System Administration for the Solaris 10 Operating System Part 2

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2

System Administration for theSolaris™ 10 Operating System, Part 2

SA-202-S10

Copyright 2007 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California, 95054, U.S.A. All rights reserved.

This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document maybe reproduced in any form by any means without prior written authorization of Sun and its licensors, if any.

Third-party software, including font technology, is copyrighted and licensed from Sun suppliers.

Sun, Sun Microsystems, the Sun logo,Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, and UltraSPARC are trademarks or registered trademarks of SunMicrosystems, Inc. in the U.S. and other countries.

All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARCtrademarks are based upon an architecture developed by Sun Microsystems, Inc.

UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.

The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researchingand developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, whichlicense also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements.

U.S. Government approval might be required when exporting the product.

RESTRICTED RIGHTS: Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) and FAR 52.227-19(6/87), or DFAR 252.227-7015(b)(6/95) and DFAR 227.7202-3(a).

DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTYOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS AREHELD TO BE LEGALLY INVALID.

Copyright 2007 Sun Microsystems Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.

Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribution, et la décompilation. Aucune partie de ceproduit ou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y en a.

Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié par des fournisseurs de Sun.

Sun, Sun Microsystems, le logo Sun, Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, et UltraSPARC sont des marques de fabrique ou des marques déposéesde Sun Microsystems, Inc. aux Etats-Unis et dans d’autres pays.

Toutes les marques SPARC sont utilisées sous licence sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d’autres pays. Lesproduits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.

UNIX est une marques déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd.

L’interfaces d’utilisation graphique OPEN LOOK et Sun™ a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts de pionniers de Xeroxpour larecherche et le développement du concept des interfaces d’utilisation visuelle ou graphique pour l’industrie de l’informatique. Sun détient une licence non exclusive de Xerox surl’interface d’utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l’interface d’utilisation graphique OPEN LOOK et qui en outre seconforment aux licences écrites de Sun.

L’accord du gouvernement américain est requis avant l’exportation du produit.

LA DOCUMENTATION EST FOURNIE “EN L’ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENTEXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, AL’APTITUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON.

Advanced System Administration for the Solaris™ 10 Operating System ivCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Course Contents

About This Course ...................................................................................... Preface-xvCourse Goals ..............................................................................................................................Preface-xviCourse Map ...............................................................................................................................Preface-xviiTopics Not Covered ............................................................................................................... Preface-xviiiHow Prepared Are You? ........................................................................................................Preface-xxiiiIntroductions ............................................................................................................................Preface-xxv

Describing Interface Configuration ........................................................................ 1-1Objectives ................................................................................................................................................. 1-2Controlling and Monitoring Network Interfaces ............................................................................... 1-3Displaying the MAC Address ............................................................................................................... 1-4Displaying the IP Address ..................................................................................................................... 1-6Marking an Ethernet Interface as Down .............................................................................................. 1-7Sending ICMP ECHO_REQUEST Packets .......................................................................................... 1-8Capturing and Inspecting Network Packets ....................................................................................... 1-9Configuring IPv4 Interfaces at Boot Time ......................................................................................... 1-11The /etc/hostname.xxn File Entries and Corresponding Interfaces ......................................... 1-12The /etc/inet/ipnodes File ............................................................................................................. 1-13Changing the System Host Name ...................................................................................................... 1-14The sys-unconfig Command ............................................................................................................ 1-15

Describing the Client-Server Model ....................................................................... 2-1Objectives ................................................................................................................................................. 2-2Introducing Client-Server Processes .................................................................................................... 2-3Introducing Client Processes ................................................................................................................. 2-4Introducing Server Processes ................................................................................................................ 2-5

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System vCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

The Service Management Facility (SMF) ............................................................................................. 2-6Services ..................................................................................................................................................... 2-8Service and Instance Nodes ................................................................................................................... 2-9Service Identifiers .................................................................................................................................. 2-10Listing Service Information ................................................................................................................. 2-12Service States ......................................................................................................................................... 2-13Milestones .............................................................................................................................................. 2-14The svc.startd Daemon .................................................................................................................... 2-17The Service Configuration Repository ............................................................................................... 2-18Starting Server Processes ..................................................................................................................... 2-19The Impact of SMF on Network Services .......................................................................................... 2-20Introducing Network Ports ................................................................................................................. 2-21Starting Services That Use a Well-Known Port ................................................................................ 2-24Requesting a Well-Known Service ..................................................................................................... 2-25Starting RPC Services ........................................................................................................................... 2-26Starting RPC Services at Boot Time .................................................................................................... 2-27Starting RPC Services on Demand ..................................................................................................... 2-28Requesting an RPC Address ............................................................................................................... 2-29Using the rpcinfo Commands .......................................................................................................... 2-30Deleting RPC Service Registration ..................................................................................................... 2-31

Introducing Sun Connection Services ................................................................... 3-1Objectives ................................................................................................................................................. 3-2Solaris 10 OS Patch Access Policy ......................................................................................................... 3-3Introducing Sun Connection ................................................................................................................. 3-4Administering Patches ........................................................................................................................... 3-5Sun Connection Modes .......................................................................................................................... 3-6Locally Managing Updates for Individual Systems .......................................................................... 3-7Update Manager Client .......................................................................................................................... 3-9The smpatch Command Line Interface ............................................................................................. 3-11

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System viCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Caching Patches With Update Manager's Proxy .............................................................................. 3-12Sun Connection Hosted Web Application ........................................................................................ 3-13Establishing a Sun Online Account .................................................................................................... 3-15Obtain a Sun Service Plan .................................................................................................................... 3-16Downloading and Installing the Update Manager Client Software .............................................. 3-17Starting the Update Manager Client For the First Time .................................................................. 3-18Registering Systems .............................................................................................................................. 3-19Select Service Level ............................................................................................................................... 3-22Registration Confirmation ................................................................................................................... 3-23Registration Complete .......................................................................................................................... 3-24Installing Updates With the Update Manager Client ...................................................................... 3-25Setting Update Manager Client Preferences ..................................................................................... 3-28Update Manager’s Proxy ..................................................................................................................... 3-29Configuring the Update Manager’s Proxy ........................................................................................ 3-30Configuring Clients to Use the Update Manager’s Proxy .............................................................. 3-31Patch Administration From the CLI ................................................................................................... 3-33Using the smpatch Command ............................................................................................................ 3-34Phases for Applying Updates ............................................................................................................. 3-35Command Examples ............................................................................................................................ 3-36Configuring the Patch Management Environment .......................................................................... 3-39Command Examples ............................................................................................................................ 3-40Using the Update Policy for Applying Updates .............................................................................. 3-43Example of Using the Update Policy ................................................................................................. 3-44

Managing Swap Configuration ............................................................................... 4-1Objectives ................................................................................................................................................. 4-2Introducing Virtual Memory ................................................................................................................. 4-3Physical RAM .......................................................................................................................................... 4-4Swap Space .............................................................................................................................................. 4-5The swapfs File System ......................................................................................................................... 4-7

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System viiCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Paging ....................................................................................................................................................... 4-8Configuring Swap Space ........................................................................................................................ 4-9Displaying the Current Swap Configuration .................................................................................... 4-10Adding Swap Space .............................................................................................................................. 4-12Removing Swap Space ......................................................................................................................... 4-14

Managing Crash Dumps and Core Files ................................................................ 5-1Objectives ................................................................................................................................................. 5-2Managing Crash Dump Behavior ......................................................................................................... 5-3Crash Dump ............................................................................................................................................. 5-4Displaying the Current Dump Configuration .................................................................................... 5-5Changing the Crash Dump Configuration .......................................................................................... 5-6Managing Core File Behavior ................................................................................................................ 5-7Core Files .................................................................................................................................................. 5-8Displaying the Current Core File Configuration ................................................................................ 5-9Changing the Core File Configuration .............................................................................................. 5-11Pattern Options for the coreadm Command ..................................................................................... 5-13Pattern Options for the Global Core File Content ............................................................................ 5-14Examples of the coreadm Command ................................................................................................. 5-16

Configuring NFS ....................................................................................................... 6-1Objectives ................................................................................................................................................. 6-2NFS Benefits ............................................................................................................................................. 6-3NFS Distributed File System Fundamentals ....................................................................................... 6-5NFS Version 4 (NFSv4) ........................................................................................................................... 6-8Pseudo-File System ................................................................................................................................. 6-9Strong Security ...................................................................................................................................... 6-10Compound Procedures ........................................................................................................................ 6-11Extended Attributes .............................................................................................................................. 6-12File Handles ........................................................................................................................................... 6-13

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System viiiCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Delegation .............................................................................................................................................. 6-14Configuring an NFS Server and Client .............................................................................................. 6-15Managing an NFS Server ..................................................................................................................... 6-16NFS Server Daemons ............................................................................................................................ 6-20Managing the NFS Server Daemons .................................................................................................. 6-25NFS Server Commands ........................................................................................................................ 6-27Configuring the NFS Server for Sharing Resources ......................................................................... 6-28Managing the NFS Client ..................................................................................................................... 6-32NFS Client Daemons ............................................................................................................................ 6-34Managing the NFS Client Daemons ................................................................................................... 6-35NFS Client Commands ......................................................................................................................... 6-37Configuring the NFS Client for Mounting Resources ..................................................................... 6-38The mount Command Options ............................................................................................................ 6-42Fundamentals of NFS Server Logging ............................................................................................... 6-43Configuring NFS Log Paths ................................................................................................................ 6-44Initiating NFS Logging ......................................................................................................................... 6-47Managing NFS With the Solaris Management Console Storage Folder Tools ............................ 6-48

Configuring AutoFS ................................................................................................. 7-1Objectives ................................................................................................................................................. 7-2AutoFS Fundamentals ............................................................................................................................ 7-3Using Automount Maps ........................................................................................................................ 7-7Configuring the Master Map ................................................................................................................. 7-9Identifying Mount Points for Special Maps ...................................................................................... 7-10Using the /net Directory ..................................................................................................................... 7-11Adding Direct Map Entries ................................................................................................................. 7-12Adding Indirect Map Entries .............................................................................................................. 7-13Updating the Automount Maps ......................................................................................................... 7-16Stopping and Starting the Automount System ................................................................................. 7-17

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System ixCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Describing RAID and the Solaris™ Volume Manager Software ........................... 8-1Objectives ................................................................................................................................................. 8-2Introducing RAID ................................................................................................................................... 8-3RAID 0 ...................................................................................................................................................... 8-4RAID 1 ...................................................................................................................................................... 8-6RAID 0+1 .................................................................................................................................................. 8-7RAID 1+0 .................................................................................................................................................. 8-8Mirror Options ........................................................................................................................................ 8-9Mirror Read Policies ............................................................................................................................. 8-10Mirror Write Policies ............................................................................................................................ 8-11RAID 5 .................................................................................................................................................... 8-12Hardware Considerations ................................................................................................................... 8-16Choosing Storage Mechanisms ........................................................................................................... 8-17Optimizing Redundant Storage ......................................................................................................... 8-18Introducing Solaris Volume Manager Software Concepts ............................................................. 8-19Logical Volume ..................................................................................................................................... 8-20Soft Partitions ........................................................................................................................................ 8-21Introducing the State Database ........................................................................................................... 8-22

Configuring Solaris Volume Manager Software .................................................... 9-1Objectives ................................................................................................................................................. 9-2Solaris Volume Manager Concepts ...................................................................................................... 9-3State Database Replicas .......................................................................................................................... 9-4Creating the State Database ................................................................................................................... 9-6Creating the State Database Using the Solaris Management Console ............................................ 9-7Configuring RAID-0 ............................................................................................................................. 9-10Creating a RAID-0 Volume Using the Command Line ................................................................... 9-11Creating a RAID-0 Volume Using Solaris Management Console ................................................. 9-15Configuring RAID-1 ............................................................................................................................. 9-20Building a Mirror of the Root (/) File System ................................................................................... 9-22

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System xCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Configuring an x86-Based System for Mirrored Failover ............................................................... 9-31Unmirroring the Root (/) File System ................................................................................................ 9-37

Configuring Role-Based Access Control (RBAC) ............................................... 10-1Objectives ............................................................................................................................................... 10-2RBAC Fundamentals ............................................................................................................................ 10-3Key RBAC Files ..................................................................................................................................... 10-4The user_attr File ............................................................................................................................... 10-5Roles ........................................................................................................................................................ 10-6Assigning Rights Profiles to Users ..................................................................................................... 10-7The /etc/security/exec_attr File .............................................................................................. 10-11Assigning Rights Profiles to Roles .................................................................................................... 10-13Assigning Roles to Users ................................................................................................................... 10-17Using Roles .......................................................................................................................................... 10-18Authorizations ..................................................................................................................................... 10-19Default Authorizations ....................................................................................................................... 10-20Assigning Authorizations .................................................................................................................. 10-21Assigning Authorizations to Roles ................................................................................................... 10-23Assigning Authorizations to Rights Profiles .................................................................................. 10-25RBAC Configuration File Summary ................................................................................................. 10-26Managing RBAC Using the Solaris Management Console ........................................................... 10-28

Configuring System Messaging ........................................................................... 11-1Objectives ............................................................................................................................................... 11-2The syslog Concept ............................................................................................................................. 11-3The /etc/syslog.conf File ............................................................................................................... 11-4The syslogd Daemon and the m4 Macro Processor ........................................................................ 11-5Configuring the /etc/syslog.conf File .......................................................................................... 11-8Stopping and Starting the syslogd Daemon .................................................................................. 11-11Configuring syslog Messaging ....................................................................................................... 11-12

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System xiCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Monitoring a syslog File in Real Time ........................................................................................... 11-13Using the Solaris Management Console Log Viewer .................................................................... 11-14

Using Name Services ............................................................................................. 12-1Objectives ............................................................................................................................................... 12-2Name Service Concept ......................................................................................................................... 12-3Domain Name System (DNS) ............................................................................................................. 12-6Network Information Service (NIS) ................................................................................................... 12-9Network Information Service Plus (NIS+) ...................................................................................... 12-12Lightweight Directory Access Protocol (LDAP) ............................................................................ 12-15Name Service Switch File ................................................................................................................... 12-18Configuring the Name Service Cache Daemon (nscd) ................................................................. 12-23Retrieving Name Service Information ............................................................................................. 12-26

Configuring Name Service Clients ....................................................................... 13-1Objectives ............................................................................................................................................... 13-2Configuring a DNS Client ................................................................................................................... 13-3Configuring the DNS Client During Installation ............................................................................. 13-4Editing DNS Client Configuration Files ............................................................................................ 13-6Setting Up an LDAP Client .................................................................................................................. 13-9Client Authentication ......................................................................................................................... 13-10Client Profile and Proxy Account ..................................................................................................... 13-12Client Initialization ............................................................................................................................. 13-13Configuring the LDAP Client During Installation ......................................................................... 13-14Initializing the Native LDAP Client ................................................................................................. 13-15Copying the /etc/nsswitch.ldap File to the /etc/nsswitch.conf File ............................. 13-16Listing LDAP Entries .......................................................................................................................... 13-17Unconfiguring an LDAP Client ........................................................................................................ 13-18

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System xiiCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Configuring the Network Information Service (NIS) ........................................... 14-1Objectives ............................................................................................................................................... 14-2NIS Fundamentals ................................................................................................................................ 14-3NIS Namespace Information ............................................................................................................... 14-4Map Contents and Sort Keys ............................................................................................................... 14-5Commands to Read Maps .................................................................................................................... 14-6NIS Domains .......................................................................................................................................... 14-7NIS Master Server ................................................................................................................................. 14-8NIS Slave Servers .................................................................................................................................. 14-9NIS Clients ........................................................................................................................................... 14-10NIS Processes ....................................................................................................................................... 14-11Configuring the Name Service Switch ............................................................................................. 14-12NIS Security ......................................................................................................................................... 14-13Configuring an NIS Domain ............................................................................................................. 14-14Generating NIS Maps ......................................................................................................................... 14-16Locating Source Files .......................................................................................................................... 14-17Converting ASCII Source Files Into NIS Maps ............................................................................... 14-19Configuring the NIS Master Server .................................................................................................. 14-20Testing the NIS Service ...................................................................................................................... 14-23Configuring the NIS Client ................................................................................................................ 14-24Configuring the NIS Slave Server ..................................................................................................... 14-26Updating the NIS Map ....................................................................................................................... 14-29

Introduction to Zones ............................................................................................ 15-1Objectives ............................................................................................................................................... 15-2Solaris Zones .......................................................................................................................................... 15-3Zone Features ........................................................................................................................................ 15-4Zone Types ............................................................................................................................................. 15-5Global Zones .......................................................................................................................................... 15-6Non-Global Zones ................................................................................................................................. 15-8

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System xiiiCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Zone Daemons ....................................................................................................................................... 15-9Zone File Systems ............................................................................................................................... 15-11Zone Networking ................................................................................................................................ 15-14Zone States ........................................................................................................................................... 15-15Configuring Zones .............................................................................................................................. 15-16Identifying Zone Components .......................................................................................................... 15-17Allocating File System Space ............................................................................................................. 15-18Using the zonecfg Command .......................................................................................................... 15-19The zonecfg Subcommands ............................................................................................................. 15-21The zonecfg Resource Parameters .................................................................................................. 15-22Zone Configuration Walk-Through ................................................................................................. 15-24Viewing the Zone Configuration ...................................................................................................... 15-27Using the zoneadm Command .......................................................................................................... 15-28Installing Packages in Zones ............................................................................................................. 15-35

Introduction to the ZFS File System ..................................................................... 16-1Objectives ............................................................................................................................................... 16-2What Is Solaris ZFS? ............................................................................................................................. 16-3What Is ZFS? .......................................................................................................................................... 16-4ZFS Terminology ................................................................................................................................... 16-5ZFS Component Naming Requirements ........................................................................................... 16-7ZFS Hardware and Software Requirements and Recommendations ........................................... 16-9Creating ZFS File Systems ................................................................................................................. 16-10Components of a ZFS Storage Pool .................................................................................................. 16-11Replication Features of a ZFS Storage Pool ..................................................................................... 16-17Creating and Destroying ZFS Storage Pools ................................................................................... 16-25Querying ZFS Storage Pool Status ................................................................................................... 16-31Creating and Destroying ZFS File Systems ..................................................................................... 16-36ZFS Properties ..................................................................................................................................... 16-41Querying ZFS File System Information ........................................................................................... 16-50

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System xivCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Managing ZFS Properties .................................................................................................................. 16-53Mounting ZFS File Systems ............................................................................................................... 16-58ZFS Web-Based Management ........................................................................................................... 16-66ZFS Snapshots ..................................................................................................................................... 16-67ZFS Snapshots ..................................................................................................................................... 16-72ZFS Clones ........................................................................................................................................... 16-74Using ZFS on a Solaris System With Zones Installed .................................................................... 16-81

Sun Services


Preface

About This Course

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xvi of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Course Goals

Upon completion of this course, you should be able to:

• Describe network basics• Manage virtual file systems and core dumps• Manage storage volumes• Control access and configure system messaging• Set up name services• Perform advanced installation procedures

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xvii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Course Map

DescribingInterface

Configuration

Describing theClient-Server

Model

UsingName

Services

ConfiguringName

Service Clients

Configuringthe NetworkInformation

Service (NIS)

Describing Network Basics

ManagingSwap

Configuration

ManagingCrash Dumps

and Core Files

ConfiguringNFS

ConfiguringAutoFS

ConfiguringRole-Based

Access Control(RBAC)

ConfiguringSystem

Messaging

Managing Virtual File Systems and Core Dumps

DescribingRAID andSolarisVolume

ManagerSoftware

ConfiguringSolarisVolumeManagerSoftware

Managing Storage VV olumes

Controlling Access and Configuring System Messaging

Setting Up Name Services

Configuring Virtualization

Introductionto

Zones

ConfiguringZFS

SunConnectionServices

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xviii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Topics Not Covered

This course does not cover the following topics. Many of thesetopics are covered in other courses offered by Sun Services:

• Basic UNIX® commands – Covered in SA-100-S10:UNIX® Essentials Featuring the Solaris™ 10 OperatingSystem

• The vi editor – Covered in SA-100-S10: UNIX®Essentials Featuring the Solaris™ 10 Operating System

• Basic UNIX file security – Covered in SA-100-S10:UNIX® Essentials Featuring the Solaris™ 10 OperatingSystem

• Software package administration – Covered in SA-200-S10: Intermediate System Administration for the Solaris™10 Operating System

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xix of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Topics Not Covered

• Patch maintenance – Covered in SA-200-S10:Intermediate System Administration for the Solaris™ 10Operating System

• Adding users using the Solaris Management Consolesoftware – Covered in SA-200-S10: Intermediate SystemAdministration for the Solaris™ 10 Operating System

• Basic system security – Covered in SA-100-S10: UNIX®Essentials Featuring the Solaris™ 10 Operating System

• Administering initialization files – Covered in SA-200-S10: Intermediate System Administration for the Solaris™10 Operating System

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xx of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Topics Not Covered

• Advanced file permissions – Covered in SA-200-S10:Intermediate System Administration for the Solaris™ 10Operating System

• Backup and recovery – Covered in SA-200-S10:Intermediate System Administration for the Solaris™ 10Operating System

• The lp print service and print commands – Covered inSA-200-S10: Intermediate System Administration for theSolaris™ 10 Operating System

• Process control – Covered in SA-200-S10: IntermediateSystem Administration for the Solaris™ 10 OperatingSystem

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxi of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Topics Not Covered

• All the new features in Solaris 10 – Covered in SA-225S10: Solaris™ 10 for Experienced SystemAdministrators

• Hardware or software troubleshooting – Covered inST-350: Sun™ Systems Fault Analysis Workshop Systemtuning – Covered in SA-400: Enterprise SystemPerformance Management

• Detailed shell programming – Covered in SA-245: ShellProgramming for System Administrators

• Detailed network administration concepts – Covered inSA-300-S10: Network Administration for the Solaris™ 10Operating System

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Topics Not Covered

Refer to the Sun Services catalog for specific information on coursecontent and registration.

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxiii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

How Prepared Are You?

To be sure you are prepared to take this course, can youanswer yes to the following questions?

• Can you install and boot the Solaris™ 10 OperatingSystem (Solaris 10 OS) on a stand-alone workstation?

• Can you implement basic system security?• Can you add users to the system using the Solaris

Management Console software?• Can you use the pkgadd command to add software

packages?

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxiv of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

How Prepared Are You?

• Can you monitor and mount file systems?• Can you manage disk devices and processes?• Can you perform backups and restorations?

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxv of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Introductions

• Name• Company affiliation• Title, function, and job responsibility• Experience related to topics presented in this course• Reasons for enrolling in this course• Expectations for this course

Sun Services


Module 1

Describing Interface Configuration

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 2 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Objectives

• Control and monitor network interfaces• Configure Internet Protocol Version 4 (IPv4) interfaces

at boot time

Sun Services


Controlling and Monitoring NetworkInterfaces

Network commands, such as ifconfig, ping, and snoop,control and monitor the functionality of network interfaces.

Sun Services


Displaying the MAC Address

The media access control (MAC) address is your computer’sunique hardware address.

Two ways to display the MAC address or the Ethernet addressare:

• Use the ifconfig -a command:# ifconfig -alo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet127.0.0.1 netmask ff000000nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:93:c9:af

Sun Services


Displaying the MAC Address (cont.)

• Use the boot programmable read-only memory(PROM) banner command on SPARC®-based systems:

ok bannerSun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), Keyboard PresentOpenBoot 3.31 256 MB (60ns) memory installed, Serial #9685423.Ethernet address 8:0:20:93:c9:af, Host ID: 8093c9af.

Sun Services


Displaying the IP Address

The ifconfig -a command displays the current configurationfor the network interfaces.

# ifconfig -alo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232index 1 inet 127.0.0.1 netmask ff000000nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:93:c9:af

Sun Services


Marking an Ethernet Interface as Down

You can use the ifconfig command to mark an Ethernetinterface as up or down.

# ifconfig nge0 down# ifconfig -alo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232index 1 inet 127.0.0.1 netmask ff000000nge0: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:93:c9:af# ifconfig nge0 up# ifconfig -alo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232index 1 inet 127.0.0.1 netmask ff000000nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:93:c9:af

Sun Services


Sending ICMP ECHO_REQUEST Packets

To determine if you can contact another system over thenetwork, enter the ping command:

# ping sys41sys41 is alive

Sun Services


Capturing and Inspecting Network Packets

You can use the snoop utility to capture and inspect networkpackets to determine what kind of data is transferred betweensystems.

# snoop sys41 sys42sys41 -> sys42 ICMP Echo request (ID: 615 Sequence number: 0)sys42 -> sys41 ICMP Echo reply (ID: 615 Sequence number: 0)

Sun Services


Capturing and Inspecting Network Packets

Some additional snoop options include:

snoop Summary outputsnoop -V Summary verbose outputsnoop -v Detailed verbose outputsnoop -o filename Redirects the snoop utility output to filename

in summary modesnoop -i filename Displays packets that were previously captured

in filename

snoop -d device Receive packets from a network interfacespecified by device

Sun Services


Configuring IPv4 Interfaces at Boot Time

Introducing IPv4 Interface Files

Network interfaces in the Solaris OS are controlled by filesand services.

• The svc:/network/physical:default service• The /etc/hostname.xxn file• The /etc/inet/hosts file• The /etc/inet/ipnodes file

Sun Services


The /etc/hostname.xxn File Entries andCorresponding Interfaces

Entry Interface/etc/hostname.e1000g0 First e1000g (Intel PRO/1000 Gigabit family device driver)

Ethernet interface in the system

/etc/hostname.bge0 First bge (Broadcom Gigabit Ethernet device driver) Ethernetinterface in the system

/etc/hostname.bge1 Second bge Ethernet interface in the system

/etc/hostname.ce0 First ce (Cassini Gigabit-Ethernet device driver) Ethernetinterface in the system

/etc/hostname.qfe0 First qfe (Quad Fast-Ethernet device driver) Ethernetinterface in the system

/etc/hostname.hme0 First hme (Fast-Ethernet device driver) Ethernet interface inthe system

/etc/hostname.eri0 First eri (eri Fast-Ethernet device driver) Ethernet interfacein the system

/etc/hostname.nge0 First nge (Nvidia Gigabit Ethernet driver) Ethernet interfacein the system

Sun Services


The /etc/inet/ipnodesFile

A local database that associates the names of nodes with theirInternet Protocol (IP) addresses.

cat /etc/inet/ipnodes## Internet host table#::1 localhost127.0.0.1 localhost192.168.30.41 sys41 loghost

Sun Services


Changing the System Host Name

The host name of a system is contained in four files on thesystem. You must modify all of these files, and perform areboot, to successfully change a system’s host name. The filesthat contain the host name of a system are:

• The /etc/nodename file• The /etc/hostname.xxn file• The /etc/inet/hosts file• The /etc/inet/ipnodes file

Sun Services


The sys-unconfigCommand

You can use the /usr/sbin/sys-unconfig command torestore a system’s configuration to an unconfigured state,ready to be reconfigured again.

The sys-unconfig command does the following:

• Saves the current/etc/inet/hosts file information inthe /etc/inet/hosts.saved file.

• If the current /etc/vfstab file contains Network FileSystem (NFS) mount entries, it saves the /etc/vfstabfile to the /etc/vfstab.orig file.

• Restores the default /etc/inet/hosts file.

Sun Services



• Removes the default host name in the/etc/hostname.xxn files for all configured interfaces.

• Removes the default domain name in the/etc/defaultdomain file.

• Restores the time zone to PST8PDT in the/etc/TIMEZONE file.

• Resets naming services to local files.• Removes the /etc/inet/netmasks file.• Removes the /etc/defaultrouter file.• Removes the password set for the root user in the

/etc/shadow file.• Removes the /etc/.rootkey file for NIS+.

Sun Services



• Executes all system configuration applications. Theseapplications are defined by prior executions of asysidconfig -a command.

• Removes the /etc/resolv.conf file for DNS clients.• Disables Lightweight Directory Access Protocol

(LDAP) by removing:• The /var/ldap/ldap_client_cache file• The /var/ldap/ldap_client_file file• The /var/ldap/ldap_client_cred file• The /var/ldap/cachemgr.log file

• Regenerates keys for the Secure Shell Daemon (sshd)

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System

Module 2

Describing the Client-Server Model

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 2 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Objectives

• Describe client-server processes• Start server processes

Sun Services


Introducing Client-Server Processes

The client-server model describes network services and theclient programs of those services.

One example of the client-server relationship is the nameserver and resolver model of the DNS.

Another example of the client and server relationship is theNFS.

Sun Services


Introducing Client Processes

The client is a host or a process that uses services from anotherhost or program, known as a server.

FileServer

NameServer

PrintServer

Sun Services


Introducing Server Processes

The server is a host or a process that provides services toanother program known as a client.

Printer A

PrintServer

StorageServer

StorageArray 1

StorageArray 2

Client 3 Client 4Client 1 Client 2

Printer B Printer C

Sun Services


The Service Management Facility (SMF)

SMF provides a centralized configuration structure formanaging system services and the interaction of a servicewith other services. SMF includes the following:

• A mechanism to establish and formalize dependencyrelationships between services.

• Information on procedures to start, stop, and restartservices.

• A centralized repository for information on startupbehavior and service status.

Sun Services


The Service Management Facility (cont.)

• A structured mechanism for Fault Management ofsystem services.

• Detailed information about misconfigured servicessuch as an explanation of why a service is not running.

• Individual log files for each service.

Sun Services


Services

• The fundamental unit of administration in SMF is theservice.

• It provides a known list of capabilities to other localand remote services.

• Services are represented as instance nodes which arechildren of service nodes.

• One service might have many instances such as a Webserver on multiple ports.

• Both service nodes and instance nodes can haveproperties.

• If an instance does not have property X, the service'sproperty X is used.

Sun Services


Service and Instance Nodes

Sun Services


Service Identifiers

• The service identifier is in the form ofa Fault Management ResourceIdentifier or FMRI.

• The FMRI indicates the type of serviceor category, and the name andinstance of the service.

Service Category Description

milestone Synthetic service s for clean dependencystatement

device General device services

system Services concerned with host-centric, non-networked capabilities

system/security Low-level host-centric services implementingsecurity facilities

network Services concerned with host-centric, networkinfrastructure capabilities

application General software services

application/management

Services implementing management facilities

application/security Services implementing high-level securityfacilities

site Services implementing site-specific software

platform Services implementing platform-specificsoftware

Sun Services


Service Identifiers (cont.)

• FMRI examples:svc:/system/filesystem/root:defaultlrc:/etc/rc3_d/S90samba

Sun Services


Listing Service Information

The svcs command to list the FMRIs and states:

# svcsSTATE STIME FMRIlegacy_run Feb_10 lrc:/etc/rc2_d/S10lulegacy_run Feb_10 lrc:/etc/rc2_d/S20sysetuplegacy_run Feb_10 lrc:/etc/rc2_d/S90wbemlegacy_run Feb_10 lrc:/etc/rc2_d/S99dtloginlegacy_run Feb_10 lrc:/etc/rc3_d/S81volmgt(output removed)online Feb_10 svc:/system/system-log:defaultonline Feb_10 svc:/system/fmd:defaultonline Feb_10 svc:/system/console-login:defaultonline Feb_10 svc:/network/smtp:sendmailonline Feb_10 svc:/milestone/multi-user:defaultonline Feb_10 svc:/milestone/multi-user-server:defaultonline Feb_10 svc:/system/zones:defaultoffline Feb_10 svc:/application/print/ipp-listener:defaultoffline Feb_10 svc:/application/print/rfc1179:defaultmaintenance 10:24:15 svc:/network/rpc/spray:default

Sun Services


Service StatesService put in maintenance state

Service disabled

Can’t read config

Service marked disabled

Service enabled by admin

Dependency not met or start failed

Dependency metand service enabled

Service shutdown,restart or disable

Partial failure ofservice or dependency

Refresh

No improvement in service

Dependencies staisfied and service is healthy

Unresolvable erroror thresholds reached

Unresolvable error orthresholds reached

Unresolvable error orthresholds reached

Service shutdown,restart or disable

Re-readconfig data

Re-readconfig data

Administratorintervention

Startservice

UNINITALIZED

MAINTENANCE OFFLINE

ONLINE

DEGRADED

DISABLED

Sun Services


Milestones

A milestone can be regarded as a system state to reach. Thissystem state requires a defined set of services to be running.These services depend on other services being available.

Currently there are six milestones:

• single-user• multi-user• multi-user-server• network• name-services• sysconfig• devices

Sun Services


Milestones (cont.)

milestone

network system application

name-services net-physical filesystem print X11

/ /usr /var

Sun Services


Milestones (cont.)

/var/svc/manifest/milestone/multi-user-server.xml

dependency list

dependency list

multi-user milestone

/var/svc/manifest/milestone/multi-user.xml

exec /sbin/rc3

dependency list

single-user milestone

/var/svc/manifest/milestone/single-user.xml

name-services milestone

filesystem

/var/svc/manifest/system/filesystem/local-fs.xml

method

/lib/svc/method/fs-local

milestone multiuser

Sun Services


The svc.startdDaemon

The svc.startd is the daemon which is responsible formaintaining the system services. It is svc.startd whichensures that the system boots to the appropriate milestone.

Currently the milestones that can be used at boot time are:

• none• single-user• multi-user• multi-user-server• all

Sun Services


The Service Configuration Repository

The repository database stores information about the state ofeach service instance. It also stores configuration informationabout the services and system.

The disk-based database is /etc/svc/repository.db.

This file can only be manipulated using the SMF interfaceutilities svccfg and svcprop.

A corrupt repository can be repaired by booting the system tosingle user, and running the command:

# /lib/svc/bin/restore_repository

and following the instructions.

Sun Services


Starting Server Processes

To start services for server processes, you must know whichfiles to use for automatic service configuration. You must alsoknow how to manually start the services.

Introducing the Internet Service Daemon (inetd)

The inetd daemon is a special network process that runs oneach system and starts server processes that do notautomatically start at boot time.

The inetd daemon starts at boot time by svc.startd. Thereis a legacy configuration file for inetd, /etc/inet/inetd.conf. Services listed in this file are imported into theService Management Facility (SMF) by the inetconvcommand.

Sun Services


The Impact of SMF on Network Services

SMF has a major impact on network services in that eachservice can be independently enabled or disabled using theinetadm command.

To disable the telnet facility:

# inetadm -d telnet# inetadm | grep telnetdisabled disabled svc:/network/telnet:default

To enable the telnet facility:

# inetadm -e telnet# inetadm | grep telnetenabled online svc:/network/telnet:default

Sun Services


Introducing Network Ports

Network ports help transport protocols distinguish betweenmultiple service requests arriving at a given host computer.

There are two fundamental approaches to port assignments:

• Central authority• All users must agree to allow the central authority to

assign all port numbers.• The central authority is responsible for publishing

the list of port number assignments, called well-known port assignments.

• Well-known port assignments dictate softwarerequirements on a system.

Sun Services



• Dynamic binding• The ports are unknown to the client in advance. The

system software dynamically assigns ports to theprograms that require them.

• To obtain the current port assignments on anycomputer, the software generates a request to thetarget machine for the port number information. Thetarget machine then responds with the port number.

• These port number assignments are consideredephemeral since assignments are short lived, onlylasting until the system is rebooted.

Sun Services



Well-known ports are stored in the/etc/inet/servicesfile.

# grep telnet /etc/inet/servicestelnet 23/tcp

Sun Services


Starting Services That Use a Well-KnownPort

Services following the central authority approach that use awell-known port includes:

• Services that start by default at system boot time• Services that do not start automatically at boot, and

must start on demand

Sun Services


Requesting a Well-Known Service

23

n

32

6

7

1

sys41 (Client)

telnet ...in.telnetd

sys42 (Server)

Traraffic ofic onnnnnnnnnnnTraffic onnnnnn

= port number n

Time

4

in.telnetd in.telnetd (port (port nnnnnnnnnn)in.telnetd (port nnnnn ) 5

nnnnn 23

inetdtelnet sys42

8 in.telnetd

Sun Services


Starting RPC Services

RPC services are services developed using a set of utilitiesdeveloped by Sun Microsystems, Inc. While RPC services areassigned a unique program number by the programmer whenthey are written, the RPC services are not typically assigned towell-known ports.

Types of RPC services that follow the dynamic bindingapproach include:

• Services that start by default at system boot time• Services that do not start automatically at boot and

must start on demand

Sun Services


Starting RPC Services at Boot Time

RPC services started at boot time with startup scripts run onavailable ports above 32768. The rpcbind process associatesRPC program numbers with port numbers.

The /lib/svc/method/rpc-bind startup script initializesthe rpcbind service. The port number used by the rpcbinddaemon is listed in the /etc/inet/services file.

After the system starts up, the rpcbind daemon startslistening at port 111. To view the port number and protocol,perform the command:

# grep rpcbind /etc/servicessunrpc 111/udp rpcbindsunrpc 111/tcp rpcbind

Sun Services


Starting RPC Services on Demand

Some rpcbind services start only on demand. The portnumbers are registered with the rpcbindprocess during boot.

When a client application requests a service, the rpcbindprocess returns the port number of the service to the clientmachine.

The client machine generates a new request using the portnumber that it just received for the requested service.

Sun Services


Requesting an RPC Address

n = port number n

1

1112

6

Host 1 (Client)

spray host2

4

3

spray/1... rpc.spraydrpc.sprayd (port nnnnn)

Host 2 (Server)

Time

5

nnnnn nnnnn

nnnnn

nnnnn

rpcbind

inetd

Start rpcbind (port 111)

Sun Services


Using the rpcinfoCommands

The rpcinfo command makes an RPC call to an RPC server,and reports what it finds.

To list all the services registered with the rpcbind process,enter the rpcinfo command as follows:

rpcinfo -p [ host ]For example:# rpcinfo -p

program vers proto port service 100000 4 tcp 111 rpcbind 100000 3 tcp 111 rpcbind 100000 2 tcp 111 rpcbind 100000 4 udp 111 rpcbind 100000 3 udp 111 rpcbind 100000 2 udp 111 rpcbind 100232 10 udp 32772 sadmind<output truncated>

Sun Services


Deleting RPC Service Registration

To unregister the RPC service given a specified prognum(program number) and versnum (version number), performthe rpcinfo command:

rpcinfo -d prognum versnumFor example:# rpcinfo -d 100012 1

The deleted RPC service that uses program number 100012 issprayd. To register the sprayd service again, restart theinetd daemon as follows:

# svcadm disable svc:/network/rpc/spray:udp# svcadm enable svc:/network/rpc/spray:udp

Sun Services


Module 3

Introducing Sun Connection Services

Sun Services


Objectives

Implement patch management using Sun ConnectionServices including the Update Manager client, the smpatchcommand line, and Sun Connection hosted Web application

Sun Services


Solaris 10 OS Patch Access Policy

The new Solaris 10 OS patch access policy:

• A service plan is not required for security, dataintegrity or hardware driver updates.

• A Sun Online Account is required for any patchesobtained using the Sun Connection.

Sun Services


Introducing Sun Connection

Sun Connection is a seamless architecture that provides:

• Notifications to let administrators• Automated procedures• Fast intelligent software dependency checks• Optional local caching of updates• A Web hosted service

Sun Services


Administering Patches

The Sun Connection tools include the following:

• Update Manager client graphical user interface (GUI)• Sun Connection hosted Web application• Update Manager client command-line interface

(smpatch)

Sun Services


Sun Connection Modes

• Local management of individual systems using theUpdate Manager client or the smpatch CLI

• Remote and centralized management of multiplesystems using the Sun Connection hosted Webapplication

Sun Services


Locally Managing Updates for IndividualSystems

• Maintain your own updates to the Solaris 10 OS byestablishing a connection to Sun Connection.

• Sun Connection client software enables access to theSun Connection servers hosted at Sun.• Automatic notification• Update Manager client application• The smpatch command

Sun Services


Locally Managing Updates for IndividualSystems (cont.)

Sun Services


Update Manager Client

• The Update Manager client is a successor to the SolarisPatch Manager application.• PatchPro analysis engine• A new user interface

• Users can:• Analyze system to check for available updates• View a list of updates currently available and

applicable for the system• View details about a specific update• Install selected updates

Sun Services


Update Manager Client (cont.)

Sun Services


The smpatchCommand Line Interface

• The smpatch command line interface (CLI) for SunConnection is built into the Solaris 10 OS.

• The smpatch CLI enables you to:• Analyze and produce a list of recommended patches

for a system using the smpatch update command.• Download one or more patches to a system using the

smpatch download command.• Add one or more patches to a system using

smpatch add command.• Back out unwanted patches usingsmpatch remove

command.

Sun Services


Caching Patches With Update Manager'sProxy

Sun Services


Sun Connection Hosted Web Application

Sun Services


Sun Connection Hosted Web Application(cont.)

Sun Services


Establishing a Sun Online Account

• A Sun Online Account is required for using the SunConnection services regardless of the mode ofconnection you choose.

• There is no charge for establishing such an account.Start at:http://www.sun.com/

• Click on the My Account link.

Sun Services


Obtain a Sun Service Plan

• A Sun Service Plan is optional.• Without one you will get security and hardware driver

updates only.• If you want all the other updates available contact your

Sun Service Representative and subscribe to anappropriate service plan.

• Obtain a subscription key associated with that plan foruse later when you install and register systems for SunConnection functionality.

Sun Services


Downloading and Installing the UpdateManager Client Software

• Solaris OS versions that precede the Solaris 10 1/06release.

• Solaris 10 1/6 and later releases.• The Update Manager client (1.0.4) download and

installation:• On SPARC-based systems# smpatch update -i 121118-05

• On x86-based systems:# smpatch update -i 12119-05

Sun Services


Starting the Update Manager Client For theFirst Time

Click on the Java™ Desktop notification icon or run the# /usr/bin/updatemanager command.

Sun Services


Registering Systems

Sun Services


Registering Systems (cont.)

Sun Services


Registering Systems (cont.)

Sun Services


Select Service Level

Sun Services


Registration Confirmation

Sun Services


Registration Complete

Sun Services


Installing Updates With the UpdateManager Client

Sun Services


Installing Updates With the UpdateManager Client (cont.)

Sun Services


Installing Updates With the UpdateManager Client (cont.)

Sun Services


Setting Update Manager Client Preferences

• The source of your updates.• The Update Manager’s proxy hostname, IP address

and authentication details.• The directory where updates will be downloaded.

(Default is /var/sadm/spool.)• The backout data directory setting.• New update available notification icon for your Java

Desktop.• Daily automatic update analysis.

Sun Services


Update Manager’s Proxy

• The Update Manager’s proxy minimizes the Internettraffic between your systems and the Sun updateserver.

• The Update Manager’s proxy obtains updates from itssource of updates on a per-request basis.

• The proxy supports client systems that use the SunConnection 1.0 software and the Sun Patch Manager 2.0software.

Sun Services


Configuring the Update Manager’s Proxy

• Verify that required packages are on your system:# pkginfo | grep SUNWpsvrsystem SUNWpsvrr Patch Server Deployment (Root)system SUNWpsvru Patch Server Deployment (Usr)

• Set the network proxy for the Update Manager’s proxy:# patchsvr setup -x network_proxy:port

• Specify the next update server:# patchsvr setup -p http://server-name:port/solaris/

• Specify the default Sun update server:# patchsvr setup -p https://getupdates1.sun.com/solaris/

• Start the proxy server:# patchsvr start

• Configure the proxy server to start on subsequent systemboots:# patchsvr enable

Sun Services


Configuring Clients to Use the UpdateManager’s Proxy

Install and start the Update Manager client software on theclient by typing the following command:

# /usr/bin/updatemanager

Sun Services


Configuring Clients to Use the UpdateManager’s Proxy (cont.)

Sun Services


Patch Administration From the CLI

• A Solaris OS update types include:• Standard updates• Recommended patches• Update clusters

• An update is distributed as a directory that is identifiedby a unique number:105050-01.jar

Sun Services


Using the smpatchCommand

• The smpatch command was available in two modes:• Local mode• Remote mode

• By default, smpatch runs in local mode.• If you specify any of the remote or authentication

options (except for -L), remote mode is used.

Sun Services


Phases for Applying Updates

• The full sequence involves these phases:• Analyzing your system• Downloading the necessary updates• Applying the updates

• Phase control:• The smpatch update command performs all three

functions in one command.• The smpatch analyze and smpatch update

commands performs all three functions using twocommands.

• The smpatch analyze, smpatch download, andsmpatch add commands will perform all threefunctions using three commands.

Sun Services


Command Examples

• Analyze your local system and determine theappropriate, available updates for it.# smpatch analyze > plist# vi plist...119397-06 SunOS 5.10: patch for North America region localesissues# patchadd -p | grep 119397

• Download (but not apply) a new update.# smpatch download -i 119397-06119379-06 has been validated.# smpatch get | grep downloadpatchpro.download.directory - /var/sadm/spool# cd /var/sadm/spool ; ls119397-06.jar...

Sun Services


Command Examples (cont.)

• Install and verify an update.# smpatch add -i 119397-06add patch 119397-06Patch 119397-06 has been successfully installed.# patchadd -p | grep 119397-06Patch: 119397-06 Obsoletes: Requires: 121734-01 Incompatibles:Packages: SUNWnameos SUNWnamdt SUNWnamow# smpatch analyze | grep 119397-06

• Remove an update.# smpatch remove -i 119397-06remove patch 119397-06Transition old-style patching.Patch 119397-06 has been backed out.# smpatch analyze | grep 119397-06119397-06 SunOS 5.10: patch for North America region localesissues

Sun Services


Command Examples (cont.)

• Apply an update in one step.# smpatch update -i 118815-05118815-05 has been validated.Installing patches from /var/sadm/spool...118815-05 has been applied./var/sadm/spool/patchpro_dnld_2007.03.16@12:36:36:MST.txt hasbeen moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2007.03.16@12:36:36:MST.txt

Sun Services


Configuring the Patch ManagementEnvironment

• The smpatch get, smpatch set and smpatch unsetcommands are used to configure the patchmanagement environment:• smpatch get displays the current settings for

environment parameters.• smpatch set changes values for environment

parameters.• smpatch unset enables the default values for

environment parameters.

Sun Services


Command Examples

• Display the current environment parameter values.# smpatch getpatchpro.backout.directory - ""patchpro.baseline.directory - /var/sadm/spoolpatchpro.download.directory - /var/sadm/spoolpatchpro.install.types - rebootafter:reconfigafter:standardpatchpro.patch.source http://192.168.201.1:3816/solaris/ https://getupdates1.sun.com/solaris/patchpro.patchset - currentpatchpro.proxy.host - ""patchpro.proxy.passwd **** ****patchpro.proxy.port - 8080patchpro.proxy.user - ""

• Set a new value for the update source.# smpatch set patchpro.patch.source=http://newproxy.apex.com:3816/solaris/# smpatch getpatchpro.backout.directory - ""patchpro.baseline.directory - /var/sadm/spoolpatchpro.download.directory - /var/sadm/spool

Sun Services


Command Examples (cont.)patchpro.install.types - rebootafter:reconfigafter:standardpatchpro.patch.source http://newproxy.apex.com:3816/solaris/ https://getupdates1.sun.com/solaris/patchpro.patchset - currentpatchpro.proxy.host - ""patchpro.proxy.passwd **** ****patchpro.proxy.port - 8080patchpro.proxy.user - ""

• Set the source of updates to a local or remote directory.# smpatch set patchpro.patch.source=file:/net/sys-04/export/updates# smpatch set patchpro.patch.source=file:/local/updates# smpatch set patchpro.patch.source=file:/cdrom/cdrom0

• Set the patchpro.patch.source parameter back tothe default value.

# smpatch unset patchpro.patch.source# smpatch getpatchpro.backout.directory - ""patchpro.baseline.directory - /var/sadm/spool

Sun Services


Command Examples (cont.)patchpro.download.directory - /var/sadm/spoolpatchpro.install.types - rebootafter:reconfigafter:standardpatchpro.patch.source - https://getupdates1.sun.com/solaris/patchpro.patchset - currentpatchpro.proxy.host - ""patchpro.proxy.passwd **** ****patchpro.proxy.port - 8080patchpro.proxy.user - ""

• Configure an update set which defines a subset ofupdates that commands will work with.

# smpatch set patchpro.patchset=recommended# smpatch analyze

Sun Services


Using the Update Policy for ApplyingUpdates

• The patchpro.install.types property defines theupdate policy in effect for the update managementenvironment.

• Types of updates that are applied to the system:• Standard updates that are applied immediately and

require no system restart• Updates that require a system restart• Updates that must be manually applied

Sun Services


Example of Using the Update Policy

• Not Using the smpatch update command# smpatch analyze | grep wanboot119681-06 SunOS 5.10: wanboot patch# patchadd -p | grep 119681Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr# smpatch download -i 119681-06119681-06 has been validated.# smpatch add -i 119681-06add patch 119681-06...Validating patches...Loading patches installed on the system...Done!Loading patches requested to install.Done!Checking patches that you specified for installation.Done!Approved patches will be installed in this order:119681-06Patch 119681-06 has been successfully installed.

Sun Services


Example of Using the Update Policy (cont.)# patchadd -p | grep 119681Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakrPatch: 119681-06 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr# smpatch analyze | grep 119681-06## cd /var/sadm/spool ; ls119681-06.jarcachepatchpro_dnld_2006.02.13@10:10:29:MST.txt# cat *.txtThis patch bundle was generated by PatchPro.

Please refer to the README file within each patch for installationinstructions. To properly patch your system, the following patchesshould be installed in the listed order:

1) 119681-06 !!! IMMEDIATE REBOOT !!!

Sun Services


Example of Using the Update Policy (cont.)# cd /var/sadm/spool# jar xvf 119681-06.jar 119681-06/patchinfo inflated: 119681-06/patchinfo# grep PROP 119681-06/patchinfoPATCH_PROPERTIES='reconfigimmediate'

• Using the smpatch update Command# smpatch update -i 119681-06119681-06 has been validated.Installing patches from /var/sadm/spool...NOTICE: Patch 119681-06 cannot be installed until the next system shutdown./var/sadm/spool/patchpro_dnld_2006.02.15@06:02:43:MST.txt has been moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2006.02.15@06:02:43:MST.txt/var/sadm/spool/patchpro_dnld_2006.02.15@06:09:14:MST.txt has been moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2006.02.15@06:09:14:MST.txt

Sun Services


Example of Using the Update Policy (cont.)

• Using the smpatch update Command (cont.)

ID's of the updates that are disallowed by installation policy have beenwritten to file

/var/sadm/spool/disallowed_patch_list

One or more updates that you installed requires a system shutdown to activate it. Toinitiate the system shutdown, you must use one of the following commands:o Power down the system - init 0 or shutdown -i 0o Drop to the firmware prompt - init 5 or shutdown -i 5o Restart the system - init 6 or shutdown -i 6# cat /var/sadm/spool/disallowed_patch_list119681-06

Sun Services


Module 4

Managing Swap Configuration

Sun Services


Objectives

• Describe virtual memory• Configure swap space

Sun Services


Introducing Virtual Memory

Virtual memory combines RAM and dedicated disk storageareas known as swap space.

Virtual memory management software maps copies of files ondisk to virtual addresses.

Programs use these virtual addresses, rather than realaddresses, to store instructions and data.

Virtual memory makes it possible for the operating system(OS) to use a large range of memory.

Sun Services


Physical RAM

When working with swap space, RAM is the most criticalresource in your system.

• Virtual and physical addressesThe Solaris 10 OS virtual memory managementsystem maps the files on disk to virtual addresses invirtual memory.

• Anonymous memory pagesPhysical memory pages associated with a runningprocess can contain private data or stack informationthat does not exist in any file system on disk. Theseare anonymous memory pages.

Sun Services


Swap Space

Sometimes a process must give up some of its memory spaceallocation to another process.

Anonymous memory pages are placed in a swap area, butunchanged file system pages are not.

• Swap slicesThe primary swap space on the system is a disk slice.In the Solaris 10 OS, the default location for theprimary swap space is slice 1 of the boot disk which,by default, starts at cylinder 0.As additional swap space becomes necessary, youcan configure additional swap slices.

Sun Services


Swap Space (cont.)

• Swap filesIt is also possible to provide additional swap spaceon a system by using swap files.Swap files are files that reside on a file system, andthat have been created using the mkfile command.Swap files can be permanently included in the swapconfiguration by creating an entry for the swap filein the /etc/vfstab file.

Sun Services


The swapfsFile System

Swap space for any private data or stack space for the processmust be reserved.

Swap Slice

Swap File

RAM

Swap Space

Sun Services


Paging

• The transfer of selected memory pages between RAMand the swap areas.

• Physical RAM is made available for other processes touse.

• Use the pagesize command to display the size of amemory page in bytes.• On SPARC-based systems:# pagesize8192

• On x86-based systems:# pagesize4096

Sun Services


Configuring Swap Space

The swap command provides a method of adding, deleting,and monitoring the swap areas used by the kernel.

Swap area changes made from the command line are notpermanent and are lost after a reboot.

To create permanent additions to the swap space, create anentry in the /etc/vfstab file.

Sun Services


Displaying the Current Swap Configuration

Memory paging affects the amount of memory allocated space

Task activation affects the amountof memory reserved space

Arrow up: swap -d subtracts the amount of available swap space

Arrow down: swap -a adds the amount of available swap space

Allocated

Reserved

Available

swap -sTotal Swap Allocation

Sun Services


Displaying the Current Swap Configuration

To view the current swap space allocation, complete thefollowing steps:

1. List a summary of the system’s virtual swap space.# swap -stotal: 41776k bytes allocated + 5312k reserved = 47088k used,881536k available

2. List the details of the system’s physical swap areas.# swap -lswapfile dev swaplo blocks free/dev/dsk/c0t0d0s1 136,9 16 1048304 1048304

Sun Services


Adding Swap Space

Use the following procedures to add additional swap space toyour system.

• To add swap slices, use the swap -a command:# swap -a /dev/dsk/c1t3d0s1

Edit the /etc/vfstab file and add a line similar tothe following:/dev/dsk/c1t3d0s1 - - swap - no -

Sun Services


Adding Swap Space

• To add swap files, use the mkfile command to createthe swap file. For example:# mkfile 20m /usr/local/swap/swapfile

Add the swap file to the system’s swap space.# swap -a /usr/local/swap/swapfile

Add an entry for the swap file to the /etc/vfstabfile./usr/local/swap/swapfile - - swap - no -

Sun Services


Removing Swap Space

If you no longer need the additional swap space, you candelete the swap space by removing any additional swap slicesand swap files.

• Removing swap slicesDelete a swap slice from the current swapconfiguration.# swap -d /dev/dsk/c1t3d0s1

Edit the /etc/vfstab file, and remove the swap sliceentry from the file.

Sun Services


Removing Swap Space

• Removing swap filesDelete a swap file from the current swapconfiguration.# swap -d /usr/local/swap/swapfile

• Remove the file to free the disk space that it isoccupying.# rm /usr/local/swap/swapfile

• Edit the /etc/vfstab file, and remove the swap fileentry.

Sun Services


Module 5

Managing Crash Dumps and Core Files

Sun Services


Objectives

• Manage crash dump behavior• Manage core file behavior

Sun Services


Managing Crash Dump Behavior

If a fatal operating system error occurs, the operating systemgenerates a crash dump by writing some of the contents of thephysical memory to a predetermined dump device, whichmust be a local disk slice.

You can configure the dump device by using the dumpadmcommand.

After the operating system has written the crash dump to thedump device, the system reboots.

The crash dump is saved for future analysis to help determinethe cause of the fatal error.

Sun Services


Crash Dump

When the operating system crashes, the savecore commandis automatically executed during a boot.

• The savecore command places kernel coreinformation in the/var/crash/nodename/vmcore.X file.

• The savecore command places name list informationand symbol table information in the/var/crash/nodename/unix.X file.

You can use the dumpadm command to configure the locationof the dump device and the savecore directory.

Sun Services


Displaying the Current Dump Configuration

To view the current dump configuration, use the dumpadmcommand without arguments.

# dumpadmDump content: kernel pagesDump device: /dev/dsk/c0t0d0s1 (swap)Savecore directory: /var/crash/sys-02Savecore enabled: yes

Sun Services


Changing the Crash Dump Configuration

The dumpadm command manages the configuration of thecrash dump facility.

The syntax of the dumpadm command is as follows:

/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device][-m mink | minm | min%] [-s savecore-dir] [-r root-dir]

Use the dumpadm command to make all modifications to thecrash dump configuration, rather than attempting to edit the/etc/dumpadm.conf file manually.

Sun Services


Managing Core File Behavior

When a process terminates abnormally, it typically producesa core file.

You can use the coreadm command to specify the name orlocation of core files produced by abnormally terminatingprocesses.

Sun Services


Core Files

• A core file is a disk copy of the address space of aprocess at a certain point in time.

• The operating system generates two possible copies ofcore files:• The global core file• The per-process core file

Sun Services


Displaying the Current Core FileConfiguration

You use the coreadm command without arguments to displaythe current configuration.

# coreadmglobal core file pattern:global core file content: defaultinit core file pattern: coreinit core file content: defaultglobal core dumps: disabledper-process core dumps: enabledglobal setid core dumps: disabledper-process setid core dumps: disabledglobal core dump logging: disabled

Sun Services


Displaying the Current Core FileConfiguration

The /etc/coreadm.conf file lists the same parameters thatare displayed by coreadm.

# cat /etc/coreadm.conf## coreadm.conf## Parameters for system core file configuration.# Do NOT edit this file by hand -- use coreadm(1) instead.#COREADM_GLOB_PATTERN=COREADM_GLOB_CONTENT=defaultCOREADM_INIT_PATTERN=coreCOREADM_INIT_CONTENT=defaultCOREADM_GLOB_ENABLED=noCOREADM_PROC_ENABLED=yesCOREADM_GLOB_SETID_ENABLED=noCOREADM_PROC_SETID_ENABLED=noCOREADM_GLOB_LOG_ENABLED=no

Sun Services


Changing the Core File Configuration

• The coreadm command allows you to control how corefiles are generated.

• For example, you can use the coreadm command toconfigure a system so that all process core files areplaced in a single directory.

• You can separately enable or disable two configurablecore file paths: per-process and global.

Sun Services


Changing the Core File Configuration

• All users can run the coreadm command with the -poption to specify the file name pattern to use forper-process core files.coreadm [-p pattern] [pid...]

• The root user can use the following coreadm commandoptions to configure system-wide core file options.coreadm [-g pattern] [-G content] [-i pattern] [-I content] [-d option...] [-e option...]

• Pattern options determine how core files are named.• Content options determine the content of global core

files.

Sun Services


Pattern Options for the coreadmCommand

• %p - PID• %u - Effective user ID (EUID)• %g - Effective group ID (EGID)• %f - Executable file name• %n - System node name (uname -n)• %m - Machine hardware name (uname -m)• %t - The time in seconds since midnight January 1, 1970• %d - Executable file directory/name• %z - Zonename• %% - Literal %

Sun Services


Pattern Options for the Global Core FileContent

• anon – Anonymous private mappings, includingthread stacks that are not main thread stacks

• ctf – CTF type information sections for loaded objectfiles

• data – Writable private file mappings• dism – DISM mappings• heap – Process heap• ism – ISM mappings

Sun Services


Pattern Options for the Global Core FileContent

• rodata – Read-only private file mappings• shanon – Anonymous shared mappings• shfile – Shared mappings that are backed by files• shm – System V shared memory• stack – Process stack• symtab – Symbol table sections for loaded object• text – Readable and executable private file mappings

Sun Services


Examples of the coreadmCommand

• Example 1 – Setting the core file name pattern as aregular userWhen executed from a user’s $HOME/.profile or$HOME/.login file, the following entry sets the corefile name pattern for all processes run during thelogin session:# coreadm -p core.%f.%p $$

Sun Services



• Example 2 – Dumping a user’s core files into asubdirectoryThe following command places all of the user’s corefiles into the corefiles subdirectory of the user’shome directory, differentiated by the system nodename.$ coreadm -p $HOME/corefiles/%n.%f.%p $$

Sun Services



• Example 3 – Enabling and setting the core file globalname patternThe following is an example of setting system-wideparameters that add the executable file name andPID to the name of any core file that is created:# coreadm -g /var/core/core.%f.%p -eglobal

Sun Services



• Example 4 – Checking the core file configuration forspecific PIDsRunning the coreadm command with a list of PIDsreports each process’s per-process core file namepattern, for example:# coreadm 228 507228: core default507: /usr/local/swap/corefiles/%n.%f.%p default

Sun Services

Advanced System Administration for the Solaris™ 10 Operating System

Module 6

Configuring NFS

Sun Services


Objectives

• Describe the benefits of NFS• Describe the fundamentals of the NFS distributed file

system• Manage an NFS server• Manage an NFS client• Enable the NFS server logging• Manage NFS with the Solaris Management Console

storage folder tools• Troubleshoot NFS errors

Sun Services


NFS Benefits

The NFS service enables computers of different architecturesrunning different operating systems to share file systemsacross a network.

You can implement the NFS environment on differentoperating systems (OS) because NFS defines an abstractmodel of a file system.

NFS file system operations, such as reading and writing, workas if they were accessing a local file.

Sun Services


NFS Benefits

The benefits of the NFS service are as follows:

• Allows multiple computers to use the same files,because all users on the network can access the samedata

• Reduces storage costs by sharing applications oncomputers instead of allocating local disk space foreach user application

• Provides data consistency and reliability, because allusers can read the same set of files

• Supports heterogeneous environments, includingthose found on a personal computer (PC)

• Reduces system administration overhead

Sun Services


NFS Distributed File System Fundamentals

The NFS environment contains the following components:

• NFS server• NFS client

The Solaris 10 OS supports versions 2, 3, and 4 NFSsimultaneously.

The default is to use NFSv4.

Version-related checks are applied whenever a client hostattempts to access a server’s file share.

Sun Services


NFS Distributed File System Fundamentals(cont.)

• NFS serverNFS Server (Host 1)

Shared

Directories andDisk Storage

NFS servershares diskstorage withNFS client.

NFS Client (Host 2)

/ /

export opt

rdbms

sharelibbin

rdbms

Host1# share /export/rdbms

Sun Services


NFS Distributed File System Fundamentals(cont.)

• NFS clientNFS Server (Host 1)

Shared

Directories andDisk Storage

NFS servershares diskstorage withNFS client.

NFS Client (Host 2)

/ /

optexport

sharelibbin

Host2# mount Host1:/export/rdbms /opt/rdbms

rdbms rdbms

Sun Services


NFS Version 4 (NFSv4)

• Stateful connections• Single protocol• Improved Firewall Support• Pseudo file systems• Strong security• Extended attributes• Delegation

Sun Services


Pseudo-File System

Server exports: /export_fs/local/export_fs/projects/nfs4 /export_fs

export_fs export_fs

local

nfs4x

projects payroll

nfs4

local projects

nfs4

/Exported directories

Client view of server’s export_fs dir:

Server file systems:

Server file systems:

Sun Services


Strong Security

• Remote Procedure Call (RPC) implementation of theGeneral Security Service framework (GSS)

• New security flavor RPCSEC_GSS• Used with Sun Enterprise Authentication Mechanism

(SEAM) software• Other GSS_API applications

Sun Services


Compound Procedures

NFS version 3 NFS version 4-> LOOKUP "export" ->OPEN "export/testdata"

<- OK READ

->LOOKUP "testdata" <- OPEN OK

<- OK READ OK

-> ACCESS "testdata" (sends data)

<- OK

-> READ "testdata"

<- OK

(sends data)

Sun Services


Extended Attributes

• Mandatory – Minimal level of operation• Recommended – Operating environment dependent• Named – Byte string, data associated with files or file

system

Sun Services


File Handles

• File handles are created on the server and containinformation that uniquely identifies files anddirectories.

• NFS version 4 protocol permits a server to declare thatits file handles are volatile.

• Clients must support volatile file handles if the serveruses them.

• Upon file handle expiration, the client:• Flushes the cached information that refers to that file

handle.• Searches for that file's new file handle.• Retries the operation.

Sun Services


Delegation

• The server delegates the management of a file to aclient.

• The server alone decides whether to grant a delegation.• The new nfs4cbd (1M) daemon is used for callback.• The server sends callback to get the updated state of the

file and to revoke the delegation.• Different NFS client versions behave differently when

a conflict occurs.• Delegation is enabled by default.

Sun Services


Configuring an NFS Server and Client

• nfs(4) configuration file:/etc/default/nfs

• Enabling NFS versions on server:NFS_SERVER_VERSMIN=num

NFS_SERVER_VERSMAX=num

• Enabling NFS versions on client:NFS_CLIENT_VERSMIN=num

NFS_CLIENT_VERSMAX=num

num=version 2, 3 or 4• Other options in nfs(4)

Sun Services


Managing an NFS Server

• NFS server filesYou need several files to support NFS serveractivities on any computer.• /etc/dfs/dfstab

• /etc/dfs/sharetab

• /etc/dfs/fstypes

• /etc/rmtab

• /etc/nfs/nfslog.conf

• /etc/default/nfslogd

• /etc/default/nfs

Sun Services



• The /etc/dfs/dfstab fileThe /etc/dfs/dfstab file contains the commandsthat share local directories. Each line of the dfstabfile consists of a share command.# cat /etc/dfs/dfstab(output omitted)# the very first entry to this file.## share [-F fstype] [ -o options] [-d "<text>"] <pathname>[resource]# .e.g,# share -F nfs -o rw=engineering -d "home dirs" /export/home2share -F nfs -o ro -d "Shared data files" /usr/local/datashare -F nfs -o rw,root=sys-01 -d "Database files" /rdbms_files

Sun Services



• The /etc/dfs/sharetab fileThe /etc/dfs/sharetab file contains a table of localresources currently being shared.# cat /etc/dfs/sharetab/usr/local/data - nfs ro Shared data files/rdbms_files - nfs ro,root=sys01 Database files

Sun Services



• The /etc/rmtab fileThe /etc/rmtab file contains a table of file systemsremotely mounted by NFS clients.# cat /etc/rmtabsys-03:/usr/local/datasys-02:/export/config...

• The /etc/default/nfs fileThe /etc/default/nfs file lists parameters that canbe set for NFS daemon and NFS protocols.

Sun Services


NFS Server Daemons

To start the NFS server daemons, enable thesvc:/network/nfs/server service.

# svcadm -v enable nfs/serversvc:/network/nfs/server:default enabled.

If a system has entries in its /etc/dfs/dfstab file, the NFSserver daemons start when the system enters themulti-user-server milestone.

Sun Services


NFS Server Daemons

• mountd

• nfsd

• statd

• lockd

• nfslogd

• nfsmapid

In NFSv4, the features provided by the mountd and lockddaemons are integrated into the NFSv4 protocol.

Sun Services


NFS Server Daemons

• The mountd daemonThe mountd daemon handles NFS file system mountrequests from remote systems and provides accesscontrol.The mountd daemon determines if a particulardirectory is being shared, and if the requesting clienthas permission to access it.

• The nfsd daemonWhen a client process attempts to access a remotefile resource, the nfsd daemon on the NFS serverreceives the request and the resource’s file handle,and then performs the requested operation.

Sun Services


NFS Server Daemons

• The statd daemonThe statd daemon works with the lock managerlockd daemon to provide crash recovery functionsfor the lock manager.

• The lockd daemonThe lockd daemon supports record-lockingoperations for NFS files.

• The nfslogd daemonThe nfslogd daemon provides operational loggingfor an NFS server.

Sun Services


NFS Server Daemons

• The nfsmapid daemonThe nfsmapid daemon is implemented in NFSv4.The nfsmapid daemon maps owner and groupidentification that both the NFSv4 client and serveruse.The nfsmapid daemon is started by thesvc:/network/nfs/mapid service.

Sun Services


Managing the NFS Server Daemons

The NFS daemons start conditionally when the systemtransitions through run levels, or they start manually whenenabling the svc:/network/nfs/server service.

The svcs command can be used to show the dependencies ofthe nfs/server service.

# svcs | grep nfsonline 15:35:24 svc:/network/nfs/client:defaultonline 15:35:29 svc:/network/nfs/status:default...# svcs -l nfs/serverfmri svc:/network/nfs/server:defaultname NFS server...

Sun Services


Managing the NFS Server Daemons

• Starting and stopping the NFS server daemonsTo start the NFS server daemons manually, place anentry in the /etc/dfs/dfstab file and perform thefollowing command:# svcadm enable svc:/network/nfs/server

To stop the NFS server daemons manually, performthe following command:# svcadm disable svc:/network/nfs/server

Sun Services


NFS Server Commands

• share

• unshare

• shareall

• unshareall

• dfshares

• dfmounts

Sun Services


Configuring the NFS Server for SharingResources

When the NFS server daemons are running, you can use theshare command to make file resources available.

For example, to share the /usr/local/data directory as aread-only shared resource, perform the following command:

# share -o ro /usr/local/data

Sun Services



The share command options:

• ro

• rw

• root=access-list

• ro=access-list

• rw=access-list

• anon=n

Sun Services



• Making file resources unavailable for mountingUse the unshare command to make file resourcesunavailable for mount operations.For example, to make the /usr/local/datadirectory unavailable for client-side mountoperations, perform the following command:# unshare /usr/local/data

• Displaying currently shared NFS resourcesThe dfshares command displays currently sharedNFS resources.# dfsharesRESOURCE SERVER ACCESS TRANSPORTsys-02:/usr/local/data sys-02 - -

Sun Services



• Displaying NFS mounted resourcesThe dfmounts command displays remotely mountedNFS resource information.# dfmountsRESOURCE SERVER PATHNAME CLIENTS- sys-02 /usr/local/data sys-03

Sun Services


Managing the NFS Client

• NFS client filesYou need several files to support NFS client activitieson any computer.• /etc/vfstab

• /etc/mnttab

• /etc/dfs/fstypes

• /etc/default/nfs

Sun Services


Managing the NFS Client

• The /etc/vfstab fileTo mount remote file resources at boot time, enterthe appropriate entries in the client’s /etc/vfstabfile. For example:sys-02:/usr/local/data - /usr/remote_data nfs - yes soft,bg

• The /etc/mnttab fileThe /etc/mnttab file system provides read-onlyaccess to the table of mounted file systems for thecurrent host.Mounting a file system adds an entry to the/etc/mnttab file.

Sun Services


NFS Client Daemons

The NFS client daemons are started using thesvc:/network/nfs/client service.

• statd

• lockd

• nfs4cbd

Sun Services


Managing the NFS Client Daemons

Two NFS daemons, the statd daemon and the lockddaemon, run both on the NFS servers and the NFS clients.

These daemons start automatically when a system enters thenetwork milestone.

# svcs -D milestone/networkSTATE STIME FMRIdisabled 15:34:35 svc:/network/dns/client:defaultdisabled 15:34:37 svc:/network/nfs/cbd:default(output omitted)online 16:31:18 svc:/network/nfs/nlockmgr:defaultonline 16:33:12 svc:/network/nfs/status:default

Sun Services


Managing the NFS Client Daemons

• The lockd daemon is started by the SMF servicenfs/nlockmgr.# svcadm -v enable nfs/nlockmgrsvc:/network/nfs/nlockmgr:default enabled.

• The statd daemon is started by the SMF servicenfs/status.# svcadm -v enable nfs/statussvc:/network/nfs/status:default enabled.

To manually restart these daemons, perform thefollowing commands:# svcadm -v restart nfs/statusAction restart set for svc:/network/nfs/status:default.# svcadm -v restart nfs/nlockmgrAction restart set for svc:/network/nfs/nlockmgr:default.#

Sun Services


NFS Client Commands

• dfshares

• mount

• umount

• mountall

• umountall

Sun Services


Configuring the NFS Client for MountingResources

• Displaying a server’s available resourcesYou can use the dfshares command to list resourcesmade available by an NFS server.# dfshares sys-02RESOURCE SERVER ACCESS TRANSPORTsys-02:/usr/local/data sys-02 - -...

Sun Services



• Accessing the remote file resourceUse the /usr/sbin/mount command to attach a localor remote file resource to the local file systemhierarchy. For example:# mount sys-02:/rdbms_files /rdbms_files

When mounting a read-only remote resource, youcan specify a comma-separated list of sources for theremote resource, which are then used as a list offailover resources.# mount -o ro sys-45,sys-43,sys-41:/multi_homed_data /remote_shared_data

Sun Services



• Unmounting the remote file resources from the clientUse the umount command to detach local and remotefile resources from the file system hierarchy.# umount /rdbms_files

• Mounting all file resourcesThe /usr/sbin/mountall command mounts all fileresources listed in the /etc/vfstab file with a mountat boot value of yes.To limit the action of this command to remote fileresources, use the -r option.# mountall -r

Sun Services



• Unmounting all currently mounted file resourcesUse the umountall command with the -r option torestrict unmounting to only remote file systems.# umountall -r

• Mounting remote resources at boot timeTo mount a remote file resource at boot time, createan appropriate entry in the client’s /etc/vfstab file.For example:sys-02:/usr/local/data - /usr/remote_data nfs - yes soft,bg

Sun Services


The mountCommand Options

• rw|ro

• bg|fg

• soft|hard

• intr|nointr

• suid|nosuid

• timeo=n

• retry=n

• retrans=n

Sun Services


Fundamentals of NFS Server Logging

The NFS server logging feature records NFS transactions.

The nfslogd daemon provides operational logging.

When you enable NFS server logging, the NFS kernel modulewrites records of all NFS operations on the file system into abuffer file.

The nfslogd Daemon

The nfslogddaemon converts the raw data from the loggingoperation into ASCII records, and stores the raw data in ASCIIlog files.

Sun Services


Configuring NFS Log Paths

The /etc/nfs/nfslog.conffile defines the path, file names,and type of logging that the nfslogd daemon must use.

A tag corresponds to each definition.

To configure NFS server logging, identify or create the tagentries for each of the server’s shared resources.

The global tag defines default values.

Sun Services



Tagged entries in /etc/nfs/nfslog.conf use the followingformat:

<tag> [ defaultdir=<dir_path> ] \[ log=<logfile_path> ] [ fhtable=<table_path> ] \[ buffer=<bufferfile_path> ] [ logformat=basic|extended ]

For example:

global defaultdir=/var/nfs \log=nfslog fhtable=fhtable buffer=nfslog_workbuffer

Sun Services



Use the following parameters with each tag, as required:

• defaultdir=dir_path

• log=logfile_path

• fhtable=table_path

• buffer=bufferfile_path

• logformat=basic|extended

Create any directories you specify in/etc/nfs/nfslog.conf before starting NFS server logging.

Sun Services


Initiating NFS Logging

To initiate NFS server logging, complete the following steps:

1. Become superuser.2. Optional: Change the configuration settings in the

/etc/nfs/nfslog.conf file.3. Share the file system for which you want to enable

logging, adding the -o log option, or the log=tagoption. Example:share -F nfs -o log /export/sys44_data

4. Check that the NFS service is running on the server.5. Run the share command to verify that the correct

options are listed for the directory you shared.

Sun Services


Managing NFS With the SolarisManagement Console Storage Folder Tools

You can manage the NFS system by using components of thestorage folder tools from the default tool box of the SolarisManagement Console.

The Mounts and Shares tool lets you view, create, and manageseveral types of mounts and shares.

Sun Services


Module 7

Configuring AutoFS

Sun Services


Objectives

• Describe the fundamentals of the AutoFS file system• Use automount maps

Sun Services


AutoFS Fundamentals

AutoFS is a file system mechanism that provides automaticmounting using the NFS protocol.

AutoFS is a client-side service.

The AutoFS service mounts and unmounts file systems asrequired without any user intervention.

The automount facility contains three components:

• The AutoFS file system• The automountd daemon• The automount command

Sun Services


AutoFS Fundamentals

RAM

Automount Maps

Master mapDirect map

Indirect mapSpecial map

AutoFS

Sun Services


AutoFS Fundamentals

• AutoFS file systemAn AutoFS file system’s mount points are defined inthe automount maps on the client system.After the AutoFS mount points are set up, activityunder the mount points can trigger file systems to bemounted under the mount points.If a mount request is made for an AutoFS resourcenot currently mounted, the AutoFS service calls theautomountd daemon, which mounts the requestedresource.

Sun Services


AutoFS Fundamentals

• The automountd daemonThe /lib/svc/method/svc-autofs script starts theautomountd daemon.The automountd daemon mounts file systems ondemand and unmounts idle mount points.

• The automount commandThe automount command, called at system startuptime, reads the master map to create the initial set ofAutoFS mounts.These AutoFS mounts are not automaticallymounted at startup time, they are the points underwhich file systems are mounted on demand.

Sun Services


Using Automount Maps

The following lists the AutoFS map types:

• Master map• Direct map• Indirect map• Special

Sun Services


Using Automount Maps (cont.)NFS Client

"venues"

/

auto_master

/net -hosts [options]/home auto_home [options]/- auto_direct [options]

auto_direct

/opt/moreapps pluto: /export/opt/apps

auto_home Ernie mars:/export/home/ernieMary mars:/export/home/mary

etc

Sun Services


Configuring the Master Map

The auto_master map associates a directory, also called amount point, with a map.

The auto_mastermap is a master list specifying all the mapsthat the AutoFS service should check.

The following example shows an /etc/auto_master file.

# cat /etc/auto_master# Master map for automounter#+auto_master/net -hosts -nosuid,nobrowse/home auto_home -nobrowse

Sun Services


Identifying Mount Points for Special Maps

There are two mount point entries listed in the default/etc/auto_master file.

/net -hosts -nosuid,nobrowse/home auto_home -nobrowse

• The -hosts map provides access to all resourcesshared by NFS servers.

• The auto_homemap provides the mechanism to allowusers to access their centrally located $HOMEdirectories.

Sun Services


Using the /netDirectory

Shared resources associated with the hosts map entry aremounted below the /net/hostname directory.

For example, a shared resource named/documentationon host sys42 is mounted by the command:

# cd /net/sys42/documentation

Sun Services


Adding Direct Map Entries

A /- entry in the master map defines a mount point for adirect map.

/- auto_direct -ro

Creating a Direct Map

Direct maps specify the absolute path name of the mountpoint, the specific options for this mount, and the sharedresource to mount. For example:

# cat /etc/auto_direct# Superuser-created direct map for automounter#/apps/frame -ro,soft server1:/export/framemaker,v6.0/opt/local -ro,soft server2:/export/unbundled/usr/share/man -ro,soft server3,server4,server5:/usr/share/man

Sun Services


Adding Indirect Map Entries

Indirect maps obtain the initial path of the mount point fromthe master map. For example, the /home entry in the mastermap defines the base for mount points listed in the indirectmap called auto_home.

/home auto_home -nobrowse

• Creating an indirect mapEntries in an indirect map list the remainder of thepreferred mount point, and the resource to mount.For example:stevenu host5:/export/home/stevenujohnnyd host6:/export/home/johnnyd

Sun Services


Adding Indirect Map Entries (cont.)

• Reducing the auto_home map to a single lineIn this example, the use of substitution characterswithin auto_home specifies that for every login ID,the client remotely mounts the/export/home/loginID directory from the NFSserver.* server1:/export/home/&

• The wildcard character (*) matches any key.• The substitution character (&) at the end of the path

is replaced with the matched key field.

Sun Services


Adding Indirect Map Entries (cont.)NFS Server

"mars"

export

home

ernie

NFS Client"venus"

Mount on Demandby automountd

/

home

auto_homeauto_home

autofsautofs

auto_home

autofs

etc

mary

/

mary

Sun Services


Updating the Automount Maps

When making changes to the master map or creating a directmap, run the automount command to make the changeseffective.

You do not have to stop and restart the automountd daemon.

You can modify existing entries in a direct map at any time.The new information is used when the automountd daemonnext accesses the map entry to perform a mount.

Any modifications to indirect maps are automatically used bythe automountd daemon.

Sun Services


Stopping and Starting the AutomountSystem

• Stopping the automount systemTo disable the service manually, enter the followingcommand:# svcadm disable svc:/system/filesystem/autofs

• Starting the automount systemTo enable the service manually, enter the followingcommand:# svcadm enable svc:/system/filesystem/autofs

Sun Services


Module 8

Describing RAID and the Solaris™Volume Manager Software

Sun Services


Objectives

• Describe RAID• Describe Solaris Volume Manager software concepts

Sun Services


Introducing RAID

RAID is a classification of methods to back up and to storedata on multiple disk drives.

The Solaris Volume Manager software uses metadevices,which are product-specific definitions of logical storagevolumes, to implement RAID 0, RAID 1, RAID 1+0, andRAID 5:

• RAID 0: Non-redundant disk array (concatenation andstriping)

• RAID 1: Mirrored disk array• RAID 5: Block-interleaved striping with distributed

parity

Sun Services


RAID 0

• Concatenated volumes (or concatenations)

PhysicalSlice A

PhysicalSlice B

RAID 0(Concatenation)Logical Volume

PhysicalSlice C

Solaris VolumeManager

Sun Services


RAID 0 (cont.)

• Striped volumes (or stripes)

Interlace 4

Interlace 1

Interlace 5

Interlace 2

Interlace 6

Interlace 3

PhysicalSlice A

PhysicalSlice B

PhysicalSlice C


RAID 0(Stripe)

Logical Volume

Interlace 4 Interlace 5

Interlace 2

Interlace 6

Interlace 1 Interlace 3

Sun Services


RAID 1

Interlace 2

Interlace 3

Interlace 4

Interlace 1

Interlace 2

Interlace 3

Interlace 4

Interlace 1

Submirror 1

RAID 1 (Mirror)

Logical Volume

Submirror 2Submirror 1

Submirror 2Solaris Volume

Manager

Int 1

Int 2

Int 3

Int 4

Int 1

Int 2

Int 3

Int 4

Sun Services


RAID 0+1PhysicalSlice A

PhysicalSlice B

PhysicalSlice C

PhysicalSlice D

PhysicalSlice E

PhysicalSlice F

RAID 0(Striped)Volume

Submirror 1

RAID 0(Striped)VolumeSubmirror 2

RAID 1(Mirrored)Volume

Sun Services


RAID 1+0

PhysicalSlice A

PhysicalSlice D

PhysicalSlice B

PhysicalSlice E

PhysicalSlice C

PhysicalSlice F

RAID 1(Mirror)LogicalVolume



RAID 0(Striped)

Logical Volume

Sun Services


Mirror Options

Mirror performance can be modified by using the followingoptions:

• Mirror read policy• Mirror write policy

You can define mirror options when you initially create themirror or after you set up the mirror. You can distribute theload across the submirrors to improve read performance.

Sun Services


Mirror Read Policies

Read Policy DescriptionRound Robin (default) Balances the load across the submirrorsGeometric Enables the system to divide reads among

submirrors on the basis of a logical disk blockaddress

First Directs all reads to the first submirror

Sun Services


Mirror Write Policies

Write Policy DescriptionParallel (Default) Replicates a write to a mirror, and dispatches

the write to all of the submirrorssimultaneously

Serial Specifies that writes to one submirror mustcomplete before initiating writes to the nextsubmirror

Sun Services


RAID 5P(4-6)

Interlace 7

Interlace 10

Interlace 1

PhysicalSlice A

Interlace 4

P(7-9)

Interlace 11

Interlace 2

PhysicalSlice B

Interlace 5

Interlace 8

P(10-12)

Interlace 3

PhysicalSlice C

P(1-3)

Interlace 9

Interlace 12

Interlace 6PhysicalSlice D

RAID 5Logical Volume

Interlace 12

Interlace 8

Interlace 7

Interlace 6

Interlace 2

Interlace 3

Interlace 4

Interlace 5

Interlace 9

Interlace 10

Interlace 11

Interlace 1


Sun Services


RAID 5 (cont.)

Requirements for RAID-5 Volumes

The general configuration guidelines for configuring RAID-5volumes are:

• Create a RAID-5 volume with a minimum of threeslices. The more slices a RAID-5 volume contains, thelonger read and write operations take when a slice fails.

• Do not stripe, concatenate, or mirror RAID-5 volumes.• Do not create a RAID-5 volume from a slice that

contains an existing file system, because you will erasethe data during the RAID-5 initialization process.

Sun Services


RAID 5 (cont.)

• When you create a RAID-5 volume, you can define theinterlace value. If you do not specify a value, a defaultvalue of 16 Kbytes is assigned.

• A RAID-5 volume (with no hot spares) can only handlea single slice failure.

• To optimize performance, use slices across separatecontrollers when creating RAID-5 volumes.

• Use disk slices of the same size. Creating a RAID-5volume of different-sized slices results in unused diskspace on the larger slices.

Sun Services


RAID 5 (cont.)

Suggestions for RAID 5 Volumes

The following general suggestions can help avoid commonperformance problems when using RAID-5 volumes:

• Because of the complexity of parity calculations,volumes with greater than about 20 percent writesshould probably not be RAID-5 volumes. If dataredundancy on a write-heavy volume is needed,consider mirroring.

• If the slices in the RAID-5 volume reside on differentcontrollers and the accesses to the volume are primarilylarge sequential accesses, then setting the interlacevalue to 32 Kbytes might improve performance.

Sun Services


Hardware Considerations

For any given application there are trade-offs in performance,availability, and hardware costs. A few categories ofinformation that you must address during the storageplanning phase are:

• General storage guidelines• Determining storage characteristics• Storage performance guidelines

Sun Services


Choosing Storage Mechanisms

Feature RAID-0Concatenation

RAID-0Stripe

RAID-1Mirror

RAID-5 StripeWith Parity

Redundantdata

No No Yes Yes

Improved readperformance

No Yes Depends ontheunderlyingdevice

Yes

Improvedwriteperformance

No Yes No No

Sun Services


Optimizing Redundant Storage

Factors RAID 1(Mirror)

RAID 5 Non-Redundant

Write operations Faster Slower NeutralRandom read Slower Faster NeutralHardware cost Highest Higher LowestPerformanceduring failure

Best Poor Data loss

Sun Services


Introducing Solaris Volume ManagerSoftware Concepts

The Solaris Volume Manager software lets you manage largenumbers of disks and the data on those disks. Most tasksinclude:

• Increasing storage capacity• Increasing data availability• Making the administration of large storage devices

easier

Sun Services


Logical Volume

SVM software uses virtual disks called logical volumes tomanage physical disks and their associated data.

You can create the Solaris Volume Manager software volumesfrom slices (disk partitions) or from other Solaris VolumeManager software volumes.

The Enhanced Storage tool within the Solaris ManagementConsole allows you to list, create, and modify any type ofSVM software volumes or components.

Sun Services


Soft Partitions

Soft partitions provide a mechanism for dividing largestorage spaces into smaller, more manageable sizes.

Use soft partitioning to divide a slice or volume into as manydivisions as needed. A soft partition, once named, can bedirectly accessed by applications, including file systems, aslong as it is not included in another volume.

Sun Services


Introducing the State Database

Before creating volumes using the Solaris Volume Managersoftware, state database replicas must exist on the SolarisVolume Manager software system.

The Solaris Volume Manager software automatically updatesthe state database when a configuration or state changeoccurs.

The state database is a collection of multiple, replicateddatabase copies. Having copies of the state database protectsagainst data loss from single points-of-failure.

Sun Services


Module 9

Configuring Solaris Volume ManagerSoftware

Sun Services


Objectives

• Describe Solaris Volume Manager software concepts• Build a RAID-0 (concatenated) volume• Build a RAID-1 (mirror) volume for the root (/) file

system

Sun Services


Solaris Volume Manager Concepts

The Solaris Volume Manager software in the Solaris 9 OS andSolaris 10 OS replaces the Solstice DiskSuite™ software usedin releases of the Solaris OS prior to Solaris 9 OS.

The Solaris Volume Manager software is used to implementRAID 0, RAID 1, RAID 1+0, and RAID 5.

Sun Services


State Database Replicas

The state database stores information on disk about the stateof your Solaris Volume Manager software configuration.

Multiple copies of the database, called replicas, provideredundancy. The state database replicas should be distributedacross multiple disks.

Solaris Volume Manager software uses a majority consensusalgorithm to determine which state database replicas containvalid data.

The algorithm requires that a majority (half +1) of the statedatabase replicas are available before any of them areconsidered valid.

Sun Services


State Database Replicas

The majority consensus algorithm:

• Makes sure that the system stays running if at least halfof the state database replicas are available.

• Causes the system to panic if fewer than half of the statedatabase replicas are available.

• Prevents the system from starting the Solaris VolumeManager software unless a majority of the total numberof state database replicas are available.

Sun Services


Creating the State Database

You can create state database replicas by using the following:

• The metadb -a command• The Solaris Volume Manager software GUI

The following example shows using metadb to create statedatabase replicas:

# metadb -a -f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1# metadb

flags first blk block counta u 16 8192 /dev/dsk/c0t0d0s4a u 16 8192 /dev/dsk/c0t0d0s5a u 16 8192 /dev/dsk/c1t0d0s0a u 16 8192 /dev/dsk/c1t0d0s1

Sun Services


Creating the State Database Using theSolaris Management Console

Sun Services


Creating the State Database Using theSolaris Management Console (cont.)

Sun Services


Creating the State Database Using theSolaris Management Console (cont.)

Sun Services


Configuring RAID-0

RAID-0 volumes let you expand disk storage capacityefficiently. These volumes do not provide data redundancy,but can be used to expand disk storage capacity.

RAID-0 comes in two forms, stripes and concatenations.

• Striping enables parallel data access because multiplecontrollers can access the data at the same time. Astripe distributes data equally across all slices in thestripe.

• A concatenated volume writes data to the first availableslice. When the first slice is full, the volume writes datato the next available slice.

Sun Services


Creating a RAID-0 Volume Using theCommand Line

• State database replicas must exist before you canconfigure any metadevices.

• For example, to create two replicas on each of twoslices, use the command:# metadb -a -f -c 2 c3t2d0s7 c3t3d0s7

• In this example, assume that the /export/home(/dev/dsk/c0t0d0s7) file system is almost at capacity.A new slice from another disk will be concatenated toit, making a RAID-0 concatenated volume.

Sun Services



• Use the metainit command to create metadevices andassociate slices with them. For example:# metainit -f d0 2 1 c0t0d0s7 1 c3t2d0s0d0: Concat/Stripe is setup

• The -f option is required if one of these slices iscurrently mounted.

• The metadevice name used for this concatenation isd0.

• In a concatenation, the number of stripes is equal tothe number of slices being added, in this case 2.

• The number of slices in each stripe is one, so thenumber 1 appears before each slice.

Sun Services



• The new metadevice (d0) has been created, but is notbeing used yet. It needs to be remounted using the newmetadevice device files.

• Locate the entry in the /etc/vfstab file that mountsthe file system at boot time:/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/home ufs 2 yes -

Change the device names to match the metadevicenames:/dev/md/dsk/d0 /dev/md/rdsk/d0 /export/home ufs 2 yes -

Sun Services



• Un-mount and re-mount the file system using the newdevice files:# umount /export/home# mount /export/home# df -h /export/homeFilesystem size used avail capacity Mounted on/dev/md/dsk/d0 470M 395M 28M 94% /export/home

• The existing file system needs to be grown into the newspace.

• This is done with the growfs command. Use the option-M to specify a mount point:# growfs -M /export/home /dev/md/rdsk/d0...

Sun Services


Creating a RAID-0 Volume Using SolarisManagement Console

Sun Services


Creating a RAID-0 Volume Using SolarisManagement Console (cont.)

Sun Services



Sun Services



Sun Services



Sun Services


Configuring RAID-1

RAID-1 volumes are also known as mirrors and provide dataredundancy. A RAID-1 volume maintains identical copies ofthe data in the RAID-0 volumes from which it is made.

• Using multiple submirrors• A mirror is made of two or more RAID-0 volumes.• The mirrored RAID-0 volumes are called

submirrors.• A mirror consisting of two submirrors is known as a

two-way mirror.• You can attach or detach a submirror from a mirror

at any time.

Sun Services


Configuring RAID-1 (cont.)

• Mirror optionsMirror performance can be modified by using thefollowing options:• Mirror read policy

• Round robin• Geometric• First

• Mirror write policy• Parallel• Serial

Sun Services


Building a Mirror of the Root (/) File System

The procedure for building a mirror of the root (/) file systemcan be accomplished using the command line exclusively, butit is not possible to use the Solaris Management Console(SMC) exclusively.

This section describes how to create a RAID-1 volume for theroot (/) file system, which cannot be unmounted.

Sun Services


Building a Mirror of the Root (/) File System(cont.)

Creating a mirror of the root (/) file system requires thefollowing general steps:

1. Create a RAID-0 volume for the file system you wantto mirror.

2. Create a second RAID-0 volume to contain thesecond submirror of the RAID-1 volume.

3. Create a one-way mirror using the RAID-0 volumethat contains the file system to be mirrored.

4. Use the metaroot command to update the system’sconfiguration, because this is a root (/) mirror.

5. Reboot your system, because this is a root (/) mirror.

Sun Services



6. Attach the second submirror to the file systemmirror.

7. Record the alternate boot path that is used in theevent of a failure of the primary submirror, becausethis is a mirror of the root (/) file system.

Sun Services



• Creating the RAID-0 volumesThe first step when building a mirror of the root (/) filesystem is to create RAID-0 volumes, which you latercombine to form the mirror.Each RAID-0 volume becomes a submirror to themirror.• Use the metainit command to create a RAID-0

volume to be used as the primary submirror of the root(/) file system:# /usr/sbin/metainit -f d11 1 1 c0t0d0s0d11: Concat/Stripe is setup

This command forces the creation of the d11 volume.

Sun Services



• To create a RAID-0 volume to be used as thesecondary submirror of the root file system, use themetainit command again:# metainit d12 1 1 c3t3d0s1d12: Concat/Stripe is setup

• Creating the RAID-1 volumeThe following metainit example creates a mirroredvolume named d10.This command attaches the volume d11 as asubmirror of the mirror named d10.# /usr/sbin/metainit d10 -m d11d10: Mirror is setup

Sun Services



• Executing the metaroot commandWhen creating mirrors of mounted file systems, youmust update the /etc/vfstab file to change the mountpoint from a slice to a volume.The /etc/system file must change to include entriesrelated to SVM drivers.When mirroring the root (/) file system, use themetaroot command to modify the /etc/vfstab and /etc/system files, as follows:# metaroot d10# grep md /etc/vfstab/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -# tail /etc/systemrootdev:/pseudo/md@0:0,10,blk

Sun Services



• Rebooting the systemYou must reboot the system before attaching thesecondary submirror.# init 6

• Attaching the secondary submirrorAttach the secondary submirror by using themetattach command:# metattach d10 d12d10: submirror d12 is attached

Sun Services



The metastat command shows the mirror synchronizationtaking place.

# metastat d10d10: MirrorSubmirror 0: d11State: OkaySubmirror 1: d12State: ResyncingResync in progress: 83 % donePass: 1Read option: roundrobin (default)Write option: parallel (default)Size: 307440 blocks (150 MB)

Sun Services



• Updating the boot-device PROM variableUse the OpenBoot nvalias command to define abackup_root device alias for the secondary rootmirror. For example:ok nvalias backup_root /pci@1f,0/pci@1/pci@1/SUNW,isptwo@4/sd@3,0:b

Redefine the boot-device variable to reference boththe primary and secondary submirrors, in the orderin which you want to access them.ok setenv boot-device disk backup_root netboot-device= disk backup_root net

Sun Services


Configuring an x86-Based System forMirrored Failover

• The BIOS• The BIOS is responsible for finding the right device

to boot from, then loading and executing the masterboot record from that device.

• BIOS is configurable to some degree.• BIOS may be limited in its ability to probe for

devices.• fdisk Partitioning

• To use the SVM to mirror the root file system, the filesystem must use the single Solaris fdisk partition,and no separate boot partition.

Sun Services


Configuring an x86-Based System forMirrored Failover (cont.)

• The GNU GRand Unified Bootloader (GRUB)• GRUB is responsible for loading a boot archive into

the system's memory.• Understanding the GRUB device naming

conventions can assist you in correctly specifyingdrive and partition information when you configureGRUB on your system.

• The functional GRUB components include thestage1 and stage2 programs, and the menu.lstfile.

Sun Services



• x86/x64 Boot Program Locations

Sector 0 =mboot + fdisk

Partition tableSector 0 = stage1

Sector 1 + 2 =disk label + VTOC

Disk Cylinders

Sector 50 = stage2- extends for200 + sectors

Solaris fdisk partitioncylinder 0 (disk cyl 1) = slice 8

0

0

1

Sun Services



• Creating a RAID-1 Volume From the root File System• Configure the ordering for the BIOS boot devices, if

possible.• Configure the Solaris fdisk partition and root slice

on the mirror disk.• Install the mboot program.# fdisk -b /usr/lib/fs/ufs/mboot -n /dev/rdsk/c2d0p0

• Install the GRUB stage1 and stage2 programs.# /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 \/dev/rdsk/c2d0p0

Sun Services



• Identify the slice that contains the existing root (/)file system to be mirrored.

• Create a new RAID-0 volume on the existingroot (/) file system to be mirrored.

• Create a second RAID-0 volume on an unused sliceto act as the second submirror.

• Create a one-way mirror.• Remount your newly mirrored file system, then

reboot the system.# metaroot volume-name# reboot

Sun Services



• Attach the second submirror.# metattach volume-name submirror-name

• Define the alternative boot path in the/boot/grub/menu.lst file.

# vi /boot/grub/menu.lst....title alternate boot root (hd1,0,a) kernel /boot/multiboot module /boot/x86.miniroot-safe

Sun Services


Unmirroring the Root (/) File System

• Run the metastat command on the mirror to verifythat submirror 0 is in the Okay state.# metastat d10d10: MirrorSubmirror 0: d11State: OkaySubmirror 1: d12State: Okay...

• Run the metadetach command on the mirror to makea one-way mirror.# metadetach d10 d12d10: submirror d12 is detached

Sun Services


Unmirroring the Root (/) File System (cont.)

• Because this is a root (/) file system mirror, run themetaroot command to update the /etc/vfstab and/etc/system files.# metaroot /dev/dsk/c0t0d0s0

• Reboot the system.# init 6

• Run the metaclear command to clear the mirror andsubmirrors.# metaclear -r d10d10: Mirror is clearedd11: Concat/Stripe is cleared# metaclear d12d12: Concat/Stripe is cleared

Sun Services


Unmirroring the Root (/) File System (cont.)

If you changed your boot-device variable to an alternateboot path, return it to its original setting.

Sun Services


Module 10

Configuring Role-Based Access Control(RBAC)

Sun Services


Objectives

• Describe RBAC fundamentals• Describe component interaction within RBAC• Manage RBAC by using the Solaris Management

Console• Manage RBAC by using the command line

Sun Services


RBAC Fundamentals

In conventional UNIX® systems, the root user (also referredto as the superuser) has the ability to perform any task.

In systems implementing RBAC, individual users can beassigned to roles, where roles are associated with rightsprofiles.

Rights profiles list the rights to run specific commands andapplications with escalated privileges.

Roles can also be assigned authorizations. An authorizationgrants access to restricted functions in RBAC compliantapplications.

Sun Services


Key RBAC Files

RBAC authorizations, roles, rights profiles, and privilegedcommands are defined in four files:

• The /etc/user_attr file• The /etc/security/prof_attr file• The /etc/security/policy.conf file• The /etc/security/exec_attr file

Sun Services


The user_attrFile

The /etc/user_attr file lists the rights profiles andauthorizations associated with users and roles.

When you create a new user account with no rights profiles,authorizations, or roles, nothing is added to the file.

Changes to this file will be illustrated as related RBACfeatures are described in this module.

Sun Services


Roles

• A role is a special identity, similar to a user account,used to run privileged applications or commands.

• You assign users to roles so those users can run thecommands associated with those roles.

• No predefined roles are shipped with the Solaris 10 OS.• You assign rights profiles to a role when you define a

role.• The roles command lists the roles a user has been

assigned:# roles rootNo roles

Sun Services


Assigning Rights Profiles to Users

• A rights profile is a collection of rights that can beassigned to a user.

• A right is a command or script which runs with specialsecurity attributes.

• Many examples of rights profiles are shipped with theSolaris 10 OS.

Sun Services



• The /etc/security/prof_attr file contains rightsprofile names and descriptions.# cat /etc/security/prof_attr(output omitted)All:::Execute any command as the user or role:help=RtAll.htmlLog Management:::Manage log files:help=RtLogMngmnt.html...

• Each line starts with the rights profile name.• The middle fields are not used, and the last two fields

hold a comment and a pointer to a help file.

Sun Services



• The profiles command lists rights profiles assignedto a user.# profiles chrisBasic Solaris UserAll

• Every account has the All rights profile. It allows anycommand to be executed, but with special securityattributes.

• Other rights profiles given to all new user accounts aredefined in the /etc/security/policy.conf file.# grep 'PROFS' /etc/security/policy.confPROFS_GRANTED=Basic Solaris User

Sun Services



• Rights profiles can be assigned to a user account withthe usermod command or the Solaris ManagementConsole (SMC).# usermod -P "Printer Management" chris# profiles chrisPrinter ManagementBasic Solaris UserAll

• This automatically updates the/etc/user_attr file asshown by the following:# grep chris /etc/user_attrchris::::type=normal;profiles=Printer Management

Sun Services


The /etc/security/exec_attrFile

The /etc/security/exec_attr file holds executionattributes.

• An execution attribute is either a command with nooption, or a script that contains a command, possiblywith options.

• In this file, the special security attributes UID, EUID,GID, and EGID, specify attributes to add to a processwhen it runs.

• Only the users and roles assigned access to a particularrights profile can run its associated commands withtheir special security attributes.

Sun Services


The /etc/security/exec_attrFile

Commands and special security attributes for the PrinterManagement rights profile are listed as follows:

# grep 'Printer Management' /etc/security/exec_attrPrinter Management:suser:cmd:::/etc/init.d/lp:euid=0;uid=0Printer Management:suser:cmd:::/usr/bin/cancel:euid=lp;uid=lpPrinter Management:suser:cmd:::/usr/bin/lpset:egid=14Printer Management:suser:cmd:::/usr/bin/lpstat:euid=0Printer Management:suser:cmd:::/usr/lib/lp/local/accept:uid=lpPrinter Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=8Printer Management:suser:cmd:::/usr/lib/lp/lpsched:uid=0Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp;uid=lp...

Sun Services


Assigning Rights Profiles to Roles

If a large number of user accounts require the sameconfiguration and management of rights profiles, it can beeasier to assign the rights profiles to a role and give the usersaccess to the role.

• Creating a roleThe roleadd command creates a role entry in the/etc/passwd, /etc/shadow, and /etc/user_attrfiles.# roleadd -m -d /export/home/level1 -c "Level One Support" \-P "Printer Management,Media Backup,Media Restore" level164 blocks

The role cannot be used until a password for it is set.

Sun Services



The changes to the /etc/passwd, /etc/shadow, and/etc/user_attr files are shown as follows:

# grep level1 /etc/passwdlevel1:x:102:1:Level One Support:/export/home/level1:/bin/pfsh# grep level1 /etc/shadowlevel1:CUs8aQ64vTrZ.:12713::::::# grep level1 /etc/user_attrlevel1::::type=role;profiles=Printer Management,MediaBackup,MediaRestore

Sun Services



• Modifying a roleTo modify the login information of a role on asystem, use the rolemod command.This example modifies the role’s rights profiles.# rolemod -P profile1,profile2 -s /usr/bin/pfksh level1

Sun Services



• Purpose of the profile shellsA profile shell is a special type of shell that enablesaccess to the privileged rights that are assigned tothe rights profile.The standard UNIX shells cannot be used, as theyare not aware of the RBAC files, and do not consultthem.The profile shells are pfsh, pfcsh, and pfksh.

Sun Services


Assigning Roles to Users

The useradd command or the Solaris Management Console(SMC) can be used to assign users to roles.

The example shows the useradd command being used withthe -R option to assign roles:

# useradd -m -d /export/home/paul -R level1 paul64 blocks#

This example associates the level1 role with the user chris:

# usermod -R level1 chris#

Sun Services


Using Roles

As it is not possible to directly log in to a role account, log inas a regular user first.

The roles command shows the roles available to youraccount.

$ iduid=103(paul) gid=1(other)$ roleslevel1

Switch the user to the role account with the su command.

$ su level1Password:$ iduid=102(level1) gid=1(other)

Sun Services


Authorizations

An authorization grants access to restricted functions inRBAC-compliant applications.

Some applications and commands in the Solaris 10 OS arewritten to check the authorizations of the user calling them.

The predefined authorizations are listed in the/etc/security/auth_attr file.

# cat /etc/security/auth_attr(output omitted)solaris.jobs.:::Job Scheduler::help=JobHeader.htmlsolaris.jobs.admin:::Manage All Jobs::help=AuthJobsAdmin.htmlsolaris.jobs.grant:::Delegate Cron & AtAdministration::help=JobsGrant.html...

Sun Services


Default Authorizations

All users have the Basic Solaris User profile by default.

# profiles chrisPrinter ManagementBasic Solaris UserAll

The Basic Solaris User profile grants users access to alllisted authorizations.

The All profile grants unrestricted access to all Solaris OScommands that have not been restricted by a definition in apreviously listed authorization.

Sun Services


Assigning Authorizations

Authorizations can be assigned to user accounts.

Authorizations can also be assigned to roles or embedded ina rights profile, which can be assigned to a user or role.

Authorizations may be assigned from the command line orwith SMC.

This example shows the useradd command used with the -Aoption to add an authorization to a user:

# usermod -A solaris.jobs.admin chris

Sun Services


Assigning Authorizations

The usermod command automatically updates the/etc/user_attr file with this new information.

# grep chris /etc/user_attrchris::::type=normal;auths=solaris.jobs.admin;profiles=PrinterManagement

Sun Services


Assigning Authorizations to Roles

If a large number of user accounts require the sameconfiguration and management of authorizations, it can beeasier to assign the authorizations to a role and give the usersaccess to the role.

You can assign authorizations to roles with the roleaddcommand or with SMC.

Sun Services


Assigning Authorizations to Roles

This example uses the roleadd -P and -A options to create arole called level2 that is assigned the authorizationsolaris.admin.usermgr.*.

# roleadd -m -d /export/home/level2 -P "Mail Management" \-A "solaris.admin.usermgr.*" level264 blocks#

Sun Services


Assigning Authorizations to Rights Profiles

A rights profile usually includes a list of commands andspecial security attributes, the rights, as defined in the /etc/security/exec_attr file.

It is also possible to include predefined authorizations fromthe /etc/security/auth_attr file in the rights profile byadding the authorizations to the /etc/security/prof_attrfile.

Sun Services


RBAC Configuration File Summary

The figure on this slide shows how the four files used byRBAC are interrelated.

Users

Roles

Profiles Privileges

Authorization

Sun Services


RBAC Configuration File SummaryFrom the database:

From the database:

From the database:

From the database:

Sun Services


Managing RBAC Using the SolarisManagement Console

The Solaris Management Console in the Solaris 10 OS enablesyou to configure RBAC features using a GUI console.

Sun Services



To set up privileged access using SMC, complete thefollowing steps:

1. Build the user accounts that will be assigned theRBAC rights profiles and roles.

2. Build the rights profiles needed to support theprivileged access requirements.

3. Build the role that will provide access to the rightsprofiles for designated users.

Sun Services



To access RBAC features in SMC, complete the followingsteps:

1. Select Management Tools.2. Click This Computer.3. Click System Configuration.4. Double-click the Users icon.

Sun Services


Module 11

Configuring System Messaging

Sun Services


Objectives

• Describe the fundamentals of the syslog function• Configure the /etc/syslog.conf file• Configure syslog messaging• Use the Solaris Management Console log viewer

Sun Services


The syslogConcept

The syslog function sends messages generated by thekernel and system utilities and applications to the syslogddaemon. With the syslog function you can control messagelogging, depending on the configuration of the /etc/syslog.conf file. The daemon can:

• Write messages to a system log• Forward messages to a centralized log host• Forward messages to a list of users• Write messages to the system console

Sun Services


The /etc/syslog.confFile

A configuration entry in the /etc/syslog.conf file consistsof two tab-separated fields: selector and action.

The selector field has two components, a facility and alevel written as facility.level.

The action field determines where to send the message.

Sun Services


The syslogdDaemon and the m4MacroProcessor

The syslogd daemon, the m4macro processor, and the /etc/syslog.conf file interact in conceptual phases to determinethe correct message routing.

These conceptual phases are described as:

1. The syslogd daemon runs the m4 macro processor.2. The m4 processor reads the /etc/syslog.conf file,

processes any m4 statements in the input, and passesthe output to the syslogd daemon.

Sun Services



3. The syslogd daemon uses the configurationinformation output by the m4 processor to routemessages to the appropriate places.

Sun Services



• The m4 Macro Processor

SelectorField

ActionField

Sun Services


Configuring the /etc/syslog.confFile

The target locations for the syslog message files are definedwithin the /etc/syslog.conf file. You must restart thesyslogddaemon whenever you make any changes to this file.

The following excerpt from the /etc/syslog.conf fileshows how various events are logged by the system.

*.err;kern.notice;auth.notice /dev/sysmsg*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages*.alert;kern.err;daemon.err operator*.alert root*.emerg *

Sun Services



In Line 1, every error event (*.err) and all kernel andauthorization facility events of level notice, which are noterror conditions but might require special handling, will write amessage to the /dev/sysmsg file.

In Line 2, every error event (*.err), all kernelfacility eventsof level debug, all daemon facility events of level notice,and all critical level mail events will record a message in the /var/adm/messages file. Therefore, errors are logged to bothfiles.

Line 3 indicates that all alert level events, including thekernel error level and daemon error level events, are sent tothe user operator if this user is logged in.

Sun Services



Line 4 indicates that all alertlevel events are sent to the rootuser if the root user is logged in.

Line 5 indicates that any event that the system interprets as anemergency will be logged to the terminal of every logged-in user.

Sun Services


Stopping and Starting the syslogdDaemon

The /lib/svc/method/system-log file starts the syslogdprocess during each system boot.

You can manually stop or start the syslogd daemon, or sendit a refresh command, which causes the daemon to rereadthe /etc/syslog.conf file.

# svcadm disable svc:/system/system-log:defaultTo start the syslogd daemon, perform the command:# svcadm enable svc:/system/system-log:defaultTo send a refresh to the syslogd daemon, perform the command:# svcadm refresh svc:/system/system-log:default

Sun Services


Configuring syslogMessaging

The inetd daemon is the network listener process for manynetwork services. The inetd daemon listens for servicerequests on the TCP and User Datagram Protocol (UDP) portsassociated with each of the services listed in the inetdconfiguration file.

The inetd daemon is controlled through the use of theinetadm command.

Sun Services


Monitoring a syslogFile in Real Time

The tail -f command holds the file open so that you canview messages being written to the file by the syslogddaemon, for example:

# tail -f /var/adm/messages

Jun 14 13:15:39 host1 inetd[2359]:[ID 317013 daemon.notice] telnet[2361]

from 192.9.200.1 45800

1

7

2 5 63 4

8

Sun Services


Using the Solaris Management ConsoleLog Viewer

You can use the Solaris Management Console Log Viewerapplication to view syslog message files. You can also usethis application to view and capture information from theManagement Tool logs. To open the viewer, perform thefollowing steps:

1. Use the smc command to open the SolarisManagement Console:# smc &

The Solaris Management Console applicationlaunches.

Sun Services


Using the Solaris Management ConsoleLog Viewer

2. Select This Computer (hostname).3. Select System Status.4. Select Log Viewer.

The initial Log Viewer display lists Management Tools logentries from the /var/sadm/wbem/log directory.

Sun Services


Module 12

Using Name Services

Sun Services


Objectives

• Describe the name service concept• Describe the name service switch file

/etc/nsswitch.conf

• Describe the name service cache daemon (nscd)• Get name service information

Sun Services


Name Service Concept

Name services centralize the shared information in a network.

A single system, the name server, maintains the informationpreviously maintained on each individual host.

The name servers provide information, such as host names,Internet Protocol (IP) addresses, user names, passwords, andautomount maps.

Other hosts in the name service domain (called clients),request the information from the name server.

This name server system responds to clients, and translates,or resolves their requests from its memory-based (cached) ordisk-based databases.

Sun Services



Client DatabaseNameServer

LocalFile

1 2

3

54

Sun Services



The name service concept provides the following benefits:

• A single point of administration for name service data• Consistent name service information for systems

within the domain• All clients have access to changed data• Assurance that clients do not miss updates• Secondary servers prevent a single point-of-failure

Sun Services


Domain Name System (DNS)

• Domain Name System (DNS) is an Internet-widenaming system for resolving host names to IPaddresses and IP addresses to host names.

• DNS supports name resolution for both local andremote hosts, and uses the concept of domains to allowhosts with the same name to coexist on the Internet, solong as they are in different domains.

• For example:www.sun.com and www.microsoft.com

Sun Services



• The collection of networked systems that use DNS isreferred to as the DNS namespace.

• The DNS namespace is divided into a hierarchy ofdomains.

• Each domain is usually supported by two or morename servers, a master name server, and one or moreslave name servers.

• Each server implements DNS by running thein.nameddaemon.

Sun Services



• On the client’s side, DNS is implemented through theresolver. The resolver library resolves users’ queries.

• The DNS name servers store the host and IP addressinformation in files called zone files.

• The svc:/network/dns/server:default servicestarts the DNS server during the boot process if theDNS server has been configured.

Sun Services


Network Information Service (NIS)

• Network Information Service (NIS) was developedindependently of DNS and has a slightly differentfocus.

• NIS stores information about host names, IP addresses,users, groups, and others.

• This collection of network information is referred to asthe NIS namespace.

• NIS namespace information is stored in files called NISmaps.

• NIS maps were designed to supplement many of theUNIX /etc files.

Sun Services



• NIS maps are database files created from source files inthe /etc directory (or in a directory that you specify).

• By default, these maps are stored in the/var/yp/domainname directory on NIS servers.

• NIS uses domains to define who can access the hostnames, user information, and other administrative datain its namespace.

• However, NIS does not use a domain hierarchy to storeits data. Therefore, the NIS namespace is flat.

Sun Services



• Replicated NIS servers provide services to NIS clients.• The principal server is called a master server, and, for

reliability, it has a backup, or a slave server.• Each server implements NIS by running the ypserv

daemon.• All NIS clients and servers must run the ypbind

daemon.• The svc:/network/nis/server:default service

starts the NIS server during the boot process.

Sun Services


Network Information Service Plus (NIS+)

• Network Information Service Plus (NIS+) is similar toNIS, but provides many more features.

• NIS+ enables you to store information about machineaddresses, security information, mail information,Ethernet interfaces, and network services in centrallocations.

• This configuration of network information is referredto as the NIS+ namespace.

• The NIS+ namespace is hierarchical and is similar instructure to the UNIX directory tree.

Sun Services



• An NIS+ namespace can be divided into multipledomains that can be administered independently.

• NIS+ uses a client-server model to store and gain accessto the information contained in an NIS+ namespace.

• The principal server is called the root server, and thebackup servers are called replica servers.

• Both root and replica servers run NIS+ server software,as well as maintain copies of NIS+ tables.

Sun Services



• NIS+ includes a sophisticated security system toprotect the structure of the namespace and itsinformation.

• NIS+ uses authentication and authorization to verifywhether a client’s request for information should befulfilled.

• Each server implements NIS+ by running therpc.nisd daemon.

• The svc:/network/rpc/nisplus:default servicestarts the NIS+ name service during the boot process.

Sun Services


Lightweight Directory Access Protocol(LDAP)

• LDAP is the protocol clients use to communicate witha directory server.

• It is a vendor-independent protocol and can be used oncommon TCP/IP networks.

• The Solaris 10 OS comes with an LDAP client andLDAP server.

• The LDAP Directory Server is called the Sun Java™System Directory Server.

Sun Services



• A directory server stores information in a DirectoryInformation Tree (DIT).

• Clients can query the directory server for informationor make changes to the information stored on theserver.

• The hierarchy of the directory tree structure is similarto that of the UNIX file system.

• Entries are named according to their position in thistree structure by a distinguished name (DN).

Sun Services



• The DN is similar to an absolute path name in UNIX.• A Relative Distinguished Name (RDN) is similar to a

relative path name in UNIX.• A directory entry is composed of attributes that have a

type, and one or more values.• Similar to the DNS namespace, LDAP names start with

the least significant component and proceed to themost significant.

Sun Services


Name Service Switch File

• The name service switch file determines which nameservices a system uses to search for information, and inwhich order the name service request is resolved.

• All Solaris OS systems use the /etc/nsswitch.conffile as the name service switch file.

• The nsswitch.conf file is loaded with the contents ofa template file during the installation of the Solaris OS,depending on the name service that is selected.

• The /etc/nsswitch.conf file includes a list ofdatabases that are sources of information about IPaddresses, users, and groups.

Sun Services



• The following entries are from the/etc/nsswitch.conf file configured to support theNIS name service:...passwd: files nisgroup: files nis# consult /etc "files" only if nis is down.hosts: nis [NOTFOUND=return] files...networks: nis [NOTFOUND=return] filesprotocols: nis [NOTFOUND=return] filesrpc: nis [NOTFOUND=return] filesethers: nis [NOTFOUND=return] filesnetmasks: nis [NOTFOUND=return] filesbootparams: nis [NOTFOUND=return] filespublickey: nis [NOTFOUND=return] files...

Sun Services



• The information sources in/etc/nsswitch.conf arelisted in the order that they are searched.

• Information sources• files

• nisplus

• nis

• dns

• ldap

• user

If two or more sources are listed, the first listedsource is searched before moving to the next source.

Sun Services



• When a name service is referenced, the attempt tosearch this source can return one of the following statuscodes:• SUCCESS

• UNAVAIL

• NOTFOUND

• TRYAGAIN

• For each status code, two actions are possible:• return

• continue

Sun Services



• When the action is not explicitly specified, the defaultaction is to continue the search using the next specifiedinformation source, as follows:• SUCCESS = return

• UNAVAIL = continue

• NOTFOUND = continue

• TRYAGAIN = continue

Sun Services


Configuring the Name Service CacheDaemon (nscd)

• The nscd daemon• The nscddaemon is a process that provides a cache

for the most common name service requests.• The nscd daemon starts during multiuser boot.• The /etc/nscd.conf configuration file controls the

behavior of the nscd daemon.• The nscd daemon provides caching for the passwd,

group, hosts, ipnodes, exec_attr, prof_attr,and user_attr databases.

Sun Services



• Configuring the nscd daemon• The/etc/nscd.conffile contains the configuration

information for the nscd daemon.• Each line specifies either an attribute and a value, or

an attribute, a cache name, and a value.• An example of an attribute and a value is as follows:

logfile /var/adm/nscd.log

• An example of an attribute, a cache name, and avalue is as follows:enable-cache hosts no

Sun Services



• Stopping and starting the nscd daemon• The nscddaemon’s cache might become out of date

due to various abnormal circumstances.• A common way to force the nscddaemon to update

its cache is to stop and start the daemon.• Restarting the nscd daemon

Clearing the cache by restarting the daemon can behelpful in removing old cached data:# svcadm restart system/name-service-cache:default

Sun Services


Retrieving Name Service Information

• The getent commandYou can query name service information sourceswith specific tools, such as the ypcat, nslookup,niscat, and ldaplist commands. However, thensswitch.conf file is not referenced by thesecommands.The getent command has the following advantages:• The getent searches the information sources in the

order listed in the name service switch file.• By using the name service switch file, the defined

status message codes and actions are tested as theyare currently configured.

Sun Services


Retrieving Name Service Information

• Using the getent commandThe getent command retrieves a list of entries fromthe administrative database specified by database.The sources for the database are specified in the/etc/nsswitch.conf file. The syntax is asfollows:getent database [key]...

Sun Services


Module 13

Configuring Name Service Clients

Sun Services


Objectives

• Configure a DNS client• Configure an LDAP client

Sun Services


Configuring a DNS Client

Name resolution using the Internet domain name systembegins with the client-side resolver.

The client resolver code is controlled by the following files:

• /etc/resolv.conf

• /etc/nsswitch.conf

Sun Services


Configuring the DNS Client DuringInstallation

During the system identification phase of a Solaris 10 OSinstallation, use the following:

• The Name Service window, to select DNS as the nameservice

• The Domain Name window, to enter the DNS domainname to which the client will belong

• The DNS Server Address window, to enter the IPaddresses of up to three DNS servers that the client willuse for lookups

Sun Services


Configuring the DNS Client DuringInstallation

During the system identification phase of a Solaris 10 OSinstallation, use the following:

• The DNS Search List window, to enter search suffixesto supplement searches for names that are not fullyqualified

• The Confirm Information window, to verify that youhave provided accurate information

Sun Services


Editing DNS Client Configuration Files

To use DNS with another name service, such as NIS or LDAP,you must manually modify configuration files.

• Editing the /etc/resolv.conf fileThe /etc/resolv.conf file contains configurationdirectives for the DNS resolver. The directivesinclude the following:• nameserver

• domain

• search

Sun Services



The following resolv.conf example shows twoname servers for the suned.sun.com domain.It also specifies two domain names,training.sun.com and sun.com, to append to anyrequests received that are not fully qualified.# cat /etc/resolv.confnameserver 192.168.10.11nameserver 192.168.20.88domain suned.sun.com training.sun.com sun.com

Sun Services



• Copying the /etc/nsswitch.dns file to the/etc/nsswitch.conf file• To configure a client to use DNS in combination with

the system’s local files, copy the/etc/nsswitch.dns file to the/etc/nsswitch.conf file.

• This action only changes the hosts entry.

Sun Services


Setting Up an LDAP Client

Native LDAP is the client implementation of the LDAP nameservice.

An LDAP server, such as the Sun Java Directory Server that isbundled with the Solaris 10 OS, must exist on the network.

Sun Services


Client Authentication

An LDAP client must establish a session with an LDAP server.

This authentication process is known as binding.

After a client is authenticated, it can then perform operations,such as “search and modify,” on the data.

Sun Services


Client Authentication

Details on how the client is authenticated and what data theclient is authorized to access is maintained on the LDAPserver.

To avoid having to re-enter the same information for each andevery client, a single client profile is created on the directoryserver.

Sun Services


Client Profile and Proxy Account

A single client profile defines the configuration parametersfor a group of Solaris OS clients allowed to access the LDAPdatabase.

Client profile:

• Contains the client’s credential information• Describes how authentication is to take place• Provides the client with various configuration

parameters

A proxy account is created to allow multiple clients to bind tothe server with the same access privileges.

Sun Services


Client Initialization

• The client profile and proxy account are created as partof the Sun Java Directory Server setup procedures onthe Solaris 10 OS.

• By default, the client profile named default and theproxy account proxyagent are created under a specialprofile directory entry.

• When the Solaris LDAP client is initialized, a copy ofthe client profile is retrieved from the server and storedon disk.

Sun Services


Configuring the LDAP Client DuringInstallation

To configure the LDAP client, complete the following steps:

• In the Name Service window, select LDAP as the nameservice.

• In the Domain Name window, enter the domain namewhere the system is located.

• In the LDAP Profile window, enter the profile nameand server IP address.

• In the LDAP Proxy Bind window, select No.• In the Confirm Information window, verify that you

have provided accurate information.

Sun Services


Initializing the Native LDAP Client

You execute the ldapclient command on the client systemonce to initiate the client as a native LDAP client.

The following example describes a typical client initialization:

# ldapclient init -a proxyPassword=proxy \-a proxyDN=cn=proxyagent,ou=profile,dc=suned,dc=sun,dc=com\-a domainname=suned.sun.com 192.168.0.100System successfully configured

Sun Services


Copying the /etc/nsswitch.ldapFile tothe /etc/nsswitch.conf File

During LDAP client initialization, the/etc/nsswitch.ldap file is copied over to the/etc/nsswitch.conf file.

Sun Services


Listing LDAP Entries

You use the ldaplist command to list the naminginformation from the LDAP servers.

Without any arguments, the ldaplist command returns allof the containers in the current search base DN.

Sun Services


Unconfiguring an LDAP Client

To unconfigure an LDAP client, use the ldapclientcommand with the uninit option.

This command removes the client files from the/var/ldap directory and restores the previous/etc/nsswitch.conf file.

# ldapclient uninitSystem successfully unconfigured

Sun Services


Module 14

Configuring the Network InformationService (NIS)

Sun Services


Objectives

• Describe NIS fundamentals• Configure the name service switch file• Describe NIS security• Configure an NIS domain• Build custom NIS maps• Troubleshoot NIS

Sun Services


NIS Fundamentals

NIS facilitates the creation of server systems that act as centralrepositories for several of the administrative files found onUNIX systems.

The benefits of NIS include the following:

• Centralized administration of configuration files• Better scaling of configuration file administration as

networks grow

NIS is organized into named administrative domains.

Within each domain there is one NIS master server, zero ormore slave servers, and one or more clients.

Sun Services


NIS Namespace Information

NIS stores information about host names and their IPaddresses, users, groups, and others.

NIS maps can replace or be used with the configuration filesthat exist on each UNIX system.

NIS maps are located in the/var/yp/domainname directoryon NIS servers.

Sun Services


Map Contents and Sort Keys

Each map contains a key and value pair.

The key represents data used to perform the lookup in themap, while the value represents data returned after asuccessful lookup.

For example, for the domain name training, the NIS mapfiles list for the hosts map are as follows:

• The /var/yp/training/hosts.byname.pag file• The /var/yp/training/hosts.byname.dir file• The /var/yp/training/hosts.byaddr.pag file• The /var/yp/training/hosts.byaddr.dir file

Sun Services


Commands to Read Maps

You can use two commands to read maps:

• ypcat [ -k ] mname

• ypmatch [ -k ] value mname# ypcat hosts192.168.30.30 instructor instructor. loghost192.168.30.30 instructor instructor. loghost127.0.0.1 localhost...

# ypmatch sys44 hostssys44: 192.168.30.44 sys44 loghost# ypmatch usera passwdusera: usera:LojyTdiQev5i2:3001:10::/export/home/usera:/bin/ksh

Sun Services


NIS Domains

An NIS domain is a collection of hosts and interconnectingnetworks that are organized into a single administrativeauthority.

Each NIS domain contains:

• One NIS master server• NIS slave servers (optional)• NIS clients

Sun Services


NIS Master Server

Within each domain, the NIS master server has the followingcharacteristics:

• Contains the original source ASCII files used to buildthe NIS maps

• Contains the NIS maps generated from the ASCII files• Provides a single point-of-control for the entire NIS

domain

Sun Services


NIS Slave Servers

Within each domain, the NIS slave servers have the followingcharacteristics:

• Do not contain the original source ASCII files used tobuild the NIS maps

• Contain copies of the NIS maps copied from the NISmaster server

• Provide a backup for NIS map information• Provide redundancy in case of server failures• Provide load sharing on large networks

Sun Services


NIS Clients

Within each domain, the NIS clients have the followingcharacteristics:

• Do not contain the original source ASCII files used tobuild the NIS maps

• Do not contain any NIS maps• Bind to the master server or to a slave server to obtain

access to the administrative file information containedin that server’s NIS maps

• Dynamically rebind to another server in case of serverfailure

• Make all appropriate system calls aware of NIS

Sun Services


NIS Processes

The main daemons involved in the running of an NIS domainare as follows:

• The ypserv daemon• The ypbind daemon• The rpc.yppasswdd daemon• The ypxfrd daemon• The rpc.ypupdated daemon

Sun Services


Configuring the Name Service SwitchWhen you select NIS as the name service during installation,the /etc/nsswitch.nis configuration file loads into thedefault /etc/nsswitch.conf file.

• Changing lookup requests to go from files to NISEntries in /etc/nsswitch.conf with the following formcause requests to search files first, and then NIS:passwd: files nis

• Changing lookup requests to go from NIS to filesEntries in /etc/nsswitch.conf with the following formcause requests to search NIS first, and then files:hosts: nis [NOTFOUND=return] files

Sun Services


NIS Security

Just as NIS makes the network information more manageable,it can also create inadvertent security holes.

Two methods of closing these security holes are using thesecurenets file to restrict access to a single host or to asubnetwork, and using the passwd.adjunct file to limitaccess to the password information across the network.

Sun Services


Configuring an NIS Domain

To generate NIS maps, you need the source files.

You can find source files in the /etc directory on the masterserver.

Do not keep the source files in the /etcdirectory, because thecontents of the maps are then the same as the contents of thelocal files that control access to the master server.

This is a special problem for the /etc/passwd and/etc/shadow files.

Sun Services


Configuring an NIS Domain

• To locate the source files in another directory, modifythe /var/yp/Makefile file:• Change the INETDIR line to DIR=/your-choice• Change the DIR=/etc line to DIR=/your-choice• Change the PWDIR=/etc line to

PWDIR=/your-choice

• Copy files from /etc, /etc/inet, and /etc/servicesto DIR=/your-choice

• Before you make any modifications to the/var/yp/Makefile file, save a copy of the originalMakefile file.

Sun Services


Generating NIS Maps

The NIS configuration script, /usr/sbin/ypinit, and themake utility generate NIS maps.

The ypinit command reads the /var/yp/Makefile file forsource file locations, and converts ASCII source files into NISmaps.

For security reasons and to prevent unauthorized root access,the files that build the NIS password maps should not containan entry for the root user.

To make sure of this, copy the files to an alternative directory,and modify the PWDIR entry in the Makefile file.

Sun Services


Locating Source Files

• The source files are located in the /etcdirectory on themaster server, but the files can be copied into anotherdirectory, such as /etc/yp_dir.

• The /etc/defaultdomain file sets the NIS domainname during system boot.

• The ypinit script calls the program make, which usesthe Makefile file located in the /var/yp directory.

Sun Services


Locating Source Files

• The /var/yp directory contains a subdirectory namedafter the NIS domain name. This domainnamedirectory is the repository for the NIS maps.

• The /var/yp/binding/domainname directorycontains theypservers file where the names of the NISmaster server and NIS slave servers are stored.

• The /usr/lib/netsvc/yp directory contains theypstop and ypstart commands that stop and startNIS services, respectively.

Sun Services


Converting ASCII Source Files Into NISMaps

To build new maps on the master server, perform thefollowing command:

# /usr/sbin/ypinit -m

The ypinit command prompts for a list of other machines tobecome NIS slave servers.

Sun Services


Configuring the NIS Master Server

To set up the NIS name service master server, complete thefollowing steps:

1. Determine which machines on your network domainwill be NIS servers.

2. Choose an NIS domain name.3. Use the domainname command to set the local NIS

domain.4. Create an /etc/defaultdomain file that contains the

domain name.

Sun Services



5. If the files do not already exist, use the touchcommand to create zero-length files with thefollowing names: /etc/ethers, /etc/bootparams,/etc/locale, /etc/timezone, /etc/netgroup, and/etc/netmasks.

6. Install an updated Makefile file in the /var/ypdirectory if you intend to use NIS on the system thatfunctions as your JumpStart software server.

7. Create or populate the /etc/locale file, and makean entry for each domain on your network.

Sun Services



8. Initialize the master server by using the local /etcfiles. Enter the ypinit -m command.a. When the program prompts you for a list of slave

servers, and after you complete your list, pressControl-D.

b. The program asks if you want to terminate it onthe first fatal error.

9. Copy the /etc/nsswitch.nis file to the/etc/nsswitch.conf file.

10.Start the NIS daemons on the master server with thefollowing command:# svcadm enable svc:/network/nis/server:default

Sun Services


Testing the NIS Service

There are a number of commands that you can use to obtaininformation from and about the NIS database.

The most commonly used NIS commands are as follows:

• ypcat

• ypmatch

• ypwhich

Sun Services


Configuring the NIS Client

To configure the NIS client, complete the following steps:

1. Edit the /etc/inet/hosts file to ensure that the NISmaster server and all slave servers have beendefined.

2. Execute the domainname domainname command toset the local NIS domain.

3. Create or populate the /etc/defaultdomain filewith the domain name.

Sun Services


Configuring the NIS Client

4. To initialize the system as an NIS client, perform thefollowing command:# ypinit -c

5. When the system prompts you for a list of NISservers, enter the names of the NIS master and allslave servers.


7. Start NIS with the following command:# svcadm enable svc:/network/nis/client:default

Sun Services


Configuring the NIS Slave Server

To configure an NIS slave server, complete the following stepson the system that you want to designate as the slave server:

1. Edit the /etc/inet/hosts file to ensure that the NISmaster server and all slave servers have beendefined.

2. Execute the domainname domainname command toset the local NIS domain.

3. Create or populate the /etc/defaultdomain filewith the domain name.

Sun Services



4. To initialize the system as an NIS client, perform thefollowing command:# ypinit -c

5. When the system prompts for a list of NIS servers,enter the NIS master host followed by the name ofthe local host and all other NIS slave servers on thelocal network.


7. On the NIS master, ensure that the ypserv process isrunning.

Sun Services



8. On the proposed NIS slave system, start the ypbinddaemon.# svcadm enable svc:/network/nis/client:default

9. Initialize the system as an NIS slave by performingthe following command:# ypinit -s master

10.Before starting the ypserv daemon on the slaveserver, stop the client with the following command:# svcadm disable svc:/network/nis/client:default

11. When the NIS server is started, it also starts theypbind client daemon.# svcadm enable svc:/network/nis/server:default

Sun Services


Updating the NIS Map

Because database files change with time, you must updateyour NIS maps. To update the NIS maps (on the masterserver), complete the following steps:

1. Update the text files in your source directory.2. Change to the /var/yp directory.

# cd /var/yp

3. Refresh the NIS database maps using the makeutility.# /usr/ccs/bin/make

Sun Services


Module 15

Introduction to Zones

Sun Services


Objectives

• Identify the different zones features• Understand how and why zone partitioning is used• Configure zones• Install zones• Boot zones• Administer packages with zones• Upgrade the Solaris 10 OS with installed zones

Sun Services


Solaris Zones

Solaris zones technology enables software partitioning of aSolaris 10 OS to support multiple instances of the operatingsystem services with independent process space, allocatedresources, and users.

Zones provide virtual operating system services that look likedifferent Solaris instances to users and applications.

Solaris zones allow administrators to dedicate systemresources to individual zones.

Each zone exists with separate process and file system space,and can only monitor and interact with local processes.

Sun Services


Zone Features

• Security• Isolation• Virtualization• Granularity• Transparency

Sun Services


Zone Types

The Solaris Operating System supports two types of zones:

• Global• Non-global

Sun Services


Global Zones

Every Solaris system contains a global zone.

The global zone has two functions:

• It is the default zone for the system.• It is the zone used for system-wide administrative

control.

The global zone is the only zone from which a non-globalzone can be configured, installed, managed, or uninstalled.

The global zone contains a complete installation of the Solarissystem software packages.

Sun Services


Global Zones

Each zone, including the global zone, is assigned a zone name.

The global zone always uses the name global. Non-globalzones must have user-defined names.

The system always assigns zone ID 0 to the global zone.

The system assigns non-zero zone IDs to non-global zoneswhen they boot.

Sun Services


Non-Global Zones

Non-global zones contain an installed subset of the completeSolaris Operating System software packages.

They can also contain Solaris software packages shared fromthe global zone and additional installed software packagesnot shared from the global zone.

Non-global zones share operation under the Solaris kernelbooted from the global zone.

Non-global zones are not aware that any other zones exist.

Sun Services


Zone Daemons

The system uses two daemons to control zone operation,zoneadmd and zsched.

The zoneadmd daemon is the primary process for managingthe zone’s virtual platform.

The zoneadmd daemon is responsible for the following:

• Managing zone booting and shutting down• Allocating the zone ID and starting the zsched system

process• Setting zone-wide resource controls• Preparing the zone’s devices as specified in the zone

configuration

Sun Services


Zone Daemons

The zoneadmd daemon is also responsible for the following:

• Plumbing virtual network interfaces• Mounting loopback and conventional file systems

The zsched process involves the following:

• Every active zone has an associated kernel process,zsched.

• The zsched process enables the zones subsystem tokeep track of per-zone kernel threads.

• Kernel threads doing work on behalf of the zone areowned by zsched.

Sun Services


Zone File Systems

There are two models for populating root file system space innon-global zones, the sparse root model and the whole rootmodel.

Sun Services


Zone File Systems

• Sparse root model• The sparse root model installs a minimal number of

files from the global zone when you initialize anon-global zone.

• Files that need to be shared between a non-globalzone and the global zone are mounted throughread-only loopback file systems.

• By default, in the sparse root model, the directories/lib, /platform, /sbin, and /usr are mounted inthis manner.

Sun Services


Zone File Systems

• Whole root model• The whole root model provides the maximum

configurability.• All of the required and any selected optional Solaris

packages are installed into the private file systems ofthe zone.

• The disk requirements for this model aredetermined by the disk space used by the packagescurrently installed in the global zone.

Sun Services


Zone Networking

• Each non-global zone that requires networkconnectivity has one or more dedicated IP addresses.

• These addresses are associated with logical networkinterfaces that can be placed in a zone by using theifconfig command.

• For example, if the primary network interface in theglobal zone is ce0, then the non-global’s logicalnetwork interface might be ce0:1.

• Logical interfaces are automatically assigned the nextavailable identifier, for example, ce0:2, ce0:3.

Sun Services


Zone States

As you configure a non-global zone, bring it into operation,use the zone, reboot, or shut it down, the state that thezoneadm command reports for that zone changes.

The zoneadm command reports the following zone states:

• Undefined• Configured• Incomplete• Installed• Ready• Running• Shutting down and Down

Sun Services


Configuring Zones

Configuring a zone requires completing the following tasks:

• Identifying the components that will make up the zone• Configuring the zone with the zonecfg command• Verifying and committing the configured zone

Sun Services


Identifying Zone Components

When planning zones for your environment, you mustconsider the components that make up each zone’sconfiguration. These components include the following:

• A zone name• A path to the zone’s root• The zone network interfaces• The file systems mounted in zones• The configured devices in zones

Sun Services


Allocating File System Space

There are no limits on how much disk space can be consumedby a zone.

The nature of the packages installed in the global zone affectsthe space requirements of the non-global zones that arecreated.

• As a general guideline, about 100 megabytes of freedisk space per non-global zone using the sparse rootmodel is required.

• By default, any additional packages installed in theglobal zone also populate the non-global zones.

Sun Services


Using the zonecfgCommand

You can perform the following operations with zonecfg:

• You can create or delete a zone configuration.• You can add resources to a particular configuration.• You can set properties for resources added to a

configuration.• You can remove resources from a particular

configuration.• You can query or verify a configuration.• You can commit to a configuration.• You can revert to a previous configuration.

Sun Services


Using the zonecfgCommand

• To simplify the user interface, zonecfg utilizes theconcept of a scope.

• The default scope is global.• The zonecfg interactive command prompt changes to

reflect the current scope.• You can use the add and select subcommands to

select a specific resource, at which point the scopechanges to that resource.

• The end and cancel subcommands cause the scope torevert to global.

Sun Services


The zonecfgSubcommands

• Subcommands within the zonecfg utility are used toconfigure and provision zones.

• The zonecfg prompt indicates if the scope is global oris confined to a particular resource.Note: The zonecfg subcommands are demonstratedin the “Zone Configuration Walk-Through” section,later in this module.

Sun Services


The zonecfgResource Parameters

Resource types within the zonecfg utility include thefollowing:

• zonename• zonepath• autoboot• pool• fs• inherit-pkg-dir• net• device• rctl• attr

Sun Services


The zonecfgResource Parameters

Parameters associated with the fs resource include thefollowing:

• dir

• special

• raw

• type

• options

Sun Services


Zone Configuration Walk-Through

To create a zone, you must log in to the global system as rootor a role-based access control (RBAC)-allowed user.

The following shows an example of configuring a zone namedwork-zone:

1 global# zonecfg -z work-zone2 zonecfg:work-zone> create3 zonecfg:work-zone> set zonepath=/export/work-zone4 zonecfg:work-zone> set autoboot=true5 zonecfg:work-zone> set pool=pool_default6 zonecfg:work-zone> add fs7 zonecfg:work-zone:fs> set dir=/mnt8 zonecfg:work-zone:fs> set special=/dev/dsk/c0t0d0s7

Sun Services


Zone Configuration Walk-Through

9 zonecfg:work-zone:fs> set raw=/dev/rdsk/c0t0d0s710 zonecfg:work-zone:fs> set type=ufs11 zonecfg:work-zone:fs> add options [logging]12 zonecfg:work-zone:fs> end13 zonecfg:work-zone> add inherit-pkg-dir14 zonecfg:work-zone:inherit-pkg-dir> set dir=/opt/sfw15 zonecfg:work-zone:inherit-pkg-dir> end16 zonecfg:work-zone> add net17 zonecfg:work-zone:net> set physical=ce018 zonecfg:work-zone:net> set address=192.168.0.119 zonecfg:work-zone:net> end20 zonecfg:work-zone> add device21 zonecfg:work-zone:device> set match=/dev/sound/*

Sun Services


Zone Configuration Walk-Through22 zonecfg:work-zone:device> end28 zonecfg:work-zone:attr> set name=comment29 zonecfg:work-zone:attr> set type=string30 zonecfg:work-zone:attr> set value="The work zone."31 zonecfg:work-zone:attr> end32 zonecfg:work-zone> verify33 zonecfg:work-zone> commit34 zonecfg:work-zone> exit

Sun Services


Viewing the Zone Configuration

You can use the zonecfg command to view the zoneconfiguration.

# zonecfg -z work-zone infozonepath: /export/work-zoneautoboot: truepool: pool_defaultinherit-pkg-dir:

dir: /libinherit-pkg-dir:

dir: /platforminherit-pkg-dir:

dir: /sbininherit-pkg-dir:

dir: /usr...

Sun Services


Using the zoneadmCommand

The zoneadm command is the primary tool used to install andadminister non-global zones.

Operations using the zoneadm command must be run fromthe global zone.

Sun Services



The following tasks can be performed using the zoneadmcommand:

• Verify a zone’s configuration• Install a zone• Boot a zone• Reboot a zone• Display information about a running zone• Uninstall a zone

Sun Services



• Verifying a configured zoneYou can verify a zone before you install it. If youskip this procedure, the verification is performedautomatically when you install the zone.global# zoneadm -z work-zone verifyWarning: /export/work-zone does not exist, so it cannot be verified. Whenzoneadm install is run, install will try to create /export/work-zone, andverify will be tried again, but the verify may fail if: the parentdirectory of /export/work-zone is group- or other-writable or/export/work-zone overlaps with any other installed zones.

Sun Services



• Installing a configured zoneYou use the zoneadm -z zone_name installcommand to install a non-global zone.global# zoneadm -z work-zone install

Zone installation takes time to complete.• Booting a zone

Booting a zone places the zone in the running state.global# zoneadm -z work-zone bootglobal# zoneadm list -vID NAME STATE PATH0 global running /1 work-zone running /export/work-zone

Sun Services



• Halting a zoneThe zoneadm halt command is used to remove boththe application environment and the virtual platformfor a zone.global# zoneadm -z work-zone haltglobal# zoneadm list -vID NAME STATE PATH0 global running /- work-zone installed /export/work-zone

• Rebooting a zoneThe zoneadm reboot command is used to reboot azone.global# zoneadm -z work-zone reboot

Sun Services



• Logging in to the zone consoleAfter you boot the zone for the first time, it isimportant to connect to the zone’s virtual consoleand complete the zone’s system identification beforeyou can begin using the zone.Use the zlogin command with the -C option.global# zlogin -C work-zone

The first time that you connect to the zone’s virtualconsole, the system identification process startsautomatically.The ~. (tilde dot) character sequence terminates theconsole connection.

Sun Services



• Deleting a zoneThe following zoneadm example removes a zone:# zoneadm list -cp0:global:running:/3:work-zone:running:/export/work-zone# zoneadm -z work-zone halt# zoneadm list -cp0:global:running:/-:work-zone:installed:/zones/work-zone# zoneadm -z work-zone uninstallAre you sure you want to uninstall zone work-zone (y/[n])? y# zoneadm list -cp0:global:running:/-:work-zone:configured:/export/work-zone# zonecfg -z work-zone deleteAre you sure you want to delete zone work-zone (y/[n])? y# zoneadm list -cp0:global:running:/

Sun Services


Installing Packages in Zones

The standard Solaris package management tools, for example,pkgadd and pkgrm, are used to administer packages in thezones environment.

Package parameters listed in the pkginfo file for a packagecontrol how the Solaris package tools can administer thepackage.

Currently, three package parameters control how packagesare administered. They are as follows:

• SUNW_PKG_ALLZONES

• SUNW_PKG_HOLLOW

• SUNW_PKG_THISZONE

Sun Services



You can list parameters for packages using the pkgparamcommand.

# pkgparam -v SUNWzoneuCLASSES='none'BASEDIR='/'LANG='C'(output omitted)EMAIL=''SUNW_PKGVERS='1.0'SUNW_PKG_ALLZONES='true'SUNW_PKG_HOLLOW='false'PSTAMP='gaget20050121155950'PKGINST='SUNWzoneu'PKGSAV='/var/sadm/pkg/SUNWzoneu/save'INSTDATE='Jan 26 2005 10:21'

Sun Services



• The -G option to the pkgadd command causes pkgaddto add a package to the current zone only.

• Package operations possible in the global zoneIf the package is not currently installed in the globalzone and not currently installed in any non-globalzone, the package can be installed according to thefollowing guidelines:• Only in the global zone, if

SUNW_PKG_ALLZONES=false

• In the global zone and all non-global zones

Sun Services



If the package is currently installed in the global zone only, thefollowing guidelines apply:

• The package can be installed in all non-global zones.• The package can be removed from the global zone.

Sun Services



If a package is currently installed in the global zone andcurrently installed in only a subset of the non-global zones,the following guidelines apply:

• SUNW_PKG_ALLZONES must be set to false.• The package can be installed in all non-global zones.

Existing instances in any non-global zone are updatedto the revision being installed.

• The package can be removed from the global zone.• The package can be removed from the global zone and

from all non-global zones.

Sun Services



If a package is currently installed in the global zone andcurrently installed in all non-global zones, the package can beremoved from the global zone and from all non-global zones.

These rules ensure the following:

• Packages that are installed in the global zone are eitherinstalled in the global zone only, or installed in theglobal zone and all non-global zones.

• Packages that are installed in the global zone and alsoinstalled in any non-global zone are the same across allzones.

Sun Services



• If a package is not currently installed in the non-globalzone, the package can be installed only ifSUNW_PKG_ALLZONES=false.

• If a package is currently installed in the non-globalzone, the following guidelines apply:• The package can be installed over the existing

instance of the package only ifSUNW_PKG_ALLZONES=false.

• The package can be removed from the non-globalzone only if SUNW_PKG_ALLZONES=false.

Sun Services


Upgrading Solaris 10 OS With InstalledNon-Global Zones

The normal upgrade path from Solaris 10 to Solaris 10 01/06is not available if installed zones are present. There are threeoptions:

• Uninstall the zones, upgrade the OS, and reinstall thezones.

• Reinstall the entire OS from an initial install, with theloss of existing zones configuration.

• Use the new features of Solaris 10 update 01/06 toupgrade the OS and any installed zones.

Sun Services


Solaris Install Media Support

• The new upgrade method for Solaris 10 update 01/06is only available on the DVD media.

• If no DVD reader is available, a network installationmust be used.

Sun Services


Upgrading the Solaris 10 OS

• Boot the system to be installed.ok boot net - install

• Select Standard install.• Choose Upgrade option.• If installed zones are present, the upgrade continues

with the new method.

Sun Services


Using Custom Jumpstart

• Custom jumpstart can be used to upgrade Solaris 10update 01/06 with installed zones.

• Only two profile keywords should be used:• install_type

• root_device

• Other keywords will be ignored or will cause jumpstartto fail.• Ignored: cluster, geo, locale, package, patch• Causes failure: backup_media,

layout_constraint

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Revision A

Module 16

Introduction to the ZFS File System

Sun Services

System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 2 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Objectives

• Describe the Solaris ZFS file system• Create new ZFS pools and file systems• Modify ZFS file system properties• Mount and unmount ZFS file systems• Destroy ZFS pools and file systems• Work with ZFS snapshots and Clones• Use ZFS datasets with Solaris Zones

Sun Services


What Is Solaris ZFS?

• ZFS Pooled StorageZFS aggregates devices into storage pools.

• Transactional SemanticsAny sequence of operations is either entirelycommitted or entirely ignored.

• Checksums and Self-Healing DataAll data and metadata is checksummed, anddetected errors are corrected using replicated data.

• Unparalleled ScalabilitySolaris ZFS is a 128-bit file system, allowing for 256quadrillion zettabytes of storage.

Sun Services


What Is ZFS?

• ZFS SnapshotsZFS snapshots are read-only copies of file systemsthat initially consume no additional space in a pool.

• Simplified AdministrationZFS uses a simplified command set, uses anhierarchical file system layout, supports file systemproperty inheritance and automatic mount points.

Sun Services


ZFS Terminology

• checksum - A 256-bit hash of the data in a file systemblock.

• clone - A file system whose initial contents are identicalto the contents of a snapshot.

• dataset - A generic name for the following ZFS entities:clones, file systems, snapshots, or volumes.

• file system - A dataset that contains a standard POSIXfile system.

• mirror - A virtual device that stores identical copies ofdata on two or more disks.

Sun Services


ZFS Terminology (cont.)

• pool - A logical group of devices describing the layoutand physical characteristics of the available storage.

• RAID-Z - A virtual device that stores data and parityon multiple disks, similar to RAID-5.

• resilvering -The process of transferring data from onedevice to another device is known as resilvering.

• snapshot - A read-only image of a file system orvolume at a given point in time.

• virtual device - A logical device in a pool, which can bea physical device, a file, or a collection of devices.

• volume - A dataset used to emulate a physical device.

Sun Services


ZFS Component Naming Requirements

Empty components are not allowed.

Each component can only contain alphanumeric characters inaddition to the following four special characters:

• Underscore (_)• Hyphen (-)• Colon (:)• Period (.)

Sun Services


ZFS Component Naming Requirements(cont.)

Pool names must begin with a letter, except that the beginningsequence c[0-9] is not allowed. In addition, pool names thatbegin withmirror,raidz, orspare are not allowed as thesename are reserved.

Dataset names must begin with an alphanumeric character.

Sun Services


ZFS Hardware and Software Requirementsand Recommendations

A SPARC® or x86 system that is running the Solaris 10 6/06release.

The minimum disk size is 128 Mbytes. The minimum amountof disk space required for a storage pool is approximately 64Mbytes.

For good ZFS performance, at least one Gbyte or more ofmemory is recommended.

If you create a mirrored disk configuration, multiplecontrollers are recommended.

Sun Services


Creating ZFS File Systems

One goal of the ZFS design is to reduce the number ofcommands needed to create a usable file system.

When you create a new pool, a new ZFS file system is createdand mounted automatically.

Within a pool, you will probably want to create additional filesystems.

In most cases, you will probably want to create and organizea hierarchy of file systems that matches your organizationalneeds.

Sun Services


Components of a ZFS Storage Pool

Using Disks in a ZFS Storage Pool

Physical storage can be any block device of at least 128 Mbytesin size.

Typically, this device is a hard drive that is visible to thesystem in the /dev/dsk directory.

A storage device can be a whole disk (c1t0d0) or anindividual slice (c0t0d0s7).

The recommended mode of operation is to use an entire disk.

ZFS applies an EFI label when you create a storage pool withwhole disks.

Sun Services


Components of a ZFS Storage Pool (cont.)

Using Disks in a ZFS Storage Pool (continued)

Disks can be specified by using either the full path, such as/dev/dsk/c1t0d0, or a shorthand name.

For example, the following are valid disk names:

• c1t0d0

• /dev/dsk/c1t0d0

• c0t0d6s2

ZFS works best when given whole physical disks.

Sun Services



Using Files in a ZFS Storage Pool

ZFS also allows you to use UFS files as virtual devices in yourstorage pool.

This feature is aimed primarily at testing and enabling simpleexperimentation, not for production use.

The reason is that any use of files relies on the underlying filesystem for consistency.

All files must be specified as complete paths and must be atleast 128 Mbytes in size.

Sun Services



ZFS pools can consist of whole disks, disk slices, or files.

Pool

Whole disk(preferred)

Disk sliceFile

(for test only)

Sun Services



Virtual Devices in a Storage Pool

Each storage pool is comprised of one or more virtual devices.

Two top-level virtual devices provide data redundancy:mirror and RAID-Z virtual devices. These virtual devicesconsist of disks, disk slices, or files.

Disks, disk slices, or files that are used in pools outside ofmirrors and RAID-Z virtual devices, function as top-levelvirtual devices themselves.

Storage pools typically contain multiple top-level virtualdevices. ZFS dynamically stripes data among all of the top-level virtual devices in a pool.

Sun Services



A ZFS pool that uses disks as top level virtual devicesprovides no data replication.

36 3636

0101010

Data

01010

00101 011100010

36 36 36

Stripe 1 Stripe 3

Stripe 2

Sun Services


Replication Features of a ZFS Storage Pool

Mirrored Storage Pool Configuration

A mirrored storage pool configuration requires at least twodisks, preferably on separate controllers.

You can create more than one mirror in each pool.

A simple mirrored configuration would look similar to thefollowing:

mirror c1t0d0 c2t0d0

A more complex mirrored configuration would look similarto the following:

mirror c1t0d0 c2t0d0 c3t0d0 mirror c4t0d0 c5t0d0 c6t0d0

Sun Services


Replication Features of a ZFS Storage Pool(cont.)

ZFS stripes data among mirror virtual devices in a pool, anddata is replicated within each mirror.

Data

01010

00101 011100010

Stripe 1 Stripe 2

Mirror device Mirror device

36 36 36 36

Sun Services



RAID-Z Storage Pool Configuration

RAID-Z is similar to RAID-5.

In RAID-Z, ZFS uses variable-width RAID stripes so that allwrites are full-stripe writes.

You need at least two disks for a RAID-Z configuration.

Conceptually, RAID-Z configuration with three disks wouldlook similar to the following:

raidz c1t0d0 c2t0d0 c3t0d0

Sun Services



RAID-Z Storage Pool Configuration (continued)

A more complex conceptual RAID-Z configuration wouldlook similar to the following:

raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 c5t0d0 c6t0d0 c7t0d0 raidzc8t0d0 c9t0d0 c10t0d0 c11t0d0 c12t0d0 c13t0d0 c14t0d0

If you are creating a RAID-Z configuration with many disks,as in this example, a RAID-Z configuration with 14 disks isbetter split into a two 7-disk groupings.

RAID-Z configurations with single-digit groupings of disksshould perform better.

Sun Services



ZFS uses variable width stripes within RAID-Z devices.

36 3636

0101010

Data

RAID-Z device

Sun Services



Self-Healing Data in a Replicated Configuration

ZFS provides for self-healing data in a mirrored or RAID-Zconfiguration.

When a bad data block is detected, not only does ZFS fetch thecorrect data from another replicated copy, but it also repairs the baddata by replacing it with the good copy.

Dynamic Striping in a Storage Pool

For each virtual device that is added to the pool, ZFS dynamicallystripes data across all available devices.

No fixed width stripes are created at allocation time.

Sun Services



ZFS dynamically stripes data across all virtual devices in apool.

Data01010

00101 011100010Stripe 1 Stripe 2

RAID-Z device RAID-Z device

Sun Services



Dynamic Striping in a Storage Pool (continued)

When virtual devices are added to a pool, ZFS graduallyallocates data to the new device in order to maintainperformance and space allocation policies.

While ZFS supports combining different types of virtualdevices within the same pool, this practice is notrecommended.

Sun Services


Creating and Destroying ZFS Storage Pools

By design, creating and destroying pools is fast and easy.However, be cautious when doing these operations.

Creating a ZFS Storage Pool

To create a storage pool, use the zpool create command.This command takes a pool name and any number of virtualdevices as arguments.

Creating a Basic Storage Pool

The following command creates a new pool named tank thatconsists of the disks c1t0d0 and c1t1d0:

# zpool create tank c1t0d0 c1t1d0

Sun Services


Creating and Destroying ZFS Storage Pools(cont.)

Creating a Mirrored Storage Pool

To create a mirrored pool, use the mirror keyword, followedby any number of storage devices that will comprise themirror.

# zpool create tank mirror c1d0 c2d0 mirror c3d0 c4d0

Creating a Single-Parity RAID-Z Storage Pool

Creating a RAID-Z pool is identical to creating a mirroredpool, except that the raidz keyword is used instead ofmirror.

# zpool create tank raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 /dev/dsk/c5t0d0

Sun Services



Creating a Double-Parity RAID-Z Storage Pool

You can create a double-parity RAID-Z configuration byusing the raidz2 keyword when the pool is created. Forexample:

# zpool create tank raidz2 c1t0d0 c2t0d0 c3t0d0

Sun Services



Detecting in Use Devices

Before formatting a device, ZFS first determines if the disk is in useby ZFS or some other part of the operating system.

If the disk is in use, you might see errors such as the following:

# zpool create tank c1t0d0 c1t1d0invalid vdev specificationuse ’-f’ to override the following errors:/dev/dsk/c1t0d0s0 is currently mounted on //dev/dsk/c1t0d0s1 is currently mounted on swap/dev/dsk/c1t1d0s0 is part of active ZFS pool ’zeepool’Please see zpool(1M)

Some of these errors can be overridden by using the -f option, but most errorscannot.

Sun Services



Mismatched Replication Levels

Creating pools with virtual devices of different replicationlevels is not recommended.

The zpool command tries to prevent you from accidentallycreating a pool with mismatched replication levels.

Doing a Dry Run of Storage Pool Creation

The zpool create command with the -n option simulatescreating the pool without actually writing data to disk.

Sun Services



Destroying ZFS Storage Pools

Pools are destroyed by using the zpool destroy command.

# zpool destroy tank

Sun Services


Querying ZFS Storage Pool Status

The zpool list command provides a number of ways torequest information regarding pool status.

Listing Information About All Storage Pools

With no arguments, the zpool list command displays allthe fields for all pools on the system. For example:

# zpool listNAME SIZE USED AVAIL CAP HEALTH ALTROOTtank 80.0G 22.3G47.7G 28% ONLINE -dozer 1.2T 384G 816G 32% ONLINE -

Sun Services


Querying ZFS Storage Pool Status (cont.)

Listing Specific Storage Pool Statistics

You can request specific statistics by using the -o option.

For example, to list only the name and size of each pool, youuse the following syntax:

# zpool list -o name,sizeNAME SIZEtank 80.0Gdozer 1.2T

Sun Services



Health Status of ZFS Storage Pools

ZFS provides an integrated method of examining pool anddevice health. The health of a pool is determined from thestate of all its devices.

This state information is displaying by using the zpoolstatus command.

Each device can fall into one of the following states:

• ONLINE• DEGRADED• FAULTED

Sun Services



Health Status of ZFS Storage Pools (continued)

• OFFLINE• UNAVAILABLE

Basic Storage Pool Health Status

The simplest way to request a quick overview of pool healthstatus is to use the zpool status command:

# zpool status -xall pools are healthy

Sun Services



Detailed Health Status

You can request a more detailed health summary by using the-v option. For example:

# zpool status -v tankpool: tankstate: DEGRADEDstatus: One or more devices could not be opened. Sufficient replicas exist

for the pool to continue functioning in a degraded state.action: Attach the missing device and online it using ’zpool online’.see: http://www.sun.com/msg/ZFS-8000-2Qscrub: none requestedconfig:

NAME STATE READ WRITE CKSUMtank DEGRADED 0 0 0

mirror DEGRADED 0 0 0c1t0d0 FAULTED 0 0 0 cannot openc1t1d0 ONLINE 0 0 0

errors: No known data errors

Sun Services


Creating and Destroying ZFS File Systems

Creating a ZFS File System

You use the zfs create command to create ZFS filesystems. The create subcommand takes a single argument:the name of the file system to create.

Specify the file system name as a path name starting from thename of the pool:

pool-name/[filesystem-name/]filesystem-name

The pool name and initial file system names in the pathidentify the location in the hierarchy where the new filesystem will be created. All the intermediate file system namesmust already exist in the pool.

Sun Services


Creating and Destroying ZFS File Systems(cont.)

Creating a ZFS File System (cont.)

In the following example, a file system named bonwick iscreated in the tank/home file system.

# zfs create tank/home/bonwick

ZFS automatically mounts the newly created file system if it iscreated successfully.

Sun Services



Destroying a ZFS File System

You use the zfs destroy command to destroy ZFS filesystems. The destroyed file system is automaticallyunmounted and unshared.

In the following example, the tabriz file system isdestroyed.

# zfs destroy tank/home/tabriz

If the file system to be destroyed is busy and so cannot beunmounted, the zfs destroy command fails. The zfsdestroy command also fails if a file system has children.

Sun Services



Renaming a ZFS File System

You use the zfs rename command to rename ZFS filesystems.

The rename subcommand can perform the followingoperations:

• Change the name of a file system.• Relocate the file system to a new location within the

ZFS hierarchy.• Change the name of a file system and relocate it within

the ZFS hierarchy.

Sun Services



Renaming a ZFS File System (cont.)

The following example uses the rename subcommand tosimply rename a file system:

# zfs rename tank/home/kustarz tank/home/kustarz_old

The following example shows how to use zfs rename torelocate a file system.

# zfs rename tank/home/maybee tank/ws/maybee

Sun Services


ZFS Properties

Properties provide the main mechanism that you use tocontrol the behavior of file systems, volumes, snapshots, andclones.

Properties are either read-only statistics or settable properties.

Most settable properties are also inheritable.

An inheritable property is a property that, when set on aparent, is propagated to all of its descendants.

Sun Services


ZFS Properties (cont.)

All inheritable properties have an associated source.

The source indicates how a property was obtained. The sourceof a property can have the following values:

• default

• local

• inherited from dataset-name

• temporary

• - (none)

Sun Services



PropertyName Type Default

Value Description

aclinherit String secure Controls how ACL entries areinherited when files anddirectories are created.

aclmode String groupmask Controls how an ACL entry ismodified during a chmodoperation

atime Boolean on Controls whether the access timefor files is updated when they areread.

Sun Services


available Number N/A Read-only property that identifiesthe amount of space available tothe dataset and all its children,assuming no other activity in thepool.

checksum String on Controls the checksum used toverify data integrity.

compression String off Controls the compressionalgorithm used for this dataset.

compressratio Number N/A Read-only property that identifiesthe compression ratio achieved forthis dataset.

creation Number N/A Read-only property that identifiesthe date and time that this datasetwas created.


Value Description

Sun Services


devices Boolean on Controls whether device nodesfound within this file systemcan be opened.

exec Boolean on Controls whether programswithin this file system are allowedto be executed.

mounted Boolean N/A Read-only property that indicateswhether this file system,clone, or snapshot is currentlymounted.

mountpoint String N/A Controls the mount point used forthis file system.


Value Description

Sun Services


origin String N/A Read-only property for cloned filesystems or volumes that identifiesthe snapshot from which the clonewas created.

quota Number(or none)

none Limits the amount of space adataset and its descendants canconsume.

readonly Boolean off Controls whether this dataset canbe modified.

recordsize Number 128K Specifies a suggested block size forfiles in the file system.

referenced Number N/A Read-only property that identifiesthe amount of data accessible bythis dataset.


Value Description

Sun Services


reservation Number(or none)

none The minimum amount of spaceguaranteed to a dataset and itsdescendants.

sharenfs String off Controls whether the file system isavailable over NFS, and whatoptions are used.

setuid Boolean on Controls whether setuid the bit ishonored in the file system.

snapdir String hidden Controls whether the .zfsdirectory is hidden or visible inthe root of the file system.

type String N/A Read-only property that identifiesthe dataset type asfilesystem (file system or clone),volume, or snapshot.


Value Description

Sun Services


used Number N/A Read-only property that identifiesthe amount of spaceconsumed by the dataset and allits descendants.

volsize Number N/A For volumes, specifies the logicalsize of the volume.

volblocksize Number 8 Kbytes For volumes, specifies the blocksize of the volume.

zoned Boolean N/A Indicates whether this dataset hasbeen delegated to a non-globalzone.


Value Description

Sun Services



Read-Only ZFS Properties

Read-only properties are properties that you can retrieve, butnot set. Read-only properties are not inherited.

Settable ZFS Properties

Settable properties are properties whose values you can bothretrieve and set.

Settable properties are set by using the zfs set command.

With the exceptions of quotas and reservations, settableproperties are inherited.

Sun Services


Querying ZFS File System Information

The zfs list command provides an extensible mechanismfor viewing and querying dataset information.

Listing Basic ZFS Information

You can list basic dataset information by using the zfs listcommand with no options. For example:

# zfs listNAME USED AVAIL REFER MOUNTPOINTpool 84.0K 33.5G - /poolpool/clone 0 33.5G 8.50K /pool/clonepool/test 8K 33.5G 8K /testpool/home 17.5K 33.5G 9.00K /pool/homepool/home/marks 8.50K 33.5G 8.50K /pool/home/markspool/home/marks@snap 0 - 8.50K /pool/home/marks@snap

Sun Services


Querying ZFS File System Information(cont.)

Listing Basic ZFS Information (cont.)

You can also use the zfs list command to display specificdatasets by providing the dataset name on the command line.

Use the the -r option to recursively display all descendantsof a dataset.

Creating Complex ZFS Queries

The zfs list output can be customized by using of the -o, -t, and -H options. For example:

# zfs list -o name,sharenfs,mountpointNAME SHARENFS MOUNTPOINTtank rw /export

Sun Services


Querying ZFS File System Information(cont.)

Creating Complex ZFS Queries (cont.)

You can use the -t option to specify the types of datasets todisplay. The valid types are:

• filesystem

• volume

• snapshot

You can use the -H option to omit the zfs list header fromthe generated output.

With the -H option, all white space is output as tabs. Thisoption can be useful when you need parsable output.

Sun Services


Managing ZFS Properties

Dataset properties are managed through the zfs command’sset, inherit, and get subcommands.

Setting ZFS Properties

You can use the zfs set command to modify any settabledataset property.

Only one property at a time can be set or modified using zfsset.

The following example sets the atime property to off fortank/home.

# zfs set atime=off tank/home

Sun Services


Managing ZFS Properties (cont.)

Inheriting ZFS Properties

All settable properties, with the exception of quotas andreservations, inherit their value from their parent.

If no ancestor has an explicit value set for an inheritedproperty, the default value for the property is used.

You can use thezfs inherit command is to clear a propertysetting, thus causing the setting to be inherited from theparent.

The inherit subcommand applies recursively when youspecify the -r option.

Sun Services



Querying ZFS Properties

The simplest way to query property values is by using thezfs list command.

For more complex queries and for scripting, you can use thezfs get command to obtain more detailed information in acustomized format.

You can use the zfs get command to retrieve any datasetproperty. For example:

# zfs get checksum tank/wsNAME PROPERTY VALUE SOURCEtank/ws checksum on default

Sun Services



Querying ZFS Properties (cont.)

The fourth column in zfs get output, SOURCE, indicateshow a property value has been set. The possible source valuesare:

• default

• inherited from dataset-name

• local

• temporary

• - (none)

Sun Services



Querying ZFS Properties (cont.)

You can use the special keyword all to retrieve all datasetproperties. The following example uses the all keyword toretrieve all existing dataset properties:

# zfs get all poolNAME PROPERTY VALUE SOURCEpool type filesystem -pool creation Mon Mar 13 11:41 2006 -pool used 2.62M -<output omitted>

The -s option to zfs get enables you to specify, by sourcevalue, the type of properties to display.

Sun Services


Mounting ZFS File Systems

Managing ZFS Mount Points

By default, all ZFS file systems are mounted by ZFS at boot byusing SMF’s svc://system/filesystem/local service.

File systems are mounted under /path, where path is thename of the file system.

You can override the default mount point by using the zfsset command to set the mountpoint property to a specificpath.

ZFS automatically creates this mount point, if needed.

The mountpoint property is inherited.

Sun Services


Mounting ZFS File Systems (cont.)

Managing ZFS Mount Points (cont.)

You can set the mountpoint property to none to prevent afile system from being mounted.

If desired, you can explicitly manage file systems throughlegacy mount interfaces by setting the mountpoint propertyto legacy.

Sun Services



Automatic Mount Points

When you create a pool, you can set the default mount pointfor the root dataset by using zpool create -m.

Any dataset whose mountpoint property is not legacy ismanaged by ZFS.

When you change the mountpoint property, the file systemis automatically unmounted from the old mount point andremounted to the new mount point.

Mount point directories are created as needed.

Sun Services



Legacy Mount Points

You can manage ZFS file systems with legacy tools by settingthe mountpoint property to legacy.

Legacy file systems must be managed through the mount andumount commands and the /etc/vfstab file.

The following examples show how to set up and manage aZFS dataset in legacy mode:

# zfs set mountpoint=legacy tank/home/eschrock# mount -F zfs tank/home/eschrock /mnt

Sun Services



Mounting ZFS File Systems

ZFS automatically mounts file systems when file systems arecreated or when the system boots.

The zfs mount command is only necessary when changingmount options, or explicitly mounting or unmounting filesystems.

The zfs mount command with no argument shows allcurrently mounted file systems that are managed by ZFS.

# zfs mounttank /tanktank/home /tank/hometank/home/bonwick /tank/home/bonwick

Sun Services




You can use the -a option to mount all ZFS managed filesystems. For example:

# zfs mount -a

This command does not mount legacy managed file systems.

When a file system mounts, it uses a set of mount optionsbased on the property values associated with the dataset.

Sun Services



Temporary Mount Properties

If you explicitly set mount options by using the -o optionwith the zfs mount command, the corresponding propertyvalue is temporarily overridden.

In the following example, the read-only mount option istemporarily set on the tank/home/perrin file system:

# zfs mount -o ro tank/home/perrin

To temporarily change a property on a file system that iscurrently mounted, you must use the special remountoption.

Sun Services



Unmounting ZFS File Systems

You can unmount file systems by using the zfs unmountsubcommand. The unmount command accepts either themount point or the file system name as an argument.

In the following example, a file system is unmounted byspecifying its file system name:

# zfs unmount tank/home/tabriz

In the following example, the file system is unmounted byspecifying its mount point:

# zfs unmount /export/home/tabriz

Sun Services


ZFS Web-Based Management

A web-based ZFS management tool is available to perform manyadministrative actions. You can access the ZFS Administrationconsole through a secure web browser at the following URL:

https://system-name:6789/zfs

If you type the appropriate URL and are unable to reach the ZFSAdministration console, the server might not be started. To startthe server, run the following command:

# /usr/sbin/smcwebserver start

If you want the server to run automatically when the systemboots, run the following command:

# /usr/sbin/smcwebserver enable

Sun Services


ZFS Snapshots

A snapshot is a read-only copy of a file system or volume.

Snapshots are created almost instantly, and initially consumeno additional disk space within the pool.

ZFS snapshots include the following features:

• Snapshots persist across system reboots.• The theoretical maximum number of snapshots is 264.• Snapshots use no separate backing store. Snapshots

consume disk space directly from the same storagepool as the file system from which they were created.

Sun Services


ZFS Snapshots (cont.)

Creating and Destroying ZFS Snapshots

You use the zfs snapshot command to create ZFSsnapshots. The zfs snapshot command takes the name ofthe snapshot to create as its only argument.

Snapshot names use the following format:

filesystem@snapnamevolume@snapname

The following example creates a snapshot of tank/home/ahrens that is named friday.

# zfs snapshot tank/home/ahrens@friday

Sun Services



Creating and Destroying ZFS Snapshots

Snapshots have no modifiable properties. Dataset propertiescannot be applied to a snapshot.

You use the zfs destroy command to destroy a ZFSsnapshot. For example:

# zfs destroy tank/home/ahrens@friday

A dataset cannot be destroyed if snapshots of the dataset exist.

In addition, if clones have been created from a snapshot, thenthey must be destroyed before the snapshot can be destroyed.

Sun Services



Renaming ZFS Snapshots

You can rename snapshots, but they must remain within thepool and dataset from which they were created. For example:

# zfs rename tank/home/cindys@031306 tank/home/cindys@today

Displaying and Accessing ZFS Snapshots

Snapshots of file systems are accessible in the .zfs/snapshot directory within the root of the containing filesystem. For example:

# ls /home/ahrens/.zfs/snapshottuesday wednesday thursday

Sun Services



Displaying and Accessing ZFS Snapshots (cont.)

You can list all snapshots as follows:

# zfs list -t snapshotNAME USED AVAIL REFER MOUNTPOINTpool/home/anne@monday 0 - 780K -pool/home/bob@monday 0 - 1.01M -<output omitted>

You can list snapshots that were created for a particular filesystem as follows:

# zfs list -r -t snapshot -o name,creation pool/homeNAME CREATIONpool/home/anne@monday Mon Mar 13 11:46 2006pool/home/bob@monday Mon Mar 13 11:46 2006

Sun Services


ZFS Snapshots

Snapshot Space Accounting

When you create a snapshot, its space is initially sharedbetween the snapshot and the file system, and possibly withprevious snapshots.

As the file system changes, space that was previously sharedbecomes unique to the snapshot, and thus is counted in thesnapshot’s used property.

Additionally, deleting snapshots can increase the amount ofspace unique to (and thus used by) other snapshots.

Sun Services



Rolling Back to a ZFS Snapshot

You can use the zfs rollback command to discard allchanges made since a specific snapshot.

Thezfs rollback command causes the file system to revertto its state at the time the snapshot was taken.

By default, the zfs rollback command cannot roll back toa snapshot other than the most recent snapshot.

To roll back to an earlier snapshot, you must destroy allintermediate snapshots. You can destroy more recentsnapshots by specifying the -r option.

Sun Services


ZFS Clones

A clone is a writable volume or file system whose initialcontents are the same as the snapshot from which it wascreated.

As with snapshots, creating a clone is nearly instantaneous,and initially consumes no additional disk space.

You can only create clones from a snapshot.

When you clone a snapshot, an implicit dependency is createdbetween the clone and snapshot.

A clone does not inherit properties from the dataset fromwhich it was created.

Sun Services


ZFS Clones (cont.)

Creating a ZFS Clone

To create a clone, use the zfs clone command. Specify thesnapshot from which to create the clone, and the name of thenew file system or volume.

The new file system or volume can be located anywhere in theZFS hierarchy within the same pool.

The following example creates a new clone named tank/home/ahrens/bug123, with the same initial contents asthe snapshot tank/ws/gate@yesterday.

# zfs snapshot tank/ws/gate@yesterday# zfs clone tank/ws/gate@yesterday tank/home/ahrens/bug123

Sun Services


ZFS Clones (cont.)

Destroying a ZFS Clone

You use the zfs destroy command to destroy ZFS clones.For example:

# zfs destroy tank/home/ahrens/bug123

Clones must be destroyed before the parent snapshot can bedestroyed.

Sun Services


ZFS Clones (cont.)

Replacing a ZFS File System With a ZFS Clone

You can use the zfs promote command to replace an activeZFS file system with a clone of that file system.

This feature facilitates the ability to clone and replace filesystems so that the ’origin’ file system become the clone of thespecified file system.

In addition, this feature makes it possible to destroy the filesystem from which the clone was originally created.

Without clone promotion, you cannot destroy a ’origin’ filesystem of active clones.

Sun Services


ZFS Clones (cont.)


In the following example, the tank/test/productA filesystem is cloned and then the clone file system, tank/test/productAbeta becomes the tank/test/productA filesystem.

# zfs create tank/test# zfs create tank/test/productA# zfs snapshot tank/test/productA@today# zfs clone tank/test/productA@today tank/test/productAbeta# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPOINTtank/test 314K 8.24G 25.5K /tank/testtank/test/productA 288K 8.24G 288K /tank/test/productAtank/test/productA@today 0 - 288K -tank/test/productAbeta 0 8.24G 288K /tank/test/productAbeta

Sun Services


ZFS Clones (cont.)

Replacing a ZFS File System With a ZFS Clone# zfs promote tank/test/productAbeta# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPOINTtank/test 316K 8.24G 27.5K /tank/testtank/test/productA 0 8.24G 288K /tank/test/productAtank/test/productAbeta 288K 8.24G 288K /tank/test/productAbetatank/test/productAbeta@today 0 - 288K -

Sun Services


ZFS Clones (cont.)


Complete the clone replacement process by renaming the filesystems. For example:

# zfs rename tank/test/productA tank/test/productAlegacy# zfs rename tank/test/productAbeta tank/test/productA# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPOINTtank/test 316K 8.24G 27.5K /tank/testtank/test/productA 288K 8.24G 288K /tank/test/productAtank/test/productA@today 0 - 288K -tank/test/productAlegacy 0 8.24G 288K /tank/test/productAlegacy

Sun Services


Using ZFS on a Solaris System With ZonesInstalled

You can associate ZFS datasets with non-global zones eitherby adding them to the zones, or delegating them to the zones.Typically you would associate ZFS file systems or volumeswith non-global zones.

For example, adding a file system to a non-global zone allowsthe non-global zone to share space with the global zone. As anadded dataset, the non-global zone administrator cannotcontrol properties of the file system, or create new ZFS filesystems below the added file system.

Sun Services


Using ZFS on a Solaris System With ZonesInstalled (cont.)

When you delegate a dataset to a non-global zone, you givecomplete control over the dataset and all its children to thezone administrator.

For example, if you delegate a file system to a non-globalzone, the zone administrator can create and destroy filesystems within that dataset, and modify their properties.

The zone administrator cannot affect datasets that have notbeen delegated to the zone, and cannot exceed any top-levelquotas set on the delegated dataset.

Sun Services



Adding ZFS File Systems to a Non-Global Zone

You can add a ZFS file system as a generic file system whenthe goal is solely to share space with the global zone. A ZFSfile system that is added to a non-global zone must have itsmountpoint property set to legacy.

You can add a ZFS file system to a non-global zone by usingthe add fs subcommand in zonecfg. For example:

zonecfg:zone1> add fszonecfg:zone1:fs> set type=zfszonecfg:zone1:fs> set special=tank/zone/zone1zonecfg:zone1:fs> set dir=/export/sharedzonecfg:zone1:fs> end

Sun Services



Delegating Datasets to a Non-Global Zone

If the primary goal is to delegate the administration of storageto a zone, then ZFS supports adding datasets to a non-globalzone through use of the add dataset subcommand inzonecfg. For example:

zonecfg:zone1> add datasetzonecfg:zone1:dataset> set name=tank/zone/zone1zonecfg:zone1:dataset> end

Sun Services



Delegating Datasets to a Non-Global Zone (cont.)

The zone administrator can set file system properties, andcreate new file systems below the delegated file system.

In addition, the zone administrator can take snapshots, createclones, and otherwise control the entire file system hierarchyfrom the delegated file system down.

Sun Services



Adding ZFS Volumes to a Non-Global Zone

You can add emulated volumes to a non-global zone by usingthe add device subcommand in zonecfg.

In the following example, a ZFS emulated volume is added toa non-global zone by the administrator in the global zone:

zonecfg:zone1> add devicezonecfg:zone1:device> set match=/dev/zvol/dsk/tank/volzonecfg:zone1:device> end

Sun Services



Using ZFS Storage Pools Within a Zone

You cannot create or modify ZFS storage pools from within anon-global zone.

The delegated administration model centralizes control ofphysical storage devices within the global zone, and control ofvirtual storage to non-global zones.

While a pool-level dataset can be added to a non-global zone,any command that modifies the physical characteristics of thepool, such as creating, adding, or removing devices, is notallowed from within a non-global zone.

Sun Services



Property Management Within a Non-Global Zone

Once a dataset is delegated to a zone, the zone administrator cancontrol specific dataset properties.

When a dataset is delegated to a zone, its ancestors are visible tozfs list in the non-global zone, but their content remainsinaccessible. The delegated dataset itself is writable, as are all itschildren.

The zone administrator cannot change the sharenfs property,because non-global zones cannot act as NFS servers.

Neither can the zone administrator change the zoned property.

Sun Services



Understanding the zoned Property

When a dataset is added to a non-global zone, the datasetmust be specially marked so that certain properties are notinterpreted within the context of the global zone.

Once a dataset has been added to a non-global zone under thecontrol of a zone administrator, its contents can no longer betrusted.

ZFS uses the zoned property to indicate that a dataset hasbeen delegated to a non-global zone at one point in time.

Sun Services




The zoned property is a boolean value that is automaticallyturned on when a zone containing a ZFS dataset is firstbooted.

If the zonedproperty is set, the dataset cannot be mounted orshared in the global zone.

When a dataset is removed from a zone or a zone is destroyed,the zoned property is not automatically cleared.

Sun Services




To prevent accidental security risks, the zonedproperty must bemanually cleared by the global administrator if you want toreuse the dataset in any way.

Before setting the zoned property to off, make sure that themountpoint property for the dataset and all its children are setto reasonable values and that no setuid binaries exist, or turn offthe setuid property.

Once you have verified that no security vulnerabilities are left,the zoned property can be turned off by using the zfs set orzfs inherit commands.

System Administration for the Solaris 10 Operating System Part 2

Documents

Transcript of System Administration for the Solaris 10 Operating System Part 2