Vous êtes sur la page 1sur 535

Sun Services

System Administration for the Solaris 10 Operating System, Part 2

SA-202-S10

System Administration for the Solaris 10 Operating System, Part 2

Copyright 2007 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California, 95054, U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Sun, Sun Microsystems, the Sun logo,Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, and UltraSPARC are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Suns licensees who implement OPEN LOOK GUIs and otherwise comply with Suns written license agreements. U.S. Government approval might be required when exporting the product. RESTRICTED RIGHTS: Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) and FAR 52.227-19(6/87), or DFAR 252.227-7015 (b)(6/95) and DFAR 227.7202-3(a). DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Copyright 2007 Sun Microsystems Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits rservs. Ce produit ou document est protg par un copyright et distribu avec des licences qui en restreignent lutilisation, la copie, la distribution, et la dcompilation. Aucune partie de ce produit ou document ne peut tre reproduite sous aucune forme, par quelque moyen que ce soit, sans lautorisation pralable et crite de Sun et de ses bailleurs de licence, sil y en a. Le logiciel dtenu par des tiers, et qui comprend la technologie relative aux polices de caractres, est protg par un copyright et licenci par des fournisseurs de Sun. Sun, Sun Microsystems, le logo Sun, Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, et UltraSPARC sont des marques de fabrique ou des marques dposes de Sun Microsystems, Inc. aux Etats-Unis et dans dautres pays. Toutes les marques SPARC sont utilises sous licence sont des marques de fabrique ou des marques dposes de SPARC International, Inc. aux Etats-Unis et dans dautres pays. Les produits portant les marques SPARC sont bass sur une architecture dveloppe par Sun Microsystems, Inc. UNIX est une marques dpose aux Etats-Unis et dans dautres pays et licencie exclusivement par X/Open Company, Ltd. Linterfaces dutilisation graphique OPEN LOOK et Sun a t dveloppe par Sun Microsystems, Inc. pour ses utilisateurs et licencis. Sun reconnat les efforts de pionniers de Xerox pour larecherche et le dveloppement du concept des interfaces dutilisation visuelle ou graphique pour lindustrie de linformatique. Sun dtient une licence non exclusive de Xerox sur linterface dutilisation graphique Xerox, cette licence couvrant galement les licencis de Sun qui mettent en place linterface dutilisation graphique OPEN LOOK et qui en outre se conforment aux licences crites de Sun. Laccord du gouvernement amricain est requis avant lexportation du produit. LA DOCUMENTATION EST FOURNIE EN LETAT ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A LAPTITUDE A UNE UTILISATION PARTICULIERE OU A LABSENCE DE CONTREFAON.

Course Contents
About This Course ...................................................................................... Preface-xv
Course Goals ..............................................................................................................................Preface-xvi Course Map ...............................................................................................................................Preface-xvii Topics Not Covered ............................................................................................................... Preface-xviii How Prepared Are You? ........................................................................................................Preface-xxiii Introductions ............................................................................................................................Preface-xxv

Describing Interface Configuration ........................................................................ 1-1


Objectives ................................................................................................................................................. 1-2 Controlling and Monitoring Network Interfaces ............................................................................... 1-3 Displaying the MAC Address ............................................................................................................... 1-4 Displaying the IP Address ..................................................................................................................... 1-6 Marking an Ethernet Interface as Down .............................................................................................. 1-7 Sending ICMP ECHO_REQUEST Packets .......................................................................................... 1-8 Capturing and Inspecting Network Packets ....................................................................................... 1-9 Configuring IPv4 Interfaces at Boot Time ......................................................................................... 1-11 The /etc/hostname.xxn File Entries and Corresponding Interfaces ......................................... 1-12 The /etc/inet/ipnodes File ............................................................................................................. 1-13 Changing the System Host Name ...................................................................................................... 1-14 The sys-unconfig Command ............................................................................................................ 1-15

Describing the Client-Server Model ....................................................................... 2-1


Objectives ................................................................................................................................................. 2-2 Introducing Client-Server Processes .................................................................................................... 2-3 Introducing Client Processes ................................................................................................................. 2-4 Introducing Server Processes ................................................................................................................ 2-5

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

iv

Sun Services
The Service Management Facility (SMF) ............................................................................................. 2-6 Services ..................................................................................................................................................... 2-8 Service and Instance Nodes ................................................................................................................... 2-9 Service Identifiers .................................................................................................................................. 2-10 Listing Service Information ................................................................................................................. 2-12 Service States ......................................................................................................................................... 2-13 Milestones .............................................................................................................................................. 2-14 The svc.startd Daemon .................................................................................................................... 2-17 The Service Configuration Repository ............................................................................................... 2-18 Starting Server Processes ..................................................................................................................... 2-19 The Impact of SMF on Network Services .......................................................................................... 2-20 Introducing Network Ports ................................................................................................................. 2-21 Starting Services That Use a Well-Known Port ................................................................................ 2-24 Requesting a Well-Known Service ..................................................................................................... 2-25 Starting RPC Services ........................................................................................................................... 2-26 Starting RPC Services at Boot Time .................................................................................................... 2-27 Starting RPC Services on Demand ..................................................................................................... 2-28 Requesting an RPC Address ............................................................................................................... 2-29 Using the rpcinfo Commands .......................................................................................................... 2-30 Deleting RPC Service Registration ..................................................................................................... 2-31

Introducing Sun Connection Services ................................................................... 3-1


Objectives ................................................................................................................................................. 3-2 Solaris 10 OS Patch Access Policy ......................................................................................................... 3-3 Introducing Sun Connection ................................................................................................................. 3-4 Administering Patches ........................................................................................................................... 3-5 Sun Connection Modes .......................................................................................................................... 3-6 Locally Managing Updates for Individual Systems .......................................................................... 3-7 Update Manager Client .......................................................................................................................... 3-9 The smpatch Command Line Interface ............................................................................................. 3-11

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Sun Services
Caching Patches With Update Manager's Proxy .............................................................................. 3-12 Sun Connection Hosted Web Application ........................................................................................ 3-13 Establishing a Sun Online Account .................................................................................................... 3-15 Obtain a Sun Service Plan .................................................................................................................... 3-16 Downloading and Installing the Update Manager Client Software .............................................. 3-17 Starting the Update Manager Client For the First Time .................................................................. 3-18 Registering Systems .............................................................................................................................. 3-19 Select Service Level ............................................................................................................................... 3-22 Registration Confirmation ................................................................................................................... 3-23 Registration Complete .......................................................................................................................... 3-24 Installing Updates With the Update Manager Client ...................................................................... 3-25 Setting Update Manager Client Preferences ..................................................................................... 3-28 Update Managers Proxy ..................................................................................................................... 3-29 Configuring the Update Managers Proxy ........................................................................................ 3-30 Configuring Clients to Use the Update Managers Proxy .............................................................. 3-31 Patch Administration From the CLI ................................................................................................... 3-33 Using the smpatch Command ............................................................................................................ 3-34 Phases for Applying Updates ............................................................................................................. 3-35 Command Examples ............................................................................................................................ 3-36 Configuring the Patch Management Environment .......................................................................... 3-39 Command Examples ............................................................................................................................ 3-40 Using the Update Policy for Applying Updates .............................................................................. 3-43 Example of Using the Update Policy ................................................................................................. 3-44

Managing Swap Configuration ............................................................................... 4-1


Objectives ................................................................................................................................................. 4-2 Introducing Virtual Memory ................................................................................................................. 4-3 Physical RAM .......................................................................................................................................... 4-4 Swap Space .............................................................................................................................................. 4-5 The swapfs File System ......................................................................................................................... 4-7

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

vi

Sun Services
Paging ....................................................................................................................................................... 4-8 Configuring Swap Space ........................................................................................................................ 4-9 Displaying the Current Swap Configuration .................................................................................... 4-10 Adding Swap Space .............................................................................................................................. 4-12 Removing Swap Space ......................................................................................................................... 4-14

Managing Crash Dumps and Core Files ................................................................ 5-1


Objectives ................................................................................................................................................. 5-2 Managing Crash Dump Behavior ......................................................................................................... 5-3 Crash Dump ............................................................................................................................................. 5-4 Displaying the Current Dump Configuration .................................................................................... 5-5 Changing the Crash Dump Configuration .......................................................................................... 5-6 Managing Core File Behavior ................................................................................................................ 5-7 Core Files .................................................................................................................................................. 5-8 Displaying the Current Core File Configuration ................................................................................ 5-9 Changing the Core File Configuration .............................................................................................. 5-11 Pattern Options for the coreadm Command ..................................................................................... 5-13 Pattern Options for the Global Core File Content ............................................................................ 5-14 Examples of the coreadm Command ................................................................................................. 5-16

Configuring NFS ....................................................................................................... 6-1


Objectives ................................................................................................................................................. 6-2 NFS Benefits ............................................................................................................................................. 6-3 NFS Distributed File System Fundamentals ....................................................................................... 6-5 NFS Version 4 (NFSv4) ........................................................................................................................... 6-8 Pseudo-File System ................................................................................................................................. 6-9 Strong Security ...................................................................................................................................... 6-10 Compound Procedures ........................................................................................................................ 6-11 Extended Attributes .............................................................................................................................. 6-12 File Handles ........................................................................................................................................... 6-13

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

vii

Sun Services
Delegation .............................................................................................................................................. 6-14 Configuring an NFS Server and Client .............................................................................................. 6-15 Managing an NFS Server ..................................................................................................................... 6-16 NFS Server Daemons ............................................................................................................................ 6-20 Managing the NFS Server Daemons .................................................................................................. 6-25 NFS Server Commands ........................................................................................................................ 6-27 Configuring the NFS Server for Sharing Resources ......................................................................... 6-28 Managing the NFS Client ..................................................................................................................... 6-32 NFS Client Daemons ............................................................................................................................ 6-34 Managing the NFS Client Daemons ................................................................................................... 6-35 NFS Client Commands ......................................................................................................................... 6-37 Configuring the NFS Client for Mounting Resources ..................................................................... 6-38 The mount Command Options ............................................................................................................ 6-42 Fundamentals of NFS Server Logging ............................................................................................... 6-43 Configuring NFS Log Paths ................................................................................................................ 6-44 Initiating NFS Logging ......................................................................................................................... 6-47 Managing NFS With the Solaris Management Console Storage Folder Tools ............................ 6-48

Configuring AutoFS ................................................................................................. 7-1


Objectives ................................................................................................................................................. 7-2 AutoFS Fundamentals ............................................................................................................................ 7-3 Using Automount Maps ........................................................................................................................ 7-7 Configuring the Master Map ................................................................................................................. 7-9 Identifying Mount Points for Special Maps ...................................................................................... 7-10 Using the /net Directory ..................................................................................................................... 7-11 Adding Direct Map Entries ................................................................................................................. 7-12 Adding Indirect Map Entries .............................................................................................................. 7-13 Updating the Automount Maps ......................................................................................................... 7-16 Stopping and Starting the Automount System ................................................................................. 7-17

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

viii

Sun Services
Describing RAID and the Solaris Volume Manager Software ........................... 8-1
Objectives ................................................................................................................................................. 8-2 Introducing RAID ................................................................................................................................... 8-3 RAID 0 ...................................................................................................................................................... 8-4 RAID 1 ...................................................................................................................................................... 8-6 RAID 0+1 .................................................................................................................................................. 8-7 RAID 1+0 .................................................................................................................................................. 8-8 Mirror Options ........................................................................................................................................ 8-9 Mirror Read Policies ............................................................................................................................. 8-10 Mirror Write Policies ............................................................................................................................ 8-11 RAID 5 .................................................................................................................................................... 8-12 Hardware Considerations ................................................................................................................... 8-16 Choosing Storage Mechanisms ........................................................................................................... 8-17 Optimizing Redundant Storage ......................................................................................................... 8-18 Introducing Solaris Volume Manager Software Concepts ............................................................. 8-19 Logical Volume ..................................................................................................................................... 8-20 Soft Partitions ........................................................................................................................................ 8-21 Introducing the State Database ........................................................................................................... 8-22

Configuring Solaris Volume Manager Software .................................................... 9-1


Objectives ................................................................................................................................................. 9-2 Solaris Volume Manager Concepts ...................................................................................................... 9-3 State Database Replicas .......................................................................................................................... 9-4 Creating the State Database ................................................................................................................... 9-6 Creating the State Database Using the Solaris Management Console ............................................ 9-7 Configuring RAID-0 ............................................................................................................................. 9-10 Creating a RAID-0 Volume Using the Command Line ................................................................... 9-11 Creating a RAID-0 Volume Using Solaris Management Console ................................................. 9-15 Configuring RAID-1 ............................................................................................................................. 9-20 Building a Mirror of the Root (/) File System ................................................................................... 9-22

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

ix

Sun Services
Configuring an x86-Based System for Mirrored Failover ............................................................... 9-31 Unmirroring the Root (/) File System ................................................................................................ 9-37

Configuring Role-Based Access Control (RBAC) ............................................... 10-1


Objectives ............................................................................................................................................... 10-2 RBAC Fundamentals ............................................................................................................................ 10-3 Key RBAC Files ..................................................................................................................................... 10-4 The user_attr File ............................................................................................................................... 10-5 Roles ........................................................................................................................................................ 10-6 Assigning Rights Profiles to Users ..................................................................................................... 10-7 The /etc/security/exec_attr File .............................................................................................. 10-11 Assigning Rights Profiles to Roles .................................................................................................... 10-13 Assigning Roles to Users ................................................................................................................... 10-17 Using Roles .......................................................................................................................................... 10-18 Authorizations ..................................................................................................................................... 10-19 Default Authorizations ....................................................................................................................... 10-20 Assigning Authorizations .................................................................................................................. 10-21 Assigning Authorizations to Roles ................................................................................................... 10-23 Assigning Authorizations to Rights Profiles .................................................................................. 10-25 RBAC Configuration File Summary ................................................................................................. 10-26 Managing RBAC Using the Solaris Management Console ........................................................... 10-28

Configuring System Messaging ........................................................................... 11-1


Objectives ............................................................................................................................................... 11-2 The syslog Concept ............................................................................................................................. 11-3 The /etc/syslog.conf File ............................................................................................................... 11-4 The syslogd Daemon and the m4 Macro Processor ........................................................................ 11-5 Configuring the /etc/syslog.conf File .......................................................................................... 11-8 Stopping and Starting the syslogd Daemon .................................................................................. 11-11 Configuring syslog Messaging ....................................................................................................... 11-12

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Sun Services
Monitoring a syslog File in Real Time ........................................................................................... 11-13 Using the Solaris Management Console Log Viewer .................................................................... 11-14

Using Name Services ............................................................................................. 12-1


Objectives ............................................................................................................................................... 12-2 Name Service Concept ......................................................................................................................... 12-3 Domain Name System (DNS) ............................................................................................................. 12-6 Network Information Service (NIS) ................................................................................................... 12-9 Network Information Service Plus (NIS+) ...................................................................................... 12-12 Lightweight Directory Access Protocol (LDAP) ............................................................................ 12-15 Name Service Switch File ................................................................................................................... 12-18 Configuring the Name Service Cache Daemon (nscd) ................................................................. 12-23 Retrieving Name Service Information ............................................................................................. 12-26

Configuring Name Service Clients ....................................................................... 13-1


Objectives ............................................................................................................................................... 13-2 Configuring a DNS Client ................................................................................................................... 13-3 Configuring the DNS Client During Installation ............................................................................. 13-4 Editing DNS Client Configuration Files ............................................................................................ 13-6 Setting Up an LDAP Client .................................................................................................................. 13-9 Client Authentication ......................................................................................................................... 13-10 Client Profile and Proxy Account ..................................................................................................... 13-12 Client Initialization ............................................................................................................................. 13-13 Configuring the LDAP Client During Installation ......................................................................... 13-14 Initializing the Native LDAP Client ................................................................................................. 13-15 Copying the /etc/nsswitch.ldap File to the /etc/nsswitch.conf File ............................. 13-16 Listing LDAP Entries .......................................................................................................................... 13-17 Unconfiguring an LDAP Client ........................................................................................................ 13-18

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

xi

Sun Services
Configuring the Network Information Service (NIS) ........................................... 14-1
Objectives ............................................................................................................................................... 14-2 NIS Fundamentals ................................................................................................................................ 14-3 NIS Namespace Information ............................................................................................................... 14-4 Map Contents and Sort Keys ............................................................................................................... 14-5 Commands to Read Maps .................................................................................................................... 14-6 NIS Domains .......................................................................................................................................... 14-7 NIS Master Server ................................................................................................................................. 14-8 NIS Slave Servers .................................................................................................................................. 14-9 NIS Clients ........................................................................................................................................... 14-10 NIS Processes ....................................................................................................................................... 14-11 Configuring the Name Service Switch ............................................................................................. 14-12 NIS Security ......................................................................................................................................... 14-13 Configuring an NIS Domain ............................................................................................................. 14-14 Generating NIS Maps ......................................................................................................................... 14-16 Locating Source Files .......................................................................................................................... 14-17 Converting ASCII Source Files Into NIS Maps ............................................................................... 14-19 Configuring the NIS Master Server .................................................................................................. 14-20 Testing the NIS Service ...................................................................................................................... 14-23 Configuring the NIS Client ................................................................................................................ 14-24 Configuring the NIS Slave Server ..................................................................................................... 14-26 Updating the NIS Map ....................................................................................................................... 14-29

Introduction to Zones ............................................................................................ 15-1


Objectives ............................................................................................................................................... 15-2 Solaris Zones .......................................................................................................................................... 15-3 Zone Features ........................................................................................................................................ 15-4 Zone Types ............................................................................................................................................. 15-5 Global Zones .......................................................................................................................................... 15-6 Non-Global Zones ................................................................................................................................. 15-8

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

xii

Sun Services
Zone Daemons ....................................................................................................................................... 15-9 Zone File Systems ............................................................................................................................... 15-11 Zone Networking ................................................................................................................................ 15-14 Zone States ........................................................................................................................................... 15-15 Configuring Zones .............................................................................................................................. 15-16 Identifying Zone Components .......................................................................................................... 15-17 Allocating File System Space ............................................................................................................. 15-18 Using the zonecfg Command .......................................................................................................... 15-19 The zonecfg Subcommands ............................................................................................................. 15-21 The zonecfg Resource Parameters .................................................................................................. 15-22 Zone Configuration Walk-Through ................................................................................................. 15-24 Viewing the Zone Configuration ...................................................................................................... 15-27 Using the zoneadm Command .......................................................................................................... 15-28 Installing Packages in Zones ............................................................................................................. 15-35

Introduction to the ZFS File System ..................................................................... 16-1


Objectives ............................................................................................................................................... 16-2 What Is Solaris ZFS? ............................................................................................................................. 16-3 What Is ZFS? .......................................................................................................................................... 16-4 ZFS Terminology ................................................................................................................................... 16-5 ZFS Component Naming Requirements ........................................................................................... 16-7 ZFS Hardware and Software Requirements and Recommendations ........................................... 16-9 Creating ZFS File Systems ................................................................................................................. 16-10 Components of a ZFS Storage Pool .................................................................................................. 16-11 Replication Features of a ZFS Storage Pool ..................................................................................... 16-17 Creating and Destroying ZFS Storage Pools ................................................................................... 16-25 Querying ZFS Storage Pool Status ................................................................................................... 16-31 Creating and Destroying ZFS File Systems ..................................................................................... 16-36 ZFS Properties ..................................................................................................................................... 16-41 Querying ZFS File System Information ........................................................................................... 16-50

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

xiii

Sun Services
Managing ZFS Properties .................................................................................................................. 16-53 Mounting ZFS File Systems ............................................................................................................... 16-58 ZFS Web-Based Management ........................................................................................................... 16-66 ZFS Snapshots ..................................................................................................................................... 16-67 ZFS Snapshots ..................................................................................................................................... 16-72 ZFS Clones ........................................................................................................................................... 16-74 Using ZFS on a Solaris System With Zones Installed .................................................................... 16-81

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

xiv

Sun Services

Preface
About This Course

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Course Goals
Upon completion of this course, you should be able to: Describe network basics Manage virtual le systems and core dumps Manage storage volumes Control access and congure system messaging Set up name services Perform advanced installation procedures

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xvi of xxv

Sun Services

Course Map
Describing Network Basics
Sun Connection Services

Describing Interface Configuration

Describing the Client-Server Model

Managing Virtual File Systems and Core Dumps


Managing Crash Dumps and Core Files

Managing Swap Configuration

Configuring NFS

Configuring AutoFS

Managing Storage Volumes V


Describing RAID and Solaris Volume Manager Software Configuring Solaris Volume Manager Software

Controlling Access and Configuring System Messaging


Configuring Role-Based Access Control (RBAC) Configuring System Messaging

Setting Up Name Services


Using Name Services Configuring the Network Information Service (NIS)

Configuring Name Service Clients

Configuring Virtualization
Introduction to Zones

Configuring ZFS

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xvii of xxv

Sun Services

Topics Not Covered


This course does not cover the following topics. Many of these topics are covered in other courses offered by Sun Services:

Basic UNIX commands Covered in SA-100-S10: UNIX Essentials Featuring the Solaris 10 Operating System The vi editor Covered in SA-100-S10: UNIX Essentials Featuring the Solaris 10 Operating System Basic UNIX file security Covered in SA-100-S10: UNIX Essentials Featuring the Solaris 10 Operating System Software package administration Covered in SA-200S10: Intermediate System Administration for the Solaris 10 Operating System
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xviii of xxv

Sun Services

Topics Not Covered


Patch maintenance Covered in SA-200-S10: Intermediate System Administration for the Solaris 10 Operating System Adding users using the Solaris Management Console software Covered in SA-200-S10: Intermediate System Administration for the Solaris 10 Operating System Basic system security Covered in SA-100-S10: UNIX Essentials Featuring the Solaris 10 Operating System Administering initialization files Covered in SA-200S10: Intermediate System Administration for the Solaris 10 Operating System

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xix of xxv

Sun Services

Topics Not Covered


Advanced file permissions Covered in SA-200-S10: Intermediate System Administration for the Solaris 10 Operating System Backup and recovery Covered in SA-200-S10: Intermediate System Administration for the Solaris 10 Operating System The lp print service and print commands Covered in SA-200-S10: Intermediate System Administration for the Solaris 10 Operating System Process control Covered in SA-200-S10: Intermediate System Administration for the Solaris 10 Operating System

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xx of xxv

Sun Services

Topics Not Covered


All the new features in Solaris 10 Covered in SA225S10: Solaris 10 for Experienced System Administrators Hardware or software troubleshooting Covered in ST-350: Sun Systems Fault Analysis Workshop System tuning Covered in SA-400: Enterprise System Performance Management Detailed shell programming Covered in SA-245: Shell Programming for System Administrators Detailed network administration concepts Covered in SA-300-S10: Network Administration for the Solaris 10 Operating System

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xxi of xxv

Sun Services

Topics Not Covered


Refer to the Sun Services catalog for specic information on course content and registration.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xxii of xxv

Sun Services

How Prepared Are You?


To be sure you are prepared to take this course, can you answer yes to the following questions? Can you install and boot the Solaris 10 Operating System (Solaris 10 OS) on a stand-alone workstation? Can you implement basic system security? Can you add users to the system using the Solaris Management Console software? Can you use the pkgadd command to add software packages?

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xxiii of xxv

Sun Services

How Prepared Are You?


Can you monitor and mount file systems? Can you manage disk devices and processes? Can you perform backups and restorations?

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xxiv of xxv

Sun Services

Introductions
Name Company affiliation Title, function, and job responsibility Experience related to topics presented in this course Reasons for enrolling in this course Expectations for this course

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Preface, slide xxv of xxv

Sun Services

Module 1
Describing Interface Configuration

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Control and monitor network interfaces Configure Internet Protocol Version 4 (IPv4) interfaces at boot time

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 2 of 17

Sun Services

Controlling and Monitoring Network Interfaces


Network commands, such as ifconfig, ping, and snoop, control and monitor the functionality of network interfaces.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 3 of 17

Sun Services

Displaying the MAC Address


The media access control (MAC) address is your computers unique hardware address. Two ways to display the MAC address or the Ethernet address are: Use the ifconfig -a command:
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:93:c9:af

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 4 of 17

Sun Services

Displaying the MAC Address (cont.)


Use the boot programmable read-only memory (PROM) banner command on SPARC-based systems:
ok banner Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), Keyboard Present OpenBoot 3.31 256 MB (60ns) memory installed, Serial #9685423. Ethernet address 8:0:20:93:c9:af, Host ID: 8093c9af.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 5 of 17

Sun Services

Displaying the IP Address


The ifconfig -a command displays the current conguration for the network interfaces.
# ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:93:c9:af

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 6 of 17

Sun Services

Marking an Ethernet Interface as Down


You can use the ifconfig command to mark an Ethernet interface as up or down.
# ifconfig nge0 down # ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:93:c9:af # ifconfig nge0 up # ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255 ether 8:0:20:93:c9:af

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 7 of 17

Sun Services

Sending ICMP ECHO_REQUEST Packets


To determine if you can contact another system over the network, enter the ping command:
# ping sys41 sys41 is alive

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 8 of 17

Sun Services

Capturing and Inspecting Network Packets


You can use the snoop utility to capture and inspect network packets to determine what kind of data is transferred between systems.
# snoop sys41 sys42 sys41 -> sys42 ICMP Echo request (ID: 615 Sequence number: 0) sys42 -> sys41 ICMP Echo reply (ID: 615 Sequence number: 0)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 9 of 17

Sun Services

Capturing and Inspecting Network Packets


Some additional snoop options include:
snoop snoop -V snoop -v snoop -o filename snoop -i filename snoop -d device Summary output Summary verbose output Detailed verbose output Redirects the snoop utility output to filename in summary mode Displays packets that were previously captured in filename Receive packets from a network interface specied by device

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 10 of 17

Sun Services

Conguring IPv4 Interfaces at Boot Time


Introducing IPv4 Interface Files Network interfaces in the Solaris OS are controlled by les and services. The svc:/network/physical:default service The /etc/hostname.xxn file The /etc/inet/hosts file The /etc/inet/ipnodes file

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 11 of 17

Sun Services

The /etc/hostname.xxn File Entries and Corresponding Interfaces


Entry
/etc/hostname.e1000g0 /etc/hostname.bge0 /etc/hostname.bge1 /etc/hostname.ce0 /etc/hostname.qfe0 /etc/hostname.hme0 /etc/hostname.eri0 /etc/hostname.nge0

Interface
First e1000g (Intel PRO/1000 Gigabit family device driver) Ethernet interface in the system First bge (Broadcom Gigabit Ethernet device driver) Ethernet interface in the system Second bge Ethernet interface in the system First ce (Cassini Gigabit-Ethernet device driver) Ethernet interface in the system First qfe (Quad Fast-Ethernet device driver) Ethernet interface in the system First hme (Fast-Ethernet device driver) Ethernet interface in the system First eri (eri Fast-Ethernet device driver) Ethernet interface in the system First nge (Nvidia Gigabit Ethernet driver) Ethernet interface in the system

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 12 of 17

Sun Services

The /etc/inet/ipnodes File


A local database that associates the names of nodes with their Internet Protocol (IP) addresses.
cat /etc/inet/ipnodes # # Internet host table # ::1 localhost 127.0.0.1 localhost 192.168.30.41 sys41 loghost

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 13 of 17

Sun Services

Changing the System Host Name


The host name of a system is contained in four les on the system. You must modify all of these les, and perform a reboot, to successfully change a systems host name. The les that contain the host name of a system are: The /etc/nodename file The /etc/hostname.xxn file The /etc/inet/hosts file The /etc/inet/ipnodes file

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 14 of 17

Sun Services

The sys-unconfig Command


You can use the /usr/sbin/sys-unconfig command to restore a systems conguration to an uncongured state, ready to be recongured again. The sys-unconfig command does the following: Saves the current /etc/inet/hosts file information in the /etc/inet/hosts.saved file. If the current /etc/vfstab file contains Network File System (NFS) mount entries, it saves the /etc/vfstab file to the /etc/vfstab.orig file. Restores the default /etc/inet/hosts file.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 15 of 17

Sun Services

The sys-unconfig Command


Removes the default host name in the /etc/hostname.xxn files for all configured interfaces. Removes the default domain name in the /etc/defaultdomain file. Restores the time zone to PST8PDT in the /etc/TIMEZONE file. Resets naming services to local files. Removes the /etc/inet/netmasks file. Removes the /etc/defaultrouter file. Removes the password set for the root user in the /etc/shadow file. Removes the /etc/.rootkey file for NIS+.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 16 of 17

Sun Services

The sys-unconfig Command


Executes all system configuration applications. These applications are defined by prior executions of a sysidconfig -a command. Removes the /etc/resolv.conf file for DNS clients. Disables Lightweight Directory Access Protocol (LDAP) by removing: The /var/ldap/ldap_client_cache le The /var/ldap/ldap_client_file le The /var/ldap/ldap_client_cred le The /var/ldap/cachemgr.log le Regenerates keys for the Secure Shell Daemon (sshd)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 1, slide 17 of 17

Sun Services

Module 2
Describing the Client-Server Model

Advanced System Administration for the Solaris 10 Operating System

Sun Services

Objectives
Describe client-server processes Start server processes

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 2 of 31

Sun Services

Introducing Client-Server Processes


The client-server model describes network services and the client programs of those services. One example of the client-server relationship is the name server and resolver model of the DNS. Another example of the client and server relationship is the NFS.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 3 of 31

Sun Services

Introducing Client Processes


The client is a host or a process that uses services from another host or program, known as a server.
File Server Name Server Print Server

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 4 of 31

Sun Services

Introducing Server Processes


The server is a host or a process that provides services to another program known as a client.

Client 1

Client 2 Print Server

Client 3 Storage Server

Client 4

Printer A

Printer B

Printer C

Storage Array 1

Storage Array 2

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 5 of 31

Sun Services

The Service Management Facility (SMF)


SMF provides a centralized conguration structure for managing system services and the interaction of a service with other services. SMF includes the following: A mechanism to establish and formalize dependency relationships between services. Information on procedures to start, stop, and restart services. A centralized repository for information on startup behavior and service status.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 6 of 31

Sun Services

The Service Management Facility (cont.)


A structured mechanism for Fault Management of system services. Detailed information about misconfigured services such as an explanation of why a service is not running. Individual log files for each service.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 7 of 31

Sun Services

Services
The fundamental unit of administration in SMF is the service. It provides a known list of capabilities to other local and remote services. Services are represented as instance nodes which are children of service nodes. One service might have many instances such as a Web server on multiple ports. Both service nodes and instance nodes can have properties. If an instance does not have property X, the service's property X is used.
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 8 of 31

Sun Services

Service and Instance Nodes

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 9 of 31

Sun Services

Service Identiers
The service identifier is in the form of a Fault Management Resource Identifier or FMRI. The FMRI indicates the type of service or category, and the name and instance of the service.
Service Category milestone device system system/security network application application/ management application/security site platform Description Synthetic service s for clean dependency statement General device services Services concerned with host-centric, nonnetworked capabilities Low-level host-centric services implementing security facilities Services concerned with host-centric, network infrastructure capabilities General software services Services implementing management facilities Services implementing high-level security facilities Services implementing site-specic software Services implementing platform-specic software
Module 2, slide 10 of 31

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Sun Services

Service Identiers (cont.)


FMRI examples:
svc:/system/filesystem/root:default lrc:/etc/rc3_d/S90samba

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 11 of 31

Sun Services

Listing Service Information


The svcs command to list the FMRIs and states:
# svcs STATE STIME FMRI legacy_run Feb_10 lrc:/etc/rc2_d/S10lu legacy_run Feb_10 lrc:/etc/rc2_d/S20sysetup legacy_run Feb_10 lrc:/etc/rc2_d/S90wbem legacy_run Feb_10 lrc:/etc/rc2_d/S99dtlogin legacy_run Feb_10 lrc:/etc/rc3_d/S81volmgt (output removed) online Feb_10 svc:/system/system-log:default online Feb_10 svc:/system/fmd:default online Feb_10 svc:/system/console-login:default online Feb_10 svc:/network/smtp:sendmail online Feb_10 svc:/milestone/multi-user:default online Feb_10 svc:/milestone/multi-user-server:default online Feb_10 svc:/system/zones:default offline Feb_10 svc:/application/print/ipp-listener:default offline Feb_10 svc:/application/print/rfc1179:default maintenance 10:24:15 svc:/network/rpc/spray:default

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 12 of 31

Sun Services

Service States
Service put in maintenance state Service disabled

UNINITALIZED Cant read config Administrator intervention Re-read config data Dependency not met or start failed MAINTENANCE OFFLINE Unresolvable error or thresholds reached Service shutdown, restart or disable Unresolvable error or thresholds reached Dependency met and service enabled ONLINE Service shutdown, restart or disable Start service Re-read config data

Service marked disabled Service enabled by admin DISABLED

Unresolvable error or thresholds reached

Refresh Partial failure of service or dependency

Dependencies staisfied and service is healthy DEGRADED

No improvement in service

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 13 of 31

Sun Services

Milestones
A milestone can be regarded as a system state to reach. This system state requires a dened set of services to be running. These services depend on other services being available. Currently there are six milestones: single-user multi-user multi-user-server network name-services sysconfig devices
Module 2, slide 14 of 31

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Sun Services

Milestones (cont.)
milestone

network

system

application

name-services

net-physical

filesystem

print

X11

/usr

/var

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 15 of 31

Sun Services

Milestones (cont.)
milestone multiuser /var/svc/manifest/milestone/ multi-user-server.xml dependency list

multi-user milestone /var/svc/manifest/milestone/ multi-user.xml

exec /sbin/rc3

dependency list

name-services milestone single-user milestone /var/svc/manifest/milestone/ single-user.xml filesystem /var/svc/manifest/system/ filesystem/local-fs.xml

dependency list

method

/lib/svc/method/fs-local

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 16 of 31

Sun Services

The svc.startd Daemon


The svc.startd is the daemon which is responsible for maintaining the system services. It is svc.startd which ensures that the system boots to the appropriate milestone. Currently the milestones that can be used at boot time are: none single-user multi-user multi-user-server all

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 17 of 31

Sun Services

The Service Conguration Repository


The repository database stores information about the state of each service instance. It also stores conguration information about the services and system. The disk-based database is /etc/svc/repository.db. This le can only be manipulated using the SMF interface utilities svccfg and svcprop. A corrupt repository can be repaired by booting the system to single user, and running the command:
# /lib/svc/bin/restore_repository

and following the instructions.


Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 18 of 31

Sun Services

Starting Server Processes


To start services for server processes, you must know which les to use for automatic service conguration. You must also know how to manually start the services. Introducing the Internet Service Daemon (inetd) The inetd daemon is a special network process that runs on each system and starts server processes that do not automatically start at boot time. The inetd daemon starts at boot time by svc.startd. There is a legacy conguration le for inetd, /etc/inet/ inetd.conf. Services listed in this le are imported into the Service Management Facility (SMF) by the inetconv command.
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 19 of 31

Sun Services

The Impact of SMF on Network Services


SMF has a major impact on network services in that each service can be independently enabled or disabled using the inetadm command. To disable the telnet facility:
# inetadm -d telnet # inetadm | grep telnet disabled disabled svc:/network/telnet:default

To enable the telnet facility:


# inetadm -e telnet # inetadm | grep telnet enabled online svc:/network/telnet:default

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 20 of 31

Sun Services

Introducing Network Ports


Network ports help transport protocols distinguish between multiple service requests arriving at a given host computer. There are two fundamental approaches to port assignments: Central authority All users must agree to allow the central authority to assign all port numbers. The central authority is responsible for publishing the list of port number assignments, called wellknown port assignments. Well-known port assignments dictate software requirements on a system.
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 21 of 31

Sun Services

Introducing Network Ports


Dynamic binding The ports are unknown to the client in advance. The system software dynamically assigns ports to the programs that require them. To obtain the current port assignments on any computer, the software generates a request to the target machine for the port number information. The target machine then responds with the port number. These port number assignments are considered ephemeral since assignments are short lived, only lasting until the system is rebooted.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 22 of 31

Sun Services

Introducing Network Ports


Well-known ports are stored in the /etc/inet/services le.
# grep telnet /etc/inet/services telnet 23/tcp

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 23 of 31

Sun Services

Starting Services That Use a Well-Known Port


Services following the central authority approach that use a well-known port includes: Services that start by default at system boot time Services that do not start automatically at boot, and must start on demand

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 24 of 31

Sun Services

Requesting a Well-Known Service


telnet sys42 sys41 (Client) inetd sys42 (Server)

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Time

23

telnet ...in.telnetd

nnnnn) nnnnn in.telnetd (port nnnnn) 5 nnnnn 8 23 6

in.telnetd 7 Traffic o raffic Tra fic on nnnnn

= port number n

Module 2, slide 25 of 31

Sun Services

Starting RPC Services


RPC services are services developed using a set of utilities developed by Sun Microsystems, Inc. While RPC services are assigned a unique program number by the programmer when they are written, the RPC services are not typically assigned to well-known ports. Types of RPC services that follow the dynamic binding approach include: Services that start by default at system boot time Services that do not start automatically at boot and must start on demand

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 26 of 31

Sun Services

Starting RPC Services at Boot Time


RPC services started at boot time with startup scripts run on available ports above 32768. The rpcbind process associates RPC program numbers with port numbers. The /lib/svc/method/rpc-bind startup script initializes the rpcbind service. The port number used by the rpcbind daemon is listed in the /etc/inet/services le. After the system starts up, the rpcbind daemon starts listening at port 111. To view the port number and protocol, perform the command:
# grep rpcbind /etc/services sunrpc 111/udp rpcbind sunrpc 111/tcp rpcbind

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 27 of 31

Sun Services

Starting RPC Services on Demand


Some rpcbind services start only on demand. The port numbers are registered with the rpcbind process during boot. When a client application requests a service, the rpcbind process returns the port number of the service to the client machine. The client machine generates a new request using the port number that it just received for the requested service.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 28 of 31

Sun Services

Requesting an RPC Address


rpcbind spray host2 inetd

Host 1 (Client)

Host 2 (Server)

Start rpcbind (port 111)

Time

111 nnnnn nnnnn spray/1... rpc.sprayd rpc.sprayd (port nnnnn) nnnnn 6 nnnnn

= port number n

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 29 of 31

Sun Services

Using the rpcinfo Commands


The rpcinfo command makes an RPC call to an RPC server, and reports what it nds. To list all the services registered with the rpcbind process, enter the rpcinfo command as follows:
rpcinfo -p [ host ] For example: # rpcinfo -p program vers proto 100000 4 tcp 100000 3 tcp 100000 2 tcp 100000 4 udp 100000 3 udp 100000 2 udp 100232 10 udp <output truncated>

port 111 111 111 111 111 111 32772

service rpcbind rpcbind rpcbind rpcbind rpcbind rpcbind sadmind

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 30 of 31

Sun Services

Deleting RPC Service Registration


To unregister the RPC service given a specied prognum (program number) and versnum (version number), perform the rpcinfo command:
rpcinfo -d prognum versnum For example: # rpcinfo -d 100012 1

The deleted RPC service that uses program number 100012 is sprayd. To register the sprayd service again, restart the inetd daemon as follows:
# svcadm disable svc:/network/rpc/spray:udp # svcadm enable svc:/network/rpc/spray:udp

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 2, slide 31 of 31

Sun Services

Module 3
Introducing Sun Connection Services

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Implement patch management using Sun Connection Services including the Update Manager client, the smpatch command line, and Sun Connection hosted Web application

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 2 of 47

Sun Services

Solaris 10 OS Patch Access Policy


The new Solaris 10 OS patch access policy: A service plan is not required for security, data integrity or hardware driver updates. A Sun Online Account is required for any patches obtained using the Sun Connection.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 3 of 47

Sun Services

Introducing Sun Connection


Sun Connection is a seamless architecture that provides: Notifications to let administrators Automated procedures Fast intelligent software dependency checks Optional local caching of updates A Web hosted service

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 4 of 47

Sun Services

Administering Patches
The Sun Connection tools include the following: Update Manager client graphical user interface (GUI) Sun Connection hosted Web application Update Manager client command-line interface (smpatch)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 5 of 47

Sun Services

Sun Connection Modes


Local management of individual systems using the Update Manager client or the smpatch CLI Remote and centralized management of multiple systems using the Sun Connection hosted Web application

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 6 of 47

Sun Services

Locally Managing Updates for Individual Systems


Maintain your own updates to the Solaris 10 OS by establishing a connection to Sun Connection. Sun Connection client software enables access to the Sun Connection servers hosted at Sun. Automatic notication Update Manager client application The smpatch command

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 7 of 47

Sun Services

Locally Managing Updates for Individual Systems (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 8 of 47

Sun Services

Update Manager Client


The Update Manager client is a successor to the Solaris Patch Manager application. PatchPro analysis engine A new user interface Users can: Analyze system to check for available updates View a list of updates currently available and applicable for the system View details about a specic update Install selected updates

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 9 of 47

Sun Services

Update Manager Client (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 10 of 47

Sun Services

The smpatch Command Line Interface


The smpatch command line interface (CLI) for Sun Connection is built into the Solaris 10 OS. The smpatch CLI enables you to: Analyze and produce a list of recommended patches for a system using the smpatch update command. Download one or more patches to a system using the smpatch download command. Add one or more patches to a system using smpatch add command. Back out unwanted patches using smpatch remove command.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 11 of 47

Sun Services

Caching Patches With Update Manager's Proxy

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 12 of 47

Sun Services

Sun Connection Hosted Web Application

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 13 of 47

Sun Services

Sun Connection Hosted Web Application (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 14 of 47

Sun Services

Establishing a Sun Online Account


A Sun Online Account is required for using the Sun Connection services regardless of the mode of connection you choose. There is no charge for establishing such an account. Start at:
http://www.sun.com/

Click on the My Account link.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 15 of 47

Sun Services

Obtain a Sun Service Plan


A Sun Service Plan is optional. Without one you will get security and hardware driver updates only. If you want all the other updates available contact your Sun Service Representative and subscribe to an appropriate service plan. Obtain a subscription key associated with that plan for use later when you install and register systems for Sun Connection functionality.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 16 of 47

Sun Services

Downloading and Installing the Update Manager Client Software


Solaris OS versions that precede the Solaris 10 1/06 release. Solaris 10 1/6 and later releases. The Update Manager client (1.0.4) download and installation: On SPARC-based systems
# smpatch update -i 121118-05

On x86-based systems:
# smpatch update -i 12119-05

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 17 of 47

Sun Services

Starting the Update Manager Client For the First Time


Click on the Java Desktop notication icon or run the # /usr/bin/updatemanager command.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 18 of 47

Sun Services

Registering Systems

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 19 of 47

Sun Services

Registering Systems (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 20 of 47

Sun Services

Registering Systems (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 21 of 47

Sun Services

Select Service Level

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 22 of 47

Sun Services

Registration Conrmation

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 23 of 47

Sun Services

Registration Complete

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 24 of 47

Sun Services

Installing Updates With the Update Manager Client

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 25 of 47

Sun Services

Installing Updates With the Update Manager Client (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 26 of 47

Sun Services

Installing Updates With the Update Manager Client (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 27 of 47

Sun Services

Setting Update Manager Client Preferences


The source of your updates. The Update Managers proxy hostname, IP address and authentication details. The directory where updates will be downloaded. (Default is /var/sadm/spool.) The backout data directory setting. New update available notification icon for your Java Desktop. Daily automatic update analysis.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 28 of 47

Sun Services

Update Managers Proxy


The Update Managers proxy minimizes the Internet traffic between your systems and the Sun update server. The Update Managers proxy obtains updates from its source of updates on a per-request basis. The proxy supports client systems that use the Sun Connection 1.0 software and the Sun Patch Manager 2.0 software.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 29 of 47

Sun Services

Conguring the Update Managers Proxy


Verify that required packages are on your system:
# pkginfo | grep SUNWpsvr system SUNWpsvrr Patch Server Deployment (Root) system SUNWpsvru Patch Server Deployment (Usr)

Set the network proxy for the Update Managers proxy:


# patchsvr setup -x network_proxy:port

Specify the next update server:


# patchsvr setup -p http://server-name:port/solaris/

Specify the default Sun update server:


# patchsvr setup -p https://getupdates1.sun.com/solaris/

Start the proxy server:


# patchsvr start

Configure the proxy server to start on subsequent system boots:


# patchsvr enable
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 30 of 47

Sun Services

Conguring Clients to Use the Update Managers Proxy


Install and start the Update Manager client software on the client by typing the following command:
# /usr/bin/updatemanager

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 31 of 47

Sun Services

Conguring Clients to Use the Update Managers Proxy (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 32 of 47

Sun Services

Patch Administration From the CLI


A Solaris OS update types include: Standard updates Recommended patches Update clusters An update is distributed as a directory that is identified by a unique number:
105050-01.jar

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 33 of 47

Sun Services

Using the smpatch Command


The smpatch command was available in two modes: Local mode Remote mode By default, smpatch runs in local mode. If you specify any of the remote or authentication options (except for -L), remote mode is used.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 34 of 47

Sun Services

Phases for Applying Updates


The full sequence involves these phases: Analyzing your system Downloading the necessary updates Applying the updates Phase control: The smpatch update command performs all three functions in one command. The smpatch analyze and smpatch update commands performs all three functions using two commands. The smpatch analyze, smpatch download, and smpatch add commands will perform all three functions using three commands.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 35 of 47

Sun Services

Command Examples
Analyze your local system and determine the appropriate, available updates for it.
# smpatch analyze > plist # vi plist ... 119397-06 SunOS 5.10: patch for North America region locales issues # patchadd -p | grep 119397

Download (but not apply) a new update.


# smpatch download -i 119397-06 119379-06 has been validated. # smpatch get | grep download patchpro.download.directory # cd /var/sadm/spool ; ls 119397-06.jar ...

/var/sadm/spool

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 36 of 47

Sun Services

Command Examples (cont.)


Install and verify an update.
# smpatch add -i 119397-06 add patch 119397-06 Patch 119397-06 has been successfully installed. # patchadd -p | grep 119397-06 Patch: 119397-06 Obsoletes: Requires: 121734-01 Incompatibles: Packages: SUNWnameos SUNWnamdt SUNWnamow # smpatch analyze | grep 119397-06

Remove an update.
# smpatch remove -i 119397-06 remove patch 119397-06 Transition old-style patching. Patch 119397-06 has been backed out. # smpatch analyze | grep 119397-06 119397-06 SunOS 5.10: patch for North America region locales issues

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 37 of 47

Sun Services

Command Examples (cont.)


Apply an update in one step.
# smpatch update -i 118815-05 118815-05 has been validated. Installing patches from /var/sadm/spool... 118815-05 has been applied. /var/sadm/spool/patchpro_dnld_2007.03.16@12:36:36:MST.txt has been moved to /var/sadm/spool/patchproSequester/ patchpro_dnld_2007.03.16@12:36:36:MST.txt

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 38 of 47

Sun Services

Conguring the Patch Management Environment


The smpatch get, smpatch set and smpatch unset commands are used to configure the patch management environment: smpatch get displays the current settings for environment parameters. smpatch set changes values for environment parameters. smpatch unset enables the default values for environment parameters.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 39 of 47

Sun Services

Command Examples
Display the current environment parameter values.
# smpatch get patchpro.backout.directory "" patchpro.baseline.directory /var/sadm/spool patchpro.download.directory /var/sadm/spool patchpro.install.types rebootafter:reconfigafter:standard patchpro.patch.source http://192.168.201.1:3816/solaris/ https:// getupdates1.sun.com/solaris/ patchpro.patchset current patchpro.proxy.host "" patchpro.proxy.passwd **** **** patchpro.proxy.port 8080 patchpro.proxy.user ""

Set a new value for the update source.


# smpatch set patchpro.patch.source=http://newproxy.apex.com:3816/solaris/ # smpatch get patchpro.backout.directory "" patchpro.baseline.directory /var/sadm/spool patchpro.download.directory /var/sadm/spool

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 40 of 47

Sun Services

Command Examples (cont.)


patchpro.install.types rebootafter:reconfigafter:standard patchpro.patch.source http://newproxy.apex.com:3816/solaris/ https:// getupdates1.sun.com/solaris/ patchpro.patchset current patchpro.proxy.host "" patchpro.proxy.passwd **** **** patchpro.proxy.port 8080 patchpro.proxy.user ""

Set the source of updates to a local or remote directory.


# smpatch set patchpro.patch.source=file:/net/sys-04/export/updates # smpatch set patchpro.patch.source=file:/local/updates # smpatch set patchpro.patch.source=file:/cdrom/cdrom0

Set the patchpro.patch.source parameter back to the default value.


# smpatch unset patchpro.patch.source # smpatch get patchpro.backout.directory patchpro.baseline.directory "" /var/sadm/spool

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 41 of 47

Sun Services

Command Examples (cont.)


patchpro.download.directory patchpro.install.types patchpro.patch.source patchpro.patchset patchpro.proxy.host patchpro.proxy.passwd patchpro.proxy.port patchpro.proxy.user **** /var/sadm/spool rebootafter:reconfigafter:standard https://getupdates1.sun.com/solaris/ current "" **** 8080 ""

Configure an update set which defines a subset of updates that commands will work with.
# smpatch set patchpro.patchset=recommended # smpatch analyze

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 42 of 47

Sun Services

Using the Update Policy for Applying Updates


The patchpro.install.types property defines the update policy in effect for the update management environment. Types of updates that are applied to the system: Standard updates that are applied immediately and require no system restart Updates that require a system restart Updates that must be manually applied

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 43 of 47

Sun Services

Example of Using the Update Policy


Not Using the smpatch update command
# smpatch analyze | grep wanboot 119681-06 SunOS 5.10: wanboot patch # patchadd -p | grep 119681 Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr # smpatch download -i 119681-06 119681-06 has been validated. # smpatch add -i 119681-06 add patch 119681-06 ... Validating patches... Loading patches installed on the system... Done! Loading patches requested to install. Done! Checking patches that you specified for installation. Done! Approved patches will be installed in this order: 119681-06 Patch 119681-06 has been successfully installed.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 44 of 47

Sun Services

Example of Using the Update Policy (cont.)


# patchadd -p | grep 119681 Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr Patch: 119681-06 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr # smpatch analyze | grep 119681-06 ## cd /var/sadm/spool ; ls 119681-06.jar cache patchpro_dnld_2006.02.13@10:10:29:MST.txt # cat *.txt This patch bundle was generated by PatchPro. Please refer to the README file within each patch for installation instructions. To properly patch your system, the following patches should be installed in the listed order: 1) 119681-06 !!! IMMEDIATE REBOOT !!!

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 45 of 47

Sun Services

Example of Using the Update Policy (cont.)


# cd /var/sadm/spool # jar xvf 119681-06.jar 119681-06/patchinfo inflated: 119681-06/patchinfo # grep PROP 119681-06/patchinfo PATCH_PROPERTIES='reconfigimmediate'

Using the smpatch update Command


# smpatch update -i 119681-06 119681-06 has been validated. Installing patches from /var/sadm/spool... NOTICE: Patch 119681-06 cannot be installed until the next system shutdown. /var/sadm/spool/patchpro_dnld_2006.02.15@06:02:43:MST.txt has been moved to /var/ sadm/spool/patchproSequester/patchpro_dnld_2006.02.15@06:02:43:MST.txt /var/sadm/spool/patchpro_dnld_2006.02.15@06:09:14:MST.txt has been moved to /var/ sadm/spool/patchproSequester/patchpro_dnld_2006.02.15@06:09:14:MST.txt

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 46 of 47

Sun Services

Example of Using the Update Policy (cont.)


Using the smpatch update Command (cont.)
ID's of the updates that are disallowed by installation policy have been written to file /var/sadm/spool/disallowed_patch_list One or more updates that you installed requires a system shutdown to activate it. To initiate the system shutdown, you must use one of the following commands: o Power down the system - init 0 or shutdown -i 0 o Drop to the firmware prompt - init 5 or shutdown -i 5 o Restart the system - init 6 or shutdown -i 6 # cat /var/sadm/spool/disallowed_patch_list 119681-06

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 3, slide 47 of 47

Sun Services

Module 4
Managing Swap Configuration

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Describe virtual memory Configure swap space

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 2 of 15

Sun Services

Introducing Virtual Memory


Virtual memory combines RAM and dedicated disk storage areas known as swap space. Virtual memory management software maps copies of les on disk to virtual addresses. Programs use these virtual addresses, rather than real addresses, to store instructions and data. Virtual memory makes it possible for the operating system (OS) to use a large range of memory.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 3 of 15

Sun Services

Physical RAM
When working with swap space, RAM is the most critical resource in your system. Virtual and physical addresses The Solaris 10 OS virtual memory management system maps the files on disk to virtual addresses in virtual memory. Anonymous memory pages Physical memory pages associated with a running process can contain private data or stack information that does not exist in any file system on disk. These are anonymous memory pages.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 4 of 15

Sun Services

Swap Space
Sometimes a process must give up some of its memory space allocation to another process. Anonymous memory pages are placed in a swap area, but unchanged le system pages are not. Swap slices The primary swap space on the system is a disk slice. In the Solaris 10 OS, the default location for the primary swap space is slice 1 of the boot disk which, by default, starts at cylinder 0. As additional swap space becomes necessary, you can configure additional swap slices.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 5 of 15

Sun Services

Swap Space (cont.)


Swap files It is also possible to provide additional swap space on a system by using swap files. Swap files are files that reside on a file system, and that have been created using the mkfile command. Swap files can be permanently included in the swap configuration by creating an entry for the swap file in the /etc/vfstab file.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 6 of 15

Sun Services

The swapfs File System


Swap space for any private data or stack space for the process must be reserved.

Swap Slice

Swap Space Swap File

RAM

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 7 of 15

Sun Services

Paging
The transfer of selected memory pages between RAM and the swap areas. Physical RAM is made available for other processes to use. Use the pagesize command to display the size of a memory page in bytes. On SPARC-based systems:
# pagesize 8192

On x86-based systems:
# pagesize 4096

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 8 of 15

Sun Services

Conguring Swap Space


The swap command provides a method of adding, deleting, and monitoring the swap areas used by the kernel. Swap area changes made from the command line are not permanent and are lost after a reboot. To create permanent additions to the swap space, create an entry in the /etc/vfstab le.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 9 of 15

Sun Services

Displaying the Current Swap Conguration


Allocated Memory paging affects the amount of memory allocated space

swap -s Total Swap Allocation

Reserved

Task activation affects the amount of memory reserved space

Available Arrow up: swap -d subtracts the amount of available swap space Arrow down: swap -a adds the amount of available swap space

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 10 of 15

Sun Services

Displaying the Current Swap Conguration


To view the current swap space allocation, complete the following steps: 1. List a summary of the systems virtual swap space.
# swap -s total: 41776k bytes allocated + 5312k reserved = 47088k used, 881536k available

2. List the details of the systems physical swap areas.


# swap -l swapfile dev /dev/dsk/c0t0d0s1 136,9 swaplo blocks free 16 1048304 1048304

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 11 of 15

Sun Services

Adding Swap Space


Use the following procedures to add additional swap space to your system. To add swap slices, use the swap -a command:
# swap -a /dev/dsk/c1t3d0s1

Edit the /etc/vfstab file and add a line similar to the following:
/dev/dsk/c1t3d0s1 - - swap - no -

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 12 of 15

Sun Services

Adding Swap Space


To add swap files, use the mkfile command to create the swap file. For example:
# mkfile 20m /usr/local/swap/swapfile

Add the swap file to the systems swap space.


# swap -a /usr/local/swap/swapfile

Add an entry for the swap file to the /etc/vfstab file.


/usr/local/swap/swapfile - - swap - no -

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 13 of 15

Sun Services

Removing Swap Space


If you no longer need the additional swap space, you can delete the swap space by removing any additional swap slices and swap les. Removing swap slices Delete a swap slice from the current swap configuration.
# swap -d /dev/dsk/c1t3d0s1

Edit the /etc/vfstab file, and remove the swap slice entry from the file.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 14 of 15

Sun Services

Removing Swap Space


Removing swap files Delete a swap file from the current swap configuration.
# swap -d /usr/local/swap/swapfile

Remove the file to free the disk space that it is occupying.


# rm /usr/local/swap/swapfile

Edit the /etc/vfstab file, and remove the swap file entry.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 4, slide 15 of 15

Sun Services

Module 5
Managing Crash Dumps and Core Files

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Manage crash dump behavior Manage core file behavior

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 2 of 19

Sun Services

Managing Crash Dump Behavior


If a fatal operating system error occurs, the operating system generates a crash dump by writing some of the contents of the physical memory to a predetermined dump device, which must be a local disk slice. You can congure the dump device by using the dumpadm command. After the operating system has written the crash dump to the dump device, the system reboots. The crash dump is saved for future analysis to help determine the cause of the fatal error.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 3 of 19

Sun Services

Crash Dump
When the operating system crashes, the savecore command is automatically executed during a boot. The savecore command places kernel core information in the /var/crash/nodename/vmcore.X file. The savecore command places name list information and symbol table information in the /var/crash/nodename/unix.X file. You can use the dumpadm command to congure the location of the dump device and the savecore directory.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 4 of 19

Sun Services

Displaying the Current Dump Conguration


To view the current dump conguration, use the dumpadm command without arguments.
# dumpadm Dump content: kernel pages Dump device: /dev/dsk/c0t0d0s1 (swap) Savecore directory: /var/crash/sys-02 Savecore enabled: yes

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 5 of 19

Sun Services

Changing the Crash Dump Conguration


The dumpadm command manages the conguration of the crash dump facility. The syntax of the dumpadm command is as follows:
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm | min%] [-s savecore-dir] [-r root-dir]

Use the dumpadm command to make all modications to the crash dump conguration, rather than attempting to edit the /etc/dumpadm.conf le manually.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 6 of 19

Sun Services

Managing Core File Behavior


When a process terminates abnormally, it typically produces a core le. You can use the coreadm command to specify the name or location of core les produced by abnormally terminating processes.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 7 of 19

Sun Services

Core Files
A core file is a disk copy of the address space of a process at a certain point in time. The operating system generates two possible copies of core files: The global core le The per-process core le

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 8 of 19

Sun Services

Displaying the Current Core File Conguration


You use the coreadm command without arguments to display the current conguration.
# coreadm global core file pattern: global core file content: default init core file pattern: core init core file content: default global core dumps: disabled per-process core dumps: enabled global setid core dumps: disabled per-process setid core dumps: disabled global core dump logging: disabled

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 9 of 19

Sun Services

Displaying the Current Core File Conguration


The /etc/coreadm.conf le lists the same parameters that are displayed by coreadm.
# cat /etc/coreadm.conf
# # coreadm.conf # # Parameters for system core file configuration. # Do NOT edit this file by hand -- use coreadm(1) instead. # COREADM_GLOB_PATTERN= COREADM_GLOB_CONTENT=default COREADM_INIT_PATTERN=core COREADM_INIT_CONTENT=default COREADM_GLOB_ENABLED=no COREADM_PROC_ENABLED=yes COREADM_GLOB_SETID_ENABLED=no COREADM_PROC_SETID_ENABLED=no COREADM_GLOB_LOG_ENABLED=no

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 10 of 19

Sun Services

Changing the Core File Conguration


The coreadm command allows you to control how core files are generated. For example, you can use the coreadm command to configure a system so that all process core files are placed in a single directory. You can separately enable or disable two configurable core file paths: per-process and global.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 11 of 19

Sun Services

Changing the Core File Conguration


All users can run the coreadm command with the -p option to specify the file name pattern to use for per-process core files.
coreadm [-p pattern] [pid...]

The root user can use the following coreadm command options to configure system-wide core file options.
coreadm [-g pattern] [-G content] [-i pattern] [-I [-d option...] [-e option...] content]

Pattern options determine how core files are named. Content options determine the content of global core files.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 12 of 19

Sun Services

Pattern Options for the coreadm Command


%p - PID %u - Effective user ID (EUID) %g - Effective group ID (EGID) %f - Executable file name %n - System node name (uname -n) %m - Machine hardware name (uname -m) %t - The time in seconds since midnight January 1, 1970 %d - Executable file directory/name %z - Zonename %% - Literal %

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 13 of 19

Sun Services

Pattern Options for the Global Core File Content


anon Anonymous private mappings, including thread stacks that are not main thread stacks ctf CTF type information sections for loaded object files data Writable private file mappings dism DISM mappings heap Process heap ism ISM mappings

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 14 of 19

Sun Services

Pattern Options for the Global Core File Content


rodata Read-only private file mappings shanon Anonymous shared mappings shfile Shared mappings that are backed by files shm System V shared memory stack Process stack symtab Symbol table sections for loaded object text Readable and executable private file mappings

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 15 of 19

Sun Services

Examples of the coreadm Command


Example 1 Setting the core file name pattern as a regular user When executed from a users $HOME/.profile or $HOME/.login file, the following entry sets the core file name pattern for all processes run during the login session: # coreadm -p core.%f.%p $$

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 16 of 19

Sun Services

Examples of the coreadm Command


Example 2 Dumping a users core files into a subdirectory The following command places all of the users core files into the corefiles subdirectory of the users home directory, differentiated by the system node name. $ coreadm -p $HOME/corefiles/%n.%f.%p $$

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 17 of 19

Sun Services

Examples of the coreadm Command


Example 3 Enabling and setting the core file global name pattern The following is an example of setting system-wide parameters that add the executable file name and PID to the name of any core file that is created: # coreadm -g /var/core/core.%f.%p -e global

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 18 of 19

Sun Services

Examples of the coreadm Command


Example 4 Checking the core file configuration for specific PIDs Running the coreadm command with a list of PIDs reports each processs per-process core file name pattern, for example:
# coreadm 228 507 228: core default 507: /usr/local/swap/corefiles/%n.%f.%p default

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 5, slide 19 of 19

Sun Services

Module 6
Configuring NFS

Advanced System Administration for the Solaris 10 Operating System

Sun Services

Objectives
Describe the benefits of NFS Describe the fundamentals of the NFS distributed file system Manage an NFS server Manage an NFS client Enable the NFS server logging Manage NFS with the Solaris Management Console storage folder tools Troubleshoot NFS errors

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 2 of 48

Sun Services

NFS Benets
The NFS service enables computers of different architectures running different operating systems to share le systems across a network. You can implement the NFS environment on different operating systems (OS) because NFS denes an abstract model of a le system. NFS le system operations, such as reading and writing, work as if they were accessing a local le.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 3 of 48

Sun Services

NFS Benets
The benets of the NFS service are as follows: Allows multiple computers to use the same files, because all users on the network can access the same data Reduces storage costs by sharing applications on computers instead of allocating local disk space for each user application Provides data consistency and reliability, because all users can read the same set of files Supports heterogeneous environments, including those found on a personal computer (PC) Reduces system administration overhead
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 4 of 48

Sun Services

NFS Distributed File System Fundamentals


The NFS environment contains the following components: NFS server NFS client The Solaris 10 OS supports versions 2, 3, and 4 NFS simultaneously. The default is to use NFSv4. Version-related checks are applied whenever a client host attempts to access a servers le share.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 5 of 48

Sun Services

NFS Distributed File System Fundamentals (cont.)


NFS server
NFS Server (Host 1) NFS Client (Host 2) / NFS server shares disk storage with NFS client. /

export

opt

rdbms

rdbms

Shared Directories and Disk Storage

bin

lib

share

Host1# share /export/rdbms

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 6 of 48

Sun Services

NFS Distributed File System Fundamentals (cont.)


NFS client
NFS Server (Host 1) NFS Client (Host 2) / NFS server shares disk storage with NFS client. /

export

opt

rdbms

rdbms

Shared Directories and Disk Storage

bin

lib

share

Host2# mount Host1:/export/rdbms /opt/rdbms

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 7 of 48

Sun Services

NFS Version 4 (NFSv4)


Stateful connections Single protocol Improved Firewall Support Pseudo file systems Strong security Extended attributes Delegation

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 8 of 48

Sun Services

Pseudo-File System
Server exports: /export_fs/local /export_fs/projects/nfs4 Server file systems: / /export_fs Exported directories

Server file systems:

Client view of servers export_fs dir:

export_fs

export_fs

local

projects

payroll

local

projects

nfs4x

nfs4

nfs4

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 9 of 48

Sun Services

Strong Security
Remote Procedure Call (RPC) implementation of the General Security Service framework (GSS) New security flavor RPCSEC_GSS Used with Sun Enterprise Authentication Mechanism (SEAM) software Other GSS_API applications

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 10 of 48

Sun Services

Compound Procedures
NFS version 3
-> LOOKUP "export" <- OK ->LOOKUP "testdata" <- OK -> ACCESS "testdata" <- OK -> READ "testdata" <- OK (sends data)

NFS version 4
->OPEN "export/testdata" READ <- OPEN OK READ OK (sends data)

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 11 of 48

Sun Services

Extended Attributes
Mandatory Minimal level of operation Recommended Operating environment dependent Named Byte string, data associated with files or file system

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 12 of 48

Sun Services

File Handles
File handles are created on the server and contain information that uniquely identifies files and directories. NFS version 4 protocol permits a server to declare that its file handles are volatile. Clients must support volatile file handles if the server uses them. Upon file handle expiration, the client: Flushes the cached information that refers to that le handle. Searches for that le's new le handle. Retries the operation.
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 13 of 48

Sun Services

Delegation
The server delegates the management of a file to a client. The server alone decides whether to grant a delegation. The new nfs4cbd (1M) daemon is used for callback. The server sends callback to get the updated state of the file and to revoke the delegation. Different NFS client versions behave differently when a conflict occurs. Delegation is enabled by default.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 14 of 48

Sun Services

Conguring an NFS Server and Client


nfs(4) configuration file: /etc/default/nfs Enabling NFS versions on server: NFS_SERVER_VERSMIN=num NFS_SERVER_VERSMAX=num Enabling NFS versions on client: NFS_CLIENT_VERSMIN=num NFS_CLIENT_VERSMAX=num num=version 2, 3 or 4 Other options in nfs(4)

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 15 of 48

Sun Services

Managing an NFS Server


NFS server files You need several files to support NFS server activities on any computer. /etc/dfs/dfstab /etc/dfs/sharetab /etc/dfs/fstypes /etc/rmtab /etc/nfs/nfslog.conf /etc/default/nfslogd /etc/default/nfs

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 16 of 48

Sun Services

Managing an NFS Server


The /etc/dfs/dfstab file The /etc/dfs/dfstab file contains the commands that share local directories. Each line of the dfstab file consists of a share command.
# cat /etc/dfs/dfstab (output omitted) # the very first entry to this file. # # share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource] # .e.g, # share -F nfs -o rw=engineering -d "home dirs" /export/home2 share -F nfs -o ro -d "Shared data files" /usr/local/data share -F nfs -o rw,root=sys-01 -d "Database files" /rdbms_files

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 17 of 48

Sun Services

Managing an NFS Server


The /etc/dfs/sharetab file The /etc/dfs/sharetab file contains a table of local resources currently being shared.
# cat /etc/dfs/sharetab /usr/local/data - nfs ro Shared data files /rdbms_files - nfs ro,root=sys01 Database files

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 18 of 48

Sun Services

Managing an NFS Server


The /etc/rmtab file The /etc/rmtab file contains a table of file systems remotely mounted by NFS clients.
# cat /etc/rmtab sys-03:/usr/local/data sys-02:/export/config ...

The /etc/default/nfs file The /etc/default/nfs file lists parameters that can be set for NFS daemon and NFS protocols.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 19 of 48

Sun Services

NFS Server Daemons


To start the NFS server daemons, enable the svc:/network/nfs/server service.
# svcadm -v enable nfs/server svc:/network/nfs/server:default enabled.

If a system has entries in its /etc/dfs/dfstab le, the NFS server daemons start when the system enters the multi-user-server milestone.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 20 of 48

Sun Services

NFS Server Daemons


mountd nfsd statd lockd nfslogd nfsmapid

In NFSv4, the features provided by the mountd and lockd daemons are integrated into the NFSv4 protocol.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 21 of 48

Sun Services

NFS Server Daemons


The mountd daemon The mountd daemon handles NFS file system mount requests from remote systems and provides access control. The mountd daemon determines if a particular directory is being shared, and if the requesting client has permission to access it. The nfsd daemon When a client process attempts to access a remote file resource, the nfsd daemon on the NFS server receives the request and the resources file handle, and then performs the requested operation.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 22 of 48

Sun Services

NFS Server Daemons


The statd daemon The statd daemon works with the lock manager lockd daemon to provide crash recovery functions for the lock manager. The lockd daemon The lockd daemon supports record-locking operations for NFS files. The nfslogd daemon The nfslogd daemon provides operational logging for an NFS server.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 23 of 48

Sun Services

NFS Server Daemons


The nfsmapid daemon The nfsmapid daemon is implemented in NFSv4. The nfsmapid daemon maps owner and group identification that both the NFSv4 client and server use. The nfsmapid daemon is started by the svc:/network/nfs/mapid service.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 24 of 48

Sun Services

Managing the NFS Server Daemons


The NFS daemons start conditionally when the system transitions through run levels, or they start manually when enabling the svc:/network/nfs/server service. The svcs command can be used to show the dependencies of the nfs/server service.
# svcs | grep nfs online 15:35:24 svc:/network/nfs/client:default online 15:35:29 svc:/network/nfs/status:default ... # svcs -l nfs/server fmri svc:/network/nfs/server:default name NFS server ...

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 25 of 48

Sun Services

Managing the NFS Server Daemons


Starting and stopping the NFS server daemons To start the NFS server daemons manually, place an entry in the /etc/dfs/dfstab file and perform the following command:
# svcadm enable svc:/network/nfs/server

To stop the NFS server daemons manually, perform the following command:
# svcadm disable svc:/network/nfs/server

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 26 of 48

Sun Services

NFS Server Commands


share unshare shareall unshareall dfshares dfmounts

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 27 of 48

Sun Services

Conguring the NFS Server for Sharing Resources


When the NFS server daemons are running, you can use the share command to make le resources available. For example, to share the /usr/local/data directory as a read-only shared resource, perform the following command:
# share -o ro /usr/local/data

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 28 of 48

Sun Services

Conguring the NFS Server for Sharing Resources


The share command options: ro rw root=access-list ro=access-list rw=access-list anon=n

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 29 of 48

Sun Services

Conguring the NFS Server for Sharing Resources


Making file resources unavailable for mounting Use the unshare command to make file resources unavailable for mount operations. For example, to make the /usr/local/data directory unavailable for client-side mount operations, perform the following command:
# unshare /usr/local/data

Displaying currently shared NFS resources The dfshares command displays currently shared NFS resources.
# dfshares RESOURCE sys-02:/usr/local/data
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

SERVER ACCESS TRANSPORT sys-02 - Module 6, slide 30 of 48

Sun Services

Conguring the NFS Server for Sharing Resources


Displaying NFS mounted resources The dfmounts command displays remotely mounted NFS resource information.
# dfmounts RESOURCE SERVER sys-02 PATHNAME CLIENTS /usr/local/data sys-03

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 31 of 48

Sun Services

Managing the NFS Client


NFS client files You need several files to support NFS client activities on any computer. /etc/vfstab /etc/mnttab /etc/dfs/fstypes /etc/default/nfs

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 32 of 48

Sun Services

Managing the NFS Client


The /etc/vfstab file To mount remote file resources at boot time, enter the appropriate entries in the clients /etc/vfstab file. For example:
sys-02:/usr/local/data - /usr/remote_data nfs - yes soft,bg

The /etc/mnttab file The /etc/mnttab file system provides read-only access to the table of mounted file systems for the current host. Mounting a file system adds an entry to the /etc/mnttab file.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 33 of 48

Sun Services

NFS Client Daemons


The NFS client daemons are started using the svc:/network/nfs/client service. statd lockd nfs4cbd

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 34 of 48

Sun Services

Managing the NFS Client Daemons


Two NFS daemons, the statd daemon and the lockd daemon, run both on the NFS servers and the NFS clients. These daemons start automatically when a system enters the network milestone.
# svcs -D milestone/network STATE STIME FMRI disabled 15:34:35 svc:/network/dns/client:default disabled 15:34:37 svc:/network/nfs/cbd:default (output omitted) online 16:31:18 svc:/network/nfs/nlockmgr:default online 16:33:12 svc:/network/nfs/status:default

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 35 of 48

Sun Services

Managing the NFS Client Daemons


The lockd daemon is started by the SMF service nfs/nlockmgr.
# svcadm -v enable nfs/nlockmgr svc:/network/nfs/nlockmgr:default enabled.

The statd daemon is started by the SMF service nfs/status.


# svcadm -v enable nfs/status svc:/network/nfs/status:default enabled.

To manually restart these daemons, perform the following commands:


# svcadm -v restart nfs/status Action restart set for svc:/network/nfs/status:default. # svcadm -v restart nfs/nlockmgr Action restart set for svc:/network/nfs/nlockmgr:default. #

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 36 of 48

Sun Services

NFS Client Commands


dfshares mount umount mountall umountall

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 37 of 48

Sun Services

Conguring the NFS Client for Mounting Resources


Displaying a servers available resources You can use the dfshares command to list resources made available by an NFS server.
# dfshares sys-02 RESOURCE SERVER ACCESS TRANSPORT sys-02:/usr/local/data sys-02 - ...

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 38 of 48

Sun Services

Conguring the NFS Client for Mounting Resources


Accessing the remote file resource Use the /usr/sbin/mount command to attach a local or remote file resource to the local file system hierarchy. For example:
# mount sys-02:/rdbms_files /rdbms_files

When mounting a read-only remote resource, you can specify a comma-separated list of sources for the remote resource, which are then used as a list of failover resources.
# mount -o ro sys-45,sys-43,sys-41:/multi_homed_data / remote_shared_data

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 39 of 48

Sun Services

Conguring the NFS Client for Mounting Resources


Unmounting the remote file resources from the client Use the umount command to detach local and remote file resources from the file system hierarchy.
# umount /rdbms_files

Mounting all file resources The /usr/sbin/mountall command mounts all file resources listed in the /etc/vfstab file with a mount at boot value of yes. To limit the action of this command to remote file resources, use the -r option.
# mountall -r

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 40 of 48

Sun Services

Conguring the NFS Client for Mounting Resources


Unmounting all currently mounted file resources Use the umountall command with the -r option to restrict unmounting to only remote file systems.
# umountall -r

Mounting remote resources at boot time To mount a remote file resource at boot time, create an appropriate entry in the clients /etc/vfstab file. For example:
sys-02:/usr/local/data - /usr/remote_data nfs - yes soft,bg

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 41 of 48

Sun Services

The mount Command Options


rw|ro bg|fg soft|hard intr|nointr suid|nosuid timeo=n retry=n retrans=n

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 42 of 48

Sun Services

Fundamentals of NFS Server Logging


The NFS server logging feature records NFS transactions. The nfslogd daemon provides operational logging. When you enable NFS server logging, the NFS kernel module writes records of all NFS operations on the le system into a buffer le. The nfslogd Daemon The nfslogd daemon converts the raw data from the logging operation into ASCII records, and stores the raw data in ASCII log les.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 43 of 48

Sun Services

Conguring NFS Log Paths


The /etc/nfs/nfslog.conf le denes the path, le names, and type of logging that the nfslogd daemon must use. A tag corresponds to each denition. To congure NFS server logging, identify or create the tag entries for each of the servers shared resources. The global tag denes default values.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 44 of 48

Sun Services

Conguring NFS Log Paths


Tagged entries in /etc/nfs/nfslog.conf use the following format:
<tag> [ defaultdir=<dir_path> ] \ [ log=<logfile_path> ] [ fhtable=<table_path> ] \ [ buffer=<bufferfile_path> ] [ logformat=basic|extended ]

For example:
global defaultdir=/var/nfs \ log=nfslog fhtable=fhtable buffer=nfslog_workbuffer

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 45 of 48

Sun Services

Conguring NFS Log Paths


Use the following parameters with each tag, as required: defaultdir=dir_path log=logfile_path fhtable=table_path buffer=bufferfile_path logformat=basic|extended

Create any directories you specify in /etc/nfs/nfslog.conf before starting NFS server logging.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 46 of 48

Sun Services

Initiating NFS Logging


To initiate NFS server logging, complete the following steps: 1. Become superuser. 2. Optional: Change the configuration settings in the /etc/nfs/nfslog.conf file. 3. Share the file system for which you want to enable logging, adding the -o log option, or the log=tag option. Example:
share -F nfs -o log /export/sys44_data

4. Check that the NFS service is running on the server. 5. Run the share command to verify that the correct options are listed for the directory you shared.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 47 of 48

Sun Services

Managing NFS With the Solaris Management Console Storage Folder Tools
You can manage the NFS system by using components of the storage folder tools from the default tool box of the Solaris Management Console. The Mounts and Shares tool lets you view, create, and manage several types of mounts and shares.

Advanced System Administration for the Solaris 10 Operating System


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 6, slide 48 of 48

Sun Services

Module 7
Configuring AutoFS

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Describe the fundamentals of the AutoFS file system Use automount maps

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 2 of 17

Sun Services

AutoFS Fundamentals
AutoFS is a le system mechanism that provides automatic mounting using the NFS protocol. AutoFS is a client-side service. The AutoFS service mounts and unmounts le systems as required without any user intervention. The automount facility contains three components: The AutoFS file system The automountd daemon The automount command

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 3 of 17

Sun Services

AutoFS Fundamentals
RAM
AutoFS

automount -v
Automount Maps

automountd

Master map Direct map Indirect map Special map

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 4 of 17

Sun Services

AutoFS Fundamentals
AutoFS file system An AutoFS file systems mount points are defined in the automount maps on the client system. After the AutoFS mount points are set up, activity under the mount points can trigger file systems to be mounted under the mount points. If a mount request is made for an AutoFS resource not currently mounted, the AutoFS service calls the automountd daemon, which mounts the requested resource.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 5 of 17

Sun Services

AutoFS Fundamentals
The automountd daemon The /lib/svc/method/svc-autofs script starts the automountd daemon. The automountd daemon mounts file systems on demand and unmounts idle mount points. The automount command The automount command, called at system startup time, reads the master map to create the initial set of AutoFS mounts. These AutoFS mounts are not automatically mounted at startup time, they are the points under which file systems are mounted on demand.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 6 of 17

Sun Services

Using Automount Maps


The following lists the AutoFS map types: Master map Direct map Indirect map Special

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 7 of 17

Sun Services

Using Automount Maps (cont.)


NFS Client "venues"

etc

auto_master /net /home /auto_direct /opt/moreapps pluto: /export/opt/apps -hosts auto_home auto_direct [options] [options] [options]

auto_home Ernie mars:/export/home/ernie Mary mars:/export/home/mary

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 8 of 17

Sun Services

Conguring the Master Map


The auto_master map associates a directory, also called a mount point, with a map. The auto_master map is a master list specifying all the maps that the AutoFS service should check. The following example shows an /etc/auto_master le.
# cat /etc/auto_master # Master map for automounter # +auto_master /net -hosts -nosuid,nobrowse /home auto_home -nobrowse

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 9 of 17

Sun Services

Identifying Mount Points for Special Maps


There are two mount point entries listed in the default /etc/auto_master le.
/net /home -hosts -nosuid,nobrowse auto_home -nobrowse

The -hosts map provides access to all resources shared by NFS servers. The auto_home map provides the mechanism to allow users to access their centrally located $HOME directories.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 10 of 17

Sun Services

Using the /net Directory


Shared resources associated with the hosts map entry are mounted below the /net/hostname directory. For example, a shared resource named /documentation on host sys42 is mounted by the command:
# cd /net/sys42/documentation

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 11 of 17

Sun Services

Adding Direct Map Entries


A /- entry in the master map denes a mount point for a direct map.
/auto_direct -ro

Creating a Direct Map Direct maps specify the absolute path name of the mount point, the specic options for this mount, and the shared resource to mount. For example:
# cat /etc/auto_direct # Superuser-created direct map for automounter # /apps/frame -ro,soft server1:/export/framemaker,v6.0 /opt/local -ro,soft server2:/export/unbundled /usr/share/man -ro,soft server3,server4,server5:/usr/share/man

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 12 of 17

Sun Services

Adding Indirect Map Entries


Indirect maps obtain the initial path of the mount point from the master map. For example, the /home entry in the master map denes the base for mount points listed in the indirect map called auto_home.
/home auto_home -nobrowse

Creating an indirect map Entries in an indirect map list the remainder of the preferred mount point, and the resource to mount. For example:
stevenu host5:/export/home/stevenu johnnyd host6:/export/home/johnnyd

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 13 of 17

Sun Services

Adding Indirect Map Entries (cont.)


Reducing the auto_home map to a single line In this example, the use of substitution characters within auto_home specifies that for every login ID, the client remotely mounts the /export/home/loginID directory from the NFS server.
* server1:/export/home/&

The wildcard character (*) matches any key. The substitution character (&) at the end of the path is replaced with the matched key eld.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 14 of 17

Sun Services

Adding Indirect Map Entries (cont.)


NFS Server "mars" NFS Client "venus"

export home home mary ernie mary autofs autofs Mount on Demand by automountd auto_home etc

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 15 of 17

Sun Services

Updating the Automount Maps


When making changes to the master map or creating a direct map, run the automount command to make the changes effective. You do not have to stop and restart the automountd daemon. You can modify existing entries in a direct map at any time. The new information is used when the automountd daemon next accesses the map entry to perform a mount. Any modications to indirect maps are automatically used by the automountd daemon.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 16 of 17

Sun Services

Stopping and Starting the Automount System


Stopping the automount system To disable the service manually, enter the following command:
# svcadm disable svc:/system/filesystem/autofs

Starting the automount system To enable the service manually, enter the following command:
# svcadm enable svc:/system/filesystem/autofs

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 7, slide 17 of 17

Sun Services

Module 8
Describing RAID and the Solaris Volume Manager Software

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Describe RAID Describe Solaris Volume Manager software concepts

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 2 of 22

Sun Services

Introducing RAID
RAID is a classication of methods to back up and to store data on multiple disk drives. The Solaris Volume Manager software uses metadevices, which are product-specic denitions of logical storage volumes, to implement RAID 0, RAID 1, RAID 1+0, and RAID 5: RAID 0: Non-redundant disk array (concatenation and striping) RAID 1: Mirrored disk array RAID 5: Block-interleaved striping with distributed parity

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 3 of 22

Sun Services

RAID 0
Concatenated volumes (or concatenations)
RAID 0 (Concatenation) Logical Volume Physical Slice A

Physical Slice B

Solaris Volume Manager

Physical Slice C

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 4 of 22

Sun Services

RAID 0 (cont.)
Striped volumes (or stripes)
Physical Slice A Interlace 1 Interlace 4 Physical Slice B Interlace 2 Interlace 5 Physical Slice C Interlace 3 Interlace 6

Solaris Volume Manager

Interlace 1 Interlace 4

Interlace 2 Interlace 5

Interlace 3 Interlace 6

RAID 0 (Stripe) Logical Volume

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 5 of 22

Sun Services

RAID 1
Submirror 1 Interlace 1 Interlace 2 Interlace 3 Interlace 4 Solaris Volume Manager Submirror 1
Int 1 Int 2 Int 3 Int 4

RAID 1 (Mirror) Logical Volume

Submirror 2
Int 1 Int 2 Int 3 Int 4

Submirror 2 Interlace 1 Interlace 2 Interlace 3 Interlace 4

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 6 of 22

Sun Services

RAID 0+1
Physical Slice A Physical Slice B Physical Slice C Physical Slice D Physical Slice E Physical Slice F

RAID 0 (Striped) Volume Submirror 1

RAID 0 (Striped) Volume Submirror 2

RAID 1 (Mirrored) Volume

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 7 of 22

Sun Services

RAID 1+0
Physical Slice A RAID 1 (Mirror) Logical Volume Physical Slice B RAID 1 (Mirror) Logical Volume Physical Slice C RAID 1 (Mirror) Logical Volume

Physical Slice D

Physical Slice E

Physical Slice F

RAID 0 (Striped) Logical Volume

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 8 of 22

Sun Services

Mirror Options
Mirror performance can be modied by using the following options: Mirror read policy Mirror write policy You can dene mirror options when you initially create the mirror or after you set up the mirror. You can distribute the load across the submirrors to improve read performance.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 9 of 22

Sun Services

Mirror Read Policies


Read Policy Round Robin (default) Geometric Description Balances the load across the submirrors Enables the system to divide reads among submirrors on the basis of a logical disk block address Directs all reads to the rst submirror

First

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 10 of 22

Sun Services

Mirror Write Policies


Write Policy Parallel (Default) Description Replicates a write to a mirror, and dispatches the write to all of the submirrors simultaneously Species that writes to one submirror must complete before initiating writes to the next submirror

Serial

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 11 of 22

Sun Services

RAID 5
Interlace 1

Physical Slice A

P(4-6) Interlace 7

RAID 5 Logical Volume


Interlace 1

Interlace 10 Interlace 2 Interlace 2 Interlace 3 Interlace 4 Interlace 5 Interlace 6

Physical Slice B

Interlace 4 P(7-9) Interlace 11

Interlace 3

Solaris Volume Manager

Interlace 7 Interlace 8 Interlace 9 Interlace 10 Interlace 11 Interlace 12

Physical Slice C

Interlace 5 Interlace 8 P(10-12)

P(1-3)

Physical Slice D

Interlace 6 Interlace 9 Interlace 12

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 12 of 22

Sun Services

RAID 5 (cont.)
Requirements for RAID-5 Volumes The general conguration guidelines for conguring RAID-5 volumes are: Create a RAID-5 volume with a minimum of three slices. The more slices a RAID-5 volume contains, the longer read and write operations take when a slice fails. Do not stripe, concatenate, or mirror RAID-5 volumes. Do not create a RAID-5 volume from a slice that contains an existing file system, because you will erase the data during the RAID-5 initialization process.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 13 of 22

Sun Services

RAID 5 (cont.)
When you create a RAID-5 volume, you can define the interlace value. If you do not specify a value, a default value of 16 Kbytes is assigned. A RAID-5 volume (with no hot spares) can only handle a single slice failure. To optimize performance, use slices across separate controllers when creating RAID-5 volumes. Use disk slices of the same size. Creating a RAID-5 volume of different-sized slices results in unused disk space on the larger slices.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 14 of 22

Sun Services

RAID 5 (cont.)
Suggestions for RAID 5 Volumes The following general suggestions can help avoid common performance problems when using RAID-5 volumes: Because of the complexity of parity calculations, volumes with greater than about 20 percent writes should probably not be RAID-5 volumes. If data redundancy on a write-heavy volume is needed, consider mirroring. If the slices in the RAID-5 volume reside on different controllers and the accesses to the volume are primarily large sequential accesses, then setting the interlace value to 32 Kbytes might improve performance.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 15 of 22

Sun Services

Hardware Considerations
For any given application there are trade-offs in performance, availability, and hardware costs. A few categories of information that you must address during the storage planning phase are: General storage guidelines Determining storage characteristics Storage performance guidelines

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 16 of 22

Sun Services

Choosing Storage Mechanisms


Feature Redundant data RAID-0 Concatenation No RAID-0 Stripe No Yes RAID-1 Mirror Yes RAID-5 Stripe With Parity Yes

Improved read No performance

Depends on Yes the underlying device No No

Improved write performance

No

Yes

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 17 of 22

Sun Services

Optimizing Redundant Storage


Factors Write operations Random read Hardware cost Performance during failure RAID 1 (Mirror) Faster Slower Highest Best RAID 5 Slower Faster Higher Poor Non-Redundant Neutral Neutral Lowest Data loss

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 18 of 22

Sun Services

Introducing Solaris Volume Manager Software Concepts


The Solaris Volume Manager software lets you manage large numbers of disks and the data on those disks. Most tasks include: Increasing storage capacity Increasing data availability Making the administration of large storage devices easier

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 19 of 22

Sun Services

Logical Volume
SVM software uses virtual disks called logical volumes to manage physical disks and their associated data. You can create the Solaris Volume Manager software volumes from slices (disk partitions) or from other Solaris Volume Manager software volumes. The Enhanced Storage tool within the Solaris Management Console allows you to list, create, and modify any type of SVM software volumes or components.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 20 of 22

Sun Services

Soft Partitions
Soft partitions provide a mechanism for dividing large storage spaces into smaller, more manageable sizes. Use soft partitioning to divide a slice or volume into as many divisions as needed. A soft partition, once named, can be directly accessed by applications, including le systems, as long as it is not included in another volume.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 21 of 22

Sun Services

Introducing the State Database


Before creating volumes using the Solaris Volume Manager software, state database replicas must exist on the Solaris Volume Manager software system. The Solaris Volume Manager software automatically updates the state database when a conguration or state change occurs. The state database is a collection of multiple, replicated database copies. Having copies of the state database protects against data loss from single points-of-failure.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 8, slide 22 of 22

Sun Services

Module 9
Configuring Solaris Volume Manager Software

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Describe Solaris Volume Manager software concepts Build a RAID-0 (concatenated) volume Build a RAID-1 (mirror) volume for the root (/) file system

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 2 of 39

Sun Services

Solaris Volume Manager Concepts


The Solaris Volume Manager software in the Solaris 9 OS and Solaris 10 OS replaces the Solstice DiskSuite software used in releases of the Solaris OS prior to Solaris 9 OS. The Solaris Volume Manager software is used to implement RAID 0, RAID 1, RAID 1+0, and RAID 5.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 3 of 39

Sun Services

State Database Replicas


The state database stores information on disk about the state of your Solaris Volume Manager software conguration. Multiple copies of the database, called replicas, provide redundancy. The state database replicas should be distributed across multiple disks. Solaris Volume Manager software uses a majority consensus algorithm to determine which state database replicas contain valid data. The algorithm requires that a majority (half +1) of the state database replicas are available before any of them are considered valid.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 4 of 39

Sun Services

State Database Replicas


The majority consensus algorithm: Makes sure that the system stays running if at least half of the state database replicas are available. Causes the system to panic if fewer than half of the state database replicas are available. Prevents the system from starting the Solaris Volume Manager software unless a majority of the total number of state database replicas are available.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 5 of 39

Sun Services

Creating the State Database


You can create state database replicas by using the following: The metadb -a command The Solaris Volume Manager software GUI The following example shows using metadb to create state database replicas:
# metadb -a # metadb flags a u a u a u a u -f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1 first blk 16 16 16 16 block count 8192 /dev/dsk/c0t0d0s4 8192 /dev/dsk/c0t0d0s5 8192 /dev/dsk/c1t0d0s0 8192 /dev/dsk/c1t0d0s1

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 6 of 39

Sun Services

Creating the State Database Using the Solaris Management Console

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 7 of 39

Sun Services

Creating the State Database Using the Solaris Management Console (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 8 of 39

Sun Services

Creating the State Database Using the Solaris Management Console (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 9 of 39

Sun Services

Conguring RAID-0
RAID-0 volumes let you expand disk storage capacity efciently. These volumes do not provide data redundancy, but can be used to expand disk storage capacity. RAID-0 comes in two forms, stripes and concatenations. Striping enables parallel data access because multiple controllers can access the data at the same time. A stripe distributes data equally across all slices in the stripe. A concatenated volume writes data to the first available slice. When the first slice is full, the volume writes data to the next available slice.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 10 of 39

Sun Services

Creating a RAID-0 Volume Using the Command Line


State database replicas must exist before you can configure any metadevices. For example, to create two replicas on each of two slices, use the command:
# metadb -a -f -c 2 c3t2d0s7 c3t3d0s7

In this example, assume that the /export/home (/dev/dsk/c0t0d0s7) file system is almost at capacity. A new slice from another disk will be concatenated to it, making a RAID-0 concatenated volume.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 11 of 39

Sun Services

Creating a RAID-0 Volume Using the Command Line


Use the metainit command to create metadevices and associate slices with them. For example:
# metainit -f d0 2 1 c0t0d0s7 1 c3t2d0s0 d0: Concat/Stripe is setup

The -f option is required if one of these slices is currently mounted. The metadevice name used for this concatenation is d0. In a concatenation, the number of stripes is equal to the number of slices being added, in this case 2. The number of slices in each stripe is one, so the number 1 appears before each slice.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 12 of 39

Sun Services

Creating a RAID-0 Volume Using the Command Line


The new metadevice (d0) has been created, but is not being used yet. It needs to be remounted using the new metadevice device files. Locate the entry in the /etc/vfstab file that mounts the file system at boot time:
/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/home ufs 2 yes -

Change the device names to match the metadevice names:


/dev/md/dsk/d0 /dev/md/rdsk/d0 /export/home ufs 2 yes -

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 13 of 39

Sun Services

Creating a RAID-0 Volume Using the Command Line


Un-mount and re-mount the file system using the new device files:
# umount /export/home # mount /export/home # df -h /export/home Filesystem size used /dev/md/dsk/d0 470M 395M

avail capacity Mounted on 28M 94% /export/home

The existing file system needs to be grown into the new space. This is done with the growfs command. Use the option -M to specify a mount point:
# growfs -M /export/home /dev/md/rdsk/d0 ...

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 14 of 39

Sun Services

Creating a RAID-0 Volume Using Solaris Management Console

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 15 of 39

Sun Services

Creating a RAID-0 Volume Using Solaris Management Console (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 16 of 39

Sun Services

Creating a RAID-0 Volume Using Solaris Management Console (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 17 of 39

Sun Services

Creating a RAID-0 Volume Using Solaris Management Console (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 18 of 39

Sun Services

Creating a RAID-0 Volume Using Solaris Management Console (cont.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 19 of 39

Sun Services

Conguring RAID-1
RAID-1 volumes are also known as mirrors and provide data redundancy. A RAID-1 volume maintains identical copies of the data in the RAID-0 volumes from which it is made. Using multiple submirrors A mirror is made of two or more RAID-0 volumes. The mirrored RAID-0 volumes are called submirrors. A mirror consisting of two submirrors is known as a two-way mirror. You can attach or detach a submirror from a mirror at any time.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 20 of 39

Sun Services

Conguring RAID-1 (cont.)


Mirror options Mirror performance can be modified by using the following options: Mirror read policy Round robin Geometric First Mirror write policy Parallel Serial

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 21 of 39

Sun Services

Building a Mirror of the Root (/) File System


The procedure for building a mirror of the root (/) le system can be accomplished using the command line exclusively, but it is not possible to use the Solaris Management Console (SMC) exclusively. This section describes how to create a RAID-1 volume for the root (/) le system, which cannot be unmounted.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 22 of 39

Sun Services

Building a Mirror of the Root (/) File System (cont.)


Creating a mirror of the root (/) le system requires the following general steps: 1. Create a RAID-0 volume for the file system you want to mirror. 2. Create a second RAID-0 volume to contain the second submirror of the RAID-1 volume. 3. Create a one-way mirror using the RAID-0 volume that contains the file system to be mirrored. 4. Use the metaroot command to update the systems configuration, because this is a root (/) mirror. 5. Reboot your system, because this is a root (/) mirror.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 23 of 39

Sun Services

Building a Mirror of the Root (/) File System (cont.)


6. Attach the second submirror to the file system mirror. 7. Record the alternate boot path that is used in the event of a failure of the primary submirror, because this is a mirror of the root (/) file system.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 24 of 39

Sun Services

Building a Mirror of the Root (/) File System (cont.)


Creating the RAID-0 volumes The first step when building a mirror of the root (/) file system is to create RAID-0 volumes, which you later combine to form the mirror. Each RAID-0 volume becomes a submirror to the mirror. Use the metainit command to create a RAID-0 volume to be used as the primary submirror of the root (/) le system:
# /usr/sbin/metainit -f d11 1 1 c0t0d0s0 d11: Concat/Stripe is setup

This command forces the creation of the d11 volume.


System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 25 of 39

Sun Services

Building a Mirror of the Root (/) File System (cont.)


To create a RAID-0 volume to be used as the secondary submirror of the root le system, use the metainit command again:
# metainit d12 1 1 c3t3d0s1 d12: Concat/Stripe is setup

Creating the RAID-1 volume The following metainit example creates a mirrored volume named d10. This command attaches the volume d11 as a submirror of the mirror named d10.
# /usr/sbin/metainit d10 -m d11 d10: Mirror is setup

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 26 of 39

Sun Services

Building a Mirror of the Root (/) File System (cont.)


Executing the metaroot command When creating mirrors of mounted file systems, you must update the /etc/vfstab file to change the mount point from a slice to a volume. The /etc/system file must change to include entries related to SVM drivers. When mirroring the root (/) file system, use the metaroot command to modify the /etc/vfstab and / etc/system files, as follows:
# metaroot d10 # grep md /etc/vfstab /dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no # tail /etc/system rootdev:/pseudo/md@0:0,10,blk
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 27 of 39

Sun Services

Building a Mirror of the Root (/) File System (cont.)


Rebooting the system You must reboot the system before attaching the secondary submirror.
# init 6

Attaching the secondary submirror Attach the secondary submirror by using the metattach command:
# metattach d10 d12 d10: submirror d12 is attached

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 28 of 39

Sun Services

Building a Mirror of the Root (/) File System (cont.)


The metastat command shows the mirror synchronization taking place.
# metastat d10 d10: Mirror Submirror 0: d11 State: Okay Submirror 1: d12 State: Resyncing Resync in progress: 83 % done Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 307440 blocks (150 MB)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 29 of 39

Sun Services

Building a Mirror of the Root (/) File System (cont.)


Updating the boot-device PROM variable Use the OpenBoot nvalias command to define a backup_root device alias for the secondary root mirror. For example:
ok nvalias backup_root /pci@1f,0/pci@1/pci@1/SUNW,isptwo@4/ sd@3,0:b

Redefine the boot-device variable to reference both the primary and secondary submirrors, in the order in which you want to access them.
ok setenv boot-device disk backup_root net boot-device= disk backup_root net

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 30 of 39

Sun Services

Conguring an x86-Based System for Mirrored Failover


The BIOS The BIOS is responsible for nding the right device to boot from, then loading and executing the master boot record from that device. BIOS is congurable to some degree. BIOS may be limited in its ability to probe for devices. fdisk Partitioning To use the SVM to mirror the root le system, the le system must use the single Solaris fdisk partition, and no separate boot partition.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 31 of 39

Sun Services

Conguring an x86-Based System for Mirrored Failover (cont.)


The GNU GRand Unified Bootloader (GRUB) GRUB is responsible for loading a boot archive into the system's memory. Understanding the GRUB device naming conventions can assist you in correctly specifying drive and partition information when you congure GRUB on your system. The functional GRUB components include the stage1 and stage2 programs, and the menu.lst le.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 32 of 39

Sun Services

Conguring an x86-Based System for Mirrored Failover (cont.)


x86/x64 Boot Program Locations
Disk Cylinders

0 1
Sector 0 = mboot + fdisk Partition table Sector 0 = stage1 Sector 1 + 2 = disk label + VTOC

Sector 50 = stage2 - extends for 200 + sectors

Solaris fdisk partition cylinder 0 (disk cyl 1) = slice 8

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 33 of 39

Sun Services

Conguring an x86-Based System for Mirrored Failover (cont.)


Creating a RAID-1 Volume From the root File System Congure the ordering for the BIOS boot devices, if possible. Congure the Solaris fdisk partition and root slice on the mirror disk. Install the mboot program.
# fdisk -b /usr/lib/fs/ufs/mboot -n /dev/rdsk/c2d0p0

Install the GRUB stage1 and stage2 programs.


# /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 \ /dev/rdsk/c2d0p0

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 34 of 39

Sun Services

Conguring an x86-Based System for Mirrored Failover (cont.)


Identify the slice that contains the existing root (/) le system to be mirrored. Create a new RAID-0 volume on the existing root (/) le system to be mirrored. Create a second RAID-0 volume on an unused slice to act as the second submirror. Create a one-way mirror. Remount your newly mirrored le system, then reboot the system.
# metaroot volume-name # reboot

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 35 of 39

Sun Services

Conguring an x86-Based System for Mirrored Failover (cont.)


Attach the second submirror.
# metattach volume-name submirror-name

Dene the alternative boot path in the /boot/grub/menu.lst le.


# vi /boot/grub/menu.lst .... title alternate boot root (hd1,0,a) kernel /boot/multiboot module /boot/x86.miniroot-safe

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 36 of 39

Sun Services

Unmirroring the Root (/) File System


Run the metastat command on the mirror to verify that submirror 0 is in the Okay state.
# metastat d10 d10: Mirror Submirror 0: d11 State: Okay Submirror 1: d12 State: Okay ...

Run the metadetach command on the mirror to make a one-way mirror.


# metadetach d10 d12 d10: submirror d12 is detached

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 37 of 39

Sun Services

Unmirroring the Root (/) File System (cont.)


Because this is a root (/) file system mirror, run the metaroot command to update the /etc/vfstab and /etc/system files.
# metaroot /dev/dsk/c0t0d0s0

Reboot the system.


# init 6

Run the metaclear command to clear the mirror and submirrors.


# metaclear -r d10 d10: Mirror is cleared d11: Concat/Stripe is cleared # metaclear d12 d12: Concat/Stripe is cleared

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 38 of 39

Sun Services

Unmirroring the Root (/) File System (cont.)


If you changed your boot-device variable to an alternate boot path, return it to its original setting.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 9, slide 39 of 39

Sun Services

Module 10
Configuring Role-Based Access Control (RBAC)

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Describe RBAC fundamentals Describe component interaction within RBAC Manage RBAC by using the Solaris Management Console Manage RBAC by using the command line

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 2 of 30

Sun Services

RBAC Fundamentals
In conventional UNIX systems, the root user (also referred to as the superuser) has the ability to perform any task. In systems implementing RBAC, individual users can be assigned to roles, where roles are associated with rights proles. Rights proles list the rights to run specic commands and applications with escalated privileges. Roles can also be assigned authorizations. An authorization grants access to restricted functions in RBAC compliant applications.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 3 of 30

Sun Services

Key RBAC Files


RBAC authorizations, roles, rights proles, and privileged commands are dened in four les: The /etc/user_attr file The /etc/security/prof_attr file The /etc/security/policy.conf file The /etc/security/exec_attr file

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 4 of 30

Sun Services

The user_attr File


The /etc/user_attr le lists the rights proles and authorizations associated with users and roles. When you create a new user account with no rights proles, authorizations, or roles, nothing is added to the le. Changes to this le will be illustrated as related RBAC features are described in this module.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 5 of 30

Sun Services

Roles
A role is a special identity, similar to a user account, used to run privileged applications or commands. You assign users to roles so those users can run the commands associated with those roles. No predefined roles are shipped with the Solaris 10 OS. You assign rights profiles to a role when you define a role. The roles command lists the roles a user has been assigned:
# roles root No roles

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 6 of 30

Sun Services

Assigning Rights Proles to Users


A rights profile is a collection of rights that can be assigned to a user. A right is a command or script which runs with special security attributes. Many examples of rights profiles are shipped with the Solaris 10 OS.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 7 of 30

Sun Services

Assigning Rights Proles to Users


The /etc/security/prof_attr file contains rights profile names and descriptions.
# cat /etc/security/prof_attr (output omitted) All:::Execute any command as the user or role:help=RtAll.html Log Management:::Manage log files:help=RtLogMngmnt.html ...

Each line starts with the rights profile name. The middle fields are not used, and the last two fields hold a comment and a pointer to a help file.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 8 of 30

Sun Services

Assigning Rights Proles to Users


The profiles command lists rights profiles assigned to a user.
# profiles chris Basic Solaris User All

Every account has the All rights profile. It allows any command to be executed, but with special security attributes. Other rights profiles given to all new user accounts are defined in the /etc/security/policy.conf file.
# grep 'PROFS' /etc/security/policy.conf PROFS_GRANTED=Basic Solaris User

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 9 of 30

Sun Services

Assigning Rights Proles to Users


Rights profiles can be assigned to a user account with the usermod command or the Solaris Management Console (SMC).
# usermod -P "Printer Management" chris # profiles chris Printer Management Basic Solaris User All

This automatically updates the /etc/user_attr file as shown by the following:


# grep chris /etc/user_attr chris::::type=normal;profiles=Printer Management

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 10 of 30

Sun Services

The /etc/security/exec_attr File


The /etc/security/exec_attr le holds execution attributes. An execution attribute is either a command with no option, or a script that contains a command, possibly with options. In this file, the special security attributes UID, EUID, GID, and EGID, specify attributes to add to a process when it runs. Only the users and roles assigned access to a particular rights profile can run its associated commands with their special security attributes.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 11 of 30

Sun Services

The /etc/security/exec_attr File


Commands and special security attributes for the Printer Management rights prole are listed as follows:
# grep 'Printer Management' /etc/security/exec_attr Printer Management:suser:cmd:::/etc/init.d/lp:euid=0;uid=0 Printer Management:suser:cmd:::/usr/bin/cancel:euid=lp;uid=lp Printer Management:suser:cmd:::/usr/bin/lpset:egid=14 Printer Management:suser:cmd:::/usr/bin/lpstat:euid=0 Printer Management:suser:cmd:::/usr/lib/lp/local/accept:uid=lp Printer Management:suser:cmd:::/usr/lib/lp/local/ lpadmin:uid=lp;gid=8 Printer Management:suser:cmd:::/usr/lib/lp/lpsched:uid=0 Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp;uid=lp ...

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 12 of 30

Sun Services

Assigning Rights Proles to Roles


If a large number of user accounts require the same conguration and management of rights proles, it can be easier to assign the rights proles to a role and give the users access to the role. Creating a role The roleadd command creates a role entry in the /etc/passwd, /etc/shadow, and /etc/user_attr files.
# roleadd -m -d /export/home/level1 -c "Level One Support" \ -P "Printer Management,Media Backup,Media Restore" level1 64 blocks

The role cannot be used until a password for it is set.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 13 of 30

Sun Services

Assigning Rights Proles to Roles


The changes to the /etc/passwd, /etc/shadow, and /etc/user_attr les are shown as follows:
# grep level1 /etc/passwd level1:x:102:1:Level One Support:/export/home/level1:/bin/pfsh # grep level1 /etc/shadow level1:CUs8aQ64vTrZ.:12713:::::: # grep level1 /etc/user_attr level1::::type=role;profiles=Printer Management,Media Backup,Media Restore

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 14 of 30

Sun Services

Assigning Rights Proles to Roles


Modifying a role To modify the login information of a role on a system, use the rolemod command. This example modifies the roles rights profiles.
# rolemod -P profile1,profile2 -s /usr/bin/pfksh level1

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 15 of 30

Sun Services

Assigning Rights Proles to Roles


Purpose of the profile shells A profile shell is a special type of shell that enables access to the privileged rights that are assigned to the rights profile. The standard UNIX shells cannot be used, as they are not aware of the RBAC files, and do not consult them. The profile shells are pfsh, pfcsh, and pfksh.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 16 of 30

Sun Services

Assigning Roles to Users


The useradd command or the Solaris Management Console (SMC) can be used to assign users to roles. The example shows the useradd command being used with the -R option to assign roles:
# useradd -m -d /export/home/paul -R level1 paul 64 blocks #

This example associates the level1 role with the user chris:
# usermod -R level1 chris #

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 17 of 30

Sun Services

Using Roles
As it is not possible to directly log in to a role account, log in as a regular user rst. The roles command shows the roles available to your account.
$ id uid=103(paul) gid=1(other) $ roles level1

Switch the user to the role account with the su command.


$ su level1 Password: $ id uid=102(level1) gid=1(other)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 18 of 30

Sun Services

Authorizations
An authorization grants access to restricted functions in RBAC-compliant applications. Some applications and commands in the Solaris 10 OS are written to check the authorizations of the user calling them. The predened authorizations are listed in the /etc/security/auth_attr le.
# cat /etc/security/auth_attr (output omitted) solaris.jobs.:::Job Scheduler::help=JobHeader.html solaris.jobs.admin:::Manage All Jobs::help=AuthJobsAdmin.html solaris.jobs.grant:::Delegate Cron & At Administration::help=JobsGrant.html ...

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 19 of 30

Sun Services

Default Authorizations
All users have the Basic Solaris User prole by default.
# profiles chris Printer Management Basic Solaris User All

The Basic Solaris User prole grants users access to all listed authorizations. The All prole grants unrestricted access to all Solaris OS commands that have not been restricted by a denition in a previously listed authorization.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 20 of 30

Sun Services

Assigning Authorizations
Authorizations can be assigned to user accounts. Authorizations can also be assigned to roles or embedded in a rights prole, which can be assigned to a user or role. Authorizations may be assigned from the command line or with SMC. This example shows the useradd command used with the -A option to add an authorization to a user:
# usermod -A solaris.jobs.admin chris

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 21 of 30

Sun Services

Assigning Authorizations
The usermod command automatically updates the /etc/user_attr le with this new information.
# grep chris /etc/user_attr chris::::type=normal;auths=solaris.jobs.admin;profiles=Printer Management

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 22 of 30

Sun Services

Assigning Authorizations to Roles


If a large number of user accounts require the same conguration and management of authorizations, it can be easier to assign the authorizations to a role and give the users access to the role. You can assign authorizations to roles with the roleadd command or with SMC.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 23 of 30

Sun Services

Assigning Authorizations to Roles


This example uses the roleadd -P and -A options to create a role called level2 that is assigned the authorization solaris.admin.usermgr.*.
# roleadd -m -d /export/home/level2 -P "Mail Management" \ -A "solaris.admin.usermgr.*" level2 64 blocks #

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 24 of 30

Sun Services

Assigning Authorizations to Rights Proles


A rights prole usually includes a list of commands and special security attributes, the rights, as dened in the /etc/ security/exec_attr le. It is also possible to include predened authorizations from the /etc/security/auth_attr le in the rights prole by adding the authorizations to the /etc/security/prof_attr le.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 25 of 30

Sun Services

RBAC Conguration File Summary


The gure on this slide shows how the four les used by RBAC are interrelated.

auth_attr user_attr
Users Roles Authorization

prof_attr
Profiles

exec_attr
Privileges

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 26 of 30

Sun Services

RBAC Conguration File Summary


From the /etc/security/auth_attr database:

solaris.system.date:::Set Date & Time::help=SysDate.html


From the /etc/user_attr database:

sysadmin::::type=role;profiles=Device Management,Filesystem Management,Printer Management,All johndoe::::type=normal;auths=solaris.system.date;roles=sysadmin


From the /etc/security/prof_attr database:

Printer Management:::Manage printers, daemons, spooling:help=RtPrntAdmin.html;auths=solaris.admin.printer.read,solaris.a dmin.printer.modify,solaris.admin.printer.delete


From the /etc/security/exec_attr database:

Printer Printer Printer Printer Printer

Management:suser:cmd:::/usr/sbin/accept:euid=lp Management:suser:cmd:::/usr/ucb/lpq:euid=0 Management:suser:cmd:::/etc/init.d/lp:euid=0 Management:suser:cmd:::/usr/bin/lpstat:euid=0 Management:suser:cmd:::/usr/lib/lp/lpsched:uid=0

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 27 of 30

Sun Services

Managing RBAC Using the Solaris Management Console


The Solaris Management Console in the Solaris 10 OS enables you to congure RBAC features using a GUI console.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 28 of 30

Sun Services

Managing RBAC Using the Solaris Management Console


To set up privileged access using SMC, complete the following steps: 1. Build the user accounts that will be assigned the RBAC rights profiles and roles. 2. Build the rights profiles needed to support the privileged access requirements. 3. Build the role that will provide access to the rights profiles for designated users.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 29 of 30

Sun Services

Managing RBAC Using the Solaris Management Console


To access RBAC features in SMC, complete the following steps: 1. 2. 3. 4. Select Management Tools. Click This Computer. Click System Configuration. Double-click the Users icon.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 10, slide 30 of 30

Sun Services

Module 11
Configuring System Messaging

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Describe the fundamentals of the syslog function Configure the /etc/syslog.conf file Configure syslog messaging Use the Solaris Management Console log viewer

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 2 of 15

Sun Services

The syslog Concept


The syslog function sends messages generated by the kernel and system utilities and applications to the syslogd daemon. With the syslog function you can control message logging, depending on the conguration of the /etc/ syslog.conf le. The daemon can: Write messages to a system log Forward messages to a centralized log host Forward messages to a list of users Write messages to the system console

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 3 of 15

Sun Services

The /etc/syslog.conf File


A conguration entry in the /etc/syslog.conf le consists of two tab-separated elds: selector and action. The selector eld has two components, a facility and a level written as facility.level. The action eld determines where to send the message.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 4 of 15

Sun Services

The syslogd Daemon and the m4 Macro Processor


The syslogd daemon, the m4 macro processor, and the /etc/ syslog.conf le interact in conceptual phases to determine the correct message routing. These conceptual phases are described as: 1. The syslogd daemon runs the m4 macro processor. 2. The m4 processor reads the /etc/syslog.conf file, processes any m4 statements in the input, and passes the output to the syslogd daemon.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 5 of 15

Sun Services

The syslogd Daemon and the m4 Macro Processor


3. The syslogd daemon uses the configuration information output by the m4 processor to route messages to the appropriate places.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 6 of 15

Sun Services

The syslogd Daemon and the m4 Macro Processor


The m4 Macro Processor
syslog.conf

m4

Selector Field

Action Field

syslogd

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 7 of 15

Sun Services

Conguring the /etc/syslog.conf File


The target locations for the syslog message les are dened within the /etc/syslog.conf le. You must restart the syslogd daemon whenever you make any changes to this le. The following excerpt from the /etc/syslog.conf le shows how various events are logged by the system.
*.err;kern.notice;auth.notice *.err;kern.debug;daemon.notice;mail.crit *.alert;kern.err;daemon.err *.alert *.emerg /dev/sysmsg /var/adm/messages operator root *

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 8 of 15

Sun Services

Conguring the /etc/syslog.conf File


In Line 1, every error event (*.err) and all kernel and authorization facility events of level notice, which are not error conditions but might require special handling, will write a message to the /dev/sysmsg le. In Line 2, every error event (*.err), all kernel facility events of level debug, all daemon facility events of level notice, and all critical level mail events will record a message in the / var/adm/messages le. Therefore, errors are logged to both les. Line 3 indicates that all alert level events, including the kernel error level and daemon error level events, are sent to the user operator if this user is logged in.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 9 of 15

Sun Services

Conguring the /etc/syslog.conf File


Line 4 indicates that all alert level events are sent to the root user if the root user is logged in. Line 5 indicates that any event that the system interprets as an emergency will be logged to the terminal of every logged-in user.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 10 of 15

Sun Services

Stopping and Starting the syslogd Daemon


The /lib/svc/method/system-log le starts the syslogd process during each system boot. You can manually stop or start the syslogd daemon, or send it a refresh command, which causes the daemon to reread the /etc/syslog.conf le.
# svcadm disable svc:/system/system-log:default To start the syslogd daemon, perform the command: # svcadm enable svc:/system/system-log:default To send a refresh to the syslogd daemon, perform the command: # svcadm refresh svc:/system/system-log:default

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 11 of 15

Sun Services

Conguring syslog Messaging


The inetd daemon is the network listener process for many network services. The inetd daemon listens for service requests on the TCP and User Datagram Protocol (UDP) ports associated with each of the services listed in the inetd conguration le. The inetd daemon is controlled through the use of the inetadm command.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 12 of 15

Sun Services

Monitoring a syslog File in Real Time


The tail -f command holds the le open so that you can view messages being written to the le by the syslogd daemon, for example: # tail -f /var/adm/messages

Jun 14 13:15:39 host1 inetd[2359]:[ID 317013 daemon.notice] telnet[2361] from 192.9.200.1 45800

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 13 of 15

Sun Services

Using the Solaris Management Console Log Viewer


You can use the Solaris Management Console Log Viewer application to view syslog message les. You can also use this application to view and capture information from the Management Tool logs. To open the viewer, perform the following steps: 1. Use the smc command to open the Solaris Management Console: # smc & The Solaris Management Console application launches.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 14 of 15

Sun Services

Using the Solaris Management Console Log Viewer


2. Select This Computer (hostname). 3. Select System Status. 4. Select Log Viewer. The initial Log Viewer display lists Management Tools log entries from the /var/sadm/wbem/log directory.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 11, slide 15 of 15

Sun Services

Module 12
Using Name Services

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Describe the name service concept Describe the name service switch file /etc/nsswitch.conf Describe the name service cache daemon (nscd) Get name service information

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 2 of 27

Sun Services

Name Service Concept


Name services centralize the shared information in a network. A single system, the name server, maintains the information previously maintained on each individual host. The name servers provide information, such as host names, Internet Protocol (IP) addresses, user names, passwords, and automount maps. Other hosts in the name service domain (called clients), request the information from the name server. This name server system responds to clients, and translates, or resolves their requests from its memory-based (cached) or disk-based databases.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 3 of 27

Sun Services

Name Service Concept


Client 5 3 4 Name Server Database

/etc/nsswitch.conf

/etc/hosts

Local File

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 4 of 27

Sun Services

Name Service Concept


The name service concept provides the following benets: A single point of administration for name service data Consistent name service information for systems within the domain All clients have access to changed data Assurance that clients do not miss updates Secondary servers prevent a single point-of-failure

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 5 of 27

Sun Services

Domain Name System (DNS)


Domain Name System (DNS) is an Internet-wide naming system for resolving host names to IP addresses and IP addresses to host names. DNS supports name resolution for both local and remote hosts, and uses the concept of domains to allow hosts with the same name to coexist on the Internet, so long as they are in different domains. For example: www.sun.com and www.microsoft.com

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 6 of 27

Sun Services

Domain Name System (DNS)


The collection of networked systems that use DNS is referred to as the DNS namespace. The DNS namespace is divided into a hierarchy of domains. Each domain is usually supported by two or more name servers, a master name server, and one or more slave name servers. Each server implements DNS by running the in.named daemon.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 7 of 27

Sun Services

Domain Name System (DNS)


On the clients side, DNS is implemented through the resolver. The resolver library resolves users queries. The DNS name servers store the host and IP address information in files called zone files. The svc:/network/dns/server:default service starts the DNS server during the boot process if the DNS server has been configured.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 8 of 27

Sun Services

Network Information Service (NIS)


Network Information Service (NIS) was developed independently of DNS and has a slightly different focus. NIS stores information about host names, IP addresses, users, groups, and others. This collection of network information is referred to as the NIS namespace. NIS namespace information is stored in files called NIS maps. NIS maps were designed to supplement many of the UNIX /etc files.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 9 of 27

Sun Services

Network Information Service (NIS)


NIS maps are database files created from source files in the /etc directory (or in a directory that you specify). By default, these maps are stored in the /var/yp/domainname directory on NIS servers. NIS uses domains to define who can access the host names, user information, and other administrative data in its namespace. However, NIS does not use a domain hierarchy to store its data. Therefore, the NIS namespace is flat.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 10 of 27

Sun Services

Network Information Service (NIS)


Replicated NIS servers provide services to NIS clients. The principal server is called a master server, and, for reliability, it has a backup, or a slave server. Each server implements NIS by running the ypserv daemon. All NIS clients and servers must run the ypbind daemon. The svc:/network/nis/server:default service starts the NIS server during the boot process.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 11 of 27

Sun Services

Network Information Service Plus (NIS+)


Network Information Service Plus (NIS+) is similar to NIS, but provides many more features. NIS+ enables you to store information about machine addresses, security information, mail information, Ethernet interfaces, and network services in central locations. This configuration of network information is referred to as the NIS+ namespace. The NIS+ namespace is hierarchical and is similar in structure to the UNIX directory tree.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 12 of 27

Sun Services

Network Information Service Plus (NIS+)


An NIS+ namespace can be divided into multiple domains that can be administered independently. NIS+ uses a client-server model to store and gain access to the information contained in an NIS+ namespace. The principal server is called the root server, and the backup servers are called replica servers. Both root and replica servers run NIS+ server software, as well as maintain copies of NIS+ tables.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 13 of 27

Sun Services

Network Information Service Plus (NIS+)


NIS+ includes a sophisticated security system to protect the structure of the namespace and its information. NIS+ uses authentication and authorization to verify whether a clients request for information should be fulfilled. Each server implements NIS+ by running the rpc.nisd daemon. The svc:/network/rpc/nisplus:default service starts the NIS+ name service during the boot process.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 14 of 27

Sun Services

Lightweight Directory Access Protocol (LDAP)


LDAP is the protocol clients use to communicate with a directory server. It is a vendor-independent protocol and can be used on common TCP/IP networks. The Solaris 10 OS comes with an LDAP client and LDAP server. The LDAP Directory Server is called the Sun Java System Directory Server.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 15 of 27

Sun Services

Lightweight Directory Access Protocol (LDAP)


A directory server stores information in a Directory Information Tree (DIT). Clients can query the directory server for information or make changes to the information stored on the server. The hierarchy of the directory tree structure is similar to that of the UNIX file system. Entries are named according to their position in this tree structure by a distinguished name (DN).

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 16 of 27

Sun Services

Lightweight Directory Access Protocol (LDAP)


The DN is similar to an absolute path name in UNIX. A Relative Distinguished Name (RDN) is similar to a relative path name in UNIX. A directory entry is composed of attributes that have a type, and one or more values. Similar to the DNS namespace, LDAP names start with the least significant component and proceed to the most significant.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 17 of 27

Sun Services

Name Service Switch File


The name service switch file determines which name services a system uses to search for information, and in which order the name service request is resolved. All Solaris OS systems use the /etc/nsswitch.conf file as the name service switch file. The nsswitch.conf file is loaded with the contents of a template file during the installation of the Solaris OS, depending on the name service that is selected. The /etc/nsswitch.conf file includes a list of databases that are sources of information about IP addresses, users, and groups.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 18 of 27

Sun Services

Name Service Switch File


The following entries are from the /etc/nsswitch.conf file configured to support the NIS name service:
... passwd: files nis group: files nis # consult /etc "files" only if nis is down. hosts: nis [NOTFOUND=return] files ... networks: nis [NOTFOUND=return] files protocols: nis [NOTFOUND=return] files rpc: nis [NOTFOUND=return] files ethers: nis [NOTFOUND=return] files netmasks: nis [NOTFOUND=return] files bootparams: nis [NOTFOUND=return] files publickey: nis [NOTFOUND=return] files ...

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 19 of 27

Sun Services

Name Service Switch File


The information sources in/etc/nsswitch.conf are listed in the order that they are searched. Information sources files nisplus nis dns ldap user If two or more sources are listed, the first listed source is searched before moving to the next source.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 20 of 27

Sun Services

Name Service Switch File


When a name service is referenced, the attempt to search this source can return one of the following status codes: SUCCESS UNAVAIL NOTFOUND TRYAGAIN For each status code, two actions are possible: return continue

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 21 of 27

Sun Services

Name Service Switch File


When the action is not explicitly specified, the default action is to continue the search using the next specified information source, as follows: SUCCESS = return UNAVAIL = continue NOTFOUND = continue TRYAGAIN = continue

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 22 of 27

Sun Services

Conguring the Name Service Cache Daemon (nscd)


The nscd daemon The nscd daemon is a process that provides a cache for the most common name service requests. The nscd daemon starts during multiuser boot. The /etc/nscd.conf conguration le controls the behavior of the nscd daemon. The nscd daemon provides caching for the passwd, group, hosts, ipnodes, exec_attr, prof_attr, and user_attr databases.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 23 of 27

Sun Services

Conguring the Name Service Cache Daemon (nscd)


Configuring the nscd daemon The /etc/nscd.conf le contains the conguration information for the nscd daemon. Each line species either an attribute and a value, or an attribute, a cache name, and a value. An example of an attribute and a value is as follows: logfile /var/adm/nscd.log An example of an attribute, a cache name, and a value is as follows: enable-cache hosts no

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 24 of 27

Sun Services

Conguring the Name Service Cache Daemon (nscd)


Stopping and starting the nscd daemon The nscd daemons cache might become out of date due to various abnormal circumstances. A common way to force the nscd daemon to update its cache is to stop and start the daemon. Restarting the nscd daemon Clearing the cache by restarting the daemon can be helpful in removing old cached data:
# svcadm restart system/name-service-cache:default

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 25 of 27

Sun Services

Retrieving Name Service Information


The getent command You can query name service information sources with specific tools, such as the ypcat, nslookup, niscat, and ldaplist commands. However, the nsswitch.conf file is not referenced by these commands. The getent command has the following advantages: The getent searches the information sources in the order listed in the name service switch le. By using the name service switch le, the dened status message codes and actions are tested as they are currently congured.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 26 of 27

Sun Services

Retrieving Name Service Information


Using the getent command The getent command retrieves a list of entries from the administrative database specified by database. The sources for the database are specified in the /etc/nsswitch.conf file. The syntax is as follows: getent database [key]...

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 12, slide 27 of 27

Sun Services

Module 13
Configuring Name Service Clients

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Configure a DNS client Configure an LDAP client

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 2 of 18

Sun Services

Conguring a DNS Client


Name resolution using the Internet domain name system begins with the client-side resolver. The client resolver code is controlled by the following les: /etc/resolv.conf /etc/nsswitch.conf

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 3 of 18

Sun Services

Conguring the DNS Client During Installation


During the system identication phase of a Solaris 10 OS installation, use the following: The Name Service window, to select DNS as the name service The Domain Name window, to enter the DNS domain name to which the client will belong The DNS Server Address window, to enter the IP addresses of up to three DNS servers that the client will use for lookups

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 4 of 18

Sun Services

Conguring the DNS Client During Installation


During the system identication phase of a Solaris 10 OS installation, use the following: The DNS Search List window, to enter search suffixes to supplement searches for names that are not fully qualified The Confirm Information window, to verify that you have provided accurate information

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 5 of 18

Sun Services

Editing DNS Client Conguration Files


To use DNS with another name service, such as NIS or LDAP, you must manually modify conguration les. Editing the /etc/resolv.conf file The /etc/resolv.conf file contains configuration directives for the DNS resolver. The directives include the following: nameserver domain search

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 6 of 18

Sun Services

Editing DNS Client Conguration Files


The following resolv.conf example shows two name servers for the suned.sun.com domain. It also specifies two domain names, training.sun.com and sun.com, to append to any requests received that are not fully qualified.
# cat /etc/resolv.conf nameserver 192.168.10.11 nameserver 192.168.20.88 domain suned.sun.com training.sun.com sun.com

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 7 of 18

Sun Services

Editing DNS Client Conguration Files


Copying the /etc/nsswitch.dns file to the /etc/nsswitch.conf file To congure a client to use DNS in combination with the systems local les, copy the /etc/nsswitch.dns le to the /etc/nsswitch.conf le. This action only changes the hosts entry.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 8 of 18

Sun Services

Setting Up an LDAP Client


Native LDAP is the client implementation of the LDAP name service. An LDAP server, such as the Sun Java Directory Server that is bundled with the Solaris 10 OS, must exist on the network.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 9 of 18

Sun Services

Client Authentication
An LDAP client must establish a session with an LDAP server. This authentication process is known as binding. After a client is authenticated, it can then perform operations, such as search and modify, on the data.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 10 of 18

Sun Services

Client Authentication
Details on how the client is authenticated and what data the client is authorized to access is maintained on the LDAP server. To avoid having to re-enter the same information for each and every client, a single client prole is created on the directory server.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 11 of 18

Sun Services

Client Prole and Proxy Account


A single client prole denes the conguration parameters for a group of Solaris OS clients allowed to access the LDAP database. Client prole: Contains the clients credential information Describes how authentication is to take place Provides the client with various configuration parameters A proxy account is created to allow multiple clients to bind to the server with the same access privileges.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 12 of 18

Sun Services

Client Initialization
The client profile and proxy account are created as part of the Sun Java Directory Server setup procedures on the Solaris 10 OS. By default, the client profile named default and the proxy account proxyagent are created under a special profile directory entry. When the Solaris LDAP client is initialized, a copy of the client profile is retrieved from the server and stored on disk.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 13 of 18

Sun Services

Conguring the LDAP Client During Installation


To congure the LDAP client, complete the following steps: In the Name Service window, select LDAP as the name service. In the Domain Name window, enter the domain name where the system is located. In the LDAP Profile window, enter the profile name and server IP address. In the LDAP Proxy Bind window, select No. In the Confirm Information window, verify that you have provided accurate information.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 14 of 18

Sun Services

Initializing the Native LDAP Client


You execute the ldapclient command on the client system once to initiate the client as a native LDAP client. The following example describes a typical client initialization:
# ldapclient init -a proxyPassword=proxy \ -a proxyDN=cn=proxyagent,ou=profile,dc=suned,dc=sun,dc=com\ -a domainname=suned.sun.com 192.168.0.100 System successfully configured

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 15 of 18

Sun Services

Copying the /etc/nsswitch.ldap File to the /etc/nsswitch.conf File


During LDAP client initialization, the /etc/nsswitch.ldap le is copied over to the /etc/nsswitch.conf le.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 16 of 18

Sun Services

Listing LDAP Entries


You use the ldaplist command to list the naming information from the LDAP servers. Without any arguments, the ldaplist command returns all of the containers in the current search base DN.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 17 of 18

Sun Services

Unconguring an LDAP Client


To uncongure an LDAP client, use the ldapclient command with the uninit option. This command removes the client les from the /var/ldap directory and restores the previous /etc/nsswitch.conf le.
# ldapclient uninit System successfully unconfigured

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 13, slide 18 of 18

Sun Services

Module 14
Configuring the Network Information Service (NIS)

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Describe NIS fundamentals Configure the name service switch file Describe NIS security Configure an NIS domain Build custom NIS maps Troubleshoot NIS

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 2 of 29

Sun Services

NIS Fundamentals
NIS facilitates the creation of server systems that act as central repositories for several of the administrative les found on UNIX systems. The benets of NIS include the following: Centralized administration of configuration files Better scaling of configuration file administration as networks grow NIS is organized into named administrative domains. Within each domain there is one NIS master server, zero or more slave servers, and one or more clients.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 3 of 29

Sun Services

NIS Namespace Information


NIS stores information about host names and their IP addresses, users, groups, and others. NIS maps can replace or be used with the conguration les that exist on each UNIX system. NIS maps are located in the /var/yp/domainname directory on NIS servers.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 4 of 29

Sun Services

Map Contents and Sort Keys


Each map contains a key and value pair. The key represents data used to perform the lookup in the map, while the value represents data returned after a successful lookup. For example, for the domain name training, the NIS map les list for the hosts map are as follows: The /var/yp/training/hosts.byname.pag file The /var/yp/training/hosts.byname.dir file The /var/yp/training/hosts.byaddr.pag file The /var/yp/training/hosts.byaddr.dir file

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 5 of 29

Sun Services

Commands to Read Maps


You can use two commands to read maps: ypcat [ -k ] mname ypmatch [ -k ] value mname
# ypcat hosts 192.168.30.30 instructor instructor. loghost 192.168.30.30 instructor instructor. loghost 127.0.0.1 localhost ... # ypmatch sys44 hosts sys44: 192.168.30.44 sys44 loghost # ypmatch usera passwd usera: usera:LojyTdiQev5i2:3001:10::/export/home/usera:/bin/ksh

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 6 of 29

Sun Services

NIS Domains
An NIS domain is a collection of hosts and interconnecting networks that are organized into a single administrative authority. Each NIS domain contains: One NIS master server NIS slave servers (optional) NIS clients

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 7 of 29

Sun Services

NIS Master Server


Within each domain, the NIS master server has the following characteristics: Contains the original source ASCII files used to build the NIS maps Contains the NIS maps generated from the ASCII files Provides a single point-of-control for the entire NIS domain

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 8 of 29

Sun Services

NIS Slave Servers


Within each domain, the NIS slave servers have the following characteristics: Do not contain the original source ASCII files used to build the NIS maps Contain copies of the NIS maps copied from the NIS master server Provide a backup for NIS map information Provide redundancy in case of server failures Provide load sharing on large networks

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 9 of 29

Sun Services

NIS Clients
Within each domain, the NIS clients have the following characteristics: Do not contain the original source ASCII files used to build the NIS maps Do not contain any NIS maps Bind to the master server or to a slave server to obtain access to the administrative file information contained in that servers NIS maps Dynamically rebind to another server in case of server failure Make all appropriate system calls aware of NIS

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 10 of 29

Sun Services

NIS Processes
The main daemons involved in the running of an NIS domain are as follows: The ypserv daemon The ypbind daemon The rpc.yppasswdd daemon The ypxfrd daemon The rpc.ypupdated daemon

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 11 of 29

Sun Services

Conguring the Name Service Switch


When you select NIS as the name service during installation, the /etc/nsswitch.nis conguration le loads into the default /etc/nsswitch.conf le.
Changing lookup requests to go from files to NIS Entries in /etc/nsswitch.conf with the following form cause requests to search files first, and then NIS:
passwd: files nis

Changing lookup requests to go from NIS to files Entries in /etc/nsswitch.conf with the following form cause requests to search NIS first, and then files:
hosts: nis [NOTFOUND=return] files

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 12 of 29

Sun Services

NIS Security
Just as NIS makes the network information more manageable, it can also create inadvertent security holes. Two methods of closing these security holes are using the securenets le to restrict access to a single host or to a subnetwork, and using the passwd.adjunct le to limit access to the password information across the network.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 13 of 29

Sun Services

Conguring an NIS Domain


To generate NIS maps, you need the source les. You can nd source les in the /etc directory on the master server. Do not keep the source les in the /etc directory, because the contents of the maps are then the same as the contents of the local les that control access to the master server. This is a special problem for the /etc/passwd and /etc/shadow les.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 14 of 29

Sun Services

Conguring an NIS Domain


To locate the source files in another directory, modify the /var/yp/Makefile file: Change the INETDIR line to DIR=/your-choice Change the DIR=/etc line to DIR=/your-choice Change the PWDIR=/etc line to PWDIR=/your-choice Copy files from /etc, /etc/inet, and /etc/services to DIR=/your-choice Before you make any modifications to the /var/yp/Makefile file, save a copy of the original Makefile file.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 15 of 29

Sun Services

Generating NIS Maps


The NIS conguration script, /usr/sbin/ypinit, and the make utility generate NIS maps. The ypinit command reads the /var/yp/Makefile le for source le locations, and converts ASCII source les into NIS maps. For security reasons and to prevent unauthorized root access, the les that build the NIS password maps should not contain an entry for the root user. To make sure of this, copy the les to an alternative directory, and modify the PWDIR entry in the Makefile le.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 16 of 29

Sun Services

Locating Source Files


The source files are located in the /etc directory on the master server, but the files can be copied into another directory, such as /etc/yp_dir. The /etc/defaultdomain file sets the NIS domain name during system boot. The ypinit script calls the program make, which uses the Makefile file located in the /var/yp directory.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 17 of 29

Sun Services

Locating Source Files


The /var/yp directory contains a subdirectory named after the NIS domain name. This domainname directory is the repository for the NIS maps. The /var/yp/binding/domainname directory contains the ypservers file where the names of the NIS master server and NIS slave servers are stored. The /usr/lib/netsvc/yp directory contains the ypstop and ypstart commands that stop and start NIS services, respectively.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 18 of 29

Sun Services

Converting ASCII Source Files Into NIS Maps


To build new maps on the master server, perform the following command: # /usr/sbin/ypinit -m The ypinit command prompts for a list of other machines to become NIS slave servers.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 19 of 29

Sun Services

Conguring the NIS Master Server


To set up the NIS name service master server, complete the following steps: 1. Determine which machines on your network domain will be NIS servers. 2. Choose an NIS domain name. 3. Use the domainname command to set the local NIS domain. 4. Create an /etc/defaultdomain file that contains the domain name.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 20 of 29

Sun Services

Conguring the NIS Master Server


5. If the files do not already exist, use the touch command to create zero-length files with the following names: /etc/ethers, /etc/bootparams, /etc/locale, /etc/timezone, /etc/netgroup, and /etc/netmasks. 6. Install an updated Makefile file in the /var/yp directory if you intend to use NIS on the system that functions as your JumpStart software server. 7. Create or populate the /etc/locale file, and make an entry for each domain on your network.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 21 of 29

Sun Services

Conguring the NIS Master Server


8. Initialize the master server by using the local /etc files. Enter the ypinit -m command. a. When the program prompts you for a list of slave servers, and after you complete your list, press Control-D. b. The program asks if you want to terminate it on the first fatal error. 9. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file. 10.Start the NIS daemons on the master server with the following command:
# svcadm enable svc:/network/nis/server:default

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 22 of 29

Sun Services

Testing the NIS Service


There are a number of commands that you can use to obtain information from and about the NIS database. The most commonly used NIS commands are as follows: ypcat ypmatch ypwhich

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 23 of 29

Sun Services

Conguring the NIS Client


To congure the NIS client, complete the following steps: 1. Edit the /etc/inet/hosts file to ensure that the NIS master server and all slave servers have been defined. 2. Execute the domainname domainname command to set the local NIS domain. 3. Create or populate the /etc/defaultdomain file with the domain name.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 24 of 29

Sun Services

Conguring the NIS Client


4. To initialize the system as an NIS client, perform the following command: # ypinit -c 5. When the system prompts you for a list of NIS servers, enter the names of the NIS master and all slave servers. 6. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file. 7. Start NIS with the following command: # svcadm enable svc:/network/nis/ client:default

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 25 of 29

Sun Services

Conguring the NIS Slave Server


To congure an NIS slave server, complete the following steps on the system that you want to designate as the slave server: 1. Edit the /etc/inet/hosts file to ensure that the NIS master server and all slave servers have been defined. 2. Execute the domainname domainname command to set the local NIS domain. 3. Create or populate the /etc/defaultdomain file with the domain name.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 26 of 29

Sun Services

Conguring the NIS Slave Server


4. To initialize the system as an NIS client, perform the following command: # ypinit -c 5. When the system prompts for a list of NIS servers, enter the NIS master host followed by the name of the local host and all other NIS slave servers on the local network. 6. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file. 7. On the NIS master, ensure that the ypserv process is running.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 27 of 29

Sun Services

Conguring the NIS Slave Server


8. On the proposed NIS slave system, start the ypbind daemon.
# svcadm enable svc:/network/nis/client:default

9. Initialize the system as an NIS slave by performing the following command:


# ypinit -s master

10.Before starting the ypserv daemon on the slave server, stop the client with the following command:
# svcadm disable svc:/network/nis/client:default

11. When the NIS server is started, it also starts the ypbind client daemon.
# svcadm enable svc:/network/nis/server:default

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 28 of 29

Sun Services

Updating the NIS Map


Because database les change with time, you must update your NIS maps. To update the NIS maps (on the master server), complete the following steps: 1. Update the text files in your source directory. 2. Change to the /var/yp directory. # cd /var/yp 3. Refresh the NIS database maps using the make utility. # /usr/ccs/bin/make

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 14, slide 29 of 29

Sun Services

Module 15
Introduction to Zones

System Administration for the Solaris 10 Operating System, Part 2

Sun Services

Objectives
Identify the different zones features Understand how and why zone partitioning is used Configure zones Install zones Boot zones Administer packages with zones Upgrade the Solaris 10 OS with installed zones

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 2 of 45

Sun Services

Solaris Zones
Solaris zones technology enables software partitioning of a Solaris 10 OS to support multiple instances of the operating system services with independent process space, allocated resources, and users. Zones provide virtual operating system services that look like different Solaris instances to users and applications. Solaris zones allow administrators to dedicate system resources to individual zones. Each zone exists with separate process and le system space, and can only monitor and interact with local processes.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 3 of 45

Sun Services

Zone Features
Security Isolation Virtualization Granularity Transparency

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 4 of 45

Sun Services

Zone Types
The Solaris Operating System supports two types of zones: Global Non-global

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 5 of 45

Sun Services

Global Zones
Every Solaris system contains a global zone. The global zone has two functions: It is the default zone for the system. It is the zone used for system-wide administrative control. The global zone is the only zone from which a non-global zone can be congured, installed, managed, or uninstalled. The global zone contains a complete installation of the Solaris system software packages.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 6 of 45

Sun Services

Global Zones
Each zone, including the global zone, is assigned a zone name. The global zone always uses the name global. Non-global zones must have user-dened names. The system always assigns zone ID 0 to the global zone. The system assigns non-zero zone IDs to non-global zones when they boot.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 7 of 45

Sun Services

Non-Global Zones
Non-global zones contain an installed subset of the complete Solaris Operating System software packages. They can also contain Solaris software packages shared from the global zone and additional installed software packages not shared from the global zone. Non-global zones share operation under the Solaris kernel booted from the global zone. Non-global zones are not aware that any other zones exist.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 8 of 45

Sun Services

Zone Daemons
The system uses two daemons to control zone operation, zoneadmd and zsched. The zoneadmd daemon is the primary process for managing the zones virtual platform. The zoneadmd daemon is responsible for the following: Managing zone booting and shutting down Allocating the zone ID and starting the zsched system process Setting zone-wide resource controls Preparing the zones devices as specified in the zone configuration
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 9 of 45

Sun Services

Zone Daemons
The zoneadmd daemon is also responsible for the following: Plumbing virtual network interfaces Mounting loopback and conventional file systems The zsched process involves the following: Every active zone has an associated kernel process, zsched. The zsched process enables the zones subsystem to keep track of per-zone kernel threads. Kernel threads doing work on behalf of the zone are owned by zsched.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 10 of 45

Sun Services

Zone File Systems


There are two models for populating root le system space in non-global zones, the sparse root model and the whole root model.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 11 of 45

Sun Services

Zone File Systems


Sparse root model The sparse root model installs a minimal number of les from the global zone when you initialize a non-global zone. Files that need to be shared between a non-global zone and the global zone are mounted through read-only loopback le systems. By default, in the sparse root model, the directories /lib, /platform, /sbin, and /usr are mounted in this manner.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 12 of 45

Sun Services

Zone File Systems


Whole root model The whole root model provides the maximum congurability. All of the required and any selected optional Solaris packages are installed into the private le systems of the zone. The disk requirements for this model are determined by the disk space used by the packages currently installed in the global zone.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 13 of 45

Sun Services

Zone Networking
Each non-global zone that requires network connectivity has one or more dedicated IP addresses. These addresses are associated with logical network interfaces that can be placed in a zone by using the ifconfig command. For example, if the primary network interface in the global zone is ce0, then the non-globals logical network interface might be ce0:1. Logical interfaces are automatically assigned the next available identifier, for example, ce0:2, ce0:3.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 14 of 45

Sun Services

Zone States
As you congure a non-global zone, bring it into operation, use the zone, reboot, or shut it down, the state that the zoneadm command reports for that zone changes. The zoneadm command reports the following zone states: Undefined Configured Incomplete Installed Ready Running Shutting down and Down
Module 15, slide 15 of 45

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Sun Services

Conguring Zones
Conguring a zone requires completing the following tasks: Identifying the components that will make up the zone Configuring the zone with the zonecfg command Verifying and committing the configured zone

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 16 of 45

Sun Services

Identifying Zone Components


When planning zones for your environment, you must consider the components that make up each zones conguration. These components include the following: A zone name A path to the zones root The zone network interfaces The file systems mounted in zones The configured devices in zones

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 17 of 45

Sun Services

Allocating File System Space


There are no limits on how much disk space can be consumed by a zone. The nature of the packages installed in the global zone affects the space requirements of the non-global zones that are created. As a general guideline, about 100 megabytes of free disk space per non-global zone using the sparse root model is required. By default, any additional packages installed in the global zone also populate the non-global zones.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 18 of 45

Sun Services

Using the zonecfg Command


You can perform the following operations with zonecfg: You can create or delete a zone configuration. You can add resources to a particular configuration. You can set properties for resources added to a configuration. You can remove resources from a particular configuration. You can query or verify a configuration. You can commit to a configuration. You can revert to a previous configuration.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 19 of 45

Sun Services

Using the zonecfg Command


To simplify the user interface, zonecfg utilizes the concept of a scope. The default scope is global. The zonecfg interactive command prompt changes to reflect the current scope. You can use the add and select subcommands to select a specific resource, at which point the scope changes to that resource. The end and cancel subcommands cause the scope to revert to global.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 20 of 45

Sun Services

The zonecfg Subcommands


Subcommands within the zonecfg utility are used to configure and provision zones. The zonecfg prompt indicates if the scope is global or is confined to a particular resource. Note: The zonecfg subcommands are demonstrated in the Zone Configuration Walk-Through section, later in this module.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 21 of 45

Sun Services

The zonecfg Resource Parameters


Resource types within the zonecfg utility include the following:
zonename zonepath autoboot pool fs inherit-pkg-dir net device rctl attr

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 22 of 45

Sun Services

The zonecfg Resource Parameters


Parameters associated with the fs resource include the following: dir special raw type options

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 23 of 45

Sun Services

Zone Conguration Walk-Through


To create a zone, you must log in to the global system as root or a role-based access control (RBAC)-allowed user. The following shows an example of conguring a zone named work-zone:
1 2 3 4 5 6 7 8 global# zonecfg -z work-zone zonecfg:work-zone> create zonecfg:work-zone> set zonepath=/export/work-zone zonecfg:work-zone> set autoboot=true zonecfg:work-zone> set pool=pool_default zonecfg:work-zone> add fs zonecfg:work-zone:fs> set dir=/mnt zonecfg:work-zone:fs> set special=/dev/dsk/c0t0d0s7

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 24 of 45

Sun Services

Zone Conguration Walk-Through


9 zonecfg:work-zone:fs> set raw=/dev/rdsk/c0t0d0s7 10 zonecfg:work-zone:fs> set type=ufs 11 zonecfg:work-zone:fs> add options [logging] 12 zonecfg:work-zone:fs> end 13 zonecfg:work-zone> add inherit-pkg-dir 14 zonecfg:work-zone:inherit-pkg-dir> set dir=/opt/sfw 15 zonecfg:work-zone:inherit-pkg-dir> end 16 zonecfg:work-zone> add net 17 zonecfg:work-zone:net> set physical=ce0 18 zonecfg:work-zone:net> set address=192.168.0.1 19 zonecfg:work-zone:net> end 20 zonecfg:work-zone> add device 21 zonecfg:work-zone:device> set match=/dev/sound/*

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 25 of 45

Sun Services

Zone Conguration Walk-Through


22 28 29 30 31 32 33 34 zonecfg:work-zone:device> end zonecfg:work-zone:attr> set name=comment zonecfg:work-zone:attr> set type=string zonecfg:work-zone:attr> set value="The work zone." zonecfg:work-zone:attr> end zonecfg:work-zone> verify zonecfg:work-zone> commit zonecfg:work-zone> exit

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 26 of 45

Sun Services

Viewing the Zone Conguration


You can use the zonecfg command to view the zone conguration.
# zonecfg -z work-zone info zonepath: /export/work-zone autoboot: true pool: pool_default inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr ...

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 27 of 45

Sun Services

Using the zoneadm Command


The zoneadm command is the primary tool used to install and administer non-global zones. Operations using the zoneadm command must be run from the global zone.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 28 of 45

Sun Services

Using the zoneadm Command


The following tasks can be performed using the zoneadm command: Verify a zones configuration Install a zone Boot a zone Reboot a zone Display information about a running zone Uninstall a zone

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 29 of 45

Sun Services

Using the zoneadm Command


Verifying a configured zone You can verify a zone before you install it. If you skip this procedure, the verification is performed automatically when you install the zone.
global# zoneadm -z work-zone verify
Warning: /export/work-zone does not exist, so it cannot be verified. When zoneadm install is run, install will try to create /export/work-zone, and verify will be tried again, but the verify may fail if: the parent directory of /export/work-zone is group- or other-writable or /export/work-zone overlaps with any other installed zones.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 30 of 45

Sun Services

Using the zoneadm Command


Installing a configured zone You use the zoneadm -z zone_name install command to install a non-global zone.
global# zoneadm -z work-zone install

Zone installation takes time to complete. Booting a zone Booting a zone places the zone in the running state.
global# zoneadm -z work-zone boot global# zoneadm list -v ID NAME STATE PATH 0 global running / 1 work-zone running /export/work-zone

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 31 of 45

Sun Services

Using the zoneadm Command


Halting a zone The zoneadm halt command is used to remove both the application environment and the virtual platform for a zone.
global# zoneadm -z work-zone halt global# zoneadm list -v ID NAME STATE PATH 0 global running / - work-zone installed /export/work-zone

Rebooting a zone The zoneadm reboot command is used to reboot a zone.


global# zoneadm -z work-zone reboot

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 32 of 45

Sun Services

Using the zoneadm Command


Logging in to the zone console After you boot the zone for the first time, it is important to connect to the zones virtual console and complete the zones system identification before you can begin using the zone. Use the zlogin command with the -C option.
global# zlogin -C work-zone

The first time that you connect to the zones virtual console, the system identification process starts automatically. The ~. (tilde dot) character sequence terminates the console connection.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 33 of 45

Sun Services

Using the zoneadm Command


Deleting a zone The following zoneadm example removes a zone:
# zoneadm list -cp 0:global:running:/ 3:work-zone:running:/export/work-zone # zoneadm -z work-zone halt # zoneadm list -cp 0:global:running:/ -:work-zone:installed:/zones/work-zone # zoneadm -z work-zone uninstall Are you sure you want to uninstall zone work-zone (y/[n])? y # zoneadm list -cp 0:global:running:/ -:work-zone:configured:/export/work-zone # zonecfg -z work-zone delete Are you sure you want to delete zone work-zone (y/[n])? y # zoneadm list -cp 0:global:running:/
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 34 of 45

Sun Services

Installing Packages in Zones


The standard Solaris package management tools, for example, pkgadd and pkgrm, are used to administer packages in the zones environment. Package parameters listed in the pkginfo le for a package control how the Solaris package tools can administer the package. Currently, three package parameters control how packages are administered. They are as follows: SUNW_PKG_ALLZONES SUNW_PKG_HOLLOW SUNW_PKG_THISZONE
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 35 of 45

Sun Services

Installing Packages in Zones


You can list parameters for packages using the pkgparam command.
# pkgparam -v SUNWzoneu CLASSES='none' BASEDIR='/' LANG='C' (output omitted) EMAIL='' SUNW_PKGVERS='1.0' SUNW_PKG_ALLZONES='true' SUNW_PKG_HOLLOW='false' PSTAMP='gaget20050121155950' PKGINST='SUNWzoneu' PKGSAV='/var/sadm/pkg/SUNWzoneu/save' INSTDATE='Jan 26 2005 10:21'

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 36 of 45

Sun Services

Installing Packages in Zones


The -G option to the pkgadd command causes pkgadd to add a package to the current zone only. Package operations possible in the global zone If the package is not currently installed in the global zone and not currently installed in any non-global zone, the package can be installed according to the following guidelines: Only in the global zone, if SUNW_PKG_ALLZONES=false In the global zone and all non-global zones

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 37 of 45

Sun Services

Installing Packages in Zones


If the package is currently installed in the global zone only, the following guidelines apply: The package can be installed in all non-global zones. The package can be removed from the global zone.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 38 of 45

Sun Services

Installing Packages in Zones


If a package is currently installed in the global zone and currently installed in only a subset of the non-global zones, the following guidelines apply: SUNW_PKG_ALLZONES must be set to false. The package can be installed in all non-global zones. Existing instances in any non-global zone are updated to the revision being installed. The package can be removed from the global zone. The package can be removed from the global zone and from all non-global zones.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 39 of 45

Sun Services

Installing Packages in Zones


If a package is currently installed in the global zone and currently installed in all non-global zones, the package can be removed from the global zone and from all non-global zones. These rules ensure the following: Packages that are installed in the global zone are either installed in the global zone only, or installed in the global zone and all non-global zones. Packages that are installed in the global zone and also installed in any non-global zone are the same across all zones.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 40 of 45

Sun Services

Installing Packages in Zones


If a package is not currently installed in the non-global zone, the package can be installed only if SUNW_PKG_ALLZONES=false. If a package is currently installed in the non-global zone, the following guidelines apply: The package can be installed over the existing instance of the package only if SUNW_PKG_ALLZONES=false. The package can be removed from the non-global zone only if SUNW_PKG_ALLZONES=false.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 41 of 45

Sun Services

Upgrading Solaris 10 OS With Installed Non-Global Zones


The normal upgrade path from Solaris 10 to Solaris 10 01/06 is not available if installed zones are present. There are three options: Uninstall the zones, upgrade the OS, and reinstall the zones. Reinstall the entire OS from an initial install, with the loss of existing zones configuration. Use the new features of Solaris 10 update 01/06 to upgrade the OS and any installed zones.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 42 of 45

Sun Services

Solaris Install Media Support


The new upgrade method for Solaris 10 update 01/06 is only available on the DVD media. If no DVD reader is available, a network installation must be used.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 43 of 45

Sun Services

Upgrading the Solaris 10 OS


Boot the system to be installed. ok boot net - install Select Standard install. Choose Upgrade option. If installed zones are present, the upgrade continues with the new method.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 44 of 45

Sun Services

Using Custom Jumpstart


Custom jumpstart can be used to upgrade Solaris 10 update 01/06 with installed zones. Only two profile keywords should be used: install_type root_device Other keywords will be ignored or will cause jumpstart to fail. Ignored: cluster, geo, locale, package, patch Causes failure: backup_media, layout_constraint

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Module 15, slide 45 of 45

Sun Services

Module 16
Introduction to the ZFS File System

System Administration for the Solaris 10 Operating System, Part 2

Revision A

Sun Services

Objectives
Describe the Solaris ZFS file system Create new ZFS pools and file systems Modify ZFS file system properties Mount and unmount ZFS file systems Destroy ZFS pools and file systems Work with ZFS snapshots and Clones Use ZFS datasets with Solaris Zones

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 2 of 91

Sun Services

What Is Solaris ZFS?


ZFS Pooled Storage ZFS aggregates devices into storage pools. Transactional Semantics Any sequence of operations is either entirely committed or entirely ignored. Checksums and Self-Healing Data All data and metadata is checksummed, and detected errors are corrected using replicated data. Unparalleled Scalability Solaris ZFS is a 128-bit file system, allowing for 256 quadrillion zettabytes of storage.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 3 of 91

Sun Services

What Is ZFS?
ZFS Snapshots ZFS snapshots are read-only copies of file systems that initially consume no additional space in a pool. Simplified Administration ZFS uses a simplified command set, uses an hierarchical file system layout, supports file system property inheritance and automatic mount points.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 4 of 91

Sun Services

ZFS Terminology
checksum - A 256-bit hash of the data in a file system block. clone - A file system whose initial contents are identical to the contents of a snapshot. dataset - A generic name for the following ZFS entities: clones, file systems, snapshots, or volumes. file system - A dataset that contains a standard POSIX file system. mirror - A virtual device that stores identical copies of data on two or more disks.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 5 of 91

Sun Services

ZFS Terminology (cont.)


pool - A logical group of devices describing the layout and physical characteristics of the available storage. RAID-Z - A virtual device that stores data and parity on multiple disks, similar to RAID-5. resilvering -The process of transferring data from one device to another device is known as resilvering. snapshot - A read-only image of a file system or volume at a given point in time. virtual device - A logical device in a pool, which can be a physical device, a file, or a collection of devices. volume - A dataset used to emulate a physical device.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 6 of 91

Sun Services

ZFS Component Naming Requirements


Empty components are not allowed. Each component can only contain alphanumeric characters in addition to the following four special characters: Underscore (_) Hyphen (-) Colon (:) Period (.)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 7 of 91

Sun Services

ZFS Component Naming Requirements (cont.)


Pool names must begin with a letter, except that the beginning sequence c[0-9] is not allowed. In addition, pool names that begin with mirror, raidz, or spare are not allowed as these name are reserved. Dataset names must begin with an alphanumeric character.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 8 of 91

Sun Services

ZFS Hardware and Software Requirements and Recommendations


A SPARC or x86 system that is running the Solaris 10 6/06 release. The minimum disk size is 128 Mbytes. The minimum amount of disk space required for a storage pool is approximately 64 Mbytes. For good ZFS performance, at least one Gbyte or more of memory is recommended. If you create a mirrored disk conguration, multiple controllers are recommended.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 9 of 91

Sun Services

Creating ZFS File Systems


One goal of the ZFS design is to reduce the number of commands needed to create a usable le system. When you create a new pool, a new ZFS le system is created and mounted automatically. Within a pool, you will probably want to create additional le systems. In most cases, you will probably want to create and organize a hierarchy of le systems that matches your organizational needs.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 10 of 91

Sun Services

Components of a ZFS Storage Pool


Using Disks in a ZFS Storage Pool Physical storage can be any block device of at least 128 Mbytes in size. Typically, this device is a hard drive that is visible to the system in the /dev/dsk directory. A storage device can be a whole disk (c1t0d0) or an individual slice (c0t0d0s7). The recommended mode of operation is to use an entire disk. ZFS applies an EFI label when you create a storage pool with whole disks.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 11 of 91

Sun Services

Components of a ZFS Storage Pool (cont.)


Using Disks in a ZFS Storage Pool (continued) Disks can be specied by using either the full path, such as /dev/dsk/c1t0d0, or a shorthand name. For example, the following are valid disk names: c1t0d0 /dev/dsk/c1t0d0 c0t0d6s2 ZFS works best when given whole physical disks.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 12 of 91

Sun Services

Components of a ZFS Storage Pool (cont.)


Using Files in a ZFS Storage Pool ZFS also allows you to use UFS les as virtual devices in your storage pool. This feature is aimed primarily at testing and enabling simple experimentation, not for production use. The reason is that any use of les relies on the underlying le system for consistency. All les must be specied as complete paths and must be at least 128 Mbytes in size.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 13 of 91

Sun Services

Components of a ZFS Storage Pool (cont.)


ZFS pools can consist of whole disks, disk slices, or les.

Pool
File (for test only)

Whole disk (preferred)

Disk slice

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 14 of 91

Sun Services

Components of a ZFS Storage Pool (cont.)


Virtual Devices in a Storage Pool Each storage pool is comprised of one or more virtual devices. Two top-level virtual devices provide data redundancy: mirror and RAID-Z virtual devices. These virtual devices consist of disks, disk slices, or les. Disks, disk slices, or les that are used in pools outside of mirrors and RAID-Z virtual devices, function as top-level virtual devices themselves. Storage pools typically contain multiple top-level virtual devices. ZFS dynamically stripes data among all of the toplevel virtual devices in a pool.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 15 of 91

Sun Services

Components of a ZFS Storage Pool (cont.)


A ZFS pool that uses disks as top level virtual devices provides no data replication.
Stripe 1

0101 00 1

Data 01 1 10
0 Stripe 2 1 0 1 0 1 0

00

Stripe 3

10

36

01

36

36

36

36

36

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 16 of 91

Sun Services

Replication Features of a ZFS Storage Pool


Mirrored Storage Pool Conguration A mirrored storage pool conguration requires at least two disks, preferably on separate controllers. You can create more than one mirror in each pool. A simple mirrored conguration would look similar to the following:
mirror c1t0d0 c2t0d0

A more complex mirrored conguration would look similar to the following:


mirror c1t0d0 c2t0d0 c3t0d0 mirror c4t0d0 c5t0d0 c6t0d0

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 17 of 91

Sun Services

Replication Features of a ZFS Storage Pool (cont.)


ZFS stripes data among mirror virtual devices in a pool, and data is replicated within each mirror.

Stripe 1

10

01 001

Data

01 1 1

00 0

Stripe 2

10

Mirror device

01

Mirror device

36

36

36

36

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 18 of 91

Sun Services

Replication Features of a ZFS Storage Pool (cont.)


RAID-Z Storage Pool Conguration RAID-Z is similar to RAID-5. In RAID-Z, ZFS uses variable-width RAID stripes so that all writes are full-stripe writes. You need at least two disks for a RAID-Z conguration. Conceptually, RAID-Z conguration with three disks would look similar to the following:
raidz c1t0d0 c2t0d0 c3t0d0

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 19 of 91

Sun Services

Replication Features of a ZFS Storage Pool (cont.)


RAID-Z Storage Pool Conguration (continued) A more complex conceptual RAID-Z conguration would look similar to the following:
raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 c5t0d0 c6t0d0 c7t0d0 raidz c8t0d0 c9t0d0 c10t0d0 c11t0d0 c12t0d0 c13t0d0 c14t0d0

If you are creating a RAID-Z conguration with many disks, as in this example, a RAID-Z conguration with 14 disks is better split into a two 7-disk groupings. RAID-Z congurations with single-digit groupings of disks should perform better.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 20 of 91

Sun Services

Replication Features of a ZFS Storage Pool (cont.)


ZFS uses variable width stripes within RAID-Z devices.
Data
0 1 0 1 0 1 0

RAID-Z device

36

36

36

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 21 of 91

Sun Services

Replication Features of a ZFS Storage Pool (cont.)


Self-Healing Data in a Replicated Conguration ZFS provides for self-healing data in a mirrored or RAID-Z conguration. When a bad data block is detected, not only does ZFS fetch the correct data from another replicated copy, but it also repairs the bad data by replacing it with the good copy.

Dynamic Striping in a Storage Pool


For each virtual device that is added to the pool, ZFS dynamically stripes data across all available devices. No xed width stripes are created at allocation time.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 22 of 91

Sun Services

Replication Features of a ZFS Storage Pool (cont.)


ZFS dynamically stripes data across all virtual devices in a pool.

Stripe 1

00

0101

Data

01 1 1

00 0

Stripe 2

10

RAID-Z device

01

RAID-Z device

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 23 of 91

Sun Services

Replication Features of a ZFS Storage Pool (cont.)


Dynamic Striping in a Storage Pool (continued) When virtual devices are added to a pool, ZFS gradually allocates data to the new device in order to maintain performance and space allocation policies. While ZFS supports combining different types of virtual devices within the same pool, this practice is not recommended.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 24 of 91

Sun Services

Creating and Destroying ZFS Storage Pools


By design, creating and destroying pools is fast and easy. However, be cautious when doing these operations. Creating a ZFS Storage Pool To create a storage pool, use the zpool create command. This command takes a pool name and any number of virtual devices as arguments. Creating a Basic Storage Pool The following command creates a new pool named tank that consists of the disks c1t0d0 and c1t1d0:
# zpool create tank c1t0d0 c1t1d0

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 25 of 91

Sun Services

Creating and Destroying ZFS Storage Pools (cont.)


Creating a Mirrored Storage Pool To create a mirrored pool, use the mirror keyword, followed by any number of storage devices that will comprise the mirror.
# zpool create tank mirror c1d0 c2d0 mirror c3d0 c4d0

Creating a Single-Parity RAID-Z Storage Pool Creating a RAID-Z pool is identical to creating a mirrored pool, except that the raidz keyword is used instead of mirror.
# zpool create tank raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 /dev/dsk/c5t0d0
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 26 of 91

Sun Services

Creating and Destroying ZFS Storage Pools (cont.)


Creating a Double-Parity RAID-Z Storage Pool You can create a double-parity RAID-Z conguration by using the raidz2 keyword when the pool is created. For example:
# zpool create tank raidz2 c1t0d0 c2t0d0 c3t0d0

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 27 of 91

Sun Services

Creating and Destroying ZFS Storage Pools (cont.)


Detecting in Use Devices
Before formatting a device, ZFS rst determines if the disk is in use by ZFS or some other part of the operating system. If the disk is in use, you might see errors such as the following:
# zpool create tank c1t0d0 c1t1d0 invalid vdev specification use -f to override the following errors: /dev/dsk/c1t0d0s0 is currently mounted on / /dev/dsk/c1t0d0s1 is currently mounted on swap /dev/dsk/c1t1d0s0 is part of active ZFS pool zeepool Please see zpool(1M)

Some of these errors can be overridden by using the -f option, but most errors cannot.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 28 of 91

Sun Services

Creating and Destroying ZFS Storage Pools (cont.)


Mismatched Replication Levels Creating pools with virtual devices of different replication levels is not recommended. The zpool command tries to prevent you from accidentally creating a pool with mismatched replication levels. Doing a Dry Run of Storage Pool Creation The zpool create command with the -n option simulates creating the pool without actually writing data to disk.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 29 of 91

Sun Services

Creating and Destroying ZFS Storage Pools (cont.)


Destroying ZFS Storage Pools Pools are destroyed by using the zpool destroy command.
# zpool destroy tank

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 30 of 91

Sun Services

Querying ZFS Storage Pool Status


The zpool list command provides a number of ways to request information regarding pool status. Listing Information About All Storage Pools With no arguments, the zpool list command displays all the elds for all pools on the system. For example:
# zpool list NAME SIZE USED AVAIL tank 80.0G 22.3G 47.7G dozer 1.2T 384G 816G CAP HEALTH ALTROOT 28% ONLINE 32% ONLINE -

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 31 of 91

Sun Services

Querying ZFS Storage Pool Status (cont.)


Listing Specic Storage Pool Statistics You can request specic statistics by using the -o option. For example, to list only the name and size of each pool, you use the following syntax:
# zpool NAME tank dozer list -o name,size SIZE 80.0G 1.2T

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 32 of 91

Sun Services

Querying ZFS Storage Pool Status (cont.)


Health Status of ZFS Storage Pools ZFS provides an integrated method of examining pool and device health. The health of a pool is determined from the state of all its devices. This state information is displaying by using the zpool status command. Each device can fall into one of the following states: ONLINE DEGRADED FAULTED
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 33 of 91

Sun Services

Querying ZFS Storage Pool Status (cont.)


Health Status of ZFS Storage Pools (continued) OFFLINE UNAVAILABLE Basic Storage Pool Health Status The simplest way to request a quick overview of pool health status is to use the zpool status command:
# zpool status -x all pools are healthy

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 34 of 91

Sun Services

Querying ZFS Storage Pool Status (cont.)


Detailed Health Status You can request a more detailed health summary by using the -v option. For example:
# zpool status -v tank pool: tank state: DEGRADED status: One or more devices could not be opened. Sufficient replicas exist for the pool to continue functioning in a degraded state. action: Attach the missing device and online it using zpool online. see: http://www.sun.com/msg/ZFS-8000-2Q scrub: none requested config: NAME STATE READ WRITE CKSUM tank DEGRADED 0 0 0 mirror DEGRADED 0 0 0 c1t0d0 FAULTED 0 0 0 cannot open c1t1d0 ONLINE 0 0 0 errors: No known data errors

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 35 of 91

Sun Services

Creating and Destroying ZFS File Systems


Creating a ZFS File System You use the zfs create command to create ZFS le systems. The create subcommand takes a single argument: the name of the le system to create. Specify the le system name as a path name starting from the name of the pool: pool-name/[filesystem-name/]filesystem-name The pool name and initial le system names in the path identify the location in the hierarchy where the new le system will be created. All the intermediate le system names must already exist in the pool.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 36 of 91

Sun Services

Creating and Destroying ZFS File Systems (cont.)


Creating a ZFS File System (cont.) In the following example, a le system named bonwick is created in the tank/home le system.
# zfs create tank/home/bonwick

ZFS automatically mounts the newly created le system if it is created successfully.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 37 of 91

Sun Services

Creating and Destroying ZFS File Systems (cont.)


Destroying a ZFS File System You use the zfs destroy command to destroy ZFS le systems. The destroyed le system is automatically unmounted and unshared. In the following example, the tabriz le system is destroyed.
# zfs destroy tank/home/tabriz

If the le system to be destroyed is busy and so cannot be unmounted, the zfs destroy command fails. The zfs destroy command also fails if a le system has children.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 38 of 91

Sun Services

Creating and Destroying ZFS File Systems (cont.)


Renaming a ZFS File System You use the zfs rename command to rename ZFS le systems. The rename subcommand can perform the following operations: Change the name of a file system. Relocate the file system to a new location within the ZFS hierarchy. Change the name of a file system and relocate it within the ZFS hierarchy.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 39 of 91

Sun Services

Creating and Destroying ZFS File Systems (cont.)


Renaming a ZFS File System (cont.) The following example uses the rename subcommand to simply rename a le system:
# zfs rename tank/home/kustarz tank/home/kustarz_old

The following example shows how to use zfs rename to relocate a le system.
# zfs rename tank/home/maybee tank/ws/maybee

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 40 of 91

Sun Services

ZFS Properties
Properties provide the main mechanism that you use to control the behavior of le systems, volumes, snapshots, and clones. Properties are either read-only statistics or settable properties. Most settable properties are also inheritable. An inheritable property is a property that, when set on a parent, is propagated to all of its descendants.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 41 of 91

Sun Services

ZFS Properties (cont.)


All inheritable properties have an associated source. The source indicates how a property was obtained. The source of a property can have the following values: default local inherited from dataset-name temporary - (none)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 42 of 91

Sun Services

ZFS Properties (cont.)


Property Name
aclinherit

Type
String

Default Value
secure

Description
Controls how ACL entries are inherited when les and directories are created. Controls how an ACL entry is modied during a chmod operation Controls whether the access time for les is updated when they are read.

aclmode

String

groupmask

atime

Boolean

on

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 43 of 91

Sun Services Property Name


available

Type
Number

Default Value
N/A

Description
Read-only property that identies the amount of space available to the dataset and all its children, assuming no other activity in the pool. Controls the checksum used to verify data integrity. Controls the compression algorithm used for this dataset. Read-only property that identies the compression ratio achieved for this dataset. Read-only property that identies the date and time that this dataset was created.

checksum compression
compressratio

String String Number

on off N/A

creation

Number

N/A

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 44 of 91

Sun Services Property Name


devices

Type
Boolean

Default Value
on

Description
Controls whether device nodes found within this le system can be opened. Controls whether programs within this le system are allowed to be executed. Read-only property that indicates whether this le system, clone, or snapshot is currently mounted. Controls the mount point used for this le system.

exec

Boolean

on

mounted

Boolean

N/A

mountpoint

String

N/A

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 45 of 91

Sun Services Property Name


origin

Type
String

Default Value
N/A

Description
Read-only property for cloned le systems or volumes that identies the snapshot from which the clone was created. Limits the amount of space a dataset and its descendants can consume. Controls whether this dataset can be modied. Species a suggested block size for les in the le system. Read-only property that identies the amount of data accessible by this dataset.

quota

Number none (or none) Boolean Number Number off 128K N/A

readonly recordsize referenced

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 46 of 91

Sun Services Property Name


reservation

Type

Default Value

Description
The minimum amount of space guaranteed to a dataset and its descendants. Controls whether the le system is available over NFS, and what options are used. Controls whether setuid the bit is honored in the le system. Controls whether the .zfs directory is hidden or visible in the root of the le system. Read-only property that identies the dataset type as lesystem (le system or clone), volume, or snapshot.

Number none (or none) String off

sharenfs

setuid snapdir

Boolean String

on hidden

type

String

N/A

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 47 of 91

Sun Services Property Name


used

Type
Number

Default Value
N/A

Description
Read-only property that identies the amount of space consumed by the dataset and all its descendants. For volumes, species the logical size of the volume. For volumes, species the block size of the volume. Indicates whether this dataset has been delegated to a non-global zone.

volsize

Number

N/A 8 Kbytes N/A

volblocksize Number zoned Boolean

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 48 of 91

Sun Services

ZFS Properties (cont.)


Read-Only ZFS Properties Read-only properties are properties that you can retrieve, but not set. Read-only properties are not inherited. Settable ZFS Properties Settable properties are properties whose values you can both retrieve and set. Settable properties are set by using the zfs set command. With the exceptions of quotas and reservations, settable properties are inherited.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 49 of 91

Sun Services

Querying ZFS File System Information


The zfs list command provides an extensible mechanism for viewing and querying dataset information. Listing Basic ZFS Information You can list basic dataset information by using the zfs list command with no options. For example:
# zfs list NAME USED pool 84.0K pool/clone 0 pool/test 8K pool/home 17.5K pool/home/marks 8.50K pool/home/marks@snap 0 AVAIL 33.5G 33.5G 33.5G 33.5G 33.5G REFER MOUNTPOINT - /pool 8.50K /pool/clone 8K /test 9.00K /pool/home 8.50K /pool/home/marks 8.50K /pool/home/marks@snap

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 50 of 91

Sun Services

Querying ZFS File System Information (cont.)


Listing Basic ZFS Information (cont.) You can also use the zfs list command to display specic datasets by providing the dataset name on the command line. Use the the -r option to recursively display all descendants of a dataset. Creating Complex ZFS Queries The zfs list output can be customized by using of the o, -t, and -H options. For example:
# zfs list -o name,sharenfs,mountpoint NAME SHARENFS MOUNTPOINT tank rw /export
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 51 of 91

Sun Services

Querying ZFS File System Information (cont.)


Creating Complex ZFS Queries (cont.) You can use the -t option to specify the types of datasets to display. The valid types are: filesystem volume snapshot You can use the -H option to omit the zfs list header from the generated output. With the -H option, all white space is output as tabs. This option can be useful when you need parsable output.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 52 of 91

Sun Services

Managing ZFS Properties


Dataset properties are managed through the zfs commands set, inherit, and get subcommands. Setting ZFS Properties You can use the zfs set command to modify any settable dataset property. Only one property at a time can be set or modied using zfs set. The following example sets the atime property to off for tank/home.
# zfs set atime=off tank/home

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 53 of 91

Sun Services

Managing ZFS Properties (cont.)


Inheriting ZFS Properties All settable properties, with the exception of quotas and reservations, inherit their value from their parent. If no ancestor has an explicit value set for an inherited property, the default value for the property is used. You can use the zfs inherit command is to clear a property setting, thus causing the setting to be inherited from the parent. The inherit subcommand applies recursively when you specify the -r option.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 54 of 91

Sun Services

Managing ZFS Properties (cont.)


Querying ZFS Properties The simplest way to query property values is by using the zfs list command. For more complex queries and for scripting, you can use the zfs get command to obtain more detailed information in a customized format. You can use the zfs get command to retrieve any dataset property. For example:
# zfs get checksum tank/ws NAME PROPERTY VALUE SOURCE tank/ws checksum on default

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 55 of 91

Sun Services

Managing ZFS Properties (cont.)


Querying ZFS Properties (cont.) The fourth column in zfs get output, SOURCE, indicates how a property value has been set. The possible source values are: default inherited from dataset-name local temporary - (none)

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 56 of 91

Sun Services

Managing ZFS Properties (cont.)


Querying ZFS Properties (cont.) You can use the special keyword all to retrieve all dataset properties. The following example uses the all keyword to retrieve all existing dataset properties:
# zfs get all pool NAME PROPERTY pool type pool creation pool used <output omitted> VALUE SOURCE filesystem Mon Mar 13 11:41 2006 2.62M -

The -s option to zfs get enables you to specify, by source value, the type of properties to display.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 57 of 91

Sun Services

Mounting ZFS File Systems


Managing ZFS Mount Points By default, all ZFS le systems are mounted by ZFS at boot by using SMFs svc://system/filesystem/local service. File systems are mounted under /path, where path is the name of the le system. You can override the default mount point by using the zfs set command to set the mountpoint property to a specic path. ZFS automatically creates this mount point, if needed. The mountpoint property is inherited.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 58 of 91

Sun Services

Mounting ZFS File Systems (cont.)


Managing ZFS Mount Points (cont.) You can set the mountpoint property to none to prevent a le system from being mounted. If desired, you can explicitly manage le systems through legacy mount interfaces by setting the mountpoint property to legacy.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 59 of 91

Sun Services

Mounting ZFS File Systems (cont.)


Automatic Mount Points When you create a pool, you can set the default mount point for the root dataset by using zpool create -m. Any dataset whose mountpoint property is not legacy is managed by ZFS. When you change the mountpoint property, the le system is automatically unmounted from the old mount point and remounted to the new mount point. Mount point directories are created as needed.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 60 of 91

Sun Services

Mounting ZFS File Systems (cont.)


Legacy Mount Points You can manage ZFS le systems with legacy tools by setting the mountpoint property to legacy. Legacy le systems must be managed through the mount and umount commands and the /etc/vfstab le. The following examples show how to set up and manage a ZFS dataset in legacy mode:
# zfs set mountpoint=legacy tank/home/eschrock # mount -F zfs tank/home/eschrock /mnt

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 61 of 91

Sun Services

Mounting ZFS File Systems (cont.)


Mounting ZFS File Systems
ZFS automatically mounts le systems when le systems are created or when the system boots. The zfs mount command is only necessary when changing mount options, or explicitly mounting or unmounting le systems. The zfs mount command with no argument shows all currently mounted le systems that are managed by ZFS.
# zfs mount tank tank/home tank/home/bonwick /tank /tank/home /tank/home/bonwick

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 62 of 91

Sun Services

Mounting ZFS File Systems (cont.)


Mounting ZFS File Systems (cont.) You can use the -a option to mount all ZFS managed le systems. For example:
# zfs mount -a

This command does not mount legacy managed le systems. When a le system mounts, it uses a set of mount options based on the property values associated with the dataset.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 63 of 91

Sun Services

Mounting ZFS File Systems (cont.)


Temporary Mount Properties If you explicitly set mount options by using the -o option with the zfs mount command, the corresponding property value is temporarily overridden. In the following example, the read-only mount option is temporarily set on the tank/home/perrin le system:
# zfs mount -o ro tank/home/perrin

To temporarily change a property on a le system that is currently mounted, you must use the special remount option.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 64 of 91

Sun Services

Mounting ZFS File Systems (cont.)


Unmounting ZFS File Systems You can unmount le systems by using the zfs unmount subcommand. The unmount command accepts either the mount point or the le system name as an argument. In the following example, a le system is unmounted by specifying its le system name:
# zfs unmount tank/home/tabriz

In the following example, the le system is unmounted by specifying its mount point:
# zfs unmount /export/home/tabriz

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 65 of 91

Sun Services

ZFS Web-Based Management


A web-based ZFS management tool is available to perform many administrative actions. You can access the ZFS Administration console through a secure web browser at the following URL:
https://system-name:6789/zfs

If you type the appropriate URL and are unable to reach the ZFS Administration console, the server might not be started. To start the server, run the following command:
# /usr/sbin/smcwebserver start

If you want the server to run automatically when the system boots, run the following command:
# /usr/sbin/smcwebserver enable

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 66 of 91

Sun Services

ZFS Snapshots
A snapshot is a read-only copy of a le system or volume. Snapshots are created almost instantly, and initially consume no additional disk space within the pool. ZFS snapshots include the following features: Snapshots persist across system reboots. The theoretical maximum number of snapshots is 264. Snapshots use no separate backing store. Snapshots consume disk space directly from the same storage pool as the file system from which they were created.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 67 of 91

Sun Services

ZFS Snapshots (cont.)


Creating and Destroying ZFS Snapshots You use the zfs snapshot command to create ZFS snapshots. The zfs snapshot command takes the name of the snapshot to create as its only argument. Snapshot names use the following format:
filesystem@snapname volume@snapname

The following example creates a snapshot of tank/home/ ahrens that is named friday.
# zfs snapshot tank/home/ahrens@friday

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 68 of 91

Sun Services

ZFS Snapshots (cont.)


Creating and Destroying ZFS Snapshots Snapshots have no modiable properties. Dataset properties cannot be applied to a snapshot. You use the zfs destroy command to destroy a ZFS snapshot. For example:
# zfs destroy tank/home/ahrens@friday

A dataset cannot be destroyed if snapshots of the dataset exist. In addition, if clones have been created from a snapshot, then they must be destroyed before the snapshot can be destroyed.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 69 of 91

Sun Services

ZFS Snapshots (cont.)


Renaming ZFS Snapshots You can rename snapshots, but they must remain within the pool and dataset from which they were created. For example:
# zfs rename tank/home/cindys@031306 tank/home/cindys@today

Displaying and Accessing ZFS Snapshots Snapshots of le systems are accessible in the .zfs/ snapshot directory within the root of the containing le system. For example:
# ls /home/ahrens/.zfs/snapshot tuesday wednesday thursday

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 70 of 91

Sun Services

ZFS Snapshots (cont.)


Displaying and Accessing ZFS Snapshots (cont.) You can list all snapshots as follows:
# zfs list -t snapshot NAME USED AVAIL REFER MOUNTPOINT pool/home/anne@monday 0 - 780K pool/home/bob@monday 0 - 1.01M <output omitted>

You can list snapshots that were created for a particular le system as follows:
# zfs list -r -t snapshot -o name,creation pool/home NAME CREATION pool/home/anne@monday Mon Mar 13 11:46 2006 pool/home/bob@monday Mon Mar 13 11:46 2006

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 71 of 91

Sun Services

ZFS Snapshots
Snapshot Space Accounting When you create a snapshot, its space is initially shared between the snapshot and the le system, and possibly with previous snapshots. As the le system changes, space that was previously shared becomes unique to the snapshot, and thus is counted in the snapshots used property. Additionally, deleting snapshots can increase the amount of space unique to (and thus used by) other snapshots.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 72 of 91

Sun Services

ZFS Snapshots (cont.)


Rolling Back to a ZFS Snapshot You can use the zfs rollback command to discard all changes made since a specic snapshot. The zfs rollback command causes the le system to revert to its state at the time the snapshot was taken. By default, the zfs rollback command cannot roll back to a snapshot other than the most recent snapshot. To roll back to an earlier snapshot, you must destroy all intermediate snapshots. You can destroy more recent snapshots by specifying the -r option.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 73 of 91

Sun Services

ZFS Clones
A clone is a writable volume or le system whose initial contents are the same as the snapshot from which it was created. As with snapshots, creating a clone is nearly instantaneous, and initially consumes no additional disk space. You can only create clones from a snapshot. When you clone a snapshot, an implicit dependency is created between the clone and snapshot. A clone does not inherit properties from the dataset from which it was created.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 74 of 91

Sun Services

ZFS Clones (cont.)


Creating a ZFS Clone To create a clone, use the zfs clone command. Specify the snapshot from which to create the clone, and the name of the new le system or volume. The new le system or volume can be located anywhere in the ZFS hierarchy within the same pool. The following example creates a new clone named tank/ home/ahrens/bug123, with the same initial contents as the snapshot tank/ws/gate@yesterday.
# zfs snapshot tank/ws/gate@yesterday # zfs clone tank/ws/gate@yesterday tank/home/ahrens/bug123

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 75 of 91

Sun Services

ZFS Clones (cont.)


Destroying a ZFS Clone You use the zfs destroy command to destroy ZFS clones. For example:
# zfs destroy tank/home/ahrens/bug123

Clones must be destroyed before the parent snapshot can be destroyed.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 76 of 91

Sun Services

ZFS Clones (cont.)


Replacing a ZFS File System With a ZFS Clone You can use the zfs promote command to replace an active ZFS le system with a clone of that le system. This feature facilitates the ability to clone and replace le systems so that the origin le system become the clone of the specied le system. In addition, this feature makes it possible to destroy the le system from which the clone was originally created. Without clone promotion, you cannot destroy a origin le system of active clones.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 77 of 91

Sun Services

ZFS Clones (cont.)


Replacing a ZFS File System With a ZFS Clone In the following example, the tank/test/productA le system is cloned and then the clone le system, tank/test/ productAbeta becomes the tank/test/productA le system.
# zfs create tank/test # zfs create tank/test/productA # zfs snapshot tank/test/productA@today # zfs clone tank/test/productA@today tank/test/productAbeta # zfs list -r tank/test NAME USED AVAIL REFER MOUNTPOINT tank/test 314K 8.24G 25.5K /tank/test tank/test/productA 288K 8.24G 288K /tank/test/productA tank/test/productA@today 0 288K tank/test/productAbeta 0 8.24G 288K /tank/test/productAbeta

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 78 of 91

Sun Services

ZFS Clones (cont.)


Replacing a ZFS File System With a ZFS Clone
# zfs promote tank/test/productAbeta # zfs list -r tank/test NAME USED AVAIL REFER MOUNTPOINT tank/test 316K 8.24G 27.5K /tank/test tank/test/productA 0 8.24G 288K /tank/test/productA tank/test/productAbeta 288K 8.24G 288K /tank/test/productAbeta tank/test/productAbeta@today 0 288K -

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 79 of 91

Sun Services

ZFS Clones (cont.)


Replacing a ZFS File System With a ZFS Clone Complete the clone replacement process by renaming the le systems. For example:
# zfs rename tank/test/productA tank/test/productAlegacy # zfs rename tank/test/productAbeta tank/test/productA # zfs list -r tank/test NAME USED AVAIL REFER MOUNTPOINT tank/test 316K 8.24G 27.5K /tank/test tank/test/productA 288K 8.24G 288K /tank/test/productA tank/test/productA@today 0 288K tank/test/productAlegacy 0 8.24G 288K /tank/test/ productAlegacy

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 80 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed


You can associate ZFS datasets with non-global zones either by adding them to the zones, or delegating them to the zones. Typically you would associate ZFS le systems or volumes with non-global zones. For example, adding a le system to a non-global zone allows the non-global zone to share space with the global zone. As an added dataset, the non-global zone administrator cannot control properties of the le system, or create new ZFS le systems below the added le system.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 81 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


When you delegate a dataset to a non-global zone, you give complete control over the dataset and all its children to the zone administrator. For example, if you delegate a le system to a non-global zone, the zone administrator can create and destroy le systems within that dataset, and modify their properties. The zone administrator cannot affect datasets that have not been delegated to the zone, and cannot exceed any top-level quotas set on the delegated dataset.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 82 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Adding ZFS File Systems to a Non-Global Zone You can add a ZFS le system as a generic le system when the goal is solely to share space with the global zone. A ZFS le system that is added to a non-global zone must have its mountpoint property set to legacy. You can add a ZFS le system to a non-global zone by using the add fs subcommand in zonecfg. For example:
zonecfg:zone1> add fs zonecfg:zone1:fs> set type=zfs zonecfg:zone1:fs> set special=tank/zone/zone1 zonecfg:zone1:fs> set dir=/export/shared zonecfg:zone1:fs> end
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 83 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Delegating Datasets to a Non-Global Zone If the primary goal is to delegate the administration of storage to a zone, then ZFS supports adding datasets to a non-global zone through use of the add dataset subcommand in zonecfg. For example:
zonecfg:zone1> add dataset zonecfg:zone1:dataset> set name=tank/zone/zone1 zonecfg:zone1:dataset> end

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 84 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Delegating Datasets to a Non-Global Zone (cont.) The zone administrator can set le system properties, and create new le systems below the delegated le system. In addition, the zone administrator can take snapshots, create clones, and otherwise control the entire le system hierarchy from the delegated le system down.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 85 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Adding ZFS Volumes to a Non-Global Zone You can add emulated volumes to a non-global zone by using the add device subcommand in zonecfg. In the following example, a ZFS emulated volume is added to a non-global zone by the administrator in the global zone:
zonecfg:zone1> add device zonecfg:zone1:device> set match=/dev/zvol/dsk/tank/vol zonecfg:zone1:device> end

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 86 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Using ZFS Storage Pools Within a Zone You cannot create or modify ZFS storage pools from within a non-global zone. The delegated administration model centralizes control of physical storage devices within the global zone, and control of virtual storage to non-global zones. While a pool-level dataset can be added to a non-global zone, any command that modies the physical characteristics of the pool, such as creating, adding, or removing devices, is not allowed from within a non-global zone.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 87 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Property Management Within a Non-Global Zone
Once a dataset is delegated to a zone, the zone administrator can control specic dataset properties. When a dataset is delegated to a zone, its ancestors are visible to zfs list in the non-global zone, but their content remains inaccessible. The delegated dataset itself is writable, as are all its children. The zone administrator cannot change the sharenfs property, because non-global zones cannot act as NFS servers. Neither can the zone administrator change the zoned property.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 88 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Understanding the zoned Property When a dataset is added to a non-global zone, the dataset must be specially marked so that certain properties are not interpreted within the context of the global zone. Once a dataset has been added to a non-global zone under the control of a zone administrator, its contents can no longer be trusted. ZFS uses the zoned property to indicate that a dataset has been delegated to a non-global zone at one point in time.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 89 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Understanding the zoned Property The zoned property is a boolean value that is automatically turned on when a zone containing a ZFS dataset is rst booted. If the zoned property is set, the dataset cannot be mounted or shared in the global zone. When a dataset is removed from a zone or a zone is destroyed, the zoned property is not automatically cleared.

System Administration for the Solaris 10 Operating System, Part 2


Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 90 of 91

Sun Services

Using ZFS on a Solaris System With Zones Installed (cont.)


Understanding the zoned Property
To prevent accidental security risks, the zoned property must be manually cleared by the global administrator if you want to reuse the dataset in any way. Before setting the zoned property to off, make sure that the mountpoint property for the dataset and all its children are set to reasonable values and that no setuid binaries exist, or turn off the setuid property. Once you have veried that no security vulnerabilities are left, the zoned property can be turned off by using the zfs set or zfs inherit commands.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Module 16, slide 91 of 91