Escolar Documentos
Profissional Documentos
Cultura Documentos
Patching.
Yesterday I faced an issue, where in I was unable to login into NGZs after
kernel patching. Though the zlogin was working perfectly.
Initially I think the cause is ssh key, then I tried to login into the NGZ from the network, it was showing ssh
connection refused.
I have checked the ssh services via zlogin. There were many services related to network which were not
running including ssh. All services were depending on /system/sysidtool:net service which is in disbale
mode. I tried to enable /system/sysidtool:net service but No luck.
# svcs -vx
# svcs -a | grep -i /system/sysidtool:net
# svcadm enable /system/sysidtool:net
# svcs -a | grep -i /system/sysidtool:net
# svcs -vx
Then I examine the logs for this service failure and found:
[ Aug 27 09:15:49 Method "start" exited with status 0 ]
[ Aug 27 09:36:58 Enabled. ]
[ Aug 27 09:37:01 Executing start method ("/lib/svc/method/sysidtool-net") ]
/etc/.UNCONFIGURED not found. System already configured, /lib/svc/method/sysidtool-net exiting.
[ Aug 27 09:37:01 Method "start" exited with status 0 ]
[ Aug 27 14:58:06 Enabled. ]
[ Aug 27 14:58:12 Executing start method ("/lib/svc/method/sysidtool-net") ]
ifconfig: status: SIOCGLIFFLAGS: fjgi0: no such interface
ifconfig: setifflags: SIOCGLIFFLAGS: fjgi0: no such interface
ifconfig: status: SIOCGLIFFLAGS: fjgi7: no such interface
ifconfig: setifflags: SIOCGLIFFLAGS: fjgi7: no such interface
Terminated
At this point of time I checked the Interfaces, but all were up and running fine
in Global as well as in Non-global zone.
Then one particular line got my attention:
/etc/.UNCONFIGURED not found. System already configured, /lib/svc/method/sysidtool-net exiting.
I checked /etc/.UNCONFIGURE with ls -la in the NGZ and found one file with
name .UNCONFIGURE, which was of 0 Zero size.
I removed this file and restarted the NZG, all went in favor and all services
started successfully.
# cd /etc
# ls -la
# rm .UNCONFIGURE
# zoneadm -z zone-name reboot
Prasad
29 August, 2011, 1:48
Hi Yogesh,
Thats a nice post.
If you examine further this error occurs because of the following reasons:
1.) If you have done detach and attach of the zones to global zone.
2) If you have invoked a sys-unconfig and ran reboot.
If you check on this system, please verify Timezone of the non-global zone it might have changed to default
PST. And also changes in /etc/nsswitch.conf will be lost, that needs to be restored.
Unfortunately, these changes will not be caught as all the services on the system come up as usual..
Thanks.
Prasad
ramdev
29 August, 2011, 3:43
Good one Yogesh, can you please consider Prasads points and chck the Timezone and name switch
configuration were not reset to defaults.
Yogesh Raheja
29 August, 2011, 4:28
Hi Prasad,
Thanks for your valuable comments..
1.) I havent performed detach/attach on the server.
2.) No sys-unconfig invoked as I was performing only Bundle patching.
I need to check the TIMEZONE and /etc/nsswitch.conf files for any config. changes.
Yogesh Raheja
29 August, 2011, 12:57
Hi Prasad/Ram, No changes have been found in nsswitch.conf and the TIMEZONE is also looking
good.
Prasad
29 August, 2011, 14:41
Ok. Thats good.. cool.. In my earlier experience.. I have faced above said issues during detach and attach
of zones and also with sys-unconfig.. But you may help investigate further and know which patch is doing
that, it would be helpful if we are getting this issue persistently across other servers as well. Thanks for
bringing this up..
Ram
12 September, 2011, 18:24
I was facing same issue today. Resolved by removing .UNCONFIGURED file. After that I was getting
Couldnt agree a key exchange algorithm while using Putty. Resolved that by using following commands:
/lib/svc/method/sshd -c
svcadm restart ssh
Thanks a lot
Ramdev
13 September, 2011, 2:08
Yogesh Raheja
13 September, 2011, 10:02
@Ram, yes sometimes it would required to restart the sshd or to reboot the zone.
Yogesh Raheja
13 September, 2011, 10:02
krishna
HI,
I checked /etc/.UNCONFIGURE with ls -la in the NGZ and found one file with name .UNCONFIGURE, which
was of 0 Zero size.
In the above line I have a doubt is that NGZ or GZ, because Our issue is not able to login into NGZ. So how
can i do it with out login.
Yogesh Raheja
@Krishna, login into the NGZ from GZ via zlogin and rm /etc/.unconfigure file from NGZ and reboot your
NGZ. It will restart all the services without issues. Try it and you will be able to login via ssh.
Eliza
Thank you for posting this. I have 8 theoretically identical zones (all built from the same build script on the
same server) and one of the 8 had this issue. After removing the .UNCONFIGURE file all of the services
were able to start.
Yogesh Raheja
@Eliza, its a great pleasure that our post worked for your issue. thanks for you interest in Gurkulindia.
Shahul
Yogesh Raheja
@Shahul, Purpose of /lib/svc/method/sshd -c is to create rsa and dsa key if they are not present in the
server before restarting ssh. Though it wont require in many cases and restarting of ssh is enough. Also you
can check /lib/svc/method/sshd file which will give you more idea. Hope this helps.
deepa K R
http://docs.oracle.com/cd/E19683-01/817-1592/gbcyr/index.html.
To prevent the system from displaying the sysidtool questions upon initial zone login, delete the file
zonepath/root/etc/.UNCONFIGURED,
Netmasks Configuration
Within the context of the global zone, the zonecfg command is used to define a
network resource:
on the global zone:
1.
zonecfg -z rhzone
zonecfg:rhzone> add net
zonecfg:rhzone> set address=10.1.0.1
zonecfg:rhzone> set physical=e1000g0
zonecfg:rhzone> end
zonecfg:rhzone> export
zonecfg:rhzone> exit
vi /etc/netmasks
1. Within the context of the global zone, define the network resource on the
target zone using the zonecfg command. Prior to rebooting the zone, modify
the /etc/netmask on the global zone, adding the desired netmask for the target
zone.
or
2. After the network resource has been defined on the zone, and the zone has
been rebooted, use the ifconfig command from the global zone to configure the
netmask of the target zone network resource. Of course, this procedure will not
persist beyond a zone reboot.
Ram
Yogesh.Raheja
@Ram, you are absolutely right, testedwe can do this without reboot.
thanks
Ramdev
In this case running ifconfig after the zonecfg ( to add new interface ) do exactly same as zonecfg followed
by reboot. The actual reason for reboot after zonecfg ( not only for network configuration but for any other
configuration ) here is just to test the configuration we made is faultless and the IP configuration is persistent
across reboot. thanks
# uname -a
SunOS sol10zone 5.10 Generic sun4u sparc SUNW,Ultra-5_10
You are now done.