Sun
System Administra
S or theSolar m, Part 2
Services
tion for the Solaris™ 10 Operating System, Part 2
ystem Administration fis™ 10 Operating Syste
SA-202-S10
Copyrig
This pro lation. No part of this product or document maybe repro
Third-p
Sun, Su re trademarks or registered trademarks of SunMicrosy
All SPA . and other countries. Products bearing SPARCtradema
UNIX is
The OPE es the pioneering efforts of Xerox in researchingand dev ox to the Xerox Graphical User Interface, whichlicense a
U.S. Gov
RESTRI nd FAR 52.227-19(6/87), or DFAR 252.227-7015(b)(6/95
DOCUM IES, INCLUDING ANY IMPLIED WARRANTYOF MER HE EXTENT THAT SUCH DISCLAIMERS AREHELD T
ht 2007 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California, 95054, U.S.A. All rights reserved.
duct or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompiduced in any form by any means without prior written authorization of Sun and its licensors, if any.
arty software, including font technology, is copyrighted and licensed from Sun suppliers.
n Microsystems, the Sun logo,Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, and UltraSPARC astems, Inc. in the U.S. and other countries.
RC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.Srks are based upon an architecture developed by Sun Microsystems, Inc.
a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.
N LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledgeloping the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerlso covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements.
ernment approval might be required when exporting the product.
CTED RIGHTS: Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) a) and DFAR 227.7202-3(a).
ENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO TO BE LEGALLY INVALID.
Copyrig
Ce prod ution, et la décompilation. Aucune partie de ceproduit e Sun et de ses bailleurs de licence, s’il y en a.
Le logic é par des fournisseurs de Sun.
Sun, Sun s marques de fabrique ou des marques déposéesde Sun M
Toutes l l, Inc. aux Etats-Unis et dans d’autres pays. Lesproduits
UNIX es
L’interfa . Sun reconnaît les efforts de pionniers de Xeroxpour lar n détient une licence non exclusive de Xerox surl’interfa tion graphique OPEN LOOK et qui en outre seconform
L’accord
LA DOC ESSES OU TACITES SONT FORMELLEMENTEXCLU RELATIVE A LA QUALITE MARCHANDE, AL’APTIT
ht 2007 Sun Microsystems Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.
uit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite d
iel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licenci
Microsystems, le logo Sun, Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, et UltraSPARC sont deicrosystems, Inc. aux Etats-Unis et dans d’autres pays.
es marques SPARC sont utilisées sous licence sont des marques de fabrique ou des marques déposées de SPARC Internationa portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.
t une marques déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd.
ces d’utilisation graphique OPEN LOOK et Sun™ a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciésecherche et le développement du concept des interfaces d’utilisation visuelle ou graphique pour l’industrie de l’informatique. Suce d’utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l’interface d’utilisaent aux licences écrites de Sun.
du gouvernement américain est requis avant l’exportation du produit.
UMENTATION EST FOURNIE “EN L’ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITEUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON.
Advanced System ivCopyright 2007 Sun Mi
........................ Preface-xv
....................................Preface-xvi
...................................Preface-xvii
................................. Preface-xviii
..................................Preface-xxiii
...................................Preface-xxv
..................................... 1-1
.................................................. 1-2
.................................................. 1-3
.................................................. 1-4
.................................................. 1-6
.................................................. 1-7
.................................................. 1-8
.................................................. 1-9
................................................ 1-11ces ......................................... 1-12
................................................. 1-13................................................ 1-14................................................. 1-15
..................................... 2-1
.................................................. 2-2
.................................................. 2-3
.................................................. 2-4
.................................................. 2-5
Administration for the Solaris™ 10 Operating Systemcrosystems, Inc. All Rights Reserved. Sun Services, Revision C
Course Contents
About This Course ..............................................................Course Goals ..........................................................................................Course Map ............................................................................................Topics Not Covered ..............................................................................How Prepared Are You? ......................................................................Introductions .........................................................................................
Describing Interface Configuration ...................................Objectives ...............................................................................................Controlling and Monitoring Network Interfaces .............................Displaying the MAC Address .............................................................Displaying the IP Address ...................................................................Marking an Ethernet Interface as Down ............................................Sending ICMP ECHO_REQUEST Packets ........................................Capturing and Inspecting Network Packets .....................................Configuring IPv4 Interfaces at Boot Time .........................................The /etc/hostname.xxn File Entries and Corresponding InterfaThe /etc/inet/ipnodes File ............................................................Changing the System Host Name ......................................................The sys-unconfig Command ...........................................................
Describing the Client-Server Model ..................................Objectives ...............................................................................................Introducing Client-Server Processes ..................................................Introducing Client Processes ...............................................................Introducing Server Processes ..............................................................
Advan vCopyrig
.................................................. 2-6
.................................................. 2-8
.................................................. 2-9
................................................ 2-10
................................................ 2-12
................................................ 2-13
................................................ 2-14
................................................ 2-17
................................................ 2-18
................................................ 2-19
................................................ 2-20
................................................ 2-21
................................................ 2-24
................................................ 2-25
................................................ 2-26
................................................ 2-27
................................................ 2-28
................................................ 2-29................................................. 2-30................................................ 2-31
..................................... 3-1
.................................................. 3-2
.................................................. 3-3
.................................................. 3-4
.................................................. 3-5
.................................................. 3-6
.................................................. 3-7
.................................................. 3-9
................................................ 3-11
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The Service Management Facility (SMF) ...........................................Services ...................................................................................................Service and Instance Nodes .................................................................Service Identifiers ..................................................................................Listing Service Information .................................................................Service States .........................................................................................Milestones ..............................................................................................The svc.startd Daemon ....................................................................The Service Configuration Repository ...............................................Starting Server Processes .....................................................................The Impact of SMF on Network Services ..........................................Introducing Network Ports .................................................................Starting Services That Use a Well-Known Port ................................Requesting a Well-Known Service .....................................................Starting RPC Services ...........................................................................Starting RPC Services at Boot Time ....................................................Starting RPC Services on Demand .....................................................Requesting an RPC Address ...............................................................Using the rpcinfo Commands .........................................................Deleting RPC Service Registration .....................................................
Introducing Sun Connection Services ..............................Objectives ...............................................................................................Solaris 10 OS Patch Access Policy .......................................................Introducing Sun Connection ...............................................................Administering Patches .........................................................................Sun Connection Modes ........................................................................Locally Managing Updates for Individual Systems ........................Update Manager Client ........................................................................The smpatch Command Line Interface .............................................
Advan viCopyrig
................................................ 3-12
................................................ 3-13
................................................ 3-15
................................................ 3-16e .............................................. 3-17................................................ 3-18................................................ 3-19................................................ 3-22................................................. 3-23................................................ 3-24................................................ 3-25................................................ 3-28................................................ 3-29................................................ 3-30................................................ 3-31................................................ 3-33................................................. 3-34................................................ 3-35................................................ 3-36................................................ 3-39................................................ 3-40................................................ 3-43................................................ 3-44
..................................... 4-1
.................................................. 4-2
.................................................. 4-3
.................................................. 4-4
.................................................. 4-5
.................................................. 4-7
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Caching Patches With Update Manager's Proxy ..............................Sun Connection Hosted Web Application ........................................Establishing a Sun Online Account ....................................................Obtain a Sun Service Plan ....................................................................Downloading and Installing the Update Manager Client SoftwarStarting the Update Manager Client For the First Time ..................Registering Systems ..............................................................................Select Service Level ...............................................................................Registration Confirmation ..................................................................Registration Complete ..........................................................................Installing Updates With the Update Manager Client ......................Setting Update Manager Client Preferences .....................................Update Manager’s Proxy .....................................................................Configuring the Update Manager’s Proxy ........................................Configuring Clients to Use the Update Manager’s Proxy ..............Patch Administration From the CLI ...................................................Using the smpatch Command ...........................................................Phases for Applying Updates .............................................................Command Examples ............................................................................Configuring the Patch Management Environment ..........................Command Examples ............................................................................Using the Update Policy for Applying Updates ..............................Example of Using the Update Policy .................................................
Managing Swap Configuration ..........................................Objectives ...............................................................................................Introducing Virtual Memory ...............................................................Physical RAM ........................................................................................Swap Space ............................................................................................The swapfs File System .......................................................................
Advan viiCopyrig
.................................................. 4-8
.................................................. 4-9
................................................ 4-10
................................................ 4-12
................................................ 4-14
..................................... 5-1
.................................................. 5-2
.................................................. 5-3
.................................................. 5-4
.................................................. 5-5
.................................................. 5-6
.................................................. 5-7
.................................................. 5-8
.................................................. 5-9
................................................ 5-11................................................. 5-13................................................ 5-14................................................. 5-16
..................................... 6-1
.................................................. 6-2
.................................................. 6-3
.................................................. 6-5
.................................................. 6-8
.................................................. 6-9
................................................ 6-10
................................................ 6-11
................................................ 6-12
................................................ 6-13
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Paging .....................................................................................................Configuring Swap Space ......................................................................Displaying the Current Swap Configuration ....................................Adding Swap Space ..............................................................................Removing Swap Space .........................................................................
Managing Crash Dumps and Core Files ...........................Objectives ...............................................................................................Managing Crash Dump Behavior .......................................................Crash Dump ...........................................................................................Displaying the Current Dump Configuration ..................................Changing the Crash Dump Configuration ........................................Managing Core File Behavior ..............................................................Core Files ................................................................................................Displaying the Current Core File Configuration ..............................Changing the Core File Configuration ..............................................Pattern Options for the coreadm Command ....................................Pattern Options for the Global Core File Content ............................Examples of the coreadm Command ................................................
Configuring NFS ..................................................................Objectives ...............................................................................................NFS Benefits ...........................................................................................NFS Distributed File System Fundamentals .....................................NFS Version 4 (NFSv4) .........................................................................Pseudo-File System ...............................................................................Strong Security ......................................................................................Compound Procedures ........................................................................Extended Attributes ..............................................................................File Handles ...........................................................................................
Advan viiiCopyrig
................................................ 6-14
................................................ 6-15
................................................ 6-16
................................................ 6-20
................................................ 6-25
................................................ 6-27
................................................ 6-28
................................................ 6-32
................................................ 6-34
................................................ 6-35
................................................ 6-37
................................................ 6-38................................................. 6-42................................................ 6-43................................................ 6-44................................................ 6-47lder Tools ............................ 6-48
..................................... 7-1
.................................................. 7-2
.................................................. 7-3
.................................................. 7-7
.................................................. 7-9
................................................ 7-10
................................................ 7-11
................................................ 7-12
................................................ 7-13
................................................ 7-16
................................................ 7-17
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Delegation ..............................................................................................Configuring an NFS Server and Client ..............................................Managing an NFS Server .....................................................................NFS Server Daemons ............................................................................Managing the NFS Server Daemons ..................................................NFS Server Commands ........................................................................Configuring the NFS Server for Sharing Resources .........................Managing the NFS Client .....................................................................NFS Client Daemons ............................................................................Managing the NFS Client Daemons ...................................................NFS Client Commands .........................................................................Configuring the NFS Client for Mounting Resources .....................The mount Command Options ...........................................................Fundamentals of NFS Server Logging ...............................................Configuring NFS Log Paths ................................................................Initiating NFS Logging .........................................................................Managing NFS With the Solaris Management Console Storage Fo
Configuring AutoFS ............................................................Objectives ...............................................................................................AutoFS Fundamentals ..........................................................................Using Automount Maps ......................................................................Configuring the Master Map ...............................................................Identifying Mount Points for Special Maps ......................................Using the /net Directory .....................................................................Adding Direct Map Entries .................................................................Adding Indirect Map Entries ..............................................................Updating the Automount Maps .........................................................Stopping and Starting the Automount System .................................
Advan ixCopyrig
tware ........................... 8-1.................................................. 8-2.................................................. 8-3.................................................. 8-4.................................................. 8-6.................................................. 8-7.................................................. 8-8................................................... 8-9................................................ 8-10................................................ 8-11................................................ 8-12................................................ 8-16................................................ 8-17................................................ 8-18................................................ 8-19................................................ 8-20................................................ 8-21................................................ 8-22
..................................... 9-1
.................................................. 9-2
.................................................. 9-3
.................................................. 9-4
.................................................. 9-6ole ............................................ 9-7................................................ 9-10................................................ 9-11................................................ 9-15................................................ 9-20................................................ 9-22
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Describing RAID and the Solaris™ Volume Manager SofObjectives ...............................................................................................Introducing RAID .................................................................................RAID 0 ....................................................................................................RAID 1 ....................................................................................................RAID 0+1 ................................................................................................RAID 1+0 ................................................................................................Mirror Options .....................................................................................Mirror Read Policies .............................................................................Mirror Write Policies ............................................................................RAID 5 ....................................................................................................Hardware Considerations ...................................................................Choosing Storage Mechanisms ...........................................................Optimizing Redundant Storage .........................................................Introducing Solaris Volume Manager Software Concepts .............Logical Volume .....................................................................................Soft Partitions ........................................................................................Introducing the State Database ...........................................................
Configuring Solaris Volume Manager Software ...............Objectives ...............................................................................................Solaris Volume Manager Concepts ....................................................State Database Replicas ........................................................................Creating the State Database .................................................................Creating the State Database Using the Solaris Management ConsConfiguring RAID-0 .............................................................................Creating a RAID-0 Volume Using the Command Line ...................Creating a RAID-0 Volume Using Solaris Management Console .Configuring RAID-1 .............................................................................Building a Mirror of the Root (/) File System ...................................
Advan xCopyrig
................................................ 9-31
................................................ 9-37
................................... 10-1
................................................ 10-2
................................................ 10-3
................................................ 10-4
................................................ 10-5
................................................ 10-6
................................................ 10-7............................................... 10-11.............................................. 10-13.............................................. 10-17.............................................. 10-18.............................................. 10-19.............................................. 10-20.............................................. 10-21.............................................. 10-23.............................................. 10-25.............................................. 10-26.............................................. 10-28
................................... 11-1
................................................ 11-2
................................................ 11-3................................................. 11-4................................................ 11-5................................................. 11-8............................................... 11-11............................................... 11-12
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an x86-Based System for Mirrored Failover ...............Unmirroring the Root (/) File System ................................................
Configuring Role-Based Access Control (RBAC) ............Objectives ...............................................................................................RBAC Fundamentals ............................................................................Key RBAC Files .....................................................................................The user_attr File ...............................................................................Roles ........................................................................................................Assigning Rights Profiles to Users .....................................................The /etc/security/exec_attr File ...............................................Assigning Rights Profiles to Roles ......................................................Assigning Roles to Users .....................................................................Using Roles ............................................................................................Authorizations .......................................................................................Default Authorizations .........................................................................Assigning Authorizations ....................................................................Assigning Authorizations to Roles .....................................................Assigning Authorizations to Rights Profiles ....................................RBAC Configuration File Summary ...................................................Managing RBAC Using the Solaris Management Console .............
Configuring System Messaging ........................................Objectives ...............................................................................................The syslog Concept .............................................................................The /etc/syslog.conf File ..............................................................The syslogd Daemon and the m4 Macro Processor ........................Configuring the /etc/syslog.conf File .........................................Stopping and Starting the syslogd Daemon ...................................Configuring syslog Messaging ........................................................
Advan xiCopyrig
.............................................. 11-13
.............................................. 11-14
................................... 12-1
................................................ 12-2
................................................ 12-3
................................................ 12-6
................................................ 12-9
.............................................. 12-12
.............................................. 12-15
.............................................. 12-18
.............................................. 12-23
.............................................. 12-26
................................... 13-1
................................................ 13-2
................................................ 13-3
................................................ 13-4
................................................ 13-6
................................................ 13-9
.............................................. 13-10
.............................................. 13-12
.............................................. 13-13
.............................................. 13-14
.............................................. 13-15onf File ............................. 13-16.............................................. 13-17.............................................. 13-18
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Monitoring a syslog File in Real Time .............................................Using the Solaris Management Console Log Viewer ......................
Using Name Services ..........................................................Objectives ...............................................................................................Name Service Concept .........................................................................Domain Name System (DNS) .............................................................Network Information Service (NIS) ...................................................Network Information Service Plus (NIS+) ........................................Lightweight Directory Access Protocol (LDAP) ..............................Name Service Switch File .....................................................................Configuring the Name Service Cache Daemon (nscd) ...................Retrieving Name Service Information ...............................................
Configuring Name Service Clients ....................................Objectives ...............................................................................................Configuring a DNS Client ...................................................................Configuring the DNS Client During Installation .............................Editing DNS Client Configuration Files ............................................Setting Up an LDAP Client ..................................................................Client Authentication ...........................................................................Client Profile and Proxy Account .......................................................Client Initialization ...............................................................................Configuring the LDAP Client During Installation ...........................Initializing the Native LDAP Client ...................................................Copying the /etc/nsswitch.ldap File to the /etc/nsswitch.cListing LDAP Entries ............................................................................Unconfiguring an LDAP Client ..........................................................
Advan xiiCopyrig
................................... 14-1
................................................ 14-2
................................................ 14-3
................................................ 14-4
................................................ 14-5
................................................ 14-6
................................................ 14-7
................................................ 14-8
................................................ 14-9
.............................................. 14-10
.............................................. 14-11
.............................................. 14-12
.............................................. 14-13
.............................................. 14-14
.............................................. 14-16
.............................................. 14-17
.............................................. 14-19
.............................................. 14-20
.............................................. 14-23
.............................................. 14-24
.............................................. 14-26
.............................................. 14-29
................................... 15-1
................................................ 15-2
................................................ 15-3
................................................ 15-4
................................................ 15-5
................................................ 15-6
................................................ 15-8
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Network Information Service (NIS) ........Objectives ...............................................................................................NIS Fundamentals ................................................................................NIS Namespace Information ...............................................................Map Contents and Sort Keys ...............................................................Commands to Read Maps ....................................................................NIS Domains ..........................................................................................NIS Master Server .................................................................................NIS Slave Servers ..................................................................................NIS Clients .............................................................................................NIS Processes .........................................................................................Configuring the Name Service Switch ...............................................NIS Security ...........................................................................................Configuring an NIS Domain ...............................................................Generating NIS Maps ...........................................................................Locating Source Files ............................................................................Converting ASCII Source Files Into NIS Maps .................................Configuring the NIS Master Server ....................................................Testing the NIS Service ........................................................................Configuring the NIS Client ..................................................................Configuring the NIS Slave Server .......................................................Updating the NIS Map .........................................................................
Introduction to Zones .........................................................Objectives ...............................................................................................Solaris Zones ..........................................................................................Zone Features ........................................................................................Zone Types .............................................................................................Global Zones ..........................................................................................Non-Global Zones .................................................................................
Advan xiiiCopyrig
................................................ 15-9
.............................................. 15-11
.............................................. 15-14
.............................................. 15-15
.............................................. 15-16
.............................................. 15-17
.............................................. 15-18............................................... 15-19.............................................. 15-21.............................................. 15-22.............................................. 15-24.............................................. 15-27............................................... 15-28.............................................. 15-35
................................... 16-1
................................................ 16-2
................................................ 16-3
................................................ 16-4
................................................ 16-5
................................................ 16-7ns ........................................... 16-9.............................................. 16-10.............................................. 16-11.............................................. 16-17.............................................. 16-25.............................................. 16-31.............................................. 16-36.............................................. 16-41.............................................. 16-50
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Daemons .......................................................................................Zone File Systems .................................................................................Zone Networking ..................................................................................Zone States .............................................................................................Configuring Zones ................................................................................Identifying Zone Components ............................................................Allocating File System Space ...............................................................Using the zonecfg Command ...........................................................The zonecfg Subcommands ...............................................................The zonecfg Resource Parameters ....................................................Zone Configuration Walk-Through ...................................................Viewing the Zone Configuration ........................................................Using the zoneadm Command ...........................................................Installing Packages in Zones ...............................................................
Introduction to the ZFS File System ..................................Objectives ...............................................................................................What Is Solaris ZFS? .............................................................................What Is ZFS? ..........................................................................................ZFS Terminology ...................................................................................ZFS Component Naming Requirements ...........................................ZFS Hardware and Software Requirements and RecommendatioCreating ZFS File Systems ...................................................................Components of a ZFS Storage Pool ....................................................Replication Features of a ZFS Storage Pool .......................................Creating and Destroying ZFS Storage Pools .....................................Querying ZFS Storage Pool Status .....................................................Creating and Destroying ZFS File Systems .......................................ZFS Properties .......................................................................................Querying ZFS File System Information .............................................
Advan xivCopyrig
.............................................. 16-53
.............................................. 16-58
.............................................. 16-66
.............................................. 16-67
.............................................. 16-72
.............................................. 16-74
.............................................. 16-81
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing ZFS Properties ....................................................................Mounting ZFS File Systems .................................................................ZFS Web-Based Management .............................................................ZFS Snapshots .......................................................................................ZFS Snapshots .......................................................................................ZFS Clones .............................................................................................Using ZFS on a Solaris System With Zones Installed ......................
Sun
System Administra
Services
tion for the Solaris™ 10 Operating System, Part 2
Preface
About This Course
System Preface, slide xvi of xxvCopyrig
Up e able to:
umps
essaging
res
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Course Goals
on completion of this course, you should b
• Describe network basics• Manage virtual file systems and core d• Manage storage volumes• Control access and configure system m• Set up name services• Perform advanced installation procedu
Sun Services
Course Map
DescribingInterface
Configuration
Describing theClient-Server
Model
UsingName
Services
ConfiguringName
Service Clients
Configuringthe NetworkInformation
Service (NIS)
Describing Network Basics
ManagingSwap
Configuration
ManagingCrash Dumps
and Core Files
ConfiguringNFS
ConfiguringAutoFS
ConfiguringRole-Based
Access Control(RBAC)
ConfiguringSystem
Messaging
Managing Virtual File Systems and Core Dumps
DescribingRAID andSolarisVolume
ManagerSoftware
ConfiguringSolarisVolumeManagerSoftware
Managing Storage VV olumes
Controlling Access and Configuring System Messaging
Setting Up Name Services
Configuring Virtualization
Introductionto
Zones
ConfiguringZFS
SunConnectionServices
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xvii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
System Preface, slide xviii of xxvCopyrig
Thi any of thesetop Services:
SA-100-S10: 10 Operating
UNIX®ating SystemA-100-S10: 10 Operating
ered in SA-200-for the Solaris™
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
s course does not cover the following topics. Mics are covered in other courses offered by Sun
• Basic UNIX® commands – Covered in UNIX® Essentials Featuring the Solaris™System
• The vi editor – Covered in SA-100-S10:Essentials Featuring the Solaris™ 10 Oper
• Basic UNIX file security – Covered in SUNIX® Essentials Featuring the Solaris™System
• Software package administration – CovS10: Intermediate System Administration 10 Operating System
System Preface, slide xix of xxvCopyrig
0-S10:e Solaris™ 10
ment Consolermediate Systemting System00-S10: UNIX®ating Systemered in SA-200-for the Solaris™
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
• Patch maintenance – Covered in SA-20Intermediate System Administration for thOperating System
• Adding users using the Solaris Managesoftware – Covered in SA-200-S10: InteAdministration for the Solaris™ 10 Opera
• Basic system security – Covered in SA-1Essentials Featuring the Solaris™ 10 Oper
• Administering initialization files – CovS10: Intermediate System Administration 10 Operating System
System Preface, slide xx of xxvCopyrig
n SA-200-S10:e Solaris™ 10
200-S10:e Solaris™ 10
s – Covered instration for the
0: Intermediate0 Operating
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
• Advanced file permissions – Covered iIntermediate System Administration for thOperating System
• Backup and recovery – Covered in SA-Intermediate System Administration for thOperating System
• The lp print service and print commandSA-200-S10: Intermediate System AdminiSolaris™ 10 Operating System
• Process control – Covered in SA-200-S1System Administration for the Solaris™ 1System
System Preface, slide xxi of xxvCopyrig
ered in SA-em
– Covered inorkshop SystemSystem
in SA-245: Shell
ts – Covered inthe Solaris™ 10
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
• All the new features in Solaris 10 – Cov225S10: Solaris™ 10 for Experienced SystAdministrators
• Hardware or software troubleshootingST-350: Sun™ Systems Fault Analysis Wtuning – Covered in SA-400: Enterprise Performance Management
• Detailed shell programming – CoveredProgramming for System Administrators
• Detailed network administration concepSA-300-S10: Network Administration for Operating System
System Preface, slide xxii of xxvCopyrig
Ref ation on coursecon
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
er to the Sun Services catalog for specific informtent and registration.
System Preface, slide xxiii of xxvCopyrig
To e, can youans
0 Operating workstation?ity? the Solaris
dd software
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
How Prepared Are You?
be sure you are prepared to take this courswer yes to the following questions?
• Can you install and boot the Solaris™ 1System (Solaris 10 OS) on a stand-alone
• Can you implement basic system secur• Can you add users to the system using
Management Console software?• Can you use the pkgadd command to a
packages?
System Preface, slide xxiv of xxvCopyrig
s?esses?ions?
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
How Prepared Are You?
• Can you monitor and mount file system• Can you manage disk devices and proc• Can you perform backups and restorat
System Preface, slide xxv of xxvCopyrig
in this course
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introductions
• Name• Company affiliation• Title, function, and job responsibility• Experience related to topics presented • Reasons for enrolling in this course• Expectations for this course
Sun
System Administra
D uration
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 1
escribing Interface Config
System Module 1, slide 2 of 17Copyrig
sIPv4) interfaces
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Control and monitor network interface• Configure Internet Protocol Version 4 (
at boot time
System Module 1, slide 3 of 17Copyrig
work
Ne , and snoop,con ork interfaces.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Controlling and Monitoring NetInterfaces
twork commands, such as ifconfig, pingtrol and monitor the functionality of netw
System Module 1, slide 4 of 17Copyrig
ss
Th ur computer’sun
Tw Ethernet addressare
# ilo0: mtu 8232 index 1 inet127.nge0 500 index 2 30.255
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Displaying the MAC Addre
e media access control (MAC) address is yoique hardware address.
o ways to display the MAC address or the:
• Use the ifconfig -a command:fconfig -a flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>0.0.1 netmask ff000000: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1 inet 192.168.30.41 netmask ffffff00 broadcast 192.168. ether 8:0:20:93:c9:af
System Module 1, slide 5 of 17Copyrig
ont.)
memory-based systems:
ok bSun d PresentOpen 685423.Ethe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Displaying the MAC Address (c
• Use the boot programmable read-only (PROM) banner command on SPARC®
annerUltra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), KeyboarBoot 3.31 256 MB (60ns) memory installed, Serial #9rnet address 8:0:20:93:c9:af, Host ID: 8093c9af.
System Module 1, slide 6 of 17Copyrig
s
Th rent configurationfor
# ilo0: IRTUAL> mtu 8232indenge0 > mtu 1500 index 2 92.168.30.255
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Displaying the IP Addres
e ifconfig -a command displays the cur the network interfaces.
fconfig -a flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,Vx 1 inet 127.0.0.1 netmask ff000000: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4 inet 192.168.30.41 netmask ffffff00 broadcast 1 ether 8:0:20:93:c9:af
System Module 1, slide 7 of 17Copyrig
Down
You an Ethernetint
# if# iflo0: IRTUAL> mtu 8232indenge0 tu 1500 index 2 92.168.30.255 # if# iflo0: IRTUAL> mtu 8232indenge0 > mtu 1500 index 2 92.168.30.255
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Marking an Ethernet Interface as
can use the ifconfig command to markerface as up or down.
config nge0 downconfig -a flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,Vx 1 inet 127.0.0.1 netmask ff000000: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> m inet 192.168.30.41 netmask ffffff00 broadcast 1 ether 8:0:20:93:c9:afconfig nge0 upconfig -a flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,Vx 1 inet 127.0.0.1 netmask ff000000: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4 inet 192.168.30.41 netmask ffffff00 broadcast 1 ether 8:0:20:93:c9:af
System Module 1, slide 8 of 17Copyrig
S Packets
To m over thenet
# psys4
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
ending ICMP ECHO_REQUEST
determine if you can contact another systework, enter the ping command:
ing sys411 is alive
System Module 1, slide 9 of 17Copyrig
C Packets
You nspect networkpac ferred betweensys
# snsys4 er: 0)sys4 : 0)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
apturing and Inspecting Network
can use the snoop utility to capture and ikets to determine what kind of data is transtems.
oop sys41 sys421 -> sys42 ICMP Echo request (ID: 615 Sequence numb2 -> sys41 ICMP Echo reply (ID: 615 Sequence number
System Module 1, slide 10 of 17Copyrig
C Packets
Som
sno
sno
sno
sno put to filename
sno viously captured
sno k interface
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
apturing and Inspecting Network
e additional snoop options include:
op Summary output
op -V Summary verbose output
op -v Detailed verbose output
op -o filename Redirects the snoop utility outin summary mode
op -i filename Displays packets that were prein filename
op -d device Receive packets from a networspecified by device
System Module 1, slide 11 of 17Copyrig
C ot Time
Intr
Ne olled by filesand
ult service
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
onfiguring IPv4 Interfaces at Bo
oducing IPv4 Interface Files
twork interfaces in the Solaris OS are contr services.
• The svc:/network/physical:defa• The /etc/hostname.xxn file• The /etc/inet/hosts file• The /etc/inet/ipnodes file
System Module 1, slide 12 of 17Copyrig
T tries and
En/et ily device driver)
/et ice driver) Ethernet
/et em
/et driver) Ethernet
/et er) Ethernet
/et hernet interface in
/et ) Ethernet interface
/et ) Ethernet interface
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
he /etc/hostname.xxn File EnCorresponding Interfaces
try Interfacec/hostname.e1000g0 First e1000g (Intel PRO/1000 Gigabit fam
Ethernet interface in the system
c/hostname.bge0 First bge (Broadcom Gigabit Ethernet devinterface in the system
c/hostname.bge1 Second bge Ethernet interface in the syst
c/hostname.ce0 First ce (Cassini Gigabit-Ethernet deviceinterface in the system
c/hostname.qfe0 First qfe (Quad Fast-Ethernet device drivinterface in the system
c/hostname.hme0 First hme (Fast-Ethernet device driver) Etthe system
c/hostname.eri0 First eri (eri Fast-Ethernet device driverin the system
c/hostname.nge0 First nge (Nvidia Gigabit Ethernet driverin the system
System Module 1, slide 13 of 17Copyrig
ile
A l odes with theirInt
## In#::1 127.192.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The /etc/inet/ipnodesF
ocal database that associates the names of nernet Protocol (IP) addresses.
cat /etc/inet/ipnodes
ternet host table
localhost0.0.1 localhost168.30.41 sys41 loghost
System Module 1, slide 14 of 17Copyrig
me
Th r files on thesys d perform areb name. The filestha
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Changing the System Host Na
e host name of a system is contained in foutem. You must modify all of these files, anoot, to successfully change a system’s hostt contain the host name of a system are:
• The /etc/nodename file• The /etc/hostname.xxn file• The /etc/inet/hosts file• The /etc/inet/ipnodes file
System Module 1, slide 15 of 17Copyrig
nd
You ommand tores gured state,rea
Th ing:
information in
s Network Filee /etc/vfstab
file.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The sys-unconfigComma
can use the /usr/sbin/sys-unconfig ctore a system’s configuration to an unconfidy to be reconfigured again.
e sys-unconfig command does the follow
• Saves the current/etc/inet/hosts filethe /etc/inet/hosts.saved file.
• If the current /etc/vfstab file containSystem (NFS) mount entries, it saves thfile to the /etc/vfstab.orig file.
• Restores the default /etc/inet/hosts
System Module 1, slide 16 of 17Copyrig
nd
ured interfaces.he
e
.
. user in the
IS+.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The sys-unconfigComma
• Removes the default host name in the/etc/hostname.xxn files for all config
• Removes the default domain name in t/etc/defaultdomain file.
• Restores the time zone to PST8PDT in th/etc/TIMEZONE file.
• Resets naming services to local files.• Removes the /etc/inet/netmasks file• Removes the /etc/defaultrouter file• Removes the password set for the root
/etc/shadow file.• Removes the /etc/.rootkey file for N
System Module 1, slide 17 of 17Copyrig
nd
ications. Thesetions of a
r DNS clients. Protocol
e file file file
aemon (sshd)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The sys-unconfigComma
• Executes all system configuration applapplications are defined by prior execusysidconfig -a command.
• Removes the /etc/resolv.conf file fo• Disables Lightweight Directory Access
(LDAP) by removing:• The /var/ldap/ldap_client_cach• The /var/ldap/ldap_client_file• The /var/ldap/ldap_client_cred• The /var/ldap/cachemgr.log file
• Regenerates keys for the Secure Shell D
Sun
Advanced System
De r Model
Services
Administration for the Solaris™ 10 Operating System
Module 2
scribing the Client-Serve
Advan Module 2, slide 2 of 31Copyrig
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe client-server processes• Start server processes
Advan Module 2, slide 3 of 31Copyrig
sses
Th rvices and theclie
On is the nameser
An tionship is theNF
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Client-Server Proce
e client-server model describes network sent programs of those services.
e example of the client-server relationshipver and resolver model of the DNS.
other example of the client and server relaS.
Advan Module 2, slide 4 of 31Copyrig
s
Th es from anotherho
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Client Processe
e client is a host or a process that uses servicst or program, known as a server.
FileServer
NameServer
PrintServer
Advan Module 2, slide 5 of 31Copyrig
es
Th services toano
StorageArray 1
StorageArray 2
Client 4
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Server Process
e server is a host or a process that providesther program known as a client.
Printer A
PrintServer
StorageServer
Client 3Client 1 Client 2
Printer B Printer C
Advan Module 2, slide 6 of 31Copyrig
T (SMF)
SM cture forma of a servicewi ng:
e dependency
p, and restart
n on startup
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
he Service Management Facility
F provides a centralized configuration strunaging system services and the interaction
th other services. SMF includes the followi
• A mechanism to establish and formalizrelationships between services.
• Information on procedures to start, stoservices.
• A centralized repository for informatiobehavior and service status.
Advan Module 2, slide 7 of 31Copyrig
T (cont.)
agement of
red servicesis not running.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
he Service Management Facility
• A structured mechanism for Fault Mansystem services.
• Detailed information about misconfigusuch as an explanation of why a service
• Individual log files for each service.
Advan Module 2, slide 8 of 31Copyrig
in SMF is the
to other local
des which are
s such as a Web
can have
, the service's
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Services
• The fundamental unit of administrationservice.
• It provides a known list of capabilities and remote services.
• Services are represented as instance nochildren of service nodes.
• One service might have many instanceserver on multiple ports.
• Both service nodes and instance nodes properties.
• If an instance does not have property Xproperty X is used.
Advan Module 2, slide 9 of 31Copyrig
s
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Service and Instance Node
Sun Services
Service Identifiers
• The service identifier is in the form ofa Fault Management ResourceIdentifier or FMRI.
• The FMRI indicates the type of serviceor category, and the name andinstance of the service.
Service Category Description
milestone Synthetic service s for clean dependencystatement
device General device services
system Services concerned with host-centric, non-networked capabilities
system/security Low-level host-centric services implementingsecurity facilities
network Services concerned with host-centric, networkinfrastructure capabilities
application General software services
application/management
Services implementing management facilities
application/security Services implementing high-level securityfacilities
site Services implementing site-specific software
platform Services implementing platform-specificsoftware
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 10 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Advan Module 2, slide 11 of 31Copyrig
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Service Identifiers (cont.)
• FMRI examples:svc:/system/filesystem/root:defaultlrc:/etc/rc3_d/S90samba
Advan Module 2, slide 12 of 31Copyrig
Th es:
# svSTATlegalegalegalegalega(outonlionlionlionlionlionli ltonlioffl faultofflmain
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Listing Service Information
e svcs command to list the FMRIs and stat
csE STIME FMRIcy_run Feb_10 lrc:/etc/rc2_d/S10lucy_run Feb_10 lrc:/etc/rc2_d/S20sysetupcy_run Feb_10 lrc:/etc/rc2_d/S90wbemcy_run Feb_10 lrc:/etc/rc2_d/S99dtlogincy_run Feb_10 lrc:/etc/rc3_d/S81volmgtput removed)ne Feb_10 svc:/system/system-log:defaultne Feb_10 svc:/system/fmd:defaultne Feb_10 svc:/system/console-login:defaultne Feb_10 svc:/network/smtp:sendmailne Feb_10 svc:/milestone/multi-user:defaultne Feb_10 svc:/milestone/multi-user-server:defaune Feb_10 svc:/system/zones:defaultine Feb_10 svc:/application/print/ipp-listener:deine Feb_10 svc:/application/print/rfc1179:defaulttenance 10:24:15 svc:/network/rpc/spray:default
Sun Services
Service StatesService put in maintenance state
Service disabled
Can’t read config
Service marked disabled
Service enabled by admin
Dependency not met or start failed
Dependency metand service enabled
Service shutdown,restart or disable
Partial failure ofservice or dependency
Refresh
No improvement in service
Dependencies staisfied and service is healthy
Unresolvable erroror thresholds reached
Unresolvable error orthresholds reached
Unresolvable error orthresholds reached
Service shutdown,restart or disable
Re-readconfig data
Re-readconfig data
Administratorintervention
Startservice
UNINITALIZED
MAINTENANCE OFFLINE
ONLINE
DEGRADED
DISABLED
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 13 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Advan Module 2, slide 14 of 31Copyrig
A m to reach. Thissys to be running.Th available.
Cu
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Milestones
ilestone can be regarded as a system statetem state requires a defined set of servicesese services depend on other services being
rrently there are six milestones:
• single-user• multi-user• multi-user-server• network• name-services• sysconfig• devices
Advan Module 2, slide 15 of 31Copyrig
on
n X11
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Milestones (cont.)
milestone
network system applicati
ame-services net-physical filesystem print
/ /usr /var
Sun Services
Milestones (cont.)
/var/svc/manifest/milestone/multi-user-server.xml
dependency list
dependency list
multi-user milestone
/var/svc/manifest/milestone/multi-user.xml
exec /sbin/rc3
dependency list
single-user milestone
/var/svc/manifest/milestone/single-user.xml
name-services milestone
filesystem
/var/svc/manifest/system/filesystem/local-fs.xml
method
/lib/svc/method/fs-local
milestone multiuser
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 16 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Advan Module 2, slide 17 of 31Copyrig
Th onsible forma artd whichens ate milestone.
Cu oot time are:
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The svc.startdDaemon
e svc.startd is the daemon which is respintaining the system services. It is svc.stures that the system boots to the appropri
rrently the milestones that can be used at b
• none• single-user• multi-user• multi-user-server• all
Advan Module 2, slide 18 of 31Copyrig
sitory
Th out the state ofeac on informationabo
Th itory.db.
Th F interfaceuti
A c g the system tosin
# /
and
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The Service Configuration Repo
e repository database stores information abh service instance. It also stores configuratiut the services and system.
e disk-based database is /etc/svc/repos
is file can only be manipulated using the SMlities svccfg and svcprop.
orrupt repository can be repaired by bootingle user, and running the command:
lib/svc/bin/restore_repository
following the instructions.
Advan Module 2, slide 19 of 31Copyrig
To st know whichfile . You must alsokn
Intr td)
Th ss that runs oneac o notaut
Th .startd. Thereis a inet/ine ported into theSer etconvcom
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting Server Processes
start services for server processes, you mus to use for automatic service configurationow how to manually start the services.
oducing the Internet Service Daemon (ine
e inetd daemon is a special network proceh system and starts server processes that domatically start at boot time.
e inetd daemon starts at boot time by svc legacy configuration file for inetd, /etc/td.conf. Services listed in this file are im
vice Management Facility (SMF) by the inmand.
Advan Module 2, slide 20 of 31Copyrig
T ervices
SM in that eachser led using theine
To
# i# idisa
To
# i# ienab
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
he Impact of SMF on Network S
F has a major impact on network services vice can be independently enabled or disabtadm command.
disable the telnet facility:
netadm -d telnetnetadm | grep telnetbled disabled svc:/network/telnet:default
enable the telnet facility:
netadm -e telnetnetadm | grep telnetled online svc:/network/telnet:default
Advan Module 2, slide 21 of 31Copyrig
Ne guish betweenmu ost computer.
Th t assignments:
tral authority to
for publishing called well-
e software
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Network Ports
twork ports help transport protocols distinltiple service requests arriving at a given h
ere are two fundamental approaches to por
• Central authority• All users must agree to allow the cen
assign all port numbers.• The central authority is responsible
the list of port number assignments,known port assignments.
• Well-known port assignments dictatrequirements on a system.
Advan Module 2, slide 22 of 31Copyrig
in advance. Thes ports to the
ts on anyequest to theformation. The
he port number. considered
rt lived, only
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Network Ports
• Dynamic binding• The ports are unknown to the client
system software dynamically assignprograms that require them.
• To obtain the current port assignmencomputer, the software generates a rtarget machine for the port number intarget machine then responds with t
• These port number assignments areephemeral since assignments are sholasting until the system is rebooted.
Advan Module 2, slide 23 of 31Copyrig
We /servicesfile.
# gteln
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Network Ports
ll-known ports are stored in the/etc/inet
rep telnet /etc/inet/serviceset 23/tcp
Advan Module 2, slide 24 of 31Copyrig
S l-Known
Ser ach that use awe
boot time at boot, and
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
tarting Services That Use a WelPort
vices following the central authority approll-known port includes:
• Services that start by default at system • Services that do not start automatically
must start on demand
Advan Module 2, slide 25 of 31Copyrig
vice
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Requesting a Well-Known Ser
23
n
32
6
7
1
sys41 (Client)
telnet ...in.telnetd
sys42 (Server)
Traraffic ofic onnnnnnnnnnnTraffic onnnnnn
= port number n
Time
4
in.telnetd in.telnetd (port (port nnnnnnnnnn)in.telnetd (port nnnnn ) 5
nnnnn 23
inetdtelnet sys42
8 in.telnetd
Advan Module 2, slide 26 of 31Copyrig
RP et of utilitiesdev PC services areass grammer whenthe ally assigned towe
Typ c bindingapp
boot time at boot and
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting RPC Services
C services are services developed using a seloped by Sun Microsystems, Inc. While R
igned a unique program number by the proy are written, the RPC services are not typicll-known ports.
es of RPC services that follow the dynamiroach include:
• Services that start by default at system • Services that do not start automatically
must start on demand
Advan Module 2, slide 27 of 31Copyrig
Time
RP scripts run onava cess associatesRP
Th ipt initializesthe y the rpcbinddae file.
Aft on startslist r and protocol,per
# gsunrsunr
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting RPC Services at Boot
C services started at boot time with startupilable ports above 32768. The rpcbind pro
C program numbers with port numbers.
e /lib/svc/method/rpc-bind startup scrrpcbind service. The port number used bmon is listed in the /etc/inet/services
er the system starts up, the rpcbind daemening at port 111. To view the port numbeform the command:
rep rpcbind /etc/servicespc 111/udp rpcbindpc 111/tcp rpcbind
Advan Module 2, slide 28 of 31Copyrig
and
Som . The portnu ess during boot.
Wh he rpcbindpro to the clientma
Th sing the portnu service.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting RPC Services on Dem
e rpcbind services start only on demandmbers are registered with the rpcbindproc
en a client application requests a service, tcess returns the port number of the servicechine.
e client machine generates a new request umber that it just received for the requested
Advan Module 2, slide 29 of 31Copyrig
s
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Requesting an RPC Addres
n = port number n
1
1112
6
Host 1 (Client)
spray host2
4
3
spray/1... rpc.spraydrpc.sprayd (port nnnnn)
Host 2 (Server)
Time
5
nnnnn nnnnn
nnnnn
nnnnn
rpcbind
inetd
Start rpcbind (port 111)
Advan Module 2, slide 30 of 31Copyrig
ds
Th an RPC server,and
To ind process,ent
rpciFor # rp
p <out
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the rpcinfoComman
e rpcinfo command makes an RPC call to reports what it finds.
list all the services registered with the rpcber the rpcinfo command as follows:
nfo -p [ host ]example:cinfo -program vers proto port service100000 4 tcp 111 rpcbind100000 3 tcp 111 rpcbind100000 2 tcp 111 rpcbind100000 4 udp 111 rpcbind100000 3 udp 111 rpcbind100000 2 udp 111 rpcbind100232 10 udp 32772 sadmindput truncated>
Advan Module 2, slide 31 of 31Copyrig
ation
To d prognum(pr ber), performthe
rpciFor # rp
Th mber 100012 isspr restart theine
# sv# sv
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Deleting RPC Service Registr
unregister the RPC service given a specifieogram number) and versnum (version numrpcinfo command:
nfo -d prognum versnumexample:cinfo -d 100012 1
e deleted RPC service that uses program nuayd. To register the sprayd service again,td daemon as follows:
cadm disable svc:/network/rpc/spray:udpcadm enable svc:/network/rpc/spray:udp
Sun
System Administra
Intr Services
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 3
oducing Sun Connection
System Module 3, slide 2 of 47Copyrig
Im nectionSer , the smpatchcom eb application
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
plement patch management using Sun Convices including the Update Manager clientmand line, and Sun Connection hosted W
System Module 3, slide 3 of 47Copyrig
olicy
Th
ity, data
ny patches
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Solaris 10 OS Patch Access P
e new Solaris 10 OS patch access policy:
• A service plan is not required for securintegrity or hardware driver updates.
• A Sun Online Account is required for aobtained using the Sun Connection.
System Module 3, slide 4 of 47Copyrig
n
Su t provides:
ecks
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Sun Connectio
n Connection is a seamless architecture tha
• Notifications to let administrators• Automated procedures• Fast intelligent software dependency ch• Optional local caching of updates• A Web hosted service
System Module 3, slide 5 of 47Copyrig
Th ng:
nterface (GUI)ninterface
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Administering Patches
e Sun Connection tools include the followi
• Update Manager client graphical user i• Sun Connection hosted Web applicatio• Update Manager client command-line
(smpatch)
System Module 3, slide 6 of 47Copyrig
s using the CLIf multipleed Web
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Connection Modes
• Local management of individual systemUpdate Manager client or the smpatch
• Remote and centralized management osystems using the Sun Connection hostapplication
System Module 3, slide 7 of 47Copyrig
ividual
ris 10 OS byction. access to the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Locally Managing Updates for IndSystems
• Maintain your own updates to the Solaestablishing a connection to Sun Conne
• Sun Connection client software enablesSun Connection servers hosted at Sun.• Automatic notification• Update Manager client application• The smpatch command
System Module 3, slide 8 of 47Copyrig
ividual
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Locally Managing Updates for IndSystems (cont.)
System Module 3, slide 9 of 47Copyrig
or to the Solaris
le updateslable and
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Update Manager Client
• The Update Manager client is a successPatch Manager application.• PatchPro analysis engine• A new user interface
• Users can:• Analyze system to check for availab• View a list of updates currently avai
applicable for the system• View details about a specific update• Install selected updates
System Module 3, slide 10 of 47Copyrig
t.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Update Manager Client (con
System Module 3, slide 11 of 47Copyrig
terface
CLI) for SunS.
ended patcheste command.
ystem using the
using
patch remove
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The smpatchCommand Line In
• The smpatch command line interface (Connection is built into the Solaris 10 O
• The smpatch CLI enables you to:• Analyze and produce a list of recomm
for a system using the smpatch upda• Download one or more patches to a s
smpatch download command.• Add one or more patches to a system
smpatch add command.• Back out unwanted patches usingsm
command.
System Module 3, slide 12 of 47Copyrig
C nager's
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
aching Patches With Update MaProxy
System Module 3, slide 13 of 47Copyrig
S lication
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
un Connection Hosted Web App
System Module 3, slide 14 of 47Copyrig
S lication
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
un Connection Hosted Web App(cont.)
System Module 3, slide 15 of 47Copyrig
ount
sing the Sunode of
an account.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Establishing a Sun Online Acc
• A Sun Online Account is required for uConnection services regardless of the mconnection you choose.
• There is no charge for establishing suchStart at:http://www.sun.com/
• Click on the My Account link.
System Module 3, slide 16 of 47Copyrig
ardware driver
le contact yourbe to an
ith that plan forystems for Sun
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Obtain a Sun Service Plan
• A Sun Service Plan is optional.• Without one you will get security and h
updates only.• If you want all the other updates availab
Sun Service Representative and subscriappropriate service plan.
• Obtain a subscription key associated wuse later when you install and register sConnection functionality.
System Module 3, slide 17 of 47Copyrig
pdate
laris 10 1/06
nload and
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Downloading and Installing the UManager Client Software
• Solaris OS versions that precede the Sorelease.
• Solaris 10 1/6 and later releases.• The Update Manager client (1.0.4) dow
installation:• On SPARC-based systems# smpatch update -i 121118-05
• On x86-based systems:# smpatch update -i 12119-05
System Module 3, slide 18 of 47Copyrig
S t For the
Cli or run the# /
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
tarting the Update Manager ClienFirst Time
ck on the Java™ Desktop notification icon usr/bin/updatemanager command.
System Module 3, slide 19 of 47Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registering Systems
System Module 3, slide 20 of 47Copyrig
.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registering Systems (cont
System Module 3, slide 21 of 47Copyrig
.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registering Systems (cont
System Module 3, slide 22 of 47Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Select Service Level
System Module 3, slide 23 of 47Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registration Confirmation
System Module 3, slide 24 of 47Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registration Complete
System Module 3, slide 25 of 47Copyrig
date
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Updates With the UpManager Client
System Module 3, slide 26 of 47Copyrig
date
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Updates With the UpManager Client (cont.)
System Module 3, slide 27 of 47Copyrig
date
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Updates With the UpManager Client (cont.)
System Module 3, slide 28 of 47Copyrig
Se ferences
e, IP address
wnloaded.
for your Java
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
tting Update Manager Client Pre
• The source of your updates.• The Update Manager’s proxy hostnam
and authentication details.• The directory where updates will be do
(Default is /var/sadm/spool.)• The backout data directory setting.• New update available notification icon
Desktop.• Daily automatic update analysis.
System Module 3, slide 29 of 47Copyrig
s the Internetun update
pdates from itss. use the Suntch Manager 2.0
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Update Manager’s Proxy
• The Update Manager’s proxy minimizetraffic between your systems and the Sserver.
• The Update Manager’s proxy obtains usource of updates on a per-request basi
• The proxy supports client systems thatConnection 1.0 software and the Sun Pasoftware.
System Module 3, slide 30 of 47Copyrig
Proxy
ystem:
(Root) (Usr)
ger’s proxy:
solaris/
com/solaris/
quent system
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Update Manager’s
• Verify that required packages are on your s# pkginfo | grep SUNWpsvrsystem SUNWpsvrr Patch Server Deploymentsystem SUNWpsvru Patch Server Deployment
• Set the network proxy for the Update Mana# patchsvr setup -x network_proxy:port
• Specify the next update server:# patchsvr setup -p http://server-name:port/
• Specify the default Sun update server:# patchsvr setup -p https://getupdates1.sun.
• Start the proxy server:# patchsvr start
• Configure the proxy server to start on subseboots:# patchsvr enable
System Module 3, slide 31 of 47Copyrig
pdate
Ins ftware on theclie
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring Clients to Use the UManager’s Proxy
tall and start the Update Manager client sont by typing the following command:
# /usr/bin/updatemanager
System Module 3, slide 32 of 47Copyrig
pdate
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring Clients to Use the UManager’s Proxy (cont.)
System Module 3, slide 33 of 47Copyrig
CLI
hat is identified
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Patch Administration From the
• A Solaris OS update types include:• Standard updates• Recommended patches• Update clusters
• An update is distributed as a directory tby a unique number:105050-01.jar
System Module 3, slide 34 of 47Copyrig
nd
n two modes:
.entication
used.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the smpatchComma
• The smpatch command was available i• Local mode• Remote mode
• By default, smpatch runs in local mode• If you specify any of the remote or auth
options (except for -L), remote mode is
System Module 3, slide 35 of 47Copyrig
s
s:
rms all three
updates using two
load, and all three
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Phases for Applying Update
• The full sequence involves these phase• Analyzing your system• Downloading the necessary updates• Applying the updates
• Phase control:• The smpatch update command perfo
functions in one command.• The smpatch analyze and smpatch
commands performs all three functioncommands.
• The smpatch analyze, smpatch downsmpatch add commands will performfunctions using three commands.
System Module 3, slide 36 of 47Copyrig
ine the
egion locales
te.
/var/sadm/spool
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Command Examples
• Analyze your local system and determappropriate, available updates for it.# smpatch analyze > plist# vi plist...119397-06 SunOS 5.10: patch for North America rissues# patchadd -p | grep 119397
• Download (but not apply) a new upda# smpatch download -i 119397-06119379-06 has been validated.# smpatch get | grep downloadpatchpro.download.directory - # cd /var/sadm/spool ; ls119397-06.jar...
System Module 3, slide 37 of 47Copyrig
.)
.
Incompatibles:
egion locales
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Command Examples (cont
• Install and verify an update.# smpatch add -i 119397-06add patch 119397-06Patch 119397-06 has been successfully installed# patchadd -p | grep 119397-06Patch: 119397-06 Obsoletes: Requires: 121734-01Packages: SUNWnameos SUNWnamdt SUNWnamow# smpatch analyze | grep 119397-06
• Remove an update.# smpatch remove -i 119397-06remove patch 119397-06Transition old-style patching.Patch 119397-06 has been backed out.# smpatch analyze | grep 119397-06119397-06 SunOS 5.10: patch for North America rissues
System Module 3, slide 38 of 47Copyrig
.)
36:MST.txt has/
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Command Examples (cont
• Apply an update in one step.# smpatch update -i 118815-05118815-05 has been validated.Installing patches from /var/sadm/spool...118815-05 has been applied./var/sadm/spool/patchpro_dnld_2007.03.16@12:36:been moved to /var/sadm/spool/patchproSequesterpatchpro_dnld_2007.03.16@12:36:36:MST.txt
System Module 3, slide 39 of 47Copyrig
ment
mpatch unsettch
ettings for
vironment
values for
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Patch ManageEnvironment
• The smpatch get, smpatch set and scommands are used to configure the pamanagement environment:• smpatch get displays the current s
environment parameters.• smpatch set changes values for en
parameters.• smpatch unset enables the default
environment parameters.
System Module 3, slide 40 of 47Copyrig
eter values.# smpatcpatc lpatc lpatc configafter:standardpatc https://getupatcpatcpatcpatcpatc
# sm 816/solaris/# smpatcpatc lpatc l
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Command Examples
• Display the current environment parampatch gethpro.backout.directory - ""hpro.baseline.directory - /var/sadm/spoohpro.download.directory - /var/sadm/spoohpro.install.types - rebootafter:rehpro.patch.source http://192.168.201.1:3816/solaris/ pdates1.sun.com/solaris/hpro.patchset - currenthpro.proxy.host - ""hpro.proxy.passwd **** ****hpro.proxy.port - 8080hpro.proxy.user - ""
• Set a new value for the update source.patch set patchpro.patch.source=http://newproxy.apex.com:3patch gethpro.backout.directory - ""hpro.baseline.directory - /var/sadm/spoohpro.download.directory - /var/sadm/spoo
System Module 3, slide 41 of 47Copyrig
.)
patc configafter:standardpatc ttps://getupatcpatcpatcpatcpatc
mote directory.# sm dates# sm# sm
eter back to
# sm# smpatcpatc
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Command Examples (cont
hpro.install.types - rebootafter:rehpro.patch.source http://newproxy.apex.com:3816/solaris/ hpdates1.sun.com/solaris/hpro.patchset - currenthpro.proxy.host - ""hpro.proxy.passwd **** ****hpro.proxy.port - 8080hpro.proxy.user - ""
• Set the source of updates to a local or repatch set patchpro.patch.source=file:/net/sys-04/export/uppatch set patchpro.patch.source=file:/local/updatespatch set patchpro.patch.source=file:/cdrom/cdrom0
• Set the patchpro.patch.source paramthe default value.
patch unset patchpro.patch.sourcepatch gethpro.backout.directory - ""hpro.baseline.directory - /var/sadm/spool
System Module 3, slide 42 of 47Copyrig
.)
patcpatc r:standardpatc com/solaris/patcpatcpatcpatcpatc
a subset of.
# sm# sm
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Command Examples (cont
hpro.download.directory - /var/sadm/spoolhpro.install.types - rebootafter:reconfigaftehpro.patch.source - https://getupdates1.sun.hpro.patchset - currenthpro.proxy.host - ""hpro.proxy.passwd **** ****hpro.proxy.port - 8080hpro.proxy.user - ""
• Configure an update set which definesupdates that commands will work with
patch set patchpro.patchset=recommendedpatch analyze
System Module 3, slide 43 of 47Copyrig
lying
ty defines theanagement
e system:mediately and
tlied
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the Update Policy for AppUpdates
• The patchpro.install.types properupdate policy in effect for the update menvironment.
• Types of updates that are applied to th• Standard updates that are applied im
require no system restart• Updates that require a system restar• Updates that must be manually app
System Module 3, slide 44 of 47Copyrig
olicy
and# sm1196# paPatc SUNWcakr# sm1196# smadd ...ValiLoadDoneLoadDoneChecDoneAppr1196Patc
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Example of Using the Update P
• Not Using the smpatch update commpatch analyze | grep wanboot81-06 SunOS 5.10: wanboot patchtchadd -p | grep 119681h: 119681-05 Obsoletes: Requires: Incompatibles: Packages:patch download -i 119681-0681-06 has been validated.patch add -i 119681-06patch 119681-06
dating patches...ing patches installed on the system...!ing patches requested to install.!king patches that you specified for installation.!oved patches will be installed in this order:81-06h 119681-06 has been successfully installed.
System Module 3, slide 45 of 47Copyrig
E y (cont.)
# paPatc SUNWcakrPatc SUNWcakr# sm## c1196cachpatc# caThis
Plea tioninst tchesshou
1) 1
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
xample of Using the Update Polic
tchadd -p | grep 119681h: 119681-05 Obsoletes: Requires: Incompatibles: Packages:h: 119681-06 Obsoletes: Requires: Incompatibles: Packages:patch analyze | grep 119681-06d /var/sadm/spool ; ls81-06.jarehpro_dnld_2006.02.13@10:10:29:MST.txtt *.txt patch bundle was generated by PatchPro.
se refer to the README file within each patch for installaructions. To properly patch your system, the following pald be installed in the listed order:
19681-06 !!! IMMEDIATE REBOOT !!!
System Module 3, slide 46 of 47Copyrig
E y (cont.)
# cd# ja inf# grPATC
# sm1196InstNOTI tem shutdown./var been moved to /var/sadm :MST.txt/var been moved to /var/sadm :MST.txt
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
xample of Using the Update Polic
/var/sadm/spoolr xvf 119681-06.jar 119681-06/patchinfolated: 119681-06/patchinfoep PROP 119681-06/patchinfoH_PROPERTIES='reconfigimmediate'
• Using the smpatch update Commandpatch update -i 119681-0681-06 has been validated.alling patches from /var/sadm/spool...CE: Patch 119681-06 cannot be installed until the next sys/sadm/spool/patchpro_dnld_2006.02.15@06:02:43:MST.txt has /spool/patchproSequester/patchpro_dnld_2006.02.15@06:02:43/sadm/spool/patchpro_dnld_2006.02.15@06:09:14:MST.txt has /spool/patchproSequester/patchpro_dnld_2006.02.15@06:09:14
System Module 3, slide 47 of 47Copyrig
E y (cont.)
(cont.)
ID's have beenwrit
One wn to activate it. Toinit g commands:o Poo Dro Re# ca1196
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
xample of Using the Update Polic
• Using the smpatch update Command
of the updates that are disallowed by installation policyten to file
/var/sadm/spool/disallowed_patch_list
or more updates that you installed requires a system shutdoiate the system shutdown, you must use one of the followinwer down the system - init 0 or shutdown -i 0op to the firmware prompt - init 5 or shutdown -i 5start the system - init 6 or shutdown -i 6t /var/sadm/spool/disallowed_patch_list81-06
Sun
System Administra
ration
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 4
Managing Swap Configu
System Module 4, slide 2 of 15Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe virtual memory• Configure swap space
System Module 4, slide 3 of 15Copyrig
y
Vir d disk storageare
Vir opies of files ondis
Pro han realadd
Vir rating system(OS
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Virtual Memor
tual memory combines RAM and dedicateas known as swap space.
tual memory management software maps ck to virtual addresses.
grams use these virtual addresses, rather tresses, to store instructions and data.
tual memory makes it possible for the ope) to use a large range of memory.
System Module 4, slide 4 of 15Copyrig
Wh most criticalres
nagemental addresses in
th a runningck informationon disk. These
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Physical RAM
en working with swap space, RAM is the ource in your system.
• Virtual and physical addressesThe Solaris 10 OS virtual memory masystem maps the files on disk to virtuvirtual memory.
• Anonymous memory pagesPhysical memory pages associated wiprocess can contain private data or stathat does not exist in any file systemare anonymous memory pages.
System Module 4, slide 5 of 15Copyrig
Som memory spaceallo
An ap area, butun
is a disk slice.on for theot disk which,
cessary, you
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Swap Space
etimes a process must give up some of itscation to another process.
onymous memory pages are placed in a swchanged file system pages are not.
• Swap slicesThe primary swap space on the systemIn the Solaris 10 OS, the default locatiprimary swap space is slice 1 of the boby default, starts at cylinder 0.As additional swap space becomes necan configure additional swap slices.
System Module 4, slide 6 of 15Copyrig
al swap space
e system, andle command.ed in the swapthe swap file
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Swap Space (cont.)
• Swap filesIt is also possible to provide additionon a system by using swap files.Swap files are files that reside on a filthat have been created using the mkfiSwap files can be permanently includconfiguration by creating an entry forin the /etc/vfstab file.
System Module 4, slide 7 of 15Copyrig
Sw for the processmu
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The swapfsFile System
ap space for any private data or stack spacest be reserved.
Swap Slice
Swap File
RAM
Swap Space
System Module 4, slide 8 of 15Copyrig
between RAM
er processes to
the size of a
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Paging
• The transfer of selected memory pagesand the swap areas.
• Physical RAM is made available for othuse.
• Use the pagesize command to displaymemory page in bytes.• On SPARC-based systems:# pagesize8192
• On x86-based systems:# pagesize4096
System Module 4, slide 9 of 15Copyrig
Th ding, deleting,and ernel.
Sw line are notper
To ace, create anent
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring Swap Space
e swap command provides a method of ad monitoring the swap areas used by the k
ap area changes made from the command manent and are lost after a reboot.
create permanent additions to the swap spry in the /etc/vfstab file.
System Module 4, slide 10 of 15Copyrig
D guration
s the amount pace
the amountpace
subtracts the swap space
-a adds the swap space
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
isplaying the Current Swap Confi
Memory paging affectof memory allocated s
Task activation affectsof memory reserved s
Arrow up: swap -damount of available
Arrow down: swap amount of available
Allocated
Reserved
Available
swap -sTotal Swap Allocation
System Module 4, slide 11 of 15Copyrig
D guration
To mplete thefol
l swap space.
= 47088k used,
al swap areas.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
isplaying the Current Swap Confi
view the current swap space allocation, colowing steps:
1. List a summary of the system’s virtua# swap -stotal: 41776k bytes allocated + 5312k reserved 881536k available
2. List the details of the system’s physic# swap -lswapfile dev swaplo blocks free/dev/dsk/c0t0d0s1 136,9 16 1048304 1048304
System Module 4, slide 12 of 15Copyrig
Us l swap space toyou
mmand:
ine similar to
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Adding Swap Space
e the following procedures to add additionar system.
• To add swap slices, use the swap -a co# swap -a /dev/dsk/c1t3d0s1
Edit the /etc/vfstab file and add a lthe following:/dev/dsk/c1t3d0s1 - - swap - no -
System Module 4, slide 13 of 15Copyrig
mand to create
p space.
/etc/vfstab
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Adding Swap Space
• To add swap files, use the mkfile comthe swap file. For example:# mkfile 20m /usr/local/swap/swapfile
Add the swap file to the system’s swa# swap -a /usr/local/swap/swapfile
Add an entry for the swap file to thefile./usr/local/swap/swapfile - - swap - no -
System Module 4, slide 14 of 15Copyrig
If y ce, you candel nal swap slicesand
wap
the swap slice
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Removing Swap Space
ou no longer need the additional swap spaete the swap space by removing any additio swap files.
• Removing swap slicesDelete a swap slice from the current sconfiguration.# swap -d /dev/dsk/c1t3d0s1
Edit the /etc/vfstab file, and removeentry from the file.
System Module 4, slide 15 of 15Copyrig
ap
at it is
the swap file
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Removing Swap Space
• Removing swap filesDelete a swap file from the current swconfiguration.# swap -d /usr/local/swap/swapfile
• Remove the file to free the disk space thoccupying.# rm /usr/local/swap/swapfile
• Edit the /etc/vfstab file, and removeentry.
Sun
System Administra
Man Core Files
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 5
aging Crash Dumps and
System Module 5, slide 2 of 19Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Manage crash dump behavior• Manage core file behavior
System Module 5, slide 3 of 19Copyrig
vior
If a erating systemgen contents of theph evice, whichmu
You the dumpadmcom
Aft sh dump to thedu
Th help determinethe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing Crash Dump Beha
fatal operating system error occurs, the operates a crash dump by writing some of the
ysical memory to a predetermined dump dst be a local disk slice.
can configure the dump device by using mand.
er the operating system has written the cramp device, the system reboots.
e crash dump is saved for future analysis to cause of the fatal error.
System Module 5, slide 4 of 19Copyrig
Wh core commandis a
core
.ist information
You re the locationof y.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Crash Dump
en the operating system crashes, the saveutomatically executed during a boot.
• The savecore command places kernelinformation in the/var/crash/nodename/vmcore.X file
• The savecore command places name land symbol table information in the/var/crash/nodename/unix.X file.
can use the dumpadm command to configuthe dump device and the savecore director
System Module 5, slide 5 of 19Copyrig
D guration
To the dumpadmcom
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
isplaying the Current Dump Confi
view the current dump configuration, use mand without arguments.
# dumpadmDump content: kernel pagesDump device: /dev/dsk/c0t0d0s1 (swap)Savecore directory: /var/crash/sys-02Savecore enabled: yes
System Module 5, slide 6 of 19Copyrig
C uration
Th ation of thecra
Th lows:
dump-device]oot-dir]
Us cations to thecra ting to edit the/et
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
hanging the Crash Dump Config
e dumpadm command manages the configursh dump facility.
e syntax of the dumpadm command is as fol
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d [-m mink | minm | min%] [-s savecore-dir] [-r r
e the dumpadm command to make all modifish dump configuration, rather than attempc/dumpadm.conf file manually.
System Module 5, slide 7 of 19Copyrig
or
Wh ically producesa c
You the name orloc terminatingpro
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing Core File Behavi
en a process terminates abnormally, it typore file.
can use the coreadm command to specifyation of core files produced by abnormallycesses.
System Module 5, slide 8 of 19Copyrig
space of a
ssible copies of
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Core Files
• A core file is a disk copy of the addressprocess at a certain point in time.
• The operating system generates two pocore files:• The global core file• The per-process core file
System Module 5, slide 9 of 19Copyrig
File
You ents to displaythe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Displaying the Current CoreConfiguration
use the coreadm command without argum current configuration.
# coreadmglobal core file pattern:global core file content: defaultinit core file pattern: coreinit core file content: defaultglobal core dumps: disabledper-process core dumps: enabledglobal setid core dumps: disabledper-process setid core dumps: disabledglobal core dump logging: disabled
System Module 5, slide 10 of 19Copyrig
File
Th arameters thatare
ead.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Displaying the Current CoreConfiguration
e /etc/coreadm.conf file lists the same p displayed by coreadm.
# cat /etc/coreadm.conf## coreadm.conf## Parameters for system core file configuration.# Do NOT edit this file by hand -- use coreadm(1) inst#COREADM_GLOB_PATTERN=COREADM_GLOB_CONTENT=defaultCOREADM_INIT_PATTERN=coreCOREADM_INIT_CONTENT=defaultCOREADM_GLOB_ENABLED=noCOREADM_PROC_ENABLED=yesCOREADM_GLOB_SETID_ENABLED=noCOREADM_PROC_SETID_ENABLED=noCOREADM_GLOB_LOG_ENABLED=no
System Module 5, slide 11 of 19Copyrig
ration
ontrol how core
command toore files are
o configurable
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Changing the Core File Configu
• The coreadm command allows you to cfiles are generated.
• For example, you can use the coreadm configure a system so that all process cplaced in a single directory.
• You can separately enable or disable twcore file paths: per-process and global.
System Module 5, slide 12 of 19Copyrig
ration
d with the -pto use for
eadm commandfile options.[-I content]
es are named. of global core
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Changing the Core File Configu
• All users can run the coreadm commanoption to specify the file name pattern per-process core files.coreadm [-p pattern] [pid...]
• The root user can use the following coroptions to configure system-wide core coreadm [-g pattern] [-G content] [-i pattern] [-d option...] [-e option...]
• Pattern options determine how core fil• Content options determine the content
files.
System Module 5, slide 13 of 19Copyrig
P ommand
-m)January 1, 1970
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
attern Options for the coreadmC
• %p - PID• %u - Effective user ID (EUID)• %g - Effective group ID (EGID)• %f - Executable file name• %n - System node name (uname -n)• %m - Machine hardware name (uname • %t - The time in seconds since midnight• %d - Executable file directory/name• %z - Zonename• %% - Literal %
System Module 5, slide 14 of 19Copyrig
re File
includingstacksr loaded object
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Pattern Options for the Global CoContent
• anon – Anonymous private mappings,thread stacks that are not main thread
• ctf – CTF type information sections fofiles
• data – Writable private file mappings• dism – DISM mappings• heap – Process heap• ism – ISM mappings
System Module 5, slide 15 of 19Copyrig
re File
ngssked by files
ed objecte file mappings
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Pattern Options for the Global CoContent
• rodata – Read-only private file mappi• shanon – Anonymous shared mapping• shfile – Shared mappings that are bac• shm – System V shared memory• stack – Process stack• symtab – Symbol table sections for load• text – Readable and executable privat
System Module 5, slide 16 of 19Copyrig
mand
pattern as a
profile ory sets the core
during the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Examples of the coreadmCom
• Example 1 – Setting the core file name regular userWhen executed from a user’s $HOME/.$HOME/.login file, the following entrfile name pattern for all processes runlogin session:# coreadm -p core.%f.%p $$
System Module 5, slide 17 of 19Copyrig
mand
s into a
the user’s coreof the user’ssystem node
%n.%f.%p $$
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Examples of the coreadmCom
• Example 2 – Dumping a user’s core filesubdirectoryThe following command places all offiles into the corefiles subdirectoryhome directory, differentiated by thename.$ coreadm -p $HOME/corefiles/
System Module 5, slide 18 of 19Copyrig
mand
ore file global
system-widee name ands created:%f.%p -e
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Examples of the coreadmCom
• Example 3 – Enabling and setting the cname patternThe following is an example of settingparameters that add the executable filPID to the name of any core file that i# coreadm -g /var/core/core.global
System Module 5, slide 19 of 19Copyrig
mand
figuration for
a list of PIDse file name
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Examples of the coreadmCom
• Example 4 – Checking the core file conspecific PIDsRunning the coreadm command withreports each process’s per-process corpattern, for example:# coreadm 228 507228: core default507: /usr/local/swap/corefiles/%n.%f.%p default
Sun
Advanced System
Services
Administration for the Solaris™ 10 Operating System
Module 6
Configuring NFS
Advan Module 6, slide 2 of 48Copyrig
istributed file
ent Console
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe the benefits of NFS• Describe the fundamentals of the NFS d
system• Manage an NFS server• Manage an NFS client• Enable the NFS server logging• Manage NFS with the Solaris Managem
storage folder tools• Troubleshoot NFS errors
Advan Module 6, slide 3 of 48Copyrig
Th nt architecturesrun file systemsacr
You differentop n abstractmo
NF d writing, workas
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Benefits
e NFS service enables computers of differening different operating systems to share
oss a network.
can implement the NFS environment on erating systems (OS) because NFS defines adel of a file system.
S file system operations, such as reading anif they were accessing a local file.
Advan Module 6, slide 4 of 48Copyrig
Th :
ame files,cess the same
cations onisk space for
y, because all
, includingC)ad
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Benefits
e benefits of the NFS service are as follows
• Allows multiple computers to use the sbecause all users on the network can acdata
• Reduces storage costs by sharing applicomputers instead of allocating local deach user application
• Provides data consistency and reliabilitusers can read the same set of files
• Supports heterogeneous environmentsthose found on a personal computer (P
• Reduces system administration overhe
Advan Module 6, slide 5 of 48Copyrig
NF amentals
Th components:
Th 4 NFSsim
Th
Ver a client hostatt
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
S Distributed File System Fund
e NFS environment contains the following
• NFS server• NFS client
e Solaris 10 OS supports versions 2, 3, and ultaneously.
e default is to use NFSv4.
sion-related checks are applied whenever empts to access a server’s file share.
Advan Module 6, slide 6 of 48Copyrig
NF mentals
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
S Distributed File System Funda(cont.)
• NFS serverNFS Server (Host 1)
Shared
Directories andDisk Storage
NFS servershares diskstorage withNFS client.
NFS Client (Host 2)
/ /
export opt
rdbms
sharelibbin
rdbms
Host1# share /export/rdbms
Advan Module 6, slide 7 of 48Copyrig
NF mentals
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
S Distributed File System Funda(cont.)
• NFS clientNFS Server (Host 1)
Shared
Directories andDisk Storage
NFS servershares diskstorage withNFS client.
NFS Client (Host 2)
/ /
optexport
sharelibbin
Host2# mount Host1:/export/rdbms /opt/rdbms
rdbms rdbms
Advan Module 6, slide 8 of 48Copyrig
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Version 4 (NFSv4)
• Stateful connections• Single protocol• Improved Firewall Support• Pseudo file systems• Strong security• Extended attributes• Delegation
Advan Module 6, slide 9 of 48Copyrig
s
s
nfs4
rted directories
port_fs dir:
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Pseudo-File System
Server exports: /export_fs/local/export_fs/projects/nfs4 /export_fs
export_fs export_f
local
nfs4x
projects payroll
nfs4
local project
/Expo
Client view of server’s ex
Server file systems:
Server file systems:
Advan Module 6, slide 10 of 48Copyrig
ntation of theSS)
on Mechanism
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Strong Security
• Remote Procedure Call (RPC) implemeGeneral Security Service framework (G
• New security flavor RPCSEC_GSS• Used with Sun Enterprise Authenticati
(SEAM) software• Other GSS_API applications
Advan Module 6, slide 11 of 48Copyrig
testdata"
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Compound Procedures
NFS version 3 NFS version 4
-> LOOKUP "export" ->OPEN "export/
<- OK READ
->LOOKUP "testdata" <- OPEN OK
<- OK READ OK
-> ACCESS "testdata" (sends data)
<- OK
-> READ "testdata"
<- OK
(sends data)
Advan Module 6, slide 12 of 48Copyrig
nnt dependentith files or file
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Extended Attributes
• Mandatory – Minimal level of operatio• Recommended – Operating environme• Named – Byte string, data associated w
system
Advan Module 6, slide 13 of 48Copyrig
nd contains and
to declare that
les if the server
efers to that file
le.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
File Handles
• File handles are created on the server ainformation that uniquely identifies filedirectories.
• NFS version 4 protocol permits a serverits file handles are volatile.
• Clients must support volatile file handuses them.
• Upon file handle expiration, the client:• Flushes the cached information that r
handle.• Searches for that file's new file hand• Retries the operation.
Advan Module 6, slide 14 of 48Copyrig
f a file to a
nt a delegation. for callback.
ated state of the
ifferently when
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Delegation
• The server delegates the management oclient.
• The server alone decides whether to gra• The new nfs4cbd (1M) daemon is used• The server sends callback to get the upd
file and to revoke the delegation.• Different NFS client versions behave d
a conflict occurs.• Delegation is enabled by default.
Advan Module 6, slide 15 of 48Copyrig
Client
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an NFS Server and
• nfs(4) configuration file:/etc/default/nfs
• Enabling NFS versions on server:NFS_SERVER_VERSMIN=num
NFS_SERVER_VERSMAX=num
• Enabling NFS versions on client:NFS_CLIENT_VERSMIN=num
NFS_CLIENT_VERSMAX=num
num=version 2, 3 or 4• Other options in nfs(4)
Advan Module 6, slide 16 of 48Copyrig
server
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing an NFS Server
• NFS server filesYou need several files to support NFSactivities on any computer.• /etc/dfs/dfstab
• /etc/dfs/sharetab
• /etc/dfs/fstypes
• /etc/rmtab
• /etc/nfs/nfslog.conf
• /etc/default/nfslogd
• /etc/default/nfs
Advan Module 6, slide 17 of 48Copyrig
e commandsof the dfstab
<pathname>
/export/home2local/dataes" /rdbms_files
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing an NFS Server
• The /etc/dfs/dfstab fileThe /etc/dfs/dfstab file contains ththat share local directories. Each linefile consists of a share command.# cat /etc/dfs/dfstab(output omitted)# the very first entry to this file.## share [-F fstype] [ -o options] [-d "<text>"][resource]# .e.g,# share -F nfs -o rw=engineering -d "home dirs"share -F nfs -o ro -d "Shared data files" /usr/share -F nfs -o rw,root=sys-01 -d "Database fil
Advan Module 6, slide 18 of 48Copyrig
a table of local
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing an NFS Server
• The /etc/dfs/sharetab fileThe /etc/dfs/sharetab file containsresources currently being shared.# cat /etc/dfs/sharetab/usr/local/data - nfs ro Shared data files/rdbms_files - nfs ro,root=sys01 Database files
Advan Module 6, slide 19 of 48Copyrig
f file systems
eters that cancols.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing an NFS Server
• The /etc/rmtab fileThe /etc/rmtab file contains a table oremotely mounted by NFS clients.# cat /etc/rmtabsys-03:/usr/local/datasys-02:/export/config...
• The /etc/default/nfs fileThe /etc/default/nfs file lists parambe set for NFS daemon and NFS proto
Advan Module 6, slide 20 of 48Copyrig
To svc
If a b file, the NFSser themul
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Server Daemons
start the NFS server daemons, enable the:/network/nfs/server service.
# svcadm -v enable nfs/serversvc:/network/nfs/server:default enabled.
system has entries in its /etc/dfs/dfstaver daemons start when the system enters ti-user-server milestone.
Advan Module 6, slide 21 of 48Copyrig
In d and lockddae col.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Server Daemons
• mountd
• nfsd
• statd
• lockd
• nfslogd
• nfsmapid
NFSv4, the features provided by the mountmons are integrated into the NFSv4 proto
Advan Module 6, slide 22 of 48Copyrig
system mountvides access
articularquesting client
ess a remoteNFS server
s file handle,ation.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Server Daemons
• The mountd daemonThe mountd daemon handles NFS filerequests from remote systems and procontrol.The mountd daemon determines if a pdirectory is being shared, and if the rehas permission to access it.
• The nfsd daemonWhen a client process attempts to accfile resource, the nfsd daemon on thereceives the request and the resource’and then performs the requested oper
Advan Module 6, slide 23 of 48Copyrig
ck managerery functions
cking
ional logging
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Server Daemons
• The statd daemonThe statd daemon works with the lolockd daemon to provide crash recovfor the lock manager.
• The lockd daemonThe lockd daemon supports record-looperations for NFS files.
• The nfslogd daemonThe nfslogd daemon provides operatfor an NFS server.
Advan Module 6, slide 24 of 48Copyrig
d in NFSv4.nd groupnt and server
e
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Server Daemons
• The nfsmapid daemonThe nfsmapid daemon is implementeThe nfsmapid daemon maps owner aidentification that both the NFSv4 clieuse.The nfsmapid daemon is started by thsvc:/network/nfs/mapid service.
Advan Module 6, slide 25 of 48Copyrig
mons
Th e systemtra anually whenena vice.
Th ependencies ofthe
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing the NFS Server Dae
e NFS daemons start conditionally when thnsitions through run levels, or they start mbling the svc:/network/nfs/server ser
e svcs command can be used to show the dnfs/server service.
# svcs | grep nfsonline 15:35:24 svc:/network/nfs/client:defaultonline 15:35:29 svc:/network/nfs/status:default...# svcs -l nfs/serverfmri svc:/network/nfs/server:defaultname NFS server...
Advan Module 6, slide 26 of 48Copyrig
mons
aemonsually, place and perform the
ually, perform
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing the NFS Server Dae
• Starting and stopping the NFS server dTo start the NFS server daemons manentry in the /etc/dfs/dfstab file anfollowing command:# svcadm enable svc:/network/nfs/server
To stop the NFS server daemons manthe following command:# svcadm disable svc:/network/nfs/server
Advan Module 6, slide 27 of 48Copyrig
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Server Commands
• share
• unshare
• shareall
• unshareall
• dfshares
• dfmounts
Advan Module 6, slide 28 of 48Copyrig
haring
Wh ou can use thesha ble.
For irectory as area ing command:
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NFS Server for SResources
en the NFS server daemons are running, yre command to make file resources availa
example, to share the /usr/local/data dd-only shared resource, perform the follow
# share -o ro /usr/local/data
Advan Module 6, slide 29 of 48Copyrig
haring
Th
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NFS Server for SResources
e share command options:
• ro
• rw
• root=access-list
• ro=access-list
• rw=access-list
• anon=n
Advan Module 6, slide 30 of 48Copyrig
haring
ountingile resources
/dataountmand:
rcesrently shared
ANSPORT
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NFS Server for SResources
• Making file resources unavailable for mUse the unshare command to make funavailable for mount operations.For example, to make the /usr/localdirectory unavailable for client-side moperations, perform the following com# unshare /usr/local/data
• Displaying currently shared NFS resouThe dfshares command displays curNFS resources.# dfsharesRESOURCE SERVER ACCESS TRsys-02:/usr/local/data sys-02 - -
Advan Module 6, slide 31 of 48Copyrig
haring
otely mounted
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NFS Server for SResources
• Displaying NFS mounted resourcesThe dfmounts command displays remNFS resource information.# dfmountsRESOURCE SERVER PATHNAME CLIENTS- sys-02 /usr/local/data sys-03
Advan Module 6, slide 32 of 48Copyrig
client activities
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing the NFS Client
• NFS client filesYou need several files to support NFSon any computer.• /etc/vfstab
• /etc/mnttab
• /etc/dfs/fstypes
• /etc/default/nfs
Advan Module 6, slide 33 of 48Copyrig
t time, enter/etc/vfstab
yes soft,bg
s read-onlytems for the
to the
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing the NFS Client
• The /etc/vfstab fileTo mount remote file resources at boothe appropriate entries in the client’sfile. For example:sys-02:/usr/local/data - /usr/remote_data nfs -
• The /etc/mnttab fileThe /etc/mnttab file system provideaccess to the table of mounted file syscurrent host.Mounting a file system adds an entry/etc/mnttab file.
Advan Module 6, slide 34 of 48Copyrig
Thsvc
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Client Daemons
e NFS client daemons are started using the:/network/nfs/client service.
• statd
• lockd
• nfs4cbd
Advan Module 6, slide 35 of 48Copyrig
ons
Tw e lockddae NFS clients.
Th stem enters thenet
lt
lt
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing the NFS Client Daem
o NFS daemons, the statd daemon and thmon, run both on the NFS servers and the
ese daemons start automatically when a sywork milestone.
# svcs -D milestone/networkSTATE STIME FMRIdisabled 15:34:35 svc:/network/dns/client:defaudisabled 15:34:37 svc:/network/nfs/cbd:default(output omitted)online 16:31:18 svc:/network/nfs/nlockmgr:defauonline 16:33:12 svc:/network/nfs/status:default
Advan Module 6, slide 36 of 48Copyrig
ons
F service
F service
erform the
default.
r:default.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing the NFS Client Daem
• The lockd daemon is started by the SMnfs/nlockmgr.# svcadm -v enable nfs/nlockmgrsvc:/network/nfs/nlockmgr:default enabled.
• The statd daemon is started by the SMnfs/status.# svcadm -v enable nfs/statussvc:/network/nfs/status:default enabled.
To manually restart these daemons, pfollowing commands:# svcadm -v restart nfs/statusAction restart set for svc:/network/nfs/status:# svcadm -v restart nfs/nlockmgrAction restart set for svc:/network/nfs/nlockmg#
Advan Module 6, slide 37 of 48Copyrig
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS Client Commands
• dfshares
• mount
• umount
• mountall
• umountall
Advan Module 6, slide 38 of 48Copyrig
ounting
eso list resources
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NFS Client for MResources
• Displaying a server’s available resourcYou can use the dfshares command tmade available by an NFS server.# dfshares sys-02RESOURCE SERVER ACCESS TRANSPORTsys-02:/usr/local/data sys-02 - -...
Advan Module 6, slide 39 of 48Copyrig
ounting
o attach a localsystem
esource, yousources for theas a list of
omed_data /
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NFS Client for MResources
• Accessing the remote file resourceUse the /usr/sbin/mount command tor remote file resource to the local filehierarchy. For example:# mount sys-02:/rdbms_files /rdbms_files
When mounting a read-only remote rcan specify a comma-separated list ofremote resource, which are then usedfailover resources.# mount -o ro sys-45,sys-43,sys-41:/multi_hremote_shared_data
Advan Module 6, slide 40 of 48Copyrig
ounting
from the clientcal and remoterarchy.
mounts all filee with a mount
remote file
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NFS Client for MResources
• Unmounting the remote file resources Use the umount command to detach lofile resources from the file system hie# umount /rdbms_files
• Mounting all file resourcesThe /usr/sbin/mountall commandresources listed in the /etc/vfstab filat boot value of yes.To limit the action of this command toresources, use the -r option.# mountall -r
Advan Module 6, slide 41 of 48Copyrig
ounting
resourcese -r option tole systems.
eot time, createc/vfstab file.
yes soft,bg
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NFS Client for MResources
• Unmounting all currently mounted fileUse the umountall command with threstrict unmounting to only remote fi# umountall -r
• Mounting remote resources at boot timTo mount a remote file resource at boan appropriate entry in the client’s /etFor example:sys-02:/usr/local/data - /usr/remote_data nfs -
Advan Module 6, slide 42 of 48Copyrig
ns
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The mountCommand Optio
• rw|ro
• bg|fg
• soft|hard
• intr|nointr
• suid|nosuid
• timeo=n
• retry=n
• retrans=n
Advan Module 6, slide 43 of 48Copyrig
gging
Th ransactions.
Th gging.
Wh kernel modulewr e system into abu
Th
Th om the loggingop w data in ASCIIlog
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Fundamentals of NFS Server Lo
e NFS server logging feature records NFS t
e nfslogd daemon provides operational lo
en you enable NFS server logging, the NFSites records of all NFS operations on the filffer file.
e nfslogd Daemon
e nfslogddaemon converts the raw data freration into ASCII records, and stores the ra files.
Advan Module 6, slide 44 of 48Copyrig
s
Th ath, file names,and must use.
A t
To reate the tagent es.
Th
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring NFS Log Path
e /etc/nfs/nfslog.conffile defines the p type of logging that the nfslogd daemon
ag corresponds to each definition.
configure NFS server logging, identify or cries for each of the server’s shared resourc
e global tag defines default values.
Advan Module 6, slide 45 of 48Copyrig
s
Tag e the followingfor
\extended ]
For
ffer
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring NFS Log Path
ged entries in /etc/nfs/nfslog.conf usmat:
<tag> [ defaultdir=<dir_path> ] \[ log=<logfile_path> ] [ fhtable=<table_path> ][ buffer=<bufferfile_path> ] [ logformat=basic|
example:
global defaultdir=/var/nfs \log=nfslog fhtable=fhtable buffer=nfslog_workbu
Advan Module 6, slide 46 of 48Copyrig
s
Us s required:
Cre/et server logging.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring NFS Log Path
e the following parameters with each tag, a
• defaultdir=dir_path
• log=logfile_path
• fhtable=table_path
• buffer=bufferfile_path
• logformat=basic|extended
ate any directories you specify inc/nfs/nfslog.conf before starting NFS
Advan Module 6, slide 47 of 48Copyrig
To ollowing steps:
ttings in the
ant to enabler the log=tag
on the server.t the correctu shared.
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Initiating NFS Logging
initiate NFS server logging, complete the f
1. Become superuser.2. Optional: Change the configuration se
/etc/nfs/nfslog.conf file.3. Share the file system for which you w
logging, adding the -o log option, ooption. Example:share -F nfs -o log /export/sys44_data
4. Check that the NFS service is running5. Run the share command to verify tha
options are listed for the directory yo
Advan Module 6, slide 48 of 48Copyrig
risM der Tools
You ponents of thesto of the SolarisMa
Th te, and managesev
Sun Services
ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing NFS With the Solaanagement Console Storage Fol
can manage the NFS system by using comrage folder tools from the default tool box nagement Console.
e Mounts and Shares tool lets you view, creaeral types of mounts and shares.
Sun
System Administra
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 7
Configuring AutoFS
System Module 7, slide 2 of 17Copyrig
FS file system
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe the fundamentals of the Auto• Use automount maps
System Module 7, slide 3 of 17Copyrig
Au des automaticmo
Au
Th e systems asreq
Th ents:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
AutoFS Fundamentals
toFS is a file system mechanism that proviunting using the NFS protocol.
toFS is a client-side service.
e AutoFS service mounts and unmounts filuired without any user intervention.
e automount facility contains three compon
• The AutoFS file system• The automountd daemon• The automount command
System Module 7, slide 4 of 17Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
AutoFS Fundamentals
RAM
Automount Maps
Master map
Direct map
Indirect map
Special map
��������� ��AutoFS
������������������
System Module 7, slide 5 of 17Copyrig
are defined intem.t up, activitye systems to be
toFS resourcervice calls thehe requested
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
AutoFS Fundamentals
• AutoFS file systemAn AutoFS file system’s mount pointsthe automount maps on the client sysAfter the AutoFS mount points are seunder the mount points can trigger filmounted under the mount points.If a mount request is made for an Aunot currently mounted, the AutoFS seautomountd daemon, which mounts tresource.
System Module 7, slide 6 of 17Copyrig
cript starts the
systems onints.
stem startuphe initial set of
ticallypoints undermand.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
AutoFS Fundamentals
• The automountd daemonThe /lib/svc/method/svc-autofs sautomountd daemon.The automountd daemon mounts filedemand and unmounts idle mount po
• The automount commandThe automount command, called at sytime, reads the master map to create tAutoFS mounts.These AutoFS mounts are not automamounted at startup time, they are thewhich file systems are mounted on de
System Module 7, slide 7 of 17Copyrig
Th
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using Automount Maps
e following lists the AutoFS map types:
• Master map• Direct map• Indirect map• Special
System Module 7, slide 8 of 17Copyrig
t.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using Automount Maps (conNFS Client
"venues"
/
auto_master
/net -hosts [options]/home auto_home [options]/- auto_direct [options]
auto_direct
/opt/moreapps pluto: /export/opt/apps
auto_home Ernie mars:/export/home/ernieMary mars:/export/home/mary
etc
System Module 7, slide 9 of 17Copyrig
p
Th also called amo
Th ng all the mapstha
Th master file.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Master Ma
e auto_master map associates a directory,unt point, with a map.
e auto_mastermap is a master list specifyit the AutoFS service should check.
e following example shows an /etc/auto_
# cat /etc/auto_master# Master map for automounter#+auto_master/net -hosts -nosuid,nobrowse/home auto_home -nobrowse
System Module 7, slide 10 of 17Copyrig
I al Maps
Th e default/et
l resources
anism to allowOMEdirectories.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
dentifying Mount Points for Speci
ere are two mount point entries listed in thc/auto_master file.
/net -hosts -nosuid,nobrowse/home auto_home -nobrowse
• The -hosts map provides access to alshared by NFS servers.
• The auto_homemap provides the mechusers to access their centrally located $H
System Module 7, slide 11 of 17Copyrig
Sha ap entry aremo y.
For/do y the command:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the /netDirectory
red resources associated with the hosts munted below the /net/hostname director
example, a shared resource namedcumentationon host sys42 is mounted b
# cd /net/sys42/documentation
System Module 7, slide 12 of 17Copyrig
A / t point for adir
Cre
Dir f the mountpo the sharedres
,v6.0
:/usr/share/man
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Adding Direct Map Entries
- entry in the master map defines a mounect map.
/- auto_direct -ro
ating a Direct Map
ect maps specify the absolute path name oint, the specific options for this mount, andource to mount. For example:
# cat /etc/auto_direct# Superuser-created direct map for automounter#/apps/frame -ro,soft server1:/export/framemaker/opt/local -ro,soft server2:/export/unbundled/usr/share/man -ro,soft server3,server4,server5
System Module 7, slide 13 of 17Copyrig
s
Ind unt point fromthe in the masterma in the indirectma
ainder of therce to mount.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Adding Indirect Map Entrie
irect maps obtain the initial path of the mo master map. For example, the /home entryp defines the base for mount points listed p called auto_home.
/home auto_home -nobrowse
• Creating an indirect mapEntries in an indirect map list the rempreferred mount point, and the resouFor example:stevenu host5:/export/home/stevenujohnnyd host6:/export/home/johnnyd
System Module 7, slide 14 of 17Copyrig
ont.)
le linen charactersery login ID,
m the NFS
any key.end of the pathld.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Adding Indirect Map Entries (c
• Reducing the auto_home map to a singIn this example, the use of substitutiowithin auto_home specifies that for evthe client remotely mounts the/export/home/loginID directory froserver.* server1:/export/home/&
• The wildcard character (*) matches • The substitution character (&) at the
is replaced with the matched key fie
System Module 7, slide 15 of 17Copyrig
ont.)
homehomehome
c
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Adding Indirect Map Entries (c
NFS Server"mars"
export
home
ernie
NFS Client"venus"
Mount on Demandby automountd
/
home
auto_auto_
autofsautofs
auto_
autofs
et
mary
/
mary
System Module 7, slide 16 of 17Copyrig
ps
Wh reating a directma he changeseff
You ountd daemon.
You p at any time.Th ountd daemonnex nt.
An atically used bythe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Updating the Automount Ma
en making changes to the master map or cp, run the automount command to make t
ective.
do not have to stop and restart the autom
can modify existing entries in a direct mae new information is used when the automt accesses the map entry to perform a mou
y modifications to indirect maps are automautomountd daemon.
System Module 7, slide 17 of 17Copyrig
ount
the following
ofs
the following
fs
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Stopping and Starting the AutomSystem
• Stopping the automount systemTo disable the service manually, entercommand:# svcadm disable svc:/system/filesystem/aut
• Starting the automount systemTo enable the service manually, entercommand:# svcadm enable svc:/system/filesystem/auto
Sun
System Administra
De olaris™are
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 8
scribing RAID and the SVolume Manager Softw
System Module 8, slide 2 of 22Copyrig
are concepts
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe RAID• Describe Solaris Volume Manager softw
System Module 8, slide 3 of 22Copyrig
RA and to storedat
Th etadevices,wh al storagevol D 1+0, andRA
catenation and
distributed
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing RAID
ID is a classification of methods to back upa on multiple disk drives.
e Solaris Volume Manager software uses mich are product-specific definitions of logicumes, to implement RAID 0, RAID 1, RAIID 5:
• RAID 0: Non-redundant disk array (constriping)
• RAID 1: Mirrored disk array• RAID 5: Block-interleaved striping with
parity
System Module 8, slide 4 of 22Copyrig
ns)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 0
• Concatenated volumes (or concatenatio
PhysicalSlice A
PhysicalSlice B
RAID 0(Concatenation)Logical Volume
PhysicalSlice C
Solaris VolumeManager
System Module 8, slide 5 of 22Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 0 (cont.)
• Striped volumes (or stripes)
Interlace 4
Interlace 1
Interlace 5
Interlace 2
Interlace 6
Interlace 3
PhysicalSlice A
PhysicalSlice B
PhysicalSlice C
Solaris VolumeManager
RAID 0(Stripe)
Logical Volume
Interlace 4 Interlace 5
Interlace 2
Interlace 6
Interlace 1 Interlace 3
System Module 8, slide 6 of 22Copyrig
1 or)olume
Submirror 2
Int 1
Int 2
Int 3
Int 4
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 1
Interlace 2
Interlace 3
Interlace 4
Interlace 1
Interlace 2
Interlace 3
Interlace 4
Interlace 1
Submirror 1
RAID(Mirr
Logical V
Submirror 1
Submirror 2Solaris Volume
Manager
Int 1
Int 2
Int 3
Int 4
System Module 8, slide 7 of 22Copyrig
PhysicalSlice F
AID 0Striped)olumeubmirror 2
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 0+1PhysicalSlice A
PhysicalSlice B
PhysicalSlice C
PhysicalSlice D
PhysicalSlice E
RAID 0(Striped)Volume
Submirror 1
R(VS
RAID 1(Mirrored)Volume
System Module 8, slide 8 of 22Copyrig
RAID 1(Mirror)LogicalVolume
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 1+0
PhysicalSlice A
PhysicalSlice D
PhysicalSlice B
PhysicalSlice E
PhysicalSlice C
PhysicalSlice F
RAID 1(Mirror)LogicalVolume
RAID 1(Mirror)LogicalVolume
RAID 0(Striped)
Logical Volume
System Module 8, slide 9 of 22Copyrig
Mi the followingop
You ally create themi distribute theloa rformance.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Mirror Options
rror performance can be modified by usingtions:
• Mirror read policy• Mirror write policy
can define mirror options when you initirror or after you set up the mirror. You cand across the submirrors to improve read pe
System Module 8, slide 10 of 22Copyrig
Rea
Ro irrors
Ge s amongl disk block
Fir rror
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Mirror Read Policies
d Policy Description
und Robin (default) Balances the load across the subm
ometric Enables the system to divide readsubmirrors on the basis of a logicaaddress
st Directs all reads to the first submi
System Module 8, slide 11 of 22Copyrig
Wr
Par dispatches
Ser rror musto the next
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Mirror Write Policies
ite Policy Description
allel (Default) Replicates a write to a mirror, andthe write to all of the submirrorssimultaneously
ial Specifies that writes to one submicomplete before initiating writes tsubmirror
System Module 8, slide 12 of 22Copyrig
e
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 5
P(4-6)
Interlace 7
Interlace 10
Interlace 1
PhysicalSlice A
Interlace 4
P(7-9)
Interlace 11
Interlace 2
PhysicalSlice B
Interlace 5
Interlace 8
P(10-12)
Interlace 3
PhysicalSlice C
P(1-3)
Interlace 9
Interlace 12
Interlace 6PhysicalSlice D
RAID 5Logical Volum
Interlace 12
Interlace 8
Interlace 7
Interlace 6
Interlace 2
Interlace 3
Interlace 4
Interlace 5
Interlace 9
Interlace 10
Interlace 11
Interlace 1
Solaris VolumeManager
System Module 8, slide 13 of 22Copyrig
Re
Th guring RAID-5vol
um of threee contains, thehen a slice fails.ID-5 volumes.
slice thate you will erasen process.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 5 (cont.)
quirements for RAID-5 Volumes
e general configuration guidelines for confiumes are:
• Create a RAID-5 volume with a minimslices. The more slices a RAID-5 volumlonger read and write operations take w
• Do not stripe, concatenate, or mirror RA• Do not create a RAID-5 volume from a
contains an existing file system, becausthe data during the RAID-5 initializatio
System Module 8, slide 14 of 22Copyrig
can define thevalue, a default
an only handle
oss separatemes.g a RAID-5in unused disk
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 5 (cont.)
• When you create a RAID-5 volume, youinterlace value. If you do not specify avalue of 16 Kbytes is assigned.
• A RAID-5 volume (with no hot spares) ca single slice failure.
• To optimize performance, use slices acrcontrollers when creating RAID-5 volu
• Use disk slices of the same size. Creatinvolume of different-sized slices results space on the larger slices.
System Module 8, slide 15 of 22Copyrig
Su
Th void commonper olumes:
ulations,rcent writeses. If datas needed,
e on differente are primarily
he interlaceormance.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 5 (cont.)
ggestions for RAID 5 Volumes
e following general suggestions can help aformance problems when using RAID-5 v
• Because of the complexity of parity calcvolumes with greater than about 20 peshould probably not be RAID-5 volumredundancy on a write-heavy volume iconsider mirroring.
• If the slices in the RAID-5 volume residcontrollers and the accesses to the volumlarge sequential accesses, then setting tvalue to 32 Kbytes might improve perf
System Module 8, slide 16 of 22Copyrig
For n performance,ava ries ofinf storagepla
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Hardware Considerations
any given application there are trade-offs iilability, and hardware costs. A few catego
ormation that you must address during thenning phase are:
• General storage guidelines• Determining storage characteristics• Storage performance guidelines
System Module 8, slide 17 of 22Copyrig
ms
Fea RAID-5 StripeWith Parity
Reddat
Yes
Imper
Yes
Imwrper
No
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Choosing Storage Mechanis
ture RAID-0Concatenation
RAID-0Stripe
RAID-1Mirror
undanta
No No Yes
proved readformance
No Yes Depends ontheunderlyingdevice
provediteformance
No Yes No
System Module 8, slide 18 of 22Copyrig
ge
Fac -Redundant
Wr tral
Ra tral
Ha est
Perdu
loss
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Optimizing Redundant Stora
tors RAID 1(Mirror)
RAID 5 Non
ite operations Faster Slower Neu
ndom read Slower Faster Neu
rdware cost Highest Higher Low
formancering failure
Best Poor Data
System Module 8, slide 19 of 22Copyrig
nager
Th u manage largenu . Most tasksinc
age devices
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Solaris Volume MaSoftware Concepts
e Solaris Volume Manager software lets yombers of disks and the data on those diskslude:
• Increasing storage capacity• Increasing data availability• Making the administration of large stor
easier
System Module 8, slide 20 of 22Copyrig
SV l volumes toma ata.
You ftware volumesfro ris VolumeMa
Th ManagementCo any type ofSV
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Logical Volume
M software uses virtual disks called logicanage physical disks and their associated d
can create the Solaris Volume Manager som slices (disk partitions) or from other Solanager software volumes.
e Enhanced Storage tool within the Solaris nsole allows you to list, create, and modifyM software volumes or components.
System Module 8, slide 21 of 22Copyrig
Sof ing largesto sizes.
Us e into as manydiv ed, can bedir le systems, aslon
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Soft Partitions
t partitions provide a mechanism for dividrage spaces into smaller, more manageable
e soft partitioning to divide a slice or volumisions as needed. A soft partition, once namectly accessed by applications, including fig as it is not included in another volume.
System Module 8, slide 22 of 22Copyrig
se
Bef ume Managersof the SolarisVo
Th tically updatesthe te changeocc
Th eplicateddat tabase protectsaga .
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing the State Databa
ore creating volumes using the Solaris Voltware, state database replicas must exist onlume Manager software system.
e Solaris Volume Manager software automa state database when a configuration or staurs.
e state database is a collection of multiple, rabase copies. Having copies of the state dainst data loss from single points-of-failure
Sun
System Administra
Con Manager
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 9
figuring Solaris Volume Software
System Module 9, slide 2 of 39Copyrig
are concepts
root (/) file
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe Solaris Volume Manager softw• Build a RAID-0 (concatenated) volume• Build a RAID-1 (mirror) volume for the
system
System Module 9, slide 3 of 39Copyrig
epts
Th olaris 9 OS andSol software usedin r OS.
Th to implementRA
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Solaris Volume Manager Conc
e Solaris Volume Manager software in the Saris 10 OS replaces the Solstice DiskSuite™eleases of the Solaris OS prior to Solaris 9
e Solaris Volume Manager software is usedID 0, RAID 1, RAID 1+0, and RAID 5.
System Module 9, slide 4 of 39Copyrig
Th about the stateof figuration.
Mu s, providered d be distributedacr
Sol rity consensusalg eplicas containval
Th 1) of the statedat hem arecon
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
State Database Replicas
e state database stores information on diskyour Solaris Volume Manager software con
ltiple copies of the database, called replicaundancy. The state database replicas shouloss multiple disks.
aris Volume Manager software uses a majoorithm to determine which state database rid data.
e algorithm requires that a majority (half +abase replicas are available before any of tsidered valid.
System Module 9, slide 5 of 39Copyrig
Th
g if at least halfble.half of the state
olaris Volumehe total number
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
State Database Replicas
e majority consensus algorithm:
• Makes sure that the system stays runninof the state database replicas are availa
• Causes the system to panic if fewer thandatabase replicas are available.
• Prevents the system from starting the SManager software unless a majority of tof state database replicas are available.
System Module 9, slide 6 of 39Copyrig
e
You g the following:
GUI
Th o create statedat
1t0d0s1
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating the State Databas
can create state database replicas by usin
• The metadb -a command• The Solaris Volume Manager software
e following example shows using metadb tabase replicas:
# metadb -a -f c0t0d0s4 c0t0d0s5 c1t0d0s0 c# metadb
flags first blk block counta u 16 8192 /dev/dsk/c0t0d0s4a u 16 8192 /dev/dsk/c0t0d0s5a u 16 8192 /dev/dsk/c1t0d0s0a u 16 8192 /dev/dsk/c1t0d0s1
System Module 9, slide 7 of 39Copyrig
ing thele
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating the State Database UsSolaris Management Conso
System Module 9, slide 8 of 39Copyrig
ing thecont.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating the State Database UsSolaris Management Console (
System Module 9, slide 9 of 39Copyrig
g thent.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating the State Database UsinSolaris Management Console (co
System Module 9, slide 10 of 39Copyrig
RA capacityeffi a redundancy,bu ity.
RA atenations.
cause multipleme time. Al slices in the
e first availableme writes data
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring RAID-0
ID-0 volumes let you expand disk storageciently. These volumes do not provide datt can be used to expand disk storage capac
ID-0 comes in two forms, stripes and conc
• Striping enables parallel data access becontrollers can access the data at the sastripe distributes data equally across alstripe.
• A concatenated volume writes data to thslice. When the first slice is full, the voluto the next available slice.
System Module 9, slide 11 of 39Copyrig
g the
e you can
ach of two
rt/homeost at capacity.
oncatenated tome.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating a RAID-0 Volume UsinCommand Line
• State database replicas must exist beforconfigure any metadevices.
• For example, to create two replicas on eslices, use the command:# metadb -a -f -c 2 c3t2d0s7 c3t3d0s7
• In this example, assume that the /expo(/dev/dsk/c0t0d0s7) file system is almA new slice from another disk will be cit, making a RAID-0 concatenated volu
System Module 9, slide 12 of 39Copyrig
g the
etadevices and:
hese slices is
oncatenation is
ipes is equal to this case 2.s one, so the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating a RAID-0 Volume UsinCommand Line
• Use the metainit command to create massociate slices with them. For example# metainit -f d0 2 1 c0t0d0s7 1 c3t2d0s0d0: Concat/Stripe is setup
• The -f option is required if one of tcurrently mounted.
• The metadevice name used for this cd0.
• In a concatenation, the number of strthe number of slices being added, in
• The number of slices in each stripe inumber 1 appears before each slice.
System Module 9, slide 13 of 39Copyrig
g the
ted, but is notusing the new
le that mounts
me ufs 2 yes -
e metadevice
2 yes -
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating a RAID-0 Volume UsinCommand Line
• The new metadevice (d0) has been creabeing used yet. It needs to be remountedmetadevice device files.
• Locate the entry in the /etc/vfstab fithe file system at boot time:/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/ho
Change the device names to match thnames:/dev/md/dsk/d0 /dev/md/rdsk/d0 /export/home ufs
System Module 9, slide 14 of 39Copyrig
g the
using the new
ed one
n into the new
. Use the option
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating a RAID-0 Volume UsinCommand Line
• Un-mount and re-mount the file systemdevice files:# umount /export/home# mount /export/home# df -h /export/homeFilesystem size used avail capacity Mount/dev/md/dsk/d0 470M 395M 28M 94% /export/hom
• The existing file system needs to be growspace.
• This is done with the growfs command-M to specify a mount point:# growfs -M /export/home /dev/md/rdsk/d0...
System Module 9, slide 15 of 39Copyrig
C Solaris
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
reating a RAID-0 Volume UsingManagement Console
System Module 9, slide 16 of 39Copyrig
C Solarist.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
reating a RAID-0 Volume UsingManagement Console (con
System Module 9, slide 17 of 39Copyrig
C Solarist.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
reating a RAID-0 Volume UsingManagement Console (con
System Module 9, slide 18 of 39Copyrig
C Solarist.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
reating a RAID-0 Volume UsingManagement Console (con
System Module 9, slide 19 of 39Copyrig
C Solarist.)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
reating a RAID-0 Volume UsingManagement Console (con
System Module 9, slide 20 of 39Copyrig
RA d provide datared ntical copies ofthe t is made.
ID-0 volumes.alled
rs is known as a
r from a mirror
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring RAID-1
ID-1 volumes are also known as mirrors anundancy. A RAID-1 volume maintains ide data in the RAID-0 volumes from which i
• Using multiple submirrors• A mirror is made of two or more RA• The mirrored RAID-0 volumes are c
submirrors.• A mirror consisting of two submirro
two-way mirror.• You can attach or detach a submirro
at any time.
System Module 9, slide 21 of 39Copyrig
)
by using the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring RAID-1 (cont.
• Mirror optionsMirror performance can be modifiedfollowing options:• Mirror read policy
• Round robin• Geometric• First
• Mirror write policy• Parallel• Serial
System Module 9, slide 22 of 39Copyrig
B System
Th t (/) file systemcan exclusively, butit i nt Console(SM
Th volume for theroo ted.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File
e procedure for building a mirror of the roobe accomplished using the command line
s not possible to use the Solaris ManagemeC) exclusively.
is section describes how to create a RAID-1t (/) file system, which cannot be unmoun
System Module 9, slide 23 of 39Copyrig
B System
Cre quires thefol
stem you want
ntain theme.ID-0 volumerored.e the system’s) mirror.
root (/) mirror.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File(cont.)
ating a mirror of the root (/) file system relowing general steps:
1. Create a RAID-0 volume for the file syto mirror.
2. Create a second RAID-0 volume to cosecond submirror of the RAID-1 volu
3. Create a one-way mirror using the RAthat contains the file system to be mir
4. Use the metaroot command to updatconfiguration, because this is a root (/
5. Reboot your system, because this is a
System Module 9, slide 24 of 39Copyrig
B System
e system
used in theirror, because
tem.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File(cont.)
6. Attach the second submirror to the filmirror.
7. Record the alternate boot path that isevent of a failure of the primary submthis is a mirror of the root (/) file sys
System Module 9, slide 25 of 39Copyrig
B System
the root (/) fileich you later
rror to the
a RAID-0irror of the root
d0s0
he d11 volume.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File(cont.)
• Creating the RAID-0 volumesThe first step when building a mirror ofsystem is to create RAID-0 volumes, whcombine to form the mirror.Each RAID-0 volume becomes a submimirror.• Use the metainit command to create
volume to be used as the primary subm(/) file system:# /usr/sbin/metainit -f d11 1 1 c0t0
d11: Concat/Stripe is setup
This command forces the creation of t
System Module 9, slide 26 of 39Copyrig
B System
d as thesystem, use the
tes a mirrored
11 as a
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File(cont.)
• To create a RAID-0 volume to be usesecondary submirror of the root filemetainit command again:# metainit d12 1 1 c3t3d0s1d12: Concat/Stripe is setup
• Creating the RAID-1 volumeThe following metainit example creavolume named d10.This command attaches the volume dsubmirror of the mirror named d10.# /usr/sbin/metainit d10 -m d11d10: Mirror is setup
System Module 9, slide 27 of 39Copyrig
B System
systems, youange the mount
clude entries
, use the/vfstab and /
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File(cont.)
• Executing the metaroot commandWhen creating mirrors of mounted filemust update the /etc/vfstab file to chpoint from a slice to a volume.The /etc/system file must change to inrelated to SVM drivers.When mirroring the root (/) file systemmetaroot command to modify the /etcetc/system files, as follows:# metaroot d10# grep md /etc/vfstab/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -# tail /etc/systemrootdev:/pseudo/md@0:0,10,blk
System Module 9, slide 28 of 39Copyrig
B System
taching the
ing the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File(cont.)
• Rebooting the systemYou must reboot the system before atsecondary submirror.# init 6
• Attaching the secondary submirrorAttach the secondary submirror by usmetattach command:# metattach d10 d12d10: submirror d12 is attached
System Module 9, slide 29 of 39Copyrig
B System
Th nchronizationtak
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File(cont.)
e metastat command shows the mirror sying place.
# metastat d10d10: MirrorSubmirror 0: d11State: OkaySubmirror 1: d12State: ResyncingResync in progress: 83 % donePass: 1Read option: roundrobin (default)Write option: parallel (default)Size: 307440 blocks (150 MB)
System Module 9, slide 30 of 39Copyrig
B System
iableto define a
ndary root
1/SUNW,isptwo@4/
reference boths, in the order
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
uilding a Mirror of the Root (/) File(cont.)
• Updating the boot-device PROM varUse the OpenBoot nvalias commandbackup_root device alias for the secomirror. For example:ok nvalias backup_root /pci@1f,0/pci@1/pci@sd@3,0:b
Redefine the boot-device variable tothe primary and secondary submirrorin which you want to access them.ok setenv boot-device disk backup_root netboot-device= disk backup_root net
System Module 9, slide 31 of 39Copyrig
em for
he right deviceting the master
.probe for
system, the filedisk partition,
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an x86-Based SystMirrored Failover
• The BIOS• The BIOS is responsible for finding t
to boot from, then loading and execuboot record from that device.
• BIOS is configurable to some degree• BIOS may be limited in its ability to
devices.• fdisk Partitioning
• To use the SVM to mirror the root filesystem must use the single Solaris fand no separate boot partition.
System Module 9, slide 32 of 39Copyrig
em for
RUB)ot archive into
mingtly specifyingn you configure
clude thethe menu.lst
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an x86-Based SystMirrored Failover (cont.)
• The GNU GRand Unified Bootloader (G• GRUB is responsible for loading a bo
the system's memory.• Understanding the GRUB device na
conventions can assist you in correcdrive and partition information wheGRUB on your system.
• The functional GRUB components instage1 and stage2 programs, and file.
System Module 9, slide 33 of 39Copyrig
em for
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an x86-Based SystMirrored Failover (cont.)
• x86/x64 Boot Program Locations
Sector 0 =mboot + fdisk
Partition tableSector 0 = stage1
Sector 1 + 2 =disk label + VTOC
Disk Cylinders
Sector 50 = stage2- extends for200 + sectors
Solaris fdisk partitioncylinder 0 (disk cyl 1) = slice 8
0
0
1
System Module 9, slide 34 of 39Copyrig
em for
oot File Systemboot devices, if
n and root slice
sk/c2d0p0
2 programs./grub/stage2 \
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an x86-Based SystMirrored Failover (cont.)
• Creating a RAID-1 Volume From the r• Configure the ordering for the BIOS
possible.• Configure the Solaris fdisk partitio
on the mirror disk.• Install the mboot program.# fdisk -b /usr/lib/fs/ufs/mboot -n /dev/rd
• Install the GRUB stage1 and stage# /sbin/installgrub /boot/grub/stage1 /boot/dev/rdsk/c2d0p0
System Module 9, slide 35 of 39Copyrig
em for
isting root (/)
existing
an unused slice
ystem, then
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an x86-Based SystMirrored Failover (cont.)
• Identify the slice that contains the exfile system to be mirrored.
• Create a new RAID-0 volume on theroot (/) file system to be mirrored.
• Create a second RAID-0 volume onto act as the second submirror.
• Create a one-way mirror.• Remount your newly mirrored file s
reboot the system.# metaroot volume-name# reboot
System Module 9, slide 36 of 39Copyrig
em for
e
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an x86-Based SystMirrored Failover (cont.)
• Attach the second submirror.# metattach volume-name submirror-name
• Define the alternative boot path in th/boot/grub/menu.lst file.
# vi /boot/grub/menu.lst....title alternate boot root (hd1,0,a) kernel /boot/multiboot module /boot/x86.miniroot-safe
System Module 9, slide 37 of 39Copyrig
stem
rror to verify
mirror to make
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Unmirroring the Root (/) File Sy
• Run the metastat command on the mithat submirror 0 is in the Okay state.# metastat d10d10: MirrorSubmirror 0: d11State: OkaySubmirror 1: d12State: Okay...
• Run the metadetach command on the a one-way mirror.# metadetach d10 d12d10: submirror d12 is detached
System Module 9, slide 38 of 39Copyrig
U m (cont.)
rror, run thec/vfstab and
the mirror and
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
nmirroring the Root (/) File Syste
• Because this is a root (/) file system mimetaroot command to update the /et/etc/system files.# metaroot /dev/dsk/c0t0d0s0
• Reboot the system.# init 6
• Run the metaclear command to clear submirrors.# metaclear -r d10d10: Mirror is clearedd11: Concat/Stripe is cleared# metaclear d12d12: Concat/Stripe is cleared
System Module 9, slide 39 of 39Copyrig
U m (cont.)
If y an alternateboo
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
nmirroring the Root (/) File Syste
ou changed your boot-device variable tot path, return it to its original setting.
Sun
System Administra
Conf ss Control
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 10
iguring Role-Based Acce(RBAC)
System Module 10, slide 2 of 30Copyrig
RBACnagement
line
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe RBAC fundamentals• Describe component interaction within• Manage RBAC by using the Solaris Ma
Console• Manage RBAC by using the command
System Module 10, slide 3 of 30Copyrig
In r (also referredto a any task.
In sers can beass ith rightspro
Rig mmands andapp
Ro authorizationgra compliantapp
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RBAC Fundamentals
conventional UNIX® systems, the root uses the superuser) has the ability to perform
systems implementing RBAC, individual uigned to roles, where roles are associated wfiles.
hts profiles list the rights to run specific colications with escalated privileges.
les can also be assigned authorizations. Annts access to restricted functions in RBAC lications.
System Module 10, slide 4 of 30Copyrig
RB d privilegedcom
le
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Key RBAC Files
AC authorizations, roles, rights profiles, anmands are defined in four files:
• The /etc/user_attr file• The /etc/security/prof_attr file• The /etc/security/policy.conf fi• The /etc/security/exec_attr file
System Module 10, slide 5 of 30Copyrig
Th les andaut s.
Wh rights profiles,aut he file.
Ch ed RBACfea
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The user_attrFile
e /etc/user_attr file lists the rights profihorizations associated with users and role
en you create a new user account with no horizations, or roles, nothing is added to t
anges to this file will be illustrated as relattures are described in this module.
System Module 10, slide 6 of 30Copyrig
user account,ommands. can run the
e Solaris 10 OS.n you define a
er has been
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Roles
• A role is a special identity, similar to a used to run privileged applications or c
• You assign users to roles so those userscommands associated with those roles.
• No predefined roles are shipped with th• You assign rights profiles to a role whe
role.• The roles command lists the roles a us
assigned:# roles rootNo roles
System Module 10, slide 7 of 30Copyrig
sers
that can be
ns with special
ipped with the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Rights Profiles to U
• A rights profile is a collection of rights assigned to a user.
• A right is a command or script which rusecurity attributes.
• Many examples of rights profiles are shSolaris 10 OS.
System Module 10, slide 8 of 30Copyrig
sers
ontains rights
elp=RtAll.htmlmnt.html
ame. last two fields file.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Rights Profiles to U
• The /etc/security/prof_attr file cprofile names and descriptions.# cat /etc/security/prof_attr(output omitted)All:::Execute any command as the user or role:hLog Management:::Manage log files:help=RtLogMng...
• Each line starts with the rights profile n• The middle fields are not used, and the
hold a comment and a pointer to a help
System Module 10, slide 9 of 30Copyrig
sers
ofiles assigned
e. It allows anycial security
er accounts are.conf file.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Rights Profiles to U
• The profiles command lists rights prto a user.# profiles chrisBasic Solaris UserAll
• Every account has the All rights profilcommand to be executed, but with speattributes.
• Other rights profiles given to all new usdefined in the /etc/security/policy# grep 'PROFS' /etc/security/policy.confPROFS_GRANTED=Basic Solaris User
System Module 10, slide 10 of 30Copyrig
sers
r account withanagement
er_attr file as
t
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Rights Profiles to U
• Rights profiles can be assigned to a usethe usermod command or the Solaris MConsole (SMC).# usermod -P "Printer Management" chris# profiles chrisPrinter ManagementBasic Solaris UserAll
• This automatically updates the/etc/usshown by the following:# grep chris /etc/user_attrchris::::type=normal;profiles=Printer Managemen
System Module 10, slide 11 of 30Copyrig
rFile
Th xecutionatt
and with noand, possibly
s UID, EUID,d to a process
s to a particularmands with
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The /etc/security/exec_att
e /etc/security/exec_attr file holds eributes.
• An execution attribute is either a commoption, or a script that contains a commwith options.
• In this file, the special security attributeGID, and EGID, specify attributes to adwhen it runs.
• Only the users and roles assigned accesrights profile can run its associated comtheir special security attributes.
System Module 10, slide 12 of 30Copyrig
rFile
Co the PrinterMa s:
xec_attruid=0;uid=0euid=lp;uid=lpgid=14euid=0l/accept:uid=lpl/
hed:uid=0:euid=lp;uid=lp
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The /etc/security/exec_att
mmands and special security attributes fornagement rights profile are listed as follow
# grep 'Printer Management' /etc/security/ePrinter Management:suser:cmd:::/etc/init.d/lp:ePrinter Management:suser:cmd:::/usr/bin/cancel:Printer Management:suser:cmd:::/usr/bin/lpset:ePrinter Management:suser:cmd:::/usr/bin/lpstat:Printer Management:suser:cmd:::/usr/lib/lp/locaPrinter Management:suser:cmd:::/usr/lib/lp/localpadmin:uid=lp;gid=8Printer Management:suser:cmd:::/usr/lib/lp/lpscPrinter Management:suser:cmd:::/usr/sbin/accept...
System Module 10, slide 13 of 30Copyrig
oles
If a samecon les, it can beeas give the usersacc
entry in the/user_attr
el One Support" \estore" level1
ord for it is set.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Rights Profiles to R
large number of user accounts require thefiguration and management of rights profiier to assign the rights profiles to a role andess to the role.
• Creating a roleThe roleadd command creates a role/etc/passwd, /etc/shadow, and /etcfiles.# roleadd -m -d /export/home/level1 -c "Lev-P "Printer Management,Media Backup,Media R64 blocks
The role cannot be used until a passw
System Module 10, slide 14 of 30Copyrig
oles
Th ow, and/et
evel1:/bin/pfsh
,Media
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Rights Profiles to R
e changes to the /etc/passwd, /etc/shadc/user_attr files are shown as follows:
# grep level1 /etc/passwdlevel1:x:102:1:Level One Support:/export/home/l# grep level1 /etc/shadowlevel1:CUs8aQ64vTrZ.:12713::::::# grep level1 /etc/user_attrlevel1::::type=role;profiles=Printer ManagementBackup,MediaRestore
System Module 10, slide 15 of 30Copyrig
oles
role on a
s profiles.pfksh level1
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Rights Profiles to R
• Modifying a roleTo modify the login information of asystem, use the rolemod command.This example modifies the role’s right# rolemod -P profile1,profile2 -s /usr/bin/
System Module 10, slide 16 of 30Copyrig
oles
ll that enablesassigned to
sed, as theydo not consult
d pfksh.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Rights Profiles to R
• Purpose of the profile shellsA profile shell is a special type of sheaccess to the privileged rights that arethe rights profile.The standard UNIX shells cannot be uare not aware of the RBAC files, andthem.The profile shells are pfsh, pfcsh, an
System Module 10, slide 17 of 30Copyrig
Th ment Console(SM
Th eing used withthe
paul
Th the user chris:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Roles to Users
e useradd command or the Solaris ManageC) can be used to assign users to roles.
e example shows the useradd command b-R option to assign roles:
# useradd -m -d /export/home/paul -R level164 blocks#
is example associates the level1 role with
# usermod -R level1 chris#
System Module 10, slide 18 of 30Copyrig
As account, log inas
Th le to youracc
Sw u command.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using Roles
it is not possible to directly log in to a rolea regular user first.
e roles command shows the roles availabount.
$ iduid=103(paul) gid=1(other)$ roleslevel1
itch the user to the role account with the s
$ su level1Password:$ iduid=102(level1) gid=1(other)
System Module 10, slide 19 of 30Copyrig
An nctions inRB
Som ris 10 OS arewr r calling them.
Th e/et
tmlJobsAdmin.html
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Authorizations
authorization grants access to restricted fuAC-compliant applications.
e applications and commands in the Solaitten to check the authorizations of the use
e predefined authorizations are listed in thc/security/auth_attr file.
# cat /etc/security/auth_attr(output omitted)solaris.jobs.:::Job Scheduler::help=JobHeader.hsolaris.jobs.admin:::Manage All Jobs::help=Authsolaris.jobs.grant:::Delegate Cron & AtAdministration::help=JobsGrant.html...
System Module 10, slide 20 of 30Copyrig
All le by default.
Th s access to alllist
Th ll Solaris OScom definition in apre
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Default Authorizations
users have the Basic Solaris User profi
# profiles chrisPrinter ManagementBasic Solaris UserAll
e Basic Solaris User profile grants usered authorizations.
e All profile grants unrestricted access to amands that have not been restricted by a
viously listed authorization.
System Module 10, slide 21 of 30Copyrig
Au nts.
Au r embedded ina r er or role.
Au mand line orwi
Th sed with the -Aop
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Authorizations
thorizations can be assigned to user accou
thorizations can also be assigned to roles oights profile, which can be assigned to a us
thorizations may be assigned from the comth SMC.
is example shows the useradd command ution to add an authorization to a user:
# usermod -A solaris.jobs.admin chris
System Module 10, slide 22 of 30Copyrig
Th s the/et on.
rofiles=Printer
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Authorizations
e usermod command automatically updatec/user_attr file with this new informati
# grep chris /etc/user_attrchris::::type=normal;auths=solaris.jobs.admin;pManagement
System Module 10, slide 23 of 30Copyrig
oles
If a samecon ions, it can beeas d give the usersacc
You e roleaddcom
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Authorizations to R
large number of user accounts require thefiguration and management of authorizatier to assign the authorizations to a role aness to the role.
can assign authorizations to roles with thmand or with SMC.
System Module 10, slide 24 of 30Copyrig
oles
Th tions to create arol izationsol
l Management" \
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Assigning Authorizations to R
is example uses the roleadd -P and -A ope called level2 that is assigned the authoraris.admin.usermgr.*.
# roleadd -m -d /export/home/level2 -P "Mai-A "solaris.admin.usermgr.*" level264 blocks#
System Module 10, slide 25 of 30Copyrig
A Profiles
A r ands andspe ed in the /etc/sec
It i rizations fromthe hts profile byadd ty/prof_attrfile
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
ssigning Authorizations to Rights
ights profile usually includes a list of commcial security attributes, the rights, as definurity/exec_attr file.
s also possible to include predefined autho/etc/security/auth_attr file in the riging the authorizations to the /etc/securi
.
System Module 10, slide 26 of 30Copyrig
mary
Th les used byRB
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RBAC Configuration File Sum
e figure on this slide shows how the four fiAC are interrelated.
���������
Users
Roles
��������
Profiles
��������
Privileges
���������
Authorization
System Module 10, slide 27 of 30Copyrig
mary
�� ����
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RBAC Configuration File SumFrom the �������������������� database:
�� �������������������� ��� � ������� �����������
From the ������������� database:
������������������ ������� ��������� ��������� � �������
���������!������ ���������"
#������������������ ������� ����������������� ����������
From the ���������������������� database:
!������ ��������������� ��������� �������
���� ����� ��$�!���"������� ������� ���������������������
���������������������� ������������������� ���
From the ���������������%������ database:
!������ ���������������������������&�������������� �
!������ ����������������������������&� �'������(
!������ ��������������������������������� �������(
!������ ��������������������������&��� ����������(
!������ �������������������������� �&� �� ����������(
System Module 10, slide 28 of 30Copyrig
laris
Th s 10 OS enablesyou console.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing RBAC Using the SoManagement Console
e Solaris Management Console in the Solari to configure RBAC features using a GUI
System Module 10, slide 29 of 30Copyrig
laris
To lete thefol
ssigned the
port the
to the rights
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing RBAC Using the SoManagement Console
set up privileged access using SMC, complowing steps:
1. Build the user accounts that will be aRBAC rights profiles and roles.
2. Build the rights profiles needed to supprivileged access requirements.
3. Build the role that will provide accessprofiles for designated users.
System Module 10, slide 30 of 30Copyrig
laris
To e followingste
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing RBAC Using the SoManagement Console
access RBAC features in SMC, complete thps:
1. Select Management Tools.2. Click This Computer.3. Click System Configuration.4. Double-click the Users icon.
Sun
System Administra
C aging
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 11
onfiguring System Mess
System Module 11, slide 2 of 15Copyrig
og function
g viewer
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe the fundamentals of the sysl• Configure the /etc/syslog.conf file• Configure syslog messaging• Use the Solaris Management Console lo
System Module 11, slide 3 of 15Copyrig
Th ed by theker to the syslogddae ntrol messagelog e /etc/sys
host
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The syslogConcept
e syslog function sends messages generatnel and system utilities and applications mon. With the syslog function you can coging, depending on the configuration of thlog.conf file. The daemon can:
• Write messages to a system log• Forward messages to a centralized log • Forward messages to a list of users• Write messages to the system console
System Module 11, slide 4 of 15Copyrig
le
A c nf file consistsof .
Th lity and alev
Th message.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The /etc/syslog.confFi
onfiguration entry in the /etc/syslog.cotwo tab-separated fields: selector and action
e selector field has two components, a faciel written as facility.level.
e action field determines where to send the
System Module 11, slide 5 of 15Copyrig
T Macro
Th r, and the /etc/sys s to determinethe
Th
cro processor.og.conf file,ut, and passes
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
he syslogdDaemon and the m4Processor
e syslogd daemon, the m4macro processolog.conf file interact in conceptual phase
correct message routing.
ese conceptual phases are described as:
1. The syslogd daemon runs the m4 ma2. The m4 processor reads the /etc/sysl
processes any m4 statements in the inpthe output to the syslogd daemon.
System Module 11, slide 6 of 15Copyrig
T Macro
rationor to route
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
he syslogdDaemon and the m4Processor
3. The syslogd daemon uses the configuinformation output by the m4 processmessages to the appropriate places.
System Module 11, slide 7 of 15Copyrig
T Macro
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
he syslogdDaemon and the m4Processor
• The m4 Macro Processor
�����������
������
SelectorField
ActionField
���
System Module 11, slide 8 of 15Copyrig
C nfFile
Th les are definedwi restart thesys nges to this file.
Th .conf filesho ystem.
*.er smsg*.er m/messages*.al r*.al*.em
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
onfiguring the /etc/syslog.co
e target locations for the syslog message fithin the /etc/syslog.conf file. You mustlogddaemon whenever you make any cha
e following excerpt from the /etc/syslogws how various events are logged by the s
r;kern.notice;auth.notice /dev/syr;kern.debug;daemon.notice;mail.crit /var/adert;kern.err;daemon.err operatoert rooterg *
System Module 11, slide 9 of 15Copyrig
C nfFile
In L nel andaut e, which are noterr ling, will write ame
In L acility eventsof l f level notice,and essage in the /var gged to bothfile
Lin luding theker ents, are sent tothe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
onfiguring the /etc/syslog.co
ine 1, every error event (*.err) and all kerhorization facility events of level noticor conditions but might require special handssage to the /dev/sysmsg file.
ine 2, every error event (*.err), all kernelfevel debug, all daemon facility events o all critical level mail events will record a m/adm/messages file. Therefore, errors are lo
s.
e 3 indicates that all alert level events, incnel error level and daemon error level ev
user operator if this user is logged in.
System Module 11, slide 10 of 15Copyrig
C nfFile
Lin sent to the rootuse
Lin nterprets as anem y logged-in user.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
onfiguring the /etc/syslog.co
e 4 indicates that all alertlevel events arer if the root user is logged in.
e 5 indicates that any event that the system iergency will be logged to the terminal of ever
System Module 11, slide 11 of 15Copyrig
logd
Th s the syslogdpro
You aemon, or sendit a mon to rereadthe
# svTo s# svTo s mmand:# sv
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Stopping and Starting the sysDaemon
e /lib/svc/method/system-log file startcess during each system boot.
can manually stop or start the syslogd drefresh command, which causes the dae/etc/syslog.conf file.
cadm disable svc:/system/system-log:defaulttart the syslogd daemon, perform the command:cadm enable svc:/system/system-log:defaultend a refresh to the syslogd daemon, perform the cocadm refresh svc:/system/system-log:default
System Module 11, slide 12 of 15Copyrig
ing
Th cess for manynet or servicereq col (UDP) portsass he inetdcon
Th use of theine
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring syslogMessag
e inetd daemon is the network listener prowork services. The inetd daemon listens fuests on the TCP and User Datagram Protoociated with each of the services listed in tfiguration file.
e inetd daemon is controlled through the tadm command.
System Module 11, slide 13 of 15Copyrig
l Time
Th that you canvie syslogddae
# t
lnet[2361]
5 6
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Monitoring a syslogFile in Rea
e tail -f command holds the file open so w messages being written to the file by themon, for example:
ail -f /var/adm/messages
Jun 14 13:15:39 host1 inetd[2359]:[ID 317013 daemon.notice] te
from 192.9.200.1 45800
1
7
2 3 4
8
System Module 11, slide 14 of 15Copyrig
onsole
You Log Viewerapp can also usethi ion from theMa erform thefol
laris
lication
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the Solaris Management CLog Viewer
can use the Solaris Management Consolelication to view syslog message files. You
s application to view and capture informatnagement Tool logs. To open the viewer, p
lowing steps:
1. Use the smc command to open the SoManagement Console:# smc &
The Solaris Management Console applaunches.
System Module 11, slide 15 of 15Copyrig
onsole
Th ent Tools logent ory.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the Solaris Management CLog Viewer
2. Select This Computer (hostname).3. Select System Status.4. Select Log Viewer.
e initial Log Viewer display lists Managemries from the /var/sadm/wbem/log direct
Sun
System Administra
s
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 12
Using Name Service
System Module 12, slide 2 of 27Copyrig
n (nscd)
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe the name service concept• Describe the name service switch file
/etc/nsswitch.conf
• Describe the name service cache daemo• Get name service information
System Module 12, slide 3 of 27Copyrig
Na n in a network.
A s he informationpre st.
Th s host names,Int asswords, andaut
Oth d clients),req .
Th and translates,or sed (cached) ordis
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Name Service Concept
me services centralize the shared informatio
ingle system, the name server, maintains tviously maintained on each individual ho
e name servers provide information, such aernet Protocol (IP) addresses, user names, pomount maps.
er hosts in the name service domain (calleuest the information from the name server
is name server system responds to clients, resolves their requests from its memory-bak-based databases.
System Module 12, slide 4 of 27Copyrig
atabase
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Name Service Concept
����������������
���������
Client DNameServer
LocalFile
1 2
3
54
System Module 12, slide 5 of 27Copyrig
Th ing benefits:
me service datar systems
atesnt-of-failure
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Name Service Concept
e name service concept provides the follow
• A single point of administration for na• Consistent name service information fo
within the domain• All clients have access to changed data• Assurance that clients do not miss upd• Secondary servers prevent a single poi
System Module 12, slide 6 of 27Copyrig
S)
rnet-wides to IPes. local andmains to allowthe Internet, so
com
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Domain Name System (DN
• Domain Name System (DNS) is an Intenaming system for resolving host nameaddresses and IP addresses to host nam
• DNS supports name resolution for bothremote hosts, and uses the concept of dohosts with the same name to coexist onlong as they are in different domains.
• For example:www.sun.com and www.microsoft.
System Module 12, slide 7 of 27Copyrig
S)
at use DNS is
ierarchy of
wo or mored one or more
g thein.named
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Domain Name System (DN
• The collection of networked systems threferred to as the DNS namespace.
• The DNS namespace is divided into a hdomains.
• Each domain is usually supported by tname servers, a master name server, anslave name servers.
• Each server implements DNS by runnindaemon.
System Module 12, slide 8 of 27Copyrig
S)
ed through thesers’ queries.
nd IP address
ult servicerocess if the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Domain Name System (DN
• On the client’s side, DNS is implementresolver. The resolver library resolves u
• The DNS name servers store the host ainformation in files called zone files.
• The svc:/network/dns/server:defastarts the DNS server during the boot pDNS server has been configured.
System Module 12, slide 9 of 27Copyrig
NIS)
s developedly different
s, IP addresses,
is referred to as
files called NIS
t many of the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Network Information Service (
• Network Information Service (NIS) waindependently of DNS and has a slightfocus.
• NIS stores information about host nameusers, groups, and others.
• This collection of network informationthe NIS namespace.
• NIS namespace information is stored inmaps.
• NIS maps were designed to supplemenUNIX /etc files.
System Module 12, slide 10 of 27Copyrig
NIS)
source files int you specify).
servers.cess the hostinistrative data
erarchy to storeis flat.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Network Information Service (
• NIS maps are database files created fromthe /etc directory (or in a directory tha
• By default, these maps are stored in the/var/yp/domainname directory on NIS
• NIS uses domains to define who can acnames, user information, and other admin its namespace.
• However, NIS does not use a domain hiits data. Therefore, the NIS namespace
System Module 12, slide 11 of 27Copyrig
NIS)
s to NIS clients.erver, and, forrver.g the ypserv
e ypbind
ult serviceocess.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Network Information Service (
• Replicated NIS servers provide service• The principal server is called a master s
reliability, it has a backup, or a slave se• Each server implements NIS by runnin
daemon.• All NIS clients and servers must run th
daemon.• The svc:/network/nis/server:defa
starts the NIS server during the boot pr
System Module 12, slide 12 of 27Copyrig
N (NIS+)
+) is similar to
about machineformation,es in central
tion is referred
d is similar in
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
etwork Information Service Plus
• Network Information Service Plus (NISNIS, but provides many more features.
• NIS+ enables you to store information addresses, security information, mail inEthernet interfaces, and network serviclocations.
• This configuration of network informato as the NIS+ namespace.
• The NIS+ namespace is hierarchical anstructure to the UNIX directory tree.
System Module 12, slide 13 of 27Copyrig
N (NIS+)
o multiplependently.and gain access+ namespace.erver, and thes.erver software,
es.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
etwork Information Service Plus
• An NIS+ namespace can be divided intdomains that can be administered inde
• NIS+ uses a client-server model to storeto the information contained in an NIS
• The principal server is called the root sbackup servers are called replica server
• Both root and replica servers run NIS+ sas well as maintain copies of NIS+ tabl
System Module 12, slide 14 of 27Copyrig
N (NIS+)
system toand its
ation to verifyon should be
ng the
ault servicee boot process.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
etwork Information Service Plus
• NIS+ includes a sophisticated security protect the structure of the namespace information.
• NIS+ uses authentication and authorizwhether a client’s request for informatifulfilled.
• Each server implements NIS+ by runnirpc.nisd daemon.
• The svc:/network/rpc/nisplus:defstarts the NIS+ name service during th
System Module 12, slide 15 of 27Copyrig
otocol
municate with
can be used on
client and
e Sun Java™
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Lightweight Directory Access Pr(LDAP)
• LDAP is the protocol clients use to coma directory server.
• It is a vendor-independent protocol andcommon TCP/IP networks.
• The Solaris 10 OS comes with an LDAPLDAP server.
• The LDAP Directory Server is called thSystem Directory Server.
System Module 12, slide 16 of 27Copyrig
otocol
a Directory
or informationred on the
cture is similar
sition in this (DN).
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Lightweight Directory Access Pr(LDAP)
• A directory server stores information inInformation Tree (DIT).
• Clients can query the directory server for make changes to the information stoserver.
• The hierarchy of the directory tree struto that of the UNIX file system.
• Entries are named according to their potree structure by a distinguished name
System Module 12, slide 17 of 27Copyrig
otocol
ame in UNIX. is similar to a
utes that have a
ames start withceed to the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Lightweight Directory Access Pr(LDAP)
• The DN is similar to an absolute path n• A Relative Distinguished Name (RDN)
relative path name in UNIX.• A directory entry is composed of attrib
type, and one or more values.• Similar to the DNS namespace, LDAP n
the least significant component and promost significant.
System Module 12, slide 18 of 27Copyrig
s which namermation, and ins resolved.switch.conf
the contents ofthe Solaris OS,
selected. a list ofn about IP
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Name Service Switch File
• The name service switch file determineservices a system uses to search for infowhich order the name service request i
• All Solaris OS systems use the /etc/nsfile as the name service switch file.
• The nsswitch.conf file is loaded witha template file during the installation ofdepending on the name service that is
• The /etc/nsswitch.conf file includesdatabases that are sources of informatioaddresses, users, and groups.
System Module 12, slide 19 of 27Copyrig
o support the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Name Service Switch File
• The following entries are from the/etc/nsswitch.conf file configured tNIS name service:...passwd: files nisgroup: files nis# consult /etc "files" only if nis is down.hosts: nis [NOTFOUND=return] files...networks: nis [NOTFOUND=return] filesprotocols: nis [NOTFOUND=return] filesrpc: nis [NOTFOUND=return] filesethers: nis [NOTFOUND=return] filesnetmasks: nis [NOTFOUND=return] filesbootparams: nis [NOTFOUND=return] filespublickey: nis [NOTFOUND=return] files...
System Module 12, slide 20 of 27Copyrig
tch.conf ared.
first listedthe next source.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Name Service Switch File
• The information sources in/etc/nsswilisted in the order that they are searche
• Information sources• files
• nisplus
• nis
• dns
• ldap
• user
If two or more sources are listed, thesource is searched before moving to
System Module 12, slide 21 of 27Copyrig
attempt toollowing status
ssible:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Name Service Switch File
• When a name service is referenced, thesearch this source can return one of the fcodes:• SUCCESS
• UNAVAIL
• NOTFOUND
• TRYAGAIN
• For each status code, two actions are po• return
• continue
System Module 12, slide 22 of 27Copyrig
ied, the defaulte next specified
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Name Service Switch File
• When the action is not explicitly specifaction is to continue the search using thinformation source, as follows:• SUCCESS = return
• UNAVAIL = continue
• NOTFOUND = continue
• TRYAGAIN = continue
System Module 12, slide 23 of 27Copyrig
ache
rovides a cacheequests.tiuser boot.file controls the
for the passwd,prof_attr,
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Name Service CDaemon (nscd)
• The nscd daemon• The nscddaemon is a process that p
for the most common name service r• The nscd daemon starts during mul• The /etc/nscd.conf configuration
behavior of the nscd daemon.• The nscd daemon provides caching
group, hosts, ipnodes, exec_attr,and user_attr databases.
System Module 12, slide 24 of 27Copyrig
ache
e configuration
and a value, orlue.ue is as follows:
name, and a
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Name Service CDaemon (nscd)
• Configuring the nscd daemon• The/etc/nscd.conffile contains th
information for the nscd daemon.• Each line specifies either an attribute
an attribute, a cache name, and a va• An example of an attribute and a val
logfile /var/adm/nscd.log
• An example of an attribute, a cache value is as follows:enable-cache hosts no
System Module 12, slide 25 of 27Copyrig
ache
ome out of dateces.emon to update
on.
aemon can be
default
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Name Service CDaemon (nscd)
• Stopping and starting the nscd daemon• The nscddaemon’s cache might bec
due to various abnormal circumstan• A common way to force the nscdda
its cache is to stop and start the daem• Restarting the nscd daemon
Clearing the cache by restarting the dhelpful in removing old cached data:# svcadm restart system/name-service-cache:
System Module 12, slide 26 of 27Copyrig
ation
ion sourcesnslookup,wever, the
by these
ng advantages:sources in the
ch file.e, the definede tested as they
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Retrieving Name Service Inform
• The getent commandYou can query name service informatwith specific tools, such as the ypcat,niscat, and ldaplist commands. Honsswitch.conf file is not referencedcommands.The getent command has the followi• The getent searches the information
order listed in the name service swit• By using the name service switch fil
status message codes and actions arare currently configured.
System Module 12, slide 27 of 27Copyrig
ation
of entries fromby database.fied in theax is as
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Retrieving Name Service Inform
• Using the getent commandThe getent command retrieves a listthe administrative database specifiedThe sources for the database are speci/etc/nsswitch.conf file. The syntfollows:getent database [key]...
Sun
System Administra
C Clients
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 13
onfiguring Name Service
System Module 13, slide 2 of 18Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Configure a DNS client• Configure an LDAP client
System Module 13, slide 3 of 18Copyrig
Na ame systembeg
Th llowing files:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring a DNS Client
me resolution using the Internet domain nins with the client-side resolver.
e client resolver code is controlled by the fo
• /etc/resolv.conf
• /etc/nsswitch.conf
System Module 13, slide 4 of 18Copyrig
ring
Du laris 10 OSins
NS as the name
e DNS domain
nter the IPat the client will
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the DNS Client DuInstallation
ring the system identification phase of a Sotallation, use the following:
• The Name Service window, to select Dservice
• The Domain Name window, to enter thname to which the client will belong
• The DNS Server Address window, to eaddresses of up to three DNS servers thuse for lookups
System Module 13, slide 5 of 18Copyrig
ring
Du laris 10 OSins
search suffixesare not fully
erify that you
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the DNS Client DuInstallation
ring the system identification phase of a Sotallation, use the following:
• The DNS Search List window, to enter to supplement searches for names that qualified
• The Confirm Information window, to vhave provided accurate information
System Module 13, slide 6 of 18Copyrig
n Files
To s NIS or LDAP,you s.
onfigurationirectives
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Editing DNS Client Configuratio
use DNS with another name service, such a must manually modify configuration file
• Editing the /etc/resolv.conf fileThe /etc/resolv.conf file contains cdirectives for the DNS resolver. The dinclude the following:• nameserver
• domain
• search
System Module 13, slide 7 of 18Copyrig
n Files
shows twodomain.
ppend to anyalified.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Editing DNS Client Configuratio
The following resolv.conf examplename servers for the suned.sun.comIt also specifies two domain names,training.sun.com and sun.com, to arequests received that are not fully qu# cat /etc/resolv.confnameserver 192.168.10.11nameserver 192.168.20.88domain suned.sun.com training.sun.com sun.com
System Module 13, slide 8 of 18Copyrig
n Files
o the
mbination with
entry.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Editing DNS Client Configuratio
• Copying the /etc/nsswitch.dns file t/etc/nsswitch.conf file• To configure a client to use DNS in co
the system’s local files, copy the/etc/nsswitch.dns file to the/etc/nsswitch.conf file.
• This action only changes the hosts
System Module 13, slide 9 of 18Copyrig
t
Na he LDAP nameser
An ry Server that isbu the network.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Setting Up an LDAP Clien
tive LDAP is the client implementation of tvice.
LDAP server, such as the Sun Java Directondled with the Solaris 10 OS, must exist on
System Module 13, slide 10 of 18Copyrig
An n LDAP server.
Th ng.
Aft rm operations,suc
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Client Authentication
LDAP client must establish a session with a
is authentication process is known as bindi
er a client is authenticated, it can then perfoh as “search and modify,” on the data.
System Module 13, slide 11 of 18Copyrig
De what data theclie the LDAPser
To on for each andeve n the directoryser
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Client Authentication
tails on how the client is authenticated andnt is authorized to access is maintained onver.
avoid having to re-enter the same informatiry client, a single client profile is created over.
System Module 13, slide 12 of 18Copyrig
unt
A s n parametersfor cess the LDAPdat
Cli
tion placeuration
A p lients to bind tothe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Client Profile and Proxy Acco
ingle client profile defines the configuratio a group of Solaris OS clients allowed to acabase.
ent profile:
• Contains the client’s credential informa• Describes how authentication is to take• Provides the client with various config
parameters
roxy account is created to allow multiple c server with the same access privileges.
System Module 13, slide 13 of 18Copyrig
created as partprocedures on
ault and theunder a special
zed, a copy ofrver and stored
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Client Initialization
• The client profile and proxy account areof the Sun Java Directory Server setup the Solaris 10 OS.
• By default, the client profile named defproxy account proxyagent are createdprofile directory entry.
• When the Solaris LDAP client is initialithe client profile is retrieved from the seon disk.
System Module 13, slide 14 of 18Copyrig
uring
To llowing steps:
AP as the name
e domain name
profile name
t No.erify that you
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the LDAP Client DInstallation
configure the LDAP client, complete the fo
• In the Name Service window, select LDservice.
• In the Domain Name window, enter thwhere the system is located.
• In the LDAP Profile window, enter theand server IP address.
• In the LDAP Proxy Bind window, selec• In the Confirm Information window, v
have provided accurate information.
System Module 13, slide 15 of 18Copyrig
lient
You e client systemon ent.
Th nt initialization:
d,dc=sun,dc=com\
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Initializing the Native LDAP C
execute the ldapclient command on thce to initiate the client as a native LDAP cli
e following example describes a typical clie
# ldapclient init -a proxyPassword=proxy \-a proxyDN=cn=proxyagent,ou=profile,dc=sune-a domainname=suned.sun.com 192.168.0.100System successfully configured
System Module 13, slide 16 of 18Copyrig
C pFile toile
Du/et e/et
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
opying the /etc/nsswitch.ldathe /etc/nsswitch.conf F
ring LDAP client initialization, thec/nsswitch.ldap file is copied over to thc/nsswitch.conf file.
System Module 13, slide 17 of 18Copyrig
You minginf
Wi and returns allof .
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Listing LDAP Entries
use the ldaplist command to list the naormation from the LDAP servers.
thout any arguments, the ldaplist commthe containers in the current search base DN
System Module 13, slide 18 of 18Copyrig
nt
To lientcom
Th he/va s/et
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Unconfiguring an LDAP Clie
unconfigure an LDAP client, use the ldapcmand with the uninit option.
is command removes the client files from tr/ldap directory and restores the previouc/nsswitch.conf file.
# ldapclient uninitSystem successfully unconfigured
Sun
System Administra
Co ormation
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 14
nfiguring the Network InfService (NIS)
System Module 14, slide 2 of 29Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe NIS fundamentals• Configure the name service switch file• Describe NIS security• Configure an NIS domain• Build custom NIS maps• Troubleshoot NIS
System Module 14, slide 3 of 29Copyrig
NI at act as centralrep les found onUN
Th
ation filesinistration as
NI omains.
Wi erver, zero ormo
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Fundamentals
S facilitates the creation of server systems thositories for several of the administrative fiIX systems.
e benefits of NIS include the following:
• Centralized administration of configur• Better scaling of configuration file adm
networks grow
S is organized into named administrative d
thin each domain there is one NIS master sre slave servers, and one or more clients.
System Module 14, slide 4 of 29Copyrig
n
NI their IPadd
NI figuration filestha
NI name directoryon
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Namespace Informatio
S stores information about host names andresses, users, groups, and others.
S maps can replace or be used with the cont exist on each UNIX system.
S maps are located in the/var/yp/domain NIS servers.
System Module 14, slide 5 of 29Copyrig
s
Eac
Th ookup in thema after asuc
For , the NIS mapfile
e.pag filee.dir filer.pag filer.dir file
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Map Contents and Sort Key
h map contains a key and value pair.
e key represents data used to perform the lp, while the value represents data returnedcessful lookup.
example, for the domain name trainings list for the hosts map are as follows:
• The /var/yp/training/hosts.bynam• The /var/yp/training/hosts.bynam• The /var/yp/training/hosts.byadd• The /var/yp/training/hosts.byadd
System Module 14, slide 6 of 29Copyrig
You
e/usera:/bin/ksh
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Commands to Read Maps
can use two commands to read maps:
• ypcat [ -k ] mname
• ypmatch [ -k ] value mname# ypcat hosts192.168.30.30 instructor instructor. loghost192.168.30.30 instructor instructor. loghost127.0.0.1 localhost...
# ypmatch sys44 hostssys44: 192.168.30.44 sys44 loghost# ypmatch usera passwdusera: usera:LojyTdiQev5i2:3001:10::/export/hom
System Module 14, slide 7 of 29Copyrig
An terconnectingnet inistrativeaut
Eac
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Domains
NIS domain is a collection of hosts and inworks that are organized into a single admhority.
h NIS domain contains:
• One NIS master server• NIS slave servers (optional)• NIS clients
System Module 14, slide 8 of 29Copyrig
Wi s the followingcha
used to build
the ASCII filese entire NIS
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Master Server
thin each domain, the NIS master server haracteristics:
• Contains the original source ASCII filesthe NIS maps
• Contains the NIS maps generated from• Provides a single point-of-control for th
domain
System Module 14, slide 9 of 29Copyrig
Wi e the followingcha
II files used to
from the NIS
tionilures
s
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Slave Servers
thin each domain, the NIS slave servers havracteristics:
• Do not contain the original source ASCbuild the NIS maps
• Contain copies of the NIS maps copiedmaster server
• Provide a backup for NIS map informa• Provide redundancy in case of server fa• Provide load sharing on large network
System Module 14, slide 10 of 29Copyrig
Wi followingcha
II files used to
erver to obtaination contained
n case of server
e of NIS
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Clients
thin each domain, the NIS clients have the racteristics:
• Do not contain the original source ASCbuild the NIS maps
• Do not contain any NIS maps• Bind to the master server or to a slave s
access to the administrative file informin that server’s NIS maps
• Dynamically rebind to another server ifailure
• Make all appropriate system calls awar
System Module 14, slide 11 of 29Copyrig
Th an NIS domainare
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Processes
e main daemons involved in the running of as follows:
• The ypserv daemon• The ypbind daemon• The rpc.yppasswdd daemon• The ypxfrd daemon• The rpc.ypupdated daemon
System Module 14, slide 12 of 29Copyrig
witch
Wh ing installation,the ads into thedef
to NISfollowing form
en NIS:
to filesfollowing form
en files:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Name Service S
en you select NIS as the name service dur/etc/nsswitch.nis configuration file loault /etc/nsswitch.conf file.
• Changing lookup requests to go from filesEntries in /etc/nsswitch.conf with thecause requests to search files first, and thpasswd: files nis
• Changing lookup requests to go from NIS Entries in /etc/nsswitch.conf with thecause requests to search NIS first, and thhosts: nis [NOTFOUND=return] files
System Module 14, slide 13 of 29Copyrig
Jus re manageable,it c
Tw re using thesec ost or to asub file to limitacc network.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Security
t as NIS makes the network information moan also create inadvertent security holes.
o methods of closing these security holes aurenets file to restrict access to a single hnetwork, and using the passwd.adjunct ess to the password information across the
System Module 14, slide 14 of 29Copyrig
n
To les.
You y on the masterser
Do ry, because thecon contents of theloc ver.
Th and/et
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an NIS Domai
generate NIS maps, you need the source fi
can find source files in the /etc directorver.
not keep the source files in the /etcdirectotents of the maps are then the same as the
al files that control access to the master ser
is is a special problem for the /etc/passwdc/shadow files.
System Module 14, slide 15 of 29Copyrig
n
ectory, modify
our-choice
our-choice
etc/services
the the original
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an NIS Domai
• To locate the source files in another dirthe /var/yp/Makefile file:• Change the INETDIR line to DIR=/y• Change the DIR=/etc line to DIR=/y• Change the PWDIR=/etc line to
PWDIR=/your-choice
• Copy files from /etc, /etc/inet, and /to DIR=/your-choice
• Before you make any modifications to /var/yp/Makefile file, save a copy ofMakefile file.
System Module 14, slide 16 of 29Copyrig
Th nit, and themak
Th kefile file forsou ce files into NISma
For zed root access,the uld not containan
To ative directory,and file.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Generating NIS Maps
e NIS configuration script, /usr/sbin/ypie utility generate NIS maps.
e ypinit command reads the /var/yp/Marce file locations, and converts ASCII sourps.
security reasons and to prevent unauthorifiles that build the NIS password maps shoentry for the root user.
make sure of this, copy the files to an altern modify the PWDIR entry in the Makefile
System Module 14, slide 17 of 29Copyrig
irectory on thed into another
NIS domain
ke, which usesp directory.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Locating Source Files
• The source files are located in the /etcdmaster server, but the files can be copiedirectory, such as /etc/yp_dir.
• The /etc/defaultdomain file sets the name during system boot.
• The ypinit script calls the program mathe Makefile file located in the /var/y
System Module 14, slide 18 of 29Copyrig
irectory namedinname
aps.irectory
ames of the NIS stored.ntains thetop and start
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Locating Source Files
• The /var/yp directory contains a subdafter the NIS domain name. This domadirectory is the repository for the NIS m
• The /var/yp/binding/domainname dcontains theypservers file where the nmaster server and NIS slave servers are
• The /usr/lib/netsvc/yp directory coypstop and ypstart commands that sNIS services, respectively.
System Module 14, slide 19 of 29Copyrig
to NIS
To orm thefol
# /
Th er machines tobec
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Converting ASCII Source Files InMaps
build new maps on the master server, perflowing command:
usr/sbin/ypinit -m
e ypinit command prompts for a list of othome NIS slave servers.
System Module 14, slide 20 of 29Copyrig
rver
To complete thefol
twork domain
the local NIS
at contains the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Master Se
set up the NIS name service master server,lowing steps:
1. Determine which machines on your newill be NIS servers.
2. Choose an NIS domain name.3. Use the domainname command to set
domain.4. Create an /etc/defaultdomain file th
domain name.
System Module 14, slide 21 of 29Copyrig
rver
e touchith the/bootparams,netgroup, and
e /var/yphe system thatserver.ile, and makework.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Master Se
5. If the files do not already exist, use thcommand to create zero-length files wfollowing names: /etc/ethers, /etc/etc/locale, /etc/timezone, /etc//etc/netmasks.
6. Install an updated Makefile file in thdirectory if you intend to use NIS on tfunctions as your JumpStart software
7. Create or populate the /etc/locale fan entry for each domain on your net
System Module 14, slide 22 of 29Copyrig
rver
he local /etc
r a list of slaveur list, press
rminate it on
the
erver with the
ault
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Master Se
8. Initialize the master server by using tfiles. Enter the ypinit -m command.a. When the program prompts you fo
servers, and after you complete yoControl-D.
b. The program asks if you want to tethe first fatal error.
9. Copy the /etc/nsswitch.nis file to/etc/nsswitch.conf file.
10.Start the NIS daemons on the master sfollowing command:# svcadm enable svc:/network/nis/server:def
System Module 14, slide 23 of 29Copyrig
Th n use to obtaininf .
Th as follows:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Testing the NIS Service
ere are a number of commands that you caormation from and about the NIS database
e most commonly used NIS commands are
• ypcat
• ypmatch
• ypwhich
System Module 14, slide 24 of 29Copyrig
t
To wing steps:
re that the NISve been
e command to
domain file
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Clien
configure the NIS client, complete the follo
1. Edit the /etc/inet/hosts file to ensumaster server and all slave servers hadefined.
2. Execute the domainname domainnamset the local NIS domain.
3. Create or populate the /etc/defaultwith the domain name.
System Module 14, slide 25 of 29Copyrig
t
t, perform the
ist of NISaster and all
the
d:nis/
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Clien
4. To initialize the system as an NIS clienfollowing command:# ypinit -c
5. When the system prompts you for a lservers, enter the names of the NIS mslave servers.
6. Copy the /etc/nsswitch.nis file to/etc/nsswitch.conf file.
7. Start NIS with the following comman# svcadm enable svc:/network/client:default
System Module 14, slide 26 of 29Copyrig
rver
To following stepson he slave server:
re that the NISve been
e command to
domain file
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Slave Se
configure an NIS slave server, complete the the system that you want to designate as t
1. Edit the /etc/inet/hosts file to ensumaster server and all slave servers hadefined.
2. Execute the domainname domainnamset the local NIS domain.
3. Create or populate the /etc/defaultwith the domain name.
System Module 14, slide 27 of 29Copyrig
rver
t, perform the
NIS servers,the name of
servers on the
the
erv process is
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Slave Se
4. To initialize the system as an NIS clienfollowing command:# ypinit -c
5. When the system prompts for a list ofenter the NIS master host followed bythe local host and all other NIS slavelocal network.
6. Copy the /etc/nsswitch.nis file to/etc/nsswitch.conf file.
7. On the NIS master, ensure that the ypsrunning.
System Module 14, slide 28 of 29Copyrig
rver
art the ypbind
ault
y performing
the slaveing command:fault
starts the
ault
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Slave Se
8. On the proposed NIS slave system, stdaemon.# svcadm enable svc:/network/nis/client:def
9. Initialize the system as an NIS slave bthe following command:# ypinit -s master
10.Before starting the ypserv daemon onserver, stop the client with the follow# svcadm disable svc:/network/nis/client:de
11. When the NIS server is started, it alsoypbind client daemon.# svcadm enable svc:/network/nis/server:def
System Module 14, slide 29 of 29Copyrig
Bec must updateyou he masterser
irectory.
the make
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Updating the NIS Map
ause database files change with time, you r NIS maps. To update the NIS maps (on t
ver), complete the following steps:
1. Update the text files in your source d2. Change to the /var/yp directory.
# cd /var/yp
3. Refresh the NIS database maps usingutility.# /usr/ccs/bin/make
Sun
System Administra
s
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 15
Introduction to Zone
System Module 15, slide 2 of 45Copyrig
ning is used
d zones
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Identify the different zones features• Understand how and why zone partitio• Configure zones• Install zones• Boot zones• Administer packages with zones• Upgrade the Solaris 10 OS with installe
System Module 15, slide 3 of 45Copyrig
Sol rtitioning of aSol the operatingsys ce, allocatedres
Zo es that look likedif ations.
Sol systemres
Eac e system space,and processes.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Solaris Zones
aris zones technology enables software paaris 10 OS to support multiple instances oftem services with independent process spaources, and users.
nes provide virtual operating system servicferent Solaris instances to users and applic
aris zones allow administrators to dedicateources to individual zones.
h zone exists with separate process and fil can only monitor and interact with local
System Module 15, slide 4 of 45Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Features
• Security• Isolation• Virtualization• Granularity• Transparency
System Module 15, slide 5 of 45Copyrig
Th pes of zones:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Types
e Solaris Operating System supports two ty
• Global• Non-global
System Module 15, slide 6 of 45Copyrig
Ev
Th
inistrative
Th non-globalzon r uninstalled.
Th n of the Solarissys
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Global Zones
ery Solaris system contains a global zone.
e global zone has two functions:
• It is the default zone for the system.• It is the zone used for system-wide adm
control.
e global zone is the only zone from which ae can be configured, installed, managed, o
e global zone contains a complete installatiotem software packages.
System Module 15, slide 7 of 45Copyrig
Eac ed a zone name.
Th l. Non-globalzon
Th obal zone.
Th -global zoneswh
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Global Zones
h zone, including the global zone, is assign
e global zone always uses the name globaes must have user-defined names.
e system always assigns zone ID 0 to the gl
e system assigns non-zero zone IDs to nonen they boot.
System Module 15, slide 8 of 45Copyrig
No of the completeSol
Th es shared fromthe are packagesno
No olaris kernelboo
No r zones exist.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Non-Global Zones
n-global zones contain an installed subsetaris Operating System software packages.
ey can also contain Solaris software packag global zone and additional installed softw
t shared from the global zone.
n-global zones share operation under the Sted from the global zone.
n-global zones are not aware that any othe
System Module 15, slide 9 of 45Copyrig
Th operation,zon
Th for managingthe
Th ollowing:
ownzsched system
d in the zone
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Daemons
e system uses two daemons to control zoneeadmd and zsched.
e zoneadmd daemon is the primary process zone’s virtual platform.
e zoneadmd daemon is responsible for the f
• Managing zone booting and shutting d• Allocating the zone ID and starting the
process• Setting zone-wide resource controls• Preparing the zone’s devices as specifie
configuration
System Module 15, slide 10 of 45Copyrig
Th the following:
ile systems
Th
nel process,
ubsystem to
f the zone are
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Daemons
e zoneadmd daemon is also responsible for
• Plumbing virtual network interfaces• Mounting loopback and conventional f
e zsched process involves the following:
• Every active zone has an associated kerzsched.
• The zsched process enables the zones skeep track of per-zone kernel threads.
• Kernel threads doing work on behalf oowned by zsched.
System Module 15, slide 11 of 45Copyrig
Th system space inno he whole rootmo
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone File Systems
ere are two models for populating root filen-global zones, the sparse root model and tdel.
System Module 15, slide 12 of 45Copyrig
imal number of initialize a
a non-globaled through
the directoriesare mounted in
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone File Systems
• Sparse root model• The sparse root model installs a min
files from the global zone when younon-global zone.
• Files that need to be shared betweenzone and the global zone are mountread-only loopback file systems.
• By default, in the sparse root model,/lib, /platform, /sbin, and /usr this manner.
System Module 15, slide 13 of 45Copyrig
maximum
optional Solarise file systems of
l arey the packages.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone File Systems
• Whole root model• The whole root model provides the
configurability.• All of the required and any selected
packages are installed into the privatthe zone.
• The disk requirements for this modedetermined by the disk space used bcurrently installed in the global zone
System Module 15, slide 14 of 45Copyrig
ork IP addresses.ical networky using the
terface in the’s logical
igned the next, ce0:3.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Networking
• Each non-global zone that requires netwconnectivity has one or more dedicated
• These addresses are associated with loginterfaces that can be placed in a zone bifconfig command.
• For example, if the primary network inglobal zone is ce0, then the non-globalnetwork interface might be ce0:1.
• Logical interfaces are automatically assavailable identifier, for example, ce0:2
System Module 15, slide 15 of 45Copyrig
As nto operation,use that thezon ges.
Th zone states:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone States
you configure a non-global zone, bring it i the zone, reboot, or shut it down, the stateeadm command reports for that zone chan
e zoneadm command reports the following
• Undefined• Configured• Incomplete• Installed• Ready• Running• Shutting down and Down
System Module 15, slide 16 of 45Copyrig
Co llowing tasks:
ake up the zone command
ed zone
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring Zones
nfiguring a zone requires completing the fo
• Identifying the components that will m• Configuring the zone with the zonecfg• Verifying and committing the configur
System Module 15, slide 17 of 45Copyrig
ts
Wh you mustcon one’scon following:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Identifying Zone Componen
en planning zones for your environment, sider the components that make up each zfiguration. These components include the
• A zone name• A path to the zone’s root• The zone network interfaces• The file systems mounted in zones• The configured devices in zones
System Module 15, slide 18 of 45Copyrig
e
Th n be consumedby
Th bal zone affectsthe s that arecre
bytes of freee sparse root
talled in theal zones.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Allocating File System Spac
ere are no limits on how much disk space caa zone.
e nature of the packages installed in the glo space requirements of the non-global zoneated.
• As a general guideline, about 100 megadisk space per non-global zone using thmodel is required.
• By default, any additional packages insglobal zone also populate the non-glob
System Module 15, slide 19 of 45Copyrig
nd
You h zonecfg:
ration.onfiguration.ded to a
cular
.
ion.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zonecfgComma
can perform the following operations wit
• You can create or delete a zone configu• You can add resources to a particular c• You can set properties for resources ad
configuration.• You can remove resources from a parti
configuration.• You can query or verify a configuration• You can commit to a configuration.• You can revert to a previous configurat
System Module 15, slide 20 of 45Copyrig
nd
utilizes the
mpt changes to
mmands tot the scope
se the scope to
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zonecfgComma
• To simplify the user interface, zonecfgconcept of a scope.
• The default scope is global.• The zonecfg interactive command pro
reflect the current scope.• You can use the add and select subco
select a specific resource, at which poinchanges to that resource.
• The end and cancel subcommands caurevert to global.
System Module 15, slide 21 of 45Copyrig
s
ity are used to
ope is global or
demonstratedugh” section,
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The zonecfgSubcommand
• Subcommands within the zonecfg utilconfigure and provision zones.
• The zonecfg prompt indicates if the scis confined to a particular resource.Note: The zonecfg subcommands arein the “Zone Configuration Walk-Throlater in this module.
System Module 15, slide 22 of 45Copyrig
eters
Re lude thefol
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The zonecfgResource Param
source types within the zonecfg utility inclowing:
• zonename• zonepath• autoboot• pool• fs• inherit-pkg-dir• net• device• rctl• attr
System Module 15, slide 23 of 45Copyrig
eters
Par clude thefol
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The zonecfgResource Param
ameters associated with the fs resource inlowing:
• dir
• special
• raw
• type
• options
System Module 15, slide 24 of 45Copyrig
ugh
To system as rootor user.
Th g a zone namedwor
k-zone
c0t0d0s7
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Configuration Walk-Thro
create a zone, you must log in to the globala role-based access control (RBAC)-allowed
e following shows an example of configurink-zone:
1 global# zonecfg -z work-zone2 zonecfg:work-zone> create3 zonecfg:work-zone> set zonepath=/export/wor4 zonecfg:work-zone> set autoboot=true5 zonecfg:work-zone> set pool=pool_default6 zonecfg:work-zone> add fs7 zonecfg:work-zone:fs> set dir=/mnt8 zonecfg:work-zone:fs> set special=/dev/dsk/
System Module 15, slide 25 of 45Copyrig
ugh
0d0s7
]
/opt/sfw
.0.1
ound/*
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Configuration Walk-Thro
9 zonecfg:work-zone:fs> set raw=/dev/rdsk/c0t10 zonecfg:work-zone:fs> set type=ufs11 zonecfg:work-zone:fs> add options [logging12 zonecfg:work-zone:fs> end13 zonecfg:work-zone> add inherit-pkg-dir14 zonecfg:work-zone:inherit-pkg-dir> set dir=15 zonecfg:work-zone:inherit-pkg-dir> end16 zonecfg:work-zone> add net17 zonecfg:work-zone:net> set physical=ce018 zonecfg:work-zone:net> set address=192.16819 zonecfg:work-zone:net> end20 zonecfg:work-zone> add device21 zonecfg:work-zone:device> set match=/dev/s
System Module 15, slide 26 of 45Copyrig
ugh
k zone."
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Configuration Walk-Thro
22 zonecfg:work-zone:device> end28 zonecfg:work-zone:attr> set name=comment29 zonecfg:work-zone:attr> set type=string30 zonecfg:work-zone:attr> set value="The wor31 zonecfg:work-zone:attr> end32 zonecfg:work-zone> verify33 zonecfg:work-zone> commit34 zonecfg:work-zone> exit
System Module 15, slide 27 of 45Copyrig
ion
You e zonecon
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Viewing the Zone Configurat
can use the zonecfg command to view thfiguration.
# zonecfg -z work-zone infozonepath: /export/work-zoneautoboot: truepool: pool_defaultinherit-pkg-dir:
dir: /libinherit-pkg-dir:
dir: /platforminherit-pkg-dir:
dir: /sbininherit-pkg-dir:
dir: /usr...
System Module 15, slide 28 of 45Copyrig
nd
Th d to install andadm
Op t be run fromthe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmComma
e zoneadm command is the primary tool useinister non-global zones.
erations using the zoneadm command mus global zone.
System Module 15, slide 29 of 45Copyrig
nd
Th he zoneadmcom
one
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmComma
e following tasks can be performed using tmand:
• Verify a zone’s configuration• Install a zone• Boot a zone• Reboot a zone• Display information about a running z• Uninstall a zone
System Module 15, slide 30 of 45Copyrig
nd
all it. If youperformed
ne.
t be verified. Whenport/work-zone, and: the parentable ornes.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmComma
• Verifying a configured zoneYou can verify a zone before you instskip this procedure, the verification isautomatically when you install the zoglobal# zoneadm -z work-zone verifyWarning: /export/work-zone does not exist, so it cannozoneadm install is run, install will try to create /exverify will be tried again, but the verify may fail ifdirectory of /export/work-zone is group- or other-writ/export/work-zone overlaps with any other installed zo
System Module 15, slide 31 of 45Copyrig
nd
install.
te.
running state.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmComma
• Installing a configured zoneYou use the zoneadm -z zone_namecommand to install a non-global zoneglobal# zoneadm -z work-zone install
Zone installation takes time to comple• Booting a zone
Booting a zone places the zone in theglobal# zoneadm -z work-zone bootglobal# zoneadm list -vID NAME STATE PATH0 global running /1 work-zone running /export/work-zone
System Module 15, slide 32 of 45Copyrig
nd
to remove bothirtual platform
ed to reboot a
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmComma
• Halting a zoneThe zoneadm halt command is usedthe application environment and the vfor a zone.global# zoneadm -z work-zone haltglobal# zoneadm list -vID NAME STATE PATH0 global running /- work-zone installed /export/work-zone
• Rebooting a zoneThe zoneadm reboot command is uszone.global# zoneadm -z work-zone reboot
System Module 15, slide 33 of 45Copyrig
nd
me, it istual consoleification before
option.
zone’s virtualcess starts
terminates the
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmComma
• Logging in to the zone consoleAfter you boot the zone for the first tiimportant to connect to the zone’s virand complete the zone’s system identyou can begin using the zone.Use the zlogin command with the -Cglobal# zlogin -C work-zone
The first time that you connect to theconsole, the system identification proautomatically.The ~. (tilde dot) character sequenceconsole connection.
System Module 15, slide 34 of 45Copyrig
nd
ves a zone:
ne (y/[n])? y
(y/[n])? y
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmComma
• Deleting a zoneThe following zoneadm example remo# zoneadm list -cp0:global:running:/3:work-zone:running:/export/work-zone# zoneadm -z work-zone halt# zoneadm list -cp0:global:running:/-:work-zone:installed:/zones/work-zone# zoneadm -z work-zone uninstallAre you sure you want to uninstall zone work-zo# zoneadm list -cp0:global:running:/-:work-zone:configured:/export/work-zone# zonecfg -z work-zone deleteAre you sure you want to delete zone work-zone # zoneadm list -cp0:global:running:/
System Module 15, slide 35 of 45Copyrig
s
Th ls, for example,pkg ckages in thezon
Pac for a packagecon inister thepac
Cu ow packagesare
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zone
e standard Solaris package management tooadd and pkgrm, are used to administer paes environment.
kage parameters listed in the pkginfo filetrol how the Solaris package tools can admkage.
rrently, three package parameters control h administered. They are as follows:
• SUNW_PKG_ALLZONES
• SUNW_PKG_HOLLOW
• SUNW_PKG_THISZONE
System Module 15, slide 36 of 45Copyrig
s
You e pkgparamcom
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zone
can list parameters for packages using thmand.
# pkgparam -v SUNWzoneuCLASSES='none'BASEDIR='/'LANG='C'(output omitted)EMAIL=''SUNW_PKGVERS='1.0'SUNW_PKG_ALLZONES='true'SUNW_PKG_HOLLOW='false'PSTAMP='gaget20050121155950'PKGINST='SUNWzoneu'PKGSAV='/var/sadm/pkg/SUNWzoneu/save'INSTDATE='Jan 26 2005 10:21'
System Module 15, slide 37 of 45Copyrig
s
causes pkgaddly.al zoned in the globaly non-globalording to the
l zones
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zone
• The -G option to the pkgadd commandto add a package to the current zone on
• Package operations possible in the globIf the package is not currently installezone and not currently installed in anzone, the package can be installed accfollowing guidelines:• Only in the global zone, if
SUNW_PKG_ALLZONES=false
• In the global zone and all non-globa
System Module 15, slide 38 of 45Copyrig
s
If t al zone only, thefol
-global zones.global zone.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zone
he package is currently installed in the globlowing guidelines apply:
• The package can be installed in all non• The package can be removed from the
System Module 15, slide 39 of 45Copyrig
s
If a l zone andcur -global zones,the
lse.-global zones.ne are updated
global zone.lobal zone and
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zone
package is currently installed in the globarently installed in only a subset of the non following guidelines apply:
• SUNW_PKG_ALLZONES must be set to fa• The package can be installed in all non
Existing instances in any non-global zoto the revision being installed.
• The package can be removed from the • The package can be removed from the g
from all non-global zones.
System Module 15, slide 40 of 45Copyrig
s
If a l zone andcur package can berem n-global zones.
Th
zone are eithertalled in the
l zone and alsosame across all
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zone
package is currently installed in the globarently installed in all non-global zones, theoved from the global zone and from all no
ese rules ensure the following:
• Packages that are installed in the globalinstalled in the global zone only, or insglobal zone and all non-global zones.
• Packages that are installed in the globainstalled in any non-global zone are thezones.
System Module 15, slide 41 of 45Copyrig
s
the non-global if
non-global
e existing
he non-globalalse.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zone
• If a package is not currently installed inzone, the package can be installed onlySUNW_PKG_ALLZONES=false.
• If a package is currently installed in thezone, the following guidelines apply:• The package can be installed over th
instance of the package only ifSUNW_PKG_ALLZONES=false.
• The package can be removed from tzone only if SUNW_PKG_ALLZONES=f
System Module 15, slide 42 of 45Copyrig
stalled
Th olaris 10 01/06is n There are threeop
d reinstall the
stall, with the
te 01/06 tos.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Upgrading Solaris 10 OS With InNon-Global Zones
e normal upgrade path from Solaris 10 to Sot available if installed zones are present.
tions:
• Uninstall the zones, upgrade the OS, anzones.
• Reinstall the entire OS from an initial inloss of existing zones configuration.
• Use the new features of Solaris 10 updaupgrade the OS and any installed zone
System Module 15, slide 43 of 45Copyrig
rt
update 01/06
k installation
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Solaris Install Media Suppo
• The new upgrade method for Solaris 10is only available on the DVD media.
• If no DVD reader is available, a networmust be used.
System Module 15, slide 44 of 45Copyrig
S
de continues
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Upgrading the Solaris 10 O
• Boot the system to be installed.ok boot net - install
• Select Standard install.• Choose Upgrade option.• If installed zones are present, the upgra
with the new method.
System Module 15, slide 45 of 45Copyrig
de Solaris 10
sed:
cause jumpstart
kage, patch
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using Custom Jumpstart
• Custom jumpstart can be used to upgraupdate 01/06 with installed zones.
• Only two profile keywords should be u• install_type
• root_device
• Other keywords will be ignored or willto fail.• Ignored: cluster, geo, locale, pac• Causes failure: backup_media,
layout_constraint
Sun
System Administra Revision A
Int System
Services
tion for the Solaris™ 10 Operating System, Part 2
Module 16
roduction to the ZFS File
System Module 16, slide 2 of 91Copyrig
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Objectives
• Describe the Solaris ZFS file system• Create new ZFS pools and file systems• Modify ZFS file system properties• Mount and unmount ZFS file systems• Destroy ZFS pools and file systems• Work with ZFS snapshots and Clones• Use ZFS datasets with Solaris Zones
System Module 16, slide 3 of 91Copyrig
pools.
entirely
ed, andeplicated data.
llowing for 256
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
What Is Solaris ZFS?
• ZFS Pooled StorageZFS aggregates devices into storage
• Transactional SemanticsAny sequence of operations is eithercommitted or entirely ignored.
• Checksums and Self-Healing DataAll data and metadata is checksummdetected errors are corrected using r
• Unparalleled ScalabilitySolaris ZFS is a 128-bit file system, aquadrillion zettabytes of storage.
System Module 16, slide 4 of 91Copyrig
of file systemsspace in a pool.
uses anorts file systemmount points.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
What Is ZFS?
• ZFS SnapshotsZFS snapshots are read-only copies that initially consume no additional
• Simplified AdministrationZFS uses a simplified command set,hierarchical file system layout, suppproperty inheritance and automatic
System Module 16, slide 5 of 91Copyrig
n a file system
nts are identical
ng ZFS entities:mes.tandard POSIX
ntical copies of
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Terminology
• checksum - A 256-bit hash of the data iblock.
• clone - A file system whose initial conteto the contents of a snapshot.
• dataset - A generic name for the followiclones, file systems, snapshots, or volu
• file system - A dataset that contains a sfile system.
• mirror - A virtual device that stores idedata on two or more disks.
System Module 16, slide 6 of 91Copyrig
bing the layoutable storage.ata and parity
data from onesilvering.ystem or
l, which can beof devices.hysical device.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Terminology (cont.)
• pool - A logical group of devices descriand physical characteristics of the avail
• RAID-Z - A virtual device that stores don multiple disks, similar to RAID-5.
• resilvering -The process of transferringdevice to another device is known as re
• snapshot - A read-only image of a file svolume at a given point in time.
• virtual device - A logical device in a pooa physical device, a file, or a collection
• volume - A dataset used to emulate a p
System Module 16, slide 7 of 91Copyrig
ements
Em
Eac ric characters inadd ers:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Component Naming Requir
pty components are not allowed.
h component can only contain alphanumeition to the following four special charact
• Underscore (_)• Hyphen (-)• Colon (:)• Period (.)
System Module 16, slide 8 of 91Copyrig
ements
Po t the beginningseq ool names thatbeg llowed as thesenam
Da eric character.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Component Naming Requir(cont.)
ol names must begin with a letter, except thauence c[0-9] is not allowed. In addition, pin withmirror,raidz, orspare are not ae are reserved.
taset names must begin with an alphanum
System Module 16, slide 9 of 91Copyrig
ZF irements
A S Solaris 10 6/06rel
Th nimum amountof proximately 64Mb
For or more ofme
If y ultiplecon
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
S Hardware and Software Requand Recommendations
PARC® or x86 system that is running the ease.
e minimum disk size is 128 Mbytes. The midisk space required for a storage pool is apytes.
good ZFS performance, at least one Gbytemory is recommended.
ou create a mirrored disk configuration, mtrollers are recommended.
System Module 16, slide 10 of 91Copyrig
s
On mber ofcom m.
Wh stem is createdand
Wi e additional filesys
In te and organizea h organizationalnee
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating ZFS File System
e goal of the ZFS design is to reduce the numands needed to create a usable file syste
en you create a new pool, a new ZFS file sy mounted automatically.
thin a pool, you will probably want to creattems.
most cases, you will probably want to creaierarchy of file systems that matches your ds.
System Module 16, slide 11 of 91Copyrig
Pool
Us
Ph east 128 Mbytesin s
Typ ible to thesys
A s 0) or anind
Th e an entire disk.
ZF rage pool withwh
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Components of a ZFS Storage
ing Disks in a ZFS Storage Pool
ysical storage can be any block device of at lize.
ically, this device is a hard drive that is vistem in the /dev/dsk directory.
torage device can be a whole disk (c1t0dividual slice (c0t0d0s7).
e recommended mode of operation is to us
S applies an EFI label when you create a stoole disks.
System Module 16, slide 12 of 91Copyrig
C ol (cont.)
Us )
Dis path, such as/d
For es:
ZF isks.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
omponents of a ZFS Storage Po
ing Disks in a ZFS Storage Pool (continued
ks can be specified by using either the fullev/dsk/c1t0d0, or a shorthand name.
example, the following are valid disk nam
• c1t0d0
• /dev/dsk/c1t0d0
• c0t0d6s2
S works best when given whole physical d
System Module 16, slide 13 of 91Copyrig
C ol (cont.)
Us
ZF devices in yoursto
Th nabling simpleexp
Th underlying filesys
All nd must be atlea
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
omponents of a ZFS Storage Po
ing Files in a ZFS Storage Pool
S also allows you to use UFS files as virtualrage pool.
is feature is aimed primarily at testing and eerimentation, not for production use.
e reason is that any use of files relies on thetem for consistency.
files must be specified as complete paths ast 128 Mbytes in size.
System Module 16, slide 14 of 91Copyrig
C ol (cont.)
ZF es, or files.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
omponents of a ZFS Storage Po
S pools can consist of whole disks, disk slic
Pool
Whole disk(preferred)
Disk sliceFile
(for test only)
System Module 16, slide 15 of 91Copyrig
C ol (cont.)
Vir
Eac virtual devices.
Tw undancy:mi tual devicescon
Dis ls outside ofmi as top-levelvir
Sto evel virtualdev all of the top-lev
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
omponents of a ZFS Storage Po
tual Devices in a Storage Pool
h storage pool is comprised of one or more
o top-level virtual devices provide data redrror and RAID-Z virtual devices. These virsist of disks, disk slices, or files.
ks, disk slices, or files that are used in poorrors and RAID-Z virtual devices, functiontual devices themselves.
rage pools typically contain multiple top-lices. ZFS dynamically stripes data among
el virtual devices in a pool.
System Module 16, slide 16 of 91Copyrig
C ol (cont.)
A Z l devicespro
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
omponents of a ZFS Storage Po
FS pool that uses disks as top level virtuavides no data replication.
36 3636
0101010
Data
01010
00101 011100010
36 36 36
Stripe 1 Stripe 3
Stripe 2
System Module 16, slide 17 of 91Copyrig
R age Pool
Mir
A m s at least twodis
You ool.
A s similar to thefol
A m ld look similarto t
5t0d0 c6t0d0
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eplication Features of a ZFS Stor
rored Storage Pool Configuration
irrored storage pool configuration requireks, preferably on separate controllers.
can create more than one mirror in each p
imple mirrored configuration would look lowing:
mirror c1t0d0 c2t0d0
ore complex mirrored configuration wouhe following:
mirror c1t0d0 c2t0d0 c3t0d0 mirror c4t0d0 c
System Module 16, slide 18 of 91Copyrig
R ge Pool
ZF n a pool, anddat
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eplication Features of a ZFS Stora(cont.)
S stripes data among mirror virtual devices ia is replicated within each mirror.
Data
01010
00101 011100010Stripe 1 Stripe 2
Mirror device Mirror device
36 36 36 36
System Module 16, slide 19 of 91Copyrig
R age Pool
RA
RA
In ipes so that allwr
You figuration.
Co ee disks wouldloo
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eplication Features of a ZFS Stor(cont.)
ID-Z Storage Pool Configuration
ID-Z is similar to RAID-5.
RAID-Z, ZFS uses variable-width RAID strites are full-stripe writes.
need at least two disks for a RAID-Z con
nceptually, RAID-Z configuration with thrk similar to the following:
raidz c1t0d0 c2t0d0 c3t0d0
System Module 16, slide 20 of 91Copyrig
R age Pool
RA d)
A m ation wouldloo
t0d0 c7t0d0 raidzd0 c14t0d0
If y ith many disks,as ith 14 disks isbet
RA pings of diskssho
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eplication Features of a ZFS Stor(cont.)
ID-Z Storage Pool Configuration (continue
ore complex conceptual RAID-Z configurk similar to the following:
raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 c5t0d0 c6c8t0d0 c9t0d0 c10t0d0 c11t0d0 c12t0d0 c13t0
ou are creating a RAID-Z configuration win this example, a RAID-Z configuration wter split into a two 7-disk groupings.
ID-Z configurations with single-digit grouuld perform better.
System Module 16, slide 21 of 91Copyrig
R age Pool
ZF Z devices.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eplication Features of a ZFS Stor(cont.)
S uses variable width stripes within RAID-
36 3636
0101010
Data
RAID-Z device
System Module 16, slide 22 of 91Copyrig
R age Pool
Sel
ZFS r RAID-Zcon
Wh ZFS fetch thecor o repairs the baddat
Dy
For FS dynamicallystri
No e.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eplication Features of a ZFS Stor(cont.)
f-Healing Data in a Replicated Configuration
provides for self-healing data in a mirrored ofiguration.
en a bad data block is detected, not only does rect data from another replicated copy, but it alsa by replacing it with the good copy.
namic Striping in a Storage Pool
each virtual device that is added to the pool, Zpes data across all available devices.
fixed width stripes are created at allocation tim
System Module 16, slide 23 of 91Copyrig
R age Pool
ZF l devices in apo
ID-Z device
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eplication Features of a ZFS Stor(cont.)
S dynamically stripes data across all virtuaol.
Data
01010
00101 011100010Stripe 1 Stripe 2
RAID-Z device RA
System Module 16, slide 24 of 91Copyrig
R age Pool
Dy )
Wh S graduallyallo aintainper
Wh s of virtualdev notrec
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eplication Features of a ZFS Stor(cont.)
namic Striping in a Storage Pool (continued
en virtual devices are added to a pool, ZFcates data to the new device in order to mformance and space allocation policies.
ile ZFS supports combining different typeices within the same pool, this practice is
ommended.
System Module 16, slide 25 of 91Copyrig
Cr ge Pools
By st and easy.Ho ations.
Cre
To te command.Th mber of virtualdev
Cre
Th med tank thatcon
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eating and Destroying ZFS Stora
design, creating and destroying pools is fawever, be cautious when doing these oper
ating a ZFS Storage Pool
create a storage pool, use the zpool creais command takes a pool name and any nuices as arguments.
ating a Basic Storage Pool
e following command creates a new pool nasists of the disks c1t0d0 and c1t1d0:
# zpool create tank c1t0d0 c1t1d0
System Module 16, slide 26 of 91Copyrig
Cr ge Pools
Cre
To word, followedby mprise themi
c3d0 c4d0
Cre l
Cre g a mirroredpo instead ofmi
/dev/dsk/c5t0d0
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eating and Destroying ZFS Stora(cont.)
ating a Mirrored Storage Pool
create a mirrored pool, use the mirror keyany number of storage devices that will corror.
# zpool create tank mirror c1d0 c2d0 mirror
ating a Single-Parity RAID-Z Storage Poo
ating a RAID-Z pool is identical to creatinol, except that the raidz keyword is used rror.
# zpool create tank raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0
System Module 16, slide 27 of 91Copyrig
Cr ge Pools
Cre l
You uration byusi created. Forexa
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eating and Destroying ZFS Stora(cont.)
ating a Double-Parity RAID-Z Storage Poo
can create a double-parity RAID-Z configng the raidz2 keyword when the pool is mple:
# zpool create tank raidz2 c1t0d0 c2t0d0 c3t0d0
System Module 16, slide 28 of 91Copyrig
Cr ge Pools
De
Bef the disk is in useby .
If t he following:
wapl ’zeepool’
Som on, but most errorscan
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eating and Destroying ZFS Stora(cont.)
tecting in Use Devices
ore formatting a device, ZFS first determines ifZFS or some other part of the operating system
he disk is in use, you might see errors such as t
# zpool create tank c1t0d0 c1t1d0invalid vdev specificationuse ’-f’ to override the following errors:/dev/dsk/c1t0d0s0 is currently mounted on //dev/dsk/c1t0d0s1 is currently mounted on s/dev/dsk/c1t1d0s0 is part of active ZFS pooPlease see zpool(1M)
e of these errors can be overridden by using the -f optinot.
System Module 16, slide 29 of 91Copyrig
Cr ge Pools
Mis
Cre t replicationlev
Th m accidentallycre evels.
Do
Th ption simulatescre a to disk.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eating and Destroying ZFS Stora(cont.)
matched Replication Levels
ating pools with virtual devices of differenels is not recommended.
e zpool command tries to prevent you froating a pool with mismatched replication l
ing a Dry Run of Storage Pool Creation
e zpool create command with the -n oating the pool without actually writing dat
System Module 16, slide 30 of 91Copyrig
Cr ge Pools
De
Po roy command.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
eating and Destroying ZFS Stora(cont.)
stroying ZFS Storage Pools
ols are destroyed by using the zpool dest
# zpool destroy tank
System Module 16, slide 31 of 91Copyrig
tatus
Th er of ways toreq
Lis
Wi nd displays allthe ple:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS Storage Pool S
e zpool list command provides a numbuest information regarding pool status.
ting Information About All Storage Pools
th no arguments, the zpool list comma fields for all pools on the system. For exam
# zpool listNAME SIZE USED AVAIL CAP HEALTH ALTROOTtank 80.0G 22.3G47.7G 28% ONLINE -dozer 1.2T 384G 816G 32% ONLINE -
System Module 16, slide 32 of 91Copyrig
Q s (cont.)
Lis
You -o option.
For each pool, youuse
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
uerying ZFS Storage Pool Statu
ting Specific Storage Pool Statistics
can request specific statistics by using the
example, to list only the name and size of the following syntax:
# zpool list -o name,sizeNAME SIZEtank 80.0Gdozer 1.2T
System Module 16, slide 33 of 91Copyrig
Q s (cont.)
He
ZF ing pool anddev ed from thesta
Th the zpoolst
Eac states:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
uerying ZFS Storage Pool Statu
alth Status of ZFS Storage Pools
S provides an integrated method of examinice health. The health of a pool is determin
te of all its devices.
is state information is displaying by using atus command.
h device can fall into one of the following
• ONLINE• DEGRADED• FAULTED
System Module 16, slide 34 of 91Copyrig
Q s (cont.)
He d)
Ba
Th of pool healthsta d:
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
uerying ZFS Storage Pool Statu
alth Status of ZFS Storage Pools (continue
• OFFLINE• UNAVAILABLE
sic Storage Pool Health Status
e simplest way to request a quick overviewtus is to use the zpool status comman
# zpool status -xall pools are healthy
System Module 16, slide 35 of 91Copyrig
Q s (cont.)
De
You ry by using the-v
nt replicas existd state.ool online’.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
uerying ZFS Storage Pool Statu
tailed Health Status
can request a more detailed health summa option. For example:
# zpool status -v tankpool: tankstate: DEGRADEDstatus: One or more devices could not be opened. Sufficie
for the pool to continue functioning in a degradeaction: Attach the missing device and online it using ’zpsee: http://www.sun.com/msg/ZFS-8000-2Qscrub: none requestedconfig:
NAME STATE READ WRITE CKSUMtank DEGRADED 0 0 0
mirror DEGRADED 0 0 0c1t0d0 FAULTED 0 0 0 cannot openc1t1d0 ONLINE 0 0 0
errors: No known data errors
System Module 16, slide 36 of 91Copyrig
C Systems
Cre
You e ZFS filesys ngle argument:the
Sp arting from thenam
po stem-name
Th n the pathide e new filesys e system namesmu
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
reating and Destroying ZFS File
ating a ZFS File System
use the zfs create command to creattems. The create subcommand takes a si name of the file system to create.
ecify the file system name as a path name ste of the pool:
ol-name/[filesystem-name/]filesy
e pool name and initial file system names intify the location in the hierarchy where thtem will be created. All the intermediate filst already exist in the pool.
System Module 16, slide 37 of 91Copyrig
C Systems
Cre
In bonwick iscre
ZF le system if it iscre
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
reating and Destroying ZFS File(cont.)
ating a ZFS File System (cont.)
the following example, a file system namedated in the tank/home file system.
# zfs create tank/home/bonwick
S automatically mounts the newly created fiated successfully.
System Module 16, slide 38 of 91Copyrig
C Systems
De
You roy ZFS filesys ticallyun
In tem isdes
If t so cannot beun ils. The zfsde has children.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
reating and Destroying ZFS File(cont.)
stroying a ZFS File System
use the zfs destroy command to desttems. The destroyed file system is automamounted and unshared.
the following example, the tabriz file systroyed.
# zfs destroy tank/home/tabriz
he file system to be destroyed is busy and mounted, the zfs destroy command fastroy command also fails if a file system
System Module 16, slide 39 of 91Copyrig
C Systems
Re
You e ZFS filesys
Th llowingop
n within the
locate it within
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
reating and Destroying ZFS File(cont.)
naming a ZFS File System
use the zfs rename command to renamtems.
e rename subcommand can perform the foerations:
• Change the name of a file system.• Relocate the file system to a new locatio
ZFS hierarchy.• Change the name of a file system and re
the ZFS hierarchy.
System Module 16, slide 40 of 91Copyrig
C Systems
Re
Th ommand tosim
starz_old
Th rename torel
e
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
reating and Destroying ZFS File(cont.)
naming a ZFS File System (cont.)
e following example uses the rename subcply rename a file system:
# zfs rename tank/home/kustarz tank/home/ku
e following example shows how to use zfsocate a file system.
# zfs rename tank/home/maybee tank/ws/maybe
System Module 16, slide 41 of 91Copyrig
Pro you use tocon snapshots, andclo
Pro able properties.
Mo
An en set on apar .
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Properties
perties provide the main mechanism that trol the behavior of file systems, volumes,
nes.
perties are either read-only statistics or sett
st settable properties are also inheritable.
inheritable property is a property that, whent, is propagated to all of its descendants
System Module 16, slide 42 of 91Copyrig
All source.
Th ned. The sourceof
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Properties (cont.)
inheritable properties have an associated
e source indicates how a property was obtaia property can have the following values:
• default
• local
• inherited from dataset-name
• temporary
• - (none)
System Module 16, slide 43 of 91Copyrig
ProNa
ac L entries areles and
eated.
ac ACL entry is a chmod
at r the access timeed when they are
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Properties (cont.)
pertyme
TypeDefaultValue
Description
linherit String secure Controls how ACinherited when fidirectories are cr
lmode String groupmask Controls how anmodified duringoperation
ime Boolean on Controls whethefor files is updatread.
System Module 16, slide 44 of 91Copyrig
av rty that identifiesace available toll its children,er activity in the
ch cksum used tority.
co pressionor this dataset.
com rty that identifiesratio achieved for
cr rty that identifiese that this dataset
ProNa
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ailable Number N/A Read-only propethe amount of spthe dataset and aassuming no othpool.
ecksum String on Controls the cheverify data integ
mpression String off Controls the comalgorithm used f
pressratio Number N/A Read-only propethe compressionthis dataset.
eation Number N/A Read-only propethe date and timwas created.
pertyme
TypeDefaultValue
Description
System Module 16, slide 45 of 91Copyrig
de r device nodess file system
ex r programsstem are allowed
mo rty that indicates system,
t is currently
mo nt point used for
ProNa
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
vices Boolean on Controls whethefound within thican be opened.
ec Boolean on Controls whethewithin this file syto be executed.
unted Boolean N/A Read-only propewhether this fileclone, or snapshomounted.
untpoint String N/A Controls the mouthis file system.
pertyme
TypeDefaultValue
Description
System Module 16, slide 46 of 91Copyrig
or rty for cloned filees that identifieswhich the clone
qu nt of space aescendants can
re r this dataset can
re sted block size forstem.
re rty that identifiesta accessible by
ProNa
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
igin String N/A Read-only propesystems or volumthe snapshot fromwas created.
ota Number(or none)
none Limits the amoudataset and its dconsume.
adonly Boolean off Controls whethebe modified.
cordsize Number 128K Specifies a suggefiles in the file sy
ferenced Number N/A Read-only propethe amount of dathis dataset.
pertyme
TypeDefaultValue
Description
System Module 16, slide 47 of 91Copyrig
re ount of spaceataset and its
sh r the file system isFS, and what.
se r setuid the bit isle system.
sn r the .zfsen or visible ine system.
ty rty that identifiesasstem or clone),hot.
ProNa
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
servation Number(or none)
none The minimum amguaranteed to a ddescendants.
arenfs String off Controls whetheavailable over Noptions are used
tuid Boolean on Controls whethehonored in the fi
apdir String hidden Controls whethedirectory is hiddthe root of the fil
pe String N/A Read-only propethe dataset type filesystem (file syvolume, or snaps
pertyme
TypeDefaultValue
Description
System Module 16, slide 48 of 91Copyrig
us rty that identifiesace dataset and all
vo cifies the logicale.
vo cifies the blocke.
zo r this dataset haso a non-global
ProNa
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ed Number N/A Read-only propethe amount of spconsumed by theits descendants.
lsize Number N/A For volumes, spesize of the volum
lblocksize Number 8 Kbytes For volumes, spesize of the volum
ned Boolean N/A Indicates whethebeen delegated tzone.
pertyme
TypeDefaultValue
Description
System Module 16, slide 49 of 91Copyrig
Re
Re an retrieve, butno .
Se
Set es you can bothret
Set et command.
Wi s, settablepro
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Properties (cont.)
ad-Only ZFS Properties
ad-only properties are properties that you ct set. Read-only properties are not inherited
ttable ZFS Properties
table properties are properties whose valurieve and set.
table properties are set by using the zfs s
th the exceptions of quotas and reservationperties are inherited.
System Module 16, slide 50 of 91Copyrig
ation
Th ble mechanismfor .
Lis
You the zfs listcom
# zNAMpoopoo nepoopoo epoo e/markspoo e/marks@snap
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS File System Inform
e zfs list command provides an extensi viewing and querying dataset information
ting Basic ZFS Information
can list basic dataset information by usingmand with no options. For example:
fs listE USED AVAIL REFER MOUNTPOINTl 84.0K 33.5G - /pooll/clone 0 33.5G 8.50K /pool/clol/test 8K 33.5G 8K /testl/home 17.5K 33.5G 9.00K /pool/homl/home/marks 8.50K 33.5G 8.50K /pool/homl/home/marks@snap 0 - 8.50K /pool/hom
System Module 16, slide 51 of 91Copyrig
ation
Lis
You play specificdat mmand line.
Us descendantsof
Cre
Th sing of the -o, -
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS File System Inform(cont.)
ting Basic ZFS Information (cont.)
can also use the zfs list command to disasets by providing the dataset name on the co
e the the -r option to recursively display alla dataset.
ating Complex ZFS Queries
e zfs list output can be customized by ut, and -H options. For example:
# zfs list -o name,sharenfs,mountpointNAME SHARENFS MOUNTPOINTtank rw /export
System Module 16, slide 52 of 91Copyrig
ation
Cre
You f datasets todis
You header fromthe
Wi tabs. Thisop utput.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS File System Inform(cont.)
ating Complex ZFS Queries (cont.)
can use the -t option to specify the types oplay. The valid types are:
• filesystem
• volume
• snapshot
can use the -H option to omit the zfs list generated output.
th the -H option, all white space is output astion can be useful when you need parsable o
System Module 16, slide 53 of 91Copyrig
Da fs command’sse
Se
You y any settabledat
On fied using zfsse
Th ty to off forta
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Managing ZFS Properties
taset properties are managed through the zt, inherit, and get subcommands.
tting ZFS Properties
can use the zfs set command to modifaset property.
ly one property at a time can be set or modit.
e following example sets the atime propernk/home.
# zfs set atime=off tank/home
System Module 16, slide 54 of 91Copyrig
nt.)
Inh
All uotas andres rent.
If n nheritedpro used.
You clear a propertyset d from thepar
Th ly when youspe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Managing ZFS Properties (co
eriting ZFS Properties
settable properties, with the exception of qervations, inherit their value from their pa
o ancestor has an explicit value set for an iperty, the default value for the property is
can use thezfs inherit command is toting, thus causing the setting to be inheriteent.
e inherit subcommand applies recursivecify the -r option.
System Module 16, slide 55 of 91Copyrig
nt.)
Qu
Th by using thezf
For ou can use thezf nformation in acus
You e any datasetpro
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Managing ZFS Properties (co
erying ZFS Properties
e simplest way to query property values iss list command.
more complex queries and for scripting, ys get command to obtain more detailed itomized format.
can use the zfs get command to retrievperty. For example:
# zfs get checksum tank/wsNAME PROPERTY VALUE SOURCEtank/ws checksum on default
System Module 16, slide 56 of 91Copyrig
nt.)
Qu
Th CE, indicatesho le source valuesare
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Managing ZFS Properties (co
erying ZFS Properties (cont.)
e fourth column in zfs get output, SOURw a property value has been set. The possib:
• default
• inherited from dataset-name
• local
• temporary
• - (none)
System Module 16, slide 57 of 91Copyrig
nt.)
Qu
You ve all datasetpro ll keyword toret
6 -
Th ecify, by sourceval
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Managing ZFS Properties (co
erying ZFS Properties (cont.)
can use the special keyword all to retrieperties. The following example uses the a
rieve all existing dataset properties:
# zfs get all poolNAME PROPERTY VALUE SOURCEpool type filesystem -pool creation Mon Mar 13 11:41 200pool used 2.62M -<output omitted>
e -s option to zfs get enables you to spue, the type of properties to display.
System Module 16, slide 58 of 91Copyrig
s
Ma
By ZFS at boot byusi local service.
Fil e path is thenam
You using the zfsse rty to a specificpat
ZF needed.
Th
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File System
naging ZFS Mount Points
default, all ZFS file systems are mounted byng SMF’s svc://system/filesystem/
e systems are mounted under /path, where of the file system.
can override the default mount point by t command to set the mountpoint propeh.
S automatically creates this mount point, if
e mountpoint property is inherited.
System Module 16, slide 59 of 91Copyrig
ont.)
Ma
You e to prevent afile
If d ms throughleg oint propertyto l
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems (c
naging ZFS Mount Points (cont.)
can set the mountpoint property to non system from being mounted.
esired, you can explicitly manage file systeacy mount interfaces by setting the mountpegacy.
System Module 16, slide 60 of 91Copyrig
ont.)
Au
Wh lt mount pointfor -m.
An not legacy isma
Wh , the file systemis a unt point andrem
Mo .
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems (c
tomatic Mount Points
en you create a pool, you can set the defau the root dataset by using zpool create
y dataset whose mountpoint property is naged by ZFS.
en you change the mountpoint propertyutomatically unmounted from the old moounted to the new mount point.
unt point directories are created as needed
System Module 16, slide 61 of 91Copyrig
ont.)
Leg
You tools by settingthe
Leg the mount andum le.
Th nd manage aZF
ock
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems (c
acy Mount Points
can manage ZFS file systems with legacymountpoint property to legacy.
acy file systems must be managed throughount commands and the /etc/vfstab fi
e following examples show how to set up aS dataset in legacy mode:
# zfs set mountpoint=legacy tank/home/eschr# mount -F zfs tank/home/eschrock /mnt
System Module 16, slide 62 of 91Copyrig
ont.)
Mo
ZF e systems arecre
Th hen changingmo unting filesys
Th hows allcur d by ZFS.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems (c
unting ZFS File Systems
S automatically mounts file systems when filated or when the system boots.
e zfs mount command is only necessary wunt options, or explicitly mounting or unmotems.
e zfs mount command with no argument srently mounted file systems that are manage
# zfs mounttank /tanktank/home /tank/hometank/home/bonwick /tank/home/bonwick
System Module 16, slide 63 of 91Copyrig
ont.)
Mo
You anaged filesys
Th ed file systems.
Wh unt optionsbas the dataset.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems (c
unting ZFS File Systems (cont.)
can use the -a option to mount all ZFS mtems. For example:
# zfs mount -a
is command does not mount legacy manag
en a file system mounts, it uses a set of moed on the property values associated with
System Module 16, slide 64 of 91Copyrig
ont.)
Tem
If y e -o optionwi nding propertyval
In t option istem le system:
To tem that iscur remountop
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems (c
porary Mount Properties
ou explicitly set mount options by using thth the zfs mount command, the correspoue is temporarily overridden.
the following example, the read-only mounporarily set on the tank/home/perrin fi
# zfs mount -o ro tank/home/perrin
temporarily change a property on a file sysrently mounted, you must use the special
tion.
System Module 16, slide 65 of 91Copyrig
ont.)
Un
You s unmountsub ts either themo ument.
In ounted byspe
In mounted byspe
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems (c
mounting ZFS File Systems
can unmount file systems by using the zfcommand. The unmount command accepunt point or the file system name as an arg
the following example, a file system is unmcifying its file system name:
# zfs unmount tank/home/tabriz
the following example, the file system is uncifying its mount point:
# zfs unmount /export/home/tabriz
System Module 16, slide 66 of 91Copyrig
nt
A w o perform manyadm dministrationcon llowing URL:
If y to reach the ZFSAd started. To startthe
If y n the systemboo
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Web-Based Manageme
eb-based ZFS management tool is available tinistrative actions. You can access the ZFS A
sole through a secure web browser at the fo
https://system-name:6789/zfs
ou type the appropriate URL and are unableministration console, the server might not be server, run the following command:
# /usr/sbin/smcwebserver start
ou want the server to run automatically whets, run the following command:
# /usr/sbin/smcwebserver enable
System Module 16, slide 67 of 91Copyrig
A s or volume.
Sna itially consumeno
ZF :
s.apshots is 264.
e. Snapshotsame storage were created.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Snapshots
napshot is a read-only copy of a file system
pshots are created almost instantly, and in additional disk space within the pool.
S snapshots include the following features
• Snapshots persist across system reboot• The theoretical maximum number of sn• Snapshots use no separate backing stor
consume disk space directly from the spool as the file system from which they
System Module 16, slide 68 of 91Copyrig
Cre
You ate ZFSsna es the name ofthe
Sna
Th ank/home/ah
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Snapshots (cont.)
ating and Destroying ZFS Snapshots
use the zfs snapshot command to crepshots. The zfs snapshot command tak snapshot to create as its only argument.
pshot names use the following format:
filesystem@snapnamevolume@snapname
e following example creates a snapshot of trens that is named friday.
# zfs snapshot tank/home/ahrens@friday
System Module 16, slide 69 of 91Copyrig
Cre
Sna aset propertiescan
You roy a ZFSsna
A d he dataset exist.
In snapshot, thenthe n be destroyed.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Snapshots (cont.)
ating and Destroying ZFS Snapshots
pshots have no modifiable properties. Datnot be applied to a snapshot.
use the zfs destroy command to destpshot. For example:
# zfs destroy tank/home/ahrens@friday
ataset cannot be destroyed if snapshots of t
addition, if clones have been created from ay must be destroyed before the snapshot ca
System Module 16, slide 70 of 91Copyrig
Re
You ain within thepo d. For example:
ome/cindys@today
Dis
Sna .zfs/sn ntaining filesys
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Snapshots (cont.)
naming ZFS Snapshots
can rename snapshots, but they must remol and dataset from which they were create
# zfs rename tank/home/cindys@031306 tank/h
playing and Accessing ZFS Snapshots
pshots of file systems are accessible in theapshot directory within the root of the cotem. For example:
# ls /home/ahrens/.zfs/snapshottuesday wednesday thursday
System Module 16, slide 71 of 91Copyrig
Dis nt.)
You
NTPOINT
You particular filesys
pool/home
006006
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Snapshots (cont.)
playing and Accessing ZFS Snapshots (co
can list all snapshots as follows:
# zfs list -t snapshotNAME USED AVAIL REFER MOUpool/home/anne@monday 0 - 780K -pool/home/bob@monday 0 - 1.01M -<output omitted>
can list snapshots that were created for atem as follows:
# zfs list -r -t snapshot -o name,creation NAME CREATIONpool/home/anne@monday Mon Mar 13 11:46 2pool/home/bob@monday Mon Mar 13 11:46 2
System Module 16, slide 72 of 91Copyrig
Sn
Wh lly sharedbet possibly withpre
As viously sharedbec ounted in thesna
Ad the amount ofspa shots.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Snapshots
apshot Space Accounting
en you create a snapshot, its space is initiaween the snapshot and the file system, andvious snapshots.
the file system changes, space that was preomes unique to the snapshot, and thus is cpshot’s used property.
ditionally, deleting snapshots can increasece unique to (and thus used by) other snap
System Module 16, slide 73 of 91Copyrig
Ro
You discard allcha
Th ystem to revertto i .
By not roll back toa s ot.
To estroy allint e recentsna
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Snapshots (cont.)
lling Back to a ZFS Snapshot
can use the zfs rollback command tonges made since a specific snapshot.
ezfs rollback command causes the file sts state at the time the snapshot was taken
default, the zfs rollback command cannapshot other than the most recent snapsh
roll back to an earlier snapshot, you must dermediate snapshots. You can destroy morpshots by specifying the -r option.
System Module 16, slide 74 of 91Copyrig
A c ose initialcon hich it wascre
As nstantaneous,and ce.
You
Wh dency is createdbet
A c ataset fromwh
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Clones
lone is a writable volume or file system whtents are the same as the snapshot from w
ated.
with snapshots, creating a clone is nearly i initially consumes no additional disk spa
can only create clones from a snapshot.
en you clone a snapshot, an implicit depenween the clone and snapshot.
lone does not inherit properties from the dich it was created.
System Module 16, slide 75 of 91Copyrig
Cre
To nd. Specify thesna the name of thenew
Th nywhere in theZF
Th med tank/ho al contents asthe
e/ahrens/bug123
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Clones (cont.)
ating a ZFS Clone
create a clone, use the zfs clone commapshot from which to create the clone, and file system or volume.
e new file system or volume can be located aS hierarchy within the same pool.
e following example creates a new clone name/ahrens/bug123, with the same initi snapshot tank/ws/gate@yesterday.
# zfs snapshot tank/ws/gate@yesterday# zfs clone tank/ws/gate@yesterday tank/hom
System Module 16, slide 76 of 91Copyrig
De
You roy ZFS clones.For
Clo napshot can bedes
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Clones (cont.)
stroying a ZFS Clone
use the zfs destroy command to dest example:
# zfs destroy tank/home/ahrens/bug123
nes must be destroyed before the parent stroyed.
System Module 16, slide 77 of 91Copyrig
Re ne
You place an activeZF .
Th replace filesys the clone of thespe
In estroy the filesys reated.
Wi a ’origin’ filesys
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Clones (cont.)
placing a ZFS File System With a ZFS Clo
can use the zfs promote command to reS file system with a clone of that file system
is feature facilitates the ability to clone andtems so that the ’origin’ file system becomecified file system.
addition, this feature makes it possible to dtem from which the clone was originally c
thout clone promotion, you cannot destroytem of active clones.
System Module 16, slide 78 of 91Copyrig
Re ne
In ductA filesys , tank/test/pro uctA filesys
oductAbeta
OINTtesttest/productA
k/test/productAbeta
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Clones (cont.)
placing a ZFS File System With a ZFS Clo
the following example, the tank/test/protem is cloned and then the clone file systemductAbeta becomes the tank/test/prodtem.
# zfs create tank/test# zfs create tank/test/productA# zfs snapshot tank/test/productA@today# zfs clone tank/test/productA@today tank/test/pr# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPtank/test 314K 8.24G 25.5K /tank/tank/test/productA 288K 8.24G 288K /tank/tank/test/productA@today 0 - 288K -tank/test/productAbeta 0 8.24G 288K /tan
System Module 16, slide 79 of 91Copyrig
Re ne
OINTtesttest/productAk/test/productAbeta -
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Clones (cont.)
placing a ZFS File System With a ZFS Clo
# zfs promote tank/test/productAbeta# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPtank/test 316K 8.24G 27.5K /tank/tank/test/productA 0 8.24G 288K /tank/tank/test/productAbeta 288K 8.24G 288K /tantank/test/productAbeta@today 0 - 288K
System Module 16, slide 80 of 91Copyrig
Re ne
Co naming the filesys
AlegacyductA
OINTtesttest/productA
ank/test/
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Clones (cont.)
placing a ZFS File System With a ZFS Clo
mplete the clone replacement process by retems. For example:
# zfs rename tank/test/productA tank/test/product# zfs rename tank/test/productAbeta tank/test/pro# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPtank/test 316K 8.24G 27.5K /tank/tank/test/productA 288K 8.24G 288K /tank/tank/test/productA@today 0 - 288K -tank/test/productAlegacy 0 8.24G 288K /tproductAlegacy
System Module 16, slide 81 of 91Copyrig
U th Zones
You al zones eitherby to the zones.Typ s or volumeswi
For bal zone allowsthe bal zone. As anadd tor cannotcon new ZFS filesys
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled
can associate ZFS datasets with non-globadding them to the zones, or delegating themically you would associate ZFS file system
th non-global zones.
example, adding a file system to a non-glonon-global zone to share space with the gloed dataset, the non-global zone administratrol properties of the file system, or createtems below the added file system.
System Module 16, slide 82 of 91Copyrig
U th Zones
Wh one, you givecom hildren to thezon
For non-globalzon estroy filesys properties.
Th that have notbee any top-levelqu
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
en you delegate a dataset to a non-global zplete control over the dataset and all its ce administrator.
example, if you delegate a file system to ae, the zone administrator can create and dtems within that dataset, and modify their
e zone administrator cannot affect datasetsn delegated to the zone, and cannot exceed
otas set on the delegated dataset.
System Module 16, slide 83 of 91Copyrig
U th Zones
Ad ne
You system whenthe al zone. A ZFSfile must have itsmo
You zone by usingthe ample:
e1
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
ding ZFS File Systems to a Non-Global Zo
can add a ZFS file system as a generic file goal is solely to share space with the glob system that is added to a non-global zoneuntpoint property set to legacy.
can add a ZFS file system to a non-globaladd fs subcommand in zonecfg. For ex
zonecfg:zone1> add fszonecfg:zone1:fs> set type=zfszonecfg:zone1:fs> set special=tank/zone/zonzonecfg:zone1:fs> set dir=/export/sharedzonecfg:zone1:fs> end
System Module 16, slide 84 of 91Copyrig
U th Zones
De
If t ation of storageto a to a non-globalzon mmand inzo
one1
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
legating Datasets to a Non-Global Zone
he primary goal is to delegate the administrzone, then ZFS supports adding datasetse through use of the add dataset subconecfg. For example:
zonecfg:zone1> add datasetzonecfg:zone1:dataset> set name=tank/zone/zzonecfg:zone1:dataset> end
System Module 16, slide 85 of 91Copyrig
U th Zones
De ont.)
Th perties, andcre le system.
In apshots, createclo stem hierarchyfro
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
legating Datasets to a Non-Global Zone (c
e zone administrator can set file system proate new file systems below the delegated fi
addition, the zone administrator can take snnes, and otherwise control the entire file sym the delegated file system down.
System Module 16, slide 86 of 91Copyrig
U th Zones
Ad
You l zone by usingthe
In t me is added toa n global zone:
sk/tank/vol
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
ding ZFS Volumes to a Non-Global Zone
can add emulated volumes to a non-globaadd device subcommand in zonecfg.
he following example, a ZFS emulated voluon-global zone by the administrator in the
zonecfg:zone1> add devicezonecfg:zone1:device> set match=/dev/zvol/dzonecfg:zone1:device> end
System Module 16, slide 87 of 91Copyrig
U th Zones
Us
You s from within ano
Th es control ofph e, and control ofvir
Wh on-global zone,any cteristics of thepo evices, is notallo
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
ing ZFS Storage Pools Within a Zone
cannot create or modify ZFS storage pooln-global zone.
e delegated administration model centralizysical storage devices within the global zontual storage to non-global zones.
ile a pool-level dataset can be added to a ncommand that modifies the physical chara
ol, such as creating, adding, or removing dwed from within a non-global zone.
System Module 16, slide 88 of 91Copyrig
U th Zones
Pro one
On ministrator cancon
Wh ors are visible tozf tent remainsina ble, as are all itschi
Th enfs property,bec vers.
Ne zoned property.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
perty Management Within a Non-Global Z
ce a dataset is delegated to a zone, the zone adtrol specific dataset properties.
en a dataset is delegated to a zone, its ancests list in the non-global zone, but their conccessible. The delegated dataset itself is writaldren.
e zone administrator cannot change the sharause non-global zones cannot act as NFS ser
ither can the zone administrator change the
System Module 16, slide 89 of 91Copyrig
U th Zones
Un
Wh , the datasetmu erties are notint ne.
On zone under thecon n no longer betru
ZF dataset hasbee int in time.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
derstanding the zoned Property
en a dataset is added to a non-global zonest be specially marked so that certain prop
erpreted within the context of the global zo
ce a dataset has been added to a non-globaltrol of a zone administrator, its contents ca
sted.
S uses the zoned property to indicate that an delegated to a non-global zone at one po
System Module 16, slide 90 of 91Copyrig
U th Zones
Un
Th automaticallytur set is firstboo
If t be mounted orsha
Wh ne is destroyed,the d.
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
derstanding the zoned Property
e zoned property is a boolean value that isned on when a zone containing a ZFS datated.
he zonedproperty is set, the dataset cannotred in the global zone.
en a dataset is removed from a zone or a zozoned property is not automatically cleare
System Module 16, slide 91 of 91Copyrig
U th Zones
Un
To roperty must bema you want toreu
Bef sure that themou children are setto r exist, or turn offthe
On bilities are left,the he zfs set orzfs
Sun Services
Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
sing ZFS on a Solaris System WiInstalled (cont.)
derstanding the zoned Property
prevent accidental security risks, the zonedpnually cleared by the global administrator ifse the dataset in any way.
ore setting the zoned property to off, makentpoint property for the dataset and all itseasonable values and that no setuid binariessetuid property.
ce you have verified that no security vulnerazoned property can be turned off by using t inherit commands.
Top Related