► Make a copy of the working SYSTEM CONFIG file using the “WRKS” (it works!) suffix<br />
convention:<br />
==> copy system config f = confwrks =<br />
► Edit the SYSTEM CONFIG file and specify each of the new page volumes (PAGE) by name as<br />
CP_Owned. When you system IPLs it will pick up these as paging volumes.<br />
==> x system config f<br />
====> /cp_owned<br />
...<br />
/*****************************************************************/<br />
/* CP_Owned Volume Statements */<br />
/*****************************************************************/<br />
CP_Owned Slot 1 6<strong>10</strong>RES<br />
CP_Owned Slot 2 UV6281<br />
CP_Owned Slot 3 UV6282<br />
CP_Owned Slot 4 UV6283<br />
CP_Owned Slot 5 UV6284<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 53
CP_Owned Slot 6 UP6285<br />
CP_Owned Slot 7 UP6286<br />
CP_Owned Slot 8 UP6287<br />
CP_Owned Slot 9 RESERVED<br />
CP_Owned Slot <strong>10</strong> RESERVED<br />
CP_Owned Slot 11 RESERVED<br />
...<br />
► Move down to the User_Volume_List section. User volumes (PERM) can be specified<br />
individually with the User_Volume_List statement, or with wild cards using the<br />
User_Volume_Include statement. If you are using the labelling convention en<strong>for</strong>ced by the<br />
CPFORMAT EXEC and no other LPAR will be using the same volumes with the same prefix,<br />
then add the following single line to include all PERM space as volume labels all begin<br />
with UM6.<br />
====> /user_v<br />
/**********************************************************************/<br />
/* User_Volume_List */<br />
/* <strong>The</strong>se statements are not active at the present time. <strong>The</strong>y are */<br />
/* examples, and can be activated by removing the comment delimeters */<br />
/**********************************************************************/<br />
User_Volume_Include UM6*<br />
/* User_Volume_List USRP01 */<br />
/* User_Volume_List USRP02 */<br />
...<br />
====> file<br />
Important: If other z/<strong>VM</strong> LPARs might be attaching volumes with the UM prefix, you<br />
should specifically list each volume to be attached to SYSTEM using the User_Volume_List<br />
statement. This will prevent the possibility of multiple z/<strong>VM</strong> systems writing to the same<br />
volume. In this example, the list would be:<br />
User_Volume_List UM6289<br />
User_Volume_List UM6290<br />
User_Volume_List UM6293<br />
User_Volume_List UM6294<br />
User_Volume_List UM63A2<br />
► Save your changes with the FILE subcommand. Verify the integrity of the changes with the<br />
CPSYNTAX command:<br />
==> acc 193 g<br />
==> cpsyntax system config f<br />
CONFIGURATION FILE PROCESSING COMPLETE -- NO ERRORS ENCOUNTERED.<br />
► When you have confirm there are no syntax errors, put the MAINT CF1 disk back online.<br />
<strong>The</strong> following example shows how you did this previously:<br />
==> rel f (det<br />
DASD 0CF1 DETACHED<br />
==> cpacc * cf1 a<br />
CPACCESS request <strong>for</strong> mode A scheduled.<br />
HCPZAC6732I CPACCESS request <strong>for</strong> MAINT's 0CF1 in mode A completed.<br />
==> q cpdisk<br />
Label Userid Vdev Mode Stat Vol-ID Rdev Type StartLoc EndLoc<br />
MNTCF1 MAINT 0CF1 A R/O 6<strong>10</strong>RES 0200 CKD 39 83<br />
MNTCF2 MAINT 0CF2 B R/O 6<strong>10</strong>RES 0200 CKD 84 128<br />
MNTCF3 MAINT 0CF3 C R/O 6<strong>10</strong>RES 0200 CKD 129 188<br />
54 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
4.6.4 Testing the changes<br />
It is recommended that you again shutdown and reIPL to test the changes. Be<strong>for</strong>e you shut<br />
down, note that you have only one page volume (UV6282 in this example) using the QUERY<br />
ALLOC PAGE command. Your output should look similar to the following:<br />
==> q alloc page<br />
EXTENT EXTENT TOTAL PAGES HIGH %<br />
VOLID RDEV START END PAGES IN USE PAGE USED<br />
------ ---- ---------- ---------- ------ ------ ------ ----<br />
UV6282 6282 1 3338 600840 1 4 1%<br />
------ ------ ----<br />
SUMMARY 600840 1 1%<br />
USABLE 600840 1 1%<br />
Now shut the system down again with the command SHUTDOWN REIPL IPLPARMS CONS=SYSC. This<br />
is analogous to the Linux reboot command in that the system attempts to come back up after<br />
it shuts down. If you are connected using a 3270 emulator, you will lose your session, but if all<br />
goes well, your system will be available again in a couple of minutes.<br />
==> shutdown reipl iplparms cons=sysc<br />
After the system comes back, logon as MAINT and look at the page space again. You<br />
should now see that you have six paging volumes:<br />
==> q alloc page<br />
EXTENT EXTENT TOTAL PAGES HIGH %<br />
VOLID RDEV START END PAGES IN USE PAGE USED<br />
------ ---- ---------- ---------- ------ ------ ------ ----<br />
UV6282 6282 1 3338 600840 1 5 1%<br />
UP6285 6285 0 3338 60<strong>10</strong>20 0 0 0%<br />
UP6286 6286 0 3338 60<strong>10</strong>20 0 0 0%<br />
UP6287 6287 0 3338 60<strong>10</strong>20 0 0 0%<br />
------ ------ ----<br />
SUMMARY 2348K 1 1%<br />
USABLE 2348K 1 1%<br />
<strong>The</strong> output shows there are four paging volumes constituting 2348 K pages, or about 9 GB of<br />
page space (a page is 4KB).<br />
4.7 Creating a user ID <strong>for</strong> common files<br />
Now it is time to define your first z/<strong>VM</strong> user ID, LNXMAINT. It will be used to store files that will<br />
be shared by Linux user IDs. Be<strong>for</strong>e starting, make a copy of the original USER DIRECT file:<br />
==> copy user direct c = direorig = (oldd<br />
4.7.1 Define the user in the USER DIRECT file<br />
A small 20 cylinder minidisk is allocated at virtual address 191 and a larger 300 cylinder<br />
minidisk (approximately 225MB), to be shared by many guests, is defined at virtual address<br />
192. Use the next free DASD designated as PERM space on your worksheet (2.7.2, “z/<strong>VM</strong><br />
DASD worksheet” on page 17). Cylinder 0 should always be reserved <strong>for</strong> the label there<strong>for</strong>e<br />
you should start minidisks at cylinder 1.<br />
► Edit the USER DIRECT file and add the following user ID definition to the bottom of the file. A<br />
comment is added signifying the split between z/<strong>VM</strong> system user IDs and locally added<br />
user IDs (this can be helpful when moving to a new version of z/<strong>VM</strong>):<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 55
==> x user direct c<br />
====> bottom<br />
====> a 9<br />
...<br />
*------------------------------------------------------------<br />
* z/<strong>VM</strong> system user IDs are above, local user IDs are below<br />
*------------------------------------------------------------<br />
USER LNXMAINT LNXMAINT 64M 128M BEG 1<br />
INCLUDE TCPCMSU 2<br />
LINK TCPMAINT 592 592 RR 3<br />
MDISK 0191 3390 0001 0020 UM6289 MR READ WRITE MULTIPLE 4<br />
MDISK 0192 3390 0021 0300 UM6289 MR ALL WRITE MULTIPLE 5<br />
* 6<br />
...<br />
====> file<br />
Note the following points <strong>for</strong> the numbers in black:<br />
1 User ID LNXMAINT, same password, default size of 64MB, with class B, E and G<br />
privileges<br />
2 Include the profile named TCPCMSU (defined earlier in the USER DIRECT file)<br />
3 Link to the TCPMAINT 592 disk read-only <strong>for</strong> access to FTP and other TCP/IP<br />
commands<br />
4 Define a 191 minidisk of size 20 cylinders from volume UM6289<br />
5 Define 192 minidisk of size 300 cylinders (approximately 225MB) from volume<br />
UM6289 with the special read password of ALL which allows read access from any<br />
user ID without a disk password<br />
6 An empty comment line <strong>for</strong> better readability.<br />
► Whenever an MDISK statement is added or modified in the USER DIRECT file you should<br />
always check <strong>for</strong> overlapping cylinders and gaps (gaps will only leave empty disk space,<br />
however, overlaps can occur because z/<strong>VM</strong> will allow you to shoot yourself in the foot by<br />
defining multiple minidisks over the same disk space). This is done with the DISKMAP<br />
command:<br />
==> diskmap user<br />
<strong>The</strong> minidisks with the END option specified in this directory will not be includ<br />
ed in the following DISKMAP file.<br />
File USER DISKMAP A has been created.<br />
► <strong>The</strong> file created, USER DISKMAP, contains a mapping of all minidisk volumes defined in the<br />
USER DIRECT file. It will list any overlaps or gaps found on the volumes. Edit the file and<br />
turn off the prefix area with the XEDIT PREFIX OFF subcommand to view 80 columns:<br />
==> x user diskmap<br />
====> prefix off<br />
► Search <strong>for</strong> the text overlap with the / subcommand:<br />
====> /overlap<br />
You should see the error message: DMSXDC546E Target not found. This means that no<br />
minidisks are overlapping each other.<br />
Now search <strong>for</strong> all the gaps using the ALL subcommand. You should also see some gaps:<br />
====> all /gap<br />
0 500 501 GAP<br />
-------------------- 6 line(s) not displayed --------------------<br />
0 0 1 GAP<br />
56 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
-------------------- 216 line(s) not displayed --------------------<br />
0 0 1 GAP<br />
-------------------- 86 line(s) not displayed --------------------<br />
Type ALL with no argument again to get out of this mode<br />
====> all<br />
Three GAPs should be listed on the right side:<br />
• 501 cylinders on the $$$$$$ volume<br />
• 1 cylinder on the $$$LNX volume<br />
• 1 cylinder on volume used <strong>for</strong> LNXMAINT 191 and 192 disks (UM6289 in this example)<br />
You don’t have to worry about the first two gaps as they are expected given the layout of<br />
the default USER DIRECT file. To avoid a 1 cylinder gap being reported on each user<br />
volume, it is recommended to use the user ID $ALLOC$. This user is set to NOLOG which<br />
means it can never be logged onto. Thus it is not a conventional user ID, rather, it is a<br />
convenient place to put dummy minidisk definitions <strong>for</strong> cylinder 0 of all PERM volumes.<br />
► Get out of the file USER DISKMAP with the QUIT command or by pressing F3.<br />
► Edit the USER DIRECT file again and add a new minidisk definition at virtual address A04 <strong>for</strong><br />
the first cylinder of the DASD you added (the label is UM6289 in this example):<br />
==> x user direct<br />
====> /user $alloc<br />
USER $ALLOC$ NOLOG<br />
MDISK A01 3390 000 001 6<strong>10</strong>RES R<br />
MDISK A02 3390 000 001 UV6283 R<br />
MDISK A03 3390 000 001 UV6284 R<br />
MDISK A04 3390 000 001 UM6289 R<br />
► Save your changes with the FILE subcommand and run DISKMAP again. Edit the USER<br />
DISKMAP file. This time you should see just two gaps <strong>for</strong> volumes with labels $$$$$$ and<br />
$$$LNX. If you search <strong>for</strong> $ALLOC$ user ID, you should see the disk map of the volume you<br />
added <strong>for</strong> LNXMAINT:<br />
==> diskmap user<br />
<strong>The</strong> minidisks with the END option specified in this directory will not be includ<br />
ed in the following DISKMAP file.<br />
File USER DISKMAP A has been created.<br />
==> x user diskmap<br />
====> prefix off<br />
====> all /gap<br />
0 500 501 GAP<br />
-------------------- 6 line(s) not displayed --------------------<br />
0 0 1 GAP<br />
-------------------- 303 line(s) not displayed --------------------<br />
► When you are done you can quit by pressing F3.<br />
====> F3<br />
► Now that you are sure the minidisk layout is correct, the changes to the USER DIRECT file<br />
can be brought online using the DIRECTXA command:<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 6 RELEASE 1.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
HCPDIR494I User directory occupies 43 disk pages<br />
If the DIRECTXA command fails, correct the problem be<strong>for</strong>e proceeding.<br />
You have now defined your first z/<strong>VM</strong> user ID named LNXMAINT.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 57
4.7.2 Logging and customizing the new user ID<br />
Now you should be able to logon to the new user ID and <strong>for</strong>mat its two minidisks.<br />
► Logoff of MAINT and logon to LNXMAINT.<br />
LOGON LNXMAINT<br />
z/<strong>VM</strong> Version 6 Release 1.0, Service Level 0901 (64-bit),<br />
built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
<strong>The</strong>re is no logmsg data<br />
FILES: NO RDR, NO PRT, NO PUN<br />
LOGON AT 13:14:38 EST FRIDAY 11/20/09<br />
z/<strong>VM</strong> V6.1.0 2009-11-19 13:47<br />
DMSACP112S A(191) device error<br />
You should see an error message ending in “device error”. When CMS is started, it tries<br />
to access the user’s 191 minidisk as file mode A. <strong>The</strong> 191 minidisk has been defined to this<br />
user ID, however, it has never been <strong>for</strong>matted as a CMS file system.<br />
► To <strong>for</strong>mat this disk <strong>for</strong> CMS use the FORMAT command. It requires a parameter specifying<br />
the file mode to access the disk as, mode A in the following example:<br />
==> <strong>for</strong>mat 191 a<br />
DMSFOR603R FORMAT will erase all files on disk A(191). Do you wish to continue?<br />
Enter 1 (YES) or 0 (NO).<br />
1<br />
DMSFOR605R Enter disk label:<br />
lxm191<br />
DMSFOR733I Formatting disk A<br />
DMSFOR732I 20 cylinders <strong>for</strong>matted on A(191)<br />
► Format the larger 192 disk as the D minidisk which should take a minute or two:<br />
==> <strong>for</strong>mat 192 d<br />
DMSFOR603R FORMAT will erase all files on disk D(192). Do you wish to continue?<br />
Enter 1 (YES) or 0 (NO).<br />
1<br />
DMSFOR605R Enter disk label:<br />
lxm192<br />
DMSFOR733I Formatting disk D<br />
DMSFOR732I 300 cylinders <strong>for</strong>matted on D(192)<br />
► You have now <strong>for</strong>matted the two minidisks and accessed them as file modes A and D. You<br />
can confirm this using the QUERY DISK command:<br />
==> q disk<br />
LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOTAL<br />
LNX191 191 A R/W 20 3390 4096 0 7-00 3593 3600<br />
LXM192 192 D R/W 300 3390 4096 0 11-00 53989 54000<br />
MNT190 190 S R/O <strong>10</strong>0 3390 4096 694 15028-83 2972 18000<br />
MNT19E 19E Y/S R/O 250 3390 4096 <strong>10</strong>21 28254-63 16746 45000<br />
4.7.3 Copying a PROFILE XEDIT<br />
Copy the PROFILE XEDIT from the MAINT 191 disk so XEDIT sessions will have a common<br />
interface among user IDs. Per<strong>for</strong>m the following steps:<br />
► Use the <strong>VM</strong>LINK command to both link to the disk read-only and to access it as the highest<br />
available file mode. <strong>The</strong> default read password is read:<br />
==> vmlink maint 191<br />
ENTER READ PASSWORD:<br />
==> read<br />
58 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
DMS<strong>VM</strong>L2060I MAINT 191 linked as 0120 file mode Z<br />
► Copy the PROFILE XEDIT to the A disk:<br />
==> copy profile xedit z = = a<br />
► Also copy the same file to the D disk (which will become the Linux user ID’s read-only A<br />
disk). <strong>The</strong>n release and detach the MAINT 191 disk:<br />
==> copy profile xedit z = = d<br />
==> rel z (det<br />
DASD 0120 DETACHED<br />
4.7.4 Creating a PROFILE EXEC<br />
Create a simple PROFILE EXEC that will be run each time this user ID is logged on.<br />
► Create the new file using XEDIT and add the following lines (be sure to type the A file<br />
mode so you don’t pick up a PROFILE EXEC on another disk). REXX EXECs must always<br />
begin with a C language-style comment.<br />
==> x profile exec a<br />
====> a 5<br />
/* PROFILE EXEC */<br />
'acc 592 e'<br />
'cp set run on'<br />
'cp set pf11 retrieve <strong>for</strong>ward'<br />
'cp set pf12 retrieve'<br />
====> file<br />
This PROFILE EXEC access the TCPMAINT 592 disk as file mode E, sets CP run on, and sets<br />
the retrieve keys per convention.<br />
► You could test your changes by logging off and logging back on. However, typing the<br />
command PROFILE will do the same.<br />
==> profile<br />
DMSACP723I E (592) R/O<br />
► By default CMS tries to access the 191 disk as A and the 192 disk as D. Also you should<br />
have the TCPMAINT 592 disk accessed as E. Verify these three disks are accessed with the<br />
QUERY DISK command:<br />
==> q disk<br />
LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOTAL<br />
LXM191 191 A R/W 20 3390 4096 2 9-01 3591 3600<br />
LXM192 192 D R/W 300 3390 4096 0 11-00 53989 54000<br />
TCM592 592 E R/O 70 3390 4096 903 <strong>10</strong>183-81 2417 12600<br />
MNT190 190 S R/O <strong>10</strong>0 3390 4096 694 15028-83 2972 18000<br />
MNT19E 19E Y/S R/O 250 3390 4096 <strong>10</strong>21 28254-63 16746 45000<br />
► Verify that your F11 and F12 keys are set to the RETRIEVE command using the QUERY<br />
PFKEYS command:<br />
==> q pf<br />
...<br />
PF<strong>10</strong> UNDEFINED<br />
PF11 RETRIEVE FORWARD<br />
PF12 RETRIEVE BACKWARD<br />
...<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 59
4.7.5 Copying files associated with this book to LNXMAINT<br />
<strong>The</strong> z/<strong>VM</strong> files associated with this book are in the vm/ subdirectory of the NFS server you set<br />
up earlier. <strong>The</strong>se files should be stored on the larger 192 disk which is accessed as your D<br />
disk. Per<strong>for</strong>m the following steps:<br />
► Log off of LNXMAINT so that the 192 disk can be accessed read-write.<br />
► Start an SSH session on the NFS server and change directory to the <strong>VM</strong> files<br />
associated with this book. <strong>The</strong> directory name will be one of the following two depending<br />
on the distribution you are working with:<br />
# cd /nfs/virt-cookbook-RH6/vm<br />
► FTP to z/<strong>VM</strong>. By default FTP copies files to your 191 disk, so first change directory to the<br />
LNXMAINT 192 disk. <strong>The</strong> files are all in ASCII and the default behavior is to convert to ASCII<br />
to EBCDIC. Use the mput * subcommand to copy the files from the vm/ directory to<br />
LNXMAINT:<br />
# ftp 9.60.18.249<br />
Connected to 9.12.5.22.<br />
Name (9.12.5.22:root): lnxmaint<br />
331-Password:<br />
Password: lnxmaint<br />
230-LNXMAINT logged in; working directory = LNXMAINT 191<br />
Remote system type is z/<strong>VM</strong>.<br />
ftp> cd lnxmaint.192<br />
250 Working directory is LNXMAINT 192<br />
ftp> prompt<br />
Interactive mode off<br />
ftp> mput *<br />
...<br />
ftp> quit<br />
► Logon to LNXMAINT. You should see the following files on your D disk:<br />
==> filel * * d<br />
LNXMAINT FILELIST A0 V 169 Trunc=169 Size=5 Line=1 Col=1 Alt=0<br />
Cmd Filename Filetype Fm Format Lrecl Records Blocks Date Time<br />
CHPW6<strong>10</strong> XEDIT D1 V 72 190 3 11/04/<strong>10</strong> 13:57:39<br />
CPFORMAT EXEC D1 V 79 252 3 11/04/<strong>10</strong> 13:57:39<br />
PROFILE EXEC D1 V 63 17 1 11/04/<strong>10</strong> 13:57:39<br />
RHEL6 EXEC D1 V 69 <strong>10</strong> 1 11/04/<strong>10</strong> 13:57:39<br />
SAMPLE CONF-RH6 D1 V 38 11 1 11/04/<strong>10</strong> 13:57:39<br />
SAMPLE PARM-RH6 D1 V 80 3 1 11/04/<strong>10</strong> 13:57:39<br />
SWAPGEN EXEC D1 V 72 467 6 11/04/<strong>10</strong> 13:57:39<br />
PROFILE XEDIT D1 V 45 17 1 11/04/<strong>10</strong> 13:48:08<br />
4.8 Customizing system startup and shutdown<br />
When your z/<strong>VM</strong> system is IPLed, it is often desirable to have important Linux systems also<br />
start. Conversely, when you shut down z/<strong>VM</strong>, it is desirable to have all Linux systems shut<br />
down first.<br />
4.8.1 Configuring the AUTOLOG1 PROFILE EXEC<br />
It is recommended that the following tasks be accomplished by using AUTOLOG1’s PROFILE<br />
EXEC.<br />
60 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Configure Linux to shut down gracefully using the SET SIGNAL command<br />
► Overcommit memory using the SET SRM STORBUF command<br />
► Grant access to the VSWITCH <strong>for</strong> each Linux user<br />
► Start user IDs that should be started using the XAUTOLOG command<br />
► Limit minidisk cache in central storage and turn it off in expanded storage<br />
To accomplish this, per<strong>for</strong>m the following steps:<br />
► Logoff of LNXMAINT and logon to AUTOLOG1. At the <strong>VM</strong> READ prompt you have usually been<br />
pressing Enter which causes the PROFILE EXEC to be run. If you do not want this EXEC to<br />
run, enter the command ACCESS (NOPROF:<br />
LOGON AUTOLOG1<br />
z/<strong>VM</strong> Version 6 Release 1.0, Service Level 0901 (64-bit),<br />
built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
<strong>The</strong>re is no logmsg data<br />
FILES: NO RDR, NO PRT, NO PUN<br />
LOGON AT 09:29:16 EST FRIDAY 11/20/09<br />
DMSIND2015W Unable to access the Y-disk. Filemode Y (19E) not accessed<br />
z/<strong>VM</strong> V6.1.0 2009-11-19 13:47<br />
==> acc (noprof<br />
► Make a copy of the working PROFILE EXEC:<br />
==> copy profile exec a = execwrks =<br />
► Edit the file and add the emboldened text. A LOGOFF command is added at the end of the<br />
EXEC so the virtual machine will be logged off when it is complete. This will save a small<br />
amount of memory on the system, but does add the requirement that you type acc<br />
(noprof at the <strong>VM</strong> READ prompt when you log on interactively.<br />
==> x profile exec<br />
/***************************/<br />
/* Autolog1 Profile Exec */<br />
/***************************/<br />
'cp xautolog tcpip' /* start up TCPIP */<br />
'CP XAUTOLOG <strong>VM</strong>SERVS'<br />
'CP XAUTOLOG <strong>VM</strong>SERVU'<br />
'CP XAUTOLOG <strong>VM</strong>SERVR'<br />
'CP XAUTOLOG DTCVSW1'<br />
'CP XAUTOLOG DTCVSW2'<br />
'cp set pf12 ret' /* set the retrieve key */<br />
'cp set mdc stor 0m 128m' /* Limit minidisk cache in CSTOR */<br />
'cp set mdc xstore 0m 0m' /* Disable minidisk cache in XSTOR */<br />
'cp set srm storbuf 300% 250% 200%' /* Overcommit memory */<br />
'cp set signal shutdown 300' /* Allow guests 5 min to shut down */<br />
'cp logoff' /* logoff when done */<br />
► Save your changes with the FILE subcommand.<br />
Important: <strong>The</strong> set mdc and set srm lines are z/<strong>VM</strong> tuning values. It is believed that these<br />
are good starts <strong>for</strong> Linux systems, but will not be optimal <strong>for</strong> all z/<strong>VM</strong> systems. For more<br />
reading on these values, see the following Web sites:<br />
http://www.vm.ibm.com/perf/tips/linuxper.html<br />
http://www.vm.ibm.com/perf/tips/prgmdcar.html<br />
You may choose to modify or omit some of these settings. Your system should now be<br />
configured to start up and send a signal to shut down Linux user IDs.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 61
4.8.2 Testing the changes<br />
To test your changes you must reIPL z/<strong>VM</strong> again. Be sure you are in a position to do so!<br />
Per<strong>for</strong>m the following steps:<br />
► Shutdown and reIPL your system.<br />
==> shutdown reipl iplparms cons=sysc<br />
SYSTEM SHUTDOWN STARTED<br />
► When your system comes back logon as MAINT.<br />
► Query the SRM values to see that the new STORBUF settings is in effect and the SIGNAL<br />
SHUTDOWN value is set to 300 seconds:<br />
==> q srm<br />
IABIAS : INTENSITY=90%; DURATION=2<br />
LDUBUF : Q1=<strong>10</strong>0% Q2=75% Q3=60%<br />
STORBUF: Q1=300% Q2=250% Q3=200%<br />
DSPBUF : Q1=32767 Q2=32767 Q3=32767<br />
...<br />
==> q signal shutdown<br />
System default shutdown signal timeout: 300 seconds<br />
This output shows that your changes have taken effect.<br />
4.9 Addressing z/<strong>VM</strong> security issues<br />
This section briefly discusses the following security issues.<br />
► z/<strong>VM</strong> security products<br />
► High level z/<strong>VM</strong> security<br />
► Linux user ID privilege classes<br />
► z/<strong>VM</strong> user ID and minidisk passwords<br />
<strong>VM</strong> security products<br />
You might want to use a z/<strong>VM</strong> security product such as <strong>IBM</strong> RACF or CA <strong>VM</strong>:Secure. <strong>The</strong>y<br />
allow you to address more security issues such as password aging and the auditing of users<br />
access attempts.<br />
High level z/<strong>VM</strong> security<br />
<strong>The</strong> paper z/<strong>VM</strong> Security and Integrity discusses the isolation and integrity of virtual servers<br />
under z/<strong>VM</strong>. It is on the Web at:<br />
http://www.vm.ibm.com/library/zvmsecint.pdf<br />
Linux user ID privilege classes<br />
Another security issue is the privilege class that Linux user IDs are assigned. <strong>The</strong> <strong>IBM</strong><br />
Redpaper Running Linux Guests with less than CP Class G Privilege addresses this issue. It<br />
is on the Web at:<br />
http://www.redbooks.ibm.com/redpapers/pdfs/redp3870.pdf<br />
z/<strong>VM</strong> user ID and minidisk passwords<br />
All passwords in a vanilla z/<strong>VM</strong> system are the same as the user ID. This is a large security<br />
hole. <strong>The</strong> minimum you should do is to address this issue.<br />
<strong>The</strong>re are two types of passwords in the USER DIRECT file:<br />
62 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
User IDs <strong>The</strong> password required to logon with<br />
Minidisks Separate passwords <strong>for</strong> read access, write access and multi-write access<br />
Both types of passwords should be modified. This can be done using the CHPW6<strong>10</strong> XEDIT<br />
macro described in the next section.<br />
4.9.1 Changing passwords in USER DIRECT<br />
Changing the passwords can be done manually in XEDIT. However, this is both tedious and<br />
error-prone. So an XEDIT macro named CHPW6<strong>10</strong> XEDIT has been included with this book.<br />
<strong>The</strong> source code is in Appendix B.2.2, “<strong>The</strong> CHPW6<strong>10</strong> XEDIT macro” on page 248.<br />
This macro will change all z/<strong>VM</strong> passwords to the same value, which may still not be<br />
adequate security given the different function of the various user IDs. If you want different<br />
passwords, you have to modify the USER DIRECT file manually, either with or without using the<br />
CHPW52 XEDIT macro.<br />
To modify all user ID and minidisk passwords to the same value, per<strong>for</strong>m the following steps.<br />
► Logon to MAINT.<br />
► Link and access the LNXMAINT 192 disk to pick up the CHPW6<strong>10</strong> XEDIT macro:<br />
==> vmlink lnxmaint 192<br />
DMS<strong>VM</strong>L2060I LNXMAINT 192 linked as 0120 file mode Z<br />
► Make a backup copy of the USER DIRECT file and first be sure the password that you want<br />
to use is not a string in the file. For example if you want to change all passwords to lnx4vm,<br />
then do the following:<br />
==> copy user direct c = direwrks = (oldd<br />
==> x user direct c<br />
====> /lnx4vm<br />
DMSXDC546E Target not found<br />
====> quit<br />
<strong>The</strong> Target not found message shows that the string lnx4vm is not used in the USER<br />
DIRECT file, so it is a good candidate <strong>for</strong> a password.<br />
► Edit the USER DIRECT file with a parameter of (profile chpw6<strong>10</strong>) followed by the new<br />
password. Rather than invoking the default profile of PROFILE XEDIT, this command will<br />
invoke the XEDIT macro named CHPW6<strong>10</strong> XEDIT and pass it the new password. For<br />
example, to change all passwords to lnx4vm, enter the following command:<br />
==> x user direct c (profile chpw6<strong>10</strong>) lnx4vm<br />
Changing all passwords to: LNX4<strong>VM</strong><br />
DMSXCG517I 1 occurrence(s) changed on 1 line(s)<br />
DMSXCG517I 1 occurrence(s) changed on 1 line(s)<br />
...<br />
► When the profile finishes you are left in the XEDIT session with all passwords modified.<br />
You may wish to first examine the changes. <strong>The</strong>n save the changes with the FILE<br />
subcommand:<br />
====> file<br />
► Bring the changes online with the DIRECTXA command:<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 6 RELEASE 1.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 63
HCPDIR494I User directory occupies 43 disk pages<br />
Your new directory is online. Do not <strong>for</strong>get the new password!<br />
Note that this XEDIT macro will only work on a vanilla USER DIRECT file because it searches <strong>for</strong><br />
the original user IDs next to passwords. If you want to change your password again, it should<br />
be much easier as you can use the XEDIT CHANGE subcommand. For example to change all<br />
passwords from lnx4vm to vm4lnx, invoke the following commands:<br />
==> x user direct c<br />
====> c/LNX4<strong>VM</strong>/<strong>VM</strong>4LNX/* *<br />
DMSXCG517I 798 occurrence(s) changed on 345 line(s)<br />
Congratulations, your z/<strong>VM</strong> system is now customized and ready <strong>for</strong> Linux. It is<br />
recommended that you back up your system to tape.<br />
4.<strong>10</strong> Backing up your z/<strong>VM</strong> system to tape<br />
Your system is now customized with a running TCP/IP stack, a highly available<br />
VSWITCH, a startup and shutdown process and with a user ID <strong>for</strong> shared files. You have<br />
changed the passwords. This would be a good time to back up the system to tape.<br />
<strong>The</strong>re are five system volumes that should be backed up 6<strong>10</strong>RES, 6<strong>10</strong>SPL, 6<strong>10</strong>PAG, 6<strong>10</strong>W01 and<br />
6<strong>10</strong>W02 (or just the first three if you are using 3390-9s). If you changed the labels of the last<br />
four at install time, then use those labels. You also have configured a sixth volume that is<br />
important to Linux: that is the first 320 cylinders of the volume with LNXMAINT on it.<br />
To backup these volumes to tape, refer to chapter 8. Load the System Image, Step 11.<br />
Store a Backup Copy of the z/<strong>VM</strong> System on Tape in the manual <strong>The</strong> z/<strong>VM</strong> Guide <strong>for</strong><br />
Automated Installation and Service, GC204-6099.<br />
4.11 Relabeling system volumes<br />
In previous books, the z/<strong>VM</strong> installation was described using “standard labels” on the<br />
CP-owned volumes (e.g. 6<strong>10</strong>RES, 6<strong>10</strong>SPL, 6<strong>10</strong>PAG, 6<strong>10</strong>W01 and 6<strong>10</strong>W02). In this book, changing<br />
the last four labels to include the real device address in the last four characters of each label<br />
is recommended (the label of the “res pack”, e.g. 6<strong>10</strong>RES cannot be modified at install time).<br />
This alleviates the possibility that another vanilla z/<strong>VM</strong> system with the same labels is<br />
installed onto volumes accessible by your z/<strong>VM</strong> system. If that happens, it is likely that one of<br />
the systems will not IPL correctly.<br />
To understand this possibility, refer to Figure 4-16 on page 65. <strong>The</strong> z/<strong>VM</strong> system with the<br />
lower device addresses starting at E340 should IPL fine (though you may see a warning at<br />
system startup time about duplicate volume labels). However, if the z/<strong>VM</strong> system starting at<br />
device address F000 is IPLed, the 540RES volume will be used, but the remaining volumes in<br />
the system are searched <strong>for</strong> by volume label, not by device address. Because z/<strong>VM</strong> system<br />
1’s addresses are lower than z/<strong>VM</strong> system 2’s, system 2 will be using system 1’s volumes.<br />
This is not good <strong>for</strong> either system!<br />
64 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
540RES 540SPL 530PAG 540W01<br />
E340<br />
E341<br />
E342<br />
E343<br />
540RES 540SPL 540PAG 540W01<br />
F000<br />
F001<br />
F002<br />
F003<br />
Figure 4-16 <strong>The</strong> problem with two z/<strong>VM</strong> systems with identical volume labels<br />
In previous books a REXX EXEC and an XEDIT macro were provided to help in the process<br />
of relabeling system volumes. However, if you followed the previous steps, you will have only<br />
one standard label, 6<strong>10</strong>RES. <strong>The</strong> EXEC and macro are no longer provided because they relied<br />
on standard labels. However, high level steps are still included. If you modified all labels<br />
except <strong>for</strong> the first one at install time, it is usually not necessary to per<strong>for</strong>m the steps<br />
in this section.<br />
If you do need to relabel the system volumes, per<strong>for</strong>m the following steps:<br />
► “Modifying labels in the SYSTEM CONFIG file” on page 65<br />
► “Modifying labels in the USER DIRECT file” on page 67<br />
► “Changing the labels on the five volumes” on page 67<br />
► “Shutting down your system and restarting it” on page 68<br />
Important: This process must be done as documented. Making a mistake in one of the<br />
steps can easily result in an unusable system. Check your steps carefully and your system<br />
will come back with no problems. Try to do all steps in succession in a short amount of<br />
time. Close your door, don’t answer your phone or e-mail, turn off instant messaging :))<br />
4.11.1 Modifying labels in the SYSTEM CONFIG file<br />
An HMC Integrated 3270 Console session will be needed in this section because z/<strong>VM</strong> will<br />
have to be restarted with a FORCE option.<br />
► Start a 3270 session. It can be an 3270 emulator session <strong>for</strong> now, or all of the steps can<br />
be done from the HMC.<br />
► Note the first five CP-owned volumes using the QUERY CPOWNED command. In this example<br />
they are D850-D854:<br />
540W02<br />
E344<br />
540W02<br />
F004<br />
==> q cpowned<br />
1 6<strong>10</strong>RES D850 Own Online and attached<br />
2 6<strong>10</strong>SPL D851 Own Online and attached<br />
3 6<strong>10</strong>PAG D852 Own Online and attached<br />
4 6<strong>10</strong>W01 D853 Own Online and attached<br />
5 6<strong>10</strong>W02 D854 Own Online and attached<br />
6 MPD855 D855 Own Online and attached<br />
...<br />
► To modify the labels in the SYSTEM CONFIG file, begin by releasing the A CP-disk and<br />
access it read-write. Back up the SYSTEM CONFIG file:<br />
==> cprel a<br />
CPRELEASE request <strong>for</strong> disk A scheduled.<br />
HCPZAC6730I CPRELEASE request <strong>for</strong> disk A completed.<br />
z/<strong>VM</strong> system 1<br />
z/<strong>VM</strong> system 2<br />
LPAR 1<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 65
==> link * cf1 cf1 mr<br />
==> acc cf1 f<br />
==> copy system config f = confwrks = (oldd rep<br />
► Edit the SYSTEM CONFIG file and modify the five labels (if you installed onto 3390-9s, there<br />
are only three labels, no W01 and W02 volumes are required):<br />
==> x system config f<br />
====> c/6<strong>10</strong>RES/MVD850/*<br />
DMSXCG517I 3 occurrence(s) changed on 3 line(s)<br />
====> top<br />
====> c/6<strong>10</strong>SPL/MVD851/*<br />
DMSXCG517I 1 occurrence(s) changed on 1 line(s)<br />
====> top<br />
====> c/6<strong>10</strong>PAG/MVD852/*<br />
DMSXCG517I 1 occurrence(s) changed on 1 line(s)<br />
====> top<br />
====> c/6<strong>10</strong>W01/MVD853/*<br />
DMSXCG517I 1 occurrence(s) changed on 1 line(s)<br />
====> top<br />
====> c/6<strong>10</strong>W02/MVD854/*<br />
DMSXCG517I 1 occurrence(s) changed on 1 line(s)<br />
► Search <strong>for</strong> the string cp_owned and you should see the new labels. Be sure they are<br />
correct be<strong>for</strong>e saving the file with the FILE subcommand:<br />
====> top<br />
====> /cp_owned<br />
/* CP_Owned Volume Statements */<br />
/**********************************************************************/<br />
CP_Owned Slot 1 MVD850<br />
CP_Owned Slot 2 MVD851<br />
CP_Owned Slot 3 MVD852<br />
CP_Owned Slot 4 MVD853<br />
CP_Owned Slot 5 MVD854<br />
CP_Owned Slot 6 MPD855<br />
...<br />
====> file<br />
► Verify there are no syntax errors:<br />
==> acc 193 g<br />
==> cpsyntax system config f<br />
CONFIGURATION FILE PROCESSING COMPLETE -- NO ERRORS ENCOUNTERED.<br />
► Release and detach the F disk, CPACCESS the A disk and verify with the QUERY CPDISK<br />
command:<br />
==> rel f (det<br />
DASD 0CF1 DETACHED<br />
==> cpacc * cf1 a<br />
CPACCESS request <strong>for</strong> mode A scheduled.<br />
Ready; T=0.01/0.01 09:19:57<br />
HCPZAC6732I CPACCESS request <strong>for</strong> MAINT's 0CF1 in mode A completed.<br />
==> q cpdisk<br />
Label Userid Vdev Mode Stat Vol-ID Rdev Type StartLoc EndLoc<br />
MNTCF1 MAINT 0CF1 A R/O 6<strong>10</strong>RES D850 CKD 39 158<br />
MNTCF2 MAINT 0CF2 B R/O 6<strong>10</strong>RES D850 CKD 159 278<br />
MNTCF3 MAINT 0CF3 C R/O 6<strong>10</strong>RES D850 CKD 279 398<br />
You have now changed the labels of the system volumes in the SYSTEM CONFIG file. It is critical<br />
that you proceed as your system is now in a state where it will not IPL cleanly.<br />
66 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
4.11.2 Modifying labels in the USER DIRECT file<br />
In this section you will modify the system volume labels in the USER DIRECT file.<br />
► Modify the labels in the USER DIRECT file. If you installed z/<strong>VM</strong> onto 3390-9s, you will need<br />
only the first three CHANGE subcommands:<br />
==> copy user direct c = direwrks = (oldd rep<br />
==> x user direct c<br />
====> c/6<strong>10</strong>RES/MVD850/*<br />
DMSXCG517I 94 occurrence(s) changed on 94 line(s)<br />
====> top<br />
====> c/6<strong>10</strong>SPL/MVD851/*<br />
DMSXCG517I 78 occurrence(s) changed on 78 line(s)<br />
====> top<br />
====> c/6<strong>10</strong>PAG/MVD852/*<br />
DMSXCG517I 117 occurrence(s) changed on 117 line(s)<br />
====> top<br />
====> c/6<strong>10</strong>W01/MVD853/*<br />
DMSXCG517I 2 occurrence(s) changed on 2 line(s)<br />
====> top<br />
====> c/6<strong>10</strong>W02/MVD854/*<br />
DMSXCG517I 1 occurrence(s) changed on 1 line(s)<br />
Traverse the file to view the changes be<strong>for</strong>e saving the changes with the FILE<br />
subcommand:<br />
====> file<br />
You have now changed the labels of the system volumes in the USER DIRECT and SYSTEM<br />
CONFIG files. Again, it is critical that you proceed with the remaining steps.<br />
4.11.3 Changing the labels on the five volumes<br />
In this section you will change the labels on the 5 volumes using the CPFMTXA command. Four<br />
of the five system disks are defined as full-pack minidisks to MAINT as virtual devices 122-124<br />
(6<strong>10</strong>RES, 6<strong>10</strong>SPL, 6<strong>10</strong>W01 and 6<strong>10</strong>W02). If you installed z/<strong>VM</strong> onto 3390-9s, you will not need to<br />
use 124 and 125. <strong>The</strong> fifth volume, 6<strong>10</strong>PAG, is defined as the virtual device $PAGE$ A03. To<br />
modify the system volumes’ labels, you will use these virtual addresses.<br />
For reference, following are the entries in the USER DIRECT file:<br />
...<br />
USER $PAGE$ NOLOG<br />
MDISK A03 3390 000 END 6<strong>10</strong>PAG R<br />
..<br />
MDISK 122 3390 000 END 6<strong>10</strong>SPL MR<br />
MDISK 123 3390 000 END 6<strong>10</strong>RES MR<br />
MDISK 124 3390 000 END 6<strong>10</strong>W01 MR<br />
MDISK 125 3390 000 END 6<strong>10</strong>W02 MR<br />
...<br />
Per<strong>for</strong>m the following steps:<br />
► Use the CPFMTXA command to relabel the 5 system volumes (you will only need the first<br />
three if you installed onto 3390-9s). Be sure to watch <strong>for</strong> a return code of 0 on each<br />
command:<br />
==> cpfmtxa 123 mvd850 label<br />
...<br />
==> cpfmtxa 122 mvd851 label<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 67
...<br />
==> link $page$ a03 a03 mr<br />
==> cpfmtxa a03 mvd852 label<br />
...<br />
==> cpfmtxa 124 mvd853 label<br />
...<br />
==> cpfmtxa 125 mvd854 label<br />
...<br />
► Now that the five volumes have been relabeled (sometimes called clipping the volumes,<br />
derived from a contraction of the z/OS term change label program), you can run the<br />
DIRECTXA command to update the directory:<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 6 RELEASE 1.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
HCPDIR494I User directory occupies 43 disk pages<br />
Ready(00005); T=0.01/0.01 15:45:51<br />
A return code of 5 is expected because the labels in the USER DIRECT file are different from<br />
the spool data in the currently running system.<br />
Finally, you are ready to issue a SHUTDOWN command.<br />
4.11.4 Shutting down your system and restarting it<br />
You will need an HMC console session <strong>for</strong> this step, if you are not already running from there.<br />
To test the changes you must shut your system down and then restart it. You cannot do a<br />
SHUTDOWN REIPL in this situation because you will have to do a FORCE start<br />
==> shutdown<br />
SYSTEM SHUTDOWN STARTED<br />
HCPSHU960I System shutdown may be delayed <strong>for</strong> up to 2<strong>10</strong> seconds<br />
Per<strong>for</strong>m the following steps to bring the system back up:<br />
► Open an HMC session<br />
► Select your LPAR<br />
► Use the circular arrow racetrack buttons to get to the CPC Recovery (or just Recovery)<br />
menu.<br />
► Double-click the Integrated 3270 Console menu item. A new window should appear.<br />
► Double-click the LOAD menu item. <strong>The</strong> Load Address (D850 in this example) and Load<br />
Parameter (SYSG) fields should be correct from the previous IPL.<br />
► Select the Clear radio button. <strong>The</strong> Load Address and Load Parameter fields should be<br />
correct from the previous IPL. Click OK<br />
► Click Yes on the Load Task Confirmation window.<br />
► Go back to the Integrated 3270 console. After a few minutes the Standalone Program<br />
Loader panel should appear. Use the TAB key to traverse to the section IPL Parameters<br />
and enter the value cons=sysg<br />
► Press the F<strong>10</strong> key to continue the IPL of your z/<strong>VM</strong> system. This should take 1-3 minutes.<br />
► At the Start prompt you have to specify a FORCE start, again because the spool volume<br />
label has changed:<br />
==> <strong>for</strong>ce drain<br />
► Do not change the time of day clock:<br />
68 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
==> no<br />
► When the IPL completes, DISCONNECT from the OPERATOR user ID:<br />
==> disc<br />
► Close the HMC windows.<br />
► Start a 3270 emulator session as the TCPIP service machine should be up. Logon as<br />
MAINT.<br />
► Get a 3270 session as MAINT and verify the volume labels have changed with the QUERY<br />
CPOWNED command:<br />
==> q cpowned<br />
Slot Vol-ID Rdev Type Status<br />
1 MVD850 D850 Own Online and attached<br />
2 MVD851 D851 Own Online and attached<br />
3 MVD852 D852 Own Online and attached<br />
4 MVD853 D853 Own Online and attached<br />
5 MVD854 D854 Own Online and attached<br />
6 MPD855 D855 Own Online and attached<br />
...<br />
Important: In the event that you IPLed a system with duplicate system volumes, it is<br />
possible that you may have destroyed your saved segments. You will know this is the case<br />
when you cannot IPL CMS. Rather, you will have to IPL 190. To rebuild saved segments, try<br />
the following commands (only do this if your saved segments are trashed!):<br />
==> vmfsetup zvm cms<br />
==> sampnss cms<br />
==> ipl 190 clear parm nosprof instseg no<br />
==> acc (noprof<br />
==> acc 5e6 b<br />
==> acc 51d d<br />
==> vmfbld ppf segbld esasegs segblist ( all<br />
4.12 Restoring your z/<strong>VM</strong> system from tape<br />
It is good to practice to restore a system. You don’t want to be doing your first restore when<br />
the pressure is on.<br />
Restoring a z/<strong>VM</strong> system from tape that has the same set of volume labels as the system that<br />
is running is problematic. If there are two z/<strong>VM</strong> systems on the same LPAR with the same<br />
volume labels, both systems cannot be IPLed cleanly. If you have backed up your system in<br />
section 4.<strong>10</strong>, “Backing up your z/<strong>VM</strong> system to tape” on page 64, you can restore this system<br />
to five other 3390-3s. Refer to the Appendix E “Restore the z/<strong>VM</strong> System Backup Copy from<br />
Tape” in the manual <strong>The</strong> z/<strong>VM</strong> Guide <strong>for</strong> Automated Installation and Service, GC204-6099.<br />
Chapter 4. Installing and configuring z/<strong>VM</strong> 69
70 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 5. Servicing z/<strong>VM</strong><br />
You cannot solve a problem with the same kind of thinking that created it.<br />
--Albert Einstein<br />
This chapter describes how to apply the two main types of service:<br />
► A Recommended Service Upgrade (RSU) which is analogous to a Service Pack.<br />
► A Programming Temporary Fix (PTF) which is analogous to a bug fix.<br />
<strong>The</strong> processes to install these types of service are basically the same.<br />
<strong>The</strong> application of corrective service to z/<strong>VM</strong> is covered in two manuals:<br />
► z/<strong>VM</strong> V6.1 Guide <strong>for</strong> Automated Installation and Service, (see Part 4), on the Web at:<br />
http://publibz.boulder.ibm.com/epubs/pdf/hcsk2c00.pdf<br />
► z/<strong>VM</strong> Service Guide, version 6, release 1, on the Web at:<br />
http://publib.boulder.ibm.com/epubs/pdf/hcsf1c00.pdf<br />
<strong>The</strong>se manuals are much more complete than this chapter. You might consider using these<br />
first, rather than this chapter, or you should certainly use them as references.<br />
<strong>VM</strong>SES/E is a component of z/<strong>VM</strong> that provides the SERVICE and PUT2PROD EXECs. <strong>The</strong><br />
SERVICE EXEC:<br />
► Installs an RSU or applies CORrective service <strong>for</strong> z/<strong>VM</strong> components, features, or<br />
products.<br />
► Displays either the RSU level of the component specified or whether a particular PTF or<br />
APAR has been applied (when used with STATUS).<br />
► Creates PTF bitmap files (when used with BITMAP).<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 71<br />
5<br />
Important: When applying service, there is always a chance that you may want to back it<br />
out. It is recommended that you have an up-to-date backup of your system be<strong>for</strong>e starting<br />
this section.
When SERVICE is successfully completed, the PUT2PROD EXEC places the z/<strong>VM</strong> components,<br />
features, or products that are installed on the z/<strong>VM</strong> System deliverable, and were serviced,<br />
into production. A good Web site to start at is<br />
http://www.vm.ibm.com/service/<br />
<strong>The</strong> body of the page should look similar to the following figure:<br />
Figure 5-1 z/<strong>VM</strong> Service main Web page<br />
You may want to consider viewing some of the links from this page.<br />
<strong>The</strong> following sections comprise this chapter:<br />
► “Applying a Recommended Service Upgrade or RSU” on page 72<br />
► “PTFs <strong>for</strong> the zEnterprise 196” on page 79<br />
► “Determining z/<strong>VM</strong>’s service level” on page 84<br />
► “Applying a PTF” on page 85<br />
5.1 Applying a Recommended Service Upgrade or RSU<br />
Applying an RSU is very similar to applying a PTF described in the previous section. z/<strong>VM</strong><br />
service can be preventive (RSU) or corrective (COR). Part 4, Service Procedure, in the<br />
manual Guide <strong>for</strong> Automated Installation and Service gives a complete description of<br />
applying service to z/<strong>VM</strong>. You may prefer to use the official z/<strong>VM</strong> documentation.<br />
Following is an example of upgrading to a z/<strong>VM</strong> 6.1 RSU with the medium being files<br />
downloaded from the Internet.<br />
72 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
<strong>The</strong> section that follows is a summary of applying service and also describes how to obtain<br />
service over the Internet using <strong>IBM</strong> ShopzSeries.<br />
You must first determine if your system needs service. Use the QUERY CPLEVEL command:<br />
==> q cplevel<br />
z/<strong>VM</strong> Version 6 Release 1.0, service level 0901 (64-bit)<br />
Generated at 09/11/09 16:51:48 EDT<br />
IPL at 08/31/<strong>10</strong> 08:44:19 EDT<br />
<strong>The</strong> service level (or RSU) is a four digit field comprised of two segments, each consisting of<br />
two digits. <strong>The</strong> first two digits represent the last two digits of the year and the second two<br />
digits represent the sequential RSU level within that year. Some examples are 0903RSU, and<br />
<strong>10</strong>02RSU. With 0903, the first two the digits in the level, 09 represent the last two digits of the<br />
year 2009 and the 03 represents the third RSU service level of that year. <strong>The</strong>re<strong>for</strong>e the 0903<br />
is the third RSU issued in 2009. RSU <strong>10</strong>02 would be the second RSU issued in 20<strong>10</strong>.<br />
<strong>The</strong> overall steps in applying an RSU are as follow:<br />
► “Getting service from the Internet” on page 73<br />
► “Downloading the service files” on page 74<br />
► “Creating a new MAINT minidisk” on page 74 (not usually required)<br />
► “Receiving, applying, and building the service” on page 76<br />
► “Putting the service into production” on page 78<br />
5.1.1 Getting service from the Internet<br />
An RSU is obtained by its PTF number. <strong>The</strong> PTF <strong>for</strong> the most current RSU is of the <strong>for</strong>m<br />
UM97xyz where xyz is the z/<strong>VM</strong> version-release-modification level. So <strong>for</strong> z/<strong>VM</strong> 6.1 the RSU<br />
would be UM976<strong>10</strong>.<br />
With ShopzSeries, knowing the PTF number is not necessary. If you know you want the latest<br />
RSU, you can get it directly, based on the version of z/<strong>VM</strong> you are running.<br />
Per<strong>for</strong>m the following steps (note that these same steps are documented with some screen<br />
shots in 5.4, “Applying a PTF” on page 85):<br />
► Point a Web browser to the z/<strong>VM</strong> Service page:<br />
http://www.vm.ibm.com/service/<br />
► Click on <strong>IBM</strong> ShopzSeries under the <strong>IBM</strong> Support Portals section.<br />
► Click on the link Sign In <strong>for</strong> registered users. If you have an user ID and password, use<br />
that. If you do not, click on the link New user registration and fill out the <strong>for</strong>m to create an<br />
ID and password. You must have your <strong>IBM</strong> customer number.<br />
► Click on the link create new software orders at the top.<br />
► <strong>The</strong> My Orders page should show. Under the Package Category section, click on the<br />
z/<strong>VM</strong> - Service radio button and also choose RSU recommended service in the<br />
drop-down menu. Click Continue.<br />
► <strong>The</strong>re will be five screens of <strong>for</strong>ms that are hopefully self-explanatory. On screen 3 of 5,<br />
choose the radio button that is applicable to your version of z/<strong>VM</strong>. In this example it was<br />
z/<strong>VM</strong> Version 6.1.0 Stacked 6<strong>10</strong>3RSU (PTF UM976<strong>10</strong>).<br />
► On screen 4 of 5 choose Internet as the delivery mechanism.<br />
► On screen 5 of 5, complete the <strong>for</strong>m and click Submit.<br />
► In a few minutes, you should get two e-mails - one <strong>for</strong> the core RSU and one <strong>for</strong> the PSP<br />
bucket (additional fixes that may have come out after the RSU).<br />
Chapter 5. Servicing z/<strong>VM</strong> 73
5.1.2 Downloading the service files<br />
In this example, the service files are staged on a desktop machine then copied to z/<strong>VM</strong> with<br />
FTP.<br />
► Download the files to your desktop or another staging system. This example has two files:<br />
the SHIPTFSS file is <strong>for</strong> the PSP bucket and the SHIPRSU1 file is <strong>for</strong> the RSU.<br />
► FTP the file to the MAINT 500 disk. Following is an example of FTPing from a DOS session:<br />
C:\Downloads>ftp 9.60.18.249<br />
User (9.60.18.249:(none)): maint<br />
Password:<br />
ftp> cd maint.500<br />
...<br />
ftp> bin<br />
...<br />
ftp> quote site fix <strong>10</strong>24<br />
...<br />
ftp> put S9338801.shiptfss<br />
...<br />
ftp> put S9338766.shiprsu1<br />
...<br />
ftp> quit<br />
► Logon to MAINT. Access the MAINT 500 disk as file mode C. Query the disks:<br />
==> acc 500 c<br />
DMSACC724I 500 replaces C (2CC)<br />
==> q disk<br />
LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOTAL<br />
MNT191 191 A R/W 175 3390 4096 41 214-01 31286 31500<br />
MNT5E5 5E5 B R/W 9 3390 4096 131 1290-80 330 1620<br />
MNT500 500 C R/W 600 3390 4096 3 38497-36 69503 <strong>10</strong>8000<br />
MNT51D 51D D R/W 26 3390 4096 305 1574-34 3<strong>10</strong>6 4680<br />
MNT190 190 S R/O <strong>10</strong>0 3390 4096 691 14921-83 3079 18000<br />
MNT19E 19E Y/S R/O 250 3390 4096 <strong>10</strong>21 28225-63 16775 45000<br />
► Deterse the files.<br />
==> deterse s9338801 shiptfss c = servlink =<br />
==> deterse s9338766 shiprsu1 c = servlink =<br />
Usually this step should succeed. However, very large RSUs can fill up the MAINT 500 disk<br />
either on the FTP or the DETERSE steps. For example, you may get the error on the DETERSE<br />
step:<br />
DMSERD<strong>10</strong>7S Disk C(500) is full<br />
No traceback - not enough CTL storage<br />
If this occurs, an extra step of creating a new disk is necessary.<br />
5.1.3 Creating a new MAINT minidisk<br />
Important: Normally, this step is not necessary. Some RSUs can be so large that they will<br />
not fit on the MAINT 500 minidisk. This is the case with the stacked RSU 5405 <strong>for</strong> z/<strong>VM</strong> 5.4.<br />
74 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
If you have adequate space to DETERSE the files on the MAINT 500 disk, you can skip this<br />
section. If you received the error DMSERD<strong>10</strong>7S Disk C(500) is full on the previous step,<br />
creating a new mindisk <strong>for</strong> MAINT will be necessary. If so, per<strong>for</strong>m the following steps:<br />
► Create a new MAINT 501 disk <strong>for</strong> temporary storage of the uncompressed RSU by using<br />
400 cylinders of space taken from the end of the W02 disk (volser is UV6284 in this<br />
example). Verify the disk layout is good, then bring the changes online with the DIRECTXA<br />
command:<br />
==> acc 2cc c<br />
DMSACC724I 2CC replaces C (500)<br />
==> x user direct c<br />
...<br />
USER MAINT LNX4<strong>VM</strong> 128M <strong>10</strong>00M ABCDEFG<br />
AUTOLOG AUTOLOG1 OP1 MAINT<br />
ACCOUNT 1 SYSPROG<br />
...<br />
* add a new MAINT 501 disk <strong>for</strong> additional space <strong>for</strong> service files<br />
MDISK 501 3390 2371 400 UV6284 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
...<br />
==> diskmap user<br />
...<br />
==> x user diskmap<br />
... // check the report file <strong>for</strong> gaps or overlaps<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 6 RELEASE 1.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
HCPDIR494I User directory occupies 45 disk pages<br />
► Log off MAINT and log back on to load the new directory entry. An attempt is made to<br />
access the MAINT 500 and 501 disks as file mode C and F, respectively. However, the new<br />
501 disk has never been <strong>for</strong>matted. Format it and access it as file mode F:<br />
==> log<br />
... // log back on<br />
==> acc 500 c<br />
DMSACC724I 500 replaces C (2CC)<br />
==> acc 501 f<br />
DMSACP112S F(501) device error<br />
==> <strong>for</strong>mat 501 f<br />
DMSFOR603R FORMAT will erase all files on disk F(501). Do you wish to continue?<br />
Enter 1 (YES) or 0 (NO).<br />
1<br />
DMSFOR605R Enter disk label:<br />
mnt501<br />
DMSFOR733I Formatting disk F<br />
Now that a new MAINT 501 disk is available it can be used to stage the RSU file:<br />
► Move the large RSU file from the MAINT 500 (C) to the 501 (F) disk and query the disks:<br />
==> copy s8873950 shiprsu1 c = = f<br />
==> erase S8873950 shiprsu1 c<br />
==> q disk<br />
LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOTAL<br />
MNT191 191 A R/W 175 3390 4096 41 214-01 31286 31500<br />
MNT5E5 5E5 B R/W 9 3390 4096 131 1290-80 330 1620<br />
MNT500 500 C R/W 600 3390 4096 2 13054-12 94946 <strong>10</strong>8000<br />
MNT51D 51D D R/W 26 3390 4096 305 1574-34 3<strong>10</strong>6 4680<br />
MNT501 501 F R/W 400 3390 4096 1 45207-63 26793 72000<br />
...<br />
► Deterse the RSU from the 501 disk (F) back to the 500 disk (C) and again query the disks:<br />
Chapter 5. Servicing z/<strong>VM</strong> 75
==> deterse s8873950 shiprsu1 f = servlink c<br />
==> q disk<br />
LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOTAL<br />
MNT191 191 A R/W 175 3390 4096 41 214-01 31286 31500<br />
MNT5E5 5E5 B R/W 9 3390 4096 131 1290-80 330 1620<br />
MNT500 500 C R/W 600 3390 4096 4 98341-91 9659 <strong>10</strong>8000<br />
MNT51D 51D D R/W 26 3390 4096 305 1574-34 3<strong>10</strong>6 4680<br />
MNT501 501 F R/W 400 3390 4096 1 45207-63 26793 72000<br />
...<br />
This shows that the MAINT 500 disk is now 91% full. <strong>The</strong> tersed file on the 501 disk is no longer<br />
necessary, but it is left there <strong>for</strong> reference.<br />
5.1.4 Receiving, applying, and building the service<br />
You must receive, apply, and build the service. <strong>The</strong>n it can be put into production.<br />
In the past, this was a more lengthy and detailed procedure. For example, to receive, apply<br />
and build the CP component, the following steps were needed:<br />
vmfmrdsk zvm cp apply (setup<br />
vmfsetup zvm cp<br />
vmfpsu zvm cp<br />
vmfins install ppf zvm cp (nomemo env {filename} nolink override no<br />
vmfapply ppf zvm cp (setup<br />
vmfbld ppf zvm cp (status<br />
vmfbld ppf zvm cp (serviced<br />
<strong>The</strong>n the same steps were needed <strong>for</strong> many other components. <strong>The</strong> process is much easier<br />
now with the SERVICE ALL command. On the other hand, the previous method is more<br />
granular and better enables the system administrator to know which pieces of service have<br />
been applied.<br />
► Apply the service with the SERVICE ALL command. <strong>The</strong> RSU must be applied first<br />
(S8873950 SERVLINK in this example). <strong>The</strong>n any PTFs that came after the RSU can be<br />
applied:<br />
==> service all S9338766<br />
...<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully <strong>for</strong> GCS BUILD<br />
<strong>VM</strong>FSUT2760I <strong>VM</strong>FSUFTB processing started<br />
<strong>VM</strong>FSUT2760I <strong>VM</strong>FSUFTB processing completed successfully<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully<br />
Ready; T=129.22/138.98 <strong>10</strong>:14:11<br />
A return code of 0 is ideal. If the last Ready line has a number in parenthesis, that is the<br />
return code. In general a return code of 4 is acceptable. That means that only warnings<br />
were issued. A return code of 8 or greater generally means that errors were encountered.<br />
View details with the <strong>VM</strong>FVIEW command:<br />
==> vmfview service<br />
===> <strong>VM</strong>FVIEW - Message Log Browse of $<strong>VM</strong>FSRV $MSGLOG A1
You may also see warning messages. For example:<br />
You are viewing ¬ST: messages from the LAST run.<br />
Number of messages shown = 12 Number of messages not shown = 985<br />
************************************************************************<br />
**** SERVICE USERID: MAINT ****<br />
************************************************************************<br />
**** Date: 12/17/09 Time: <strong>10</strong>:06:17 ****<br />
************************************************************************<br />
CK:<strong>VM</strong>FSUI2<strong>10</strong>4I PTF UM32616 contains user in<strong>for</strong>mation. Review the :UMEMO<br />
CK: section in file UM32616 $PTFPART<br />
CK:<strong>VM</strong>FSUI2<strong>10</strong>4I PTF UM32616 contains user in<strong>for</strong>mation. Review the :UMEMO<br />
CK: section in file UM32616 $PTFPART<br />
CK:<strong>VM</strong>FSUI2<strong>10</strong>4I PTF UA46229 contains user in<strong>for</strong>mation. Review the :UMEMO<br />
CK: section in file UA46229 $PTFPART<br />
CK:<strong>VM</strong>FSUI2<strong>10</strong>4I PTF UA46229 contains user in<strong>for</strong>mation. Review the :UMEMO<br />
CK: section in file UA46229 $PTFPART<br />
CK:<strong>VM</strong>FSUI2<strong>10</strong>4I PTF UA46229 contains user in<strong>for</strong>mation. Review the :UMEMO<br />
CK: section in file UA46229 $PTFPART<br />
CK:<strong>VM</strong>FSUI2<strong>10</strong>4I PTF UA46229 contains user in<strong>for</strong>mation. Review the :UMEMO<br />
CK: section in file UA46229 $PTFPART<br />
WN:<strong>VM</strong>FBDC2250W <strong>The</strong> following OSA objects have been built on BUILD0 <strong>10</strong>0<br />
WN: (L) and should be copied to your workstation:<br />
WN:<strong>VM</strong>FBDC2250W IOAJAVA BIN<br />
CK:<strong>VM</strong>FSUI2<strong>10</strong>4I PTF UM32501 contains user in<strong>for</strong>mation. Review the :UMEMO<br />
CK: section in file UM32501 $PTFPART<br />
CK:<strong>VM</strong>FSUI2<strong>10</strong>4I PTF UM32654 contains user in<strong>for</strong>mation. Review the :UMEMO<br />
CK: section in file UM32654 $PTFPART<br />
WN:<strong>VM</strong>FBDC2250W <strong>The</strong> following <strong>VM</strong>HCD objects have been built on BUILD0 300<br />
WN: (J) and should be copied to your workstation:<br />
WN:<strong>VM</strong>FBDC2250W EEQINSTX EXEBIN<br />
For these example warnings, if you are running OSA or HCD then as the <strong>VM</strong>FBDC2250W<br />
message states you will need to copy the stated objects to your workstation at some point.<br />
► Press F3 to get out of XEDIT.<br />
► ReIPL CMS and press Enter at the <strong>VM</strong> READ prompt<br />
==> ipl cms<br />
z/<strong>VM</strong> V5.4.0 2008-<strong>10</strong>-22 15:36<br />
Ready; T=0.01/0.01 <strong>10</strong>:46:46<br />
► Re-access the MAINT 500 disk as C.<br />
==> acc 500 c<br />
DMSACC724I 500 replaces C (2CC)<br />
► Apply the PSP bucket (S9338801 in this example):<br />
==> service all S9338801<br />
...<br />
<strong>VM</strong>FSUT2760I <strong>VM</strong>FSUFTB processing started<br />
<strong>VM</strong>FSUT2760I <strong>VM</strong>FSUFTB processing completed successfully<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed with warnings<br />
Ready(00004); T=29.96/33.46 15:55:40<br />
In this example, the service was installed, but there were warnings.<br />
► Run the <strong>VM</strong>FVIEW SERVICE command:<br />
==> vmfview service<br />
===> <strong>VM</strong>FVIEW - Message Log Browse of $<strong>VM</strong>FSRV $MSGLOG A1
************************************************************************<br />
**** SERVICE USERID: MAINT ****<br />
************************************************************************<br />
**** Date: 09/16/<strong>10</strong> Time: 15:53:09 ****<br />
************************************************************************<br />
RO:<strong>VM</strong>FAPP2112W PTF UK59536 has a IFREQ requisite <strong>for</strong> PTF UM33113 in<br />
RO: product 6<strong>VM</strong>CMS<strong>10</strong> (CMS component <strong>for</strong> z/<strong>VM</strong> 6.1.0)<br />
* * * End of File * * *<br />
This message is letting you know that there is a relationship between the two PTFs<br />
(UM33113 and UK59536). It is advisable to make sure you have both, or know about the<br />
requisite and decide it isn't important in your environment.<br />
► Press F3 to get out of XEDIT.<br />
5.1.5 Putting the service into production<br />
This section describes how to use the PUT2PROD command to put the service into production.<br />
Important: <strong>The</strong> PUT2PROD command will affect your production environment. It is<br />
recommended that all users be logged off be<strong>for</strong>e running it. Placing service into production<br />
should be per<strong>for</strong>med as part of a planned system outage because a SHUTDOWN REIPL is<br />
recommended after running it.<br />
► Use the PUT2PROD command to put the service into production. Many screens will scroll by.<br />
This command can take quite a number of minutes to complete:<br />
==> put2prod<br />
...<br />
<strong>VM</strong>FP2P2760I PUT2PROD processing completed successfully <strong>for</strong> SAVECMS<br />
<strong>VM</strong>FP2P2760I PUT2PROD processing completed with warnings<br />
Ready(00004); T=13.93/15.21 16:03:13<br />
► <strong>The</strong> return code was 4 in this example. Review the warning messages with the <strong>VM</strong>FVIEW<br />
PUT2PROD command:<br />
==> vmfview put2prod<br />
===> <strong>VM</strong>FVIEW - Message Log Browse of $<strong>VM</strong>FP2P $MSGLOG A1
► Even though the service has been “put into production”, the QUERY CPLEVEL command<br />
should still return the current service level; in this example 0901. This is because the new<br />
CP load module (nucleus) has not been loaded:<br />
==> q cplevel<br />
z/<strong>VM</strong> Version 6 Release 1.0, service level 0901 (64-bit)<br />
Generated at 09/11/09 16:51:48 EDT<br />
IPL at 09/15/<strong>10</strong> 15:52:34 EDT<br />
► To load the new CP load module, use the SHUTDOWN REIPL command. When your system<br />
comes back up, it should be at the new CP service level, in this example 0903:<br />
==> shutdown reipl iplparms cons=sysc<br />
HCPSHU960I System shutdown may be delayed <strong>for</strong> up to 330 seconds<br />
Ready; T=0.01/0.01 11:12:32<br />
► After the system comes back up in a few minutes, start a new 3270 session and logon as<br />
MAINT.<br />
► Run the QUERY CPLEVEL command again,<br />
==> q cplevel<br />
z/<strong>VM</strong> Version 6 Release 1.0, service level <strong>10</strong>02 (64-bit)<br />
Generated at 09/16/<strong>10</strong> 15:54:07 EDT<br />
IPL at 09/16/<strong>10</strong> 16:07:01 EDT<br />
This shows that the new CP load module is now being used, and that the service level is the<br />
second RSU in the year 20<strong>10</strong>.<br />
5.2 PTFs <strong>for</strong> the zEnterprise 196<br />
In September of 20<strong>10</strong>, a new mainframe became available: the zEnterprise 196. See the<br />
following Web site <strong>for</strong> a list of the PMRs that apply to it:<br />
http://www.vm.ibm.com/service/vmreqze.html<br />
This web page also includes a link to the Preventative Service Planning (PSP bucket) <strong>for</strong><br />
z/<strong>VM</strong> on the zEnterprise 196. <strong>The</strong> PSP bucket should always contain all the latest service<br />
in<strong>for</strong>mation <strong>for</strong> z/<strong>VM</strong> on the z196.<br />
Following is a summary of the APARS <strong>for</strong> z/<strong>VM</strong> 6.1:<br />
Important: This list was correct at the time of the writing of this book in late 20<strong>10</strong>. It could<br />
change, so refer to the previous Web page to confirm. Also, it is likely that all of the PTFs<br />
associated with these APARs will be rolled into the first RSU of 2011. So if you are up to<br />
service level 1<strong>10</strong>1 or later, you can verify the PTFs are applied with the steps shown in<br />
section 5.2.3, “Verifying the zEnterprise 196 is applied” on page 84.<br />
Table 5-1 z/<strong>VM</strong> 6.1 APARs <strong>for</strong> the zEnterprise 196<br />
APAR Component Description<br />
<strong>VM</strong>64774 CP Set/Query reorder command<br />
<strong>VM</strong>64798 CP zEnterprise 196 Processor Support<br />
<strong>VM</strong>64879 CP zEnterprise 196 Processor Support<br />
<strong>VM</strong>64881 CP <strong>VM</strong> Coupling facility hang at IPL<br />
<strong>VM</strong>64793 CP Secure-Key Bulk Encryption Support<br />
Chapter 5. Servicing z/<strong>VM</strong> 79
APAR Component Description<br />
<strong>VM</strong>64774 CP Set/Query reorder command<br />
<strong>VM</strong>64820 PERFTK New function in the Per<strong>for</strong>mance Toolkit<br />
<strong>VM</strong>64814 CP XRC Time-stamping Support<br />
<strong>VM</strong>64807 EREP EREP support <strong>for</strong> zEnterprise 196<br />
<strong>VM</strong>64672 HCD HCD support <strong>for</strong> zEnterprise 196<br />
<strong>VM</strong>64747 HCM HCM support <strong>for</strong> zEnterprise 196<br />
<strong>VM</strong>64799 CMS IOCP support <strong>for</strong> zEnterprise 196<br />
<strong>VM</strong>64891 CP HIPER data corruption issue in <strong>VM</strong>64709, EAV<br />
support<br />
Because support <strong>for</strong> HCD, and HCM were not necessary <strong>for</strong> the system used in the examples<br />
in this book, only the PTFs <strong>for</strong> the following APARs were ordered from ShopzSeries:<br />
<strong>VM</strong>64774 <strong>VM</strong>64798 <strong>VM</strong>64879 <strong>VM</strong>64881 <strong>VM</strong>64793 <strong>VM</strong>64820 <strong>VM</strong>64814 <strong>VM</strong>64807 <strong>VM</strong>64799 <strong>VM</strong>64818 <strong>VM</strong>64891<br />
<strong>The</strong> following section briefly describes how to order these PTFs (by APAR number).<br />
5.2.1 Ordering service <strong>for</strong> the zEnterprise 196 PTFs<br />
This section briefly describes how to order PTFs <strong>for</strong> the zEnterprize 196. Per<strong>for</strong>m the<br />
following steps.<br />
► Follow the steps in section 5.1.1, “Getting service from the Internet” on page 73, up to the<br />
point where you click the z/<strong>VM</strong> - Service radio button on the My orders page.<br />
► Rather than clicking RSU Recommended Service Upgrade in the dropdown menu to the<br />
right, accept the default of Individual PTFs. Click Continue.<br />
► In Step 1 of 5, click the radio button Individual PTFs by APAR number as shown in<br />
Figure 5-2. Click Continue.<br />
Figure 5-2 Ordering PTFs by APAR number<br />
80 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► In Step 2 of 5, accept the default of Do not use a report <strong>for</strong> this order and click<br />
Continue.<br />
► In Step 3 of 5, enter the APAR numers as shown in Figure 5-3<br />
Figure 5-3 Specifying service order contents<br />
► In Step 4 of 5, specify your deliver options. In this example, Internet was chosen as the<br />
preferred media, and no alternate method was chosen. Click Continue.<br />
► In Step 5 of 5, review your order and click Submit when it is correct.<br />
► You can leave that Web page up and click Refresh order status from time to time. It<br />
should move from Submitted to Received to Final Packaging to becoming a link named<br />
Download.<br />
► Click Download when it becomes available. You should see a screen similar to what is<br />
shown in Figure 5-4.<br />
Chapter 5. Servicing z/<strong>VM</strong> 81
Figure 5-4 Downloading service <strong>for</strong> zEnterprise 196 PTFs<br />
► Download the two documentation envelopes and the two PTF envelopes to your<br />
workstation or other staging system.<br />
► Complete the steps in a similar fashion to those starting at section 5.1.2, “Downloading the<br />
service files” on page 74. This will complete the process of applying the SES PTFs (with<br />
file types ending in S).<br />
► Refer to the following section to apply the Non-SES PTF (with file types ending in N).<br />
You may consider doing a SHUTDOWN REIPL at this point, or wait until after the next section.<br />
5.2.2 Applying the non-SES PTF UV61111<br />
At the time of the writing of this book, PTF UV61111 corresponded to APAR <strong>VM</strong>64807. This<br />
PTF is non-SES which means it cannot be applied using the typical SERVICE ALL and<br />
PUT2PROD commands.<br />
► After you get the PTF from ShopzSeries, copy it to the MAINT 500 disk in binary fixed <strong>10</strong>24<br />
byte record <strong>for</strong>mat. In the previous example, four files with a file name of S942<strong>10</strong>68 were<br />
uploaded to the MAINT 500 disk. <strong>The</strong> one with a file type of SHIPTFSS was DETERSEd to a<br />
new file type of SERVLINK and applied with SERVICE ALL and PUT2PROD.<br />
► Access the MAINT 500 disk as C:<br />
==> acc 500 c<br />
DMSACC724I 500 replaces C (2CC)<br />
► List the files that you uploaded. In this example, the file name is S942<strong>10</strong>68:<br />
==> filel S942<strong>10</strong>68 * c<br />
MAINT FILELIST A0 V 169 Trunc=169 Size=5 Line=1 Col=1 Alt=0<br />
Cmd Filename Filetype Fm Format Lrecl Records Blocks Date Time<br />
S942<strong>10</strong>68 SERVLINK C1 V 4005 18865 14243 11/05/<strong>10</strong> 13:52:19<br />
S942<strong>10</strong>68 SHIPTFSS C1 F <strong>10</strong>24 17686 4422 11/05/<strong>10</strong> 13:04:43<br />
S942<strong>10</strong>68 SHIPTFSN C1 F <strong>10</strong>24 4466 1117 11/05/<strong>10</strong> 13:04:37<br />
82 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
S942<strong>10</strong>68 SHIPDOCS C1 F <strong>10</strong>24 83 21 11/05/<strong>10</strong> 13:04:28<br />
S942<strong>10</strong>68 SHIPDOCN C1 F <strong>10</strong>24 6 2 11/05/<strong>10</strong> 13:04:25<br />
<strong>The</strong> two files in bold are non-SES signified by a trailing N.<br />
► Deterse the object code file to a file with a type of NOSESLNK and the documentation file to a<br />
file with a type of NOSESDOC. This can be done directly from FILELIST with the following<br />
DETERSE commands:<br />
S942<strong>10</strong>68 SERVLINK C1 V 4005 18865 14243 11/05/<strong>10</strong> 13:52:19<br />
S942<strong>10</strong>68 SHIPTFSS C1 F <strong>10</strong>24 17686 4422 11/05/<strong>10</strong> 13:04:43<br />
deterse / = noseslnk = C1 F <strong>10</strong>24 4466 1117 11/05/<strong>10</strong> 13:04:37<br />
S942<strong>10</strong>68 SHIPDOCS C1 F <strong>10</strong>24 83 21 11/05/<strong>10</strong> 13:04:28<br />
deterse / = nosesdoc = C1 F <strong>10</strong>24 6 2 11/05/<strong>10</strong> 13:04:25<br />
► Press F3 to get out of FILELIST.<br />
► Per<strong>for</strong>m the following <strong>VM</strong>FPLCD command:<br />
==> vmfplcd scan env= s942<strong>10</strong>68 noseslnk c (disk date eod<br />
► This should create the file DISK MAP on your A disk. Edit the file and view the lines with :<br />
==> x disk map<br />
====> pre off<br />
====> ALL /ERPTFLIB<br />
ERPTFLIB TLB61111 U1 F 80 22266 08/24/<strong>10</strong> 16:46:32<br />
ERPTFLIB TLB60820 U1 F 80 21911 09/29/03 20:02:53<br />
ERPTFLIB TLB60786 U1 F 80 21882 03/26/03 16:57:52<br />
ERPTFLIB TLB60432 U1 F 80 21791 06/01/99 09:18:46<br />
ERPTFLIB TLB60345 U1 F 80 19312 12/<strong>10</strong>/98 11:28:23<br />
Note the most recent file has a date of 20<strong>10</strong> and the the last five digits of the file type<br />
correspond to the last five digits of the PTF.<br />
► <strong>The</strong> EREP program directory states that just one file need be copied. Per<strong>for</strong>m the<br />
following <strong>VM</strong>PLCD commands to do this:<br />
==> vmfplcd rst<br />
==> vmfplcd load erptflib tlb61111 a (eod<br />
Loading ...<br />
End-Of-Group OR End-Of-Disk<br />
ERPTFLIB TLB61111 A1<br />
► Access the MAINT 201 disk as file mode Z , backup the old EREP TXTLIB and replace it<br />
with new one on the A disk:<br />
==> acc 201 z<br />
==> rename erptflib txtlib z erptflib tlbold z<br />
==> copy erptflib tlb61111 a erptflib txtlib z (replace<br />
► A SHUTDOWN REIPL is not necessary, however, if you did not do one in the previous section,<br />
one is recommended now. Otherwise, the EREP virtual machine can just be recycled with<br />
the the FORCE and XAUTOLOG commands:<br />
==> <strong>for</strong>ce erep<br />
USER DSC LOGOFF AS EREP USERS = 11 FORCED BY MAINT<br />
==> xautolog erep<br />
Command accepted<br />
AUTO LOGON *** EREP USERS = 12<br />
HCPCLS6056I XAUTOLOG in<strong>for</strong>mation <strong>for</strong> EREP: <strong>The</strong> IPL command is verified by the IP<br />
L command processor.<br />
You should now have all the service needed <strong>for</strong> the zEnterprise 196.<br />
Chapter 5. Servicing z/<strong>VM</strong> 83
5.2.3 Verifying the zEnterprise 196 is applied<br />
A short REXX EXEC is written and run to verify that sevice <strong>for</strong> the zEnterprise 196 has been<br />
applied:<br />
==> type check9<strong>10</strong> exec<br />
/* EXEC to check <strong>for</strong> z196 PTFs */<br />
'service cp status <strong>VM</strong>64774'<br />
'service cp status <strong>VM</strong>64798'<br />
'service cp status <strong>VM</strong>64879'<br />
'service cp status <strong>VM</strong>64881'<br />
'service cp status <strong>VM</strong>64793'<br />
'service perftk status <strong>VM</strong>64820'<br />
'service cp status <strong>VM</strong>64814'<br />
'service cms status <strong>VM</strong>64799'<br />
'service cp status <strong>VM</strong>64818'<br />
==> check9<strong>10</strong><br />
<strong>VM</strong>FSRV2760I SERVICE processing started<br />
<strong>VM</strong>FSRV1226I CP (6<strong>VM</strong>CPR<strong>10</strong>%CP) APAR <strong>VM</strong>64774 (PTF UM33169) status:<br />
<strong>VM</strong>FSRV1226I RECEIVED 11/05/<strong>10</strong> 13:52:51<br />
<strong>VM</strong>FSRV1226I APPLIED 11/05/<strong>10</strong> 13:52:52<br />
<strong>VM</strong>FSRV1226I BUILT 11/05/<strong>10</strong> 13:53:57<br />
<strong>VM</strong>FSRV1226I PUT2PROD 11/05/<strong>10</strong> 13:55:55<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully<br />
...<br />
Verify that all of the APARs are reported as received, applied, built and put into production.<br />
5.3 Determining z/<strong>VM</strong>’s service level<br />
Often you will want to be able to query more than just the service level. <strong>The</strong> following steps<br />
were taken from the links CP Maintenance Levels and Virtual Switch TCP/IP Maintenance<br />
Levels starting at the Web site:<br />
http://www.vm.ibm.com/virtualnetwork/<br />
Per<strong>for</strong>m the following steps:<br />
► Logon to TCPMAINT. Use the QUERY <strong>VM</strong>LAN command to determine the latest APAR applied:<br />
==> cp query vmlan<br />
<strong>VM</strong>LAN maintenance level:<br />
Latest Service: <strong>VM</strong>64604<br />
<strong>VM</strong>LAN MAC address assignment:<br />
MACADDR Prefix: 020003<br />
MACIDRANGE SYSTEM: 000001-FFFFFF<br />
USER: 000000-000000<br />
<strong>VM</strong>LAN default accounting status:<br />
SYSTEM Accounting: OFF USER Accounting: OFF<br />
<strong>VM</strong>LAN general activity:<br />
PERSISTENT Limit: INFINITE Current: 1<br />
TRANSIENT Limit: INFINITE Current: 0<br />
This shows that the latest APAR applied is <strong>VM</strong>64604.<br />
► <strong>The</strong> maintenance level of the TCP/IP stack is important to virtual networking. To<br />
determine this, first get the active VSWITCH controller:<br />
==> q vswitch<br />
84 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
VSWITCH SYSTEM VSW1 Type: VSWITCH Connected: 0 Maxconn: INFINITE<br />
PERSISTENT RESTRICTED NONROUTER Accounting: OFF<br />
VLAN Unaware<br />
MAC address: 02-00-03-00-00-01<br />
State: Ready<br />
IPTimeout: 5 QueueStorage: 8<br />
Isolation Status: OFF<br />
RDEV: <strong>10</strong>04.P00 VDEV: <strong>10</strong>04 Controller: DTCVSW1<br />
RDEV: 1<strong>10</strong>0.P00 VDEV: 1<strong>10</strong>0 Controller: DTCVSW2 BACKUP<br />
This shows the controller is named DTCVSW1.<br />
► Use the NETSTAT command with the controller name to determine the maintenance of the<br />
TCPIP MODULE:<br />
==> netstat tcp dtcvsw1 level<br />
<strong>VM</strong> TCP/IP Netstat Level 540 TCP/IP Server Name: DTCVSW1<br />
<strong>IBM</strong> 2084; z/<strong>VM</strong> Version 5 Release 4.0, service level 0903 (64-bit), <strong>VM</strong> TCP/IP Lev<br />
el 540; RSU 0903 running TCPIP MODULE E2 dated 12/17/09 at <strong>10</strong>:53<br />
TCP/IP Module Load Address: 00C2<strong>10</strong>00<br />
► This shows in<strong>for</strong>mation about the TCPIP MODULE. Use the TCPSLVL command and the<br />
complete file specification (TCPIP MODULE E in this example) to get more in<strong>for</strong>mation. Of<br />
particular interest is the latest APAR applied to TCTOOSD:<br />
5.4 Applying a PTF<br />
==> tcpslvl tcpip module e<br />
DTCLVL3306I SLVL data obtained; file TCPIP SLVLDATA A created<br />
==> x TCPIP SLVLDATA<br />
SLVL TCPIP PK676<strong>10</strong><br />
...<br />
SLVL TCTOOSD PK98608<br />
...<br />
You may determine that you need to apply a specific fix or PTF to your system. For example,<br />
an Authorized Program Analysis Report (APAR), <strong>VM</strong>64670, was opened when Linux guests<br />
were hanging intermittently. <strong>The</strong> summary of the APAR is as follows:<br />
PROBLEM SUMMARY: LINUX USER HUNG BECAUSE SVPBK LOCK HELD<br />
USERS AFFECTED: All users of z/<strong>VM</strong> running Linux guests.<br />
PROBLEM DESCRIPTION: Linux guests may become hung due to a problem in managing a lock<br />
word. This problem is timing-related and may occur intermittently.<br />
PROBLEM CONCLUSION: Lock word processing in HCPWED is updated to properly handle all<br />
possible states of the lock.<br />
<strong>The</strong> APAR was assigned the following Programming Temporary Fix (PTF) numbers <strong>for</strong> each<br />
of the following z/<strong>VM</strong> releases:<br />
z/<strong>VM</strong> 5.3 UM32809<br />
z/<strong>VM</strong> 5.4 UM328<strong>10</strong><br />
z/<strong>VM</strong> 6.1 UM32811<br />
So <strong>for</strong> z/<strong>VM</strong> 6.1, you want to apply PTF UM32811. Following is an example of how to do so.<br />
Chapter 5. Servicing z/<strong>VM</strong> 85
5.4.1 Getting service using ShopzSeries<br />
Service <strong>for</strong> z/<strong>VM</strong> is still available on the media of tape. However, getting service over the<br />
Internet is more convenient and becoming more common. Typically this is done with <strong>IBM</strong><br />
ShopzSeries. Per<strong>for</strong>m the following steps:<br />
► Click on the link <strong>IBM</strong> ShopzSeries under the <strong>IBM</strong> Support Portals heading on the main<br />
Service page as shown on Figure 5-1. This should take you to the following URL:<br />
https://www14.software.ibm.com/webapp/ShopzSeries/ShopzSeries.jsp<br />
► From there you can search <strong>for</strong> an APAR if you have the APAR number. In Figure 5-5 on<br />
page 86, the first three steps to do this are shown:<br />
– On the menu bar at the top, click on Support and Downloads, then choose Search in<br />
the drop-down menu. This is shown at the top of the figure.<br />
– In the Support type drop-down menu, choose System z and in the Search text area,<br />
type the APAR number, <strong>VM</strong>64670, in this example. This is shown in the middle of the<br />
figure.<br />
– If the APAR is found, you should see a link as a result. Click on that Link, <strong>VM</strong>64670:<br />
LINUX USER HUNG ..., in this example. This is shown at the bottom of the figure.<br />
Figure 5-5 Searching <strong>for</strong> a PTF on ShopzSeries<br />
Clicking on the link should bring you to the APAR. In this example, you should find the<br />
in<strong>for</strong>mation on APAR <strong>VM</strong>64670 that was summarized previously. At the top of the page, look<br />
<strong>for</strong> the section A fix is available. In this example, there is a fix available.<br />
86 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Farther down on the page, note the Fixed component name which is important. In this<br />
example it is <strong>VM</strong> CP shown near the bottom of Figure 5-6.<br />
Figure 5-6 Web page <strong>for</strong> APAR <strong>VM</strong>64670<br />
At the bottom of the page the Applicable component levels section shows that PTF UM32811<br />
is available <strong>for</strong> z/<strong>VM</strong> 6.1. Be<strong>for</strong>e getting that PTF, you may want to be sure that it has not<br />
already been applied.<br />
5.4.2 Determining if a PTF has been applied<br />
Check to make sure the PTF has not previously been applied. In this example it is known that<br />
the PTF is UM32811 and the component is <strong>VM</strong> CP.<br />
► Because the description of the PTF cites a component name of “<strong>VM</strong> CP”, the component<br />
CP is used in the following command.<br />
► Use the SERVICE command to query whether the PTF has been applied:<br />
==> service cp status um32811<br />
<strong>VM</strong>FSRV2760I SERVICE processing started<br />
<strong>VM</strong>FSRV1227I UM32811 is not received or applied to CP (6<strong>VM</strong>CPR<strong>10</strong>%CP)<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully<br />
This shows that PTF UM32811 has not been applied. <strong>The</strong> sections that follow describe how<br />
to obtain and apply it.<br />
5.4.3 Downloading the service to z/<strong>VM</strong><br />
From the previous APAR web page search, the link <strong>for</strong> UM32811 is clicked on which results<br />
in a Web page that should be similar to the following:<br />
Chapter 5. Servicing z/<strong>VM</strong> 87
Figure 5-7 Getting fixes from ShopzSeries on <strong>IBM</strong>Link<br />
► In this example the link ShopzSeries - Electronic or physical delivery is clicked on.<br />
Sign into ShopzSeries with your <strong>IBM</strong> ID and follow the five self-explanatory steps to order<br />
your PTF. When you are finished, click on Submit to place your order.<br />
► You should receive an e-mail within a few minutes. It will have your order number a link to<br />
start the download of service files. Following is an example of the important in<strong>for</strong>mation in<br />
the e-mail.<br />
From: Oms Client01/Boulder/<strong>IBM</strong><br />
Subject: <strong>IBM</strong> Order is ready <strong>for</strong> download.<br />
...<br />
To access your order directly, go to:<br />
https://www14.software.ibm.com/webapp/ShopzSeries/ShopzSeries.jsp?action=download&orderI<br />
d=0<br />
► Point your browser to the link in the e-mail. You should see a Web page similar to the<br />
following:<br />
Figure 5-8 Web page created <strong>for</strong> downloading a PTF<br />
88 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Choose a method of downloading the <strong>VM</strong>SES PTF Envelope <strong>for</strong> your order to your<br />
desktop machine. You may also choose to download the <strong>VM</strong>SES Documentation<br />
Envelope.<br />
► <strong>The</strong>re should be both a SES envelope (the PTF or PTFs themselves) and a<br />
documentation envelope. Copy both to z/<strong>VM</strong> in binary with fixed <strong>10</strong>24 byte records to the<br />
MAINT 500 disk. Usually, FTP is used. <strong>The</strong> PTF envelope files can be large so this may<br />
take some time. As you are downloading the files, note the file sizes. Following is an<br />
example of FTPing from a DOS session:<br />
C:\downloads> ftp 9.60.18.249<br />
User (9.60.18.249:(none)): maint<br />
Password:<br />
...<br />
ftp> cd maint.500<br />
...<br />
ftp> bin<br />
...<br />
ftp> quote site fix <strong>10</strong>24<br />
...<br />
ftp> mput s8873674.*<br />
mput S8873674.SHIPDOCS? y<br />
...<br />
ftp: 6144 bytes sent in 0.05Seconds 130.72Kbytes/sec.<br />
mput S8873674.SHIPTFSS? y<br />
...<br />
ftp: 4096 bytes sent in 0.01Seconds 273.07Kbytes/sec.<br />
ftp> quit<br />
► Logon to z/<strong>VM</strong> as MAINT.<br />
► Access the MAINT 500 disk as C:<br />
==> acc 500 c<br />
DMSACC724I 500 replaces C (2CC)<br />
► <strong>The</strong> envelope files arrive in a compressed <strong>for</strong>mat to speed downloads. In order to use<br />
them they must first be renamed to have a file type of SERVLINK and uncompressed with<br />
the DETERSE command. <strong>The</strong>re<strong>for</strong>e it is recommended to leave the file name of the SES<br />
envelope unchanged, but change the prefix letter of the documentation envelope to D.<br />
First rename them, then use the DETERSE command with the (REPLACE parameter to<br />
uncompress them in place and save disk space:<br />
==> rename s8873674 shipftss c = servlink =<br />
==> rename s8873674 shipdocs c d8873674 servlink =<br />
==> deterse s8873674 servlink c = = = (replace<br />
==> deterse d8873674 servlink c = = = (replace<br />
Be sure all commands complete successfully.<br />
5.4.4 Receiving, applying, and building service<br />
You must receive, apply, and build the PTF. <strong>The</strong>n it can be put into production. This can be<br />
done in a process that is much easier now with the SERVICE command.<br />
To prepare to use the SERVICE command, you must have a minidisk with a lot of free space -<br />
that is what the MAINT 500 minidisk is <strong>for</strong>.<br />
► Access the MAINT 500 disk as file mode C:<br />
==> acc 500 c<br />
DMSACC724I 500 replaces C (2CC)<br />
Chapter 5. Servicing z/<strong>VM</strong> 89
► Use the SERVICE ALL command specifying the envelope files you downloaded. Many,<br />
many screens of output will scroll by and will automatically be cleared. Important<br />
messages will be saved to the 500 disk. This process may take many minutes. Following is<br />
an example:<br />
90 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6<br />
==> service all d8873674<br />
...<br />
<strong>VM</strong>FSUT2760I <strong>VM</strong>FSUFTB processing completed successfully<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully<br />
==> service all s8873674<br />
...<br />
<strong>VM</strong>FSUT2760I <strong>VM</strong>FSUFTB processing completed successfully<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully<br />
If you see no number in parenthesis after the Ready; prompt, then the return code is 0.<br />
Any non-zero return code will be in parenthesis. A return code of 0 is ideal. In general a<br />
return code of 4 is acceptable - it means that only warnings were issued. A return code of<br />
8 or greater generally means that errors were encountered.<br />
► <strong>The</strong> output files are of the <strong>for</strong>m $<strong>VM</strong>F* $MSGLOG. You may wish to inspect these files.<br />
==> filel $vmf* $msglog<br />
$<strong>VM</strong>FSRV $MSGLOG A1 V 80 728 14 12/15/09 13:43:34<br />
$<strong>VM</strong>FBLD $MSGLOG A1 V 80 787 11 12/15/09 13:41:47<br />
$<strong>VM</strong>FAPP $MSGLOG A1 V 80 252 4 12/15/09 13:41:37<br />
$<strong>VM</strong>FREC $MSGLOG A1 V 80 56 1 12/15/09 13:41:36<br />
$<strong>VM</strong>FMRD $MSGLOG A1 V 80 231 4 12/15/09 13:41:35<br />
$<strong>VM</strong>FP2P $MSGLOG A1 V 80 805 15 11/19/09 13:52:09<br />
$<strong>VM</strong>FINS $MSGLOG A1 V 80 163 3 11/19/09 13:47:25<br />
► Invoke the <strong>VM</strong>FVIEW SERVICE command to review the results of the previous SERVICE<br />
command. Press the F3 key to quit. Following is an example:<br />
==> vmfview service<br />
===> <strong>VM</strong>FVIEW - Message Log Browse of $<strong>VM</strong>FSRV $MSGLOG A1 F3<br />
Ideally there will be no output. If there are errors they must be addressed. If there are<br />
warnings, they may be acceptable but should be investigated.<br />
5.4.5 Putting the service into production<br />
To put the service into production, per<strong>for</strong>m the following steps:<br />
► Use the PUT2PROD command to put the service into production.<br />
==> put2prod<br />
...<br />
<strong>VM</strong>FP2P2760I PUT2PROD processing completed successfully<br />
Again, watch <strong>for</strong> a return code of 0.<br />
► Your PTF should now be put into production. You may or may not have to reIPL the<br />
system, depending on the nature of the PTF applied. If you are in a position to re-IPL your<br />
system it may be safest to reIPL using the SHUTDOWN REIPL command in order to<br />
completely test the changes:
==> shutdown reipl iplparms cons=sysc<br />
SYSTEM SHUTDOWN STARTED<br />
...<br />
► Your z/<strong>VM</strong> system should come back in a few minutes. When the system comes back up,<br />
start a 3270 session to MAINT and again query the status of the PTF:<br />
==> service cp status um32811<br />
<strong>VM</strong>FSRV2760I SERVICE processing started<br />
<strong>VM</strong>FSRV1226I CP (6<strong>VM</strong>CPR<strong>10</strong>%CP) PTF UM32811 status:<br />
<strong>VM</strong>FSRV1226I RECEIVED 12/15/09 13:41:36<br />
<strong>VM</strong>FSRV1226I APPLIED 12/15/09 13:41:37<br />
<strong>VM</strong>FSRV1226I BUILT 12/15/09 13:42:14<br />
<strong>VM</strong>FSRV1226I PUT2PROD 12/15/09 13:47:59<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully<br />
This shows that the PTF has been successfully applied.<br />
5.4.6 Checking <strong>for</strong> APARMEMO files<br />
5.5 Moving on<br />
After you have applied PTFs, you should check <strong>for</strong> files with a file type of APARMEMO on the<br />
MAINT 500 disk. <strong>The</strong>se files may have additional instructions on work to do after the PTFs<br />
have been applied. Per<strong>for</strong>m the following steps:<br />
► Access the MAINT 500 disk as C and list the files with file type APARMEMO:<br />
==> acc 500 c<br />
==> listfile * aparmemo c<br />
6<strong>VM</strong>CMS<strong>10</strong> APARMEMO C1<br />
In this example, there is one APARMEMO file.<br />
► Look at the contents of the file:<br />
==> type 6vmcms<strong>10</strong> aparmemo c<br />
APAR MEMOS 01/26/<strong>10</strong>.12:50:20<br />
=================================<br />
THE FOLLOWING MEMOS WERE INCLUDED WITH THE PTFS SHIPPED:<br />
NONE.<br />
In this example the APARMEMO file was created, but no additional memorandums are present.<br />
You will not see any new in<strong>for</strong>mation in the APARMEMO file if you have not done SERVICE against<br />
the documentation SERVLINK file. This is because the MEMO file is in the<br />
documentation SERVLINK file.<br />
You should now be done installing, configuring and servicing z/<strong>VM</strong>. A great attribute of z/<strong>VM</strong><br />
is that it normally hums along with little maintenance required. It is now time to change your<br />
focus to Linux.<br />
Chapter 5. Servicing z/<strong>VM</strong> 91
92 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 6. Configuring an NFS/FTP server<br />
“Anyone who has never made a mistake has never tried anything new.”<br />
— Albert Einstein<br />
A common method of installing Linux on z/<strong>VM</strong> is over the network from another server using<br />
the Network File System (NFS). To accomplish this, a PC Linux system is recommended.<br />
This server supplies both the RHEL 6 distribution and the files associated with this book. <strong>The</strong><br />
server must have at least 4 GB of free disk space. It can be a Linux PC, but it can also be a<br />
UNIX box (Sun Solaris, Hewlett Packard HP-UX, <strong>IBM</strong> AIX® or other). You can also<br />
choose to use a Windows workstation with FTP or HTTP, if you absolutely must. Often, more<br />
problems are encountered when using a Windows workstation than a Linux or Unix<br />
workstation to serve the RHEL 6 install tree, so this choice is not recommended.<br />
<strong>The</strong> steps in this chapter explain how to configure a PC Linux box as the NFS server. Red<br />
Hat Installation Guide <strong>for</strong> the <strong>IBM</strong> S/390® and <strong>IBM</strong> System z Architectures manual provides<br />
additional in<strong>for</strong>mation about the installation options on the Web at:<br />
http://www.redhat.com/docs/manuals/enterprise/<br />
In addition to being an NFS server <strong>for</strong> Linux installation, this system can also be used as an<br />
FTP server <strong>for</strong> z/<strong>VM</strong> installation. If this is the case, section 6.5, “Configuring an FTP server <strong>for</strong><br />
z/<strong>VM</strong> installation” must be completed be<strong>for</strong>e Chapter 4, “Installing and configuring z/<strong>VM</strong>” on<br />
page 27.<br />
<strong>The</strong> following tasks will set up a Linux server:<br />
► “Installing Linux on the PC” on page 94<br />
► “Downloading files associated with this book” on page 94<br />
► “Setting up a RHEL 6 install tree” on page 94<br />
► “Enabling the NFS server” on page 96<br />
► “Configuring an FTP server <strong>for</strong> z/<strong>VM</strong> installation” on page 98<br />
6<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 93
6.1 Installing Linux on the PC<br />
If you don’t have a Linux PC then you must get access to one on the network and install Linux<br />
onto it. Describing that is outside the scope of this book. However, installing the same<br />
distribution onto a PC server that you plan to install on System z is recommended. Doing so<br />
will give you practice with the installation process and will give you a reference system that<br />
may be helpful in understanding the differences between the Intel® (i386, i686) and System z<br />
(s390x) architctures. In this chapter, a PC running RHEL 6 is used.<br />
6.2 Downloading files associated with this book<br />
This book has files associated with it to make the task of customizing and cloning your virtual<br />
servers easier. <strong>The</strong> tar file on the Web at:<br />
ftp://www.redbooks.ibm.com/redbooks/SG247932/SG247932.tgz<br />
Per<strong>for</strong>m the following steps:<br />
► <strong>The</strong> tar file virt-cookbook-RH6.tgz is only about 24 KB. Download the file and untar it.<br />
<strong>The</strong> following example shows this being done from a newly created directory /nfs/:<br />
# mkdir /nfs<br />
# cd /nfs<br />
... download or copy the file SH247932.tgz to /nfs/ ...<br />
# tar xzf SG247932.tgz<br />
► List the files in the new directory virt-cookbook-RH6/:<br />
# cd virt-cookbook-RH6<br />
# ls<br />
README.txt clone-1.0-<strong>10</strong>.s390x.rpm disclaimer.txt vm/<br />
<strong>The</strong> README.txt file briefly describes each of the files and the one directory. You may want to<br />
briefly view that file. You now have downloaded and uncompressed the files associated with<br />
this book.<br />
6.3 Setting up a RHEL 6 install tree<br />
You must have a valid Red Hat entitlement <strong>for</strong> Linux on <strong>IBM</strong> System z to access the Red Hat<br />
Enterprise Linux 6 ISO images. If you do not have one, you can request a free 180-day<br />
evaluation copy at:<br />
http://www.redhat.com/z<br />
Follow the link named Free Evaluation on the left, then fill out the online <strong>for</strong>m. If you do not<br />
have a Red Hat login, you will need to create one by clicking the Register and Continue<br />
button. Otherwise, enter your Red Hat login and password, then click Log In to continue.<br />
After completing the <strong>for</strong>m, you will automatically receive an e-mail with instructions on how to<br />
access the Red Hat Network (RHN), where you can download the installation discs at:<br />
https://rhn.redhat.com<br />
You can also click the Contact Sales link on the left of the page or call 1-888-733-4281.<br />
94 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
6.3.1 Copying from physical DVD<br />
RHEL 6 is distributed on physical CDs or files that are ISO images of CDs. RHEL 6 is also<br />
distributed on a single physical DVD disc or a single ISO image. It is easier to work with a<br />
single DVD ISO image than to work with multiple CD ISO images, so this approach is<br />
recommended.<br />
In the event that you have a physical DVD, but not an ISO image, it is recommended that you<br />
create an ISO image. You could skip creating the ISO image and copy the data directly from<br />
the DVD to the install tree, but creating the ISO image is recommended so you have a<br />
reference file.<br />
Be sure your PC has a DVD drive, not just a CD drive (if you have a PC that only has a CD<br />
drive, you can create ISO images of the CDs, but this is not described). Put the DVD in the<br />
tray and use the dd command to create the ISO image. <strong>The</strong> device file named /dev/cdrom is<br />
often associated with the CD/DVD drive, however, your device file name may be different. If<br />
so, you must determine the correct name.<br />
Per<strong>for</strong>m these steps only if you are starting with a physical DVD disc:<br />
# cd /nfs<br />
# dd if=/dev/cdrom of=rhel-6-server-s390x-dvd.iso<br />
# umount /mnt/cdrom<br />
You should now have an ISO image of the DVD.<br />
6.3.2 Verifying the ISO image<br />
An important early step is to verify the integrity of DVD ISO image. This is done by comparing<br />
a checksum value which was calculated when the DVD was created against a checksum<br />
value calculated against your ISO image. If the two checksum values differ then there was an<br />
error somewhere in the copying process.<br />
<strong>The</strong> md5sum command allows you to compare checksum files. <strong>The</strong> checksum value <strong>for</strong> RHEL<br />
6 <strong>for</strong> the s390x architecture is as follows:<br />
# cat MD5SUM<br />
9d7aac4bb79db67b1add308be7019760 rhel-server-6.0-s390x-dvd.iso<br />
Run the md5sum command against the MD5SUM file:<br />
# md5sum -c MD5SUM<br />
rhel-server-6.0-s390x-dvd.iso: OK<br />
Important: Your MD5SUM file may have checksum values <strong>for</strong> the DVD and the CD ISO<br />
images. If this is true and you only have one DVD ISO image, the md5sum will generate<br />
errors of the <strong>for</strong>m:<br />
md5sum: rhel-server-6.0-s390x-dvd.iso: No such file or directory<br />
rhel-server-6.0-s390x-dvd.iso: FAILED open or read<br />
This is not a problem, as long as the DVD ISO image is reported as OK.<br />
If the ISO image does not report OK, it must be downloaded or copied again until it does.<br />
Chapter 6. Configuring an NFS/FTP server 95
6.3.3 Copying the DVD contents<br />
Copy the contents of the ISO image to the file system. Temporarily mount it over a new<br />
directory tmp/ using a loopback device:<br />
# cd /nfs<br />
# mkdir tmp<br />
# mount -o loop rhel-server-6.0-s390x-dvd.iso tmp<br />
List the contents of the mounted ISO image:<br />
# ls tmp<br />
EULA README-pa.html RELEASE-NOTES-ml.html<br />
eula.en_US README-pt_BR.html RELEASE-NOTES-mr.html<br />
generic.ins README-ru.html RELEASE-NOTES-or.html<br />
...<br />
Make a new directory, /nfs/rhel6/, and recursively copy the contents of the DVD to it with<br />
the cp -a command. This will take a number of minutes to complete. <strong>The</strong>n unmount tmp/<br />
# cp -a tmp/* rhel6/<br />
# umount tmp<br />
Important: With RHEL 5, building a new repository <strong>for</strong> yum was necessary. With RHEL 6,<br />
this step should not be necessary as the repository on the ISO image is correct. However,<br />
this short section from the previous book is left here <strong>for</strong> reference.<br />
For the yum command to work, a common metadata repository must be built with the<br />
createrepo command. <strong>The</strong>re is a sample repository in the directory Server/repodata/.<br />
<strong>The</strong> group XML file named comps-rhel5-server-core.xml should be used to create group<br />
in<strong>for</strong>mation:<br />
# cd /nfs/rhel5/Server/<br />
# mv repodata/ repodata.orig<br />
# createrepo -g repodata.orig/comps-rhel5-server-core.xml .<br />
2495/2495 - junit-javadoc-3.8.2-3jpp.1.s390x.rpm<br />
Saving Primary metadata<br />
Saving file lists metadata<br />
Saving other metadata<br />
<strong>The</strong> newly created repodata/ directory contains the correct common medata:<br />
6.4 Enabling the NFS server<br />
<strong>The</strong> method of enabling an NFS server will differ depending upon the operating system.<br />
However, the steps are basically the same:<br />
► Export the appropriate directories.<br />
► Start the NFS server in the current run level.<br />
<strong>The</strong> directories to export with NFS are set in the /etc/exports configuration file. Export the<br />
directory /nfs/rhel6/ to make the install tree available and /nfs/virt-cookbook-RH6/ to<br />
make the files associated with this book available. First make a backup copy of the file. <strong>The</strong>n<br />
edit the original copy and add the two directories as follows:<br />
# cd /etc<br />
96 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
# cp exports exports.orig<br />
# vi exports // add two lines<br />
/nfs/rhel6 *(ro,sync)<br />
/nfs/virt-cookbook-RH6 *(ro,sync)<br />
<strong>The</strong> *(ro,sync) parameter specifies that any client with access to this server can get the NFS<br />
mount read-only. You may want to be more restrictive than allowing any client (with the “*”)<br />
<strong>for</strong> security reasons. Type man exports <strong>for</strong> more details.<br />
Set the NFS server to start with the chkconfig command and start it on <strong>for</strong> the current session<br />
with the service nfs start command:<br />
# chkconfig nfs on<br />
# chkconfig --list nfs<br />
nfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
# service nfs start<br />
Starting NFS services: [ OK ]<br />
Starting NFS quotas: [ OK ]<br />
Starting NFS daemon: [ OK ]<br />
Starting NFS mountd: [ OK ]<br />
Your NFS server should now be running with the directory exported. It is recommended that<br />
you test this by mounting the exported directory locally. <strong>The</strong> following example shows that the<br />
/mnt/ directory is empty. <strong>The</strong>n the newly exported /nfs/ directory is mounted and the files<br />
are listed.<br />
# mkdir /mnt/tmp<br />
# mount localhost:/nfs/rhel6/ /mnt/tmp<br />
# ls -F /mnt/tmp<br />
EULA README-or.html RELEASE-NOTES-ja.html<br />
eula.en_US README-pa.html RELEASE-NOTES-ko.html<br />
generic.ins README-pt_BR.html RELEASE-NOTES-ml.html<br />
GPL README-ru.html RELEASE-NOTES-mr.html<br />
images/ README-si.html RELEASE-NOTES-or.html<br />
...<br />
This shows that the RHEL 6 install tree is accessible through NFS. Now unmount it and test<br />
the virt-cookbook-RH6/ directory:<br />
# umount /mnt/tmp<br />
# mount localhost:/nfs/virt-cookbook-RH6 /mnt/tmp<br />
# ls -F /mnt/tmp<br />
clone-1.0-9.s390x.rpm README.txt vm/<br />
# umount /mnt/tmp<br />
You should now be able to use this server as the source of a RHEL 6 mainframe Linux<br />
installation. Later you will be able to copy the install tree to a System z Linux virtual<br />
server.<br />
Chapter 6. Configuring an NFS/FTP server 97
6.5 Configuring an FTP server <strong>for</strong> z/<strong>VM</strong> installation<br />
This section assumes that you have access to the z/<strong>VM</strong> 6.1 install code in electronic <strong>for</strong>mat.<br />
Ordering it through ShopzSeries is briefly described in section 4.1.1, “Obtaining z/<strong>VM</strong> through<br />
electronic download” on page 28. If you have completed that section, you may have the two<br />
z/<strong>VM</strong> product install files staged on a intermediate workstation, or you may be ready to<br />
download them from the Internet.<br />
6.5.1 Preparing the z/<strong>VM</strong> product install files<br />
<strong>The</strong> two zip files correspond to the larger first z/<strong>VM</strong> product DVD, and to the smaller second<br />
DVD - the RSU. <strong>The</strong> contents of these files must be copied to the directory of the FTP server.<br />
To accomplish this, per<strong>for</strong>m the following steps:<br />
► Create a target directory. In this example the directory /ftp/zvm61/ is used:<br />
# mkdir -p /ftp/zvm61<br />
► Set the group ownership of this directory, recursively, to ftp. This will allow the FTP<br />
daemon, which runs as the user ftp, to change directory into it:<br />
# chgrp -R ftp /nfs/zvm61<br />
► Either upload the two z/<strong>VM</strong> installation zip files from the intermediate workstation, or<br />
download them directly from the Internet. <strong>The</strong> following example shows copying them<br />
from an intermediate workstation Windows DOS session to the FTP server at the IP<br />
address 9.60.18.233 in the directory, /ftp/zvm61/ on thusing the add-on pscp command<br />
(Putty scp):<br />
C:>pscp *.zip root@9.60.18.233:/ftp/zvm61<br />
...<br />
cd813250.zip | 1247495 kB | 303.2 kB/s | ETA: 00:00:00 | <strong>10</strong>0%<br />
CD813270.ZIP | 44031 kB | 352.3 kB/s | ETA: 00:00:00 | <strong>10</strong>0%<br />
► List the newly copied files:<br />
# cd /ftp/zvm61<br />
# ls -l<br />
total 1291532<br />
-rw-r--r--. 1 root root 1277435798 Nov 11 14:08 cd813250.zip<br />
-rw-r--r--. 1 root root 450882<strong>10</strong> Nov 11 14:06 CD813270.ZIP<br />
► Unzip the files from DVD1, the larger file, using the unzip command. This will create the<br />
directory cpdvd/:<br />
# unzip cd813250.zip<br />
Archive: cd813250.zip<br />
creating: cpdvd/<br />
inflating: cpdvd/6<strong>10</strong>GANUC<br />
inflating: cpdvd/6<strong>10</strong>GARAM<br />
...<br />
► Unzip the files from the RSU DVD2, the smaller file. When prompted to replace files,<br />
respond with A <strong>for</strong> all:<br />
# unzip CD813270.ZIP<br />
Archive: CD813270.ZIP<br />
inflating: cpdvd/6<strong>10</strong>rsu.dvdimage<br />
inflating: cpdvd/61ckdrsu.srl<br />
inflating: cpdvd/61fbarsu.srl<br />
replace cpdvd/CKD50000? [y]es, [n]o, [A]ll, [N]one, [r]ename: A<br />
inflating: cpdvd/CKD50000<br />
...<br />
98 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
You should now have all the z/<strong>VM</strong> product install files in place under the directory<br />
/ftp/zvm61/cpdvd/.<br />
6.5.2 Installing and configuring the FTP server<br />
An FTP server must be installed and configured. <strong>The</strong> vsftpd FTP server is recommended.<br />
This section shows how to configure it as an anonymous FTP server. To accomplish these<br />
tasks, per<strong>for</strong>m the following steps:<br />
► Use the rpm -qa command to see if the RPM is installed:<br />
# rpm -qa | grep ftpd<br />
► No output shows that it is not installed. Use the yum -y command to install the package:<br />
# yum -y install vsftpd<br />
Loaded plugins: rhnplugin<br />
This system is not registered with RHN.<br />
...<br />
Installed:<br />
vsftpd.s390x 0:2.2.2-6.el6<br />
► Make a backup of the vsftpd configuration file, /etc/vsftpd/vsftpd.conf:<br />
# cd /etc/vsftpd<br />
# cp vsftpd.conf vsftpd.conf.orig<br />
► Modify the configuration file to set the directory that anonymous user will be logged in to<br />
/ftp/zvm61/ using the anon_root variable. Also disable local (non-anonymous) logins by<br />
commenting out the local_enable=YES and write_enable=YES lines.<br />
# Example config file /etc/vsftpd/vsftpd.conf<br />
#<br />
# <strong>The</strong> default compiled in settings are fairly paranoid. This sample file<br />
# loosens things up a bit, to make the ftp daemon more usable.<br />
# Please see vsftpd.conf.5 <strong>for</strong> all compiled in defaults.<br />
#<br />
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.<br />
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's<br />
# capabilities.<br />
#<br />
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).<br />
anonymous_enable=YES<br />
# set the home directory of anonymous FTP to /ftp/zvm61<br />
anon_root=/ftp/zvm61<br />
#<br />
# Uncomment this to allow local users to log in.<br />
# local_enable=YES<br />
#<br />
# Uncomment this to enable any <strong>for</strong>m of FTP write command.<br />
# write_enable=YES<br />
...<br />
► Set the vsftpd service to start at boot time with the chkconfig command and <strong>for</strong> this<br />
session with the service command:<br />
# chkconfig vsftpd on<br />
# service vsftpd start<br />
Starting vsftpd <strong>for</strong> vsftpd: [ OK ]<br />
An anonymous FTP server should now be running with the z/<strong>VM</strong> 6.1 directory in /cpdvd<br />
(relative to the anonymous FTP root directory).<br />
Chapter 6. Configuring an NFS/FTP server 99
6.5.3 Testing the anonymous FTP server<br />
Test the setup by FTPing in as anonymous from another system. You should see the cpdvd/<br />
directory:<br />
# ftp gpok223<br />
Connected to gpok223.endicott.ibm.com.<br />
220 (vsFTPd 2.2.2)<br />
Name (gpok223:root): anonymous<br />
331 Please specify the password.<br />
Password:<br />
230 Login successful.<br />
Remote system type is UNIX.<br />
Using binary mode to transfer files.<br />
ftp> dir<br />
229 Entering Extended Passive Mode (|||6252|).<br />
150 Here comes the directory listing.<br />
-rw-r--r-- 1 0 0 450882<strong>10</strong> Nov 11 19:06 CD813270.ZIP<br />
dr-xr-xr-x 2 0 0 24576 Nov 11 19:23 cpdvd<br />
226 Directory send OK.<br />
ftp> quit<br />
This shows that the anonymous FTP server is working. You should now be able to continue<br />
with a z/<strong>VM</strong> installation via FTP, starting in section 4.1, “Installing z/<strong>VM</strong> from DVD or FTP<br />
server” on page 28.<br />
<strong>10</strong>0 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 7. Installing RHEL 6 on the cloner<br />
“<strong>The</strong> most incomprehensible thing about the world is that it is at all comprehensible.”<br />
— Albert Einstein<br />
By now, you must have created a new z/<strong>VM</strong> user ID, LNXMAINT. Now it is time to create the<br />
first Linux user ID, RH6CLONE. This Linux ID is the cloner installation server, and serves as the<br />
administration point <strong>for</strong> future Linux IDs. This server is referred to as the cloner. RH6CLONE<br />
serves the following purposes:<br />
► Red Hat Enterprise Linux 6 installation server: This is a tree of Red Hat packages (RPMs)<br />
and other files required <strong>for</strong> installation.<br />
► Network File System (NFS) server: This exports the installation tree and possibly other<br />
useful files.<br />
► Clone server: This is <strong>for</strong> cloning an existing installation to a new Linux ID. See Chapter 9,<br />
“Configuring RHEL 6 <strong>for</strong> cloning” on page 145.<br />
► Kickstart server: This hosts files necessproduct install filesary <strong>for</strong> automated installations.<br />
See Chapter <strong>10</strong>, “Installing Linux with kickstart” on page 163.<br />
Chapters 4, 5 and 6 must be completed be<strong>for</strong>e proceeding. In this section, you will per<strong>for</strong>m<br />
following tasks:<br />
► “Installing the cloner” on page <strong>10</strong>1<br />
► “Configuring the cloner” on page 119<br />
7.1 Installing the cloner<br />
In this section you will install the RHEL 6 cloner under the user RH6CLONE. This is the guest<br />
which will serve as the installation and file server <strong>for</strong> future Linux guests.<br />
7.1.1 Creating the user ID RH6CLONE<br />
In this section you will define the RH6CLONE user ID to z/<strong>VM</strong>.<br />
► Logon to MAINT, make a backup of and edit the USER DIRECT file:<br />
7<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. <strong>10</strong>1
==> copy user direct c = direwrks = (rep<br />
==> x user direct c<br />
In the USER DIRECT file you can group statements that will be common to many user<br />
definitions in a construct called a profile. This profile can then become part of the user<br />
definitions using the INCLUDE statement. You used the existing profile TCPCMSU when you<br />
defined the LNXMAINT user.<br />
► Create a new profile named LNXDFLT. This will contain the user directory statements that<br />
will be common to all Linux user IDs. To save typing, you can use the "" prefix commands<br />
to duplicate the <strong>IBM</strong>DFLT profile that should be on lines 37-50:<br />
""037 ***************************************************************<br />
00038 *<br />
00039 PROFILE <strong>IBM</strong>DFLT<br />
00040 SPOOL 000C 2540 READER *<br />
00041 SPOOL 000D 2540 PUNCH A<br />
00042 SPOOL 000E 1403 A<br />
00043 CONSOLE 009 3215 T<br />
00044 LINK MAINT 0190 0190 RR<br />
00045 LINK MAINT 019D 019D RR<br />
00046 LINK MAINT 019E 019E RR<br />
00047 LINK MAINT 0402 0402 RR<br />
00048 LINK MAINT 0401 0401 RR<br />
""049 ******************************<br />
► Issue the CP command QUERY PROCESSORS to see how many physical CPUs your LPAR<br />
has. In this example, it is <strong>10</strong>:<br />
==> q proc<br />
PROCESSOR 00 MASTER CP<br />
PROCESSOR 01 ALTERNATE CP<br />
PROCESSOR 02 ALTERNATE CP<br />
PROCESSOR 03 ALTERNATE CP<br />
PROCESSOR 04 ALTERNATE CP<br />
PROCESSOR 05 ALTERNATE CP<br />
PROCESSOR 06 ALTERNATE CP<br />
PROCESSOR 07 ALTERNATE CP<br />
PROCESSOR 08 ALTERNATE CP<br />
PROCESSOR 09 ALTERNATE CP<br />
Important: In the past, only two virtual CPUs were recommeneded on the next step. With<br />
the new cpuplugd service (see section 13.7, “Utilizing the cpuplugd service” on page 2<strong>10</strong>),<br />
this recommendation has changed to be the same number as physical CPUs. This could<br />
have the side effect of allowing a single Linux virtual machine to consume a large amount<br />
of CPU resource. You may consider leaving this at two <strong>for</strong> now.<br />
► Edit the duplicated profile by deleting the three LINK MAINT 040x lines, and inserting the<br />
lines that are shown in bold text:<br />
PROFILE LNXDFLT<br />
IPL CMS<br />
MACHINE ESA <strong>10</strong><br />
CPU 00 BASE<br />
CPU 01<br />
CPU 02<br />
CPU 03<br />
CPU 04<br />
CPU 05<br />
CPU 06<br />
CPU 07<br />
<strong>10</strong>2 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
CPU 08<br />
CPU 09<br />
NICDEF 600 TYPE QDIO LAN SYSTEM VSW1<br />
SPOOL 000C 2540 READER *<br />
SPOOL 000D 2540 PUNCH A<br />
SPOOL 000E 1403 A<br />
CONSOLE 009 3215 T<br />
LINK MAINT 0190 0190 RR<br />
LINK MAINT 019D 019D RR<br />
LINK MAINT 019E 019E RR<br />
LINK LNXMAINT 192 191 RR<br />
LINK TCPMAINT 592 592 RR<br />
Notes:<br />
– <strong>The</strong> first line sets CMS be IPLed when the user ID is logged onto<br />
– Update the MACHINE statement line to set the machine type to ESA with a maximum<br />
number of CPUs that can be defined. In this example, the LPAR has <strong>10</strong> processors, so<br />
the value of the last parameter is set to <strong>10</strong>.<br />
– <strong>The</strong> next ten lines define ten virtual CPUs. Be sure to set the number of virtual CPUs<br />
equal to (or less than) the number of physical CPUs.<br />
– <strong>The</strong> NICDEF line defines a virtual NIC connected to the VSWITCH starting at virtual<br />
address 600<br />
– <strong>The</strong> last two lines provide read access to LNXMAINT 192 disk as the user’s 191 disk,<br />
and the TCPMAINT 592 disk, so that the user has access to TCPIP services such as<br />
FTP<br />
► Go to the bottom of the file and add the definition <strong>for</strong> a new user ID named RH6CLONE. This<br />
user ID is given class B, D and E privilege classes, aside from the typical class G, in order<br />
to run the FLASHCOPY command (B), the QUERY ALLOC MAP (D) command, and the QUERY NSS<br />
(E) command. Be sure to replace the volume labels in bold and italics (e.g.: UM6290) with<br />
the labels of your DASD:<br />
USER RH6CLONE LNX4<strong>VM</strong> 512M 1G BDEG<br />
INCLUDE LNXDFLT<br />
OPTION LNKNOPAS APPLMON<br />
MDISK <strong>10</strong>0 3390 0001 3338 UM6290 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 0001 3338 UM6293 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>2 3390 0001 3338 UM6294 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
*<br />
This Linux user ID will have the following minidisks and virtual disks (VDISKs):<br />
Table 7-1 Minidisks to be defined<br />
Minidisk or VDISK Description<br />
<strong>10</strong>0 <strong>The</strong> root file system of the Linux cloner. This will serve as the<br />
administration point <strong>for</strong> all your Linux virtual servers.<br />
<strong>10</strong>1-<strong>10</strong>2 Minidisks used to create a logical volume mounted over /nfs/ This<br />
file system is used to make the RHEL 6 installation tree and the files<br />
associated with this book available over NFS.<br />
300-301 <strong>The</strong>se are virtual disk (VDISK) swap spaces that are not defined in<br />
USER DIRECT file, but defined by calls to the SWAPGEN EXEC in the<br />
user’s PROFILE EXEC so that when the user ID logs on the VDISKs<br />
are created.<br />
Chapter 7. Installing RHEL 6 on the cloner <strong>10</strong>3
► Go back to the top of the file and search <strong>for</strong> string USER $ALLOC$. Add cylinder 0 of each of<br />
the new volumes to this dummy user ID so they don’t show up as gaps in the USER<br />
DISKMAP report file:<br />
====> top<br />
====> /user $alloc$<br />
USER $ALLOC$ NOLOG<br />
MDISK A01 3390 000 001 6<strong>10</strong>RES R<br />
MDISK A02 3390 000 001 UV6283 R<br />
MDISK A03 3390 000 001 UV6284 R<br />
MDISK A04 3390 000 001 UM6289 R<br />
MDISK A05 3390 000 001 UM6290 R<br />
MDISK A06 3390 000 001 UM6293 R<br />
MDISK A07 3390 000 001 UM6294 R<br />
...<br />
====> file<br />
► Run DISKMAP to check <strong>for</strong> overlaps and gaps. You should only see only a 501 and a 1<br />
cylinder gap.<br />
==> diskmap user<br />
==> x user diskmap<br />
====> all /gap/|/overlap/<br />
-------------------- 4 line(s) not displayed --------------------<br />
0 500 501 GAP<br />
-------------------- 6 line(s) not displayed --------------------<br />
0 0 1 GAP<br />
-------------------- 355 line(s) not displayed --------------------<br />
====> quit<br />
► When the disk layout is correct run DIRECTXA to bring the changes online:<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 5 RELEASE 3.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
You have now defined the user ID that will be both the master Linux image and the cloner.<br />
7.1.2 Adding RH6CLONE to AUTOLOG1’s PROFILE EXEC<br />
<strong>The</strong> new Linux ID you defined needs access to the VSWITCH. A SET VSWITCH command with<br />
the GRANT parameter can be added to AUTOLOG1’s PROFILE EXEC to do this. Also, an XAUTOLOG<br />
statement can be added if the user ID is automatically logged on at z/<strong>VM</strong> IPL time:<br />
Other examples show how to logoff of MAINT and logon to AUTOLOG1. You can also modify the<br />
file by linking to the AUTOLOG1 191 disk read/write.<br />
Per<strong>for</strong>m the following steps:<br />
► Use the LINK and ACCESS commands to link and access the AUTOLOG1 191 disk read/write<br />
==> link autolog1 191 1191 mr<br />
==> acc 1191 f<br />
► Edit the file PROFILE EXEC. Add the RH6CLONE user ID to the sections that grant access to<br />
the VSWITCH and that XAUTOLOG the Linux user IDs:<br />
==> x profile exec f // add two lines<br />
/***************************/<br />
/* Autolog1 Profile Exec */<br />
/***************************/<br />
'cp xautolog tcpip' /* start up TCPIP */<br />
'CP XAUTOLOG DTCVSW1' /* start VSWITCH controller 1 */<br />
<strong>10</strong>4 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
'CP XAUTOLOG DTCVSW2' /* start VSWITCH controller 2 */<br />
'cp set pf12 ret' /* set the retrieve key */<br />
'cp set mdc stor 0m 128m' /* Limit minidisk cache in CSTOR */<br />
'cp set mdc xstore 0m 0m' /* Disable minidisk cache in XSTOR */<br />
'cp set srm storbuf 300% 250% 200%' /* Overcommit memory */<br />
'cp set signal shutdown 300' /* Allow guests 5 min to shut down */<br />
/* Grant access to VSWITCH <strong>for</strong> each Linux user */<br />
'cp set vswitch vsw1 grant rh6clone'<br />
/* XAUTOLOG each Linux user that should be started */<br />
'cp xautolog rh6clone'<br />
'cp logoff' /* logoff when done */<br />
====> file<br />
<strong>The</strong>se changes will not take effect until the next IPL, so you must grant this user ID access to<br />
the VSWITCH <strong>for</strong> this z/<strong>VM</strong> session. This is done as follows:<br />
==> set vswitch vsw1 grant rh6clone<br />
Command complete<br />
7.1.3 Preparing RH6CLONE bootstrap files<br />
To IPL a RHEL 6 installation system, four bootstrap files must be prepared. Three are<br />
punched to z/<strong>VM</strong> reader and then IPLed. <strong>The</strong>se three files IPLed are a kernel, a parameter<br />
file and an initial RAMdisk. <strong>The</strong> fourth file is a configuration file stored on a CMS disk that the<br />
parameter file points to.<br />
Think of these as the files that are on as a PC Linux boot CD (or floppy disk). Also, a small<br />
REXX EXEC is commonly used to clean out the reader, punch the three files and IPL the<br />
reader. A sample RHEL 6 parameter file, configuration file and install EXEC are supplied and<br />
should be on the LNXMAINT 192 disk (this task is in section 4.7.5, “Copying files associated<br />
with this book to LNXMAINT” on page 60). <strong>The</strong>re<strong>for</strong>e, only the kernel and RAMdisk need to<br />
be copied.<br />
► Start an SSH session as root on the NFS server.<br />
► Use the ftp command to copy the RHEL 6 kernel and initial RAMdisk to LNXMAINT’s D disk.<br />
<strong>The</strong>se files must have a record <strong>for</strong>mat of fixed 80 byte records. This <strong>for</strong>mat can be set with<br />
the site fix 80 FTP subcommand (if this subcommand fails, try quote site fix 80).<br />
Following is an example:<br />
# cd /nfs/rhel6/dvd1/images<br />
# ftp 9.60.18.249<br />
Name (9.60.18.249:root): lnxmaint<br />
Password:<br />
230 LNXMAINT logged in; working directory = LNXMAINT 191<br />
Remote system type is z/<strong>VM</strong>.<br />
ftp> cd lnxmaint.192<br />
250 Working directory is LNXMAINT 192<br />
ftp> site fix 80<br />
200 Site command was accepted.<br />
ftp> bin<br />
200 Representation type is IMAGE.<br />
ftp> put initrd.img rhel6.initrd<br />
...<br />
23651842 bytes sent in 00:01 (11.34 MB/s)<br />
ftp> put kernel.img rhel6.kernel<br />
...<br />
Chapter 7. Installing RHEL 6 on the cloner <strong>10</strong>5
8016384 bytes sent in 00:01 (6.01 MB/s)<br />
ftp> quit<br />
► Go back to your 3270 session. Logoff of MAINT and logon to LNXMAINT.<br />
► <strong>The</strong> files SAMPLE PARM-RH6, SAMPLE CONF-RH6, and RHEL6 EXEC should exist on the LNXMAINT<br />
192 (D) disk as they were copied in 4.7.5, “Copying files associated with this book to<br />
LNXMAINT” on page 60. Use the FILELIST command to verify that the files were copied,<br />
and that the kernel and initial RAMdisk were copied in Fixed 80 byte record <strong>for</strong>mat. You<br />
should see the following files (the number of records and blocks may vary):<br />
==> filel * * d<br />
LNXMAINT FILELIST A0 V 169 Trunc=169 Size=<strong>10</strong> Line=1 Col=1 Alt=0<br />
Cmd Filename Filetype Fm Format Lrecl Records Blocks Date Time<br />
RHEL6 EXEC D1 V 69 <strong>10</strong> 1 9/23/<strong>10</strong> 12:55:22<br />
RHEL6 KERNEL D1 F 80 <strong>10</strong>0205 1642 9/23/<strong>10</strong> 12:52:07<br />
RHEL6 INITRD D1 F 80 295649 5775 9/23/<strong>10</strong> 12:51:29<br />
CHPW6<strong>10</strong> XEDIT D1 V 72 190 3 9/23/<strong>10</strong> 9:13:31<br />
CPFORMAT EXEC D1 V 79 252 3 9/23/<strong>10</strong> 9:13:31<br />
PROFILE EXEC D1 V 63 17 1 9/23/<strong>10</strong> 9:13:31<br />
SAMPLE CONF-RH6 D1 V 38 13 1 9/23/<strong>10</strong> 9:13:31<br />
SAMPLE PARM-RH6 D1 V 80 3 1 9/23/<strong>10</strong> 9:13:31<br />
SWAPGEN EXEC D1 V 72 467 6 9/23/<strong>10</strong> 9:13:31<br />
PROFILE XEDIT D1 V 45 17 1 9/23/<strong>10</strong> 8:41:19<br />
► Quit by pressing F3.<br />
► Verify that the file RHEL6 EXEC has the correct in<strong>for</strong>mation. Note the kernel and RAMdisk<br />
have hard coded file names (RHEL6), but the file name of the parameter file will be the user<br />
ID (userid() function) of the user running the EXEC:<br />
==> type rhel6 exec d<br />
/* EXEC to punch a RHEL 6 install system to reader and IPL from it */<br />
Address 'COMMAND'<br />
'CP SPOOL PUN *'<br />
'CP CLOSE RDR'<br />
'CP PURGE RDR ALL'<br />
'PUNCH RHEL6 KERNEL * (NOHEADER'<br />
'PUNCH' Userid() 'PARM-RH6 * (NOHEADER'<br />
'PUNCH RHEL6 INITRD * (NOHEADER'<br />
'CP CHANGE RDR ALL KEEP'<br />
'CP IPL 00C CLEAR'<br />
► <strong>The</strong>re are two text files needed to install RHEL 6: a parameter file and a configuration file.<br />
A sample parameter file is provided, named SAMPLE PARM-RH6. It has some values, the<br />
most important value, the CMSCONFFILE variable, points to the configuration file which<br />
remains on a CMS minidisk. Copy the sample parameter file to a new file with a file name<br />
of RH6CLONE. Change the configuration file variable to point to a file with the same file<br />
name:<br />
==> copy sample parm-rh6 d rh6clone = =<br />
==> x rh6clone parm-rh6 d<br />
root=/dev/ram0 ro ip=off ramdisk_size=40000<br />
CMSDASD=191 CMSCONFFILE=RH6CLONE.CONF-RH6<br />
vnc vncpassword=lnx4vm<br />
► Copy the sample configuration file and modify the appropriate fields. Refer to the<br />
worksheet in section 2.7.4, “Linux user ID worksheet” on page 18. Following are the<br />
values used <strong>for</strong> the example in this book.<br />
==> copy sample conf-rh6 d rh6clone = =<br />
==> x rh6clone conf-rh6<br />
DASD=<strong>10</strong>0-<strong>10</strong>5,300-301<br />
<strong>10</strong>6 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
HOSTNAME=gpok223.endicott.ibm.com<br />
NETTYPE=qeth<br />
IPADDR=9.60.18.223<br />
SUBCHANNELS=0.0.0600,0.0.0601,0.0.0602<br />
NETMASK=255.255.255.128<br />
SEARCHDNS=endicott.ibm.com<br />
GATEWAY=9.60.18.129<br />
DNS=9.0.3.1<br />
MTU=1500<br />
PORTNAME=DONTCARE<br />
PORTNO=0<br />
LAYER2=0<br />
Note: <strong>The</strong> RHEL 6 installer supports OSA/NIC in layer 2 (ethernet) mode. In the<br />
example above, the Linux virtual machine is connecting to a layer 3 VSWITCH, so<br />
the parameter LAYER2=0 is set. When connecting in layer 2 mode, set LAYER2=1.<br />
<strong>The</strong>n, if this guest is connected to a VSWITCH, set VSWITCH=1, signifying that the<br />
VSWITCH will provide the MAC address. If this guest is not connected to a<br />
VSWITCH, set VSWITCH=0 and add the parameter MACADDR= followed by the MAC<br />
address <strong>for</strong> this guest.<br />
► Linux user IDs will pick up their PROFILE EXEC from LNXMAINT 192. This file runs when you<br />
press Enter at the <strong>VM</strong> READ prompt. It creates two VDISKs with the SWAPGEN EXEC to later<br />
be used as swap spaces. It also per<strong>for</strong>ms a few other functions including IPLIng Linux<br />
automatically if the virtual machine is logged on disconnected. View the contents of the<br />
PROFILE EXEC with the CMS TYPE command:<br />
==> type profile exec d<br />
/* PROFILE EXEC <strong>for</strong> Linux virtual servers */<br />
'CP SET RUN ON'<br />
'CP SET PF11 RETRIEVE FORWARD'<br />
'CP SET PF12 RETRIEVE'<br />
'ACC 592 C'<br />
'SWAPGEN 300 524288' /* create a 256M VDISK disk swap space */<br />
'SWAPGEN 301 <strong>10</strong>48576' /* create a 512M VDISK disk swap space */<br />
'PIPE CP QUERY' userid() '| var user'<br />
parse value user with id . dsc .<br />
if (dsc = 'DSC') then /* user is disconnected */<br />
'CP IPL <strong>10</strong>0'<br />
else /* user is interactive -> prompt */<br />
do<br />
say 'Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n'<br />
parse upper pull answer .<br />
if (answer = 'Y') then 'CP IPL <strong>10</strong>0'<br />
end /* else */<br />
7.1.4 Beginning the Linux installation<br />
Per<strong>for</strong>m the following steps to begin the Linux installation:<br />
► Logon to RH6CLONE. <strong>The</strong> PROFILE EXEC from the LNXMAINT 192 disk should prompt you to<br />
IPL minidisk <strong>10</strong>0. Since there is nothing installed yet, answer no.<br />
LOGON RH6CLONE<br />
NIC 0600 is created; devices 0600-0602 defined<br />
z/<strong>VM</strong> Version 6 Release 1.0, Service Level <strong>10</strong>02 (64-bit),<br />
built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
<strong>The</strong>re is no logmsg data<br />
FILES: 0003 RDR, NO PRT, NO PUN<br />
Chapter 7. Installing RHEL 6 on the cloner <strong>10</strong>7
LOGON AT 07:41:38 EDT WEDNESDAY 09/29/<strong>10</strong><br />
z/<strong>VM</strong> V6.1.0 20<strong>10</strong>-09-23 11:31<br />
DMSACP723I A (191) R/O<br />
DMSACP723I C (592) R/O<br />
DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space)<br />
DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space)<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
n<br />
► Set the memory size to 1 GB with the CP DEFINE STORAGE command:<br />
==> def stor 1g<br />
00: STORAGE = 1G<br />
00: Storage cleared - system reset.<br />
► IPL CMS, and again answer no:<br />
==> ipl cms<br />
z/<strong>VM</strong> V6.1.0 20<strong>10</strong>-09-23 11:31<br />
DMSACP723I A (191) R/O<br />
DMSACP723I C (592) R/O<br />
DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space)<br />
DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space)<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
n<br />
► To begin the install program, run the RHEL6 EXEC. You should see many screens of<br />
questions and answers scrolling by. If you had used the default parameter file shipped<br />
with RHEL 6, you would have had to answer all the networking questions manually. With<br />
the proper parameters set in RH6CLONE CONF-RH6, the install process should proceed to<br />
where you have to use a browser to VNC client get into the installation program:<br />
==> rhel6<br />
RDR FILE 0004 SENT FROM RH6CLONE PUN WAS 0004 RECS <strong>10</strong>0K CPY 001 A NOHOLD NOKEEP<br />
RDR FILE 0005 SENT FROM RH6CLONE PUN WAS 0005 RECS 0003 CPY 001 A NOHOLD NOKEEP<br />
RDR FILE 0006 SENT FROM RH6CLONE PUN WAS 0006 RECS 296K CPY 001 A NOHOLD NOKEEP<br />
0000003 FILES CHANGED<br />
0000003 FILES CHANGED<br />
Initializing cgroup subsys cpuset<br />
Initializing cgroup subsys cpu<br />
Linux version 2.6.32-71.el6.s390x (mockbuild@s390-004.build.bos.redhat.com) (gcc<br />
version 4.4.4 20<strong>10</strong>0726 (Red Hat 4.4.4-13) (GCC) ) #1 SMP Wed Sep 1 01:38:33 EDT<br />
20<strong>10</strong><br />
setup: Linux is running as a z/<strong>VM</strong> guest operating system in 64-bit mode<br />
Zone PFN ranges:<br />
DMA 0x00000000 -> 0x00080000<br />
Normal 0x00080000 -> 0x00080000<br />
Movable zone start PFN <strong>for</strong> each node<br />
early_node_mapÝ1¨ active PFN ranges<br />
0: 0x00000000 -> 0x00020000<br />
PERCPU: Embedded 12 pages/cpu @000000000266d000 s16896 r8192 d24064 u65536<br />
pcpu-alloc: s16896 r8192 d24064 u65536 alloc=16*4096<br />
pcpu-alloc: Ý0¨ 00 Ý0¨ 01 Ý0¨ 02 Ý0¨ 03 Ý0¨ 04 Ý0¨ 05 Ý0¨ 06 Ý0¨ 07<br />
pcpu-alloc: Ý0¨ 08 Ý0¨ 09 Ý0¨ <strong>10</strong> Ý0¨ 11 Ý0¨ 12 Ý0¨ 13 Ý0¨ 14 Ý0¨ 15<br />
pcpu-alloc: Ý0¨ 16 Ý0¨ 17 Ý0¨ 18 Ý0¨ 19 Ý0¨ 20 Ý0¨ 21 Ý0¨ 22 Ý0¨ 23<br />
pcpu-alloc: Ý0¨ 24 Ý0¨ 25 Ý0¨ 26 Ý0¨ 27 Ý0¨ 28 Ý0¨ 29 Ý0¨ 30 Ý0¨ 31<br />
pcpu-alloc: Ý0¨ 32 Ý0¨ 33 Ý0¨ 34 Ý0¨ 35 Ý0¨ 36 Ý0¨ 37 Ý0¨ 38 Ý0¨ 39<br />
pcpu-alloc: Ý0¨ 40 Ý0¨ 41 Ý0¨ 42 Ý0¨ 43 Ý0¨ 44 Ý0¨ 45 Ý0¨ 46 Ý0¨ 47<br />
pcpu-alloc: Ý0¨ 48 Ý0¨ 49 Ý0¨ 50 Ý0¨ 51 Ý0¨ 52 Ý0¨ 53 Ý0¨ 54 Ý0¨ 55<br />
pcpu-alloc: Ý0¨ 56 Ý0¨ 57 Ý0¨ 58 Ý0¨ 59 Ý0¨ 60 Ý0¨ 61 Ý0¨ 62 Ý0¨ 63<br />
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 129280<br />
<strong>10</strong>8 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Kernel command line: root=/dev/ram0 ro ip=off ramdisk_size=40000<br />
CMSDASD=191 CMSCONFFILE=RH6CLONE.CONF-RH6<br />
vnc vncpassword=lnx4vm<br />
...<br />
Important: If the DASD you are using has never been <strong>for</strong>matted <strong>for</strong> Linux, you may get<br />
many screens of warning messages similar to the following on your 3270 session:<br />
dasd(eckd): I/O status report <strong>for</strong> device 0.0.0<strong>10</strong>0:<br />
dasd(eckd): in req: 000000000e027ee8 CS: 0x40 DS: 0x0E<br />
dasd(eckd): device 0.0.0<strong>10</strong>0: Failing CCW: 000000000e027fd0<br />
dasd(eckd): Sense(hex) 0- 7: 00 08 00 00 04 ff ff 00<br />
This is not a problem, you just have to clear the screen many times or the install process<br />
will freeze. An alternative to clearing the screen many times is to issue the following CP<br />
TERM command:<br />
#cp term more 0 0<br />
Press Enter and the screen should scroll freely. <strong>The</strong> downside of this option is that you<br />
may miss some messages that are important. You may later want to set the value back to<br />
the default of waiting 50 seconds to beep then another <strong>10</strong> seconds to clear the screen with<br />
the following command:<br />
#cp term more 50 <strong>10</strong><br />
► You may see warnings about systems that cannot be reached.<br />
Trying to reach gateway 9.60.18.129...<br />
Could not reach your default gateway 9.60.18.129<br />
0) redo this parameter, 1) continue, 2) restart dialog, 3) halt, 4) shell<br />
If so, be sure the IP address you are using is not already in use.<br />
► <strong>The</strong> kernel should continue to boot until you see the following messages:<br />
...<br />
Starting sshd to allow login over the network.<br />
Connect now to 9.60.18.223 and log in as user install to start the installation.<br />
E.g. using: ssh -x install@9.60.18.223<br />
You may log in as the root user to start an interactive shell.<br />
► From your workstation, use your SSH client (e.g. PuTTY) to connect to the IP address and<br />
begin the installation. When prompted <strong>for</strong> a user name, enter install. A password will not<br />
be required. Figure 7-1 shows the initial screen of the installer. Use the Tab key to move<br />
between fields. Use the arrow keys to move among choices and Enter to select a choice.<br />
Chapter 7. Installing RHEL 6 on the cloner <strong>10</strong>9
Figure 7-1 Initial screen of installer<br />
► <strong>The</strong> Choose a Language screen should appear. Select your language, Tab to OK and<br />
press Enter.<br />
► <strong>The</strong> Installation Method screen should appear. Choose NFS image <strong>for</strong> the install method,<br />
and select OK.<br />
► <strong>The</strong> NFS Setup screen should appear. Enter the IP address of the PC NFS server on the<br />
first line, then the path to the installation tree on the second line, and select OK. See the<br />
example in Figure 7-2 which uses the NFS server at IP address 9.60.18.240:<br />
Figure 7-2 NFS setup screen<br />
► Now the curses windows should end and the install program (anaconda) should start a<br />
VNC server. You should see messages similar to the following:<br />
1<strong>10</strong> <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6<br />
Welcome to the anaconda install environment 1.2 <strong>for</strong> zSeries<br />
detecting hardware...<br />
waiting <strong>for</strong> hardware to initialize...<br />
detecting hardware...<br />
waiting <strong>for</strong> hardware to initialize...<br />
Running anaconda 13.21.82, the Red Hat Enterprise Linux system installer - please<br />
wait.<br />
14:55:55 Starting VNC...<br />
14:55:56 <strong>The</strong> VNC server is now running.<br />
14:55:57
You chose to execute vnc with a password.<br />
14:55:57 Please manually connect your vnc client to gpok223.endicott.ibm.com:1<br />
(9.60.18.223) to begin the install.<br />
14:55:57 Starting graphical installation.<br />
► Start a VNC client (e.g. RealVNC) and connect to the server with your IP address with a<br />
:1 appended to the end as shown in Figure 7-3. When prompted <strong>for</strong> a password, enter the<br />
password specified in the RH6CLONE PARM-RH6 file (lnx4vm in the sample file). In the<br />
following example, Linux is being installed with the IP address 9.60.18.223:<br />
Figure 7-3 Connecting with VNC client<br />
7.1.5 Stage 2 of the RHEL 6 installation<br />
After you have connected using VNC, per<strong>for</strong>m the following steps:<br />
► A splash screen appears as shown in the top half of Figure 7-4 on page 112. Click Next.<br />
► You will be asked what type of devices to use as shown in the top half of Figure 7-4 on<br />
page 112. Choose Basic Storage Devices and click Next.<br />
Chapter 7. Installing RHEL 6 on the cloner 111
Figure 7-4 Splash screen and device type screen<br />
► You might see the screen Un<strong>for</strong>matted DASD Devices Found as shown in Figure 7-5. If<br />
the disks you are installing onto have been previously <strong>for</strong>matted by dasdfmt, you will not<br />
see this screen.<br />
Figure 7-5 An example of the Un<strong>for</strong>matted DASD Devices Found screen<br />
7.1.6 Working around a known issue<br />
112 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Important: If the minidisks <strong>10</strong>0-<strong>10</strong>2 (dasdb-dasdd) have not been <strong>for</strong>matted <strong>for</strong> Linux by<br />
dasdfmt be<strong>for</strong>e this install, you should see a screen as shown in Figure 7-5 on page 112.<br />
However, there is a known issue in RHEL 6 whereby this screen is not shown and you<br />
don’t have the ability to <strong>for</strong>mat the disks through the installer. If you proceed without<br />
<strong>for</strong>matting the disks with dasdfmt, the install process will fail later.<br />
If this is the case, it is recommended that you per<strong>for</strong>m the following steps:<br />
► Start a second SSH session, this time logging is as root.<br />
login as: root<br />
Welcome to the anaconda install environment 1.2 <strong>for</strong> zSeries<br />
► Issue the command lsdasd. <strong>The</strong> three minidisks should be dasdb, dasdc and dasdd:<br />
# lsdasd<br />
Bus-ID Status Name Device Type BlkSz Size Blocks<br />
==============================================================================<br />
0.0.0<strong>10</strong>0 active dasdb 94:4 ECKD 4096 2347MB 600840<br />
0.0.0<strong>10</strong>1 active dasdc 94:8 ECKD 4096 2347MB 600840<br />
0.0.0<strong>10</strong>2 active dasdd 94:12 ECKD 4096 2347MB 600840<br />
0.0.0300 active dasde 94:16 FBA 512 256MB 524288<br />
0.0.0301 active dasdf 94:20 FBA 512 512MB <strong>10</strong>48576<br />
► Format the minidisks in parallel with the following <strong>for</strong> loop:<br />
# <strong>for</strong> i in b c d<br />
> do<br />
> dasdfmt -b 4096 -y -f /dev/dasd$i &<br />
> done<br />
► You may need to press Enter to see the jobs in the background complete. After the <strong>for</strong><br />
loop completes, return to the VNC session and complete the installation.<br />
7.1.7 Continuing the installation<br />
► Click the button Reinitialize All when prompted to initialize the VDISK at 300 as shown in<br />
Figure 7-6.<br />
Figure 7-6 Re-initializing disks<br />
Chapter 7. Installing RHEL 6 on the cloner 113
► On the next screen the host name is set. This should be correct read from the<br />
configuration file. Click Next.<br />
► Select your time zone and click Next.<br />
► Set the root password and click Next. Don’t <strong>for</strong>get it!<br />
► <strong>The</strong> installer now searches <strong>for</strong> a previous installation. It is very important to select the<br />
Create Custom Layout radio button as shown in Figure 7-7 on page 114 as other<br />
choices will use VDISKs as physical volumes <strong>for</strong> a large volume group. VDISK data is not<br />
persistent across reboots. Click Next.<br />
Figure 7-7 Creating custom disk layout<br />
► <strong>The</strong> next screen to appear requires you to move disks from data storage devices to install<br />
target devices as shown in Figure 7-8. Move all disks to the right by selecting and clicking<br />
the right arrow, or by simply double-clicking each disk When complete, click Next.<br />
114 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 7-8 Moving disks to become install targets<br />
► <strong>The</strong> Please Select A Device screen allows you to set up mindisks and VDISKs. Click the<br />
Create button and a Create Storage window appears as shown in the right side of<br />
Figure 7-9. Accept the default of Standard Partition and click Create.<br />
Figure 7-9 Disk setup be<strong>for</strong>e creating a volume group<br />
Chapter 7. Installing RHEL 6 on the cloner 115
► On the Add Partition screen, create a swap space on /dev/dasdb of size 512 MB by<br />
choosing the selections as shown on the left half of Figure 7-<strong>10</strong> and click OK:<br />
Figure 7-<strong>10</strong> Creating a swap partition and the root file system<br />
► Back at the Please Select a Device panel, click Create again, use the remaining space on<br />
/dev/dasdb <strong>for</strong> the root file system as shown on the right half of Figure 7-<strong>10</strong>.<br />
► Use the Create button to create a L<strong>VM</strong> physical volume from /dev/dasdc by per<strong>for</strong>ming<br />
the following steps:<br />
– Select the L<strong>VM</strong> Physical Volume radio button on the Create Storage panel and click<br />
Create.<br />
– On the Add a Partition panel, select the allowable drive (dasdc).<br />
– On the Additional Size Options, select the radio button Fill to maximum allowable<br />
size<br />
– Click OK.<br />
► Repeat the previous step and create an L<strong>VM</strong> physical volume from /dev/dasdd.<br />
► Finally, create two more swap spaces from the VDISKs, using the maximum allowable<br />
size, on devices /dev/dasde and /dev/dasdf. After you have done these steps, your setup<br />
should look like what is shown in Figure 7-11 on page 117.<br />
116 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 7-11 Disks and swap spaces be<strong>for</strong>e creating a volume group<br />
► <strong>The</strong> next step is to set up L<strong>VM</strong>. Per<strong>for</strong>m the following steps:<br />
– Click Create and the Create Storage panel appears.<br />
– Select the L<strong>VM</strong> Volume Group radio button and click Create. <strong>The</strong> Make L<strong>VM</strong> Volume<br />
Group panel appears as shown on the left side of Figure 7-12 on page 118.<br />
– Set the Volume Group Name to nfs_vg.<br />
– Click Add under the Logical Volumes section. <strong>The</strong> Make Logical Volume panel<br />
appears.<br />
– Set the Mount Point to /nfs and the Logical Volume Name to nfs_lv as shown on the<br />
right side of Figure 7-12 on page 118. Click OK.<br />
– In the Make L<strong>VM</strong> Volume Group panel, click OK.<br />
Chapter 7. Installing RHEL 6 on the cloner 117
Figure 7-12 Creating a volume group and a logical volume<br />
► You will be returned to the Please Select A Device panel. Click Next.<br />
► On the Format Warnings panel, click Format.<br />
► On the Writing storage confirmation to disk panel, click Write changes to disk.<br />
Important: If you see the screen shown in Figure 7-13 on page 118, you have to start the<br />
installation over, this time using dasdfmt to <strong>for</strong>mat the minidisks. See 7.1.6, “Working<br />
around a known issue” on page 112.<br />
Figure 7-13 Symptom of known issue<br />
118 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► You will be asked <strong>for</strong> the type of software to be installed. Accept the default of Basic<br />
Server and click Next. <strong>The</strong> installation process will start. This will run <strong>for</strong> 5 - <strong>10</strong> minutes<br />
► You will be prompted to reboot. Click Reboot.<br />
7.1.8 Booting your new Linux system from disk<br />
A minimal system should now be installed onto minidisk <strong>10</strong>0. Return to your z/<strong>VM</strong> 3270<br />
session and IPL the newly installed system with the command #CP IPL <strong>10</strong>0.<br />
/mnt/sysimage/dev done<br />
/mnt/sysimage done<br />
you may safely reboot your system<br />
==> #cp ipl <strong>10</strong>0<br />
CP IPL <strong>10</strong>0<br />
zIPL v1.3.2 interactive boot menu<br />
0. default (linux)<br />
1. linux<br />
Note: <strong>VM</strong> users please use '#cp vi vmsg '<br />
Please choose (default will boot in 15 seconds):<br />
...<br />
Linux will boot after 15 seconds if you take no action. To boot immediately, issue the following<br />
command:<br />
==> #cp vi vmsg 0<br />
You system should continue to boot until a login prompt is presented. Start an SSH session<br />
into the master image as root. At this point, you can disconnect from the 3270 session with:<br />
==> #cp disc<br />
7.2 Configuring the cloner<br />
Now that your cloner is installed, it must be configured. <strong>The</strong> following steps are involved:<br />
► “Copying files to the cloner” on page 119<br />
► “Retiring the PC NFS server” on page 120<br />
► “Configuring yum” on page 121<br />
► “Turning off unneeded services” on page 121<br />
► “Configuring the VNC server” on page 122<br />
► “Setting system to halt on SIGNAL SHUTDOWN” on page 123<br />
► “Turning on the NFS server” on page 124<br />
► “Configuring SSH keys” on page 125<br />
► “Inserting the vmcp module” on page 125<br />
► “Changing the order of the swap disks” on page 125<br />
► “Setting the system to logoff when Linux is shut down” on page 126<br />
► “Rebooting the system” on page 126<br />
► “Changing the order of the swap disks” on page 125<br />
7.2.1 Copying files to the cloner<br />
Copy the RHEL 6 install tree to the cloner, along with other files associated with this book To<br />
do so, per<strong>for</strong>m the following steps:<br />
► Mount the directory /nfs/rhel6/ on the PC NFS server over the directory /mnt/. In this<br />
example the PC NFS server is at IP address 9.60.18.240:<br />
Chapter 7. Installing RHEL 6 on the cloner 119
# mount 9.60.18.240:/nfs/rhel6/dvd1 /mnt<br />
# ls /mnt<br />
boot.cat RELEASE-NOTES-es-ES.html RELEASE-NOTES-pt-BR.html<br />
EULA RELEASE-NOTES-fr-FR.html RELEASE-NOTES-ru-RU.html<br />
...<br />
► Create a local directory of the same name and recursively copy the tree with the cp -a<br />
command:<br />
# mkdir -p /nfs/rhel6<br />
# cd /mnt<br />
# rsync -av * /nfs/rhel6<br />
sending incremental file list<br />
EULA<br />
GPL<br />
...<br />
sent 2758827676 bytes received 56977 bytes 9180980.54 bytes/sec<br />
total size is 2758270745 speedup is 1.00<br />
This command will take some time, perhaps 5-<strong>10</strong> minutes depending on network speeds.<br />
► Unmount the RHEL 6 install tree and repeat the process to copy the files associated with<br />
this book:<br />
# cd /<br />
# umount /mnt<br />
# mount 9.60.18.240:/nfs/virt-cookbook-RH6 /mnt<br />
# mkdir /nfs/virt-cookbook-RH6<br />
# cd /mnt<br />
# rsync -av * /nfs/virt-cookbook-RH6<br />
sending incremental file list<br />
README.txt<br />
clone.sh<br />
vm/<br />
vm/chpw6<strong>10</strong>.xedit<br />
vm/cp<strong>for</strong>mat.exec<br />
vm/profile.exec<br />
vm/sample.conf-rh6<br />
vm/sample.parm-rh6<br />
vm/swapgen.exec<br />
sent 65178 bytes received 168 bytes 130692.00 bytes/sec<br />
total size is 64620 speedup is 0.99<br />
► Now that the files are copied, unmount the /mnt/ directory. <strong>The</strong>n view the files that you<br />
copied:<br />
# cd ..<br />
# umount /mnt/<br />
# cd /nfs/virt-cookbook-RH6<br />
# ls -F<br />
README.txt clone-1.0-<strong>10</strong>.s390x.rpm vm/<br />
<strong>The</strong> RPM clone-1.0-<strong>10</strong>.s390x.rpm contains files <strong>for</strong> use later in “Configuring RHEL 6 <strong>for</strong><br />
cloning” on page 145.<br />
7.2.2 Retiring the PC NFS server<br />
You have now copied all files related to this book to the cloner. You should be in a position to<br />
retire your PC NFS server, if you desire. <strong>The</strong> remainder of the book will use files located on<br />
the cloner instead of the files on the PC NFS server.<br />
120 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
7.2.3 Configuring yum<br />
You will now configure yum so it can install RPMs from local install tree. To do so, per<strong>for</strong>m the<br />
following steps:<br />
► Create a file named rhel6.repo in the /etc/yum.repos.d directory:<br />
# cd /etc/yum.repos.d<br />
# vi rhel6.repo<br />
[RHEL6]<br />
name=Red Hat Enterprise Linux 6<br />
baseurl=file:///nfs/rhel6/Server<br />
► Import the RPM key which is included in the RHEL 6 DVD root directory:<br />
# cd /nfs/rhel6<br />
# rpm --import RPM-GPG-KEY-redhat-release<br />
Note: Red Hat signs each RPM with a private GPG key, which is compared to your public<br />
key each time a package is installed. This method ensures that the RPM is a genuine,<br />
unaltered package. When installing an RPM, if you ever see a message similar to:<br />
Header V3 DSA signature: NOKEY, key ID 897da07a<br />
Either the correct GPG key has not been imported, or the package itself has been altered.<br />
You are now ready to use yum to install or upgrade an RPM package. To install a package,<br />
use yum install . Yum will conveniently install the packages specified and<br />
automatically resolve dependencies <strong>for</strong> you. Note that you should not specify the package<br />
version on the command line, only the package name.<br />
7.2.4 Turning off unneeded services<br />
<strong>The</strong>re are a number of services which are started in a RHEL 6 minimum system. In order to<br />
keep the cloner as lean as possible, some of these can be turned off: To do so, per<strong>for</strong>m the<br />
following steps:<br />
► Turn off the following services with the chkconfig command:<br />
# chkconfig iptables off<br />
# chkconfig ip6tables off<br />
# chkconfig auditd off<br />
# chkconfig abrtd off<br />
# chkconfig atd off<br />
# chkconfig mdmonitor off<br />
Note: You should only disable the iptables service if you are on a trusted network.<br />
Otherwise, you will need to configure iptables to allow network traffic <strong>for</strong> the VNC server<br />
and NFS, as well as any other services that require network access.<br />
For more in<strong>for</strong>mation on configuring iptables <strong>for</strong> NFS traffic, see the article located at:<br />
http://www.redhat.com/magazine/0<strong>10</strong>aug05/departments/tips_tricks/<br />
Also, turning on and tuning a firewall is briefly discussed in section 11.1.3, “Turning on a<br />
firewall” on page 171.<br />
► You may choose to leave these services on, or turn others off. You can review which<br />
services are now configured to start in run level 3 with the following chkconfig command:<br />
Chapter 7. Installing RHEL 6 on the cloner 121
# chkconfig --list | grep 3:on<br />
abrtd 0:off 1:off 2:off 3:on 4:off 5:on 6:off<br />
cpi 0:off 1:on 2:on 3:on 4:on 5:on 6:off<br />
cpuplugd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
dumpconf 0:on 1:on 2:on 3:on 4:on 5:on 6:on<br />
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off<br />
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
mon_statd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off<br />
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
rhnsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off<br />
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off<br />
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off<br />
7.2.5 Configuring the VNC server<br />
Often applications require a graphical environment. <strong>The</strong> Virtual Network Computing (VNC)<br />
server allows <strong>for</strong> a graphical environment to be set up easily by starting the vncserver<br />
service. To do so, per<strong>for</strong>m the following steps:<br />
► RHEL 6 configures the VNC server using the /etc/sysconfig/vncservers configuration<br />
file. Add a line at the bottom of this file to specify the VNC user:<br />
# yum -y install tigervnc-server openmotif xterm xsetroot xorg-x11-xauth<br />
...<br />
► Edit the vncservers file and add one line at the bottom:<br />
# cd /etc/sysconfig<br />
# vi vncservers<br />
...<br />
# VNCSERVERS="2:myusername"<br />
# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"<br />
VNCSERVERS="1:root"<br />
► Set a VNC password with the vncpasswd command. This password will be needed to<br />
connect to the VNC server:<br />
# vncpasswd<br />
Password: lnx4vm<br />
Verify: lnx4vm<br />
► Stop the firewall:<br />
# service iptables stop<br />
iptables: Flushing firewall rules: [ OK ]<br />
iptables: Setting chains to policy ACCEPT: filter [ OK ]<br />
iptables: Unloading modules: [ OK ]<br />
► Start the VNC server. This will create some initial configuration files under the<br />
/root/.vnc/ directory:<br />
# service vncserver start<br />
Starting VNC server: 1:root xauth: creating new authority file /root/.Xauthority<br />
New 'gpok223.endicott.ibm.com:1 (root)' desktop is gpok223.endicott.ibm.com:1<br />
Creating default startup script /root/.vnc/xstartup<br />
Starting applications specified in /root/.vnc/xstartup<br />
122 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Log file is /root/.vnc/gpok223.endicott.ibm.com:1.log<br />
[ OK ]<br />
► <strong>The</strong>re is one more configuration to be done. Change from the Tiny window manger, twm, to<br />
the Motif window manager, mwm:<br />
# cd /root/.vnc<br />
# vi xstartup // change last line<br />
...<br />
xsetroot -solid grey<br />
vncconfig -iconic &<br />
xterm -geometry 80x24+<strong>10</strong>+<strong>10</strong> -ls -title "$VNCDESKTOP Desktop" &<br />
mwm &<br />
► Restart the VNC server with the service command:<br />
# service vncserver restart<br />
Shutting down VNC server: 1:root [ OK ]<br />
Starting VNC server: 1:root<br />
New 'gpok223.endicott.ibm.com:1 (root)' desktop is gpok223.endicott.ibm.com:1<br />
Starting applications specified in /root/.vnc/xstartup<br />
Log file is /root/.vnc/gpok223.endicott.ibm.com:1.log<br />
[ OK ]<br />
► You should now be able to use the VNC client to connect to the IP address of the cloner<br />
with a :1 appended. A sample session is shown in Figure 7-14.<br />
Figure 7-14 VNC client session to the VNC server<br />
Note that the VNC server will not be started automatically across reboots. When you need a<br />
graphical environment, you can either to start the vncserver process manually<br />
(recommended), or you can use chkconfig to enable automatic startup.<br />
7.2.6 Setting system to halt on SIGNAL SHUTDOWN<br />
By default, RHEL 6 reboots when a Ctrl-Alt-Del key sequence is trapped. This key sequence<br />
is simulated by z/<strong>VM</strong> when it issues a SIGNAL SHUTDOWN command. Rather than rebooting, you<br />
want your system to halt. To set the system to halt, per<strong>for</strong>m the following steps:<br />
Chapter 7. Installing RHEL 6 on the cloner 123
► Edit /etc/init/control-alt-delete.conf changing shutdown -r (reboot) to shutdown -h<br />
(halt):<br />
# cd /etc/init<br />
# vi control-alt-delete.conf<br />
# control-alt-delete - emergency keypress handling<br />
#<br />
# This task is run whenever the Control-Alt-Delete key combination is<br />
# pressed. Usually used to shut down the machine.<br />
start on control-alt-delete<br />
exec /sbin/shutdown -h now "Control-Alt-Delete pressed"<br />
► After that change, when the system receives a SIGNAL SHUTDOWN from z/<strong>VM</strong>, the following<br />
message will be displayed:<br />
<strong>The</strong> system is going down <strong>for</strong> halt NOW!<br />
7.2.7 Turning on the NFS server<br />
<strong>The</strong> NFS server will be needed to export the RHEL 6 install tree and the files associated with<br />
this book to the other virtual servers.<br />
Enable NFS with the following steps.<br />
► Edit the empty file /etc/exports and add the following two lines:<br />
# cd /etc<br />
# vi exports<br />
/nfs/rhel6 *(ro,sync)<br />
/nfs/virt-cookbook-RH6 *(ro,sync)<br />
<strong>The</strong>se two lines will cause NFS to export:<br />
– <strong>The</strong> /nfs/rhel6/ directory, which contains the Red Hat Enterprise Linux 6 installation.<br />
– <strong>The</strong> /nfs/virt-cookbook-RH6/ directory, which has the files associated with this book.<br />
► Set the NFS server to start at boot time and <strong>for</strong> this session.<br />
# service nfs start<br />
Starting NFS services: [ OK ]<br />
Starting NFS quotas: [ OK ]<br />
Starting NFS daemon: [ OK ]<br />
Starting NFS mountd: [ OK ]<br />
Starting RPC idmapd: [ OK ]<br />
# chkconfig nfs on<br />
► Test mounting the directories locally:<br />
# mount localhost:/nfs/rhel6 /mnt<br />
# ls /mnt<br />
boot.cat RELEASE-NOTES-es-ES.html RELEASE-NOTES-pt-BR.html<br />
EULA RELEASE-NOTES-fr-FR.html RELEASE-NOTES-ru-RU.html<br />
...<br />
# umount /mnt<br />
# mount localhost:/nfs/virt-cookbook-RH6 /mnt<br />
# ls /mnt<br />
clone.sh README.txt vm<br />
# umount /mnt<br />
In this section you have turned the NFS server on and exported the RHEL 6 install directory<br />
and the files associated with this book.<br />
124 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
7.2.8 Configuring SSH keys<br />
SSH sessions are typically authenticated with passwords typed in from the keyboard. With<br />
SSH key-based authentication, sessions can be authenticated with public and private keys so<br />
that no password is needed. SSH key-based authentication can be set up from the cloner<br />
(client) to the virtual servers. If the master image has a copy of cloner’s public key in the file<br />
/etc/ssh/authorized_keys, then key based authentication will work to the cloned virtual<br />
servers.<br />
► Create a new DSA key in the directory /root/.ssh/. If the directory /root/.ssh/ does not<br />
yet exist, then first create it with the mkdir command.<br />
# cd /root/.ssh<br />
# ssh-keygen -t dsa -P "" -f id_dsa<br />
Generating public/private dsa key pair.<br />
Your identification has been saved in id_dsa.<br />
Your public key has been saved in id_dsa.pub.<br />
<strong>The</strong> key fingerprint is:<br />
96:19:83:28:27:84:45:01:fa:e0:c8:8e:62:b8:01:30 root@gpok222.endicott.ibm.com<br />
<strong>The</strong> key's randomart image is:<br />
+--[ DSA <strong>10</strong>24]----+<br />
|.==. |<br />
|o. . . |<br />
|E o o . o |<br />
|=+ + = |<br />
|oo. S |<br />
|= . |<br />
|=o |<br />
|oo |<br />
|. |<br />
+-----------------+<br />
► This creates a key pair where the file with the .pub suffix is the public key and the other file<br />
is the private key. Note that the private key is only readable by root:<br />
# ls -l id_dsa*<br />
-rw-------. 1 root root 668 Oct 19 16:49 id_dsa<br />
-rw-r--r--. 1 root root 619 Oct 19 16:49 id_dsa.pub<br />
<strong>The</strong>se files will be copied to the golden image later in the next chapter.<br />
7.2.9 Inserting the vmcp module<br />
To issue CP commands the vmcp module is needed. By default it is not loaded at boot time.<br />
One way to accomplish this is to add the modprobe vmcp command, which will insert the<br />
module, to the file /etc/rc.d/rc.local which is run at boot time:<br />
# cd /etc/rc.d<br />
# vi rc.local // add one line<br />
...<br />
touch /var/lock/subsys/local<br />
modprobe vmcp<br />
<strong>The</strong> vmcp command will now be available after the next reboot.<br />
7.2.<strong>10</strong> Changing the order of the swap disks<br />
It is likely that the order of swap space priority is not optimal. Per<strong>for</strong>m the following<br />
commands:<br />
Chapter 7. Installing RHEL 6 on the cloner 125
► View your order with the swapon -s command:<br />
# swapon -s<br />
Filename Type Size Used Priority<br />
/dev/dasda2 partition 524296 0 -1<br />
/dev/dasdb1 partition 262132 0 -2<br />
/dev/dasdc1 partition 524276 0 -3<br />
This shows that the minidisk swap space will be used be<strong>for</strong>e the VDISK. As VDISKs are<br />
in-memory, they should be first in the priority, from smallest to largest.<br />
► Make a backup of the /etc/fstab file:<br />
# cd /etc<br />
# cp fstab fstab.orig<br />
► Modify the order by moving the line in /etc/fstab. with the minidisk swap space below<br />
the lines with VDISK swap spaces:<br />
# vi fstab<br />
...<br />
/dev/disk/by-path/ccw-0.0.0300-part1 swap swap defaults 0 0<br />
/dev/disk/by-path/ccw-0.0.0301-part1 swap swap defaults 0 0<br />
/dev/disk/by-path/ccw-0.0.0<strong>10</strong>0-part2 swap swap defaults 0 0<br />
...<br />
After a reboot, the minidisk swap space should come back with the lowest priority.<br />
7.2.11 Setting the system to logoff when Linux is shut down<br />
When Linux is shut down, the default is <strong>for</strong> the virtual machine to remain logged on even<br />
though it is not running an operating system. It is more convenient <strong>for</strong> the user ID to be<br />
logged off, both at z/<strong>VM</strong> SHUTDOWN time and <strong>for</strong> getting a refreshed 3270 emulator session. To<br />
do this, per<strong>for</strong>m the following steps:<br />
► Edit the file /etc/rc.d/rc.local and add two lines at the end as follows:<br />
# cd /etc/rc.d<br />
# vi rc.local<br />
#!/bin/sh<br />
#<br />
# This script will be executed *after* all the other init scripts.<br />
# You can put your own initialization stuff in here if you don't<br />
# want to do the full Sys V style init stuff.<br />
touch /var/lock/subsys/local<br />
chshut halt vmcmd logoff<br />
chshut poff vmcmd logoff<br />
<strong>The</strong> z/<strong>VM</strong> user ID should now be logged off when you halt or power off Linux.<br />
7.2.12 Rebooting the system<br />
You should now reboot the system to test the changes:<br />
# reboot<br />
Broadcast message from root@gpok223.endicott.ibm.com<br />
(/dev/pts/0) at 7:27 ...<br />
<strong>The</strong> system is going down <strong>for</strong> reboot NOW!<br />
After your system comes back in a couple of minutes, start a new SSH session to the cloner.<br />
126 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
7.2.13 Verifying the changes<br />
You are now done customizing the Linux cloner. SSH back into the cloner and check a few<br />
settings. Test the vmcp command with a CP command such as QUERY NAMES:<br />
# vmcp q n<br />
FTPSERVE - DSC , DTCVSW2 - DSC , DTCVSW1 - DSC , <strong>VM</strong>SERVR - DSC<br />
<strong>VM</strong>SERVU - DSC , <strong>VM</strong>SERVS - DSC , TCPIP - DSC , OPERSYMP - DSC<br />
DISKACNT - DSC , EREP - DSC , OPERATOR - DSC , RH55GOLD - DSC<br />
RH6CLONE - DSC<br />
VSM - TCPIP<br />
Confirm that three swap spaces are operational and that the minidisk swap space is last in<br />
the priority:<br />
# swapon -s<br />
Filename Type Size Used Priority<br />
/dev/dasdb1 partition 262132 0 -1<br />
/dev/dasdc1 partition 524276 0 -2<br />
/dev/dasda2 partition 524296 0 -3<br />
Verify the NFS server is running:<br />
# service nfs status<br />
rpc.mountd (pid 6776) is running...<br />
nfsd (pid 6770 6769 6768 6767 6766 6765 6764 6763) is running...<br />
rpc.rquotad (pid 6748) is running...<br />
Chapter 7. Installing RHEL 6 on the cloner 127
128 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 8. Installing and configuring the<br />
golden image<br />
“<strong>The</strong> most incomprehensible thing about the world is that it is at all comprehensible.”<br />
— Albert Einstein<br />
In this chapter, you will install the copy of Linux which will be cloned. This will be referred to<br />
as the golden image. This should be as lean as possible so as to be a generic virtual server<br />
and to fit com<strong>for</strong>tably on two 3390-3 DASD.<br />
In this section, you will per<strong>for</strong>m following tasks:<br />
► “Installing the golden image” on page 129<br />
► “Configuring the golden image” on page 138<br />
Chapters 4, 5, 6 and 7 must be completed be<strong>for</strong>e proceeding.<br />
8.1 Installing the golden image<br />
In this section you will install the RHEL 6 golden image onto the user ID RH6GOLD.<br />
8.1.1 Creating the user ID RH6GOLD<br />
In this section you will define the RH6GOLD user ID to z/<strong>VM</strong>.<br />
► Logon to MAINT and edit the USER DIRECT file:<br />
==> x user direct c<br />
► Go to the bottom of the file and add the definition <strong>for</strong> a new user ID named RH6GOLD. This<br />
user ID is given class G privilege only. Be sure to replace the volume labels (UM3F06 and<br />
UM63A9 in this example) with the labels of your DASD:<br />
USER RH6GOLD 256M 1G G<br />
INCLUDE LNXDFLT<br />
OPTION LNKNOPAS APPLMON<br />
8<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 129
MDISK <strong>10</strong>0 3390 0001 3338 UM63A2 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 0001 3338 UM63A9 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
*<br />
This Linux user ID will have the following minidisks and virtual disks (VDISKs):<br />
Table 8-1 Minidisks to be defined<br />
Minidisk Description<br />
<strong>10</strong>0-<strong>10</strong>1 Minidisks used to create the root file system, plus a logical volume<br />
containing the other file systems of the Linux golden image.<br />
300-301 <strong>The</strong>se are virtual disk (VDISK) swap spaces that are not defined in USER<br />
DIRECT file, but defined by calls to the SWAPGEN EXEC in the user’s<br />
PROFILE EXEC so that when the user ID logs on the VDISKs are created.<br />
► Go back to the top of the file and search <strong>for</strong> string USER $ALLOC$. Add cylinder 0 of the new<br />
volume (or volumes) to this dummy user ID so they don’t show up as gaps in the USER<br />
DISKMAP report file. In this example, one new volume is being used - UM63A9:<br />
====> top<br />
====> /user $alloc$<br />
USER $ALLOC$ NOLOG<br />
MDISK A01 3390 000 001 6<strong>10</strong>RES R<br />
MDISK A02 3390 000 001 UV6283 R<br />
MDISK A03 3390 000 001 UV6284 R<br />
MDISK A04 3390 000 001 UM6289 R<br />
MDISK A05 3390 000 001 UM6290 R<br />
MDISK A06 3390 000 001 UM6293 R<br />
MDISK A07 3390 000 001 UM6294 R<br />
MDISK A08 3390 000 001 UM63A2 R<br />
MDISK A09 3390 000 001 UM63A9 R<br />
...<br />
====> file<br />
► Run DISKMAP to check <strong>for</strong> overlaps and gaps. You should only see the single 501 cylinder<br />
gap.<br />
==> diskmap user<br />
==> x user diskmap<br />
====> pre off<br />
====> all /gap/|/overlap/<br />
0 500 501 GAP<br />
-------------------- 6 line(s) not displayed --------------------<br />
0 0 1 GAP<br />
-------------------- 391 line(s) not displayed --------------------<br />
====> quit<br />
► When the disk layout is correct run DIRECTXA to bring the changes online:<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 5 RELEASE 3.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
You have now defined the user ID that will be the master Linux image.<br />
8.1.2 Adding RH6GOLD to AUTOLOG1’s PROFILE EXEC<br />
<strong>The</strong> new Linux ID you defined needs access to the VSWITCH. Just as with the RH6CLONE<br />
user, a SET VSWITCH command with the GRANT parameter will now be added to AUTOLOG1’s<br />
130 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
PROFILE EXEC. Also, an XAUTOLOG statement is added so that the RH6GOLD user ID is<br />
automatically logged on at z/<strong>VM</strong> IPL time. To do this, per<strong>for</strong>m the following steps:<br />
► Link and access the AUTOLOG1 191 disk read/write and edit the file PROFILE EXEC. Add the<br />
RH6GOLD user ID to the section that grants access to the VSWITCH. Note that you don’t<br />
want to add RH6GOLD to the XAUTOLOG section, as this Linux user ID will not normally be<br />
logged on:<br />
==> link autolog1 191 1191 mr<br />
==> acc 1191 f<br />
==> x profile exec f // add two lines<br />
/***************************/<br />
/* Autolog1 Profile Exec */<br />
/***************************/<br />
'cp xautolog tcpip' /* start up TCPIP */<br />
'CP XAUTOLOG DTCVSW1' /* start VSWITCH controller 1 */<br />
'CP XAUTOLOG DTCVSW2' /* start VSWITCH controller 2 */<br />
'cp set pf12 ret' /* set the retrieve key */<br />
'cp set mdc stor 0m 128m' /* Limit minidisk cache in CSTOR */<br />
'cp set mdc xstore 0m 0m' /* Disable minidisk cache in XSTOR */<br />
'cp set srm storbuf 300% 250% 200%' /* Overcommit memory */<br />
'cp set signal shutdown 300' /* Allow guests 5 min to shut down */<br />
/* Grant access to VSWITCH <strong>for</strong> each Linux user */<br />
'cp set vswitch vsw1 grant rh6clone'<br />
'cp set vswitch vsw1 grant rh6gold'<br />
/* XAUTOLOG each Linux user that should be started */<br />
'cp xautolog rh6clone'<br />
'cp logoff' /* logoff when done */<br />
====> file<br />
► <strong>The</strong>se changes will not take effect until the next IPL, so you must grant this user ID access<br />
to the VSWITCH <strong>for</strong> this z/<strong>VM</strong> session. This is done as follows:<br />
==> set vswitch vsw1 grant rh6gold<br />
Command complete<br />
8.1.3 Preparing RH6GOLD bootstrap files<br />
Now that the RH6GOLD user is defined, you must create the PARM and CONF configuration<br />
files used by the RHEL 6 installer. To save time, you should copy the RH6CLONE PARM-RH6 and<br />
RH6CLONE CONF-RH6 files, then make the necessary changes. Per<strong>for</strong>m the following steps:<br />
► Now in your 3270 session, Logoff of MAINT and logon to LNXMAINT.<br />
► <strong>The</strong> three files RH6CLONE PARM-RH6, RH6CLONE CONF-RH6, and RHEL6 EXEC should exist on<br />
the LNXMAINT 192 (D) disk as they were copied in 4.7.5, “Copying files associated with this<br />
book to LNXMAINT” on page 60. Copy these files to new files with a file name of RH6GOLD:<br />
==> copy rh6clone * d rh6gold = =<br />
► Change the CMSCONFFILE variable in the PARM-RH6 file to point to the new CONF file:<br />
==> x rh6gold parm-rh6<br />
root=/dev/ram0 ro ip=off ramdisk_size=40000<br />
CMSDASD=191 CMSCONFFILE=RH6GOLD.CONF-RH6<br />
vnc vncpassword=lnx4vm<br />
► Change the DASD, HOSTNAME and IPADDR variables in the RH6GOLD CONF-RH6 configuration<br />
file. For these values, you may want to refer to the worksheet in section 2.7.4, “Linux user<br />
ID worksheet” on page 18. Also, add one line with the METHOD= parameter pointing to the<br />
Chapter 8. Installing and configuring the golden image 131
NFS server directory you just set up on the cloner. This will preclude you from having to<br />
type in the NFS server in<strong>for</strong>mation in the install SSH session. Following is an example<br />
with the values used in this book:<br />
==> x rh6gold conf-rh6<br />
DASD=<strong>10</strong>0-<strong>10</strong>1,300-301<br />
HOSTNAME=gpok222.endicott.ibm.com<br />
NETTYPE=qeth<br />
IPADDR=9.60.18.222<br />
SUBCHANNELS=0.0.0600,0.0.0601,0.0.0602<br />
NETMASK=255.255.255.128<br />
SEARCHDNS=endicott.ibm.com<br />
METHOD=nfs:9.60.18.223:/nfs/rhel6<br />
GATEWAY=9.60.18.129<br />
DNS=9.0.3.1<br />
MTU=1500<br />
PORTNAME=DONTCARE<br />
PORTNO=0<br />
LAYER2=0<br />
You are now ready to start the golden image installation.<br />
8.1.4 Installing RHEL 6 to the golden image<br />
Install Linux onto the RH6GOLD virtual machine Because the cloner is running and NFS is<br />
configured, install RHEL 6 using the installation tree exported from the cloner.<br />
Per<strong>for</strong>m the following steps:<br />
► Logon to RH6GOLD. <strong>The</strong> PROFILE EXEC from the LNXMAINT 192 disk should prompt you to IPL<br />
minidisk <strong>10</strong>0. Since there is nothing installed yet, answer no.<br />
LOGON RH6GOLD<br />
NIC 0600 is created; devices 0600-0602 defined<br />
z/<strong>VM</strong> Version 6 Release 1.0, Service Level <strong>10</strong>02 (64-bit),<br />
built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
<strong>The</strong>re is no logmsg data<br />
FILES: 0003 RDR, NO PRT, NO PUN<br />
LOGON AT 07:41:38 EDT WEDNESDAY 09/29/<strong>10</strong><br />
z/<strong>VM</strong> V6.1.0 20<strong>10</strong>-09-23 11:31<br />
DMSACP723I A (191) R/O<br />
DMSACP723I C (592) R/O<br />
DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space)<br />
DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space)<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
n<br />
► <strong>The</strong> default memory size of 256 MB is not enough to install RHEL 6. Set the memory size<br />
to 1 GB with the CP DEFINE STORAGE command:<br />
==> def stor 1g<br />
00: STORAGE = 1G<br />
00: Storage cleared - system reset.<br />
► IPL CMS, and again answer no:<br />
==> ipl cms<br />
z/<strong>VM</strong> V6.1.0 20<strong>10</strong>-09-23 11:31<br />
DMSACP723I A (191) R/O<br />
DMSACP723I C (592) R/O<br />
132 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space)<br />
DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space)<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
n<br />
► To begin the install program, run the RHEL6 EXEC:<br />
==> rhel6<br />
RDR FILE 0001 SENT FROM RH6GOLD PUN WAS 0004 RECS <strong>10</strong>0K CPY 001 A NOHOLD NOKEEP<br />
RDR FILE 0002 SENT FROM RH6GOLD PUN WAS 0005 RECS 0003 CPY 001 A NOHOLD NOKEEP<br />
RDR FILE 0003 SENT FROM RH6GOLD PUN WAS 0006 RECS 296K CPY 001 A NOHOLD NOKEEP<br />
0000003 FILES CHANGED<br />
0000003 FILES CHANGED<br />
Initializing cgroup subsys cpuset<br />
Initializing cgroup subsys cpu<br />
Linux version 2.6.32-71.el6.s390x (mockbuild@s390-004.build.bos.redhat.com) (gcc<br />
version 4.4.4 20<strong>10</strong>0726 (Red Hat 4.4.4-13) (GCC) ) #1 SMP Wed Sep 1 01:38:33 EDT<br />
20<strong>10</strong><br />
...<br />
► <strong>The</strong>re can be many, many screens of DASD I/O messages. Use the CP TERM MORE<br />
command to make the 3270 screens clear instantly:<br />
==> #cp term more 0 0<br />
► You should see the following message:<br />
Initial configuration completed.<br />
Starting sshd to allow login over the network.<br />
Connect now to 9.60.18.222 and log in as user install to start the installation.<br />
E.g. using: ssh -x install@9.60.18.222<br />
You may log in as the root user to start an interactive shell.<br />
► Start an SSH session to the new in-memory Linux installer and login as install.<br />
login as: install<br />
Welcome to the anaconda install environment 1.2 <strong>for</strong> zSeries<br />
...<br />
► Set your language. In this example, the default of English was accepted.<br />
► When you installed the cloner, a screen prompting <strong>for</strong> network install in<strong>for</strong>mation<br />
appeared. In this install, it should not be shown because you added the method=<br />
parameter to the RHEL 6 parameter file.<br />
► If all is well with the new NFS server on the cloner, you will see the following message.<br />
Start a VNC client session:<br />
11:52:02 Please manually connect your vnc client to gpok222.endicott.ibm.com:1<br />
(9.60.18.222) to begin the install.<br />
11:52:02 Starting graphical installation.<br />
► At the screen asking <strong>for</strong> the type of devices, select Basic Storage Devices and click<br />
Next.<br />
Important: Again as with the installation of the cloner, if the minidisks have not been<br />
<strong>for</strong>matted <strong>for</strong> Linux by dasdfmt, you should <strong>for</strong>mat them now as described in section 7.1.6,<br />
“Working around a known issue” on page 112. However, this time you will only need to<br />
<strong>for</strong>mat dasdb and dasdc.<br />
Chapter 8. Installing and configuring the golden image 133
► A warning screen will appear as shown in Figure 8-1. Click Re-initialize all. This will result<br />
in the mindisks being <strong>for</strong>matted be<strong>for</strong>e Linux is copied to them.<br />
Figure 8-1 Disk initialization screen<br />
► At the screen that sets the host name, the value read from the configuration file should be<br />
correct. Click Next.<br />
► Set the time zone and click Next.<br />
► Set the root password and click Next.<br />
► At the type of installation screen, select Create Custom Layout and click Next. It is very<br />
important the you choose this option as described earlier.<br />
► At the screen to choose Data Storage Devices and Install Target Devices, move all disks<br />
to the Install Target Devices side by selecting each and clicking the right arrow. Click<br />
Next.<br />
► At the Please Select A Device screen, click Create.<br />
► At the Create Storage screen, choose Standard Partition and click Create.<br />
► At the Add Partition screen as shown in Figure 8-2, set the Mount Point to the root file<br />
system (/), deselect all drives except dasdb, and set the Size (MB) to 512. Click OK.<br />
134 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 8-2 Defining the root file system<br />
► At the Create Storage screen, choose Standard Partition and click Create again and<br />
create a 512 MB swap space, also on dasdb.<br />
► Again at the Create Storage screen, click partitions with a File System Type of physical<br />
volume (L<strong>VM</strong>) with the remainder of the space in dasdb (minidisk <strong>10</strong>0) and dasdc<br />
(minidisk <strong>10</strong>1).<br />
► Create partitions with a File System Type of swap with dasdd (virtual disk 300) and dasde<br />
(virtual disk 301). When you return to the Please Select A Device screen, you should see<br />
what is shown in Figure 8-3:<br />
Figure 8-3 Defining file systems <strong>for</strong> logical volumes and swap spaces<br />
Chapter 8. Installing and configuring the golden image 135
► Click Create and on the resulting Create Storage window, choose L<strong>VM</strong> Volume Group<br />
then click Create again.<br />
► On the Make L<strong>VM</strong> Volume Group window, set the Volume Group Name to system_vg<br />
and click Add. Create logical volumes <strong>for</strong> file systems mounted at /tmp, /opt, /var, /usr,<br />
and /. See Table 8-2 below <strong>for</strong> the recommended logical volume layout and sizes to be<br />
used <strong>for</strong> the golden image.<br />
Table 8-2 L<strong>VM</strong> logical volume layout<br />
Mount point Logical Volume Name Size (MB)<br />
/tmp/ tmp_lv 384<br />
/opt/ opt_lv 384<br />
/var/ var_lv 384<br />
/usr/ usr_lv 1536<br />
► This results in about 1G of free space remaining in the volume group as shown in<br />
Figure 8-4:<br />
Figure 8-4 Defining a volume group and logical volumes<br />
► At the Please Select A Device window, click Next. You will see a Format Warnings<br />
window. Click Format.<br />
136 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 8-5 Summary of file systems and swap spaces<br />
► At the Writing storage configuration to disk window, click Write changes to disk.<br />
► At the Software options section, accept the default of a Basic Server and click Next.<br />
► <strong>The</strong> installer will take about 5-<strong>10</strong> minutes to install Linux. When complete, click Reboot.<br />
<strong>The</strong> system should be restarted from disk.<br />
► Start an SSH session to the golden image. You may see a warning from PuTTY about a<br />
“POTENTIAL SECURITY BREACH”. This is expected because a new set of SSH keys<br />
were generated <strong>for</strong> the same IP address. Click Yes to begin the session.<br />
8.1.5 Verifying the installation<br />
Verify some settings with the following commands. You should see output similar to the<br />
following:<br />
# lsdasd<br />
Bus-ID Status Name Device Type BlkSz Size Blocks<br />
==============================================================================<br />
0.0.0<strong>10</strong>0 active dasda 94:0 ECKD 4096 2347MB 600840<br />
0.0.0300 active dasdb 94:4 FBA 512 256MB 524288<br />
0.0.0301 active dasdc 94:8 FBA 512 512MB <strong>10</strong>48576<br />
0.0.0<strong>10</strong>1 active dasdd 94:12 ECKD 4096 2347MB 600840<br />
# swapon -s<br />
Filename Type Size Used Priority<br />
/dev/dasda2 partition 524296 0 -1<br />
/dev/dasdb1 partition 262132 0 -2<br />
/dev/dasdc1 partition 524276 0 -3<br />
# mount<br />
Chapter 8. Installing and configuring the golden image 137
dev/dasda1 on / type ext4 (rw)<br />
proc on /proc type proc (rw)<br />
sysfs on /sys type sysfs (rw)<br />
devpts on /dev/pts type devpts (rw,gid=5,mode=620)<br />
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")<br />
/dev/mapper/system_vg-opt_lv on /opt type ext4 (rw)<br />
/dev/mapper/system_vg-tmp_lv on /tmp type ext4 (rw)<br />
/dev/mapper/system_vg-usr_lv on /usr type ext4 (rw)<br />
/dev/mapper/system_vg-var_lv on /var type ext4 (rw)<br />
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)<br />
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)<br />
# df -h<br />
Filesystem Size Used Avail Use% Mounted on<br />
/dev/dasda1 504M 146M 334M 31% /<br />
tmpfs 498M 0 498M 0% /dev/shm<br />
/dev/mapper/system_vg-opt_lv<br />
372M 17M 337M 5% /opt<br />
/dev/mapper/system_vg-tmp_lv<br />
372M 17M 337M 5% /tmp<br />
/dev/mapper/system_vg-usr_lv<br />
1.5G 789M 647M 55% /usr<br />
/dev/mapper/system_vg-var_lv<br />
372M 56M 298M 16% /var<br />
This shows that the three swap spaces are active, all file systems are about half full or less.<br />
8.2 Configuring the golden image<br />
Now you want to customize the golden image as much as possible be<strong>for</strong>e cloning. <strong>The</strong><br />
following high level steps are recommended though you may add or omit some steps:<br />
► “Configuring automount of install tree” on page 138<br />
► “Configuring yum <strong>for</strong> online updates” on page 139<br />
► “Turning off unneeded services” on page 140<br />
► “Configuring the VNC server” on page 140<br />
► “Setting system to halt on SIGNAL SHUTDOWN” on page 140<br />
► “Setting the system to logoff when Linux is shut down” on page 141<br />
► “Configuring SSH keys” on page 141<br />
► “Changing the order of the swap disks” on page 142<br />
► “Rebooting the system” on page 142<br />
► “Verifying the changes” on page 143<br />
8.2.1 Configuring automount of install tree<br />
You will now configure the Linux automount service to mount the installation tree on demand.<br />
<strong>The</strong> automounter will automatically mount a remote directory when it is accessed, and<br />
automatically unmount it after a period of inactivity.<br />
To configure automount, per<strong>for</strong>m the following steps:<br />
► Make a backup copy of the file /etc/auto.master, then add the following line at the<br />
bottom:<br />
138 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
# cd /etc<br />
# cp auto.master auto.master.orig<br />
# vi auto.master // add one line at the bottom<br />
...<br />
#<br />
+auto.master<br />
/nfs /etc/auto.cloner<br />
► <strong>The</strong> new line specifies that the file system mounted beneath the directory /nfs/ will be<br />
configured in the file /etc/auto.cloner. Now create the file /etc/auto.cloner, and add<br />
one line which points to the RHEL 6 install tree that is NFS-exported from the cloner:<br />
# vi auto.cloner<br />
rhel6 -ro,hard,intr 9.60.18.223:/nfs/rhel6<br />
This line specifies that beneath /nfs/ (in auto.master), when the directory rhel6/ (field 1)<br />
is accessed, the automounter will use the specified options (field 2) to mount the directory<br />
(field 3).<br />
► Create the /nfs/ directory. Restart the autofs service to pick up the new configuration.<br />
<strong>The</strong>n list the contents of the /nfs/rhel6/ directory. Even though this directory does not<br />
exist as a local file system, it is automatically mounted when referenced:<br />
# mkdir /nfs<br />
# service autofs reload<br />
Reloading maps<br />
► Show that the directory /nfs/rhel6/ is automatically mounted:<br />
# ls /nfs/rhel6<br />
boot.cat RELEASE-NOTES-es-ES.html RELEASE-NOTES-pt-BR.html<br />
EULA RELEASE-NOTES-fr-FR.html RELEASE-NOTES-ru-RU.html<br />
...<br />
8.2.2 Configuring yum <strong>for</strong> online updates<br />
You will now configure yum so it can install RPMs from the automount-ed install tree. <strong>The</strong><br />
configuration is identical to the cloner because in both instances the install tree is in the<br />
directory /nfs/rhel6/. However on the cloner this directory is local, while on the golden<br />
image (and later the clones) the directory is automount-ed. To configure yum, per<strong>for</strong>m the<br />
following steps:<br />
► You could create a file named rhel6.repo in the /etc/yum.repos.d directory again, or you<br />
could copy the same file from the cloner that you created previously. In this example scp is<br />
used to copy the file:<br />
# cd /etc/yum.repos.d<br />
# scp gpok223:/etc/yum.repos.d/rhel6.repo .<br />
<strong>The</strong> authenticity of host 'gpok223 (9.60.18.223)' can't be established.<br />
RSA key fingerprint is 37:5f:83:99:ba:9e:<strong>10</strong>:14:04:65:06:e1:11:d9:d9:cd.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added 'gpok223,9.60.18.223' (RSA) to the list of known hosts.<br />
root@gpok223's password:<br />
rhel6.repo <strong>10</strong>0% 73 0.1KB/s 00:00<br />
► Type the file to verify the contents:<br />
# cat rhel6.repo<br />
[RHEL6]<br />
name=Red Hat Enterprise Linux 6<br />
baseurl=file:///nfs/rhel6/Server<br />
Chapter 8. Installing and configuring the golden image 139
► Import the RPM GPG key so that yum knows you are installing official Red Hat packages.<br />
<strong>The</strong> Red Hat GPG key is located in the install tree. Import the key with the following<br />
command:<br />
# rpm --import /nfs/rhel6/RPM-GPG-KEY-redhat-release<br />
<strong>The</strong> yum tool should now be configured. It will be tested in the next section.<br />
8.2.3 Turning off unneeded services<br />
As with the golden image, follow the steps in 7.2.4, “Turning off unneeded services” on<br />
page 121. Following is a summary:<br />
# chkconfig iptables off<br />
# chkconfig ip6tables off<br />
# chkconfig auditd off<br />
# chkconfig abrtd off<br />
# chkconfig atd off<br />
# chkconfig mdmonitor off<br />
Verify these service are turned off with the chkconfig --list command:<br />
# chkconfig --list | grep 3:on<br />
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off<br />
cpi 0:off 1:on 2:on 3:on 4:on 5:on 6:off<br />
cpuplugd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
dumpconf 0:on 1:on 2:on 3:on 4:on 5:on 6:on<br />
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off<br />
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off<br />
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
mon_statd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off<br />
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off<br />
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
rhnsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
rpcbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off<br />
rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off<br />
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off<br />
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off<br />
8.2.4 Configuring the VNC server<br />
Configure the VNC server the same way as on the cloner. Follow the same steps as<br />
described in 7.2.5, “Configuring the VNC server” on page 122.<br />
8.2.5 Setting system to halt on SIGNAL SHUTDOWN<br />
Again, RHEL 6 reboots when a Ctrl-Alt-Del key sequence is trapped. This key sequence is<br />
simulated by z/<strong>VM</strong> when a SIGNAL SHUTDOWN command is issued. Rather than rebooting, you<br />
want your system to halt (shutdown).<br />
Edit /etc/init/control-alt-delete.conf changing shutdown -r (reboot) to shutdown -h<br />
(halt):<br />
140 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
# cd /etc/init<br />
# vi control-alt-delete.conf<br />
# control-alt-delete - emergency keypress handling<br />
#<br />
# This task is run whenever the Control-Alt-Delete key combination is<br />
# pressed. Usually used to shut down the machine.<br />
start on control-alt-delete<br />
exec /sbin/shutdown -h now "Control-Alt-Delete pressed"<br />
This change will be picked up when the system is rebooted.<br />
8.2.6 Setting the system to logoff when Linux is shut down<br />
When Linux is shut down, the default is <strong>for</strong> the virtual machine to remain logged on even<br />
though it is not running an operating system. It is more convenient <strong>for</strong> the user ID to be<br />
logged off, both at z/<strong>VM</strong> SHUTDOWN time and <strong>for</strong> getting a refreshed 3270 emulator session. To<br />
do this, per<strong>for</strong>m the following steps:<br />
► Edit the file /etc/rc.d/rc.local and add two lines at the end as follows:<br />
# cd /etc/rc.d<br />
# vi rc.local<br />
#!/bin/sh<br />
#<br />
# This script will be executed *after* all the other init scripts.<br />
# You can put your own initialization stuff in here if you don't<br />
# want to do the full Sys V style init stuff.<br />
touch /var/lock/subsys/local<br />
chshut halt vmcmd logoff<br />
chshut poff vmcmd logoff<br />
<strong>The</strong> z/<strong>VM</strong> user ID should now be logged off when you halt or power off Linux.<br />
8.2.7 Configuring SSH keys<br />
Recall that you generated SSH keys on the cloner in 7.2.8, “Configuring SSH keys” on<br />
page 125. Now it is time to copy these keys from the cloner to the golden image.<br />
► Create a new directory (if one doesn’t already exist) on the golden image where the public<br />
key will be copied:<br />
# cd /root<br />
# mkdir .ssh<br />
► Set the permissions to 700 so that it can only be accessed by root:<br />
# chmod 700 .ssh<br />
► Copy the public key to the name authorized_keys using the secure copy command scp:<br />
# scp 9.60.18.223:/etc/ssh/ssh_host_dsa_key.pub /root/.ssh/authorized_keys<br />
<strong>The</strong> authenticity of host '9.60.18.223 (9.60.18.223)' can't be established.<br />
RSA key fingerprint is c7:d6:3b:8c:20:57:06:fc:8c:71:80:a5:4f:72:47:38.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '9.60.18.223' (RSA) to the list of known hosts.<br />
root@9.60.18.223's password:<br />
ssh_host_dsa_key.pub <strong>10</strong>0% 590 0.6KB/s 00:00<br />
Chapter 8. Installing and configuring the golden image 141
This allows the cloner to initiate an encrypted SSH connection to the Linux server without the<br />
need to type the root password.<br />
8.2.8 Changing the order of the swap disks<br />
It is likely that the order of swap space priority is not optimal. Per<strong>for</strong>m the following<br />
commands:<br />
► View your order with the swapon -s command:<br />
# swapon -s<br />
Filename Type Size Used Priority<br />
/dev/dasda2 partition 524296 0 -1<br />
/dev/dasdb1 partition 262132 0 -2<br />
/dev/dasdc1 partition 524276 0 -3<br />
This shows that the minidisk swap space will be used be<strong>for</strong>e the VDISK. As VDISKs are<br />
in-memory, they should be first in the priority, from smallest to largest.<br />
► Make a backup of the /etc/fstab file:<br />
# cd /etc<br />
# cp fstab fstab.orig<br />
► Modify the order by moving the line in /etc/fstab. with the minidisk swap space below<br />
the lines with VDISK swap spaces:<br />
# vi fstab<br />
...<br />
/dev/disk/by-path/ccw-0.0.0300-part1 swap swap defaults 0 0<br />
/dev/disk/by-path/ccw-0.0.0301-part1 swap swap defaults 0 0<br />
/dev/disk/by-path/ccw-0.0.0<strong>10</strong>0-part2 swap swap defaults 0 0<br />
...<br />
After a reboot, the minidisk swap space should come back with the lowest priority.<br />
8.2.9 Other configuration changes<br />
You may consider other configuration changes. Of course you can take an iterative approach:<br />
start with this set of changes, clone some Linux images and test, then bring the golden image<br />
back up, make more changes and re-clone.<br />
Whether you’re on the first pass of configuration or not, refer to the following sections to<br />
consider other changes <strong>for</strong> per<strong>for</strong>mance and availability related issues:<br />
► 12.1, “Registering your system with RHN” on page 187<br />
► 13.6, “Setting up Memory Hotplugging” on page 208<br />
► 13.8, “Hardware cryptographic support <strong>for</strong> OpenSSH” on page 213<br />
8.2.<strong>10</strong> Rebooting the system<br />
Now reboot to test your changes:<br />
# reboot<br />
Broadcast message from root (pts/0) (Sun Nov 19 08:57:32 2006):<br />
<strong>The</strong> system is going down <strong>for</strong> reboot NOW!<br />
142 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
8.2.11 Verifying the changes<br />
You are now done customizing the master Linux image. When the system comes back up<br />
you should verify the changes that you made.<br />
► SSH back into the cloner and check a few settings.<br />
► Use the df command to display your file systems. Your output may differ:<br />
# df -h<br />
Filesystem Size Used Avail Use% Mounted on<br />
/dev/dasda1 504M 147M 332M 31% /<br />
tmpfs 498M 0 498M 0% /dev/shm<br />
/dev/mapper/system_vg-opt_lv<br />
372M 17M 337M 5% /opt<br />
/dev/mapper/system_vg-tmp_lv<br />
372M 17M 337M 5% /tmp<br />
/dev/mapper/system_vg-usr_lv<br />
1.5G 817M 619M 57% /usr<br />
/dev/mapper/system_vg-var_lv<br />
372M 85M 269M 24% /var<br />
► Confirm that both of your swap spaces are operational:<br />
# swapon -s<br />
Filename Type Size Used Priority<br />
/dev/dasdb1 partition 262132 0 -1<br />
/dev/dasdc1 partition 524276 0 -2<br />
/dev/dasda2 partition 524296 0 -3<br />
► Verify the shutdown settings with the lsshut command:<br />
# lsshut<br />
Trigger Action<br />
========================<br />
Halt vmcmd ("logoff")<br />
Panic stop<br />
Power off vmcmd ("logoff")<br />
Reboot reipl<br />
► You may choose to confirm other settings.<br />
Congratulations! You have now successfully installed the golden image. This image will<br />
normally be shut down or quiesced. You are now ready to clone the golden image to a new<br />
virtual server.<br />
Chapter 8. Installing and configuring the golden image 143
144 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning<br />
It has become appallingly obvious that our technology has exceeded our humanity.<br />
--Albert Einstein<br />
At this point you have completed the install of RH6CLONE, the Linux cloner, and RH6GOLD, the<br />
golden image. <strong>The</strong> cloner must be up and running. In this chapter, you per<strong>for</strong>m the following<br />
steps:<br />
► “Formatting DASD <strong>for</strong> minidisks” on page 145<br />
► “Defining a new user ID <strong>for</strong> a virtual server” on page 146<br />
► “Cloning a virtual server manually” on page 147<br />
► “Cloning one new virtual server” on page 152<br />
► “Defining three more virtual machines” on page 157<br />
► “Reviewing system status” on page 160<br />
9.1 Formatting DASD <strong>for</strong> minidisks<br />
In section 4.6.2, “Formatting DASD <strong>for</strong> minidisks” on page 52, DASD was <strong>for</strong>matted to<br />
become minidisks <strong>for</strong> the cloner and the golden image. <strong>The</strong> CPFMTXA command can be used<br />
to <strong>for</strong>mat one DASD at a time, but the CPFORMAT EXEC is a wrapper around CPFMTXA that allows<br />
the <strong>for</strong>matting of multiple DASD.<br />
To have access to enough DASD to define four more user IDs, LINUX01 - LINUX04, with two<br />
3390-3 volumes each, eight 3390-3s will be needed. In the examples used in this book,<br />
3390-9s are being used, and two thirds of the volume 63A9 is available. So only two more<br />
volumes are needed: 63AA and 63AB. Consult your worksheets on 2.7.2, “z/<strong>VM</strong> DASD<br />
worksheet” on page 17 to determine how many volumes you will need <strong>for</strong> four new virtual<br />
machines.<br />
To <strong>for</strong>mat DASD <strong>for</strong> minidisks, per<strong>for</strong>m the following steps:<br />
► Logon to a 3270 session as MAINT.<br />
► Query the devices that will be used <strong>for</strong> the remaining Linux user IDs.<br />
==> q 63aa-63ab<br />
9<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 145
DASD 63AA FR63AA , DASD 63AB FR63AB<br />
► Attach the volumes to MAINT using the * wildcard:<br />
==> att 63aa-63ab *<br />
63AA-63AB ATTACHED TO MAINT<br />
► Invoke the CPFORMAT command against these volumes using the parameter as perm:<br />
==> cp<strong>for</strong>mat 63aa-63ab as perm<br />
...<br />
DASD status after:<br />
TargetID Tdev OwnerID Odev Dtype Vol-ID Rdev StartLoc Size<br />
MAINT 63AA MAINT 63AA 3390 UM63AA 63AA 0 <strong>10</strong>017<br />
MAINT 63AB MAINT 63AB 3390 UM63AB 63AB 0 <strong>10</strong>017<br />
► Detach the seven volumes from MAINT with the DETACH command:<br />
==> det 63aa-63ab<br />
63AA-63AB DETACHED<br />
► Attach the newly <strong>for</strong>matted DASD to SYSTEM so they can be used <strong>for</strong> minidisks:<br />
==> att 63aa-63ab system<br />
DASD 63AA ATTACHED TO SYSTEM UM63AA<br />
DASD 63AB ATTACHED TO SYSTEM UM63AB<br />
<strong>The</strong> volumes will now be available to be used <strong>for</strong> minidisks in the USER DIRECT file. <strong>The</strong>y will<br />
also be available after the next IPL because their new labels match the pattern specified by<br />
the User_Volume_Include UM* statement in the SYSTEM CONFIG file.<br />
9.2 Defining a new user ID <strong>for</strong> a virtual server<br />
In this section you will define a new user ID, LINUX01, in z/<strong>VM</strong> and clone the golden image to<br />
it. To do so, per<strong>for</strong>m the following steps:<br />
► Logon to MAINT and edit the USER DIRECT file to add more Linux ID’s.<br />
==> x user direct c<br />
► Go to the bottom of the file and add the following five lines. In this example the user ID will<br />
be LINUX01 with a password of LNX4<strong>VM</strong>. It will default to have 256MB of memory but can be<br />
set up to 1GB. It will have only G permission (General user) It will have two 3338 cylinder<br />
(about 2.2 GB each) minidisks. In this example, they are located at device addresses 63A9<br />
which was <strong>for</strong>matted and given a label of UM63A9:<br />
USER LINUX01 LNX4<strong>VM</strong> 256M 1G G<br />
INCLUDE LNXDFLT<br />
OPTION APPLMON<br />
MDISK <strong>10</strong>0 3390 3339 3338 UM63A9 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 6677 3338 UM63A9 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
► You may need to add the new volumes to the $ALLOC$ user ID so cylinder 0 won’t show up<br />
in the disk map as a gap.<br />
► Again check <strong>for</strong> gaps and overlaps. You can use the ALL subcommand with the logical OR<br />
operator “|” to check <strong>for</strong> both strings. You should see only one 501 cylinder gap.<br />
==> diskmap user<br />
==> x user diskmap<br />
====> all /gap/|/overlap/<br />
-------------------- 4 line(s) not displayed --------------------<br />
0 500 501 GAP<br />
-------------------- 368 line(s) not displayed --------------------<br />
146 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
====> quit<br />
► Bring the changes online with the DIRECTXA command:<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 5 RELEASE 3.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
<strong>The</strong> new Linux user ID has now been defined.<br />
9.2.1 Adding LINUX01 to AUTOLOG1’s PROFILE EXEC<br />
<strong>The</strong> new Linux ID you defined needs access to the VSWITCH. A SET VSWITCH command with<br />
the GRANT parameter can be added to AUTOLOG1’s PROFILE EXEC to do this. Also, an XAUTOLOG<br />
statement can be added if the user ID is automatically logged on at z/<strong>VM</strong> IPL time:<br />
Link and access the AUTOLOG1 191 disk read/write and edit the file PROFILE EXEC. Add LINUX01<br />
to the sections that grant access to the VSWITCH and that XAUTOLOG the Linux user IDs:<br />
==> link autolog1 191 1191 mr<br />
==> acc 1191 f<br />
==> x profile exec f // add two lines<br />
/***************************/<br />
/* Autolog1 Profile Exec */<br />
/***************************/<br />
'cp xautolog tcpip' /* start up TCPIP */<br />
'CP XAUTOLOG DTCVSW1' /* start VSWITCH controller 1 */<br />
'CP XAUTOLOG DTCVSW2' /* start VSWITCH controller 2 */<br />
'cp set pf12 ret' /* set the retrieve key */<br />
'cp set mdc stor 0m 128m' /* Limit minidisk cache in CSTOR */<br />
'cp set mdc xstore 0m 0m' /* Disable minidisk cache in XSTOR */<br />
'cp set srm storbuf 300% 250% 200%' /* Overcommit memory */<br />
'cp set signal shutdown 300' /* Allow guests 5 min to shut down */<br />
/* Grant access to VSWITCH <strong>for</strong> each Linux user */<br />
'cp set vswitch vsw1 grant rh6clone'<br />
'cp set vswitch vsw1 grant rh6gold'<br />
'cp set vswitch vsw1 grant linux01'<br />
/* XAUTOLOG each Linux user that should be started */<br />
'cp xautolog rh6clone'<br />
'cp xautolog linux01'<br />
'cp logoff' /* logoff when done */<br />
====> file<br />
<strong>The</strong>se changes will not take effect until the next IPL, so you must grant this user ID access to<br />
the VSWITCH <strong>for</strong> this z/<strong>VM</strong> session. This is done as follows:<br />
==> set vswitch vsw1 grant linux01<br />
Command complete<br />
9.3 Cloning a virtual server manually<br />
Be<strong>for</strong>e using the clone script to clone a server, it is recommended that you clone a server<br />
manually to better understand the process.<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning 147
<strong>The</strong>re are many ways to clone Linux under z/<strong>VM</strong>. <strong>The</strong> steps in this section are just one way to<br />
do it. <strong>The</strong> following assumptions are made based on what you have done so far:<br />
► <strong>The</strong> source user ID, RH6GOLD in this example, has a root file system on L<strong>VM</strong>, located on<br />
minidisks <strong>10</strong>0-<strong>10</strong>1.<br />
► <strong>The</strong> target user ID, LINUX01 in this example, has identically sized mindisks <strong>10</strong>0-<strong>10</strong>1.<br />
► <strong>The</strong> vmcp command is available to issue z/<strong>VM</strong> CP commands<br />
► <strong>The</strong> z/<strong>VM</strong> FLASHCOPY command can be used but if you don’t have that support, the Linux<br />
dd command will work.<br />
Given these assumptions, one set of steps that can be used to clone a system is as follows:<br />
1. Link the source disks read-only.<br />
2. Link the target disks read/write.<br />
3. Copy the source to the target disk with FLASHCOPY or the Linux dd command.<br />
4. Detach the source disks.<br />
5. Bring the newly copied L<strong>VM</strong> online.<br />
6. Mount the newly copied root file system.<br />
7. Modify the networking in<strong>for</strong>mation on the target system.<br />
8. Detach the target disks.<br />
9. IPL the target system.<br />
<strong>10</strong>.Modify the SSH keys on the target system.<br />
Link the source and target disks<br />
Start an SSH session to the cloner as root.<br />
<strong>The</strong> source disks, RH6GOLD <strong>10</strong>0-<strong>10</strong>1, are linked read-only as virtual devices 1<strong>10</strong>0 and 1<strong>10</strong>1 with<br />
the CP LINK command:<br />
# vmcp link rh6gold <strong>10</strong>0 1<strong>10</strong>0 rr<br />
# vmcp link rh6gold <strong>10</strong>1 1<strong>10</strong>1 rr<br />
<strong>The</strong> target disks, LINUX01 <strong>10</strong>0-<strong>10</strong>1, are linked multi-read (read/write if no other user ID has<br />
write access) as virtual devices 2<strong>10</strong>0 and 2<strong>10</strong>1:<br />
# vmcp link linux01 <strong>10</strong>0 2<strong>10</strong>0 mr<br />
# vmcp link linux01 <strong>10</strong>1 2<strong>10</strong>1 mr<br />
Copy the source to the target disk with FLASHCOPY<br />
<strong>The</strong> two disks are copied with the CP FLASHCOPY command:<br />
# vmcp flashcopy 1<strong>10</strong>0 0 end to 2<strong>10</strong>0 0 end<br />
Command complete: FLASHCOPY 1<strong>10</strong>0 0 END TO 2<strong>10</strong>0 0 END<br />
# vmcp flashcopy 1<strong>10</strong>1 0 end to 2<strong>10</strong>1 0 end<br />
Command complete: FLASHCOPY 1<strong>10</strong>1 0 END TO 2<strong>10</strong>1 0 END<br />
If you do not have the FLASHCOPY feature, see the next shaded box.<br />
148 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Attention: If you do not have FLASHCOPY support, you can use the Linux dasdfmt and dd<br />
commands. You must first enable the 1<strong>10</strong>0-1<strong>10</strong>1 and 2<strong>10</strong>0-2<strong>10</strong>1 disks with the chccwdev -e<br />
command, then determine the newly created device nodes with the lsdasd command:<br />
# chccwdev -e 1<strong>10</strong>0-1<strong>10</strong>1,2<strong>10</strong>0-2<strong>10</strong>1<br />
Setting device 0.0.1<strong>10</strong>0 online<br />
Done<br />
...<br />
# lsdasd<br />
...<br />
0.0.1<strong>10</strong>0 active dasdf 94:20 ECKD 4096 2347MB 600840<br />
0.0.1<strong>10</strong>1 active dasdg 94:24 ECKD 4096 2347MB 600840<br />
0.0.2<strong>10</strong>0 active dasdh 94:28 ECKD 4096 2347MB 600840<br />
0.0.2<strong>10</strong>1 active dasdi 94:32 ECKD 4096 2347MB 600840<br />
In this example the source minidisks (1<strong>10</strong>0-1<strong>10</strong>1) are named /dev/dasdf and /dev/dasdg,<br />
while the target minidisks (2<strong>10</strong>0-2<strong>10</strong>1) are named /dev/dasdh and /dev/dasdi. Format the<br />
target devices with the dasdfmt command using a 4096 byte (4KB) block size:<br />
# dasdfmt -b 4096 -y -f /dev/dasdh<br />
Finished <strong>for</strong>matting the device.<br />
Rereading the partition table... ok<br />
# dasdfmt -b 4096 -y -f /dev/dasdi<br />
...<br />
Now that the devices have been <strong>for</strong>matted, you can copy the volumes of the golden image<br />
with the dd command, again using a block size of 4K (4096) bytes:<br />
# dd if=/dev/dasdf of=/dev/dasdh bs=4096<br />
...<br />
# dd if=/dev/dasdg of=/dev/dasdi bs=4096<br />
...<br />
<strong>The</strong>n bring the devices offline so the new file systems will be recognized when brought<br />
back online:<br />
# chccwdev -d 1<strong>10</strong>0-1<strong>10</strong>1,2<strong>10</strong>0-2<strong>10</strong>1<br />
...<br />
Detach the source disks<br />
Now that you no longer need the source disks linked, detach them:<br />
# vmcp det 1<strong>10</strong>0-1<strong>10</strong>1<br />
1<strong>10</strong>0-1<strong>10</strong>1 DETACHED<br />
Activate the target disk with the root file system<br />
Activate the minidisk at real device address 2<strong>10</strong>0 which has the root file system in the first<br />
partition:<br />
# chccwdev -e 2<strong>10</strong>0<br />
Setting device 0.0.2<strong>10</strong>0 online<br />
Done<br />
Mount the newly copied root file system<br />
► Use the lsdasd command to show the minidisks that are accessible. <strong>The</strong> target root file<br />
system is on the disk accessed as virtual device address 2<strong>10</strong>0:<br />
# lsdasd<br />
Bus-ID Status Name Device Type BlkSz Size Blocks<br />
==============================================================================<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning 149
0.0.0<strong>10</strong>0 active dasda 94:0 ECKD 4096 2347MB 600840<br />
0.0.0300 active dasdb 94:4 FBA 512 256MB 524288<br />
0.0.0301 active dasdc 94:8 FBA 512 512MB <strong>10</strong>48576<br />
0.0.0<strong>10</strong>1 active dasdd 94:12 ECKD 4096 2347MB 600840<br />
0.0.0<strong>10</strong>2 active dasde 94:16 ECKD 4096 2347MB 600840<br />
0.0.2<strong>10</strong>0 active dasdf 94:20 ECKD 4096 2347MB 600840<br />
0.0.2<strong>10</strong>1 active dasdg 94:24 ECKD 4096 2347MB 600840<br />
► Thus the device is /dev/dasdf and the first partition is /dev/dasdf1. Make a new mount<br />
point, /mnt/linux01, <strong>for</strong> the LINUX01 root file system and mount it there:<br />
# cd /mnt<br />
# mkdir linux01<br />
# mount /dev/dasdf1 linux01/<br />
Observe that this appears to be a root file system:<br />
# cd linux01<br />
# ls<br />
bin cgroup etc lib lost+found misc net opt root selinux sys usr<br />
boot dev home lib64 media mnt nfs proc sbin srv tmp var<br />
Modify networking in<strong>for</strong>mation on the target system<br />
In this example, the only two pieces of networking in<strong>for</strong>mation that are modified are the IP<br />
address and the host name. <strong>The</strong> two important files are /etc/sysconfig/network and<br />
/etc/sysconfig/network-scripts/ifcfg-eth0.<br />
► Observe the contents of these files:<br />
# cat /etc/sysconfig/network<br />
NETWORKING=yes<br />
HOSTNAME=gpok223.endicott.ibm.com<br />
GATEWAY=9.60.18.129<br />
# cat /etc/sysconfig/network-scripts/ifcfg-eth0<br />
DEVICE="eth0"<br />
BOOTPROTO="static"<br />
DNS1="9.0.3.1"<br />
DOMAIN="endicott.ibm.com"<br />
GATEWAY="9.60.18.129"<br />
IPADDR="9.60.18.223"<br />
MTU="1500"<br />
NETMASK="255.255.255.128"<br />
NETTYPE="qeth"<br />
NM_CONTROLLED="yes"<br />
ONBOOT="yes"<br />
OPTIONS="layer2=0 portno=0"<br />
PORTNAME="DONTCARE"<br />
SUBCHANNELS="0.0.0600,0.0.0601,0.0.0602"<br />
► Change the host name in the file /etc/hosts:<br />
# cd /mnt/linux01/etc/sysconfig<br />
# vi network<br />
NETWORKING=yes<br />
HOSTNAME=gpok224.endicott.ibm.com<br />
GATEWAY=9.60.18.129<br />
► Change the IP address in the file /etc/sysconfig/network-scripts/ifcfg-eth0:<br />
# cd network-scripts<br />
# vi ifcfg-eth0<br />
DEVICE="eth0"<br />
BOOTPROTO="static"<br />
DNS1="9.0.3.1"<br />
150 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
DOMAIN="endicott.ibm.com"<br />
GATEWAY="9.60.18.129"<br />
IPADDR="9.60.18.224"<br />
MTU="1500"<br />
NETMASK="255.255.255.128"<br />
NETTYPE="qeth"<br />
NM_CONTROLLED="yes"<br />
ONBOOT="yes"<br />
OPTIONS="layer2=0 portno=0"<br />
PORTNAME="DONTCARE"<br />
SUBCHANNELS="0.0.0600,0.0.0601,0.0.0602"<br />
Unmount and detach the target disk<br />
Now that the target disks have been copied and modified, they can be detached. Per<strong>for</strong>m the<br />
following steps:<br />
► Change to the default directory with the cd command, use the sync command to flush the<br />
disks and the umount command to unmount the modified root file system:<br />
# cd<br />
# sync<br />
# umount /mnt/linux01<br />
► Set the LINUX01 1<strong>10</strong>0-1<strong>10</strong>1 disks offline with the chccwdev command and detach them<br />
using the CP DETACH command:<br />
# vmcp det 2<strong>10</strong>0<br />
2<strong>10</strong>0 DETACHED<br />
You should now be ready to IPL the manually cloned system.<br />
IPL the target system<br />
Logon to a 3270 session as LINUX01. CMS will IPL and the PROFILE EXEC will ask you if you<br />
want to IPL from minidisk <strong>10</strong>0. Type y <strong>for</strong> yes and Linux should boot. Look <strong>for</strong> the modified<br />
host name (gpok224 in this example):<br />
LOGON LINUX01<br />
NIC 0600 is created; devices 0600-0602 defined<br />
z/<strong>VM</strong> Version 6 Release 1.0, Service Level <strong>10</strong>02 (64-bit),<br />
built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
<strong>The</strong>re is no logmsg data<br />
FILES: NO RDR, NO PRT, NO PUN<br />
LOGON AT 15:27:24 EDT MONDAY <strong>10</strong>/04/<strong>10</strong><br />
z/<strong>VM</strong> V6.1.0 20<strong>10</strong>-09-23 11:31<br />
DMSACP723I A (191) R/O<br />
DMSACP723I C (592) R/O<br />
DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space)<br />
DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space)<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
y<br />
zIPL v1.8.2-28.el6 interactive boot menu<br />
0. default (linux)<br />
1. linux<br />
Note: <strong>VM</strong> users please use '#cp vi vmsg '<br />
Please choose (default will boot in 5 seconds):<br />
Booting default (linux)...<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning 151
Initializing cgroup subsys cpuset<br />
Initializing cgroup subsys cpu<br />
Linux version 2.6.32-71.el6.s390x (mockbuild@s390-004.build.bos.redhat.com) (gcc<br />
version 4.4.4 20<strong>10</strong>0726 (Red Hat 4.4.4-13) (GCC) ) #1 SMP Wed Sep 1 01:38:33 EDT<br />
20<strong>10</strong><br />
setup: Linux is running as a z/<strong>VM</strong> guest operating system in 64-bit mode<br />
...<br />
gpok224 login:<br />
Your new system should come up cleanly using the modified IP address and host name. If it<br />
does, then congratulations! You have now cloned a Linux system manually. You can look<br />
around the new system. It should be identical to the golden image except <strong>for</strong> the IP address<br />
and host name.<br />
Next you will learn how to do it automatically. You will use the LINUX01 user ID again. To<br />
clone, the target user ID must be logged off. You could shut the new system down cleanly,<br />
but because you will be cloning again, it does not matter. Go to the 3270 session and log off<br />
the LINUX01 user ID:<br />
==> #cp log<br />
9.4 Cloning one new virtual server<br />
Now that you have cloned a server manually and better understand the steps, you can use<br />
the clone script to clone automatically.<br />
9.4.1 Using the configuration file /etc/sysconfig/clone<br />
<strong>The</strong> configuration file /etc/sysconfig/clone can be used to change global settings. <strong>The</strong><br />
following variables can be set:<br />
# cat /etc/sysconfig/clone<br />
# AUTOLOG - If set to "y" the script will autolog the cloned<br />
# image after the cloning is completed. If it is<br />
# set to "n" the image will not autolog the cloned<br />
# image.<br />
AUTOLOG=y<br />
# PROMPT - This will set if the script should prompt the user <strong>for</strong><br />
# confirmation be<strong>for</strong>e cloning. If set to "y" the user<br />
# will be prompted to continue. If set to "n" the script<br />
# will run without confirmation.<br />
PROMPT=y<br />
# CLONE_MNT_PT - This specifies the location on the filesystem<br />
# that the cloned root filesystem should be mounted<br />
# to. If the directory does not exist it will be<br />
# created the first run.<br />
CLONE_MNT_PT=/mnt/clone<br />
# CLONE_METHOD - This is used to determine what method you want to use<br />
# <strong>for</strong> cloning. It can have a value of AUTO, which will first<br />
# attempt FLASHCOPY then fall back to dd, or DD which will<br />
# only try to per<strong>for</strong>m a Linux dd command.<br />
CLONE_METHOD=auto<br />
# BLACKLIST - List of z/<strong>VM</strong> user IDs <strong>for</strong>bidden to be used as clone targets.<br />
# It's a good idea to add your master server here, so it doesn't<br />
152 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
# become a clone target by mistake.<br />
# Format: BLACKLIST="userA userB userC ..."<br />
BLACKLIST=""<br />
In the following example this file is not modified, thus all defaults are<br />
9.4.2 Creating a configuration file <strong>for</strong> LINUX01<br />
For each Linux guest you want to clone, you must create a configuration file that you can use<br />
to customize the image after cloning. Per<strong>for</strong>m the following steps on the RH6CLONE installation<br />
server:<br />
► Open an SSH session to RH6CLONE as root.<br />
► Install the clone script RPM:<br />
# rpm -ivh /nfs/virt-cookbook-RH6/clone-1.0-<strong>10</strong>.s390x.rpm<br />
Preparing... ########################################### [<strong>10</strong>0%]<br />
1:clone ########################################### [<strong>10</strong>0%]<br />
► Copy and then edit the supplied sample configuration file to reflect the values of the new<br />
Linux system:<br />
# cd /etc/clone<br />
# cp rhel.conf.sample linux01.conf<br />
► Edit the new configuration file with the appropriate values <strong>for</strong> your system. If the new Linux<br />
image is going to be on the same network as the golden image, you are likely to only have<br />
to change two variables: the Internet Protocol (IP) address (IPADDR) and the Domain<br />
Name System (DNS) name (HOSTNAME). In the following example, the IP address is set to<br />
9.60.18.224 and the DNS name to gpok224.endicott.ibm.com.<br />
# vi linux01.conf<br />
# Define the DASD that should be included as a part<br />
# of the clone.<br />
DASD=<strong>10</strong>0,<strong>10</strong>1 1<br />
DASD_ROOT=<strong>10</strong>0 2<br />
VG_NAME= 3<br />
LV_ROOT= 4<br />
# Define networking in<strong>for</strong>mation that will be used <strong>for</strong> the host.<br />
IPADDR=9.60.18.224<br />
SUBCHANNELS=0.0.0600,0.0.0601,0.0.0602<br />
HOSTNAME=gpok224.endicott.ibm.com<br />
NETTYPE=qeth<br />
NETMASK=255.255.255.128<br />
NETWORK=9.60.18.128<br />
SEARCHDNS=endicott.ibm.com<br />
BROADCAST=9.60.18.255<br />
GATEWAY=9.60.18.129<br />
DNS=9.0.2.11<br />
MTU=1500<br />
Note the following points <strong>for</strong> the numbers in black above:<br />
1 This is the range of minidisks that will be copied. You can enter dashes (-)<br />
or commas (,) to specify address ranges or specific disks, respectively.<br />
Make the range following DASD= is one continuous block of text with no<br />
spaces added.<br />
2 This is the minidisk that contains the root file system.<br />
3 If the root file system of the golden image is on a logical volume, specify the<br />
volume group name here.<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning 153
4 If you specified a value <strong>for</strong> 3 above (VG_NAME), specify the logical volume<br />
name of the root file system.<br />
► Save the file and log off root.<br />
► Log in to LINUX01.<br />
► Answer n to the question Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n. Verify that<br />
the minidisks at addresses <strong>10</strong>0 and <strong>10</strong>1 and the VDISK at addresses 300 and 301 are<br />
read/write with the QUERY DASD command:<br />
==> q da<br />
00: DASD 0<strong>10</strong>0 3390 UM63A9 R/W 3338 CYL ON DASD 63A9 SUBCHANNEL = 0000<br />
00: DASD 0<strong>10</strong>1 3390 UM63A9 R/W 3338 CYL ON DASD 63A9 SUBCHANNEL = 0001<br />
00: DASD 0190 3390 6<strong>10</strong>RES R/O <strong>10</strong>7 CYL ON DASD 6280 SUBCHANNEL = 0009<br />
00: DASD 0191 3390 UM6289 R/O 300 CYL ON DASD 6289 SUBCHANNEL = 000C<br />
00: DASD 019D 3390 UV6283 R/O 146 CYL ON DASD 6283 SUBCHANNEL = 000A<br />
00: DASD 019E 3390 UV6283 R/O 250 CYL ON DASD 6283 SUBCHANNEL = 000B<br />
00: DASD 0300 9336 (VDSK) R/W 524288 BLK ON DASD VDSK SUBCHANNEL = 000E<br />
00: DASD 0301 9336 (VDSK) R/W <strong>10</strong>48576 BLK ON DASD VDSK SUBCHANNEL = 000F<br />
00: DASD 0592 3390 UV6284 R/O 70 CYL ON DASD 6284 SUBCHANNEL = 000D<br />
► Log off LINUX01.<br />
You are now be ready to clone to this new user ID.<br />
9.4.3 Using the clone script<br />
To use the clone script, per<strong>for</strong>m the following steps:<br />
► Go back to your an SSH session to the controller.<br />
► Verify that the clone script is in your PATH with the which command:<br />
# which clone<br />
/usr/sbin/clone<br />
► <strong>The</strong> clone script can operate in two modes. <strong>The</strong> first where the DASD in<strong>for</strong>mation is<br />
provided on the command line, and the second where the DASD in<strong>for</strong>mation is included in<br />
the new user ID’s configuration file. Running clone with no arguments prints a usage<br />
message as follows:<br />
# clone<br />
Usage: clone [-v] sourceID targetID [rootMinidisk [minidisk1 minidisk2..]]<br />
Switches<br />
-v Verbose output<br />
Required<br />
sourceID the z/<strong>VM</strong> user id you want to clone from<br />
targetID the z/<strong>VM</strong> user id you want to clone to<br />
Optional<br />
rootMinidisk the minidisk address that contains the root filesystem<br />
minidisk1..n additional minidisks that should be copied<br />
<strong>The</strong> sourceID is the z/<strong>VM</strong> ID of the master Linux image and targetID is the z/<strong>VM</strong> ID of the<br />
target (LINUX01 in this example). <strong>The</strong>se values are always required.<br />
In the following examples, DASD is set to <strong>10</strong>0-<strong>10</strong>1, which implies that minidisks located at<br />
virtual addresses <strong>10</strong>0 and <strong>10</strong>1 are copied. <strong>The</strong> 300 and 301 VDISKs are omitted because<br />
SWAPGEN automatically creates them each time the user logs on. <strong>The</strong> DASD_ROOT value<br />
specifies which one of these minidisks contains the Linux root file system (/).<br />
<strong>The</strong> script exits if either the golden image or the clone image is logged in. <strong>The</strong> script first<br />
attempts to copy the disks with FLASHCOPY via the vmcp module or command. If an error is<br />
154 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
eturned, the script falls back to using Linux dasdfmt and dd commands. Finally, the script<br />
boots the new Linux image via the xautolog command.<br />
It takes less than a minute to clone with FLASHCOPY support and 3-20 minutes with dd. <strong>The</strong><br />
following is an example of cloning from RHEL52 to LINUX01 with FLASHCOPY support. <strong>The</strong><br />
example uses the verbose switch (-v) to clarify its actions.<br />
# clone -v rh6gold linux01<br />
Invoking CP command: QUERY rh6gold<br />
Invoking CP command: QUERY linux01<br />
This will copy disks from rh6gold to linux01<br />
Host name will be: gpok224.endicott.ibm.com<br />
IP address will be: 9.60.18.224<br />
Do you want to continue? (y/n): y<br />
<strong>The</strong> script makes sure the golden image (source) user ID and the target user ID exist and are<br />
logged off. <strong>The</strong>n, it confirms the order of the cloning and displays in<strong>for</strong>mation collected from<br />
the /etc/clone/linux01.conf file. Following this, it asks if you are sure you want to overwrite<br />
the disks on the target user ID.<br />
Next, the script links to the master clone minidisk and the target minidisk. <strong>The</strong> master<br />
minidisks are linked to RH6CLONE at virtual address FFFE, and the target minidisks are linked as<br />
FFFF. <strong>The</strong> FFFE links are read-only and the FFFF links are read-write. With the links in place,<br />
the script issues a FLASHCOPY command to copy the source <strong>10</strong>0 and <strong>10</strong>1 minidisks to the target<br />
<strong>10</strong>0 and <strong>10</strong>1 minidisks. <strong>The</strong> script then detaches the links. If FLASHCOPY fails, the script falls<br />
back to the Linux dasdfmt and dd commands.<br />
Cloning rh6gold to linux01 ...<br />
Copying minidisks...<br />
Invoking CP command: QUERY VIRTUAL fffe<br />
Invoking CP command: LINK rh6gold <strong>10</strong>0 fffe RR<br />
Invoking CP command: QUERY VIRTUAL ffff<br />
Invoking CP command: LINK linux01 <strong>10</strong>0 ffff W<br />
Invoking CP command: FLASHCOPY fffe 0 END ffff 0 END<br />
<strong>10</strong>0 disk copied ...<br />
Invoking CP command: DETACH fffe<br />
Invoking CP command: DETACH ffff<br />
Invoking CP command: QUERY VIRTUAL fffe<br />
Invoking CP command: LINK rh6gold <strong>10</strong>1 fffe RR<br />
Invoking CP command: QUERY VIRTUAL ffff<br />
Invoking CP command: LINK linux01 <strong>10</strong>1 ffff W<br />
Invoking CP command: FLASHCOPY fffe 0 END ffff 0 END<br />
<strong>10</strong>1 disk copied ...<br />
Invoking CP command: DETACH fffe<br />
Invoking CP command: DETACH ffff<br />
<strong>The</strong>n, the root file system is mounted to /mnt/clone, and the networking in<strong>for</strong>mation is<br />
modified in /mnt/clone/etc/sysconfig/network/ifcfg-eth0,<br />
/mnt/clone/etc/sysconfig/network, and /mnt/clone/etc/hosts:<br />
Updating cloned image ...<br />
Invoking CP command: QUERY VIRTUAL ffff<br />
Invoking CP command: LINK linux01 <strong>10</strong>0 ffff W<br />
Modifying networking info under /mnt/clone...<br />
Regenerating SSH keys in /mnt/clone/etc/ssh/ ...<br />
Invoking CP command: DETACH ffff<br />
Invoking CP command: XAUTOLOG linux01<br />
Booting linux01<br />
Successfully cloned rh6gold to linux01<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning 155
<strong>The</strong>n the SSH keys are regenerated in such a way that they are unique <strong>for</strong> the new virtual<br />
server. <strong>The</strong> new root file system is then unmounted, set offline, and detached: In the final<br />
section, the LINUX01 user ID is logged on via XAUTOLOG. Because the shared PROFILE EXEC<br />
detects that the user ID is in a disconnected mode, it carries out an IPL of Linux from minidisk<br />
<strong>10</strong>0.<br />
You may want to SSH into the newly cloned Linux server.<br />
Note: If the clone script fails, you can check that:<br />
► <strong>The</strong> configuration contains all of the correct in<strong>for</strong>mation in /etc/clone/<br />
► No other users have links to the clone’s read-write disks<br />
A block diagram of this process is displayed in Figure 9-1.<br />
Figure 9-1 Cloning block diagram<br />
<strong>The</strong> top of the figure shows the Linux cloner/installation server that is running on the RH6CLONE<br />
user ID. In order to FLASHCOPY or dd, the RH6CLONE user ID requires a LINK to the source<br />
minidisks that RH6GOLD owns and the destination minidisks that LINUX01 owns. <strong>The</strong> figure<br />
shows that the LINK statement is issued as read-only (RR) <strong>for</strong> the source and read/write (W) <strong>for</strong><br />
the target. <strong>The</strong> VDISK-based swap spaces at virtual addresses 300 and 301 are defined<br />
in-memory, there<strong>for</strong>e, they do not need to be copied.<br />
Note: If the clone script fails, you can check that:<br />
► <strong>The</strong> configuration contains all of the correct in<strong>for</strong>mation in /etc/clone/<br />
► No other users have links to the clone’s read-write disks<br />
156 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
9.5 Defining three more virtual machines<br />
So far you have installed Linux manually twice onto RH6CLONE and RH6GOLD. You have created<br />
a new user ID LINUX01 and cloned to it. Now it is time to prepare <strong>for</strong> more cloning of each of<br />
the virtual servers described in the remaining chapters.<br />
<strong>The</strong> following steps are involved:<br />
► “Defining three more user IDs” on page 157<br />
► “Creating three new configuration files” on page 158<br />
► “Adding new virtual machines to startup process” on page 159<br />
► “Testing logging on to a new user ID” on page 160<br />
9.5.1 Defining three more user IDs<br />
Define three more user IDs <strong>for</strong> Linux virtual servers. Per<strong>for</strong>m the following steps:<br />
► Logon to MAINT.<br />
► Edit the USER DIRECT file and create three new sections LINUX02 - LINUX04. You will need<br />
to use the DASD volumes you just <strong>for</strong>matted: two <strong>for</strong> each virtual server. You can repeat<br />
the definition of LINUX01 three times with the block copy ""3 prefix command. For example:<br />
==> x user direct<br />
====> /user linux01<br />
...<br />
""3 *<br />
02142 USER LINUX01 LNX4<strong>VM</strong> 256M 1G G<br />
02143 INCLUDE LNXDFLT<br />
02144 OPTION APPLMON<br />
02145 MDISK <strong>10</strong>0 3390 0001 3338 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
"" MDISK <strong>10</strong>1 3390 0001 3338 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
► This will create three more copies of the LINUX01 user definition. Modify them to have a<br />
user ID of LINUX02 - LINUX04, and give each correct DASD labels:<br />
USER LINUX02 LNX4<strong>VM</strong> 256M 1G G<br />
INCLUDE LNXDFLT<br />
OPTION APPLMON<br />
MDISK <strong>10</strong>0 3390 0001 3338 UM63AA MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 3339 3338 UM63AA MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
*<br />
USER LINUX03 LNX4<strong>VM</strong> 256M 1G G<br />
INCLUDE LNXDFLT<br />
OPTION APPLMON<br />
MDISK <strong>10</strong>0 3390 6677 3338 UM63AA MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 0001 3338 UM63AB MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
*<br />
USER LINUX04 LNX4<strong>VM</strong> 256M 1G G<br />
INCLUDE LNXDFLT<br />
OPTION APPLMON<br />
MDISK <strong>10</strong>0 3390 3339 3338 UM63AB MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 6677 3338 UM63AB MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
*<br />
► Go to the top of the file and find the definition <strong>for</strong> the user $ALLOC$. Add dummy definitions<br />
<strong>for</strong> cylinder 0 of each of the new volumes and save the changes. In this example, two<br />
volumes are added, UM63AA and UM63AB:<br />
====> top<br />
====> /alloc<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning 157
USER $ALLOC$ NOLOG<br />
MDISK A01 3390 000 001 6<strong>10</strong>RES R<br />
MDISK A02 3390 000 001 UV6283 R<br />
MDISK A03 3390 000 001 UV6284 R<br />
MDISK A04 3390 000 001 UM6289 R<br />
MDISK A05 3390 000 001 UM6290 R<br />
MDISK A06 3390 000 001 UM6293 R<br />
MDISK A07 3390 000 001 UM6294 R<br />
MDISK A08 3390 000 001 UM63A2 R<br />
MDISK A09 3390 000 001 UM63A9 R<br />
MDISK A0A 3390 000 001 UM63AA R<br />
MDISK A0B 3390 000 001 UM63AB R<br />
====> file<br />
► Check <strong>for</strong> overlaps and the single gap. Quit out of the USER DISKMAP file:<br />
==> diskmap user<br />
==> x user diskmap<br />
====> pre off<br />
====> all /gap/|/overlap/<br />
0 500 501 GAP<br />
-------------------- 6 line(s) not displayed --------------------<br />
0 0 1 GAP<br />
-------------------- 388 line(s) not displayed --------------------<br />
====> quit<br />
► Bring the changes online with the DIRECTXA USER command:<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 6 RELEASE 1.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
HCPDIR494I User directory occupies 45 disk pages<br />
You have now created three new user IDs that can be cloned to.<br />
9.5.2 Creating three new configuration files<br />
A new parameter must be created <strong>for</strong> each of the user IDs with the proper networking<br />
in<strong>for</strong>mation. Per<strong>for</strong>m the following steps:<br />
► Logoff of MAINT and logon to LNXMAINT.<br />
► Copy the RH6GOLD parameter file three times:<br />
==> copy rh6gold parm-rh6 d linux02 = =<br />
==> copy rh6gold parm-rh6 d linux03 = =<br />
==> copy rh6gold parm-rh6 d linux04 = =<br />
► Edit each of the three files replacing the name of the configuration file:<br />
==> x linux02 parm-rh6 d<br />
root=/dev/ram0 ro ip=off ramdisk_size=40000<br />
CMSDASD=191 CMSCONFFILE=LINUX02.CONF-RH6<br />
vnc<br />
► Copy the RH6GOLD configuration file three times:<br />
==> copy rh6gold conf-rh6 d linux02 = =<br />
==> copy rh6gold conf-rh6 d linux03 = =<br />
==> copy rh6gold conf-rh6 d linux04 = =<br />
► Edit each of the three files replacing the host name and IP address. In the following<br />
example the LINUX02 CONF-RH6 file is modified:<br />
==> x linux02 conf-rh6 d<br />
DASD=<strong>10</strong>0-<strong>10</strong>1,300-301<br />
158 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
HOSTNAME=gpok225.endicott.ibm.com<br />
NETTYPE=qeth<br />
IPADDR=9.60.18.225<br />
SUBCHANNELS=0.0.0600,0.0.0601,0.0.0602<br />
NETMASK=255.255.255.128<br />
SEARCHDNS=endicott.ibm.com<br />
GATEWAY=9.60.18.129<br />
DNS=9.0.3.1<br />
MTU=1500<br />
PORTNAME=DONTCARE<br />
PORTNO=0<br />
LAYER2=0<br />
You should now have three new parameter files and three new configuration files.<br />
9.5.3 Adding new virtual machines to startup process<br />
Modify the PROFILE EXEC on AUTOLOG1 191 to grant access to the VSWITCH <strong>for</strong> the three new<br />
user IDs and add XAUTOLOG commands so they will booted when the z/<strong>VM</strong> system IPLs.<br />
Per<strong>for</strong>m the following steps:<br />
► Link and access the AUTOLOG1 191 disk so the file can be modified from MAINT:<br />
==> link autolog1 191 1191 mr<br />
==> acc 1191 f<br />
► Edit the PROFILE EXEC and add three new SET VSWITCH commands and three new<br />
XAUTOLOG commands:<br />
==> x profile exec f<br />
...<br />
/* Grant access to VSWITCH <strong>for</strong> each Linux user */<br />
'cp set vswitch vsw1 grant rh6clone'<br />
'cp set vswitch vsw1 grant rh6gold'<br />
'cp set vswitch vsw1 grant rh6gold2'<br />
'cp set vswitch vsw1 grant linux01'<br />
'cp set vswitch vsw1 grant linux02'<br />
'cp set vswitch vsw1 grant linux03'<br />
'cp set vswitch vsw1 grant linux04'<br />
/* XAUTOLOG each Linux user that should be started */<br />
'cp xautolog rh6clone'<br />
'cp xautolog linux01'<br />
'cp xautolog linux02'<br />
'cp xautolog linux03'<br />
'cp xautolog linux04'<br />
'cp logoff' /* logoff when done */<br />
* * * End of File * * *<br />
====> file<br />
► Grant access to the new user IDs <strong>for</strong> the current z/<strong>VM</strong> session with the SET VSWITCH<br />
command:<br />
==> set vswitch vsw1 grant linux02<br />
Command complete<br />
==> set vswitch vsw1 grant linux03<br />
Command complete<br />
==> set vswitch vsw1 grant linux04<br />
Command complete<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning 159
► Verify that the new user IDs have access with the QUERY VSWITCH ACCESSLIST command:<br />
==> query vswitch vsw1 acc<br />
VSWITCH SYSTEM VSW1 Type: VSWITCH Connected: 4 Maxconn: INFINITE<br />
PERSISTENT RESTRICTED NONROUTER Accounting: OFF<br />
VLAN Unaware<br />
State: Ready<br />
IPTimeout: 5 QueueStorage: 8<br />
Portname: UNASSIGNED RDEV: 3004 Controller: DTCVSW1 VDEV: 3004<br />
Portname: UNASSIGNED RDEV: 3008 Controller: DTCVSW2 VDEV: 3008 BACKUP<br />
Authorized userids:<br />
LINUX01 LINUX02 LINUX03 LINUX04 RH6CLONE RH6GOLD<br />
SYSTEM<br />
...<br />
9.5.4 Testing logging on to a new user ID<br />
You should now be able to logon to a new user ID and verify the integrity of the definitions.<br />
Per<strong>for</strong>m the following steps<br />
► Logon to LINUX02 and you should first notice that a NIC is created as well as two<br />
VDISKs:<br />
LOGON LINUX02<br />
00: NIC 0600 is created; devices 0600-0602 defined<br />
z/<strong>VM</strong> Version 6 Release 1.0, Service Level <strong>10</strong>02 (64-bit),<br />
built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
<strong>The</strong>re is no logmsg data<br />
FILES: NO RDR, NO PRT, NO PUN<br />
LOGON AT 11:05:06 EDT TUESDAY <strong>10</strong>/05/<strong>10</strong><br />
z/<strong>VM</strong> V6.1.0 20<strong>10</strong>-09-23 11:31<br />
DMSACP723I A (191) R/O<br />
DMSACP723I C (592) R/O<br />
DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space)<br />
DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space)<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
n<br />
If you <strong>for</strong>got to grant access to the VSWITCH you will see an error message.<br />
► Verify that you have two read/write devices at addresses <strong>10</strong>0-<strong>10</strong>1 with the QUERY DASD<br />
command:<br />
==> q da<br />
DASD 0<strong>10</strong>0 3390 UM63AA R/W 3338 CYL ON DASD 63AA SUBCHANNEL = 0000<br />
DASD 0<strong>10</strong>1 3390 UM63AA R/W 3338 CYL ON DASD 63AA SUBCHANNEL = 0001<br />
...<br />
► Logoff of LINUX02.<br />
Congratulations, you have cloned one Linux virtual server and defined three more user IDs<br />
that should now be ready <strong>for</strong> cloning to. You will clone to these user IDs in the chapter that<br />
follows. In addition to cloning, the Red Hat kickstart tool can also be used. That is discussed<br />
in Chapter <strong>10</strong>, “Installing Linux with kickstart” on page 163.<br />
9.6 Reviewing system status<br />
You can step back now and view your system from a DASD point of view as shown in<br />
Figure 9-2. If you have followed all sections in this book you should have used the equivalent<br />
160 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
of 23 3390-3 volumes: 8 <strong>for</strong> the z/<strong>VM</strong> system, 7 <strong>for</strong> the Linux cloner and golden image and 8<br />
<strong>for</strong> the four virtual servers.<br />
You can also view the system from an administrator’s and end user point of view as shown by<br />
the horizontal lines and the italicized text on the right side of the figure. <strong>The</strong> z/<strong>VM</strong> and Linux<br />
system administration roles may be per<strong>for</strong>med by the same person, but these roles can also<br />
be done by different administrators. <strong>The</strong> Linux end users may not care that their servers are<br />
virtual machines and may be oblivious to the fact that they might have been cloned in a<br />
matter of minutes.<br />
Figure 9-2 Linux virtual server system - DASD view and role view<br />
Chapter 9. Configuring RHEL 6 <strong>for</strong> cloning 161
162 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter <strong>10</strong>. Installing Linux with kickstart<br />
Kickstart is an automated way of installing RHEL 6. Using kickstart, you can create a single<br />
file that answers all of the questions usually asked during an interactive installation.<br />
In the previous chapter, you cloned to LINUX01 and created three new user IDs <strong>for</strong> virtual<br />
servers. In this chapter you will kickstart a RHEL 6 system to LINUX02. In comparison, cloning<br />
a server is faster, assuming the FLASHCOPY command is available. However, kickstarting a<br />
server is more flexible, as it allows <strong>for</strong> different package configurations as well as pre-install<br />
and post-install scripting.<br />
<strong>The</strong> cloner is now configured as an installation server using NFS to share the installation tree.<br />
You will now configure it as a kickstart server to per<strong>for</strong>m automated installations over the<br />
network. <strong>The</strong> following steps are involved in installing Linux with kickstart:<br />
► Configure the cloner <strong>for</strong> kickstart<br />
► Configure the LINUX02 user <strong>for</strong> kickstart<br />
► Kickstart the LINUX02 user<br />
<strong>10</strong>.1 Configure the cloner <strong>for</strong> kickstart<br />
<strong>The</strong> installer generates a kickstart file at the end of every installation. It is based on the<br />
answers provided during the interactive install. This kickstart file is named anaconda-ks.cfg<br />
and is located in the /root/ directory. This file on RH6CLONE will be used as a template <strong>for</strong><br />
LINUX02.<br />
Per<strong>for</strong>m the following steps:<br />
► Start an SSH session on the cloner (RH6CLONE) as root.<br />
► Start the golden image (RH6GOLD). You could log on to a 3270 session, but you can also<br />
start it from the cloner with the CP XAUTOLOG command:<br />
# vmcp xautolog rh6gold<br />
Command accepted<br />
► Create the directory /nfs/ks/ <strong>for</strong> the kickstart file:<br />
<strong>10</strong><br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 163
# cd /nfs<br />
# mkdir ks<br />
# cd ks<br />
► Copy the sample kickstart file from the golden image:<br />
# scp 9.60.18.222:/root/anaconda-ks.cfg linux02-ks.cfg<br />
anaconda-ks.cfg <strong>10</strong>0% 1813 1.8KB/s 00:00<br />
# chmod +r linux02-ks.cfg<br />
► Edit the kickstart configuration file as follows. After the first four changes which are in bold,<br />
remove the comments from the part, volgroup and logvol lines. Edit the lines in bold in to<br />
customize this kickstart <strong>for</strong> LINUX02:<br />
# vi linux02-ks.cfg<br />
# Kickstart file automatically generated by anaconda.<br />
#version=RHEL6<br />
install<br />
reboot<br />
nfs --server=9.60.18.223 --dir=/nfs/rhel6<br />
lang en_US.UTF-8<br />
rootpw --iscrypted<br />
$6$jiFGqyU1FwxWWQ6t$7qnsOSsUsNOyGnjtIpR63z204RDjL1q6M//lxfA.E5SbQ.M2gNKCJpahQ.m07JCm.56y<br />
H3vKbxc5bVtvRERwd0<br />
firewall --disabled<br />
authconfig --enableshadow --passalgo=sha512 --enablefingerprint<br />
selinux --en<strong>for</strong>cing<br />
timezone --utc America/New_York<br />
bootloader --location=mbr --driveorder=dasdb,dasdc,dasdd,dasde<br />
--append="crashkernel=auto"<br />
# <strong>The</strong> following is the partition in<strong>for</strong>mation you requested<br />
# Note that any partitions you deleted are not expressed<br />
# here so unless you clear all partitions first, this is<br />
# not guaranteed to work<br />
clearpart --all --initlabel --drives=dasdb,dasdc,dasdd,dasde<br />
part / --fstype=ext4 --size=512<br />
part swap --size=512<br />
part pv.Al9FUC-feWq-uHGF-Jaui-RxZQ-Kq9t-pi5zlC --grow --size=200<br />
part pv.uB82Dq-ajP3-QEln-dcsJ-XHds-tCxx-BRjx0c --grow --size=200<br />
part swap --grow --size=200<br />
part swap --grow --size=200<br />
volgroup system_vg --pesize=4096 pv.Al9FUC-feWq-uHGF-Jaui-RxZQ-Kq9t-pi5zlC<br />
pv.uB82Dq-ajP3-QEln-dcsJ-XHds-tCxx-BRjx0c<br />
logvol /opt --fstype=ext4 --name=opt_lv --vgname=system_vg --size=384<br />
logvol /tmp --fstype=ext4 --name=tmp_lv --vgname=system_vg --size=384<br />
logvol /usr --fstype=ext4 --name=usr_lv --vgname=system_vg --size=1536<br />
logvol /var --fstype=ext4 --name=var_lv --vgname=system_vg --size=384<br />
repo --name="Red Hat Enterprise Linux" --baseurl=file:///mnt/source/ --cost=<strong>10</strong>0<br />
%packages<br />
@base<br />
...<br />
%end<br />
Following are clarifications to some of the values:<br />
– <strong>The</strong> line reboot is added to set the server to automatically shutdown after kickstart.<br />
– <strong>The</strong> line starting with nfs --server= sets the IP address of installation server and path<br />
to install tree.<br />
164 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
– <strong>The</strong> line starting with firewall disables the firewall. this is not recommended if the<br />
server is on an external network.<br />
– <strong>The</strong> line starting with bootloader removes references to additional drives only available<br />
to the cloner.<br />
– <strong>The</strong> line starting with clearpart --all specifiies to remove all existing partitions.<br />
– <strong>The</strong> line starting with part / defines the root partition to be 512 MB of type ext4.<br />
– <strong>The</strong> line starting with part swap defines a swap partition of size 512 MB.<br />
– <strong>The</strong> two lines starting with part pv specify to make physical volumes.<br />
– <strong>The</strong> next two lines starting with part swap define partitions. Since they have the --grow<br />
parameter, all of the VDISK will be used <strong>for</strong> swap, regardless of the size specified.<br />
Anaconda creates the swap devices based on the order in the kickstart file, so the first<br />
512 MB swap space will be created on the first minidisk while the last two will be<br />
created on VDISKs 300 and 301.<br />
– <strong>The</strong> line starting with volgroup specifies to create a volume group.<br />
– <strong>The</strong> next four lines starting with logvol defines logical volumes based on the table in<br />
.<br />
– <strong>The</strong> line @base specifies a default set of packages <strong>for</strong> the install. <strong>The</strong>se can be<br />
customized later by adding or removing specific packages from the %packages section.<br />
► Add the path to the kickstart folder to /etc/exports:<br />
# vi /etc/exports<br />
/nfs/rhel6/ *(ro,sync)<br />
/nfs/virt-cookbook-RH6 *(ro,sync)<br />
/nfs/ks *(ro,sync)<br />
► Restart the NFS service on the cloner. <strong>The</strong> showmount -e command should show the<br />
exported file systems:<br />
# service nfs reload<br />
# showmount -e<br />
Export list <strong>for</strong> gpok223.endicott.ibm.com:<br />
/nfs/ks *<br />
/nfs/virt-cookbook-RH6 *<br />
/nfs/rhel6 *<br />
<strong>10</strong>.2 Configure the LINUX02 user <strong>for</strong> kickstart<br />
Earlier you should have created the user ID LINUX02. It is now time to configure it <strong>for</strong> kickstart.<br />
LINUX02 must have its own parameter and configuration files, which are again based on the<br />
RH6GOLD user ID. Per<strong>for</strong>m the following steps:<br />
► LOGOFF of MAINT and logon to LNXMAINT. Copy the parameter and configuration files from<br />
RH6GOLD to LINUX02 as follows:<br />
==> copy rh6gold * d linux02 = =<br />
► Edit the LINUX02 PARM-RH6 file. Because this is a non-interactive installation, the vnc<br />
options are no longer required. <strong>The</strong> ks= line directs the installer to get the kickstart file<br />
from the installation server. RUNKS=1 is required <strong>for</strong> kickstarts, and the cmdline option<br />
prevents the installer’s text-based user interface from opening on the 3270 console:<br />
==> x linux02 parm-rh6 d<br />
ramdisk_size=40000 root=/dev/ram0 ro ip=off<br />
CMSDASD=191 CMSCONFFILE=linux02.conf-rh6<br />
ks=nfs:9.60.18.223:/nfs/ks/linux02-ks.cfg<br />
Chapter <strong>10</strong>. Installing Linux with kickstart 165
RUNKS=1 cmdline<br />
====> file<br />
► Next, edit the LINUX02 CONF file, and change the DASD range and networking<br />
in<strong>for</strong>mation:<br />
==> x linux02 conf-rh6 d<br />
DASD=<strong>10</strong>0-<strong>10</strong>1,300-301<br />
HOSTNAME=gpok225.endicott.ibm.com<br />
NETTYPE=qeth<br />
IPADDR=9.60.18.225<br />
...<br />
====> file<br />
► Logoff of LNXMAINT.<br />
<strong>10</strong>.3 Kickstart the LINUX02 user<br />
Per<strong>for</strong>m the following steps to kickstart the LINUX02 user:<br />
► Logon to LINUX02. When asked to IPL from disk <strong>10</strong>0, answer n:<br />
LOGON LINUX02<br />
...<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
n<br />
► Add more memory <strong>for</strong> the install process. Temporarily modify the storage up to 512MB<br />
with the DEFINE STORAGE command. <strong>The</strong>n IPL CMS and again answer n to the question of<br />
IPLing Linux:<br />
==> def stor 1g<br />
00: STORAGE = 1G<br />
00: Storage cleared - system reset.<br />
==> ipl cms<br />
...<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
n<br />
Verify that you have a 512 MB virtual machine:<br />
==> q v stor<br />
00: STORAGE = 512M<br />
This change is <strong>for</strong> the duration of the user ID session. When you logoff and log back on<br />
this user ID, the storage will go back to 256MB.<br />
► Run rhel6 exec to initiate the kickstart. You see some initial kernel messages, followed by<br />
the file system <strong>for</strong>mat and Red Hat Package Manager (RPM) package installation.<br />
Note: Towards the end of the kickstart, it is normal to see some unrecognized<br />
characters on the screen. This is because the 3270 console cannot display the<br />
progress meter during the post installation phase. To automatically clear the 3270<br />
console and avoid multiple screens of unreadable messages, issue the #cp term more<br />
0 0 command be<strong>for</strong>e running RHEL6 EXEC.<br />
==> rhel6<br />
...<br />
Kernel command line: ramdisk_size=40000 root=/dev/ram0 ro ip=off<br />
CMSDASD=191 CMSCONFFILE=linux02.conf-rh6<br />
ks=nfs:9.60.18.223:/nfs/ks/linux02-ks.cfg<br />
166 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
RUNKS=1 cmdline<br />
...<br />
► <strong>The</strong> first time kickstart is run, the installer must <strong>for</strong>mat the DASD <strong>for</strong> Linux use. It is normal<br />
to see error messages of the following <strong>for</strong>mat if the DASD you are using has never been<br />
<strong>for</strong>matted. In subsequent kickstart installs, you should not see these errors:<br />
end_request: I/O error, dev dasda, sector 0<br />
Buffer I/O error on device dasda, logical block 0<br />
Please wait while <strong>for</strong>matting drive dasda...<br />
► At the end of the kickstart, IPL the <strong>10</strong>0 disk to make any changes to your RHEL 6 golden<br />
image:<br />
/mnt/sysimage/dev done<br />
/mnt/sysimage done<br />
you may safely reboot your system<br />
==> #cp ipl <strong>10</strong>0<br />
00: zIPL v1.5.3 interactive boot menu<br />
00: 0. default (linux)<br />
00: 1. linux<br />
...<br />
Congratulations! You have now installed Linux onto the virtual server using kickstart. This<br />
process can be repeated in the future <strong>for</strong> other Linux guests. For the purpose of this book, we<br />
present a minimal installation with kickstart. However, you can completely customize the<br />
kickstart file to install different packages based on your requirements. For more in<strong>for</strong>mation<br />
regarding kickstart options, see the documentation located at:<br />
http://www.redhat.com/docs/manuals/enterprise/<br />
From there, click on Installation Guide, then 28. Kickstart Installations.<br />
Chapter <strong>10</strong>. Installing Linux with kickstart 167
168 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 11. Cloning open source virtual servers<br />
<strong>The</strong> secret to creativity is knowing how to hide your sources.<br />
--Albert Einstein<br />
This chapter describes how to clone and customize the following Linux virtual servers:<br />
► “Creating a virtual Web server” on page 169<br />
► “Creating a virtual LDAP server” on page 173<br />
► “Creating a virtual file and print server” on page 178<br />
► “Creating a virtual application development server” on page 182<br />
<strong>The</strong> sections that follow don’t go into the theory nor detail on the four types of servers. Rather,<br />
they are just a reference to get the servers quickly installed and configured. <strong>The</strong>re are many<br />
other resources that go into depth on these types of servers.<br />
11.1 Creating a virtual Web server<br />
<strong>The</strong> example in this section uses the LINUX01 user ID to create a virtual Web server. You<br />
should have a vanilla virtual server cloned to the user ID LINUX01 as described in Chapter 9,<br />
“Configuring RHEL 6 <strong>for</strong> cloning” on page 145.<br />
11.1.1 Installing Apache RPMs<br />
To accomplish this task, per<strong>for</strong>m the following steps:<br />
► SSH into the IP address of the new LINUX01 server. Install the following Apache RPMs<br />
with the yum -y install command. <strong>The</strong> -y flag prevents the “Is this OK” question:<br />
# yum -y install httpd httpd-manual<br />
...<br />
Installed:<br />
httpd.s390x 0:2.2.15-5.el6 httpd-manual.noarch 0:2.2.15-5.el6<br />
Dependency Installed:<br />
apr.s390x 0:1.3.9-3.el6 apr-util.s390x 0:1.3.9-3.el6<br />
11<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 169
11.1.2 Testing Apache<br />
apr-util-ldap.s390x 0:1.3.9-3.el6 httpd-tools.s390x 0:2.2.15-5.el6<br />
Complete!<br />
► Verify that the RPMs were installed<br />
# rpm -qa | grep httpd<br />
httpd-tools-2.2.15-5.el6.s390x<br />
httpd-manual-2.2.15-5.el6.noarch<br />
httpd-2.2.15-5.el6.s390x<br />
► Be<strong>for</strong>e starting the Apache Web server, use the chkconfig command to set the service to<br />
start at boot time:<br />
# chkconfig --list httpd<br />
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off<br />
# chkconfig httpd on<br />
# chkconfig --list httpd<br />
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<br />
Start the Apache Web server to verify it is installed successfully.<br />
# service httpd start<br />
Starting httpd: [ OK ]<br />
To verify that Apache is installed correctly, after it’s been started, bring up a Web browser<br />
and point it to the server. For example, the virtual server running on LINUX01 can be reached<br />
with the following URL:<br />
http://9.60.18.224/<br />
You should see the following test page to verify the Web server is working:<br />
170 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 11-1 Apache test page<br />
If you get an error in starting Apache, look in the log file /var/log/httpd/error-log <strong>for</strong> clues.<br />
If Apache started successfully but you can’t reach the test page from a browser, try accessing<br />
it using the IP address rather than the DNS name.<br />
11.1.3 Turning on a firewall<br />
RHEL 6 comes with an IP tables firewall. In section 8.2.3, “Turning off unneeded services” on<br />
page 140, it was recommended that you turn off the iptables service. If you did this on the<br />
golden image, the firewall is turned off on this clone. This section describes how to quickly<br />
enable an IP tables firewall and configure it to allow Web traffic through. Per<strong>for</strong>m the following<br />
steps:<br />
► Verify that the firewall is off with the chkconfig --list command. <strong>The</strong> service name is<br />
iptables:<br />
# chkconfig --list iptables<br />
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off<br />
► Turn on the firewall at boot time with the chkconfig command, and <strong>for</strong> this session with<br />
the service command:<br />
# chkconfig iptables on<br />
# service iptables start<br />
Applying iptables firewall rules: [ OK ]<br />
Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ]<br />
► Go back to your browser and click refresh. You should get an error that the server is not<br />
responding (or Unable to connect). This is because packets <strong>for</strong> ports <strong>for</strong> http: and https:<br />
(80 and 443) are dropped by default.<br />
Chapter 11. Cloning open source virtual servers 171
► To allow Web traffic through, you can modify the file /etc/sysconfig/iptables. First make<br />
a backup copy, then add two rules (in bold) to allow these ports then save your changes:<br />
# cd /etc/sysconfig<br />
# cp iptables iptables.orig<br />
# vi iptables<br />
# Firewall configuration written by system-config-firewall<br />
# Manual customization of this file is not recommended.<br />
*filter<br />
:INPUT ACCEPT [0:0]<br />
:FORWARD ACCEPT [0:0]<br />
:OUTPUT ACCEPT [0:0]<br />
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
-A INPUT -p icmp -j ACCEPT<br />
-A INPUT -i lo -j ACCEPT<br />
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT<br />
-A INPUT -j REJECT --reject-with icmp-host-prohibited<br />
-A FORWARD -j REJECT --reject-with icmp-host-prohibited<br />
COMMIT<br />
► Restart the firewall to pick up the new rules:<br />
# service iptables restart<br />
iptables: Flushing firewall rules: [ OK ]<br />
iptables: Setting chains to policy ACCEPT: filter [ OK ]<br />
iptables: Unloading modules: [ OK ]<br />
iptables: Applying firewall rules: [ OK ]<br />
► Go back to your browser and click refresh again. You should not get an error this time.<br />
You should now have a firewall that allows Web traffic.<br />
11.1.4 Configuring SSL <strong>for</strong> Apache<br />
Use the Secure Sockets Layer (SSL) to encrypt data between the client (browser) and the<br />
server. This is done by specifying an https prefix in the URL which uses port 443 rather than<br />
using the conventional http prefix which uses port 80. Per<strong>for</strong>m the following steps:<br />
► To use SSL, the mod_ssl package is requied. You can show that SSL communications do<br />
not work by changing http to https in your browser:<br />
https://9.60.18.224/<br />
You should see some type of communications error.<br />
► Install the mod_ssl RPM with the yum -y install command:<br />
# yum -y install mod_ssl<br />
...<br />
Installed:<br />
mod_ssl.s390x 1:2.2.15-5.el6<br />
Complete!<br />
► Verify that the RPM was added:<br />
# rpm -qa | grep mod_ssl<br />
mod_ssl-2.2.15-5.el6.s390x<br />
► Restart the Web server:<br />
# service httpd restart<br />
Stopping httpd: [ OK ]<br />
Starting httpd: [ OK ]<br />
172 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Go back to your browser and click restart again.<br />
This time you should get a warning about a self-signed certificate, which is acceptable <strong>for</strong> a<br />
test system. For a production Web site you will probably want to obtain a certificate signed by<br />
a certificate authority.<br />
11.1.5 Populating your Web site<br />
You can begin to put your Web pages in the directory /var/www/html/ which is the default<br />
Web root.<br />
11.1.6 Apache resources<br />
<strong>The</strong> following Web sites contain additional in<strong>for</strong>mation on Apache:<br />
http://www.samspublishing.com/articles/article.asp?p=30115&seqNum=4<br />
http://www.sitepoint.com/article/securing-apache-2-server-ssl<br />
http://www.securityfocus.com/infocus/1786<br />
11.2 Creating a virtual LDAP server<br />
<strong>The</strong> Lightweight Directory Access Protocol (LDAP) is commonly implemented with the<br />
OpenLDAP package which comes standard with most Linux distributions. Among other<br />
directory functions, OpenLDAP allows <strong>for</strong> centralized login authentication and user and group<br />
ID resolution.<br />
In this section you will install Linux manually and set up login authentication to a new virtual<br />
LDAP server. <strong>The</strong>n you will go back to the virtual Web server you just created and point it to<br />
the new LDAP server.<br />
<strong>The</strong> steps in this section are as follow:<br />
► “Installing the OpenLDAP server” on page 173<br />
► “Configuring the OpenLDAP server” on page 174<br />
► “Configuring an LDAP client” on page 177<br />
11.2.1 Installing the OpenLDAP server<br />
You should have created a RHEL 6 server on LINUX02 using kickstart. This will not have yum<br />
configured <strong>for</strong> online updates. Per<strong>for</strong>m the following steps to create an OpenLDAP server<br />
► It is recommended that you update the Linux system running on LINUX02 to configure yum<br />
as described in 8.2.2, “Configuring yum <strong>for</strong> online updates” on page 139. You could also<br />
use the clone script to clone the golden image over the kickstarted Linux.<br />
► Start an SSH session to the IP address of the new virtual server running on LINUX02. Use<br />
the yum command to install the OpenLDAP client and server RPMs:<br />
# yum -y install openldap-clients openldap-servers<br />
...<br />
Installed:<br />
openldap-clients.s390x 0:2.4.19-15.el6 openldap-servers.s390x 0:2.4.19-15.el6<br />
Dependency Installed:<br />
libtool-ltdl.s390x 0:2.2.6-15.5.el6<br />
Chapter 11. Cloning open source virtual servers 173
Complete!<br />
OpenLDAP should now be installed on LINUX02.<br />
11.2.2 Configuring the OpenLDAP server<br />
Any detailed description of LDAP is outside the scope of this book. Rather, short<br />
configuration recommendations are given in this section.<br />
<strong>The</strong>re are two important configuration values that must be chosen.<br />
1. <strong>The</strong> suffix or base distinguished name of the LDAP Domain In<strong>for</strong>mation Tree (DIT) - the<br />
most common suffix is to use your company’s DNS name.<br />
2. <strong>The</strong> LDAP administrator or root name and password.<br />
Per<strong>for</strong>m the following steps:<br />
► Choose an administrative password and run the slappasswd command which displays an<br />
encrypted version of it. <strong>The</strong> output of this command will be used shortly in a configuration<br />
file so you may want to make a copy of it.<br />
# slappasswd<br />
New password: lnx4vm<br />
Re-enter new password: lnx4vm<br />
{SSHA}6KT4R+YjZqDidFUNGUa4jrWFGaqEFfkV<br />
► <strong>The</strong> OpenLDAP server configuration file that will contain the LDAP manager (root)<br />
password is /etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif. Make a<br />
backup copy of that file:<br />
# cd /etc/openldap/slapd.d/cn=config<br />
# cp olcDatabase={1}bdb.ldif olcDatabase={1}bdb.ldif.orig<br />
► Edit the file and add one line to set the LDAP manager’s password. Use the variable<br />
olcRootPW and set the password to the output of the previous slappasswd command:<br />
# vi olcDatabase={1}bdb.ldif<br />
dn: olcDatabase={1}bdb<br />
objectClass: olcDatabaseConfig<br />
objectClass: olcBdbConfig<br />
olcDatabase: {1}bdb<br />
olcSuffix: dc=my-domain,dc=com<br />
olcAddContentAcl: FALSE<br />
olcLastMod: TRUE<br />
olcMaxDerefDepth: 15<br />
olcReadOnly: FALSE<br />
olcRootDN: cn=Manager,dc=my-domain,dc=com<br />
olcRootPW: {SSHA}6KT4R+YjZqDidFUNGUa4jrWFGaqEFfkV<br />
olcMonitoring: TRUE<br />
olcDbDirectory: /var/lib/ldap<br />
...<br />
► Save the file. Your LDAP server should now be minimally configured.<br />
Start the LDAP service<br />
To start the LDAP server, per<strong>for</strong>m the following steps:<br />
► Start LDAP at boot time with the chkconfig command and <strong>for</strong> this session with the<br />
service command:<br />
# chkconfig slapd on<br />
# service slapd start<br />
174 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Starting slapd: [ OK ]<br />
► Query the LDAP database with the ldapsearch command. <strong>The</strong> -x flag specifies that simple<br />
authentication is used:<br />
# ldapsearch -x<br />
# extended LDIF<br />
#<br />
# LDAPv3<br />
# base with scope subtree<br />
# filter: (objectclass=*)<br />
# requesting: ALL<br />
#<br />
# search result<br />
search: 2<br />
result: 32 No such object<br />
<strong>The</strong> result shows that the LDAP directory can be searched, but that it is empty. This is<br />
expected as no data has been added to it.<br />
11.2.3 Adding an LDAP user<br />
When the golden image was installed, it was recommended that a non-root user ID be added.<br />
In this example, it was named mikemac.<br />
► Choose an LDAP user name. In this example, mikemac will be used. Verify there is no<br />
such local user with the id command:<br />
# id mikemac<br />
id: mikemac: No such user<br />
► An LDIF (LDAP Interchange Format) file is created to add an organizational unit named<br />
People and a user ID named mikemac. Create a similar file <strong>for</strong> your system’s values.<br />
# cd /tmp<br />
# vi initial.ldif // create the input file ...<br />
dn: dc=my-domain,dc=com<br />
objectClass: dcObject<br />
objectClass: organization<br />
description: my-domain domain<br />
o: my-domain<br />
dc: my-domain<br />
dn: cn=Manager,dc=my-domain,dc=com<br />
objectClass: organizationalRole<br />
cn: Manager<br />
dn: ou=People,dc=my-domain,dc=com<br />
ou: People<br />
objectClass: top<br />
objectClass: organizationalUnit<br />
dn: uid=mikemac,ou=People,dc=my-domain,dc=com<br />
uid: mikemac<br />
cn: mikemac<br />
objectClass: account<br />
objectClass: posixAccount<br />
objectClass: top<br />
objectClass: shadowAccount<br />
loginShell: /bin/bash<br />
uidNumber: <strong>10</strong>000<br />
Chapter 11. Cloning open source virtual servers 175
gidNumber: <strong>10</strong>000<br />
homeDirectory: /home/mikemac<br />
dn: ou=Group,dc=my-domain,dc=com<br />
objectClass: top<br />
objectClass: organizationalUnit<br />
ou: Group<br />
dn: cn=mikemac,ou=Group,dc=my-domain,dc=com<br />
objectClass: posixGroup<br />
objectClass: top<br />
cn: mikemac<br />
userPassword: {crypt}x<br />
gidNumber: <strong>10</strong>000<br />
► Add the contents of the LDIF file to the LDAP server with the ldapadd command:<br />
# ldapadd -x -h localhost -D "cn=Manager,dc=my-domain,dc=com" -f /tmp/initial.ldif -W<br />
Enter LDAP Password:<br />
adding new entry "dc=my-domain,dc=com"<br />
adding new entry "cn=Manager,dc=my-domain,dc=com"<br />
adding new entry "ou=People,dc=my-domain,dc=com"<br />
adding new entry "uid=mikemac,ou=People,dc=my-domain,dc=com"<br />
adding new entry "ou=Group,dc=my-domain,dc=com"<br />
adding new entry "cn=mikemac,ou=Group,dc=my-domain,dc=com"<br />
► Set the base distinguished name to dc=my-domain,dc=com. This is set in the BASE variable<br />
in the LDAP client configuration file /etc/openldap/ldap.conf:<br />
# cd /etc/openldap<br />
# cp ldap.conf ldap.conf.orig<br />
# vi ldap.conf<br />
#<br />
# LDAP Defaults<br />
#<br />
# See ldap.conf(5) <strong>for</strong> details<br />
# This file should be world readable but not world writable.<br />
BASE dc=my-domain,dc=com<br />
...<br />
► Search <strong>for</strong> the new user ID just added with the ldapsearch command:<br />
# ldapsearch -x uid=mikemac<br />
...<br />
# mikemac, People, my-domain.com<br />
dn: uid=mikemac,ou=People,dc=my-domain,dc=com<br />
uid: mikemac<br />
cn:: bWlrZW1hYyA=<br />
objectClass: account<br />
objectClass: posixAccount<br />
objectClass: top<br />
objectClass: shadowAccount<br />
loginShell: /bin/bash<br />
uidNumber: <strong>10</strong>000<br />
gidNumber: <strong>10</strong>000<br />
homeDirectory: /home/mikemac<br />
176 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
userPassword:: e1NTSEF9Q1hhSGMwU1NnQlkzTEZ6ZlJ5ZHV2aVhkQkhuaUxqNC8=<br />
# search result<br />
search: 2<br />
result: 0 Success<br />
# numResponses: 2<br />
# numEntries: 1<br />
► This shows that the user ID exists in the LDAP database. Now you may want to set the<br />
password with the ldappasswd command. You will need to provide a new password <strong>for</strong> the<br />
new user and you will also need to provide the LDAP administrator password.<br />
# ldappasswd -x -D "cn=Manager,dc=my-domain,dc=com" -W -S<br />
"uid=mikemac,ou=People,dc=my-domain,dc=com"<br />
New password:<br />
Re-enter new password:<br />
Enter LDAP Password:<br />
Result: Success (0)<br />
You have now deleted a local user, added a new LDAP user using an LDIF file, and have set<br />
the new LDAP user’s password.<br />
You should now have an OpenLDAP server installed, configured and populated with users<br />
and groups.<br />
11.2.4 Configuring an LDAP client<br />
You are now ready to configure a system to authenticate users using the new LDAP server.<br />
You will first go to a different virtual server, running on the LINUX01 user ID, and configure it<br />
to point to this LDAP server. Per<strong>for</strong>m the following steps:<br />
► Start an SSH session to the Linux running on LINUX01.<br />
► Invoke the command authconfig-tui. Use the Tab key to move between fields, the<br />
space bar to change selections and the Enter key to select. Set the Use LDAP under<br />
User In<strong>for</strong>mation, and Use LDAP Authentication under Authentication. Click Next.<br />
# authconfig-tui<br />
------------------ Authentication Configuration ------------------¦<br />
¦ ¦<br />
¦ User In<strong>for</strong>mation Authentication ¦<br />
¦ [ ] Cache In<strong>for</strong>mation [ ] Use MD5 Passwords ¦<br />
¦ [ ] Use Hesiod [*] Use Shadow Passwords ¦<br />
¦ [*] Use LDAP [*] Use LDAP Authentication ¦<br />
¦ [ ] Use NIS [ ] Use Kerberos ¦<br />
¦ [ ] Use Winbind [*] Use Fingerprint reader ¦<br />
¦ [ ] Use Winbind Authentication ¦<br />
¦ [*] Local authorization is sufficient ¦<br />
¦ ¦<br />
¦ ---------- -------- ¦<br />
¦ ¦ Cancel ¦ ¦ Next ¦ ¦<br />
¦ ---------- -------- ¦<br />
¦ ¦<br />
¦ ¦<br />
------------------------------------------------------------------¦<br />
► On the next screen, set the Server value to point to the LDAP server. In this example, it is<br />
ldap://9.60.18.225/. Set the Base DN to your suffix value. In this example it is<br />
dc=my-domain,dc=com. “Press” OK<br />
------------------- LDAP Settings ------------------¦<br />
Chapter 11. Cloning open source virtual servers 177
178 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6<br />
¦ ¦<br />
¦ [ ] Use TLS ¦<br />
¦ Server: ldap://9.60.18.225______________________ ¦<br />
¦ Base DN: dc=my-domain,dc=com_____________________ ¦<br />
¦ ¦<br />
¦ -------- ------ ¦<br />
¦ ¦ Back ¦ ¦ Ok ¦ ¦<br />
¦ -------- ------ ¦<br />
¦ ¦<br />
¦ ¦<br />
----------------------------------------------------¦<br />
Your LDAP client should now be pointing to the LDAP server. Test it with the id ldapuser1<br />
command:<br />
# id ldapuser1<br />
uid=500(ldapuser1) gid=500(ldapuser1) groups=500(ldapuser1)<br />
context=root:system_r:unconfined_t:s0-s0:c0.c<strong>10</strong>23<br />
In RHEL 6, you can no longer authenticate over SSH without using TLS. This section has not<br />
described how to set up TLS. To do that, you would need a signed certificate that<br />
corresponds to your enterprise’s DNS domain name. <strong>The</strong>re is some in<strong>for</strong>mation at the<br />
OpenLDAP Web site.<br />
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html<br />
More details on the cn=config/ directory repalcing the /etc/openldap/slapd.conf file is on<br />
the following Red Hat Web site (you need a subscription to get to it):<br />
https://access.redhat.com/kb/docs/DOC-3637<br />
11.3 Creating a virtual file and print server<br />
Samba allows Windows clients to map Linux file systems as shared drives. Samba can also<br />
act as a middle-man between Windows clients and a Linux print server. <strong>The</strong> recommended<br />
Linux print server is CUPS - the Common UNIX Printing System. This section does not<br />
describe the configuration of CUPS but it does describe how the necessary RPMs are<br />
installed.<br />
<strong>The</strong> steps in this section are as follow:<br />
► “Cloning a Linux virtual server” on page 178<br />
► “Installing necessary RPMs” on page 179<br />
► “Configuring Samba configuration file” on page 179<br />
► “Adding a Samba user” on page 180<br />
► “Starting Samba at boot time” on page 180<br />
► “Testing your changes” on page 180<br />
11.3.1 Cloning a Linux virtual server<br />
To clone a newLinux server, per<strong>for</strong>m the following steps:<br />
► Start an SSH session as root to the cloner.<br />
► Copy a Linux cloning configuration file and modifying the IP address and host name<br />
variables:<br />
# cd /etc/clone<br />
# cp linux01.conf linux03.conf
# vi linux03.conf<br />
// ... modify IPADDR and HOSTNAME variables<br />
► Clone a basic virtual server. In this example the user ID LINUX03 is used.<br />
# clone -v rh6gold linux03<br />
Invoking CP command: QUERY rh6gold<br />
Invoking CP command: QUERY linux03<br />
This will copy disks from rh6gold to linux03<br />
Host name will be: 6.endicott.ibm.com<br />
IP address will be: 9.60.18.224<br />
Do you want to continue? (y/n): y<br />
...<br />
► When the new system comes up, start an SSH session to the new virtual server.<br />
11.3.2 Installing necessary RPMs<br />
Add the following RPMs with the yum -y command:<br />
# yum -y install samba<br />
...<br />
Installed:<br />
samba.s390x 0:3.5.4-68.el6<br />
Confirm that the RPMs were added:<br />
# rpm -qa | grep samba<br />
samba-common-3.0.28-0.el5.8<br />
samba-client-3.0.28-0.el5.8<br />
samba-3.0.28-0.el5.8<br />
samba-common-3.0.28-0.el5.8<br />
11.3.3 Configuring Samba configuration file<br />
<strong>The</strong> one configuration file <strong>for</strong> Samba is /etc/samba/smb.conf. It is easy to add an SMB share<br />
that will be made available by the Samba server. A good test directory is /usr/share/doc/ as<br />
it has much good Linux documentation. <strong>The</strong> following example will create a file share named<br />
sharedoc:<br />
# cd /etc/samba<br />
# cp smb.conf smb.conf.orig<br />
# vi smb.conf // add three lines at the bottom of the file:<br />
...<br />
[sharedoc]<br />
comment = RHEL 6 on System z documentation<br />
path = /usr/share/doc/<br />
You can verify the syntax of your changes with the testparm command:<br />
# testparm smb.conf<br />
Load smb config files from smb.conf<br />
Processing section "[homes]"<br />
Processing section "[printers]"<br />
Processing section "[sharedoc]"<br />
Loaded services file OK.<br />
Server role: ROLE_STANDALONE<br />
Press enter to see a dump of your service definitions<br />
...<br />
Chapter 11. Cloning open source virtual servers 179
This change will create an SMB share named sharedoc consisting of the contents of the<br />
directory /usr/share/doc and below.<br />
11.3.4 Adding a Samba user<br />
<strong>The</strong> default method that Samba uses to determines users’ credentials is to look in the<br />
/etc/samba/smbpasswd file. That user must first exist in the Linux file system (/etc/passwd,<br />
/etc/shadow, etc). Per<strong>for</strong>m the following steps<br />
► To create a new Samba user, the smbpasswd -a command is used. First use the useradd<br />
and passwd commands to add a user locally. In this example, the user sambauser1 is<br />
used:<br />
# id sambauser1<br />
id: sambauser1: No such user<br />
# useradd sambauser1<br />
# passwd sambauser1<br />
Changing password <strong>for</strong> sambauser1.<br />
New password: lnx4vm<br />
BAD PASSWORD: it is based on a dictionary word<br />
BAD PASSWORD: is too simple<br />
Retype new password: lnx4vm<br />
passwd: all authentication tokens updated successfully.<br />
► Add the user sambauser1 to the smbpasswd file with the smbpasswd -a command:<br />
# smbpasswd -a sambauser1<br />
New SMB password: lnx4vm<br />
Retype new SMB password: lnx4vm<br />
startsmbfilepwent_internal: file /etc/samba/smbpasswd did not exist. File successfully<br />
created.<br />
account_policy_get: tdb_fetch_uint32 failed <strong>for</strong> field 1 (min passwd length), returning 0<br />
...<br />
Added user sambauser1.<br />
This method of maintaining Samba users, groups and passwords is good <strong>for</strong> a small number<br />
of users. For a larger number of users, merging Samba and LDAP is recommended. It is not<br />
a simple as pointing the virtual file and print server at the virtual LDAP server as described in<br />
“Creating a virtual LDAP server” on page 173 because the Samba schema must first be<br />
added to LDAP. Details are outside the scope of this book.<br />
11.3.5 Starting Samba at boot time<br />
Samba can be started <strong>for</strong> the current session with the service command and at boot time<br />
with the chkconfig command. Do this <strong>for</strong> both the smb and nmb services:<br />
# service smb start<br />
Starting SMB services: [ OK ]<br />
# service nmb start<br />
Starting NMB services: [ OK ]<br />
# chkconfig smb on<br />
# chkconfig nmb on<br />
Samba should now be running and configured to start at boot time.<br />
11.3.6 Testing your changes<br />
You can verify that Samba is running with the following service command:<br />
180 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
# service smb status<br />
smbd (pid 6987 6982) is running...<br />
You can verify the shares that are available with the following smbclient command:<br />
# smbclient -U sambauser1 -L localhost<br />
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6]<br />
Sharename Type Comment<br />
--------- ---- ------sharedoc<br />
Disk RHEL 6 on System z documentation<br />
IPC$ IPC IPC Service (Samba Server Version 3.5.4-68.el6)<br />
sambauser1 Disk Home Directories<br />
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6]<br />
...<br />
Server Comment<br />
--------- -------<br />
GPOK226 Samba Server Version 3.5.4-68.el6<br />
Workgroup Master<br />
--------- -------<br />
MYGROUP GPOK226<br />
You can test getting a Samba share from a Windows desktop. Per<strong>for</strong>m the following steps<br />
► Go to any Windows Explorer window (such as My Computer) and select Tools -> Map<br />
Network Drive.<br />
► Use the Universal Naming Convention (UNC) to specify the Samba server and share<br />
name as shown in the upper left corner of Figure 11-2 on page 182. In this example the<br />
UNC is \\9.60.18.226\sharedoc.<br />
► You may have to click different user name if the user or password on the new Samba<br />
server is different from the Windows system you are connecting from.<br />
► Click Finish.<br />
If all the steps were correct, you should see the files in a new Explorer window as shown in<br />
the bottom right corner of Figure 11-2 on page 182.<br />
Chapter 11. Cloning open source virtual servers 181
Figure 11-2 Mapping a network drive to the Samba server<br />
You should now have Samba configured and running with one new share available.<br />
If you prefer a DOS command line, you can also link to the share with the following net use<br />
command:<br />
c:\>net use y: \\9.60.18.226\sharedoc<br />
<strong>The</strong> command completed successfully.<br />
You can detach the share with the following net use command:<br />
c:\>net use y: /delete<br />
y: was deleted successfully.<br />
11.3.7 Configuring printing<br />
Configuring printing is more complex and is beyond the scope of this section. For details see<br />
the Redpaper Printing with Linux on zSeries Using CUPS and Samba, REDP-3864, on the<br />
Web at:<br />
http://www.redbooks.ibm.com/abstracts/redp3864.html<br />
11.4 Creating a virtual application development server<br />
Most Linux distributions come with a basic set of application development tools, making Linux<br />
one of the most versatile development systems. <strong>The</strong>se basic tools are ideal <strong>for</strong> projects of<br />
any size.<br />
<strong>The</strong> development languages used in implementation range from scripting languages such as<br />
Python or Tcl, to compiled languages such as C/C++ and Java. <strong>The</strong>re are software<br />
182 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
available on Linux to help <strong>for</strong>m a development system <strong>for</strong> developers to create integrated<br />
applications. MySQL and Apache are among them. A popular open source Web plat<strong>for</strong>m is<br />
LAMP, which stands <strong>for</strong> the open source software and programming languages used to make<br />
up the plat<strong>for</strong>m: Linux, Apache, MySQL, Python or PHP.<br />
► Start an SSH session as root to the cloner.<br />
► Copy a Linux cloning configuration file and modifying the IP address and host name<br />
variables:<br />
# cd /etc/clone<br />
# cp linux01.conf linux04.conf<br />
# vi linux04.conf<br />
// ... modify IPADDR and HOSTNAME variables<br />
► Clone a basic virtual server. In this example the user ID LINUX03 is used.<br />
# clone -v rh6gold linux03<br />
Invoking CP command: QUERY rh6gold<br />
Invoking CP command: QUERY linux03<br />
This will copy disks from rh6gold to linux03<br />
Host name will be: 6.endicott.ibm.com<br />
IP address will be: 9.60.18.224<br />
Do you want to continue? (y/n): y<br />
...<br />
► When the new system comes up, start an SSH session as root to it.<br />
► Be<strong>for</strong>e installing the development tools, note how fulll the root and /usr/ file systems are:<br />
# df -h<br />
Filesystem Size Used Avail Use% Mounted on<br />
/dev/dasda1 504M 147M 332M 31% /<br />
tmpfs 121M 0 121M 0% /dev/shm<br />
/dev/mapper/system_vg-opt_lv<br />
372M 17M 337M 5% /opt<br />
/dev/mapper/system_vg-tmp_lv<br />
372M 17M 337M 5% /tmp<br />
/dev/mapper/system_vg-usr_lv<br />
1.5G 798M 638M 56% /usr<br />
/dev/mapper/system_vg-var_lv<br />
372M 86M 267M 25% /var<br />
In this example, they are 31% and 56% full<br />
► You can use the yum -y groupinstall command to install the groups named<br />
development-tools and development-libs. This will add about 45 packages which<br />
requires a number of minutes to complete:<br />
# yum -y groupinstall "Development tools" "Development libs"<br />
Installed:<br />
autoconf.noarch 0:2.63-5.1.el6 automake.noarch 0:1.11.1-1.2.el6<br />
bison.s390x 0:2.4.1-5.el6 byacc.s390x 0:1.9.20070509-6.1.el6<br />
cscope.s390x 0:15.6-6.el6 ctags.s390x 0:5.8-2.el6<br />
diffstat.s390x 0:1.51-2.el6 doxygen.s390x 1:1.6.1-4.el6<br />
flex.s390x 0:2.5.35-8.el6 gcc.s390x 0:4.4.4-13.el6<br />
gcc-c++.s390x 0:4.4.4-13.el6 gcc-g<strong>for</strong>tran.s390x 0:4.4.4-13.el6<br />
git.s390x 0:1.7.1-2.el6 indent.s390x 0:2.2.<strong>10</strong>-5.1.el6<br />
intltool.noarch 0:0.41.0-1.1.el6 libtool.s390x 0:2.2.6-15.5.el6<br />
patchutils.s390x 0:0.3.1-3.1.el6 rcs.s390x 0:5.7-37.el6<br />
redhat-rpm-config.noarch 0:9.0.3-25.el6 rpm-build.s390x 0:4.8.0-12.el6<br />
subversion.s390x 0:1.6.11-2.el6 swig.s390x 0:1.3.40-5.el6<br />
systemtap.s390x 0:1.2-9.el6<br />
Chapter 11. Cloning open source virtual servers 183
Dependency Installed:<br />
apr.s390x 0:1.3.9-3.el6 apr-util.s390x 0:1.3.9-3.el6<br />
cloog-ppl.s390x 0:0.15.7-1.2.el6 cpp.s390x 0:4.4.4-13.el6<br />
gettext-devel.s390x 0:0.17-16.el6 gettext-libs.s390x 0:0.17-16.el6<br />
glibc-devel.s390x 0:2.12-1.7.el6 glibc-headers.s390x 0:2.12-1.7.el6<br />
kernel-devel.s390x 0:2.6.32-71.el6 kernel-headers.s390x 0:2.6.32-71.el6<br />
libXtst.s390x 0:1.0.99.2-3.el6 libart_lgpl.s390x 0:2.3.20-5.1.el6<br />
libgcj.s390x 0:4.4.4-13.el6 libproxy.s390x 0:0.3.0-2.el6<br />
libproxy-bin.s390x 0:0.3.0-2.el6 libproxy-python.s390x 0:0.3.0-2.el6<br />
libstdc++-devel.s390x 0:4.4.4-13.el6 mpfr.s390x 0:2.4.1-6.el6<br />
neon.s390x 0:0.29.3-1.2.el6 pakchois.s390x 0:0.4-3.2.el6<br />
perl-Error.noarch 1:0.17015-4.el6 perl-Git.noarch 0:1.7.1-2.el6<br />
ppl.s390x 0:0.<strong>10</strong>.2-11.el6<br />
Complete!<br />
► Your application development server is now ready to use. You may choose to add or<br />
remove different packages.<br />
► Use df -h command to show your file systems. In this example, the root file system was<br />
not changed, but /usr/ is now 73% full:<br />
# df -h<br />
Filesystem Size Used Avail Use% Mounted on<br />
/dev/dasda1 504M 147M 332M 31% /<br />
tmpfs 121M 0 121M 0% /dev/shm<br />
/dev/mapper/system_vg-opt_lv<br />
372M 17M 337M 5% /opt<br />
/dev/mapper/system_vg-tmp_lv<br />
372M 17M 337M 5% /tmp<br />
/dev/mapper/system_vg-usr_lv<br />
1.5G 1.1G 394M 73% /usr<br />
/dev/mapper/system_vg-var_lv<br />
372M 94M 260M 27% /var<br />
9.60.18.223:/nfs/rhel6<br />
11G 5.2G 5.0G 52% /nfs/rhel6<br />
11.4.1 Additional resources<br />
<strong>The</strong> following Web sites are resources <strong>for</strong> additional in<strong>for</strong>mation on application development<br />
topics:<br />
Scripting languages<br />
http://www.perl.com/<br />
http://www.python.org/<br />
http://www.freeos.com/guides/lsst/<br />
C/C++<br />
http://gcc.gnu.org/onlinedocs/gcc/<br />
http://en.wikipedia.org/wiki/GNU_Compiler_Collection#External_links<br />
http://vertigo.hsrl.rutgers.edu/ug/make_help.htmll<br />
http://www.gnu.org/software/make/manual/html_chapter/make_toc.html<br />
Java<br />
http://www-130.ibm.com/developerworks/java/<br />
http://java.sun.com/<br />
http://csdl.ics.hawaii.edu/~johnson/613f99/modules/04/jar-files.html<br />
http://java.sun.com/j2se/1.3/docs/tooldocs/solaris/jdb.html<br />
184 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Linux kernel development<br />
http://www.kernel.org/pub/linux/docs/lkml/#blkd<br />
Web development<br />
http://www.onlamp.com/<br />
http://cgi.resourceindex.com/<br />
http://www.perl.com/<br />
Chapter 11. Cloning open source virtual servers 185
186 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 12. Servicing Linux with Red Hat<br />
Network<br />
This chapter describes Red Hat Network (RHN) and its ability to manage the virtual servers.<br />
Using yum, the virtual servers can be updated when Red Hat errata are released. You can<br />
also use yum to install new packages with automatic dependency resolution. RHN is accessed<br />
by the following link:<br />
http://rhn.redhat.com/<br />
<strong>The</strong> following sections describe how to configure a Linux guest <strong>for</strong> yum, and manage the guest<br />
through RHN:<br />
► “Registering your system with RHN” on page 187<br />
► “Installing and updating packages using yum” on page 187<br />
► “Managing your Linux guest through RHN” on page 189<br />
12.1 Registering your system with RHN<br />
This section assumes you have already obtained a valid entitlement <strong>for</strong> RHEL 6 on System z,<br />
or have completed the steps to obtain an evaluation copy. To receive a free 90-day<br />
evaluation, visit:<br />
http://www.redhat.com/z<br />
Select the link Free Evaluation under the section Try on the left and create an account if you<br />
don't already have one. After filling out the <strong>for</strong>m, you will receive an e-mail soon with<br />
activation instructions.<br />
12.2 Installing and updating packages using yum<br />
12<br />
You may choose to per<strong>for</strong>m these steps first on a “clone”, such as LINUX01, then later on the<br />
golden image. In this fashion, you can test the process on an appliance that can be<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 187
discarded, and later when all is tested and working, update the golden image so that all<br />
clones created thereafter are enabled <strong>for</strong> RHN.<br />
Be<strong>for</strong>e using yum <strong>for</strong> the first time, you must import the Red Hat GPG key and register your<br />
Linux guest with RHN. Use the commands below, substituting your RHN user name,<br />
password, and host name of the Linux guest.<br />
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release<br />
# rhnreg_ks --username=myuser --password=mypw --profilename=linux01.endicott.ibm.com<br />
Now that your system is registered with RHN, you can use yum to keep the system updated.<br />
You can download and install the latest version of a package by running yum with the RPM<br />
package name. You can also specify multiple packages on the command line separated by<br />
spaces. <strong>The</strong> yum install command installs the package if it is not present, and the yum<br />
upgrade command updates to the latest version if it is already installed. If a package has any<br />
dependencies, yum automatically downloads and installs them <strong>for</strong> you.<br />
Update the cpp package to get the latest security fixes:<br />
# rpm -q cpp<br />
cpp-4.1.1-30<br />
# yum upgrade cpp<br />
Loading "rhnplugin" plugin<br />
Loading "installonlyn" plugin<br />
Setting up Upgrade Process<br />
Setting up repositories<br />
rhel-s390x-server-5-beta <strong>10</strong>0% |=========================| 950 B 00:00<br />
...<br />
=============================================================================<br />
Package Arch Version Repository Size<br />
=============================================================================<br />
Updating:<br />
cpp s390x 4.1.1-43.el5 RHEL5 2.6 M<br />
Transaction Summary<br />
=============================================================================<br />
Install 0 Package(s)<br />
Update 1 Package(s)<br />
Remove 0 Package(s)<br />
Total download size: 2.6 M<br />
Is this ok [y/N]: y<br />
Downloading Packages:<br />
Running Transaction Test<br />
Finished Transaction Test<br />
Transaction Test Succeeded<br />
Running Transaction<br />
Updating : cpp ######################### [1/2]<br />
Cleanup : cpp ######################### [2/2]<br />
Updated: cpp.s390x 0:4.1.1-43.el5<br />
Complete!<br />
Now query the cpp package and you should see that it has been updated.<br />
# rpm -q cpp<br />
cpp-4.1.1-43.el5<br />
To update every installed package on the system, run:<br />
# yum upgrade<br />
188 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
For more in<strong>for</strong>mation about the yum command see the yum(8) man page.<br />
12.3 Managing your Linux guest through RHN<br />
You can also manage the packages on this Linux guest through the Web interface at:<br />
http://rhn.redhat.com/<br />
When you first log in to RHN, you see the system you registered under the Systems tab. If<br />
there is a red exclamation point next to your system, there are errata waiting to be applied.<br />
<strong>The</strong> number of relevant errata and the corresponding number of packages are visible to the<br />
left of the system name. Click the number beneath Errata or Packages to get a detailed list. If<br />
there is a blue check-mark, then the system is fully updated.<br />
Figure 12-1 RHN system overview<br />
Next, click the link that is the system name. This brings you to a detailed overview, where you<br />
can see the system properties as Figure 12-2 shows. Click the Packages tab to view all<br />
packages installed on this system. From this tab, you can also update, remove, or install new<br />
packages onto the system.<br />
Figure 12-2 RHN system details<br />
For more in<strong>for</strong>mation about managing your systems through RHN, including usage guides<br />
and frequently asked questions, see:<br />
http://rhn.redhat.com/help<br />
Chapter 12. Servicing Linux with Red Hat Network 189
190 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 13. Miscellaneous recipes<br />
Two things are infinite: the universe and human stupidity; and I'm not sure about the<br />
universe.<br />
--Albert Einstein<br />
This chapter has the following sections of miscellaneous tasks that you might want to<br />
per<strong>for</strong>m:<br />
► “Adding DASD” on page 191<br />
► “Adding a logical volume” on page 194<br />
► “Extending an existing logical volume” on page 198<br />
► “Setting up Memory Hotplugging” on page 208<br />
► “Utilizing the cpuplugd service” on page 2<strong>10</strong><br />
► “Hardware cryptographic support <strong>for</strong> OpenSSH” on page 213<br />
► “<strong>The</strong> X Window System” on page 216<br />
► “Centralizing home directories <strong>for</strong> LDAP users” on page 220<br />
13.1 Adding DASD<br />
<strong>The</strong> following process describes how to add additional DASD to a Linux guest. <strong>The</strong> overall<br />
steps are:<br />
► “Adding minidisks to a virtual machine” on page 191<br />
► “Making new minidisks available to RHEL 6” on page 192<br />
► “Creating a logical volume and file system” on page 194<br />
► “Updating the file system table” on page 197<br />
13.1.1 Adding minidisks to a virtual machine<br />
13<br />
Following are the high level steps to add two new 3390-3-sized minidisks to LINUX02:<br />
► Determine the volume or volumes that will be added. In this example, a 3390-3 at real<br />
device address 6339 is added. Its space is split in half.<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 191
► Add minidisk statements to define minidisks. In this example two minidisks at virtual<br />
addresses <strong>10</strong>2 and <strong>10</strong>3 are defined of size 1669 cylinders to the LINUX02 user ID.<br />
► Create the USER DISKMAP file to verify the disk layout<br />
► Bring the changes online with the DIRECTXA command<br />
► Shutdown the Linux system<br />
► Logoff the user ID<br />
► Log back on to it and IPL Linux.<br />
Following is the updated directory entry:<br />
USER LINUX02 LNX4<strong>VM</strong> 256M 1G G<br />
INCLUDE LNXDFLT<br />
OPTION APPLMON<br />
MDISK <strong>10</strong>0 3390 0001 3338 UM63AA MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 3339 3338 UM63AA MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>2 3390 0001 1669 UM6339 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>3 3390 1670 1669 UM6339 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
13.1.2 Making new minidisks available to RHEL 6<br />
To make the new minidisks available, per<strong>for</strong>m the following steps:<br />
► When your system comes back up, start an SSH session to it. Use the lsdasd command<br />
to verify that the new minidisks are not seen yet:<br />
# lsdasd<br />
Bus-ID Status Name Device Type BlkSz Size Blocks<br />
==============================================================================<br />
0.0.0<strong>10</strong>0 active dasda 94:0 ECKD 4096 2347MB 600840<br />
0.0.0<strong>10</strong>1 active dasdb 94:4 ECKD 4096 2347MB 600840<br />
0.0.0300 active dasdc 94:8 FBA 512 256MB 524288<br />
0.0.0301 active dasdd 94:12 FBA 512 512MB <strong>10</strong>48576<br />
► Enable the disks with the chccwdev -e command:<br />
# chccwdev -e <strong>10</strong>2 <strong>10</strong>3<br />
Setting device 0.0.0<strong>10</strong>2 online<br />
Done<br />
Setting device 0.0.0<strong>10</strong>3 online<br />
Done<br />
► View the available disks again with the lsdasd command:<br />
# lsdasd<br />
Bus-ID Status Name Device Type BlkSz Size Blocks<br />
==============================================================================<br />
0.0.0<strong>10</strong>0 active dasda 94:0 ECKD 4096 2347MB 600840<br />
0.0.0<strong>10</strong>1 active dasdb 94:4 ECKD 4096 2347MB 600840<br />
0.0.0300 active dasdc 94:8 FBA 512 256MB 524288<br />
0.0.0301 active dasdd 94:12 FBA 512 512MB <strong>10</strong>48576<br />
0.0.0<strong>10</strong>2 active dasde 94:16 ECKD 4096 1173MB 300420<br />
0.0.0<strong>10</strong>3 active dasdf 94:20 ECKD 4096 1173MB 300420<br />
► Format the disks with the dasdfmt command and create one partition on each with the<br />
fdasd -a command. <strong>The</strong> disks can be <strong>for</strong>matted in parallel by using a <strong>for</strong> loop and putting<br />
them in the background. However, be<strong>for</strong>e running fdasd, you have to wait until they are<br />
done <strong>for</strong>mattting:<br />
192 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
# <strong>for</strong> i in 0.0.0<strong>10</strong>2 0.0.0<strong>10</strong>3<br />
> do<br />
> dasdfmt -b 4096 -y -f /dev/disk/by-path/ccw-$i &<br />
> done<br />
[1] 1637<br />
[2] 1638<br />
... wait <strong>for</strong> the two jobs to finish<br />
...<br />
Finished <strong>for</strong>matting the device.<br />
Finished <strong>for</strong>matting the device.<br />
Rereading the partition table... ok<br />
Rereading the partition table... ok<br />
[1]- Done dasdfmt -b 4096 -y -f /dev/disk/by-path/ccw-$i<br />
[2]+ Done dasdfmt -b 4096 -y -f /dev/disk/by-path/ccw-$i<br />
# fdasd -a /dev/disk/by-path/ccw-0.0.0<strong>10</strong>2<br />
reading volume label ..: VOL1<br />
reading vtoc ..........: ok<br />
auto-creating one partition <strong>for</strong> the whole disk...<br />
writing volume label...<br />
writing VTOC...<br />
rereading partition table...<br />
# fdasd -a /dev/disk/by-path/ccw-0.0.0<strong>10</strong>3<br />
reading volume label ..: VOL1<br />
reading vtoc ..........: ok<br />
auto-creating one partition <strong>for</strong> the whole disk...<br />
writing volume label...<br />
writing VTOC...<br />
rereading partition table...<br />
► Make a backup of /etc/dasd.conf, then add minidisks <strong>10</strong>2 and <strong>10</strong>3 to it:<br />
# cd /etc<br />
# cp dasd.conf dasd.conf.orig<br />
# vi dasd.conf<br />
0.0.0301 use_diag=0 readonly=0 erplog=0 failfast=0<br />
0.0.0300 use_diag=0 readonly=0 erplog=0 failfast=0<br />
0.0.0<strong>10</strong>1 use_diag=0 readonly=0 erplog=0 failfast=0<br />
0.0.0<strong>10</strong>0 use_diag=0 readonly=0 erplog=0 failfast=0<br />
0.0.0<strong>10</strong>2<br />
0.0.0<strong>10</strong>3<br />
► Verify the new minidisks are actived with the lsdasd command:<br />
# lsdasd<br />
Bus-ID Status Name Device Type BlkSz Size Blocks<br />
==============================================================================<br />
Bus-ID Status Name Device Type BlkSz Size Blocks<br />
==============================================================================<br />
0.0.0<strong>10</strong>0 active dasda 94:0 ECKD 4096 2347MB 600840<br />
0.0.0<strong>10</strong>1 active dasdb 94:4 ECKD 4096 2347MB 600840<br />
0.0.0300 active dasdc 94:8 FBA 512 256MB 524288<br />
0.0.0301 active dasdd 94:12 FBA 512 512MB <strong>10</strong>48576<br />
0.0.0<strong>10</strong>2 active dasde 94:16 ECKD 4096 1173MB 300420<br />
0.0.0<strong>10</strong>3 active dasdf 94:20 ECKD 4096 1173MB 300420<br />
If you are creating a new logical volume, see 13.2.1, “Creating a logical volume and file<br />
system” on page 194. If you are extending an existing logical volume, skip ahead to 13.3,<br />
“Extending an existing logical volume” on page 198<br />
Chapter 13. Miscellaneous recipes 193
13.2 Adding a logical volume<br />
<strong>The</strong>re are times when you require more disk space than a single direct access storage device<br />
(DASD) volume provides. For example, if you want to have a shared /home/ directory you will<br />
want it to be of sufficient size. When this is the case, you can use the Logical Volume<br />
Manager (L<strong>VM</strong>) to combine multiple DASD volumes into one logical volume.<br />
<strong>The</strong> following process describes how to create a logical volume with additional DASD on a<br />
Linux guest. <strong>The</strong> overall steps in adding a logical volume are:<br />
► “Adding DASD” on page 191<br />
► “Creating a logical volume and file system” on page 194<br />
► “Updating the file system table” on page 197<br />
13.2.1 Creating a logical volume and file system<br />
<strong>The</strong> overall steps involved in creating a logical volume are:<br />
► Create physical volumes from the two partitions<br />
► Create a single volume group<br />
► Create a single logical volume<br />
► Make a file system from the logical volume<br />
Figure 13-1 on page 194 shows a block diagram of the logical volume manager reflecting this<br />
example.<br />
Physical Volume - /dev/dasde1<br />
Physical Extent (PE)<br />
Physical Extent (PE)<br />
Physical Extent (PE)<br />
Physical Extent (PE)<br />
Figure 13-1 L<strong>VM</strong> block diagram<br />
Creating physical volumes from the two DASD<br />
To create physical volumes, per<strong>for</strong>m the following steps:<br />
194 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6<br />
Volume Group - homevg<br />
Physical Volume - /dev/dasdf1<br />
Physical Extent (PE)<br />
Physical Extent (PE)<br />
Physical Extent (PE)<br />
Physical Extent (PE)<br />
Logical Volume - homelv (/dev/homevg/homelv)<br />
ext3 file system<br />
mounted over /home/
► <strong>The</strong> pvcreate command initializes partitions <strong>for</strong> use by L<strong>VM</strong>. Initialize the two new DASD<br />
partitions.<br />
# pvcreate /dev/dasde1 /dev/dasdf1<br />
Physical volume "/dev/dasde1" successfully created<br />
Physical volume "/dev/dasdf1" successfully created<br />
► Verify that the physical volumes were created with the pvdisplay command:<br />
# pvdisplay /dev/dasde1 /dev/dasdf1<br />
"/dev/dasde1" is a new physical volume of "1.15 GiB"<br />
--- NEW Physical volume ---<br />
PV Name /dev/dasde1<br />
VG Name<br />
PV Size 1.15 GiB<br />
Allocatable NO<br />
PE Size 0<br />
Total PE 0<br />
Free PE 0<br />
Allocated PE 0<br />
PV UUID JY247T-Xmb6-iQT5-FlFC-KZgx-CIH0-bVKnbL<br />
"/dev/dasdf1" is a new physical volume of "1.15 GiB"<br />
--- NEW Physical volume ---<br />
PV Name /dev/dasdf1<br />
VG Name<br />
PV Size 1.15 GiB<br />
Allocatable NO<br />
PE Size 0<br />
Total PE 0<br />
Free PE 0<br />
Allocated PE 0<br />
PV UUID 3LciEw-cMM7-tiEM-QEQW-B7Fa-2aoW-thOZ0r<br />
Creating a single volume group<br />
<strong>The</strong> vgcreate command can be used to create a volume group named homevg from the two<br />
partitions. Use the vgdisplay homevg command to verify the volume group was created:<br />
# vgcreate homevg /dev/dasde1 /dev/dasdf1<br />
Volume group "homevg" successfully created<br />
# vgdisplay homevg<br />
--- Volume group ---<br />
VG Name homevg<br />
System ID<br />
Format lvm2<br />
Metadata Areas 2<br />
Metadata Sequence No 1<br />
VG Access read/write<br />
VG Status resizable<br />
MAX LV 0<br />
Cur LV 0<br />
Open LV 0<br />
Max PV 0<br />
Cur PV 2<br />
Act PV 2<br />
VG Size 2.29 GiB<br />
PE Size 4.00 MiB<br />
Total PE 586<br />
Alloc PE / Size 0 / 0<br />
Free PE / Size 586 / 2.29 GiB<br />
VG UUID 9HPTso-Amw3-70HQ-3ofl-AszO-1aeo-dFvB7z<br />
Chapter 13. Miscellaneous recipes 195
In this example, there are 586 free physical extents.<br />
Creating a single logical volume<br />
<strong>The</strong> lvcreate command is used to create a logical volume. <strong>The</strong> -l flag specifies to use all<br />
free extents, 586 in this example. <strong>The</strong> -n homelv specifies the name of the new logical<br />
volume. <strong>The</strong> last argument homevg specifies the name of the volume group from which the<br />
logical volume will be created.<br />
# lvcreate -l 586 -n homelv homevg<br />
Logical volume "homelv" created<br />
Use the lvdisplay command to verify. <strong>The</strong> parameter is the full path of the logical volume,<br />
not just the logical volume name:<br />
# lvdisplay /dev/homevg/homelv<br />
--- Logical volume ---<br />
LV Name /dev/homevg/homelv<br />
VG Name homevg<br />
LV UUID BvXj0n-vA8D-yMY0-Ydex-bF2y-Gfeg-1pyr4O<br />
LV Write Access read/write<br />
LV Status available<br />
# open 0<br />
LV Size 2.29 GiB<br />
Current LE 586<br />
Segments 2<br />
Allocation inherit<br />
Read ahead sectors auto<br />
- currently set to <strong>10</strong>24<br />
Block device 253:4<br />
Making a file system from the logical volume<br />
Now you have a logical volume. Create an ext4 file system out of it using the mkfs.ext4<br />
command:<br />
# mkfs.ext4 /dev/homevg/homelv<br />
mke2fs 1.41.12 (17-May-20<strong>10</strong>)<br />
Filesystem label=<br />
OS type: Linux<br />
Block size=4096 (log=2)<br />
Fragment size=4096 (log=2)<br />
Stride=1 blocks, Stripe width=0 blocks<br />
150176 inodes, 600064 blocks<br />
30003 blocks (5.00%) reserved <strong>for</strong> the super user<br />
First data block=0<br />
Maximum filesystem blocks=616562688<br />
19 block groups<br />
32768 blocks per group, 32768 fragments per group<br />
7904 inodes per group<br />
Superblock backups stored on blocks:<br />
32768, 98304, 163840, 229376, 294912<br />
Writing inode tables: done<br />
Creating journal (16384 blocks): done<br />
Writing superblocks and filesystem accounting in<strong>for</strong>mation: done<br />
This filesystem will be automatically checked every 25 mounts or<br />
180 days, whichever comes first. Use tune2fs -c or -i to override.<br />
<strong>The</strong> file system created from the logical volume is now ready to be mounted.<br />
196 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
13.2.2 Updating the file system table<br />
You could now mount the file system manually. However if you add the mount to the file<br />
system table file, /etc/fstab, you can effectively test the change by using the mount<br />
command with only one argument. Make a backup copy then add the following line to the file:<br />
# cd /etc<br />
# cp fstab fstab.works<br />
# vi fstab<br />
#<br />
# /etc/fstab<br />
# Created by anaconda on Tue Oct 19 15:52:06 20<strong>10</strong><br />
#<br />
# Accessible filesystems, by reference, are maintained under '/dev/disk'<br />
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) <strong>for</strong> more info<br />
#<br />
/dev/disk/by-path/ccw-0.0.0<strong>10</strong>0-part1 / ext4 defaults 1 1<br />
/dev/mapper/system_vg-opt_lv /opt ext4 defaults 1 2<br />
/dev/mapper/system_vg-tmp_lv /tmp ext4 defaults 1 2<br />
/dev/mapper/system_vg-usr_lv /usr ext4 defaults 1 2<br />
/dev/mapper/system_vg-var_lv /var ext4 defaults 1 2<br />
/dev/disk/by-path/ccw-0.0.0300-part1 swap swap defaults 0 0<br />
/dev/disk/by-path/ccw-0.0.0301-part1 swap swap defaults 0 0<br />
/dev/disk/by-path/ccw-0.0.0<strong>10</strong>0-part2 swap swap defaults 0 0<br />
/dev/homevg/homelv /home ext4 defaults 0 0<br />
tmpfs /dev/shm tmpfs defaults 0 0<br />
devpts /dev/pts devpts gid=5,mode=620 0 0<br />
sysfs /sys sysfs defaults 0 0<br />
proc /proc proc defaults 0 0<br />
Be<strong>for</strong>e mounting over /home/, you may want to check that it is empty. If a non-root user exists<br />
and a new file system is mounted over it, the contents of the directory will be covered. In this<br />
example there is no data in the file system.<br />
# ls -a /home<br />
. ..<br />
Mount the /home/ file system with one argument. By using just one argument, you are testing<br />
the change to /etc/fstab. Use the df -h command to verify that it is mounted:<br />
# mount /home<br />
# df -h<br />
Filesystem Size Used Avail Use% Mounted on<br />
/dev/dasda1 504M 148M 331M 31% /<br />
tmpfs 121M 0 121M 0% /dev/shm<br />
/dev/mapper/system_vg-opt_lv<br />
372M 17M 337M 5% /opt<br />
/dev/mapper/system_vg-tmp_lv<br />
372M 17M 337M 5% /tmp<br />
/dev/mapper/system_vg-usr_lv<br />
1.5G 1.1G 366M 75% /usr<br />
/dev/mapper/system_vg-var_lv<br />
372M 93M 261M 27% /var<br />
/dev/mapper/homevg-homelv<br />
2.3G 68M 2.1G 4% /home<br />
You may want to test a reboot to verify the new logical volume is successfully mounted over<br />
/home/.<br />
Chapter 13. Miscellaneous recipes 197
# reboot<br />
Broadcast message from root (pts/0) (Thu Sep 2 15:08:07 20<strong>10</strong>):<br />
<strong>The</strong> system is going down <strong>for</strong> reboot NOW!<br />
13.3 Extending an existing logical volume<br />
This section describes the process of adding a new minidisk to an existing L<strong>VM</strong>. This is useful<br />
when your logical volume has run out of space.<br />
First, repeat the steps as described in 13.1, “Adding DASD” on page 191 to add a new<br />
minidisk. In this example, a minidisk at virtual address <strong>10</strong>4 is added of size 3338 cylinders.<br />
Don’t <strong>for</strong>get to logoff and log back on to LINUX02 so the new directory entry is read.<br />
When your system comes back, enable the new <strong>10</strong>4 disk, dasdfmt it and create a signle<br />
partition:<br />
# chccwdev -e <strong>10</strong>4<br />
Setting device 0.0.0<strong>10</strong>4 online<br />
Done<br />
# lsdasd<br />
Bus-ID Status Name Device Type BlkSz Size Blocks<br />
==============================================================================<br />
0.0.0<strong>10</strong>0 active dasda 94:0 ECKD 4096 2347MB 600840<br />
0.0.0<strong>10</strong>1 active dasdb 94:4 ECKD 4096 2347MB 600840<br />
0.0.0300 active dasdc 94:8 FBA 512 256MB 524288<br />
0.0.0301 active dasdd 94:12 FBA 512 512MB <strong>10</strong>48576<br />
0.0.0<strong>10</strong>2 active dasde 94:16 ECKD 4096 1173MB 300420<br />
0.0.0<strong>10</strong>3 active dasdf 94:20 ECKD 4096 1173MB 300420<br />
0.0.0<strong>10</strong>4 active dasdg 94:24 ECKD 4096 2347MB 600840<br />
# dasdfmt -b 4096 -y -f /dev/dasdg<br />
Finished <strong>for</strong>matting the device.<br />
Rereading the partition table... ok<br />
# fdasd -a /dev/dasdg<br />
reading volume label ..: VOL1<br />
reading vtoc ..........: ok<br />
auto-creating one partition <strong>for</strong> the whole disk...<br />
writing volume label...<br />
writing VTOC...<br />
rereading partition table...<br />
Creating a physical volume<br />
Use the pvcreate command to create a physical volume from the minidisk:<br />
# pvcreate /dev/dasdg1<br />
Physical volume "/dev/dasdg1" successfully created<br />
Extending the volume group<br />
Use the vgextend command to extend the volume group into the new physical volume. <strong>The</strong>n,<br />
use vgdisplay to verify that the volume group has free space.<br />
# vgdisplay homevg<br />
--- Volume group ---<br />
VG Name homevg<br />
System ID<br />
Format lvm2<br />
198 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Metadata Areas 2<br />
Metadata Sequence No 2<br />
VG Access read/write<br />
VG Status resizable<br />
MAX LV 0<br />
Cur LV 1<br />
Open LV 1<br />
Max PV 0<br />
Cur PV 2<br />
Act PV 2<br />
VG Size 2.29 GiB<br />
PE Size 4.00 MiB<br />
Total PE 586<br />
Alloc PE / Size 586 / 2.29 GiB<br />
Free PE / Size 0 / 0<br />
VG UUID 9HPTso-Amw3-70HQ-3ofl-AszO-1aeo-dFvB7z<br />
# vgextend homevg /dev/dasdg1<br />
Volume group "homevg" successfully extended<br />
# vgdisplay homevg<br />
--- Volume group ---<br />
VG Name homevg<br />
System ID<br />
Format lvm2<br />
Metadata Areas 3<br />
Metadata Sequence No 3<br />
VG Access read/write<br />
VG Status resizable<br />
MAX LV 0<br />
Cur LV 1<br />
Open LV 1<br />
Max PV 0<br />
Cur PV 3<br />
Act PV 3<br />
VG Size 4.58 GiB<br />
PE Size 4.00 MiB<br />
Total PE 1172<br />
Alloc PE / Size 586 / 2.29 GiB<br />
Free PE / Size 586 / 2.29 GiB<br />
VG UUID 9HPTso-Amw3-70HQ-3ofl-AszO-1aeo-dFvB7z<br />
Note there are 586 new free physical extents (PEs).<br />
Extend the logical volume and the file system<br />
Now that you have free space in the volume group, you can increase the size of the existing<br />
logical volume with the lvextend command. <strong>The</strong> -l option specifies the number extents to<br />
add. Finally, use the ext2online command to increase the size of the file system while it is<br />
still mounted.<br />
You can use the df command to show the file system size be<strong>for</strong>e and after you extend it as<br />
the following example shows:<br />
# df -h /home<br />
/dev/mapper/homevg-homelv<br />
2.3G 68M 2.1G 4% /home<br />
# lvextend -l +586 /dev/homevg/homelv<br />
Extending logical volume homelv to 4.58 GB<br />
Logical volume homelv successfully resized<br />
# resize2fs /dev/homevg/homelv<br />
resize2fs 1.41.12 (17-May-20<strong>10</strong>)<br />
Filesystem at /dev/homevg/homelv is mounted on /home; on-line resizing required<br />
Chapter 13. Miscellaneous recipes 199
old desc_blocks = 1, new_desc_blocks = 1<br />
Per<strong>for</strong>ming an on-line resize of /dev/homevg/homelv to 1200128 (4k) blocks.<br />
<strong>The</strong> filesystem on /dev/homevg/homelv is now 1200128 blocks long.<br />
Use the df -h command to show that the file system is now 2.3 GB larger:<br />
# df -h /home<br />
Filesystem Size Used Avail Use% Mounted on<br />
/dev/mapper/homevg-homelv<br />
4.6G 69M 4.3G 2% /home<br />
13.4 Adding SCSI/FCP disks<br />
This book has only described ECKD disks, also known as DASD. In addition, z/<strong>VM</strong> and Linux<br />
support SCSI/FCP disks.<br />
<strong>The</strong> Fibre Channel (FC) standard was developed by the National Committee of In<strong>for</strong>mation<br />
Technology Standards (NCITS). <strong>The</strong> System z FCP I/O architecture con<strong>for</strong>ms to these<br />
standards. System z FCP support enables z/<strong>VM</strong> and Linux running on System z to access<br />
industry-standard SCSI devices. For disk applications, these FCP storage devices utilize<br />
Fixed Block (512-byte) sectors rather than Extended Count Key Data (ECKD) <strong>for</strong>mat. A<br />
new channel-path identifier (CHPID) type has been defined called FCP. <strong>The</strong> FCP CHPID type is<br />
supported on the FICON and FICON Express features of all System z processors.<br />
This is only a brief introduction to SCSI/FCP disks and multipathing. For more complete<br />
documentation, see the Redbook Fibre Channel Protocol <strong>for</strong> Linux and z/<strong>VM</strong> on <strong>IBM</strong> System<br />
z on the Web at:<br />
http://www.redbooks.ibm.com/abstracts/sg247266.html?Open<br />
In addition, see the Redbook Introducing N_Port Identifier <strong>Virtualization</strong> <strong>for</strong> <strong>IBM</strong> System z9,<br />
on the Web at:<br />
13.4.1 Adding a single LUN<br />
http://www.redbooks.ibm.com/abstracts/redp4125.html?Open<br />
You can determine if your LPAR has these types of disks defined with the z/<strong>VM</strong> QUERY FCP<br />
and QUERY FCP FREE commands. Following is an example from a MAINT 3270 session:<br />
==> q fcp<br />
An active FCP was not found.<br />
==> q fcp free<br />
FCP 1F20 FREE , FCP 1F21 FREE , FCP 1F50 FREE , FCP 1F51 FREE<br />
FCP 3B00 FREE , FCP 3B01 FREE , FCP 3B02 FREE , FCP 3B03 FREE<br />
FCP 3B04 FREE , FCP 3B05 FREE , FCP 3B06 FREE , FCP 3B07 FREE<br />
FCP 3B08 FREE , FCP 3B09 FREE , FCP 3B0A FREE , FCP 3B0B FREE<br />
FCP 3B0C FREE , FCP 3B0D FREE , FCP 3B0E FREE , FCP 3B0F FREE<br />
FCP 3B<strong>10</strong> FREE , FCP 3B11 FREE , FCP 3B12 FREE , FCP 3B13 FREE<br />
FCP 3B14 FREE , FCP 3B15 FREE , FCP 3B16 FREE , FCP 3B17 FREE<br />
...<br />
<strong>The</strong> output shows that LPAR has many FCP devices free, but none of them are in use.<br />
Associated with FCP devices are World Wide Port Numbers (WWPNs) and Logical Unit<br />
Numbers (LUNs). Often, this in<strong>for</strong>mation may be available as part of the LPAR definition.<br />
However, you may not have this in<strong>for</strong>mation handy. If you do not have this in<strong>for</strong>mation, it can<br />
be queried on RHEL 6. In the following section an FCP/SCSI disk is attached to LINUX02.<br />
200 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Per<strong>for</strong>m the following steps:<br />
► Start an SSH session as root to LINUX02.<br />
► Verify that the zfcp module is loaded with the following command:<br />
# lsmod | grep zfcp<br />
zfcp 144433 0 [permanent]<br />
scsi_transport_fc 68240 1 zfcp<br />
scsi_mod 296490 3 zfcp,scsi_transport_fc,scsi_tgt<br />
qdio 61977 3 zfcp,qeth_l3,qeth<br />
► Change directory to /sys/bus/ccw/drivers/ and list the contents:<br />
# cd /sys/bus/ccw/drivers<br />
# ls -F<br />
3215/ 3270/ dasd-eckd/ dasd-fba/ qeth/ vmur/<br />
Note that there is no directory named zfcp/.<br />
► Go back to the MAINT 3270 session and attach an FCP device to LINUX02 with the ATTACH<br />
command:<br />
==> att 3b16 linux02<br />
FCP 3B16 ATTACHED TO LINUX02 3B16<br />
► Return the the Linux SSH session and list the contents of the directory again. This time<br />
you should see a new directory zfcp/:<br />
# ls -F<br />
3215/ 3270/ dasd-eckd/ dasd-fba/ qeth/ vmur/ zfcp/<br />
► Change into that directory and list the contents:<br />
# cd zfcp<br />
# ls -F<br />
0.0.3b16@ bind module@ uevent unbind<br />
► Note that a symbolic link (identified by the trailing ampersand, @, after the file name in<br />
conjunction the the -F flag of ls) to a new directory 0.0.3b16 . Change into that directory<br />
and list the contents<br />
# ls -F<br />
availability cutype driver@ online subsystem@<br />
cmb_enable devtype modalias power/ uevent<br />
► Type the contents of the online file:<br />
# cat online<br />
0<br />
A value of 0 shows that the device is offline.<br />
► Echo a 1 into the file and it will be put online (you could also use the chccwdev -e<br />
command):<br />
# echo 1 > online<br />
# cat online<br />
1<br />
► List the contents of the directory again. You should see that many entries were added<br />
after the device was put online. <strong>The</strong> four entries in bold are the WWPNs available from<br />
this FCP device.<br />
# ls -F<br />
0x5005076306138411/ cmb_enable host0/ peer_wwnn subsystem@<br />
0x500507630613c411/ cutype in_recovery peer_wwpn uevent<br />
0x500507630a<strong>10</strong>016c/ devtype lic_version port_remove<br />
0x500507630a13016c/ driver@ modalias port_rescan<br />
availability failed online power/<br />
Chapter 13. Miscellaneous recipes 201
card_version hardware_version peer_d_id status<br />
► <strong>The</strong> lsluns command will show all of the available LUNs from a single WWPN. In the<br />
following example, the first WWPN is used<br />
# lsluns -p 0x5005076306138411<br />
Scanning <strong>for</strong> LUNs on adapter 0.0.3b16<br />
at port 0x5005076306138411:<br />
0x40<strong>10</strong>400000000000<br />
0x40<strong>10</strong>400<strong>10</strong>0000000<br />
0x40<strong>10</strong>400200000000<br />
...<br />
► Bring a LUN online. In this example, the next free LUN is 4014402600000000. Change<br />
directory into the first WWPN and list the contents:<br />
# cd 0x5005076306138411<br />
# ls<br />
access_denied in_recovery status unit_add<br />
failed power uevent unit_remove<br />
► <strong>The</strong> output shows that there is no active LUN under this WWPN. Bring the LUN online by<br />
echoing the value into the file unit_add and list the contents of the directory:<br />
# echo 0x4014402600000000 > unit_add<br />
# ls -F<br />
0x000e4313f0f55a00/ failed power/ uevent unit_remove<br />
access_denied in_recovery status unit_add<br />
► Note that a new directory with the LUN value is created.<br />
# lszfcp -D<br />
0.0.0<strong>10</strong>a/0x500507630503c73d/0x4020400800000000 0:0:0:<strong>10</strong>74282528<br />
# cat /proc/scsi/scsi<br />
Attached devices:<br />
Host: scsi0 Channel: 00 Id: 00 Lun: <strong>10</strong>74282528<br />
Vendor: <strong>IBM</strong> Model: 2<strong>10</strong>7900 Rev: .3<strong>10</strong><br />
Type: Direct-Access ANSI SCSI revision: 05<br />
► Now a /dev/sda exists, check that there are no partitions<br />
# fdisk -l /dev/sda<br />
Disk /dev/sda: 8589 MB, 8589934592 bytes<br />
64 heads, 32 sectors/track, 8192 cylinders<br />
Units = cylinders of 2048 * 512 = <strong>10</strong>48576 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disk identifier: 0x00000000<br />
Device Boot Start End Blocks Id System<br />
► Create a partition with the fdisk command:<br />
# fdisk /dev/sda<br />
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to<br />
switch off the mode (command 'c') and change display units to<br />
sectors (command 'u').<br />
Command (m <strong>for</strong> help): n<br />
Command action<br />
e extended<br />
p primary partition (1-4)<br />
p<br />
202 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Partition number (1-4): 1<br />
First cylinder (1-8192, default 1):<br />
Using default value 1<br />
Last cylinder, +cylinders or +size{K,M,G} (1-8192, default 8192):<br />
Using default value 8192<br />
Command (m <strong>for</strong> help): w<br />
<strong>The</strong> partition table has been altered!<br />
Calling ioctl() to re-read partition table.<br />
Syncing disks.<br />
► Create an ext4 file system with the mkfs.ext4 command:<br />
# mkfs.ext4 /dev/sda1<br />
mke2fs 1.41.12 (17-May-20<strong>10</strong>)<br />
Filesystem label=<br />
OS type: Linux<br />
...<br />
► You should now be able to mount it and see the size:<br />
# mount /dev/sda1 /mnt<br />
# df -h /mnt<br />
Filesystem Size Used Avail Use% Mounted on<br />
/dev/sda1 7.9G 146M 7.4G 2% /mnt<br />
► Create a test file:<br />
# echo “this is the file foo” > /mnt/foo<br />
# umount /mnt<br />
13.4.2 Configuring multipath<br />
It is a best practice to set up multipathing <strong>for</strong> better availability. Per<strong>for</strong>m the following steps:<br />
► Create a second WWPN<br />
# cd /sys/bus/ccw/drivers/zfcp/0.0.0<strong>10</strong>a<br />
# ls<br />
availability cutype driver online subsystem<br />
cmb_enable devtype modalias power uevent<br />
# echo 1 > online<br />
► Note the second WWPN. In this example it is 0x500507630503c73d:<br />
# ls<br />
0x500507630503c73d devtype in_recovery peer_wwnn status<br />
availability driver lic_version peer_wwpn subsystem<br />
card_version failed modalias port_remove uevent<br />
cmb_enable hardware_version online port_rescan<br />
cutype host2 peer_d_id power<br />
# cd 0x500507630503c73d<br />
► Echo the same LUN into the file unit_add This will enable the same LUN, but from a<br />
different WWPN.<br />
# cd /sys/bus/ccw/drivers/zfcp/0.0.0<strong>10</strong>a<br />
# ls<br />
0x500507630513c73d devtype in_recovery peer_wwnn status<br />
availability driver lic_version peer_wwpn subsystem<br />
card_version failed modalias port_remove uevent<br />
cmb_enable hardware_version online port_rescan<br />
cutype host1 peer_d_id power<br />
# cd 0x500507630513c73d/<br />
Chapter 13. Miscellaneous recipes 203
# ls<br />
access_denied in_recovery status unit_add<br />
failed power uevent unit_remove<br />
# echo 0x4020400800000000 > unit_add<br />
# cat /proc/scsi/scsi<br />
Attached devices:<br />
Host: scsi0 Channel: 00 Id: 00 Lun: <strong>10</strong>74282528<br />
Vendor: <strong>IBM</strong> Model: 2<strong>10</strong>7900 Rev: .3<strong>10</strong><br />
Type: Direct-Access ANSI SCSI revision: 05<br />
Host: scsi1 Channel: 00 Id: 00 Lun: <strong>10</strong>74282528<br />
Vendor: <strong>IBM</strong> Model: 2<strong>10</strong>7900 Rev: .3<strong>10</strong><br />
Type: Direct-Access ANSI SCSI revision: 05<br />
► At this point the system thinks there are two LUNs, but actually there are two paths to the<br />
same LUN.<br />
► Install the device-mapper-multipath RPM:<br />
# yum -y install device-mapper-multipath<br />
...<br />
► Create a file /etc/multipath.conf:<br />
# cd /etc<br />
# vi multipath.conf<br />
defaults {<br />
user_friendly_names yes<br />
}<br />
► Turn the multipath service on <strong>for</strong> this session and across reboots:<br />
# service multipathd start<br />
Starting multipathd daemon: [ OK ]<br />
# chkconfig multipathd on<br />
# multipath -ll<br />
mpatha (36005076305ffc73d0000000000002008) dm-4 <strong>IBM</strong>,2<strong>10</strong>7900<br />
size=8.0G features='1 queue_if_no_path' hwhandler='0' wp=rw<br />
`-+- policy='round-robin 0' prio=1 status=active<br />
|- 0:0:0:<strong>10</strong>74282528 sda 8:0 active ready running<br />
`- 1:0:0:<strong>10</strong>74282528 sdb 8:16 active ready running<br />
► Add an entry to /etc/multipath.conf using the mpatha value (WWID)<br />
defaults {<br />
user_friendly_names yes<br />
}<br />
# create a friendly name - test_lun<br />
multipaths {<br />
multipath {<br />
wwid 36005076305ffc73d0000000000002008<br />
alias test_lun<br />
no_path_retry 5<br />
}<br />
}<br />
► Restart the multipath service and verify that the new test_lun friendly name has been<br />
added:<br />
]# service multipathd restart<br />
Stopping multipathd daemon: [ OK ]<br />
Starting multipathd daemon: [ OK ]<br />
[root@train4 etc]# ls /dev/mapper<br />
control system_vg-tmp_lv system_vg-var_lv test_lunp1<br />
system_vg-opt_lv system_vg-usr_lv test_lun<br />
204 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Mount the multipathed LUN with the new name and see that the test file exists:<br />
# mount /dev/mapper/test_lunp1 /mnt<br />
# ls /mnt<br />
foo lost+found<br />
13.4.3 Making the changes persistent<br />
In order to make the changes persistent, two steps must be per<strong>for</strong>med:<br />
1. Put the FCP device in the virtual machines user directory entry.<br />
2. Put the WWPN and LUN into a Linux configuration file.<br />
Per<strong>for</strong>m the following steps:<br />
► Add a DEDICATE statement to virtualize A000 (which is the FCP device) as virtual device<br />
200:<br />
USER LINUX02 LINUX02 256M 1G G<br />
INCLUDE LNXDFLT<br />
OPTION APPLMON<br />
DEDICATE 0200 A000<br />
MDISK <strong>10</strong>0 3390 0001 3338 MM3F06 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 0001 3338 MM3F07 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
► Run DIRECTXA to bring the change online.<br />
► Create the file /etc/zfcp.conf. As a shortcut, you can use the output of lszfcp -D<br />
# cd /etc<br />
# lszfcp -D > zfcp.conf<br />
# vi zfcp.conf<br />
0.0.0<strong>10</strong>a 0x500507630503c73d 0x4020400800000000<br />
0.0.0<strong>10</strong>b 0x500507630513c73d 0x4020400800000000<br />
13.5 Rescuing a Linux system<br />
This section describes how to boot your Linux server into different modes <strong>for</strong> troubleshooting<br />
purposes. It covers booting Linux into single user mode, and also entering a rescue<br />
environment when you require more advanced troubleshooting.<br />
13.5.1 Entering single user mode<br />
Single user mode is helpful when you need to recover the root password, or if you are having<br />
problems while booting Linux into the default runlevel. To enter single user mode, first IPL<br />
your Linux server from the 3270 console. You will see a message similar to:<br />
zIPL v1.8.2-28.el6 interactive boot menu<br />
0. default (linux)<br />
1. linux<br />
Note: <strong>VM</strong> users please use '#cp vi vmsg '<br />
Please choose (default will boot in 5 seconds):<br />
You can use the #cp vi vmsg command to boot the desired menu option (zero in this<br />
example), followed by the number one <strong>for</strong> single user mode:<br />
Chapter 13. Miscellaneous recipes 205
==> #cp vi vmsg 0 1<br />
In single user mode, you are logged in as the root user. You can use the passwd command to<br />
set the root password. All of the file systems in /etc/fstab are mounted, but networking has<br />
not been started. To exit single user mode, you can type reboot, or enter init 3 to continue<br />
booting normally.<br />
13.5.2 Entering a rescue environment<br />
If you encounter errors mounting the root file system, or have other problems that prevent you<br />
from entering single user mode, you can enter a rescue environment. This environment loads<br />
a Linux image in memory, and does not attempt to mount the root file system.<br />
To enter a rescue environment, initiate an interactive Linux installation. Per<strong>for</strong>m the following<br />
steps to enter a rescue environment on the LINUX023 user ID:<br />
► Logon to LNXMAINT. Copy the RHEL6 EXEC file to a new file named RESCUE EXEC, and copy<br />
the user’s PARM-RH6 file to a new file (LINUX02 RESCUE in this example):<br />
==> copy rhel6 exec d rescue = =<br />
==> copy linux02 parm-rh6 d = rescue =<br />
► Edit RESCUE EXEC to point to the new RESCUE file:<br />
==> x rescue exec<br />
/* EXEC to punch a RHEL 6 install system to reader and IPL from it */<br />
Address 'COMMAND'<br />
'CP SPOOL PUN *'<br />
'CP CLOSE RDR'<br />
'CP PURGE RDR ALL'<br />
'PUNCH RHEL6 KERNEL * (NOHEADER'<br />
'PUNCH' Userid() 'RESCUE * (NOHEADER'<br />
'PUNCH RHEL6 INITRD * (NOHEADER'<br />
'CP CHANGE RDR ALL KEEP'<br />
'CP IPL 00C CLEAR'<br />
► Edit the LINUX02 RESCUE file, replacing any kickstart or VNC lines with the rescue<br />
command line option:<br />
==> x linux02 rescue d<br />
root=/dev/ram0 ro ip=off ramdisk_size=40000<br />
CMSDASD=191 CMSCONFFILE=LINUX02.CONF-RH6<br />
rescue<br />
► Logoff of LNXMAINT<br />
► Logon to LINUX02 and answer no to IPL from <strong>10</strong>0 question.<br />
► Increase the memory to 1 GB:<br />
==> def stor 1g<br />
00: STORAGE = 1G<br />
00: Storage cleared - system reset.<br />
► uIPL CMS and again answer no to IPL from <strong>10</strong>0 question.<br />
==> ipl cms<br />
z/<strong>VM</strong> V6.1.0 20<strong>10</strong>-09-23 11:31<br />
DMSACP723I A (191) R/O<br />
DMSACP723I C (592) R/O<br />
DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space)<br />
DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space)<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
206 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
n<br />
► Run the RESCUE EXEC.<br />
==> rescue<br />
NO FILES PURGED<br />
RDR FILE 0001 SENT FROM LINUX02 PUN WAS 0001 RECS <strong>10</strong>0K CPY 001 A NOHOLD NOKEEP<br />
RDR FILE 0002 SENT FROM LINUX02 PUN WAS 0002 RECS 0003 CPY 001 A NOHOLD NOKEEP<br />
RDR FILE 0003 SENT FROM LINUX02 PUN WAS 0003 RECS 296K CPY 001 A NOHOLD NOKEEP<br />
0000003 FILES CHANGED<br />
0000003 FILES CHANGED<br />
Initializing cgroup subsys cpuset<br />
Initializing cgroup subsys cpu<br />
Linux version 2.6.32-71.el6.s390x (mockbuild@s390-004.build.bos.redhat.com) (gcc<br />
version 4.4.4 20<strong>10</strong>0726 (Red Hat 4.4.4-13) (GCC) ) #1 SMP Wed Sep 1 01:38:33 EDT<br />
20<strong>10</strong><br />
...<br />
Kernel command line: root=/dev/ram0 ro ip=off ramdisk_size=40000<br />
CMSDASD=191 CMSCONFFILE=LINUX02.CONF-RH6<br />
rescue<br />
...<br />
Starting sshd to allow login over the network.<br />
Connect now to 9.60.18.225 and log in as user install to start the installation.<br />
E.g. using: ssh -x install@9.60.18.225<br />
<strong>The</strong> install process directs you to telnet or SSH to the IP address of your Linux server to<br />
begin the first stage of the installation.<br />
► Use SSH to connect to the IP address and log in as install.<br />
► Choose your language<br />
► <strong>The</strong> rescue environment will prompt you <strong>for</strong> the location of the rescue image, which is<br />
located in the install tree on the cloner. Choose NFS directory, then enter the IP address<br />
of the cloner and the path /nfs/rhel5.<br />
+------------------------------¦ NFS Setup +------------------------------+<br />
¦ ¦<br />
¦ Please enter the server and NFSv3 path to your Red Hat Enterprise Linux ¦<br />
¦ installation image and optionally additional NFS mount options. ¦<br />
¦ ¦<br />
¦ NFS server name: 9.60.18.223_____________ ¦<br />
¦ Red Hat Enterprise Linux directory: /nfs/rhel6______________ ¦<br />
► <strong>The</strong> Rescue window appears. Choose Continue. <strong>The</strong> rescue image will search <strong>for</strong> your<br />
Linux installation.<br />
► Hopefully it will prompt you to mount the partitions it finds.<br />
+--------------¦ Rescue +---------------+<br />
¦ ¦<br />
¦ Your system has been mounted under ¦<br />
¦ /mnt/sysimage. ¦<br />
¦ ¦<br />
¦ Press to get a shell. If you ¦<br />
¦ would like to make your system the ¦<br />
¦ root environment, run the command: ¦<br />
¦ ¦<br />
¦ chroot /mnt/sysimage ¦<br />
¦ ¦<br />
¦ <strong>The</strong> system will reboot automatically ¦<br />
¦ when you exit from the shell. ¦<br />
Chapter 13. Miscellaneous recipes 207
Note: if the rescue image cannot find your partition, you can try to mount it yourself with<br />
the mount command. For example:<br />
# mount /dev/dasda1 /mnt/runtime/<br />
# ls /mnt/runtime/<br />
bin home media root sys<br />
boot lib mnt sbin tmp<br />
dev lib64 opt selinux usr<br />
etc lost+found proc srv var<br />
3. Type exit to leave the shell and exit rescue mode.<br />
13.6 Setting up Memory Hotplugging<br />
Linux Memory Hotplug allows the amount of memory in a Linux system to be increased or<br />
decreased without a reboot. You must first have standby memory defined to the virtual<br />
machine in which Linux is running. You can issue the CP DEFINE STORAGE command to<br />
configure standby memory (storage). RHEL 6 Linux can then exploit the standby memory<br />
using the Service Call (SERVC) instruction.<br />
To set up standby storage <strong>for</strong> Linux memory hotplug, using LINUX01 as the virtual machine,<br />
per<strong>for</strong>m the following steps.<br />
► Modify the LINUX01 directory entry by adding a COMMAND statement. This will give the virtual<br />
machine an additional 768 MB of standby memory:<br />
USER LINUX01 LNX4<strong>VM</strong> 256M 1G G<br />
INCLUDE LNXDFLT<br />
COMMAND DEFINE STORAGE 256M STANDBY 768M<br />
OPTION APPLMON<br />
MDISK <strong>10</strong>0 3390 3339 3338 UM63A9 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
MDISK <strong>10</strong>1 3390 6677 3338 UM63A9 MR LNX4<strong>VM</strong> LNX4<strong>VM</strong> LNX4<strong>VM</strong><br />
► You could run the DISKMAP USER command to reivew the minidisk allocation, but because<br />
you did not change anything to do with disks, it is probably not necessary. Run the<br />
DIRECTXA command to bring the change online:<br />
==> directxa user<br />
z/<strong>VM</strong> USER DIRECTORY CREATION PROGRAM - VERSION 6 RELEASE 1.0<br />
EOJ DIRECTORY UPDATED AND ON LINE<br />
HCPDIR494I User directory occupies 45 disk pages<br />
► Shutdown the Linux system running on LINUX01. This can be done a number of ways, but<br />
because you are logged onto MAINT, it can be accomplished with the SIGNAL SHUTDOWN<br />
command:<br />
==> signal shutdown linux01<br />
► Within about 30 seconds, you should see notification that the system went down cleanly<br />
and the virtual machine was logged off:<br />
HCPSIG2113I User LINUX01 has reported successful termination<br />
USER DSC LOGOFF AS LINUX01 USERS = 16 AFTER SIGNAL<br />
► Logon to LINUX01. You should see the standby memory reported:<br />
LOGON LINUX01<br />
00: NIC 0600 is created; devices 0600-0602 defined<br />
00: z/<strong>VM</strong> Version 6 Release 1.0, Service Level 0901 (64-bit),<br />
00: built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
00: <strong>The</strong>re is no logmsg data<br />
00: FILES: 0003 RDR, NO PRT, NO PUN<br />
00: LOGON AT 11:47:27 EDT MONDAY 09/13/<strong>10</strong><br />
208 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
00: STORAGE = 256M MAX = 1G INC = 1M STANDBY = 768M RESERVED = 0<br />
00: Storage cleared - system reset.<br />
► Answer yes to boot Linux:<br />
DMSACP723I A (191) R/O<br />
DMSACP723I C (592) R/O<br />
DIAG swap disk defined at virtual address 300 (64989 4K pages of swap space)<br />
DIAG swap disk defined at virtual address 301 (129981 4K pages of swap space)<br />
Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n<br />
y<br />
...<br />
► Start an SSH session as root and view the memory in the /sys/ file system. Change<br />
directory to /sys/devices/system/memory/ and list the files:<br />
# cd /sys/devices/system/memory<br />
# ls<br />
block_size_bytes memory0 memory1 memory2 memory3<br />
► Type the block_size_bytes file with the cat command:<br />
# cat block_size_bytes<br />
<strong>10</strong>000000<br />
This number is the number of bytes in hexadecimal. <strong>10</strong>000000 in hex is 256 M in decimal.<br />
So the block size is 256 MB and there are four blocks: memory0-memory3, which are<br />
represented as directories. Each of the memory blocks has a state, which is represented<br />
as a file.<br />
► Show the state of each memory block with the following command:<br />
# cat memory*/state<br />
online<br />
offline<br />
offline<br />
offline<br />
This shows that the first 256 MB is online and the next three blocks are offline.<br />
► You can also show in<strong>for</strong>mation about memory with the free -m command:<br />
# free -m<br />
total used free shared buffers cached<br />
Mem: 241 165 75 0 18 54<br />
-/+ buffers/cache: 92 148<br />
Swap: 761 0 761<br />
This shows 241 MB<br />
► You can turn on memory by sending the string online to the state file. Turn on an<br />
additional 512 MB of memory with the following commands:<br />
# echo online > memory1/state<br />
# echo online > memory2/state<br />
► Show that the memory is now online:<br />
# cat memory*/state<br />
online<br />
online<br />
online<br />
offline<br />
► Again, confirm with the free -m command:<br />
# free -m<br />
total used free shared buffers cached<br />
Mem: 753 170 582 0 18 54<br />
Chapter 13. Miscellaneous recipes 209
-/+ buffers/cache: 98 654<br />
Swap: 761 0 761<br />
► You can also give the memory back by echoing offline to the state file:<br />
# echo offline > memory1/state<br />
# echo offline > memory2/state<br />
► Verify the memory has be returned:<br />
# cat memory*/state<br />
online<br />
offline<br />
offline<br />
offline<br />
# free -m<br />
total used free shared buffers cached<br />
Mem: 241 165 75 0 18 54<br />
-/+ buffers/cache: 92 148<br />
Swap: 761 0 761<br />
This section has shown how to configure virtual machines with standby memory and how to<br />
“hot-plug” the memory from Linux. Each of the four Linux virtual machines, LINUX01 -<br />
LINUX04 default to 256 MB of memory and can be moved up to 1 GB. However, LINUX02 -<br />
LINUX04 require Linux to be shutdown, the CP DEFINE STORAGE command to be run and Linux<br />
to be rebooted. LINUX01 can now have memory added while Linux is running. This function<br />
can increase your server farm’s per<strong>for</strong>mance and availability.<br />
13.7 Utilizing the cpuplugd service<br />
<strong>The</strong> cpuplugd service allows Linux to enable or disable CPUs and memory, based on a set<br />
of rules. It can improve per<strong>for</strong>mance by setting the correct number of processors and amount<br />
of memory <strong>for</strong> Linux systems depending on their current load. It can also prevent the Linux<br />
scheduler from queue balancing in partial load situations.<br />
More in<strong>for</strong>mation on cpuplugd can be found in the manual Linux on System z Device Drivers,<br />
Features and Commands on Red Hat Enterprise Linux 6 on the Web at<br />
http://www.ibm.com/developerworks/linux/linux390/documentation_red_hat.html<br />
13.7.1 Determining the virtual CPUs being used<br />
To start work with cpuplugd, per<strong>for</strong>m the following steps:<br />
► Start an SSH session to a Linux and determine how many CPUs Linux has online. Write a<br />
short bash script, lscpus, to save typing:<br />
# cd /usr/local/sbin<br />
# vi lscpus<br />
#!/bin/bash<br />
# script to list the number and status of virtual CPUs<br />
<strong>for</strong> i in /sys/devices/system/cpu/cpu*<br />
do<br />
echo $i<br />
cat $i/online<br />
done<br />
► Save the file and the set it to be executable:<br />
# chmod +x lscpus<br />
2<strong>10</strong> <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Observe the status of the cpuplugd service:<br />
# service cpuplugd status<br />
cpuplugd (pid 1574) is running...<br />
<strong>The</strong> output shows that cpuplugd starts by default in the current run level.<br />
► Wait a few minutes and run the lscpus script again:<br />
# lscpus<br />
/sys/devices/system/cpu/cpu0<br />
1<br />
/sys/devices/system/cpu/cpu1<br />
0<br />
/sys/devices/system/cpu/cpu2<br />
0<br />
/sys/devices/system/cpu/cpu3<br />
0<br />
/sys/devices/system/cpu/cpu4<br />
0<br />
/sys/devices/system/cpu/cpu5<br />
0<br />
/sys/devices/system/cpu/cpu6<br />
0<br />
/sys/devices/system/cpu/cpu7<br />
0<br />
/sys/devices/system/cpu/cpu8<br />
0<br />
/sys/devices/system/cpu/cpu9<br />
0<br />
<strong>The</strong> output shows that now only one of the ten virtual CPUs are active. <strong>The</strong> cpuplugd<br />
service turned off the other 9.<br />
► <strong>The</strong> cpuplugd configuration file is /etc/sysconfig/cpuplugd. Some middleware products<br />
recommend a minimum of two virtual processors. If the majority of your Linux servers will<br />
be running a workload which recommends two processors, changed the default <strong>for</strong><br />
CPU_MIN to 2. An exception would be when only a single physical processor is available.<br />
View the non-comments and lines that are not blank in the configuration file with the<br />
following command:<br />
# cd /etc/sysconfig<br />
# egrep -v '^$|^#' cpuplugd<br />
CPU_MIN="1"<br />
CPU_MAX="0"<br />
UPDATE="<strong>10</strong>"<br />
CMM_MIN="0"<br />
CMM_MAX="8192"<br />
CMM_INC="256"<br />
HOTPLUG="(loadavg > onumcpus + 0.75) & (idle < <strong>10</strong>.0)"<br />
HOTUNPLUG="(loadavg < onumcpus - 0.25) | (idle > 50)"<br />
MEMPLUG="0"<br />
MEMUNPLUG="0"<br />
<strong>The</strong> default rules <strong>for</strong> the plugging and unplugging of CPUs in the configuration file is as<br />
follow:<br />
HOTPLUG = "(loadavg > onumcpus +0.75) & (idle < <strong>10</strong>.0)"<br />
HOTUNPLUG = "(loadavg < onumcpus -0.25) | (idle > 50)"<br />
Where the variables in the statements have the following meaning:<br />
loadavg <strong>The</strong> current average CPU load<br />
onumcpus <strong>The</strong> number of CPUs that are online<br />
runable_proc <strong>The</strong> current number of processes that can be run<br />
Chapter 13. Miscellaneous recipes 211
idle <strong>The</strong> current idle percentage<br />
<strong>The</strong>se CPU hot plugging and unplugging values will be used in the next section. In the default<br />
setup, cpuplugd will only make changes to the virtual processor configuration. <strong>The</strong> auto<br />
adaptive adjustment of the memory using the cmm feature (module) is deactivated by default<br />
and also not available when running in a native LPAR environment.<br />
13.7.2 Generating a workload to see cpuplugd work<br />
You can now generate a workload to show how the cpuplugd will turn on CPUs.<br />
Important: Running the following command will generate significant CPU use. Verify there<br />
is not a mission-critical workload running on this z/<strong>VM</strong> LPAR, as this test may affect it.<br />
Also, be sure to kill the processes after seeing cpuplugd in action.<br />
Per<strong>for</strong>m the following steps:<br />
► Put ten looping jobs in the background with the following <strong>for</strong> loop:<br />
# <strong>for</strong> i in `seq 1 <strong>10</strong>`<br />
> do<br />
> bash -c "cat /dev/zero > /dev/null" &<br />
> done<br />
[1] 2441<br />
[2] 2442<br />
[3] 2443<br />
[4] 2444<br />
[5] 2445<br />
[6] 2446<br />
[7] 2447<br />
[8] 2448<br />
[9] 2449<br />
[<strong>10</strong>] 2453<br />
► See that the jobs are running (you can also use the top command):<br />
# pstree -G | grep cat<br />
+-sshd---sshd---bash---<strong>10</strong>*[bash---cat]<br />
► Now run lscpus every so often. <strong>The</strong> following example shows that, after a minute or so,<br />
cpuplugd has started five of the nine spare processors.<br />
# lscpus<br />
/sys/devices/system/cpu/cpu0<br />
1<br />
/sys/devices/system/cpu/cpu1<br />
1<br />
/sys/devices/system/cpu/cpu2<br />
1<br />
/sys/devices/system/cpu/cpu3<br />
1<br />
/sys/devices/system/cpu/cpu4<br />
1<br />
/sys/devices/system/cpu/cpu5<br />
1<br />
/sys/devices/system/cpu/cpu6<br />
0<br />
/sys/devices/system/cpu/cpu7<br />
0<br />
/sys/devices/system/cpu/cpu8<br />
212 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
0<br />
/sys/devices/system/cpu/cpu9<br />
0<br />
After a few more minutes, all of the CPUs should be activated.<br />
► Kill the processes with the killall command, then verify that the loops have stopped:<br />
# killall cat<br />
bash: line 1: 2450 Terminated cat /dev/zero > /dev/null<br />
bash: line 1: 2452 Terminated cat /dev/zero > /dev/null<br />
bash: line 1: 2451 Terminated cat /dev/zero > /dev/null<br />
bash: line 1: 2457 Terminated cat /dev/zero > /dev/null<br />
bash: line 1: 2456 Terminated cat /dev/zero > /dev/null<br />
[1] Exit 143 bash -c "cat /dev/zero > /dev/null"<br />
[2] Exit 143 bash -c "cat /dev/zero > /dev/null"<br />
...<br />
# pstree -G | grep cat<br />
No output shows that the processes to create a workload have been stopped.<br />
13.7.3 Setting memory sizes with cpuplugd<br />
Memory sizes can also be set by the cpuplugd service. However, unlike CPUs, there is no<br />
good generic default value. <strong>The</strong> following example is in the Device Drivers book:<br />
MEMPLUG = "swaprate > freemem+<strong>10</strong> & freemem+<strong>10</strong> < apcr"<br />
MEMUNPLUG = "swaprate > freemem + <strong>10</strong>000"<br />
However, this is just a starting point to explain the syntactical structure of a rule. Do not use<br />
this configuration in production. You should test any setting that you want to implement<br />
against a representative workload that your Linux systems will be running. Details are beyond<br />
the scope of this section.<br />
13.8 Hardware cryptographic support <strong>for</strong> OpenSSH<br />
This section shows how to copy a test file with OpenSSH, first without any crypto<br />
acceleration. <strong>The</strong>n crypto acceleration <strong>for</strong> OpenSSH is enabled and the same file is copied<br />
again. A much higher throughput rate should be observed. <strong>The</strong> prerequisite <strong>for</strong> using<br />
hardware cryptography is to have a firmware level of LIC 3863 installed on your System z<br />
CEC. (TODO: how to query this?)<br />
This section is based on the white paper First experiences with hardware cryptographic<br />
support <strong>for</strong> OpenSSH with Linux <strong>for</strong> System z, by Manfred Gnirss, Winfried Münch, Klaus<br />
Werner and Arthur Winterling. It is on the Web at:<br />
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP<strong>10</strong>1690<br />
This section only shows a single example of crypto acceleration. For a much more complete<br />
and detailed analysis, see the white paper.<br />
To test copying a file with and without cryptographic acceleration, per<strong>for</strong>m the following steps:<br />
► Start an SSH session to a Linux.<br />
► Create a 200 MB test file <strong>for</strong> copying in the /tmp/ directory:<br />
# cd /tmp<br />
# dd if=/dev/zero of=testdata.txt bs=<strong>10</strong>48576 count=200<br />
200+0 records in<br />
Chapter 13. Miscellaneous recipes 213
200+0 records out<br />
209715200 bytes (2<strong>10</strong> MB) copied, 17.87 s, 11.7 MB/s<br />
# ls -lh testdata.txt<br />
-rw-r--r--. 1 root root 200M Oct 9 14:51 testdata.txt<br />
► Copy the file locally with the scp command, two times with specific encryption algorithms<br />
and once without, prefixing all with the time command:<br />
# time scp -c 3des-cbc /tmp/testdata.txt localhost:/dev/null<br />
<strong>The</strong> authenticity of host 'localhost (::1)' can't be established.<br />
RSA key fingerprint is 41:77:58:<strong>10</strong>:50:09:ba:2a:6a:7b:8b:56:95:1a:37:79.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.<br />
root@localhost's password:<br />
testdata.txt <strong>10</strong>0% 200MB 4.6MB/s 00:44<br />
real 0m51.295s<br />
user 0m17.797s<br />
sys 0m1.047s<br />
# time scp -c aes128-cbc /tmp/testdata.txt localhost:/dev/null<br />
root@localhost's password:<br />
testdata.txt <strong>10</strong>0% 200MB 28.6MB/s 00:07<br />
real 0m<strong>10</strong>.780s<br />
user 0m1.212s<br />
sys 0m0.698s<br />
[root@gpok225 ssl]# time scp /tmp/testdata.txt localhost:/dev/null<br />
root@localhost's password:<br />
testdata.txt <strong>10</strong>0% 200MB 16.7MB/s 00:12<br />
real 0m15.977s<br />
user 0m3.072s<br />
sys 0m0.753s<br />
<strong>The</strong> output shows a throughputs of about 4.6, 28.6 and 16.7 MB/s and a user times of<br />
about 17.7, 1.2 and 3.0 seconds.<br />
► Determine if the necessary cryptographic-related RPMs are installed:<br />
# rpm -qa | grep openssl-ibmca<br />
No output shows that they are not installed.<br />
► Install the RPM with the yum install command:<br />
# yum -y install openssl-ibmca openssl-ibmca.s390<br />
...<br />
Installed:<br />
openssl-ibmca.s390 0:1.1-3.el6 openssl-ibmca.s390x 0:1.1-3.el6<br />
Dependency Installed:<br />
glibc.s390 0:2.12-1.7.el6 keyutils-libs.s390 0:1.4-1.el6<br />
krb5-libs.s390 0:1.8.2-3.el6 libcom_err.s390 0:1.41.12-3.el6<br />
libselinux.s390 0:2.0.94-2.el6 nss-softokn-freebl.s390 0:3.12.7-1.1.el6<br />
openssl.s390 0:1.0.0-4.el6 zlib.s390 0:1.2.3-25.el6<br />
Complete!<br />
► Verify that the RPMs are now installed:<br />
# rpm -qa | egrep "libica|ibmca"<br />
libica-2.0.3-2.el6.s390x<br />
openssl-ibmca-1.1-3.el6.s390x<br />
openssl-ibmca-1.1-3.el6.s390<br />
214 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Verify that CP Assist <strong>for</strong> Cryptographic Function (CPACF) operations are supported:<br />
# icainfo<br />
<strong>The</strong> following CP Assist <strong>for</strong> Cryptographic Function (CPACF) operations are<br />
supported by libica on this system:<br />
SHA-1: yes<br />
SHA-256: yes<br />
SHA-512: yes<br />
DES: yes<br />
TDES-128: yes<br />
TDES-192: yes<br />
AES-128: yes<br />
AES-192: yes<br />
AES-256: yes<br />
PRNG: yes<br />
► Make a backup of the SSL configuration file, /etc/ssl/openssl.cnf:<br />
# cd /etc/pki/tls<br />
# cp openssl.cnf openssl.cnf.orig<br />
► Append the sample SSL configuration file under /usr/share/doc/openssl-ibmca-1.1/ to<br />
the actual SSL configuration file, /etc/openssl.cnf:<br />
# cat /usr/share/doc/openssl-ibmca-1.1/openssl.cnf.sample-s390x >> openssl.cnf<br />
► Edit the appended file and search <strong>for</strong> the line with the openssl_conf variable. Move that<br />
line from the bottom to the top and save the file, as shown in the following example:<br />
# vi openssl.cnf<br />
/openssl_conf<br />
#<br />
# OpenSSL example configuration file.<br />
# This is mostly being used <strong>for</strong> generation of certificate requests.<br />
#<br />
# This definition stops the following lines choking if HOME isn't<br />
# defined.<br />
HOME = .<br />
RANDFILE = $ENV::HOME/.rnd<br />
openssl_conf = openssl_def<br />
...<br />
► Without a symlink we got the error:<br />
# time scp -c 3des-cbc /tmp/testdata.txt localhost:/dev/null<br />
Auto configuration failed<br />
2199031767552:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared<br />
library:dso_dlfcn.c:185:filename(/usr/lib64/libibmca.so): /usr/lib64/libibmca.so: cannot<br />
open shared object file: No such file or directory<br />
2199031767552:error:25070067:DSO support routines:DSO_load:could not load the shared<br />
library:dso_lib.c:244:<br />
2199031767552:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:<br />
2199031767552:error:260BC066:engine routines:INT_ENGINE_CONFIGURE:engine configuration<br />
error:eng_cnf.c:204:section=ibmca_section, name=dynamic_path,<br />
value=/usr/lib64/libibmca.so<br />
2199031767552:error:0E07606D:configuration file routines:MODULE_RUN:module<br />
initialization error:conf_mod.c:235:module=engines, value=engine_section, retcode=-1<br />
lost connection<br />
► Make a symbolic link to the file /usr/lib64/openssl/engines/libibmca.so:<br />
# cd /usr/lib64<br />
# ln -s openssl/engines/libibmca.so<br />
# ls -l libibmca.so<br />
lrwxrwxrwx. 1 root root 27 Oct 20 16:47 libibmca.so -> openssl/engines/libibmca.so<br />
Chapter 13. Miscellaneous recipes 215
► Rerun the same scp commands:<br />
# time scp -c 3des-cbc /tmp/testdata.txt localhost:/dev/null<br />
Password:<br />
testdata.txt <strong>10</strong>0% 200MB 66.7MB/s 00:03<br />
real 0m5.890s<br />
user 0m1.542s<br />
sys 0m0.558s<br />
# time scp -c aes128-cbc /tmp/testdata.txt localhost:/dev/null<br />
Password:<br />
testdata.txt <strong>10</strong>0% 200MB 66.7MB/s 00:03<br />
real 0m6.287s<br />
user 0m0.993s<br />
sys 0m0.541s<br />
# time scp /tmp/testdata.txt localhost:/dev/null<br />
Password:<br />
testdata.txt <strong>10</strong>0% 200MB 66.7MB/s 00:03<br />
real 0m4.839s<br />
user 0m0.996s<br />
sys 0m0.548s<br />
► Delete the test file:<br />
# rm /tmp/testdata.txt<br />
You should see an improved througput.<br />
13.9 <strong>The</strong> X Window System<br />
For many years UNIX-like operating systems have been using the X Window System<br />
(commonly just “X”). This system was designed to provide client/server,<br />
hardware-independent and network-enabled graphical environment. <strong>The</strong> current version is<br />
X11 which is widely used on UNIX and Linux plat<strong>for</strong>ms.<br />
Confusion often arises among new X users regarding the concept of client and server,<br />
because client and server are defined from an application point of view where other protocols<br />
such as SSH, Telnet and FTP they are defined from an end user point of view. In X the server<br />
runs on the hardware with the mouse, keyboard and monitor (usually a workstation or a<br />
desktop), while the client runs on the UNIX or Linux server. Many Linux desktop users don’t<br />
recognize this difference because they often run both the server and client on their desktop.<br />
It is a common practice to connect from a PC (SSH client) to remote Linux (SSH server) and<br />
then run an X application. It runs on remote Linux (X client) and displays on local PC (X<br />
server).<br />
<strong>The</strong> X communication protocol by its nature is not secure at all. For this reason it is often used<br />
together with SSH protocol, which tunnels X11 traffic using encrypted (and thus secure)<br />
communications.<br />
X11 itself provides the ability to display graphics on raster display, nothing more. If the user<br />
wants to be able to move, resize and otherwise manage windows, a window manager is<br />
needed. <strong>The</strong>re are many window managers available; some are lightweight while some are<br />
more robust. So using a window manager is a good idea because it provides functionality<br />
which one expects from a GUI.<br />
216 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
13.9.1 VNC Server<br />
When you have Linux installed on your workstation, a window manager is probably not<br />
enough. Here you want a full desktop environment with menus, icons, task bars etc such as<br />
Gnome and KDE. Installing GNOME or KDE on System z is discouraged as they are<br />
resource-intensive. Installing <strong>The</strong> X Window System is also not recommended.<br />
As mentioned earlier, the X server is run where the mouse, keyboard and monitor are located<br />
- on the workstation. In a nutshell, VNC Server provides virtual workstation with all this<br />
peripherals (virtual). <strong>The</strong> VNC server starts an embedded X server. <strong>The</strong>n any X-based<br />
application can send its output to this X server, regardless of if the applications is local or<br />
remote to X server.<br />
To interact with the X server, one uses VNC client on a workstation, as described in section<br />
3.2, “Setting up a VNC client” on page 23. <strong>The</strong> VNC server customization is described in<br />
section 8.2.4, “Configuring the VNC server” on page 140. In our experience this is all you<br />
need if you want to run X applications from time to time.<br />
One big advantage of VNC is that it is session oriented. If communication to VNC server is<br />
lost, a new connection is reestablished to the session as it was. Also, applications in a<br />
disconnected VNC session still continue to run.<br />
13.9.2 X Server on workstation<br />
If <strong>for</strong> some reason VNC is not acceptable, it is possible to use a standard X server on a<br />
workstation. Since Linux users usually know the X Window system, an X server running on<br />
Windows is described in this section.<br />
<strong>The</strong>re are many commercial and free X Window servers available <strong>for</strong> Windows. In the<br />
following examples XliveCD is used, which provides a free X server based on Cygwin. It can<br />
be run directly from a CD without requiring installation.<br />
http://xlivecd.indiana.edu/<br />
Any X application will send its output to an address defined with -display parameter or, if not<br />
provided, to an address specified in the DISPLAY environment variable. If neither is provided,<br />
the local computer is used <strong>for</strong> output. Following is an example that uses the xclock command<br />
(you may have to first install it with the command yum -y install xclock):<br />
gpok224:~ # xclock<br />
Error: Can't open display:<br />
<strong>The</strong>re is no display specified <strong>for</strong> xclock command and it will terminate.<br />
Display is specified by setting DISPLAY environment variable.<br />
gpok224:~ # export DISPLAY=9.145.177.158:0<br />
gpok224:~ # xclock<br />
No protocol specified<br />
Error: Can't open display: 9.145.177.158:0<br />
This command failed, because the XliveCD requires an explicit command to allow remote<br />
hosts to connect to it. When the command xhost + (plus means to add authorized hosts) is<br />
run, xclock can finally display on Windows as shown in Figure 13-2. Remember the program<br />
itself runs on a remote Linux.<br />
gpok224:~ # xclock &<br />
[1] 21915<br />
Chapter 13. Miscellaneous recipes 217
Figure 13-2 Manual setting of DISPLAY variable<br />
<strong>The</strong> xhost + command allows any host to access the X Server. From a security point of view,<br />
this may not be a good idea. Even allowing just specific hosts is not enough, because X11<br />
protocol itself is not secure. Using SSH tunneling removes this security exposure. SSH<br />
tunneling also prevents firewalls and NAT from breaking X11 communications.<br />
It is possible to use an external SSH client which allows X11 <strong>for</strong>warding, or SSH client<br />
embedded in XliveCD itself. Both options are shown.<br />
Using PuTTY<br />
To use PuTTY <strong>for</strong> X11 <strong>for</strong>warding, select X11 <strong>for</strong>warding as shown in Figure 13-3.<br />
218 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 13-3 Allow X11 Forwarding in PuTTY<br />
As you can see in Figure 13-4, the DISPLAY environment variable contains the special value of<br />
localhost:<strong>10</strong>.0 which tells PuTTY to <strong>for</strong>ward X11 protocol over SSH to SSH client<br />
address.In this case there is no need to enter xhost command because the connection<br />
appears to X Server as a local one.<br />
Figure 13-4 X11 <strong>for</strong>warding with PuTTY<br />
Chapter 13. Miscellaneous recipes 219
Using embedded SSH<br />
It is also possible to achieve X11 <strong>for</strong>warding with an embedded SSH client as shown below.<br />
Again, no xhost command is needed.<br />
Figure 13-5 X11 <strong>for</strong>warding with embedded SSH client<br />
<strong>The</strong>re are many ways how to achieve the same results. It is up to you to choose a solution<br />
which suits the purpose best.<br />
13.<strong>10</strong> Centralizing home directories <strong>for</strong> LDAP users<br />
In previous versions of this book there was a section on how to create a travelling /home/<br />
directory using LDAP, NFS and automount. In the interest of time, this section has been<br />
removed. See section 13.3 in the <strong>IBM</strong> Redbook z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z <strong>The</strong><br />
<strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> Red Hat Linux Enterprise Server 5.2, SG24-7492, on the Web at:<br />
http://www.redbooks.ibm.com/abstracts/sg247492.html<br />
However, the following section has been added to this book. In December of 2009, the topic<br />
of how to set up a common home directory came up on the linux-390 list server. <strong>The</strong> following<br />
post by Patrick Spinler is copied, with permission, as it may be helpful to you:<br />
13.<strong>10</strong>.1 Recommendations <strong>for</strong> centralizing home directories<br />
“NFSv3 is not known <strong>for</strong> it's security. Consider the use of the NFS option root_squash, along<br />
with limiting the list of hosts who can connect to your home share. Only export home<br />
directories to hosts which you control, remember that anyone who has root on their box (e.g.<br />
a developer workstation) can impersonate any user to NFS. Here's the relevant /etc/exports<br />
line we use:<br />
220 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
export/unixdata/homedirs \<br />
@hgrp_autohome_admin(rw,no_root_squash,insecure,sync) \<br />
@hgrp_autohome_hosts(rw,root_squash,insecure,sync)<br />
I look <strong>for</strong>ward to going to NFSv4 with kerberos authentication, but we're not there yet.<br />
Regarding automount maps in LDAP, this works very well <strong>for</strong> us with one exception. <strong>The</strong><br />
problem is that there's a significant number of automount map schemas out there, and<br />
different OS's (and different revisions of OS's) use different ones. As we are a fairly<br />
heterogeneous environment, I found it near impossible to keep a master map in LDAP. Right<br />
now we're just keeping a /etc/auto.master or /etc/auto_master on each host.<br />
In order to make the individual map entries work heterogeneously, I had to add several object<br />
classes and a few redundant attributes to each entry. Here's what my home directory<br />
automount map entry looks like:<br />
# ap00375, auto_home, unix.example.com<br />
dn: automountKey=ap00375,automountMapName=auto_home,dc=unix,dc=example,dc=com<br />
automountIn<strong>for</strong>mation: linux01.example.com:/vol/vol2/unixhomes-5gb/75/ap00375<br />
cn: ap00375<br />
automountKey: ap00375<br />
objectClass: automount<br />
objectClass: nisNetId<br />
objectClass: top<br />
Regarding heterogeneous clients, we found AIX in particular to be the hardest of our clients to<br />
configure, and Linux the easiest. Insure on AIX that you have the latest available LDAP client<br />
package from <strong>IBM</strong>. Also be aware that AIX wants to use it's extended LDAP schema rather<br />
than RFC2307, and wants full write access to the LDAP servers from every AIX client.<br />
Despite that, it will work with RFC2307 and read only access. Solaris, like Linux, has an<br />
option to not use an LDAP proxy account at all via anonymous binding, but I never got Solaris<br />
anonymous binding to work.<br />
I recommend making LDAP use TLS or SSL on the wire, in order to keep clear-text<br />
passwords from flying about. Both AIX and Solaris require the server public SSL certificates<br />
to be loaded on every client to do LDAP over TLS or SSL. Linux can be configured to ignore<br />
authenticating the LDAP servers' certificates and proceed with TLS/SSL anyway - this is<br />
convenient, but does open the possibility of man in the middle attacks. In our environment this<br />
isn't a big deal, but it might be in yours.<br />
We've found POSIX group membership management to be one of our more challenging<br />
issues overall. Some older systems (e.g. solaris
222 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and<br />
Linux<br />
Not everything that can be counted counts, and not everything that counts can be<br />
counted.<br />
--Albert Einstein<br />
This chapter briefly describes how to monitor z/<strong>VM</strong> and Linux. For another source on z/<strong>VM</strong><br />
per<strong>for</strong>mance and monitoring, see Chapter 11, Monitoring per<strong>for</strong>mance and capacity, in the<br />
Manual Getting Started With Linux, SC24-6096 on the Web at:<br />
http://publibz.boulder.ibm.com/epubs/pdf/hcsx0b20.pdf<br />
<strong>The</strong>re are a number of z/<strong>VM</strong> monitoring tools such as CA’s <strong>VM</strong>:Monitor, <strong>IBM</strong>’s z/<strong>VM</strong><br />
Per<strong>for</strong>mance Toolkit, <strong>IBM</strong>’s Tivoli OMEGAMON XE <strong>for</strong> z/<strong>VM</strong> and Linux. and products from<br />
Velocity Software.<strong>The</strong> <strong>IBM</strong> z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit is briefly described in this section.<br />
<strong>The</strong>re are also two sections on tuning z/<strong>VM</strong> and Linux using Cooperative Memory<br />
Management (CMM) and the CPU plug daemon, cpuplugd.<br />
This chapter contains the following sections:<br />
► “Using INDICATE and other commands” on page 223<br />
► “<strong>The</strong> z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit” on page 227<br />
► “Monitoring Linux” on page 236<br />
► “Viewing Linux data in the Per<strong>for</strong>mance Toolkit” on page 238<br />
14.1 Using INDICATE and other commands<br />
z/<strong>VM</strong> has many commands to monitor the state of the system. CP INDICATE is the most<br />
commonly used, and there are other commands that are addressed. For more in<strong>for</strong>mation,<br />
see the z/<strong>VM</strong> Per<strong>for</strong>mance Resources Web page at<br />
http://www.vm.ibm.com/perf/<br />
14<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 223
14.1.1 Using the INDICATE command<br />
z/<strong>VM</strong> has some basic commands such as INDICATE. <strong>The</strong>re are many INDICATE parameters that<br />
can be included as command line options. Use the command HELP INDICATE <strong>for</strong> a basic<br />
understanding and then press F11 <strong>for</strong> help on each parameter.<br />
INIDICATE LOAD<br />
If no parameter is specified INDICATE LOAD is the default option. <strong>The</strong>re are two flavors of this,<br />
depending on whether the issuing user ID has privilege class G or class E. Class G users can<br />
use INDICATE to display recent contention <strong>for</strong> system resources, display environment<br />
characteristics and measurements of resources used by their virtual machine.<br />
<strong>The</strong> output from user ID with class E privilege (e.g. MAINT, OPERATOR) is shown here. <strong>The</strong> lines<br />
are number <strong>for</strong> clarity of the description that follows:<br />
==> ind load<br />
1 AVGPROC-038% 03<br />
2 XSTORE-000021/SEC MIGRATE-0001/SEC<br />
3 MDC READS-000068/SEC WRITES-000001/SEC HIT RATIO-099%<br />
4 PAGING-0031/SEC STEAL-000%<br />
5 Q0-00006(00000) DORMANT-00357<br />
6 Q1-00001(00000) E1-00000(00000)<br />
7 Q2-00001(00000) EXPAN-002 E2-00000(00000)<br />
8 Q3-00034(00000) EXPAN-002 E3-00000(00000)<br />
9<br />
<strong>10</strong> PROC 0000-038% PROC 0001-038%<br />
11 PROC 0002-038%<br />
12<br />
13 LIMITED-00000<br />
<strong>The</strong> INDICATE LOAD command gives a snapshot of current system per<strong>for</strong>mance. Except <strong>for</strong> the<br />
counts of virtual machines in various queues and the limited list, the values you see here are<br />
a smoothed average over the past 4 minutes. Areas where z/<strong>VM</strong> per<strong>for</strong>mance analysts tend<br />
to focus are the following:<br />
► AVGPROC on line 1 gives the overall processor utilization, 38% in this example. <strong>The</strong> number<br />
following it is the number of on-line processors, 3 in this example. <strong>The</strong> individual processor<br />
utilization is shown on lines <strong>10</strong> and 11. Take a glance at these to see if they are somewhat<br />
balanced. <strong>The</strong>re are cases where an imbalance is okay. This would include very low<br />
utilization scenarios or cases where there are not enough users ready to run virtual<br />
processors to keep the physical processors busy. One of the processors will be a Master,<br />
all of the others Alternate, and some imbalance may result from per<strong>for</strong>ming these<br />
functions. Line 2 describes paging to expanded storage. Most z/<strong>VM</strong> systems on z9 class<br />
machines can sustain several <strong>10</strong>00s of this type of paging operations a second without<br />
any problems. z<strong>10</strong> class machines will per<strong>for</strong>m even better. <strong>The</strong> MIGRATE rate is the<br />
number of pages per second being moved from expanded storage out to paging space on<br />
DASD. A healthy system will have a MIGRATE rate significantly lower than the XSTORE rate,<br />
probably being measures in <strong>10</strong>0s rather than <strong>10</strong>00s. <strong>The</strong> higher values seen tend to build<br />
up over time, and are sustained over periods of intense system activity, however, there<br />
are times the MIGRATE value may spike <strong>for</strong> brief periods of time.<br />
► Minidisk cache (MDC) statistics are given on the third line. <strong>The</strong> effectiveness of MDC can be<br />
judged by the combination of the READS rate and the HIT RATIO. If both are high, then a<br />
large number of physical I/Os are avoided due to the MDC feature. For a system which<br />
has an appreciably high I/O rate, composed of reads plus writes, and a high proportion of<br />
reads, and a good hit ratio <strong>for</strong> those reads (tending to 90% or greater), the real, physical<br />
I/O avoidance can be very high, this author has seen the avoidance as high as 50% in<br />
some cases. Conversely, however, a high HIT RATIO with a low value <strong>for</strong> the READS rate<br />
224 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
should not be taken as good, (<strong>10</strong>0% hit ratio, when doing only 1 I/O per second is<br />
effectively meaningless).<br />
► Line 4 describes more storage (memory) management. <strong>The</strong> PAGING rate is important.<br />
Higher values will often impact per<strong>for</strong>mance. This can be at least partially offset by<br />
increasing the number of page volumes, but a more thorough examination of this problem<br />
is advisable whenever it arises.<strong>The</strong> STEAL percentage is often misleading. This is basically<br />
the percentage of pages taken from guests that z/<strong>VM</strong> believes are non-dormant. Since<br />
some guests have periodic timers going off, they appear to be active to z/<strong>VM</strong> even when<br />
relatively idle. Pages taken from these guests are still considered to be stolen. So there<br />
are scenarios where a system only has a user set comprising active guests, in which case<br />
all pages taken would be considered stolen. Bearing this in mind, if a high STEAL value is<br />
observed, the paging rate needs to be checked. If the paging rate is relatively low, then<br />
the STEAL value is not important.<br />
► On lines 5 through 8 you also see a series of counters that represent the users in<br />
various queues. <strong>The</strong> z/<strong>VM</strong> scheduler classifies work into 3 different classes (1 through 3)<br />
and a special additional class labelled zero. So the Column of Qx values and Ex represent<br />
the virtual machines in the dispatch list and the eligible list. <strong>The</strong> most important value here<br />
to validate is that there are no virtual machines in the Eligible list: E1, E2, E3; this implies<br />
z/<strong>VM</strong> has stopped dispatching some virtual machines to avoid over committing resources.<br />
Such a system would require further investigation, possibly leading to some tuning work,<br />
or even hardware addition in extreme cases. Do not worry about the values in<br />
parenthesis.<br />
INDICATE QUEUES EXP<br />
Another useful command to understand the state of the system is the INDICATE QUEUES EXP.<br />
Following is an example:<br />
==> ind q exp<br />
DATAMGT1 Q3 AP 00000537/00000537 .... -2.025 A02<br />
BITNER Q1 R00 00000785/00000796 .I.. -1.782 A00<br />
EDLLNX4 Q3 PS 00007635/00007635 .... -1.121 A00<br />
TCPIP Q0 R01 00004016/00003336 .I.. -.9324 A01<br />
APCTEST1 Q2 IO 00003556/00003512 .I.. -.7847 A01<br />
EDLWRK20 Q3 AP 00001495/00001462 .... -.6996 A01<br />
EDL Q3 IO 00000918/00000902 .... -.2409 A01<br />
EDLWRK11 Q3 AP 00002323/00002299 .... -.0183 A00<br />
EDLWRK18 Q3 IO 0000<strong>10</strong>52/00000388 .... -.0047 A00<br />
EDLWRK4 Q3 AP 00004792/00002295 .... .0055 A01<br />
EDLWRK8 Q3 AP 00004804/00004797 .... .0089 A02<br />
EDLWRK16 Q3 AP 00002378/00002378 .... .0170 A02<br />
EDLWRK2 Q3 AP 00005544/00002956 .... .0360 A00<br />
EDLWRK12 Q3 AP 00004963/00002348 .... .0677 A01<br />
EDLWRK6 Q3 IO 00000750/00000302 .... .0969 A02<br />
EDLWRK3 Q3 AP 00005098/00005096 .... .0999 A02<br />
EDLWRK17 Q3 AP 00004786/00004766 .... .<strong>10</strong>61 A01<br />
EDLWRK9 Q3 AP 00002372/00002334 .... .1<strong>10</strong>7 A02<br />
EDLWRK5 Q3 IO 00002376/00002376 .... .1205 A01<br />
EDLWRK14 Q3 AP 00002426/00002323 .... .1238 A02<br />
EDLLIB19 Q3 IO 00001226/00001<strong>10</strong>0 .... .1309 A02<br />
EDLWRK19 Q3 AP 00002322/00002298 .... .1705 A00<br />
EDLWRK15 Q3 AP 00002839/00002781 .... .2205 A02<br />
EDLWRK1 Q3 AP 00002969/00002935 .... .2491 A02<br />
This is another class E command and displays the virtual processors associated with a given<br />
user ID (a single virtual machine may have multiple virtual processors) what queue (dispatch<br />
list, eligible list, limit list) they are in and what state they are in. This is a snapshot in time.<br />
Again you want to check this output to make sure there are no virtual machines in the eligible<br />
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and Linux 225
list. Normal virtual processors in the dispatch list will be Q x (x=1,2,3). Eligible list would be<br />
marked as E x . <strong>The</strong> third column in the example also gives state of virtual processor. This can<br />
be helpful to get a idea of how the virtual processors might be constrained. Virtual processors<br />
that are actually running in the snapshot period are marked with and RNN where NN is the<br />
processor number they are on. An R without a number means the virtual processor is ready to<br />
run but there is not an available processor. (Note: the virtual machine that issues the<br />
INDICATE command will always be one of the running machines). Other states are<br />
documented in the help <strong>for</strong> IND Q EXP. One doesn't have to be concerned about the other<br />
columns unless detailed analysis is required or if <strong>IBM</strong> support requests it. Also, always<br />
remember that is just a snapshot in time so often repeating this command over time can give<br />
a more accurate picture of your z/<strong>VM</strong> system, a single snapshot cannot be regarded as<br />
indicative.<br />
14.1.2 Using other basic commands<br />
Some other useful basic commands are briefly mentioned. All examples are shown from the<br />
MAINT user ID. <strong>The</strong> results will be different <strong>for</strong> users with fewer privileges.<br />
Getting help<br />
To get help on the system use the HELP command. Sometimes it’s hard to find help <strong>for</strong> exactly<br />
the command you’re looking <strong>for</strong>. Some useful help commands are as follow<br />
==> help // <strong>for</strong> basic help<br />
==> help menus // <strong>for</strong> menu of all z/<strong>VM</strong> help menus<br />
==> help cp menu // <strong>for</strong> a menu of all CP commands<br />
==> help cpquery // <strong>for</strong> a menu of all CP QUERY command<br />
==> help cpset // <strong>for</strong> a menu of all CP SET commands<br />
Determining who is logged on<br />
To see who is logged on to the system use the QUERY NAMES command. For example:<br />
==> q n<br />
FTPSERVE - DSC , LINUX04 - DSC , LINUX03 - DSC , LINUX02 - DSC<br />
LINUX01 - DSC , S11S1CLN - DSC , DTCVSW2 - DSC , DTCVSW1 - DSC<br />
<strong>VM</strong>SERVR - DSC , <strong>VM</strong>SERVU - DSC , <strong>VM</strong>SERVS - DSC , TCPIP - DSC<br />
OPERSYMP - DSC , DISKACNT - DSC , EREP - DSC , OPERATOR - DSC<br />
MAINT -L0003<br />
VSM - TCPIP<br />
Determining storage or memory<br />
To see how much central and expanded storage (memory) are installed and allocated to a<br />
system use the QUERY STORAGE and QUERY XSTOR commands. For example:<br />
==> q stor<br />
STORAGE = 16G CONFIGURED = 16G INC = 256M STANDBY = 0 RESERVED = 0<br />
==> q xstor<br />
XSTORE= 2048M online= 2048M<br />
XSTORE= 2048M userid= SYSTEM usage= 0% retained= 0M pending= 0M<br />
XSTORE MDC min=0M, max=0M, usage=0%<br />
XSTORE= 2048M userid= (none) max. attach= 2048M<br />
Determining processors or CPUs<br />
To see how many processors (CPs, IFLs, CPUs) you have allocated at system level, use the<br />
QUERY PROCESSORS command. For example:<br />
==> q proc<br />
PROCESSOR 00 MASTER CP<br />
PROCESSOR 01 ALTERNATE CP<br />
226 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
PROCESSOR 02 ALTERNATE CP<br />
PROCESSOR 03 ALTERNATE CP<br />
PROCESSOR 04 ALTERNATE CP<br />
PROCESSOR 05 ALTERNATE CP<br />
PROCESSOR 06 ALTERNATE CP<br />
PROCESSOR 07 ALTERNATE CP<br />
PROCESSOR 08 ALTERNATE CP<br />
PROCESSOR 09 ALTERNATE CP<br />
Determining software level<br />
To determine what level of CP your system is at, use the QUERY CPLEVEL command. For<br />
example:<br />
==> q cplevel<br />
z/<strong>VM</strong> Version 6 Release 1.0, service level 0901 (64-bit)<br />
Generated at 09/11/09 16:51:48 EDT<br />
IPL at 08/31/<strong>10</strong> 08:44:19 EDT<br />
Determining system cylinder allocation<br />
<strong>The</strong> QUERY ALLOC MAP command shows you the system allocation of spool, paging and<br />
directory space. For example:<br />
==> q alloc map<br />
EXTENT EXTENT % ALLOCATION<br />
VOLID RDEV START END TOTAL IN USE HIGH USED TYPE<br />
------ ---- ---------- ---------- ------ ------ ------ ---- -------------<br />
6<strong>10</strong>RES 6280 1 20 20 1 1 5% DRCT ACTIVE<br />
UV6281 6281 1 3338 600840 75482 75533 12% SPOOL<br />
UV6282 6282 1 3338 600840 0 0 0% PAGE<br />
UP6285 6285 0 3338 60<strong>10</strong>20 0 0 0% PAGE<br />
UP6286 6286 0 3338 60<strong>10</strong>20 16 59 1% PAGE<br />
UP6287 6287 0 3338 60<strong>10</strong>20 0 0 0% PAGE<br />
Determining DASD, OSA and virtual resources<br />
<strong>The</strong> QUERY DASD and QUERY DASD FREE commands will show you what DASD is assigned to the<br />
system and what DASD is free to be assigned. Similarly the QUERY OSA and QUERY OSA FREE<br />
commands will report on the OSA resources. Finally, the QUERY VIRTUAL ALL command can<br />
be useful. <strong>The</strong> following list gives the short <strong>for</strong>m of these commands without any of the<br />
associated output shown:<br />
==> q da<br />
==> q da free<br />
==> q osa<br />
==> q osa free<br />
==> q v all<br />
14.2 <strong>The</strong> z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit<br />
To use the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit, the product must be ordered. You should only<br />
configure the product if you have ordered it.<br />
Much more detail can be found in the following books:<br />
► z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit Guide, SC24-6156, z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit Reference,<br />
SC24-6157, on the Web starting at the z/<strong>VM</strong> 5.4 bookshelf:<br />
http://www-03.ibm.com/systems/z/os/zos/bkserv/zvmpdf/#zvm61<br />
Search <strong>for</strong> Toolkit on that page.<br />
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and Linux 227
► <strong>The</strong> Program Directory <strong>for</strong> Per<strong>for</strong>mance Toolkit <strong>for</strong> <strong>VM</strong>, GI<strong>10</strong>-0785-00<br />
http://www.vm.ibm.com/progdir/6vmptk<strong>10</strong>.pdf<br />
► <strong>The</strong> <strong>IBM</strong> Redbook Linux on <strong>IBM</strong> zSeries and S/390: Per<strong>for</strong>mance Toolkit <strong>for</strong> <strong>VM</strong>,<br />
SG24-6059, on the Web at:<br />
228 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6<br />
http://www.redbooks.ibm.com/abstracts/sg246059.html<br />
<strong>The</strong> section that follow describe how to set up and use the <strong>IBM</strong> Per<strong>for</strong>mance Toolkit very<br />
briefly:<br />
► “Configuring the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit” on page 228<br />
► “Using the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit” on page 233<br />
14.2.1 Configuring the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit<br />
<strong>The</strong> Per<strong>for</strong>mance Toolkit is installed with z/<strong>VM</strong>. Configuration is described in the Program<br />
Directory. Following is a summary of how to turn it on. Again, you should configure the<br />
product only if you have ordered it.<br />
► Query which priced products are enabled with the QUERY PRODUCT command:<br />
==> q product<br />
Product State Description<br />
6<strong>VM</strong>DIR<strong>10</strong> Disabled 00/00/00.00:00:00.$BASEDDR DIRECTORY MAINTENANCE FL 6<strong>10</strong><br />
6<strong>VM</strong>PTK<strong>10</strong> Disabled 00/00/00.00:00:00.$BASEDDR PERFORMANCE TOOLKIT FOR <strong>VM</strong><br />
6<strong>VM</strong>RAC<strong>10</strong> Disabled 00/00/00.00:00:00.$BASEDDR RACF <strong>for</strong> <strong>VM</strong><br />
6<strong>VM</strong>RSC<strong>10</strong> Disabled 00/00/00.00:00:00.$BASEDDR RSCS Networking Version 6 Release 1<br />
Modification 0<br />
► To enable <strong>The</strong> z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit, logon to MAINT and enter the following<br />
command:<br />
==> service perftk enable<br />
<strong>VM</strong>FSRV2760I SERVICE processing started<br />
...<br />
<strong>VM</strong>FSUT2760I <strong>VM</strong>FSUFTB processing started<br />
<strong>VM</strong>FSUT2760I <strong>VM</strong>FSUFTB processing completed successfully<br />
<strong>VM</strong>FSRV2760I SERVICE processing completed successfully<br />
You should see a few screens of messages scroll by and finally the success messages<br />
shown above. This will enable the Per<strong>for</strong>mance Toolkit <strong>for</strong> the current z/<strong>VM</strong> session.<br />
► At IPL time the SYSTEM CONFIG file is modified by having a line appended to the end. Verify<br />
this has been added by the SERVICE command with the following commands:<br />
==> link * cf1 cf1 rr<br />
==> acc cf1 f<br />
DMSACP723I F (CF1) R/O<br />
==> x system config f<br />
====> bot<br />
====> -2<br />
====> pre off<br />
...<br />
PRODUCT PRODID 6<strong>VM</strong>PTK<strong>10</strong> STATE ENABLED DESCRIPTION '12/17/09.15:35:41.MAINT PE<br />
RFKIT Minidisk Install and Service'<br />
<strong>The</strong> Per<strong>for</strong>mance Toolkit is now enabled. You can also verify by running the QUERY PRODUCT<br />
command again.
14.2.2 Configuring Web Browser support<br />
Once the product is enabled, the TCPIP profile must be modified to enable Web access to the<br />
Per<strong>for</strong>mance Toolkit. <strong>The</strong> following example sets the port to 80, the default <strong>for</strong> a Web<br />
browser:<br />
► Logon to TCPMAINT. Edit the TCPIP configuration file. In this example it is POKSND61 TCPIP<br />
D file (assuming you modified this file name earlier - the default name is PROFILE TCPIP)<br />
and search <strong>for</strong> the string reserve ports. This is where z/<strong>VM</strong> TCP/IP ports are reserved.<br />
==> x poksnd61 tcpip d<br />
====> /port<br />
► Add the following line under the PORT entries:<br />
...<br />
PORT<br />
20 TCP FTPSERVE NOAUTOLOG ; FTP Server<br />
21 TCP FTPSERVE ; FTP Server<br />
23 TCP INTCLIEN ; TELNET Server<br />
; 25 TCP SMTP ; SMTP Server<br />
; 53 TCP NAMESRV ; Domain Name Server<br />
; 53 UDP NAMESRV ; Domain Name Server<br />
; 67 UDP DHCPD ; DHCP Server<br />
; 69 UDP TFTPD ; TFTPD (Trivial FTP) Server<br />
; 69 UDP TFTPD ; TFTPD (Trivial FTP) Server<br />
80 TCP PERFS<strong>VM</strong> ; Per<strong>for</strong>mance Toolkit<br />
; 111 TCP PORTMAP ; Portmap Server<br />
...<br />
Save your changes. <strong>The</strong> TCPIP user ID needs to be recycled in order <strong>for</strong> our changes to<br />
take effect. You can FORCE and XAUTOLOG TCPIP from a console. Alternatively, if you are in<br />
a position to reIPL the system, you can do that (shutdown reipl iplparms cons=sysc)<br />
► When the system comes back, logon to TCPMAINT and check if everything was successful<br />
by issuing the NETSTAT CLIENTS command. You want to see that the service PERFS<strong>VM</strong> is a<br />
client (listening). This should be shown after a few screens of output:<br />
==> netstat clients<br />
...<br />
Client: PERFS<strong>VM</strong> Authorization: {none}<br />
Notes Handled: none<br />
Last Touched: 0:01:22<br />
Vmcf error count: 0<br />
<strong>The</strong> entry <strong>for</strong> PERFS<strong>VM</strong> should be at the end of the output.<br />
14.2.3 Configuring PERFS<strong>VM</strong><br />
<strong>The</strong> PERFS<strong>VM</strong> user ID is the Per<strong>for</strong>mance Toolkit service machine.<br />
► Logon to PERFS<strong>VM</strong>. If you successfully enabled the product, you should be put in a<br />
Per<strong>for</strong>mance Toolkit session and see the following text at the top of the screen:<br />
FCX001 Per<strong>for</strong>mance Toolkit <strong>for</strong> <strong>VM</strong> Autoscroll 12<br />
FCXBAS500I Per<strong>for</strong>mance Toolkit <strong>for</strong> <strong>VM</strong> FL6<strong>10</strong><br />
Monitor event started -- recording is activated<br />
Monitor sample started -- recording is activated<br />
FCXPMN446E Incomplete monitor data: SAMPLE CONFIG size too small<br />
► Press F12 twice to get to a CMS prompt.<br />
► Copy the PROFILE XEDIT from the MAINT 191 disk so editor sessions will have a common<br />
interface among user IDs.<br />
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and Linux 229
a. Use the <strong>VM</strong>LINK command to both link the disk read-only and access it as the highest<br />
available file mode. <strong>The</strong> default read password is read, however, if you changed your<br />
passwords as described in section 4.9.1, “Changing passwords in USER DIRECT” on<br />
page 63, then it will be lnx4vm (or whatever you set it to).<br />
==> vmlink maint 191<br />
ENTER READ PASSWORD:<br />
lnx4vm<br />
DMS<strong>VM</strong>L2060I MAINT 191 linked as 0120 file mode Z<br />
b. Copy the PROFILE XEDIT to the A disk:<br />
==> copy profile xedit z = = a<br />
► Copy the default configuration files, which are on PERFS<strong>VM</strong>'s D disk, to your A disk:<br />
==> copy * * d = = a<br />
► <strong>The</strong> main configuration file is FCONX $PROFILE. Edit that file and search <strong>for</strong> the string<br />
<strong>VM</strong>CF.<br />
==> x fconx $profile<br />
====> /vmcf<br />
This should take you to line 175 where the next 4 lines are comments starting with an *.<br />
Per<strong>for</strong>m the following changes:<br />
– Uncomment the second and fourth line by changing *C to FC<br />
– Change port 81 to 80 on the fourth line - this will enable you to use a browser interface<br />
without having to specify port 81 on the URL (with a :81 suffix).<br />
<strong>The</strong> modified lines should be as follows. Save your changes with the FILE subcommand:<br />
* Following command activates <strong>VM</strong>CF data retrieval interface<br />
FC MONCOLL <strong>VM</strong>CF ON<br />
* Following command activates Internet interface<br />
FC MONCOLL WEBSERV ON TCPIP TCPIP 80<br />
* Following command activates Internet interface with SSL<br />
*C MONCOLL WEBSERV ON SSL TCPIP TCPIP 81 IDTEST RACF<br />
...<br />
====> file<br />
► Create a remote data retrieval authorization file with your z/<strong>VM</strong> system identifier (replace<br />
POKSND61 with your system identifier):<br />
==> x fconrmt authoriz<br />
====> a 2<br />
POKSND61 PERFS<strong>VM</strong> S&FSERV<br />
POKSND61 MAINT DATA CMD EXCPMSG<br />
► Create a system identification file that links your z/<strong>VM</strong> system and PERFS<strong>VM</strong> to a special<br />
resource name called FCXRES00. (replace POKSND61 with your system identifier):<br />
==> x fconrmt systems<br />
====> a<br />
POKSND61 PERFS<strong>VM</strong> ESA N FCXRES00<br />
► Edit the PROFILE EXEC file, search <strong>for</strong> the word “once” and uncomment the five MONITOR<br />
SAMPLE and the two MONITOR EVENT statements:<br />
==> x profile exec a<br />
====> /once<br />
Be<strong>for</strong>e:<br />
...<br />
/*** Once you have PERFKIT enabled and running uncomment the ***/<br />
/*** following comments ***/<br />
/* 'CP MONITOR SAMPLE ENABLE PROCESSOR' */<br />
230 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
* 'CP MONITOR SAMPLE ENABLE STORAGE' */<br />
/* 'CP MONITOR SAMPLE ENABLE USER ALL' */<br />
/* 'CP MONITOR SAMPLE ENABLE I/O ALL' */<br />
/* 'CP MONITOR SAMPLE ENABLE APPLDATA ALL' */<br />
/* 'CP MONITOR EVENT ENABLE STORAGE' */<br />
/* 'CP MONITOR EVENT ENABLE I/O ALL' */<br />
'PERFKIT' /* Invoke the PERFKIT module @FC012BD*/<br />
Exit<br />
After:<br />
...<br />
/*** Once you have PERFKIT enabled and running uncomment the ***/<br />
/*** following comments ***/<br />
'CP MONITOR SAMPLE ENABLE PROCESSOR'<br />
'CP MONITOR SAMPLE ENABLE STORAGE'<br />
'CP MONITOR SAMPLE ENABLE USER ALL'<br />
'CP MONITOR SAMPLE ENABLE I/O ALL'<br />
'CP MONITOR SAMPLE ENABLE NETWORK'<br />
'CP MONITOR SAMPLE ENABLE APPLDATA ALL'<br />
'CP MONITOR EVENT ENABLE STORAGE'<br />
'CP MONITOR EVENT ENABLE I/O ALL'<br />
'PERFKIT' /* Invoke the PERFKIT module @FC012BD*/<br />
Exit<br />
====> file<br />
► Set the PERFS<strong>VM</strong> virtual machine to be started at z/<strong>VM</strong> IPL time. Edit the PROFILE EXEC on<br />
AUTOLOG1 so that PERFS<strong>VM</strong> is automatically started at IPL time. First, logon to AUTOLOG1.<br />
► Be<strong>for</strong>e pressing Enter at the <strong>VM</strong> READ prompt, type acc (noprof so that the PROFILE EXEC<br />
is not run.<br />
LOGON AUTOLOG1<br />
z/<strong>VM</strong> Version 6 Release 1.0, Service Level <strong>10</strong>02 (64-bit),<br />
built on <strong>IBM</strong> <strong>Virtualization</strong> Technology<br />
<strong>The</strong>re is no logmsg data<br />
FILES: NO RDR, NO PRT, NO PUN<br />
LOGON AT 14:51:02 EDT THURSDAY <strong>10</strong>/07/<strong>10</strong><br />
DMSIND2015W Unable to access the Y-disk. Filemode Y (19E) not accessed<br />
z/<strong>VM</strong> V6.1.0 20<strong>10</strong>-09-23 11:31<br />
==> acc (noprof<br />
► Add a line so the virtual machine PERFS<strong>VM</strong> is started at z/<strong>VM</strong> IPL time:<br />
==> x profile exec<br />
/***************************/<br />
/* Autolog1 Profile Exec */<br />
/***************************/<br />
'cp xautolog tcpip' /* start up TCPIP */<br />
'CP XAUTOLOG <strong>VM</strong>SERVS'<br />
'CP XAUTOLOG <strong>VM</strong>SERVU'<br />
'CP XAUTOLOG <strong>VM</strong>SERVR'<br />
'CP XAUTOLOG DTCVSW1'<br />
'CP XAUTOLOG DTCVSW2'<br />
'cp xautolog perfsvm' /* start Per<strong>for</strong>mance Toolkit */<br />
'cp set pf12 ret' /* set the retrieve key */<br />
...<br />
► Save the file and logoff of AUTOLOG1.<br />
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and Linux 231
14.2.4 Increasing the size of the MONDCSS DCSS<br />
<strong>The</strong> DCSS named MONDCSS shipped with z/<strong>VM</strong> 6.1 is often not large enough, especially when<br />
your LPAR has access to many devices. To increase the size of the DCSS, first determine<br />
where the current MONDCSS is located by entering the following command:<br />
==> q nss name mondcss map<br />
FILE FILENAME FILETYPE MINSIZE BEGPAG ENDPAG TYPE CL #USERS PARMREGS <strong>VM</strong>GROUP<br />
0011 MONDCSS CPDCSS N/A 09000 09FFF SC R 00001 N/A N/A<br />
In this example, the DCSS starts at x9000 and ends at x9FFF. This is x<strong>10</strong>00 or 4096 pages.<br />
Since a page is 4096 bytes or 4K, the size of this DCSS is 16MB (4KB * 4KB).<br />
Be<strong>for</strong>e starting the Per<strong>for</strong>mance Toolkit, you may want to increase the size of the DCSS<br />
named MONDCSS. <strong>The</strong> following example quadruples the size of MONDCSS to 64MB:<br />
► Delete the old MONDCSS by issuing the PURGE NSS command:<br />
==> purge nss name mondcss<br />
NO FILES PURGED<br />
0001 FILE PENDING PURGE<br />
► Verify the device addresses 4000-7FFF are free with the QUERY NSS MAP command:<br />
==> q nss map<br />
FILE FILENAME FILETYPE MINSIZE BEGPAG ENDPAG TYPE CL #USERS PARMREGS <strong>VM</strong>GROUP<br />
0033 CMS NSS 0000256K 00000 0000D EW A 00007 00-15 NO<br />
00020 00023 EW<br />
00F00 013FF SR<br />
0032 NLSKANJI DCSS N/A 02000 020FF SR A 00000 N/A N/A<br />
0031 NLSUCENG DCSS N/A 02000 020FF SR A 00000 N/A N/A<br />
0030 NLSAMENG DCSS N/A 02000 020FF SR A 00004 N/A N/A<br />
0029 HELPSEG DCSS N/A 00C00 00CFF SR A 00000 N/A N/A<br />
0016 SCEEX DCSS N/A 02<strong>10</strong>0 028FF SR A 00000 N/A N/A<br />
0023 ZCMS NSS 0000256K 00000 0000D EW A 00000 00-15 NO<br />
00020 00023 EW<br />
00F00 013FF SR<br />
0002 GCS NSS 0000256K 00000 0000C EW R 00000 OMITTED YES<br />
00400 0044E SR<br />
0044F 0044F SW<br />
00450 005FF SN<br />
0<strong>10</strong>00 0<strong>10</strong>1A SR<br />
0<strong>10</strong>1B 011FF SN<br />
0018 PERFOUT DCSS N/A 08A00 08FFF SN A 00000 N/A N/A<br />
0017 SCEE DCSS N/A 00900 009FF SR A 00000 N/A N/A<br />
0014 CMSDOS DCSS-M N/A 00B00 00B0C SR A 00000 N/A N/A<br />
0013 CMSBAM DCSS-M N/A 00B0D 00B37 SR A 00000 N/A N/A<br />
0012 DOSBAM DCSS-S N/A 00B00 00B37 -- A 00000 N/A N/A<br />
00<strong>10</strong> GUICSLIB DCSS N/A 01F00 01FFF SR A 00000 N/A N/A<br />
0009 CMSFILES DCSS N/A 01900 01BFF SR A 00003 N/A N/A<br />
0008 S<strong>VM</strong> DCSS N/A 01900 019FF SR A 00000 N/A N/A<br />
0007 CMSPIPES DCSS N/A 01800 018FF SR A 00011 N/A N/A<br />
0006 CMS<strong>VM</strong>LIB DCSS N/A 01700 017FF SR A 00011 N/A N/A<br />
0005 INSTSEG DCSS N/A 01400 016FF SR A 00011 N/A N/A<br />
0003 DOSINST DCSS N/A 00900 0090F SR A 00000 N/A N/A<br />
► Redefine the DCSS larger with the following DEFSEG and SAVESEG commands:<br />
==> defseg mondcss 4000-7fff sc rstd<br />
HCPNSD440I Saved segment MONDCSS was successfully defined in fileid 0034.<br />
==> saveseg mondcss<br />
HCPNSS440I Saved segment MONDCSS was successfully saved in fileid 0034.<br />
232 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
► Verify the new DCSS was created:<br />
==> q nss name mondcss map<br />
FILE FILENAME FILETYPE MINSIZE BEGPAG ENDPAG TYPE CL #USERS PARMREGS <strong>VM</strong>GROUP<br />
0034 MONDCSS CPDCSS N/A 04000 07FFF SC R 00000 N/A N/A<br />
You should now be ready to run the Per<strong>for</strong>mance Toolkit.<br />
14.2.5 Starting the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit<br />
To start the Per<strong>for</strong>mance Toolkit, per<strong>for</strong>m the following steps:<br />
► Logon to the PERFS<strong>VM</strong> user ID.<br />
► Press Enter and the per<strong>for</strong>mance toolkit should start through the PROFILE EXEC:<br />
FCX001 Per<strong>for</strong>mance Toolkit <strong>for</strong> <strong>VM</strong> Autoscroll 12<br />
FCXBAS500I Per<strong>for</strong>mance Toolkit <strong>for</strong> <strong>VM</strong> FL6<strong>10</strong><br />
FCXAPP530I Connected to *IDENT <strong>for</strong> resource FCXRES00<br />
FCXAPF530I Connected to *IDENT <strong>for</strong> resource FCXSYSTM<br />
FCXTCP571I Connected to TCP/IP server TCPIP on path 0003<br />
FCXAPP527I User PERFS<strong>VM</strong> connected on path 0006<br />
FCXAPC535I Connected to resource FCXRES00 on path 0005, <strong>for</strong> S&F-Coll<br />
FCXTCP575I WebServer host IP address is 9.60.18.249:00080<br />
FCXTCP590I WebServer interface activated<br />
Monitor event started -- recording is activated<br />
Monitor sample started -- recording is activated<br />
Disconnect from PERFS<strong>VM</strong> now.<br />
Command ===> disc<br />
<strong>The</strong> Per<strong>for</strong>mance Toolkit should now be configured and running.<br />
14.2.6 Using the z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit<br />
<strong>The</strong> Per<strong>for</strong>mance Toolkit can be used with a Web browser or 3270 interface.<br />
Using a Web browser interface<br />
To use the Web-enabled Per<strong>for</strong>mance Toolkit, per<strong>for</strong>m the following steps:<br />
► Point a browser to your z/<strong>VM</strong> system. For example:<br />
http://9.60.18.249<br />
► You should see a splash screen, then the Web Server Logon screen as shown in<br />
Figure 14-1 on page 234:<br />
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and Linux 233
Figure 14-1 Per<strong>for</strong>mance Toolkit logon screen<br />
► Enter any valid user ID and password and click Submit. In this example MAINT is used.<br />
► <strong>The</strong> Central Monitoring System Load Overview appears with your system identifier<br />
(Node-ID) on the left side.<br />
► Click on your system identifier and the Initial Per<strong>for</strong>mance Data Selection Menu screen<br />
appears as shown in Figure 14-2 on page 235.<br />
► From this screen, you can drill down into many different types of reports.<br />
234 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Figure 14-2 Browser interface to the Per<strong>for</strong>mance Toolkit<br />
Using a 3270 interface<br />
You can also use a 3270 interface as well as a browser interface. To do so, per<strong>for</strong>m the<br />
following steps:<br />
► Logon to PERFS<strong>VM</strong>.<br />
► If you had disconnected, pressing Enter should get you back to the Per<strong>for</strong>mance Toolkit<br />
command line. If the virtual machine was logged off, the PROFILE EXEC should run and get<br />
you to the command line. Enter the command MONITOR:<br />
Command ==> monitor<br />
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and Linux 235
Figure 14-3 Per<strong>for</strong>mance Toolkit 3270 Interface Main Menu screen<br />
Drilling down into report screens<br />
You should now be able to use the active report screens. To drill down into these screens,<br />
move the cursor to any of the titles that are active (active titles display the number or letter in<br />
white, inactive titles are in green). Some of the more useful report screens to drill down into<br />
are:<br />
21. User resource usage<br />
22. User paging load<br />
23. User wait states<br />
28. User configuration<br />
29. Linux systems<br />
33. Benchmark displays<br />
For example to drill down into the Benchmark submenu screen, enter the following command:<br />
Command ===> 33<br />
<strong>The</strong>n type S over the period on the left side of the submenu screen in the row corresponding<br />
to the report you wish to see.<br />
14.3 Monitoring Linux<br />
FCX124 Per<strong>for</strong>mance Screen Selection (FL6<strong>10</strong> ) Perf. Monitor<br />
General System Data I/O Data History Data (by Time)<br />
1. CPU load and trans. 11. Channel load 31. Graphics selection<br />
2. Storage utilization 12. Control units 32. History data files*<br />
3. Reserved 13. I/O device load* 33. Benchmark displays*<br />
4. Priv. operations 14. CP owned disks* 34. Correlation coeff.<br />
5. System counters 15. Cache extend. func.* 35. System summary*<br />
6. CP IUCV services 16. DASD I/O assist 36. Auxiliary storage<br />
7. SPOOL file display* 17. DASD seek distance* 37. CP communications*<br />
8. LPAR data 18. I/O prior. queueing* 38. DASD load<br />
9. Shared segments 19. I/O configuration 39. Minidisk cache*<br />
A. Shared data spaces 1A. I/O config. changes 3A. Storage mgmt. data*<br />
B. Virt. disks in stor. 3B. Proc. load & config*<br />
C. Transact. statistics User Data 3C. Logical part. load<br />
D. Monitor data 21. User resource usage* 3D. Response time (all)*<br />
E. Monitor settings 22. User paging load* 3E. RSK data menu*<br />
F. System settings 23. User wait states* 3F. Scheduler queues<br />
G. System configuration 24. User response time* 3G. Scheduler data<br />
H. <strong>VM</strong> Resource Manager 25. Resources/transact.* 3H. SFS/BFS logs menu*<br />
26. User communication* 3I. System log<br />
I. Exceptions 27. Multitasking users* 3K. TCP/IP data menu*<br />
28. User configuration* 3L. User communication<br />
K. User defined data* 29. Linux systems* 3M. User wait states<br />
Measurements can show resource consumption of the Linux guest as measured and<br />
dispatched by the <strong>VM</strong> host. It is also possible to measure per<strong>for</strong>mance data from within the<br />
Linux guest itself. To monitor Linux per<strong>for</strong>mance data at this level, a data gatherer process<br />
must be running within each Linux guest you wish to monitor. <strong>The</strong>re are different ways of<br />
236 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
gathering this data. It is recommended that data be gathered in the kernel. All modern Linux<br />
distributions have been enabled <strong>for</strong> the kernel to gather per<strong>for</strong>mance data.<br />
14.3.1 Monitoring Linux per<strong>for</strong>mance data from the kernel<br />
To monitor Linux per<strong>for</strong>mance data directly from the kernel, the following must be true:<br />
1. <strong>The</strong> APPLMON option must be set in the user directory.<br />
2. Applmon data monitoring must be built into the kernel.<br />
<strong>The</strong> first requirement should be true as the OPTION APPLMON was set <strong>for</strong> the cloner, the golden<br />
image and <strong>for</strong> Linux user IDs in earlier sections.<br />
For the second requirement, details of this function are described in the Chapter, Linux<br />
monitor stream support <strong>for</strong> z/<strong>VM</strong> in the manual Linux on System z Device Drivers, Features<br />
and Commands on Red Hat Enterprise Linux 6, on the Web at:<br />
http://www.ibm.com/developerworks/linux/linux390/documentation_red_hat.html<br />
A quick description of how to use this built-in monitoring function follows.<br />
► Start an SSH session to a Linux system. In this example, LINUX01 is used.<br />
► <strong>The</strong>re are three modules that are built into the kernel but are not loaded by default. <strong>The</strong>y<br />
are named appldata_mem, appldata_os and appldata_net_sum. You can verify that they<br />
are not loaded with the lsmod and grep commands:<br />
# lsmod | grep appldata<br />
► <strong>The</strong>re is no output so no modules with the string appldata are loaded. Load those<br />
modules with the modprobe command and verify they have been loaded:<br />
# modprobe appldata_mem<br />
# modprobe appldata_os<br />
# modprobe appldata_net_sum<br />
► Now if you repeat the lsmod command, you should see the following:<br />
# lsmod | grep appldata<br />
appldata_net_sum 1844 0<br />
appldata_os 2987 0<br />
appldata_mem 1966 0<br />
► <strong>The</strong> directory in the virtual /proc/ file system where the monitoring variables exist is<br />
/proc/sys/appldata/. In this directory there are five files as follow:<br />
timer Controls whether any data gathering is in effect.<br />
interval Sets the interval, in milliseconds, that samples will be taken.<br />
mem Controls the memory data gathering module<br />
os Controls the CPU data gathering module<br />
net_sum Controls the net data gathering module<br />
► To turn on the built in kernel monitoring, use the echo command to send a non-zero value<br />
into four of the five monitoring variables in the /proc/ virtual file system:<br />
# echo 1 > /proc/sys/appldata/timer<br />
# echo 1 > /proc/sys/appldata/mem<br />
# echo 1 > /proc/sys/appldata/os<br />
# echo 1 > /proc/sys/appldata/net_sum<br />
Built-in kernel monitoring should now be turned on.You may only want to leave the monitoring<br />
on <strong>for</strong> specific periods of time. As Linux monitoring data is captured, the Per<strong>for</strong>mance<br />
Toolkit’s minidisk space can fill up relatively quickly.<br />
Chapter 14. Monitoring and tuning z/<strong>VM</strong> and Linux 237
14.4 Viewing Linux data in the Per<strong>for</strong>mance Toolkit<br />
After the system has had some time to collect data, you should be able to use the<br />
Per<strong>for</strong>mance Toolkit to view Linux per<strong>for</strong>mance data. To view that data, drill down into menu<br />
29, Linux systems. This can be done either from the browser interface or the 3270 interface<br />
as shown in the following figure.<br />
Figure 14-4 Linux Guest Systems sub menu<br />
<strong>The</strong>n type S over the period on the left side of the submenu screen in the row corresponding<br />
to the report you wish to see. You should see a new report screen with the Linux guest<br />
systems CPU overview.<br />
You can also use a Web interface to view the same data. You would drill down into menu 29<br />
Linux systems and should see the drill down LXCPU (Linux CPU), LXMEM (Linux memory)<br />
and LXNET (Linux Network) links hot,<br />
238 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Appendix A. References<br />
This book refers to additional material that can be downloaded from the Internet as described<br />
below.<br />
A.1 Related books<br />
<strong>The</strong> following publications can be used as in<strong>for</strong>mation sources:<br />
► Documentation <strong>for</strong> System z Linux Development stream - on the Web at:<br />
http://www.ibm.com/developerworks/linux/linux390/documentation_red_hat.html<br />
► RHEL 6: <strong>IBM</strong> System z Architecture - Installation and Booting:<br />
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/ptinstall-info-s390.html<br />
► z/<strong>VM</strong> documentation - start at:<br />
http://www.vm.ibm.com/library/<br />
– z/<strong>VM</strong> Guide <strong>for</strong> Automated Installation and Service<br />
– z/<strong>VM</strong> CP Messages and Codes<br />
– z/<strong>VM</strong> TCP/IP Messages and Codes<br />
– <strong>The</strong> Program Directory <strong>for</strong> Per<strong>for</strong>mance Toolkit <strong>for</strong> <strong>VM</strong><br />
– z/<strong>VM</strong> CP Commands and Utilities Reference<br />
– z/<strong>VM</strong> CP Planning and Administration<br />
– z/<strong>VM</strong> Getting Started with Linux on System z9 and zSeries<br />
– z/<strong>VM</strong> TCP/IP Planning and Customization<br />
– z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit Guide, SC24-6156-00<br />
– z/<strong>VM</strong> Per<strong>for</strong>mance Toolkit Reference, SC24-6157-00<br />
► Redbooks - start at:<br />
A<br />
http://www.redbooks.ibm.com/<br />
– Linux on <strong>IBM</strong> eServer zSeries and S/390: Per<strong>for</strong>mance Toolkit <strong>for</strong> <strong>VM</strong>, SG24-6059<br />
– Linux on <strong>IBM</strong> eServer zSeries and S/390: Application Development, SG24-6807<br />
– <strong>IBM</strong> Lotus Domino 6.5 <strong>for</strong> Linux on zSeries Implementation, SG24-7021<br />
– Printing with Linux on zSeries Using CUPS and Samba, REDP-3864<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 239
A.2 Online resources<br />
<strong>The</strong>se Web sites and URLs are also relevant as further in<strong>for</strong>mation sources:<br />
► <strong>The</strong> Linux <strong>for</strong> zSeries and S/390 portal:<br />
http://linuxvm.org/<br />
► <strong>The</strong> linux-390 list server:<br />
http://www2.marist.edu/htbin/wlvindex?linux-390<br />
► Linux on System z and S/390 developerWorks®:<br />
http://awlinux1.alphaworks.ibm.com/developerworks/linux390/index.shtml<br />
► SUSE LINUX Enterprise Server 9 evaluation:<br />
http://www.novell.com/products/linuxenterpriseserver/eval.html<br />
► z/<strong>VM</strong> publications:<br />
http://www.vm.ibm.com/pubs/<br />
► z/<strong>VM</strong> per<strong>for</strong>mance tips:<br />
http://www.vm.ibm.com/perf/tips/<br />
A.3 Important z/<strong>VM</strong> files<br />
z/<strong>VM</strong> differs from Linux in regard to the location and number of configuration files. In Linux,<br />
there are many configuration files and most of them are in or under the /etc/ directory. On<br />
z/<strong>VM</strong>, there are relatively few configuration files. However, they are on many different<br />
minidisks. Table 14-1provides a summary and the location of important z/<strong>VM</strong> configuration<br />
files.<br />
Table 14-1 Important z/<strong>VM</strong> configuration files<br />
File Location Description<br />
SYSTEM CONFIG MAINT CF1 This is the operating system’s main configuration file. It defines the system<br />
name, the CP volumes, User volumes and other settings.<br />
USER DIRECT MAINT 2CC This file defines the user directory. All user IDs or virtual machines known<br />
to the system are defined here (assuming a directory maintenance<br />
product is not being used).<br />
TCPIP TCPMAINT 198 This file defines the resources <strong>for</strong> the primary z/<strong>VM</strong> TCP/IP stack,<br />
including TCP/IP address, OSA resources, subnet mask and gateway. It<br />
is initially created by the IPWIZARD tool as PROFILE TCPIP.<br />
SYSTEM DTCPARMS TCPMAINT 198 This file is created to define the TCP/IP stacks on the system. It is initially<br />
created by the IPWIZARD tool.<br />
TCPIP DATA TCPMAINT 592 This file defines the DNS server, the domain name and some other<br />
settings. It is initially created by the IPWIZARD tool.<br />
PROFILE EXEC AUTOLOG1 191 This file is a REXX EXEC that is run when the system starts up. It is<br />
analogous to the /etc/inittab file in Linux.<br />
240 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
A.4 Cheat sheets<br />
This section contains quick references or “cheat sheets” <strong>for</strong> the XEDIT and vi editors<br />
A.4.1 XEDIT cheat sheet<br />
A.4.2 vi cheat sheet<br />
XEDIT has line commands which are typed on the command line (===>) and prefix<br />
commands which are typed over the line numbers on the left side of the screen.<br />
Line Commands<br />
a Add a line<br />
a Add ‘n’ lines<br />
c/// Search <strong>for</strong> string ‘old’ and replace it with ‘new’ <strong>for</strong> ‘n’ lines<br />
below the current line and ‘m’ times on each line. ‘*’ can be used <strong>for</strong> ‘n’ and ‘m’<br />
/ Search <strong>for</strong> ‘string’ from the current line<br />
-/ Search backwards <strong>for</strong> ‘string’<br />
all // Show all occurences of ‘string’ and hide other lines<br />
bottom Move to the bottom of the file<br />
top Move to the top of the file<br />
down Move down ‘n’ lines<br />
up Move up ‘n’ lines<br />
file Save the current file and exit XEDIT<br />
ffile Save the current file and exit but don’t warn of overwrite<br />
save Save the current file but don’t exit<br />
quit Exit XEDIT if no changes have been made<br />
qquit Exit XEIDT even if changes have not been saved<br />
left Shift ‘n’ characters to the left<br />
right Shift ‘n’ characters to the right<br />
get Copy file and insert past the current line<br />
: Move to line ‘n’<br />
? Display last command<br />
= Execute last command<br />
x Edit ‘file’ and put it into the XEDIT “ring”<br />
x Move to the next file in the ring<br />
Prefix Commands<br />
a Add one line<br />
a Add 'n' lines<br />
c Copies one line<br />
cc Copies a block of lines<br />
d Deletes one line<br />
dd Deletes a block of lines<br />
f Line after which a copy (c) or a move (m) is to be inserted<br />
p Line be<strong>for</strong>e which a copy (c) or a move (m) is to be inserted<br />
i Insert a line<br />
i Insert 'n' lines<br />
m Move one line<br />
mm Move a block of lines<br />
" Replicate a line<br />
" Replicate a line 'n' times<br />
"" Replicate a block of lines<br />
Following is a small subset of vi commands, but those most commonly used.<strong>The</strong> vi editor has<br />
three modes:<br />
Appendix A. References 241
1. Input mode - the Insert key, i, o (add a line below), O (add a line above) and other<br />
commands put you in this mode. When you are in this mode you will see the text<br />
--INSERT-- in the last line.<br />
2. Command mode - 'Esc' gets you out of input mode and into command mode<br />
i brings you back to input mode<br />
dd deletes a line and puts it in the buffer<br />
dd delete lines<br />
x delete a character<br />
dw delete a word<br />
p add the buffer past the current location<br />
P add the buffer be<strong>for</strong>e the current location<br />
o add a line and go into insert mode<br />
/string - search <strong>for</strong> string<br />
n do the last command again (this can be powerful)<br />
jkl; cursor movement<br />
A add text at the end of the line<br />
G go to line <br />
G go to the last line in the file<br />
yy yank a line (copy into buffer)<br />
yy yank n lines<br />
3. Command line mode - pressing the colon : key brings you to this mode<br />
:wq save (write & quit)<br />
:q! quit and discard changes<br />
: go to line number <br />
:r read into the current file<br />
:1,$s/old/new/g globally replace with <br />
:help give help<br />
242 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
Appendix B. Source code<br />
This section lists source code associated with this book. <strong>The</strong> following sections are included:<br />
► Appendix B.1, “Obtaining and using the Web material” on page 243<br />
► Appendix B.2, “z/<strong>VM</strong> REXX EXECs and XEDIT macros” on page 244<br />
► Appendix B.3, “Linux code” on page 252<br />
B.1 Obtaining and using the Web material<br />
<strong>The</strong> PDF of this book is on the Internet at:<br />
http://www.redbooks.ibm.com/abstracts/sg247492.html<br />
<strong>The</strong> files associated with this book are in a GNU zip tar file at:<br />
ftp://www.redbooks.ibm.com/redbooks/SG247492/SG24-7492.tgz<br />
B<br />
Download the tar file to your NFS server and use it as is described in section 7.5.1, “Copying<br />
files to the cloner” on page <strong>10</strong>7. After untarring the file, you will have a directory named<br />
virt-cookbook-RH6. Under that directory are the following files and directory:<br />
README.txt <strong>The</strong> main README file<br />
clone.sh <strong>The</strong> script to clone the golden image to a target user ID<br />
vm/ A directory containing files used on z/<strong>VM</strong><br />
vm/cp<strong>for</strong>mat.exec EXEC to <strong>for</strong>mat multiple DASD volumes<br />
vm/chpw6<strong>10</strong>.xedit XEDIT macro to change passwords<br />
vm/profile.exec Sample PROFILE EXEC <strong>for</strong> Linux IDs<br />
vm/swapgen.exec EXEC to define VDISK swap spaces<br />
vm/sample.parm-rh6 Sample RHEL 6 parameter file<br />
vm/sample.conf-rh6 Sample RHEL 6 configuration file<br />
vm/rhel6.exec XEC to start RHEL 6 install<br />
clone-1.0-<strong>10</strong>.s390x.rpm RPM with Linux cloning script and man page<br />
README.txt Tar file description file<br />
© Copyright <strong>IBM</strong> Corp. 20<strong>10</strong>. All rights reserved. 243
B.2 z/<strong>VM</strong> REXX EXECs and XEDIT macros<br />
This section lists three z/<strong>VM</strong> REXX EXECs, one XEDIT macro and a sample parameter file.<br />
B.2.1 <strong>The</strong> CPFORMAT EXEC<br />
Following is the code <strong>for</strong> the EXEC that <strong>for</strong>mats multiple disks using CPFMTXA (described in<br />
section 4.6.1, “Formatting the paging volumes” on page 47):<br />
/*+------------------------------------------------------------------+*/<br />
/*| EXEC: CPFORMAT - wrapper around CPFMTXA to <strong>for</strong>mat many DASD |*/<br />
/*| retVal: 0 - success |*/<br />
/*| 1 - help was asked <strong>for</strong> or given |*/<br />
/*| 2 - user is not sure |*/<br />
/*| 3 - DASD (minidisk) range is not valid |*/<br />
/*| 4 - at least one DASD (minidisk) is reserved to MAINT |*/<br />
/*+------------------------------------------------------------------+*/<br />
/* For details on how this EXEC is used, see one of the two books:<br />
"z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z: <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> <strong>SLES</strong> 11 SP1"<br />
on the Web at: http://www.redbooks.ibm.com/abstracts/SG247493.html<br />
-or-<br />
"z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z: <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6"<br />
on the Web at: http://www.redbooks.ibm.com/abstracts/SG247492.html */<br />
/*------------------------------------------------------------------<br />
THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR<br />
CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT<br />
LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,<br />
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.<br />
NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR<br />
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL<br />
DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED<br />
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,<br />
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF<br />
THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS<br />
GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES<br />
-------------------------------------------------------------------*/<br />
firstChar = 'U' /* change this <strong>for</strong> an LPAR ID other than 'U' */<br />
parse upper arg dasds "AS " type<br />
if ((dasds = '') | (dasds = '?')) then call help<br />
labelPrefix = getLabelPrefix(firstChar type)<br />
numDasd = parseDasd(dasds)<br />
answer = areYouSure(type)<br />
if (answer = 'Y') then /* the user is sure */<br />
do<br />
<strong>for</strong>matted = ""<br />
retVal = doFormat(labelPrefix numDasd type)<br />
call doReport retVal<br />
end<br />
else<br />
retVal = 2<br />
exit retVal<br />
/*+------------------------------------------------------------------+*/<br />
help: procedure expose firstChar<br />
/*+------------------------------------------------------------------+*/<br />
parse source . . fn .<br />
say ''<br />
say 'Synopsis:'<br />
244 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
say ''<br />
say ' Format one or a range of DASD as page, perm, spool or temp disk space'<br />
say ' <strong>The</strong> label written to each DASD is '||firstChar||' where:'<br />
say ' is type - P (page), M (perm), S (spool) or T (Temp disk)'<br />
say ' is the 4 digit address'<br />
say ''<br />
say 'Syntax is:'<br />
say " .-PAGE-."<br />
say " >>--CPFORMAT--.-rdev--------------.--AS---+-PERM-+--------->
parse upper var dasds dasd dasds<br />
dashPos = pos('-', dasd)<br />
if (dashPos = 0) then /* there is just one DASD */<br />
do<br />
numDasd = numDasd + 1<br />
dasdList.numDasd = dasd<br />
'CP Q MDISK' dasdList.numDasd 'LOCATION'<br />
if (rc 0) then<br />
do<br />
say 'Return code from Q MDISK =' rc<br />
say 'Are all DASD ATTached?'<br />
exit 3<br />
end<br />
call checkReserved(dasdList.numDasd)<br />
end /* do */<br />
else /* process the range of DASD */<br />
do<br />
startRange = substr(dasd, 1, dashPos - 1)<br />
endRange = substr(dasd, dashPos + 1, length(dasd) - dashPos)<br />
do i = x2d(startRange) to x2d(endRange)<br />
numDasd = numDasd + 1<br />
dasdList.numDasd = d2x(i)<br />
'CP Q MDISK' dasdList.numDasd 'LOCATION'<br />
if (rc 0) then<br />
do<br />
say 'Return code from Q MDISK =' rc<br />
exit 3<br />
end<br />
call checkReserved(dasdList.numDasd)<br />
end /* do i */<br />
end /* else */<br />
end /* do while */<br />
return numDasd /* from parseDasd */<br />
/*+------------------------------------------------------------------+*/<br />
doFormat: procedure expose dasdList. <strong>for</strong>matted<br />
/*| Format all DASD specified using CPFMTXA |*/<br />
/*| parm 1: labelPrefix - the two character label prefix |*/<br />
/*| parm 2: numDasd - number of DASD in the array dasdList |*/<br />
/*| parm 3: type - the type of DASD <strong>for</strong>mat |*/<br />
/*| retVal: 0 = success |*/<br />
/*+------------------------------------------------------------------+*/<br />
arg labelPrefix numDasd type<br />
'CP TERM MORE 1 1'<br />
do i = 1 to numDasd<br />
label = getLabel(labelPrefix dasdList.i)<br />
retVal = <strong>for</strong>matOne(dasdList.i type label)<br />
if (retVal ^= 0) then<br />
do<br />
say "Error from CPFMTXA on DASD" label "rc =" retVal<br />
leave /* error - abort! */<br />
end<br />
<strong>for</strong>matted = <strong>for</strong>matted label<br />
end /* do i = */<br />
'CP TERM MORE 50 <strong>10</strong>'<br />
return retVal /* from doFormat */<br />
/*+------------------------------------------------------------------+*/<br />
checkReserved: procedure<br />
/*| Try copying an already <strong>for</strong>matted DASD then relabelling it |*/<br />
246 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
*| parm 1: source |*/<br />
/*| parm 2: target |*/<br />
/*| parm 3: label |*/<br />
/*+------------------------------------------------------------------+*/<br />
arg dasd<br />
/* create a list of reserved dasd - this is somewhat hokey to be sure<br />
but it's better to be hokey than to <strong>for</strong>mat system minidisks! */<br />
resvd1 = "0122 0123 0124 0125 0190 0191 0193 0194 019D 019E 0201 02A2"<br />
resvd2 = "02A4 02A6 02C2 02C4 02CC 02D2 0319 03A2 03A4 03A6 03B2 03C2"<br />
resvd3 = "03C4 03D2 0400 0401 0402 0405 0490 0493 049B 049E 04A2 04A4"<br />
resvd4 = "04A6 04B2 04C2 04C4 04D2 0500 051D 05A2 05A4 05A6 05B2 05C2"<br />
resvd5 = "05C4 05D2 05E5 05E6 06A2 06A4 06A6 06B2 06C2 06C4 06D2 07A2"<br />
resvd6 = "07A4 07A6 07B2 07C2 07C4 07D2 0CF1 0CF2 0CF3"<br />
reserved = resvd1 resvd2 resvd3 resvd4 resvd5 resvd6<br />
if (index(reserved, dasd) 0) then /* MAINT minidisk - ABORT! */<br />
do<br />
say 'Minidisk' dasd 'is a reserved MAINT minidisk'<br />
say 'This must be <strong>for</strong>matted manually using a different vaddr'<br />
exit 4<br />
end /* if dasd is reserved */<br />
return /* from checkReserved */<br />
/*+------------------------------------------------------------------+*/<br />
doReport: procedure expose dasds <strong>for</strong>matted<br />
/*| Report on the newly labelled DASD |*/<br />
/*| parm 1: <strong>for</strong>matSuccess - 0=all is well, non-0= a <strong>for</strong>mat failed |*/<br />
/*| retVal: 0 = success |*/<br />
/*+------------------------------------------------------------------+*/<br />
arg <strong>for</strong>matSuccess<br />
if (<strong>for</strong>matSuccess ^= 0) then<br />
say 'Error was encountered! retVal from CPFMTXA =' <strong>for</strong>matSuccess<br />
if (<strong>for</strong>matted = '') then<br />
say "No DASD were successfully <strong>for</strong>matted"<br />
else<br />
say "DASD successfully <strong>for</strong>matted:" <strong>for</strong>matted<br />
'DETACH' dasds<br />
'ATTACH' dasds '*'<br />
say ''<br />
say 'DASD status after:'<br />
'CP Q MDISK' dasds 'LOCATION'<br />
return 0 /* from doReport */<br />
/*+------------------------------------------------------------------+*/<br />
<strong>for</strong>matOne: procedure<br />
/*| Format a DASD via DDR |*/<br />
/*| parm 1: disk - the vaddr to be <strong>for</strong>matted |*/<br />
/*| parm 2: type - PAGE, SPOL or PERM |*/<br />
/*| parm 3: label - the six character label |*/<br />
/*+------------------------------------------------------------------+*/<br />
arg disk type label<br />
queue 'FORMAT'<br />
queue disk<br />
queue '0 END'<br />
queue label<br />
queue 'YES'<br />
queue type '0 END'<br />
queue 'END'<br />
'CPFMTXA'<br />
retVal = rc<br />
Appendix B. Source code 247
eturn retVal /* from <strong>for</strong>matOne */<br />
/*+------------------------------------------------------------------+*/<br />
getLabel: procedure<br />
/*| Compose the six character label of a minidisk |*/<br />
/*| parm 1: labelPrefix - first two characters of label |*/<br />
/*| parm 2: disk - vaddr of length 1, 2, 3 or 4 |*/<br />
/*| return: the 6 character label |*/<br />
/*+------------------------------------------------------------------+*/<br />
arg labelPrefix disk<br />
diskLen = length(disk)<br />
select<br />
when (diskLen = 1) then /* insert 3 zeros */<br />
label = labelPrefix||'000'||disk<br />
when (diskLen = 2) then /* insert 2 zeros */<br />
label = labelPrefix||'00'||disk<br />
when (diskLen = 3) then /* insert a zero */<br />
label = labelPrefix||'0'||disk<br />
otherwise /* it must be length 4 or query would have failed */<br />
label = labelPrefix||disk<br />
end /* select */<br />
return label /* from getLabel */<br />
B.2.2 <strong>The</strong> CHPW6<strong>10</strong> XEDIT macro<br />
Following is the code <strong>for</strong> the XEDIT macro that changes all passwords in the z/<strong>VM</strong> 5.4 USER<br />
DIRECT file:<br />
/*+------------------------------------------------------------------+*/<br />
/* CHPW6<strong>10</strong> XEDIT - change all passwords in z/<strong>VM</strong> 6.1 USER DIRECT file */<br />
/*+------------------------------------------------------------------+*/<br />
/*------------------------------------------------------------------<br />
THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR<br />
CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT<br />
LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,<br />
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.<br />
NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR<br />
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL<br />
DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED<br />
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,<br />
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF<br />
THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS<br />
GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES<br />
-------------------------------------------------------------------*/<br />
parse arg fn ft fm '(' options ')' newPass .<br />
if (length(newPass) > 8) then<br />
do<br />
say "Error: new password must be 8 characters or fewer"<br />
exit<br />
end<br />
say ''<br />
say 'Changing all passwords to:' newPass<br />
say ''<br />
/* set some values */<br />
'command set stay on'<br />
'command set num on'<br />
'command set nulls on'<br />
'command set serial off'<br />
248 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
'command set cmdline bottom'<br />
'command set curline on 3'<br />
'command set serial off'<br />
'command set scale off'<br />
'command set case m i'<br />
'command set pre off'<br />
'command set v 1 80'<br />
'command top'<br />
/* change user ID passwords */<br />
'command c/USER MAINT MAINT/USER MAINT' newPass'/*'<br />
'command c/USER AVS<strong>VM</strong> AVS<strong>VM</strong>/USER AVS<strong>VM</strong>' newPass'/*'<br />
'command c/USER TSAF<strong>VM</strong> TSAF<strong>VM</strong>/USER TSAF<strong>VM</strong>' newPass'/*'<br />
'command c/USER GCS GCS/USER GCS' newPass'/*'<br />
'command c/USER GCSXA GCSXA/USER GCSXA' newPass'/*'<br />
'command c/USER AUDITOR AUDITOR/USER AUDITOR' newPass'/*'<br />
'command c/USER AUTOLOG1 AUTOLOG1/USER AUTOLOG1' newPass'/*'<br />
'command c/USER AUTOLOG2 AUTOLOG2/USER AUTOLOG2' newPass'/*'<br />
'command c/USER BLDCMS BLDCMS/USER BLDCMS' newPass'/*'<br />
'command c/USER BLDNUC BLDNUC/USER BLDNUC' newPass'/*'<br />
'command c/USER BLDRACF BLDRACF/USER BLDRACF' newPass'/*'<br />
'command c/USER BLDSEG BLDSEG/USER BLDSEG' newPass'/*'<br />
'command c/USER CMS1 CMS1/USER CMS1' newPass'/*'<br />
'command c/USER CMSBATCH CMSBATCH/USER CMSBATCH' newPass'/*'<br />
'command c/USER DISKACNT DISKACNT/USER DISKACNT' newPass'/*'<br />
'command c/USER EREP EREP/USER EREP' newPass'/*'<br />
'command c/USER <strong>IBM</strong>USER <strong>IBM</strong>USER/USER <strong>IBM</strong>USER' newPass'/*'<br />
'command c/USER LGLOPR LGLOPR/USER LGLOPR' newPass'/*'<br />
'command c/USER MIGMAINT MIGMAINT/USER MIGMAINT' newPass'/*'<br />
'command c/USER MONWRITE MONWRITE/USER MONWRITE' newPass'/*'<br />
'command c/USER OP1 OP1/USER OP1' newPass'/*'<br />
'command c/USER OPERATNS OPERATNS/USER OPERATNS' newPass'/*'<br />
'command c/USER OPERATOR OPERATOR/USER OPERATOR' newPass'/*'<br />
'command c/USER OPERSYMP OPERSYMP/USER OPERSYMP' newPass'/*'<br />
'command c/USER SYSADMIN SYSADMIN/USER SYSADMIN' newPass'/*'<br />
'command c/USER SYSDUMP1 SYSDUMP1/USER SYSDUMP1' newPass'/*'<br />
'command c/USER SYSMAINT SYSMAINT/USER SYSMAINT' newPass'/*'<br />
'command c/USER SYSMON SYSMON/USER SYSMON' newPass'/*'<br />
'command c/USER <strong>VM</strong>RMADMN <strong>VM</strong>RMADMN/USER <strong>VM</strong>RMADMN' newPass'/*'<br />
'command c/USER <strong>VM</strong>RMS<strong>VM</strong> <strong>VM</strong>RMS<strong>VM</strong>/USER <strong>VM</strong>RMS<strong>VM</strong>' newPass'/*'<br />
'command c/USER <strong>VM</strong>SERVR <strong>VM</strong>SERVR/USER <strong>VM</strong>SERVR' newPass'/*'<br />
'command c/USER <strong>VM</strong>SERVS <strong>VM</strong>SERVS/USER <strong>VM</strong>SERVS' newPass'/*'<br />
'command c/USER <strong>VM</strong>SERVU <strong>VM</strong>SERVU/USER <strong>VM</strong>SERVU' newPass'/*'<br />
'command c/USER <strong>VM</strong>UTIL <strong>VM</strong>UTIL/USER <strong>VM</strong>UTIL' newPass'/*'<br />
'command c/USER VSMPROXY VSMPROXY/USER VSMPROXY' newPass'/*'<br />
'command c/USER VSMREQIN VSMREQIN/USER VSMREQIN' newPass'/*'<br />
'command c/USER VSMREQIU VSMREQIU/USER VSMREQIU' newPass'/*'<br />
'command c/USER VSMSERVE VSMSERVE/USER VSMSERVE' newPass'/*'<br />
'command c/USER VSMWORK1 VSMWORK1/USER VSMWORK1' newPass'/*'<br />
'command c/USER VSMWORK2 VSMWORK2/USER VSMWORK2' newPass'/*'<br />
'command c/USER VSMWORK3 VSMWORK3/USER VSMWORK3' newPass'/*'<br />
'command c/USER Z<strong>VM</strong>MAPLX MAINT/USER Z<strong>VM</strong>MAPLX' newPass'/*'<br />
'command c/USER 5684042J 5684042J/USER 5684042J' newPass'/*'<br />
'command c/USER 4OSASF40 4OSASF40/USER 4OSASF40' newPass'/*'<br />
'command c/USER OSADMIN1 OSADMIN1/USER OSADMIN1' newPass'/*'<br />
'command c/USER OSADMIN2 OSADMIN2/USER OSADMIN2' newPass'/*'<br />
'command c/USER OSADMIN3 OSADMIN3/USER OSADMIN3' newPass'/*'<br />
'command c/USER OSAMAINT OSAMAINT/USER OSAMAINT' newPass'/*'<br />
'command c/USER OSASF OSASF/USER OSASF' newPass'/*'<br />
Appendix B. Source code 249
'command c/USER 6<strong>VM</strong>RSC<strong>10</strong> 6<strong>VM</strong>RSC<strong>10</strong>/USER 6<strong>VM</strong>RSC<strong>10</strong>' newPass'/*'<br />
'command c/USER RSCS RSCS/USER RSCS' newPass'/*'<br />
'command c/USER RSCSAUTH RSCSAUTH/USER RSCSAUTH' newPass'/*'<br />
'command c/USER RSCSDNS RSCSDNS/USER RSCSDNS' newPass'/*'<br />
'command c/USER XCHANGE XCHANGE/USER XCHANGE' newPass'/*'<br />
'command c/USER 6<strong>VM</strong>TCP<strong>10</strong> 6<strong>VM</strong>TCP<strong>10</strong>/USER 6<strong>VM</strong>TCP<strong>10</strong>' newPass'/*'<br />
'command c/USER TCPIP TCPIP/USER TCPIP' newPass'/*'<br />
'command c/USER TCPMAINT TCPMAINT/USER TCPMAINT' newPass'/*'<br />
'command c/USER ADMSERV ADMSERV/USER ADMSERV' newPass'/*'<br />
'command c/USER DHCPD DHCPD/USER DHCPD' newPass'/*'<br />
'command c/USER DTCVSW1 DTCVSW1/USER DTCVSW1' newPass'/*'<br />
'command c/USER DTCVSW2 DTCVSW2/USER DTCVSW2' newPass'/*'<br />
'command c/USER FTPSERVE FTPSERVE/USER FTPSERVE' newPass'/*'<br />
'command c/USER IMAP IMAP/USER IMAP' newPass'/*'<br />
'command c/USER IMAPAUTH IMAPAUTH/USER IMAPAUTH' newPass'/*'<br />
'command c/USER LDAPSRV LDAPSRV/USER LDAPSRV' newPass'/*'<br />
'command c/USER LPSERVE LPSERVE/USER LPSERVE' newPass'/*'<br />
'command c/USER MPROUTE MPROUTE/USER MPROUTE' newPass'/*'<br />
'command c/USER NAMESRV NAMESRV/USER NAMESRV' newPass'/*'<br />
'command c/USER NDBPMGR NDBPMGR/USER NDBPMGR' newPass'/*'<br />
'command c/USER NDBSRV01 NDBSRV01/USER NDBSRV01' newPass'/*'<br />
'command c/USER PORTMAP PORTMAP/USER PORTMAP' newPass'/*'<br />
'command c/USER REXECD REXECD/USER REXECD' newPass'/*'<br />
'command c/USER SMTP SMTP/USER SMTP' newPass'/*'<br />
'command c/USER SNALNKA SNALNKA/USER SNALNKA' newPass'/*'<br />
'command c/USER SNMPD SNMPD/USER SNMPD' newPass'/*'<br />
'command c/USER SNMPQE SNMPQE/USER SNMPQE' newPass'/*'<br />
'command c/USER SNMPSUBA SNMPSUBA/USER SNMPSUBA' newPass'/*'<br />
'command c/USER SSLSERV SSLSERV/USER SSLSERV' newPass'/*'<br />
'command c/USER TFTPD TFTPD/USER TFTPD' newPass'/*'<br />
'command c/USER UFTD UFTD/USER UFTD' newPass'/*'<br />
'command c/USER <strong>VM</strong>KERB <strong>VM</strong>KERB/USER <strong>VM</strong>KERB' newPass'/*'<br />
'command c/USER <strong>VM</strong>NFS <strong>VM</strong>NFS/USER <strong>VM</strong>NFS' newPass'/*'<br />
'command c/USER X25IPI X25IPI/USER X25IPI' newPass'/*'<br />
'command c/USER 6<strong>VM</strong>DIR<strong>10</strong> 6<strong>VM</strong>DIR<strong>10</strong>/USER 6<strong>VM</strong>DIR<strong>10</strong>' newPass'/*'<br />
'command c/USER 6<strong>VM</strong>RAC<strong>10</strong> 6<strong>VM</strong>RAC<strong>10</strong>/USER 6<strong>VM</strong>RAC<strong>10</strong>' newPass'/*'<br />
'command c/USER RACFSMF RACFSMF/USER RACFSMF' newPass'/*'<br />
'command c/USER RACF<strong>VM</strong> RACF<strong>VM</strong>/USER RACF<strong>VM</strong>' newPass'/*'<br />
'command c/USER RACMAINT RACMAINT/USER RACMAINT' newPass'/*'<br />
'command c/USER 6<strong>VM</strong>PTK<strong>10</strong> 6<strong>VM</strong>PTK<strong>10</strong>/USER 6<strong>VM</strong>PTK<strong>10</strong>' newPass'/*'<br />
'command c/USER PERFS<strong>VM</strong> PERFS<strong>VM</strong>/USER PERFS<strong>VM</strong>' newPass'/*'<br />
'command c/USER 5<strong>VM</strong>HCD40 5<strong>VM</strong>HCD40/USER 5<strong>VM</strong>HCD40' newPass'/*'<br />
'command c/USER CBDIODSP CBDIODSP/USER CBDIODSP' newPass'/*'<br />
'command c/USER GSKADMIN GSKADMIN/USER GSKADMIN' newPass'/*'<br />
'command c/USER LNXMAINT LNXMAINT/USER LNXMAINT' newPass'/*'<br />
/* change mindisk passwords */<br />
'command c/ALL WRITE MULTIPLE/ALL' newPass newPass'/*'<br />
'command c/RADMSERV WADMSERV MADMSERV/'newPass newPass newPass'/*'<br />
'command c/RAUDITOR WAUDITOR MAUDITOR/'newPass newPass newPass'/*'<br />
'command c/RAUTOLOG WAUTOLOG MAUTOLOG/'newPass newPass newPass'/*'<br />
'command c/RAVSOBJ WAVSOBJ MAVSOBJ/'newPass newPass newPass'/*'<br />
'command c/RBATCH WBATCH MBATCH/'newPass newPass newPass'/*'<br />
'command c/RCATALOG WCATALOG/'newPass newPass'/*'<br />
'command c/RCONTROL WCONTROL/'newPass newPass'/*'<br />
'command c/RCRRLOG1 WCRRLOG1/'newPass newPass'/*'<br />
'command c/RCRRLOG2 WCRRLOG2/'newPass newPass'/*'<br />
'command c/RDATA WDATA/'newPass newPass'/*'<br />
'command c/RDHCPD WDHCPD MDHCPD/'newPass newPass newPass'/*'<br />
'command c/RDTCVSW1 WDTCVSW1 MDTCVSW1/'newPass newPass newPass'/*'<br />
250 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
'command c/RDTCVSW2 WDTCVSW2 MDTCVSW2/'newPass newPass newPass'/*'<br />
'command c/RDVF WDVF MDVF/'newPass newPass newPass'/*'<br />
'command c/READ WRITE MULTIPLE/'newPass newPass newPass'/*'<br />
'command c/READ WRITE/'newPass newPass'/*'<br />
'command c/RFTPSERV WFTPSERV MFTPSERV/'newPass newPass newPass'/*'<br />
'command c/RGCS WGCS MGCS/'newPass newPass newPass'/*'<br />
'command c/RGSKADMN WGSKADMN MGSKADMN/'newPass newPass newPass'/*'<br />
'command c/RIMAP WIMAP MIMAP/'newPass newPass newPass'/*'<br />
'command c/RLDAPSRV WLDAPSRV MLDAPSRV/'newPass newPass newPass'/*'<br />
'command c/RLOG1 WLOG1/'newPass newPass'/*'<br />
'command c/RLOG2 WLOG2/'newPass newPass'/*'<br />
'command c/RLPSERVE WLPSERVE MLPSERVE/'newPass newPass newPass'/*'<br />
'command c/RMAINT WMAINT MMAINT/'newPass newPass newPass'/*'<br />
'command c/RMPROUTE WMPROUTE MMPROUTE/'newPass newPass newPass'/*'<br />
'command c/RNAMESRV WNAMESRV MNAMESRV/'newPass newPass newPass'/*'<br />
'command c/RNDBPMGR WNDBPMGR MNDBPMGR/'newPass newPass newPass'/*'<br />
'command c/RNDBSRV0 WNDBSRV0 MNDBSRV0/'newPass newPass newPass'/*'<br />
'command c/RPORTMAP WPORTMAP MPORTMAP/'newPass newPass newPass'/*'<br />
'command c/RREXECD WREXECD MREXECD/'newPass newPass newPass'/*'<br />
'command c/RSERVER WSERVER/'newPass newPass'/*'<br />
'command c/RSMTP WSMTP MSMTP/'newPass newPass newPass'/*'<br />
'command c/RSNALNKA WSNALNKA MSNALNKA/'newPass newPass newPass'/*'<br />
'command c/RSNMPD WSNMPD MSNMPD/'newPass newPass newPass'/*'<br />
'command c/RSNMPQE WSNMPQE MSNMPQE/'newPass newPass newPass'/*'<br />
'command c/RSNMPSUB WSNMPSUB MSNMPSUB/'newPass newPass newPass'/*'<br />
'command c/RSSLSERV WSSLSERV MSSLSERV/'newPass newPass newPass'/*'<br />
'command c/RSYSMON WSYSMON MSYSMON/'newPass newPass newPass'/*'<br />
'command c/RTCPIP WTCPIP MTCPIP/'newPass newPass newPass'/*'<br />
'command c/RTCPMAIN WTCPMAIN MTCPMAIN/'newPass newPass newPass'/*'<br />
'command c/RTFTPD WTFTPD MTFTPD/'newPass newPass newPass'/*'<br />
'command c/RTSAFOBJ WTSAFOBJ MTSAFOBJ/'newPass newPass newPass'/*'<br />
'command c/RUFTD WUFTD MUFTD/'newPass newPass newPass'/*'<br />
'command c/R<strong>VM</strong>KERB W<strong>VM</strong>KERB M<strong>VM</strong>KERB/'newPass newPass newPass'/*'<br />
'command c/R<strong>VM</strong>NFS W<strong>VM</strong>NFS M<strong>VM</strong>NFS/'newPass newPass newPass'/*'<br />
'command c/RX25IPI WX25IPI MX25IPI/'newPass newPass newPass'/*'<br />
'command c/R4TCPIP W4TCPIP M4TCPIP/'newPass newPass newPass'/*'<br />
'command c/ALL WTCPMAIN MTCPMAIN/ALL' newPass newPass'/*'<br />
'command c/MR READ/'MR newPass'/*'<br />
B.2.3 PROFILE EXEC <strong>for</strong> Linux user IDs<br />
This section lists the code <strong>for</strong> the PROFILE EXEC that is shared among Linux user IDs from the<br />
LNXMAINT 192 disk.<br />
/* PROFILE EXEC <strong>for</strong> Linux virtual servers */<br />
'CP SET RUN ON'<br />
'CP SET PF11 RETRIEVE FORWARD'<br />
'CP SET PF12 RETRIEVE'<br />
'ACC 592 C'<br />
'SWAPGEN 300 524288' /* create a 256M VDISK disk swap space */<br />
'SWAPGEN 301 <strong>10</strong>48576' /* create a 512M VDISK disk swap space */<br />
'PIPE CP QUERY' userid() '| var user'<br />
parse value user with id . dsc .<br />
if (dsc = 'DSC') then /* user is disconnected */<br />
'CP IPL <strong>10</strong>0'<br />
else /* user is interactive -> prompt */<br />
do<br />
say 'Do you want to IPL Linux from minidisk <strong>10</strong>0? y/n'<br />
parse upper pull answer .<br />
if (answer = 'Y') then 'CP IPL <strong>10</strong>0'<br />
Appendix B. Source code 251
B.3 Linux code<br />
end /* else */<br />
This section lists the code <strong>for</strong> the /usr/sbin/clone script that clones from a golden Linux<br />
image to a target virtual machine.<br />
#!/bin/sh<br />
#<br />
# clone.sh is a script that clones Linux images. It makes use of vmcp to<br />
# relay messages to the z/<strong>VM</strong> system and configuration files to modify<br />
# the new image once it has been cloned.<br />
#<br />
# <strong>The</strong> script reads in /etc/sysconfig/clone <strong>for</strong> user setting customizations.<br />
#<br />
# For details on how this script works see the book:<br />
# "z/<strong>VM</strong> and Linux on <strong>IBM</strong> System z: <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL6"<br />
# on the Web at: http://www.redbooks.ibm.com/abstracts/sg247492.html<br />
#<br />
# ----------------------------------------------------------------------------<br />
# THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS<br />
# OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY<br />
# WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY<br />
# OR FITNESS FOR A PARTICULAR PURPOSE.<br />
# NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY<br />
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES<br />
# (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY<br />
# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING<br />
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR<br />
# DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED<br />
# HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES<br />
# ----------------------------------------------------------------------------<br />
# <strong>The</strong>se MUST be lower case!<br />
MASTER_LINK=fffe<br />
CLONE_LINK=ffff<br />
#+--------------------------------------------------------------------------+<br />
function help<br />
# give help<br />
#+--------------------------------------------------------------------------+<br />
{<br />
echo "Usage: clone [-v] sourceID targetID [rootMinidisk [minidisk1 minidisk2..]]"<br />
echo " Switches"<br />
echo " -v Verbose output"<br />
echo " Required"<br />
echo " sourceID the z/<strong>VM</strong> user id you want to clone from"<br />
echo " targetID the z/<strong>VM</strong> user id you want to clone to"<br />
echo " Optional"<br />
echo " rootMinidisk the minidisk address that contains the root filesystem"<br />
echo " minidisk1..n additional minidisks that should be copied"<br />
exit<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function cp_cmd<br />
# echo a CP command and invoke it via cp_cmd<br />
# Arg1-n: the z/<strong>VM</strong> command to issue<br />
252 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
# Return: the z/<strong>VM</strong> command's return code<br />
#+--------------------------------------------------------------------------+<br />
{<br />
[ -n "$VERBOSE" ] && echo "Invoking CP command: $@"<br />
out=$(vmcp $@ 2>&1)<br />
rc=$?<br />
# Pull the z/<strong>VM</strong> error code from the output<br />
if [ $rc -ne 0 ] ; then<br />
rc=$(echo $out | grep Error | sed s/.*#//g)<br />
[ -z "$rc" ] && rc=1<br />
fi<br />
return $rc<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function copy_key<br />
# If the host has a id_dsa.pub file then append that to the clone's<br />
# authorized_keys file.<br />
#+--------------------------------------------------------------------------+<br />
{<br />
if [ -e /root/.ssh/id_dsa.pub ] ; then<br />
[ ! -d /mnt/clone/root/.ssh/ ] && mkdir -p /mnt/clone/root/.ssh/<br />
echo "# LNXINST" >> /mnt/clone/root/.ssh/authorized_keys<br />
cat /root/.ssh/id_dsa.pub >> /mnt/clone/root/.ssh/authorized_keys<br />
chmod 600 /mnt/clone/root/.ssh/authorized_keys<br />
fi<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function abort<br />
# Exit the script and clean up<br />
#+--------------------------------------------------------------------------+<br />
{<br />
umount_cloned_image<br />
set_offline $CLONE_LINK<br />
set_offline $MASTER_LINK<br />
unlink_one $CLONE_LINK<br />
unlink_one $MASTER_LINK<br />
exit $1<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function get_target_info<br />
# Get the TCP/IP and DNS info <strong>for</strong> the Linux ID to clone to. This function<br />
# will check both the shared.conf file and the specific target id's conf<br />
# file. If values are still missing then the user will be prompted to<br />
# supply them.<br />
#+--------------------------------------------------------------------------+<br />
{<br />
unset HOSTNAME<br />
[ -f /etc/clone/shared.conf ] && . /etc/clone/shared.conf<br />
[ -f /etc/clone/${target_linux_id}.conf ] && . /etc/clone/${target_linux_id}.conf<br />
shift # drop the MasterGuestID<br />
shift # drop the CloneGuestID<br />
Appendix B. Source code 253
# If there are still command line arguments then the user must have specified DASD<br />
# on the command line. Unset whatever we have in DASD (from the config files) and<br />
# set DASD equal to the rest of the arguments.<br />
[ $# -gt 0 ] && DASD="$@" && unset DASD_ROOT<br />
# Loop through all of the values that we require and double check that they have<br />
# values. If they don't then we will prompt the user to fill them in.<br />
<strong>for</strong> v in HOSTNAME IPADDR DNS GATEWAY NETMASK MTU SUBCHANNELS SEARCHDNS NETTYPE DASD<br />
do<br />
if [ -z "$(eval echo \$$v)" ]; then<br />
[ "$PROMPT" != "y" ] && echo "Error: missing required value <strong>for</strong> $v" && exit 1<br />
[ -z "$first" ] && echo "Please enter $target_linux_id's value <strong>for</strong>: " && first=1<br />
echo -n "$v: "<br />
read in<br />
eval $(echo $v=\"$in\")<br />
export $v<br />
echo "$v=$in" >> /etc/clone/${target_linux_id}.conf<br />
fi<br />
done<br />
# Expand DASD ranges if they have been defined<br />
if [ -n "$DASD" ] ; then<br />
split=$(echo $DASD | tr ',' ' ')<br />
DASD=""<br />
<strong>for</strong> s in $split<br />
do<br />
out=$(echo $s | grep \-)<br />
rc=$?<br />
[ $rc -eq 0 ] && DASD=${DASD}$(seq -s" " $(echo $s | tr '-' ' ' | tr '\n' ' '))<br />
[ $rc -ne 0 ] && DASD=${DASD}$(echo -n "$s ")<br />
done<br />
[ -n "$DASD_ROOT" ] && DASD=$(echo $DASD | sed "s/$DASD_ROOT//")<br />
DASD="$DASD_ROOT $DASD"<br />
# Assuming that if no DASD_ROOT is specified then the first DASD device will be<br />
# take as root<br />
if [ -z "$DASD_ROOT" ] ; then<br />
DASD_ROOT=$(echo $DASD | awk -F" " '{print $1}')<br />
fi<br />
export DASD<br />
fi<br />
# Grab just the hostname with out any DNS suffixes from the FQDN<br />
target_host=$(echo $target_fqhost | awk -F. '{print $1}')<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function dd_copy<br />
# Use the dd command to copy one disk to another<br />
# Arg 1: Source minidisk - assumed to be online<br />
# Arg 2: Target minidisk - must be brought online and dasdfmt'd<br />
#+--------------------------------------------------------------------------+<br />
{<br />
ret_val=0<br />
source_mdisk=$1<br />
target_mdisk=$2<br />
# Bring the source and target devices online<br />
set_online $source_mdisk<br />
254 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
set_online $target_mdisk<br />
target_dev_node=`cat /proc/dasd/devices | grep "$target_mdisk(ECKD)" | awk '{ print $7<br />
}'`<br />
source_dev_node=`cat /proc/dasd/devices | grep "$source_mdisk(ECKD)" | awk '{ print $7<br />
}'`<br />
wait_<strong>for</strong>_device /dev/$target_dev_node<br />
ret_val=$?<br />
if [ $ret_val -eq 0 ] ; then<br />
[ -n "$VERBOSE" ] && echo "Invoking Linux command: dasdfmt -p -b 4096 -y -f<br />
/dev/$target_dev_node"<br />
[ -n "$VERBOSE" ] && progress="-p"<br />
dasdfmt $progress -b 4096 -y -f /dev/$target_dev_node<br />
[ $? -ne 0 ] && echo "Error: dasdfmt failed" && ret_val=1<br />
fi<br />
if [ $ret_val -eq 0 ] ; then<br />
wait_<strong>for</strong>_device /dev/$source_dev_node<br />
ret_val=$?<br />
fi<br />
if [ $ret_val -eq 0 ] ; then<br />
[ -n "$VERBOSE" ] && \<br />
echo "Invoking Linux command: dd bs=1M if=/dev/$source_dev_node<br />
of=/dev/$target_dev_node"<br />
dd bs=1M if=/dev/$source_dev_node of=/dev/$target_dev_node >/dev/null<br />
[ $? -ne 0 ] && echo "Error: dd failed" && ret_val=1<br />
fi<br />
# Put the source and target devices offline<br />
set_offline $target_mdisk<br />
set_offline $source_mdisk<br />
return $ret_val<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function link_one<br />
# This will link one minidisk from another user id as the target minidisk<br />
# address on the current z/<strong>VM</strong> user id with a link mode indicated by the<br />
# 4th argument.<br />
#<br />
# Arg1: Source z/<strong>VM</strong> ID<br />
# Arg2: Source minidisk virtual address<br />
# Arg3: Target minidisk virtual address<br />
# Arg4: Link mode (rr/w)<br />
#+--------------------------------------------------------------------------+<br />
{<br />
source_id=$1<br />
source_mdisk=$2<br />
target_mdisk=$3<br />
link_mode=$4<br />
cp_cmd QUERY VIRTUAL $target_mdisk<br />
if [ $? != 40 ]; then<br />
cp_cmd DETACH $target_mdisk<br />
fi<br />
Appendix B. Source code 255
cp_cmd LINK $source_id $source_mdisk $target_mdisk $link_mode $LINK_PASSWD<br />
if [ $? != 0 ]; then<br />
echo "cp_cmd link $source_id $source_mdisk $target_mdisk $link_mode failed -<br />
exiting"<br />
abort 1<br />
fi<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function unlink_one<br />
# This will unlink a minidisk from the current z/<strong>VM</strong> user id.<br />
# Arg1: <strong>The</strong> target minidisk to unlink<br />
#+--------------------------------------------------------------------------+<br />
{<br />
cp_cmd DETACH $1<br />
return $?<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function copy_one<br />
# Try to use z/<strong>VM</strong> FLASHCOPY to copy one disk to another. If that fails,<br />
# call dd_copy() to fall back to the Linux DD command<br />
# Arg 1: Source minidisk<br />
# Arg 2: Target minidisk<br />
#+--------------------------------------------------------------------------+<br />
{<br />
source_mdisk=$1<br />
target_mdisk=$2<br />
if [ "$CLONE_METHOD" == "AUTO" -o "$CLONE_METHOD" == "auto" ] ; then<br />
cp_cmd FLASHCOPY $source_mdisk 0 END $target_mdisk 0 END<br />
rc=$?<br />
if [ $rc -ne 0 ]; then # FLASHCOPY failed<br />
[ -n "$VERBOSE" ] && echo "FLASHCOPY $source_mdisk $target_mdisk failed with $rc -<br />
using Linux dd"<br />
else<br />
return 0<br />
fi<br />
fi<br />
dd_copy $source_mdisk $target_mdisk<br />
[ $? -ne 0 ] && return 1<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function copy_disks<br />
# Call copy_one to copy each disk passed in as an argument.<br />
# Arg1-n: <strong>The</strong> minidisk address to copy<br />
#+--------------------------------------------------------------------------+<br />
{<br />
[ -n "$VERBOSE" ] && echo "Copying minidisks..."<br />
while [ $# -gt 0 ]; do<br />
link_one $source_linux_id $1 $MASTER_LINK RR<br />
link_one $target_linux_id $1 $CLONE_LINK W<br />
copy_one $MASTER_LINK $CLONE_LINK<br />
[ $? -eq 0 ] && echo "$1 disk copied ..."<br />
unlink_one $MASTER_LINK<br />
unlink_one $CLONE_LINK<br />
shift<br />
done<br />
256 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
}<br />
#+--------------------------------------------------------------------------+<br />
function link_disks<br />
# Call link_one to link each disk passed in as an argument.<br />
# Arg1-n: <strong>The</strong> minidisk address to link<br />
#+--------------------------------------------------------------------------+<br />
{<br />
[ -n "$VERBOSE" ] && echo "Linking minidisks <strong>for</strong> L<strong>VM</strong>..."<br />
while [ $# -gt 0 ]; do<br />
link_one $target_linux_id $1 400$# W<br />
set_online 400$#<br />
[ $? -eq 0 ] && echo "$1 disk linked ..."<br />
shift<br />
done<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function unlink_disks<br />
# Call unlink_one to unlink each disk passed in as an argument.<br />
# Arg1-n: <strong>The</strong> minidisk address to unlink<br />
#+--------------------------------------------------------------------------+<br />
{<br />
[ -n "$VERBOSE" ] && echo "Unlinking minidisks ..."<br />
while [ $# -gt 0 ]; do<br />
set_offline 400$#<br />
unlink_one 400$#<br />
[ $? -eq 0 ] && echo "$1 disk unlinked ..."<br />
shift<br />
done<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function ask_are_you_sure<br />
# Ask "Are you sure?" - if not, then exit<br />
#+--------------------------------------------------------------------------+<br />
{<br />
echo ""<br />
echo "This will copy disks from $source_linux_id to $target_linux_id"<br />
echo "Host name will be: $HOSTNAME"<br />
echo "IP address will be: $IPADDR"<br />
echo -n "Do you want to continue? (y/n): "<br />
read ans<br />
if [ $ans != "y" ]; then<br />
abort 1<br />
fi<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function check_logged_off<br />
# Verify the user ID exists and is logged off<br />
# Arg1: <strong>The</strong> user id to query if it is logged on or not<br />
#+--------------------------------------------------------------------------+<br />
{<br />
cp_cmd QUERY $1<br />
case $? in<br />
0) # user ID is logged on or disconnected<br />
echo "$1 user ID must be logged off"<br />
exit 2<br />
;;<br />
Appendix B. Source code 257
3) # user ID does not exist<br />
echo "$1 user ID does not exist"<br />
exit 3<br />
;;<br />
45) # user ID is logged off - this is correct<br />
;;<br />
*) # unexpected<br />
echo "$1 user ID must exist and be logged off"<br />
exit 4<br />
esac<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function modify_cloned_image<br />
# Modify the networking in<strong>for</strong>mation in appropriate files under /etc<br />
# Regenerate SSH keys in golden image's /etc/ssh/ directory and change root pw<br />
#+--------------------------------------------------------------------------+<br />
{<br />
source_ipaddr=$(grep IPADDR $CLONE_MNT_PT/etc/sysconfig/network-scripts/ifcfg-eth0 \<br />
| awk -F= '{print $2}')<br />
source_hostname=$(grep HOSTNAME $CLONE_MNT_PT/etc/sysconfig/network \<br />
| awk -F= '{print $2}')<br />
source_host=$(echo $source_hostname| awk -F. '{print $1}')<br />
[ ! -d $CLONE_MNT_PT/etc ] && echo "Error: no $CLONE_MNT_PT/etc found" && abort 1<br />
[ -n "$VERBOSE" ] && echo "Modifying networking info under $CLONE_MNT_PT..."<br />
sed -i \<br />
-e "s/$source_ipaddr/$IPADDR/g" \<br />
-e "s/$source_hostname/$HOSTNAME/g" \<br />
-e "s/$source_host/$target_host/g" \<br />
$CLONE_MNT_PT/etc/hosts<br />
sed -i \<br />
-e "s/HOSTNAME=.*/HOSTNAME=$HOSTNAME/g"\<br />
-e "s/GATEWAY=.*/GATEWAY=$GATEWAY/g"\<br />
$CLONE_MNT_PT/etc/sysconfig/network<br />
sed -i \<br />
-e "s/IPADDR=.*/IPADDR=$IPADDR/g"\<br />
-e "s/MTU=.*/MTU=$MTU/g"\<br />
-e "s/NETMASK=.*/NETMASK=$NETMASK/g"\<br />
-e "s/SUBCHANNELS=.*/SUBCHANNELS=$SUBCHANNELS/g"\<br />
-e "s/NETTYPE=.*/NETTYPE=$NETTYPE/g"\<br />
$CLONE_MNT_PT/etc/sysconfig/network-scripts/ifcfg-eth0<br />
# Modify MACADDR/HWADDR if specified (optional)<br />
[ -n "$MACADDR" ] && sed -i -e "s/MACADDR=.*/MACADDR=$MACADDR/g" \<br />
$CLONE_MNT_PT/etc/sysconfig/network-scripts/ifcfg-eth0<br />
[ -n "$HWADDR" ] && sed -i -e "s/HWADDR=.*/HWADDR=$HWADDR/g" \<br />
$CLONE_MNT_PT/etc/sysconfig/network-scripts/ifcfg-eth0<br />
# Regenerate the SSH keys on the new clone's root filesystem<br />
[ -n "$VERBOSE" ] && echo "Regenerating SSH keys in $CLONE_MNT_PT/etc/ssh/ ..."<br />
rm -f $CLONE_MNT_PT/etc/ssh/ssh_host*<br />
ssh-keygen -t rsa -N "" -q -f $CLONE_MNT_PT/etc/ssh/ssh_host_rsa_key<br />
ssh-keygen -t dsa -N "" -q -f $CLONE_MNT_PT/etc/ssh/ssh_host_dsa_key<br />
ssh-keygen -t rsa1 -N "" -q -f $CLONE_MNT_PT/etc/ssh/ssh_host_key<br />
258 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
copy_key<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function set_online<br />
# This will set online the target minidisk.<br />
# Arg1 - Minidisk virtual address to set online<br />
#+--------------------------------------------------------------------------+<br />
{<br />
local target_mdisk=$(echo $1 | tr 'A-Z' 'a-z')<br />
chccwdev -e 0.0.$target_mdisk >/dev/null<br />
rc=$?<br />
if [ $rc != 0 ]; then<br />
echo "Error: chccwdev -e 0.0.$target_mdisk failed with $rc - exiting"<br />
abort 1<br />
fi<br />
local target_dev_node=`cat /proc/dasd/devices | grep "$target_mdisk(ECKD)" | awk '{<br />
print $7 }'`<br />
if [ "$target_dev_node" = "" ]; then<br />
echo "Error: can't find $target_mdisk(ECKD) in /proc/dasd/devices - exiting"<br />
set_offline $target_mdisk<br />
abort 1<br />
fi<br />
# wait <strong>for</strong> disks<br />
$UDEVSETTLE<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function set_offline<br />
# This will set offline the target minidisk.<br />
# Arg1 - Minidisk virtual address to set offline<br />
#+--------------------------------------------------------------------------+<br />
{<br />
target_mdisk=$(echo $1 | tr 'A-Z' 'a-z')<br />
chccwdev -d 0.0.$target_mdisk > /dev/null 2>&1<br />
rc=$?<br />
#if [ $rc -ne 0 ]; then<br />
# echo "Error: chccwdev -d 0.0.$1 failed with $rc - ignoring"<br />
#fi<br />
return $rc<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function mount_cloned_image<br />
# This will mount the cloned root filesystem. It will pair a minidisk<br />
# address to a device file and then mount the first partition.<br />
# Arg1: <strong>The</strong> minidisk address to mount<br />
#+--------------------------------------------------------------------------+<br />
{<br />
target_mdisk=$1<br />
target_dev_node=`cat /proc/dasd/devices | grep "$target_mdisk(ECKD)" | awk '{ print $7<br />
}'`<br />
wait_<strong>for</strong>_device /dev/${target_dev_node}1<br />
Appendix B. Source code 259
[ $? -ne 0 ] && echo "Error: timed out waiting <strong>for</strong> /dev/${target_dev_node}1" && abort<br />
1<br />
}<br />
/bin/mount /dev/${target_dev_node}1 $CLONE_MNT_PT<br />
[ $? -ne 0 ] && echo "Error: unable to mount cloned image" && abort 1<br />
/bin/mount | grep /dev/${target_dev_node}1 >/dev/null 2>&1<br />
[ $? -ne 0 ] && echo "Error: unable to mount cloned image" && abort 1<br />
#+--------------------------------------------------------------------------+<br />
function mount_cloned_image_lvm<br />
# This will mount the cloned root filesystem. It will pair a minidisk<br />
# address to a device file and then mount the first partition.<br />
# Arg1: <strong>The</strong> minidisk address to mount<br />
#+--------------------------------------------------------------------------+<br />
{<br />
target_mdisk=$1<br />
}<br />
/bin/mount /dev/$VG_NAME/$LV_ROOT $CLONE_MNT_PT<br />
[ $? -ne 0 ] && echo "Error: unable to mount cloned image" && abort 1<br />
/bin/mount | grep $LV_ROOT >/dev/null 2>&1<br />
[ $? -ne 0 ] && echo "Error: unable to mount cloned image" && abort 1<br />
#+--------------------------------------------------------------------------+<br />
function umount_cloned_image<br />
# Unmount the cloned root filesystem<br />
#+--------------------------------------------------------------------------+<br />
{<br />
/bin/umount $CLONE_MNT_PT >/dev/null 2>&1<br />
return $?<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function check_<strong>for</strong>_conf<br />
# Check that the configuration file exists <strong>for</strong> the ID that we are cloning to.<br />
#+--------------------------------------------------------------------------+<br />
{<br />
if [ ! -f /etc/clone/${target_linux_id}.conf -a "$PROMPT" != "y" ]; then<br />
echo "Error: /etc/clone/${target_linux_id}.conf not found. Exiting"<br />
exit<br />
fi<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function check_<strong>for</strong>_vmcp<br />
# Check that the vmcp module is loaded and the vmcp binary is installed.<br />
#+--------------------------------------------------------------------------+<br />
{<br />
# Check that vmcp exists and is executable<br />
[ ! -x /sbin/vmcp ] && echo "Error: can't find /sbin/vmcp" && exit<br />
# Load the vmcp kernel module if not already loaded<br />
if ! /sbin/lsmod | grep vmcp > /dev/null 2>&1 ; then<br />
if ! /sbin/modprobe vmcp > /dev/null 2>&1 ; then<br />
260 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
echo "Error: unable to load module vmcp, check kernel version"<br />
exit<br />
fi<br />
fi<br />
wait_<strong>for</strong>_device /dev/vmcp<br />
[ $? -ne 0 ] && echo "Error: timed out waiting <strong>for</strong> /dev/vmcp" && exit<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function wait_<strong>for</strong>_device<br />
# Call udevsettle, then if necessary sleep until a certain file exists<br />
# Arg1: <strong>The</strong> path of the file to sleep on.<br />
#+--------------------------------------------------------------------------+<br />
{<br />
device=$1<br />
sync<br />
$UDEVSETTLE<br />
<strong>for</strong> t in $(seq 1 20)<br />
do<br />
[ -e $device ] && return 0<br />
sleep 1<br />
done<br />
return 1<br />
}<br />
#+--------------------------------------------------------------------------+<br />
function autolog<br />
# Issue an XAUTOLOG command to bring up the new cloned image.<br />
#+--------------------------------------------------------------------------+<br />
{<br />
cp_cmd XAUTOLOG $target_linux_id<br />
rc=$?<br />
if [ $? != 0 ]; then<br />
echo "xautolog $target_linux_id failed with $rc"<br />
return 0<br />
fi<br />
echo "Booting $target_linux_id"<br />
}<br />
#+--------------------------------------------------------------------------+<br />
# main()<br />
# Only root can run this script<br />
[ $(id -u) != "0" ] && echo "Error: you must be root" && exit<br />
# Check if the user has defined any clone.sh configurations<br />
[ -f /etc/sysconfig/clone ] && . /etc/sysconfig/clone<br />
# Set defaults <strong>for</strong> clone.sh configurations<br />
[ -z "$PROMPT" ] && PROMPT="y"<br />
[ -z "$CLONE_MNT_PT" ] && CLONE_MNT_PT="/mnt/clone"<br />
# If the clone mount point does not exist then we'll create it <strong>for</strong> you<br />
[ ! -d $CLONE_MNT_PT ] && mkdir -p $CLONE_MNT_PT<br />
# Check if -v was specified on the command line<br />
if [ "$1" = "-v" ] ; then<br />
VERBOSE=1<br />
Appendix B. Source code 261
shift<br />
fi<br />
# If no command line options were provided show the help message<br />
[ $# -eq 0 ] && help<br />
# If one comand line option was provided show the help message<br />
if [ $# -lt 2 ]; then<br />
echo "Error: incorrect number of arguments"<br />
help<br />
fi<br />
# Check that vmcp exists and the module is loaded<br />
check_<strong>for</strong>_vmcp<br />
# Allow UPPER or lower case source, target, blacklist entries.<br />
# Convert all to lower case <strong>for</strong> consistency.<br />
source_linux_id=$(echo $1 | tr "[:upper:]" "[:lower:]")<br />
target_linux_id=$(echo $2 | tr "[:upper:]" "[:lower:]")<br />
# Check the blacklist, which prevents using the master image as a target.<br />
if [ -f /etc/clone/blacklist.conf ]; then<br />
. /etc/clone/blacklist.conf<br />
BlackList=$(echo ${BLACKLIST} | tr "[:upper:]" "[:lower:]")<br />
<strong>for</strong> Target in ${BlackList}<br />
do<br />
if [ "${Target}" == "${target_linux_id}" ]; then<br />
echo "${target_linux_id} is blacklisted! Exiting!"<br />
exit<br />
fi<br />
done<br />
fi<br />
# Check if udevsettle is present, used in function wait_<strong>for</strong>_device<br />
[ -x /sbin/udevsettle ] && UDEVSETTLE=/sbin/udevsettle<br />
[ -x /sbin/udevadm ] && UDEVSETTLE='/sbin/udevadm settle'<br />
# Check that the master and clone z/<strong>VM</strong> IDs are logged off.<br />
check_logged_off $source_linux_id<br />
check_logged_off $target_linux_id<br />
# Check that the clone's configuration file exists<br />
check_<strong>for</strong>_conf<br />
# Collect in<strong>for</strong>mation from the clone's configuration file<br />
get_target_info $@<br />
[ "$PROMPT" = "y" ] && ask_are_you_sure<br />
echo "Cloning $source_linux_id to $target_linux_id ..."<br />
[ -z "$DASD" ] && echo "Error: no DASD defined in /etc/clone/${target_linux_id}.conf" &&<br />
exit<br />
copy_disks $DASD<br />
# Update the newly cloned image locally, so link, set online then mount the<br />
# clone's root filesystem. <strong>The</strong>n call modify_cloned_image to update<br />
# configuration files with the proper settings. Finally unmount,<br />
# set offline and unlink the disk.<br />
echo "Updating cloned image ..."<br />
if [ -n "$VG_NAME" ]; then<br />
link_disks $DASD<br />
262 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6
sbin/vgscan<br />
# wait <strong>for</strong> vgscan<br />
$UDEVSETTLE<br />
/sbin/vgchange -a y $VG_NAME<br />
mount_cloned_image_lvm $CLONE_LINK<br />
else<br />
link_one $target_linux_id $DASD_ROOT $CLONE_LINK W<br />
set_online $CLONE_LINK<br />
mount_cloned_image $CLONE_LINK<br />
fi<br />
modify_cloned_image<br />
umount_cloned_image<br />
if [ -n "$VG_NAME" ]; then<br />
/sbin/vgchange -a n $VG_NAME<br />
unlink_disks $DASD<br />
else<br />
set_offline $CLONE_LINK<br />
unlink_one $CLONE_LINK<br />
fi<br />
# Autolog the clone unless AUTOLOG has been set to "n"<br />
[ "$AUTOLOG" = "y" ] && autolog<br />
echo "Successfully cloned $source_linux_id to $target_linux_id"<br />
Appendix B. Source code 263
264 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6