Solaris 10 Technology in GCCS-J - R2ad.com
Transcript of Solaris 10 Technology in GCCS-J - R2ad.com
Solaris 10 Technology in GCCS-JSolaris 10 Technology in GCCS-J
UnclassifiedUnclassified
UnclassifiedUnclassified
Acknowledgements….GCCS-J Systems Engineering
Buccaneer Computer Systems & Service, Inc.Sun Microsystems, Inc.
R2AD, LLC
Tech Preview for AdministratorsTech Preview for Administrators
Video Production by BiblioTronix, LLC
2
Solaris 10 has many new features!Solaris 10 has many new features!
• DTrace
– Extensible traces and reports for system diagnostics
• Security Enhancements
• Much More
• Service Management Facility (SMF)
– View system wide service status
– New service approach to replace /etc/rc?.d• New model for system management
• Zones
– Containers (virtual instances of an OS)
– Main Focus of this briefing….
3
Service ManagementService Management
• “The service management facility defines aprogramming model for providing persistently runningapplications called services”
– Services are described using XML and startup based ondependencies and if enabled.
– Older RC scripts can be converted
• Commands and Directories to know…
– Service meta XML files are kept in /var/svc/manifest
– Service scripts are kept in /lib/svc/method
– Use the svccfg command to create services
– Use the svcadm command to manage services
– Use “svcs” to get current statuses services
4
Zones in GCCS-J OverviewZones in GCCS-J Overview
• Zones provide for server consolidation bycreating a virtual Solaris-10 Containers which:
– have their own IP Address
– own Hostname
– separate root and user accounts/passwords
– application and directory structures
One Server…. ….many zones:
5
Global Zone and Zone ManagementGlobal Zone and Zone Management
• Every Solaris-10 instance has one Global Zone
Global Zone
Machine/Box A:
– List zones from global zones using this command:• zoneadm list
Global Zone
Machine/Box B:
– Verbose output and include those zones not running:• zoneadm list -vic
– Create and manage additional non-global zones• zonecfg and zoneadm
6
Solaris 10 Global ZoneSolaris 10 Global Zone
Each GCCS server is deployed with a global zone containing aminimum “core” segment load. The global zone is used for systemadministration functions only.
•SSFP
•COE Kernel
•GSOLPT
•GJASS
•WEBMIN
•GCCS01
•JAVA2
•J2JRE
•SYSMAN
•UPTDSL
•SECBNR
•PRINTS
•PRINTD
•FFWEB
•others
Global zone
Global zone
-Static
-Used to manage hardware configuration
and maintenance
-Controls access to physical devices
-Can set the system time
-Can be imaged as a base load
/ file system
“global” and non-
global zone file
systems
core others
7
Zones Provide FlexibilityZones Provide Flexibility
All-in-One Option Normal Build Process Sun4V Architecture Option
I3SYB
I3SYB I3ZNS
attach Restore
I3APPI3ZNSSolaris
attach
Install
OS+ core
segments
Restore
Restore I3GLZ
or I3SYB
T2000V440V490High-end box
(ie: V880)
8
Flexible Zone and File SystemsFlexible Zone and File Systems
Solaris 10 11/06
TMSGW
Zone
NS
Zone
APPM
Zone
ORACLE
Zone
SECURITY
Zone
(SAFE)
APPL
Zone
PROXY
Zone
SECURITY zone
/ora01 file system
ORACLE zone
/ora01 file system
I3 Sybase
Zone
I3 Appserver
Zone
Sybase
SDS1 and SDS2
file system
Imagery
CLNTSRV
Zone
TMS
Zone
/h/USERS/global
file system
/h/data/global file
system
9
Assigning Hardware ComponentsAssigning Hardware Components
to Non-global zonesto Non-global zones
•SSFP
•COE Kernel
•GSOLPT
•GJASS
•WEBMIN
•GCCS01
•JAVA2
•J2JRE
•SYSMAN
•UPTDSL
•SECBNR
•PRINTS
•PRINTD
•GJAR
•GCCVer
•TCLTK
•ALTCLT
•FFWEB
•AUDIT
•SECAV
ORACLE zone
Hardware components
(disks, CDROMs, etc.)
are assigned to the non-
global zones by the
global zone
administrator.
ORACLE zone
/ora01 file system
view (read/write)
Global zone
/ORACLE_ora01
file system >zonecfg –z ORACLE
>add fs
>set dir=/ora01
>set special-/ORACLE_or01
>set options=[rw,nodevices]
>exit
Hardware components are
initially only accessible by
the global zone
administrator.
10
Upgrades:Upgrades:
Replacing Non-Global ZonesReplacing Non-Global Zones
Global
zone
GSOLPT
CNTP
DB Server:ORACLE zone
Release x.0
•SSFP
•COE Kernel
•GSOLPT
•GJASS
�preORA
�ORAS
�ORASP1
�GDBI
Release x.0 detached
and removed
ORACLE zone
Release x.1
•SSFP
•COE Kernel
•GSOLPT
•GJASS
�preORA
�ORAS
�ORASP1
�GDBIRelease x.1 copied and attached
• Backups of old zones can be simple
• Detach, tarball
• Detaching a non-global zone and attaching a new release of the zone is a valid upgrademethodology
• As always, managing patch levels is important! (use same version of GSOLPT)
• External disk devices can be used to store zones
• Choose fast access performance
• Up to 8192 zones can be created on a single physical server
11
Summary - ZonesSummary - Zones
• The Solaris Zones partitioning technology is used tocontain (“virtualize”) operating system services andprovide an isolated and secure environment forrunning applications.
• Benefits to the Program
– Security
– Stability
– Provisioning
– Migration
– Flexibility
– Non-Destructive Loads
I3 App Server Zone(s)I3 Sybase Zone
Global Zone
External router
One Physical Machine (an example)
12
Links for More InformationLinks for More Information
• Service Management Framework (SMF)
– http://opensolaris.org/os/community/smf/
– http://www.sun.com/bigadmin/content/selfheal/sdev_intro.html
• Information or Feedback on this briefing:
– E-Mail:
– VidCast Library: http://www.r2ad.com/training
– If you want more of these short briefs on important technicalsubjects, let us know!
• Zones
– http://opensolaris.org/os/community/zones
– http://www.kernelthread.com/publications/security/solaris.html