HostID dependend application in Solaris 8 container - Solaris Zones

We have a Sun Blade 100 / Sol8 running an application (ileaf6) based on a hostID dependend
License Manager ie 2 processes are handling this:
1. lmgrd -2 -P -c /Ileaf6.4.1/data/license/license.dat
2. ileaf6 -T vob-sun 2.40 4 -c /Ileaf6.4.1/data/license/license.dat
Now we moved the system into a Sol 8 zone where the original HostID was configured
via "add attr / set name=hostid / set type=string / set value=12345678" .
After booting this Sol8 container the original HostID is there but our application has not the
license to run ie. only the "lmgrd -2 -P -c /Ileaf6.4.1/data/license/license.dat" process is running.
The license.dat file was not changed and has these lines:
SERVER host 12345678 1750
DAEMON ileaf6 /Ileaf6.4.1/sun4os5/bin/ileafnld /Ileaf6.4.1/data/license/license.opt
What's wrong here within the Sol8 zone?
Greetings, Rainer 

Hi all,
have some infos more. The license daemon log file says:
(lmgrd) FLEXlm (v2.40) started on host (Sun) (7/2/110)
(lmgrd) License file: "/Ileaf6.4.1/data/license/license.dat"
(lmgrd) Started ileaf6
(ileaf6) Cannot open daemon lock file
(lmgrd) MULTIPLE "ileaf6" servers running.
(lmgrd) Please kill, and run lmreread
(lmgrd) This error probably results from either:
(lmgrd) 1. Another copy of lmgrd running
(lmgrd) 2. A prior lmgrd was killed with "kill -9"
(lmgrd) (which would leave the vendor daemon running)
(lmgrd) To correct this, do a "ps -ax | grep ileaf6"
(lmgrd) (or equivalent "ps" command)
(lmgrd) and kill the "ileaf6" process
But there are no ileaf6 servers at all, there is no lock file only lmgrd is running in the global zone
and in the container. Killing lmgrd in the global zone kills also lmgrd in the zone.
Any ideas how to proceed?

If this Solaris8 Branded Zone is the only zone running in the Global Zone, or if the applications running on the global zonea re not hostid dependednt, you can do one thing i.e change the hostid of the Solaris 10 Server( i mean Global Zone and the it should work fine.
Please let me know if you tried something else.


Zones and proftpd

I want to have some informations about proftpd installation with solaris. Actually I have installed proftpd and it is working fine. The problem is that I can't connect me on it. I have the proftpd message during the connection on proftpd with filezilla but my user failed. I don't want anonymous connexions. proftpd is installed on a special zone with a virtual network.I have created a user on the special zone to connect to the ftp server.
useradd �d /export/toto -m �c � Mister toto� toto
passwd -r files toto
I what to now if the user must be created on the special zone and not in the global zone and if the useradd command is correct?. My user is not in the file /etc/ftpd/ftpusers.What can be the problem?
PS : sorry for my english 
You need a discrete copy of /usr/local/etc/proftpd.conf for the zone.
1) Create a directory for /usr/local/etc/ that the zone can mount up discretely. I use /zones/discrete_dirs/zone_name with a path to usr/local/etc under that
# mkdir -p /zones/discrete_dirs/ftp_zone/usr/local/etc
2) Copy current /usr/local/etc to the discrete copy
# cp /usr/local/etc/* /zones/discrete_dirs/ftp_zone/usr/local/etc
3) Define a mount point for the zone
# zonecfg -z ftp_zone
zonecfg:ftp_zone> add fs
zonecfg:ftp_zone:fs> set dir=/usr/local/etc
zonecfg:ftp_zone:fs> set special=/zones/discrete_dirs/ftp_zone/usr/local/etc
zonecfg:ftp_zone:fs> set type=lofs
zonecfg:ftp_zone:fs> end
zonecfg:ftp_zone> verify
zonecfg:ftp_zone> commit
zonecfg:ftp_zone> exit
4) Reboot the zone
# zoneadm -z ftp_zone reboot
That should get your mount point resolved.
Once you have that, I think you're good to go. 
Thanks for your reply.
I still have installed a ftp_zone and I have my proftpd.conf in the /usr/local/etc directory.Proftpd in installed in this ftp_zone. But the problem is my user to connect to proftpd
Thanks for help 
I am using ftpasswd too 
I have some news about my problem.
I have created a user(toto: uid 150) in the global zone and it's working fine with it. But I want use ftpasswd with the file /usr/local/etc/proftpd.users with is in the ftp zone.
In the configuration file of proftpd I have : "AuthUserFile /usr/local/etc/proftpd.users" ( proftpd and this configuariton file are in the ftp zone)
./ftpasswd passwd name ftp home /var/ftp shell /bin/false uid 150 file /usr/local/etc/proftpd.users
But The problem is that my user which is working(toto) is in the global zone and the file /usr/local/etc/proftpd.users is in the ftp zone. And I can't have a relation between them.
If I create a user in the ftp zone it's not working.
Thanks for help 
Did you ever update inetd with the proftpd details in the zone?
You'll also need discrete /usr/local/var for the zone as well. Assuming proftpd is in /usr/local:
# inetadm -m ftp exec="/usr/local/sbin/in.proftpd"
# inetadm -m ftp proto="tcp"
# svcadm refresh inetd
# svcadm refresh ftp 
I'm having a problem with proftpd on Solaris 10 with SMF.
I am using ProFTPD Version 1.3.0 from blastwave.
I have modified the inetadm setting so that exec="/opt/csw/sbin/in.proftpd"
If I reboot my zone the first ftp connection will fail with a "421 Service not available, remote server has closed connection." message.
An immediate retry to connect to the ftp server works, and all subsequent connections work. By looking at ps output it seems that the first (failed) connection attempt starts an in.proftpd daemon which stays running and then parents in.proftpd daemons for subsequent connections. If I create a start script to start the first in.proftpd daemon during boot (/etc/rc3.d/S90proftpd) then things work alright. The question is, why won't inetd just start in.proftpd like it should to respond to the first request?
In my proftpd.conf file I have "ServerType standalone" If I set "ServerType inetd" then it just doesn't work at all.
bash-3.00# inetadm -l ftp
proto="tcp6" <----- If I change this to "tcp" then it doesn't work at all
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE 
I'm assuming you've run these already?
# svcadm refresh inetd
# svcadm refresh ftp
Change proftpd.conf to type standalone. Run the daemon standalone with verbose details.
# /opt/csw/sbin/in.proftpd -v
Then use another session to connect to proftpd; and see what you get on the proftp session.
As an FYI, I get the reverse problem, proftpd won't run with proto=tcp6 but will run with proto=tcp. I haven't delved into the whys of this yet, that damned thing called work always gets in the way.

ntp configuration

Hi everybody,
how can i configure NTPclient on a cluster ? the Cluster private hostname have the same time,'cos file ntp.conf.cluster is configured;
command ntpq -p print out clusternode1-pr and clusternode2-pr, the demon xntpd run like
/usr/lib/inet/xntpd -c /etc/inet/ntp.conf.cluster
Now i need to sync the cluster time with an external NTPserver. How can i do?
all tips are welcome.
Solaris 8
Sun Cluster 3.0
i think that i wrote something wrong!?!
I have two sunfire in cluster 3. The Cluster_time is configured (they are Cliente-client). I need to sync the Cluster time with an external NTPserver .
Probably the easy way to configure time is to modify crontab with ntpdate -s <ntpserver> but Documentation say that's a bad idea.
So, the question is:
do it works If i shutdown the cluster and then edit the Crontab of server1 with ntpdate?
i need help, thanks ^_^

zone install failing on sys-unconfig

I am building 6 virtualised servers from flash archives of existing machines for a dev environment.
I am running solaris 10 on the host machine and i am installing solaris 9 branded zones for the guests.
So far i have installed three of them successfully by following the documentation.
This one particular host gets up to *"Postprocess: Performing zone sys-unconfig"* and just sits there doing nothing.
I have checked things like disk space and have re created the flash archive three times.
The command i am running is : zoneadm -z vm3-dev install -u -a /storage/flash/vm3_20110208.flar
I have used zlogin to access the guest OS and can see an apparently hung sys-unconfig. I have left the install running for 24hrs and eventually just killed the install.
I'm not sure where to go from here to troubleshoot this issue. It is puzzling to me that basically identical machines should install fine using the same steps.
what should i do to progress this install.
bump. Anyone got any pointers? 
check ptree of zone install command and see if you can kill the child sys-unconfig command. post us ptree of zone install and also truss -fp on zone install process when it hungs.

How to enable GUI in a non global zone in solaris11?

How to enable graphical logon in a non global zone in solaris11, so the zone can be login by Xmanager? Thanks! 
Hmm, i guess you could do it by using Xvfb (virtual framebuffer) or possibly Xvnc ?
Also you could have a look at NX Machine :-)
This guide will cover how to setup a basic VNC connection to a Solaris 11 machine. There is also an optional step to allow for persistent VNC connections.
Step 1
Configure GDM to include ‘[security] DisallowTCP=false’ and ‘[xdmcp] Enable=true’.
$ sudo gedit /etc/gdm/custom.conf
# GDM configuration storage
Step 2
Configure X-Server to accept remote connections.
# svccfg -s application/x11/x11-server
svc:/application/x11/x11-server> setprop options/tcp_listen = boolean: true
svc:/application/x11/x11-server> end
Step 3
Configure the VNC service (you could change the ‘-geometry 1280×720′ to whatever resolution you would like).
# svccfg -s xvnc-inetd
svc:/application/x11/xvnc-inetd> setprop inetd_start/exec = astring: "/usr/bin/Xvnc -desktop sol11:0 -geometry 1024x768 -inetd -query localhost -once securitytypes=none"
svc:/application/x11/xvnc-inetd> setprop inetd/wait = boolean: true
svc:/application/x11/xvnc-inetd> end
** The line highlighted red is optional – only do this if you want your VNC connection to persist (as well as any potential security issues)
# svccfg -s xvnc-inetd
svc:/application/x11/xvnc-inetd> editprop
search for # setprop inetd_start/exec = astring: "/usr/bin/Xvnc
copy the line, uncomment the copy, makethe changes above, write the file out.
svcadm refresh xvnc-inetd
Step 4
Disable and the re-enable the GDM and VNC-inetd services for the changes to take effect.
$ su root
# svcadm disable gdm xvnc-inetd; svcadm enable gdm xvnc-inetd
If still in maintenance, reboot (I had to, don't know why).
Step 5
Point your favourite VNC client at your Solaris server and test if it accepts your VNC connection – you should be presented with a Username/Password login screen.
If you performed the optional step to make your connections persist – close your favourite VNC client and then reconnect – if you remained logged in you have a persistent connections.
Greg on said:
After a fresh text install of Solaris-11 (11/11) both xvnc-inetd and gdm are not present. After installing them (# pkg install xvnc-inetd gdm) I can’t get gdm to start:
# svcadm enable gdm
# svcs gdm
offline 10:24:03 svc:/application/graphical-login/gdm:default
Any thoughts?
Ron on said:
You are missing some X packages. Do the following:
pkg install slim_install           # installs 400+ packages
svcadm enable gdm && exit      # gdm now works
pkg uninstall slim_install           # uninstalls the installer package only 
If only we could get Sun Ray Services software running in a zone... 
I have the Sun Ray Server running on a spares root zones at work. Thought it a Solaris 10 TX server. It is really on the global zone but when you change the label (each zone is a different label) you are running programs and work from that zone. It is hard to explain. 
It is hard to explain.But you have me curious. If I understand you correctly, it was installed in the global zone and then something was done to migrate it to a non-global zone? Do tell.
Google solaris DTW
The security labels are zones. 
Ah, Trusted Solaris.
Does any of that translate to plain old Solaris 11?
Thanks, Marty 
I don't think so. You associate zones with labels and you get to a zone by changing your security label. 
Bummer. Thanks for the info.

moving a sparc/solaris 10 system to a zone

I would like to move a Solaris 10 / Sparc based system to run in a zone.
The system is on a SunFire 880 running Solaris 10 Update 7.
It does not include any Oracle database but includes customized Apache, modified sendmail and many home grown applications,
few of them are owned by root and call setuid.
Some of the home grown stuff need to use and reside under certain fixed (hard coded) directories, e.g. /usr/tcapps, /tcdata and /usr/local
Is it possible to clone this system and deploy under a zone on a target machine which is also a SunFire 880?
What is the best practice / recommended method of doing that?
Does the target machine need to be exacly Solaris 10 Update 7 or could it be at a later update level?
For example, I do have a SunFire 880 that is running Solaris 10 Update 9.
Could I use that as a target?
Thanks for your help. 
Have you read chapter 24 of the zones admin guide? 
Thanks your reply.
I tried that a few times, but I keep getting errors.
I created the archive using
flarcreate -S -n ls9v1 -L cpio /path/to/file.flar
then copied the file.flar to the other machine, but when I run the
zoneadm -z myzone install -u -a /path/to/file.flar
it always fails with this error message
ERROR: Unpacking the archive failed
I recreated the archive, matched checksums, but keep getting the same error. 
And "/path/to/file.flar" is <b>not</b> on the local system but on a network drive? 
yes, on both the source machine where I created it, and on the
destination machine, the /path/to/file.flar is an nfs mount on a different machine