TCP/IP Level 510 and Level 440 - Reference Information

TCP/IP for VM Secure Socket Layer (SSL) Server
SuSE SLES 7 / SLES 8 - Linux Kernel CP SIGNAL Modifications

Note: Support for TCP/IP Level 510 ended on 30 Setptember, 2007.
Note: Support for TCP/IP Level 440 ended on 30 Setptember, 2006.

   CP SIGNAL Modification Instructions

The instructions that follow illustrate how to modify the SSL server Linux guest to exploit CP shutdown signals. Such signals are processed by the Linux kernel via updates that are inherent to the S390-quiesce kernel patch.

These instructions are applicable to a Linux system that has been previously configured for use to provide z/VM SSL services. It is recommended that the described changes be implemented in concert with the application of APAR PQ82117 to your system.

However, the described changes can also be implemented during initial configuration of Linux for use within the z/VM SSL server. When this is the case, the "Shutdown and Re-initialize the z/VM SSL server" step cited at the end of these instructions should be omitted, as circumstance warrants, to allow for the completion of other configuration steps that are not pertinent to this topic.

Notes:

  • For this configuration change to be effective, the S390-quiesce kernel patch must be incorporated in the SSL Linux guest that is selected to run as the z/VM SSL server. More information about this patch is available from the archive pages maintained by the Linux/390 project.

    This patch is included in the most-recently available SuSE 2.4.7 (SLES-7) and SuSE 2.4.19 (SLES-8) distributions necessary for running the z/VM SSL server.

    inittab File Modifications

  1. Copy and Modify the Linux inittab Initialization File

    The Linux inittab file is a primary kernel initialization configuration file that is referenced at system startup. It describes various scripts that are to be executed differing run-levels and when certain events occur. To exploit CP shutdown signals, this file must be modified such that the appropriate action is taken when a CP shutdown signal is received.

    The sequence of commands that follow illustrate a simple method for creating and modifying a copy of the inittab file that incorporates the changes necessary to exploit CP shutdown signals.

    1. Logon the SSL server virtual machine. Then, log in as the root user and change to the /etc directory: 

        cd /etc

    2. Create a backup copy of the existing inittab configuration file: 

        cp -p inittab initab.orig.nonvmssl

    3. Create a copy of the inittab file, for the purpose of separately maintaining the CP signal-related modifications: 

        cp -p inittab initab.cpsigl.sslserv

    4. Modify the inittab.cpsigl.sslserv file to include the required modifications. The additional file entries required can be added by using the echo commands that follow: 

        echo '"# Ctl-Alt-Delete / CP Signal Shutdown actions'
       >> inittab.cpsigl.sslserv
 
  echo 'ca:12345:ctrlaltdel:/sbin/shutdown -t1 -h now'
       >> inittab.cpsigl.sslserv

      Notes:

      1. The first echo command adds commentary text to the inittab file, an is optional.

      2. The "commentary" echo command shown employs a CP TERMINAL ESCAPE character -- here, the double quotation symbol (") -- to allow for inclusion of the required file comment delimiter when this command is processed. The use of an escape character is necessary in this instance because the file comment delimiter matches the z/VM system default CP TERMINAL LINEND character that is in effect, which is the "number sign" or "crosshatch" character (#).

        If necessary, adapt the "commentary" echo command account for the CP TERMINAL settings of the specific virtual machine in use.

    5. Verify the content of the modified "inittab.sslserv" file: 

        cat inittab.cpsigl.sslserv

      The last part of the displayed result should reflect the just added lines, as follows: 

         ...
   # vbox (voice box) getty
   # I6:35:respawn:/usr/sbin/vboxgetty -d /dev/ttyI6
 
   # end of /etc/inittab
   # Ctl-Alt-Delete / CP Signal Shutdown actions
   ca:12345:ctrlaltdel:/sbin/shutdown -t1 -h now

    6. Replace the current inittab file with its modified counterpart: 

        cp -p inittab.cpsigl.sslserv  inittab

    7. Return to the system root directory: 

        cd /

  2. Shutdown and Re-initialize the z/VM SSL server

    Issue a halt command to shutdown Linux. Then, issue appropriate z/VM CP commands to re-IPL CMS so the previously made inittab modifications are in effect: 

      halt -n
  system clear
  ipl cms