#ubuntu-s390x 2016-04-26
<Bercik> Hello.
#ubuntu-s390x 2016-04-27
<macjl> Hello
<macjl> I'm trying to install Unbuntu in LPAR
<macjl> But facing problems with VLAN tagging
<macjl> The installer don't ask me if I use VLAN, so the network does'nt work...
<macjl> Anyone know how to net install ubuntu on s390x arch with VLAN tagging?
<xnox> macjl, you have two options
<xnox> macjl, return to main menu ("<")
<xnox> change debconf priority to medium
<xnox> then it should ask you to use vlan, but that may or may not work.
<xnox> i typically "go through the motions up to ssh client password setup"
<xnox> then return to main menu
<xnox> drop to shell
<xnox> and bring up vlan network by hand, e.g.
<xnox> ip link set dev encc000 up
<xnox> ip link add link encc000 name encc000.2654 type vlan id 2654
<xnox> ip addr add 10.245.237.7/24 brd 10.245.237.255 dev encc000.2654
<xnox> ip link set dev encc000.2654 up
<xnox> ip route add default via 10.245.237.1
<xnox> echo nameserver 10.245.237.1 >> /etc/resolv.conf
<xnox> ..
<xnox> adjust as needed.
<xnox> you would then have to bring up network by hand again in the installed system, and adjust /etc/network/interfaces
<xnox> work is in progress to improve vlan network support. Do let me know your experience with debconf medium priority that does ask for vlan network tag.
<macjl> Thans, I'll try!
<xnox> macjl, no problem. =)
<Bercik> It's good to see people alive on s390* channels :)
<xnox> Bercik, yeah =) slowly picking up.
<Bercik> I remember idling +/- 9 months on hercules channel. Not even one word :)
<xnox> hehe
<xnox> honestly i have tried hercules, but did not manage to boot anything in it =(
<Bercik> I did
<Bercik> but not with ubuntu ;(
<Bercik> nor modern distros (RHEL 7, SLES 12).
<xnox> yeah, cause ubuntu needs transactional memory and like zEC12 or better cpu
<xnox> i don't think hercules has emulation for that
<Bercik> I tried newest 4.0
<xnox> i wish qemu had system emulation on other platforms, but that's not in for same reasons arm64 foreign emulation is not there
<xnox> hm, i did not try 4.0 from github, right?
<Bercik> yup,
<Bercik> It runs debian 8 with no problems. Same for my rusty z/OS 1.10
<xnox> https://github.com/hercules-390/hyperion/issues/39
<xnox> we need that for ubuntu
<Bercik> Depends on my CPU config. After IPL it ends up with "you need more recent hardware" or Wait State
<Bercik> xnox,   --enable-interlocked-access-facility-2=yes|no
<Bercik>                           enable/disable Interlocked Access Facility 2
<Bercik>                           (default yes)
<Bercik> this is mentioned multiple times, when talking about Linux IPL, and this new version seems to has it.
<xnox> no idea. i just know that both kernel and glibc use transactional memory on ubuntu (and other modern distros too)
<xnox> and that needs transactiona-execution facility
<xnox> i don't know what this interlocked access facility is, and/or if transactional memory/execution is implemented using above in hercules
<macjl> For infomation, with debconf priority set to medium, I was able to choose a VLAN ID
<macjl> But after installation, the configuration was not ste in /etc/network/interfaces
<macjl> I had to set it up manually
<xnox> macjl, ack. thanks.
<xnox> will investigate and will try to fix that up.
<xnox> macjl, if you wish you can open a bug report about that with $ ubuntu-bug debian-installer
<xnox> or open one on launchpad manually against ubuntu project, debian-installer package, and attach logs from /var/log/installer
<xnox> if you can/allowed to share those.
<macjl> I'll see if I can
<macjl> Now I'm trying to make bonding work with vlan....
<xnox> macjl, =))))) it should work, i try to avoid fiddling with things like that, and just defer it to infrastructure team =)
<macjl> It worked with VLAN + bonding. I've just moved a VM from IBM KVM to Ubuntu (offline) with no problems :)
<macjl> It doesn't seem to work with live migration because of a SELinux problem :
<macjl> error: unsupported configuration: Unable to find security driver for model selinux
<xnox> macjl, right. in ubuntu we support live migration among our hypervisors (e.g. lxd to lxd, qemu to qemu)
<xnox> i don't know if it's possible to move things form z/KVM to Ubuntu live.
<xnox> macjl, could you open a bug report about that? because surely we should be able to translate selinux model to apparmor (which is what used to protect qemu on ubuntu) and/or give option to ignore selinux context for migration (sub-optimal, but better than failing outright)
<xnox> maybe we can enable selinux in relevant parts of the stack to make migrations work too.
<xnox> if you add tag "s390x" to the bug report, I will notice it and can route it appropriately to the right ubuntu teams
#ubuntu-s390x 2016-04-28
<mihajlov> xnox, as a followup to the discussion you had with macjl, guest migration between different KVM versions needs more consideration than the security driver used
<mihajlov> e.g. the target hypervisor must understand and support the machine type as defined on the source hypervisor
<mihajlov> a guest defined on KVM for IBM z will by default have a machine type of s390-ccw-kvmibm-1.1.1
<mihajlov> which won't be accepted by an upstream QEMU
<mihajlov> one could define the guest with machine type of s390-ccw-virtio-2.4 on the KVM for IBM z hypervisor which would allow the migration to an upstream hypervisor (like Ubuntu)
<xnox> mihajlov, right.
<xnox> mihajlov, forgot that part. When I saw this different machine type, i was slightly surprised and confused why a new one got defined.
<xnox> mihajlov, I can certainly take that machine type as a patch to Debian & Ubuntu qemu, if we do in fact support / are compatible two way between 2.5 and e.g. s390-ccw-kvmibm-1.1.1
<mihajlov> regarding the selinux <-> apparmor conversion I have doubts whether an automatic conversion can be vouched to be safe
<xnox> true
<mihajlov> as a potential way out, it is possible to send a modified domain XML over to the target machine using the --xml option on the migrate command
<xnox> mihajlov, i wonder if we can, and/or should enable selinux in qemu on ubuntu. we have selinux anabled in a bunch of things
<mihajlov> where you could omit the security driver
<xnox> (and e.g. smack too)
<xnox> mihajlov, would z/kvm accept --to-ubuntu flag? =)
 * xnox is biased and wants everything on ubuntu ;-)
<mihajlov> xnox, wrt to selinux on Ubuntu I am not a security expert but I thought you'll have to chose one method for your system?
<xnox> apparmor is default and integrated throughout.
<xnox> however other systems are available too, for those that want to use them.
<xnox> e.g. we had selinux enabled in upstart as pid 1, because there are selinux usecases that people resonably use.
<mihajlov> xnox, regarding the flag: to have one would be less of a problem (of course it would be one upstream) then the semantic associated with it
<xnox> --insecure or some such =)
<mihajlov> there's no way to "downgrade" a running virtual machine without impacting the guest
<xnox> i dunno if libvirtd can do multiple security models simultaniously.
<xnox> ouch.
<mihajlov> would be a matter of testing I think
#ubuntu-s390x 2016-04-29
<borntraeger> xnox, regarding machines types 1.1.1 is somewhere in between 2.4 and 2.5, so please do not provide these machine type names for ubuntu/debian
