IBM Support

PH38694: ZD&T 13.X: DEPLOYMENT FAILS BECAUSE ZD&T SCRIPT CANNOT FIND IPTABLES

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • ZD&T 13.x

The ZD&T script zdt_config_network_byRoot.sh fails with many
error messages complaining about iptables and iptables-save
similar to the following:

/app1/ibmsys1/zdt/zdtInstall/zdt_config_network_byRoot.sh:
line 100: iptables-save: command not found
/app1/ibmsys1/zdt/zdtInstall/zdt_config_network_byRoot.sh:
line 103: iptables: command not found

This is a result of the actual path of iptables being under
/usr/sbin, but the non-root userid that is used, has been locked
down and does not have /usr/sbin in its PATH (but still has
permissions). As a result, ZD&T cannot find iptables or
iptables-save.

Local fix

  • Modify the script on the ZD&T tools sever, adding the following
line at the beginning of the script:

export PATH=$PATH:/usr/sbin

NOTE: This file will get overwritten on the ZD&T tools server
once the ZD&T server is restarted.

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* ZD&T users deploying with a customized user ID.              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Deployment fails because ZD&T script cannot find iptables.   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
This is a result of the actual path of iptables being under
/usr/sbin, but the non-root userid that is used, has been locked
down and does not have /usr/sbin in its PATH (but still has
permissions). As a result, ZD&T cannot find iptables or
iptables-save.

Problem conclusion

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH38694
    • 

  • Reported component name
    ZD&T TOOLKIT
    • 

  • Reported component ID
    5725G3923
    • 

  • Reported release
    D00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-07-06
    • 

  • Closed date
    2021-12-05
    • 

  • Last modified date
    2021-12-05
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • Deploy

    



Fix information


    

  • Fixed component name
    ZD&T TOOLKIT
    • 

  • Fixed component ID
    5725G3923
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M"},"Platform":[{"code":"PF054","label":"z\/OS"}],"Version":"D00"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            06 December 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback