sa-202-s10 - weeblykaransingh12.weebly.com/uploads/3/8/3/8/3838844/sa202s10_oh.pdfsun services...

Sun

System Administra

S or theSolar m, Part 2

Services

tion for the Solaris™ 10 Operating System, Part 2

ystem Administration fis™ 10 Operating Syste

SA-202-S10

Copyrig

This pro lation. No part of this product or document maybe repro

Third-p

Sun, Su re trademarks or registered trademarks of SunMicrosy

All SPA . and other countries. Products bearing SPARCtradema

UNIX is

The OPE es the pioneering efforts of Xerox in researchingand dev ox to the Xerox Graphical User Interface, whichlicense a

U.S. Gov

RESTRI nd FAR 52.227-19(6/87), or DFAR 252.227-7015(b)(6/95

DOCUM IES, INCLUDING ANY IMPLIED WARRANTYOF MER HE EXTENT THAT SUCH DISCLAIMERS AREHELD T

ht 2007 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California, 95054, U.S.A. All rights reserved.

duct or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompiduced in any form by any means without prior written authorization of Sun and its licensors, if any.

arty software, including font technology, is copyrighted and licensed from Sun suppliers.

n Microsystems, the Sun logo,Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, and UltraSPARC astems, Inc. in the U.S. and other countries.

RC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.Srks are based upon an architecture developed by Sun Microsystems, Inc.

a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.

N LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledgeloping the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerlso covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements.

ernment approval might be required when exporting the product.

CTED RIGHTS: Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) a) and DFAR 227.7202-3(a).

ENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO TO BE LEGALLY INVALID.

Copyrig

Ce prod ution, et la décompilation. Aucune partie de ceproduit e Sun et de ses bailleurs de licence, s’il y en a.

Le logic é par des fournisseurs de Sun.

Sun, Sun s marques de fabrique ou des marques déposéesde Sun M

Toutes l l, Inc. aux Etats-Unis et dans d’autres pays. Lesproduits

UNIX es

L’interfa . Sun reconnaît les efforts de pionniers de Xeroxpour lar n détient une licence non exclusive de Xerox surl’interfa tion graphique OPEN LOOK et qui en outre seconform

L’accord

LA DOC ESSES OU TACITES SONT FORMELLEMENTEXCLU RELATIVE A LA QUALITE MARCHANDE, AL’APTIT

ht 2007 Sun Microsystems Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.

uit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite d

iel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licenci

Microsystems, le logo Sun, Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, et UltraSPARC sont deicrosystems, Inc. aux Etats-Unis et dans d’autres pays.

es marques SPARC sont utilisées sous licence sont des marques de fabrique ou des marques déposées de SPARC Internationa portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.

t une marques déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd.

ces d’utilisation graphique OPEN LOOK et Sun™ a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciésecherche et le développement du concept des interfaces d’utilisation visuelle ou graphique pour l’industrie de l’informatique. Suce d’utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l’interface d’utilisaent aux licences écrites de Sun.

du gouvernement américain est requis avant l’exportation du produit.

UMENTATION EST FOURNIE “EN L’ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITEUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON.

Advanced System ivCopyright 2007 Sun Mi

........................ Preface-xv

....................................Preface-xvi

...................................Preface-xvii

................................. Preface-xviii

..................................Preface-xxiii

...................................Preface-xxv

..................................... 1-1

.................................................. 1-2

.................................................. 1-3

.................................................. 1-4

.................................................. 1-6

.................................................. 1-7

.................................................. 1-8

.................................................. 1-9

................................................ 1-11ces ......................................... 1-12

................................................. 1-13................................................ 1-14................................................. 1-15

..................................... 2-1

.................................................. 2-2

.................................................. 2-3

.................................................. 2-4

.................................................. 2-5

Administration for the Solaris™ 10 Operating Systemcrosystems, Inc. All Rights Reserved. Sun Services, Revision C

Course Contents

About This Course ..............................................................Course Goals ..........................................................................................Course Map ............................................................................................Topics Not Covered ..............................................................................How Prepared Are You? ......................................................................Introductions .........................................................................................

Describing Interface Configuration ...................................Objectives ...............................................................................................Controlling and Monitoring Network Interfaces .............................Displaying the MAC Address .............................................................Displaying the IP Address ...................................................................Marking an Ethernet Interface as Down ............................................Sending ICMP ECHO_REQUEST Packets ........................................Capturing and Inspecting Network Packets .....................................Configuring IPv4 Interfaces at Boot Time .........................................The /etc/hostname.xxn File Entries and Corresponding InterfaThe /etc/inet/ipnodes File ............................................................Changing the System Host Name ......................................................The sys-unconfig Command ...........................................................

Describing the Client-Server Model ..................................Objectives ...............................................................................................Introducing Client-Server Processes ..................................................Introducing Client Processes ...............................................................Introducing Server Processes ..............................................................

Advan vCopyrig

.................................................. 2-6

.................................................. 2-8

.................................................. 2-9

................................................ 2-10

................................................ 2-12

................................................ 2-13

................................................ 2-14

................................................ 2-17

................................................ 2-18

................................................ 2-19

................................................ 2-20

................................................ 2-21

................................................ 2-24

................................................ 2-25

................................................ 2-26

................................................ 2-27

................................................ 2-28

................................................ 2-29................................................. 2-30................................................ 2-31

..................................... 3-1

.................................................. 3-2

.................................................. 3-3

.................................................. 3-4

.................................................. 3-5

.................................................. 3-6

.................................................. 3-7

.................................................. 3-9

................................................ 3-11

Sun Services

ced System Administration for the Solaris™ 10 Operating Systemht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

The Service Management Facility (SMF) ...........................................Services ...................................................................................................Service and Instance Nodes .................................................................Service Identifiers ..................................................................................Listing Service Information .................................................................Service States .........................................................................................Milestones ..............................................................................................The svc.startd Daemon ....................................................................The Service Configuration Repository ...............................................Starting Server Processes .....................................................................The Impact of SMF on Network Services ..........................................Introducing Network Ports .................................................................Starting Services That Use a Well-Known Port ................................Requesting a Well-Known Service .....................................................Starting RPC Services ...........................................................................Starting RPC Services at Boot Time ....................................................Starting RPC Services on Demand .....................................................Requesting an RPC Address ...............................................................Using the rpcinfo Commands .........................................................Deleting RPC Service Registration .....................................................

Introducing Sun Connection Services ..............................Objectives ...............................................................................................Solaris 10 OS Patch Access Policy .......................................................Introducing Sun Connection ...............................................................Administering Patches .........................................................................Sun Connection Modes ........................................................................Locally Managing Updates for Individual Systems ........................Update Manager Client ........................................................................The smpatch Command Line Interface .............................................

Advan viCopyrig

................................................ 3-12

................................................ 3-13

................................................ 3-15

................................................ 3-16e .............................................. 3-17................................................ 3-18................................................ 3-19................................................ 3-22................................................. 3-23................................................ 3-24................................................ 3-25................................................ 3-28................................................ 3-29................................................ 3-30................................................ 3-31................................................ 3-33................................................. 3-34................................................ 3-35................................................ 3-36................................................ 3-39................................................ 3-40................................................ 3-43................................................ 3-44

..................................... 4-1

.................................................. 4-2

.................................................. 4-3

.................................................. 4-4

.................................................. 4-5

.................................................. 4-7

Sun Services


Caching Patches With Update Manager's Proxy ..............................Sun Connection Hosted Web Application ........................................Establishing a Sun Online Account ....................................................Obtain a Sun Service Plan ....................................................................Downloading and Installing the Update Manager Client SoftwarStarting the Update Manager Client For the First Time ..................Registering Systems ..............................................................................Select Service Level ...............................................................................Registration Confirmation ..................................................................Registration Complete ..........................................................................Installing Updates With the Update Manager Client ......................Setting Update Manager Client Preferences .....................................Update Manager’s Proxy .....................................................................Configuring the Update Manager’s Proxy ........................................Configuring Clients to Use the Update Manager’s Proxy ..............Patch Administration From the CLI ...................................................Using the smpatch Command ...........................................................Phases for Applying Updates .............................................................Command Examples ............................................................................Configuring the Patch Management Environment ..........................Command Examples ............................................................................Using the Update Policy for Applying Updates ..............................Example of Using the Update Policy .................................................

Managing Swap Configuration ..........................................Objectives ...............................................................................................Introducing Virtual Memory ...............................................................Physical RAM ........................................................................................Swap Space ............................................................................................The swapfs File System .......................................................................

Advan viiCopyrig

.................................................. 4-8

.................................................. 4-9

................................................ 4-10

................................................ 4-12

................................................ 4-14

..................................... 5-1

.................................................. 5-2

.................................................. 5-3

.................................................. 5-4

.................................................. 5-5

.................................................. 5-6

.................................................. 5-7

.................................................. 5-8

.................................................. 5-9

................................................ 5-11................................................. 5-13................................................ 5-14................................................. 5-16

..................................... 6-1

.................................................. 6-2

.................................................. 6-3

.................................................. 6-5

.................................................. 6-8

.................................................. 6-9

................................................ 6-10

................................................ 6-11

................................................ 6-12

................................................ 6-13

Sun Services


Paging .....................................................................................................Configuring Swap Space ......................................................................Displaying the Current Swap Configuration ....................................Adding Swap Space ..............................................................................Removing Swap Space .........................................................................

Managing Crash Dumps and Core Files ...........................Objectives ...............................................................................................Managing Crash Dump Behavior .......................................................Crash Dump ...........................................................................................Displaying the Current Dump Configuration ..................................Changing the Crash Dump Configuration ........................................Managing Core File Behavior ..............................................................Core Files ................................................................................................Displaying the Current Core File Configuration ..............................Changing the Core File Configuration ..............................................Pattern Options for the coreadm Command ....................................Pattern Options for the Global Core File Content ............................Examples of the coreadm Command ................................................

Configuring NFS ..................................................................Objectives ...............................................................................................NFS Benefits ...........................................................................................NFS Distributed File System Fundamentals .....................................NFS Version 4 (NFSv4) .........................................................................Pseudo-File System ...............................................................................Strong Security ......................................................................................Compound Procedures ........................................................................Extended Attributes ..............................................................................File Handles ...........................................................................................

Advan viiiCopyrig

................................................ 6-14

................................................ 6-15

................................................ 6-16

................................................ 6-20

................................................ 6-25

................................................ 6-27

................................................ 6-28

................................................ 6-32

................................................ 6-34

................................................ 6-35

................................................ 6-37

................................................ 6-38................................................. 6-42................................................ 6-43................................................ 6-44................................................ 6-47lder Tools ............................ 6-48

..................................... 7-1

.................................................. 7-2

.................................................. 7-3

.................................................. 7-7

.................................................. 7-9

................................................ 7-10

................................................ 7-11

................................................ 7-12

................................................ 7-13

................................................ 7-16

................................................ 7-17

Sun Services


Delegation ..............................................................................................Configuring an NFS Server and Client ..............................................Managing an NFS Server .....................................................................NFS Server Daemons ............................................................................Managing the NFS Server Daemons ..................................................NFS Server Commands ........................................................................Configuring the NFS Server for Sharing Resources .........................Managing the NFS Client .....................................................................NFS Client Daemons ............................................................................Managing the NFS Client Daemons ...................................................NFS Client Commands .........................................................................Configuring the NFS Client for Mounting Resources .....................The mount Command Options ...........................................................Fundamentals of NFS Server Logging ...............................................Configuring NFS Log Paths ................................................................Initiating NFS Logging .........................................................................Managing NFS With the Solaris Management Console Storage Fo

Configuring AutoFS ............................................................Objectives ...............................................................................................AutoFS Fundamentals ..........................................................................Using Automount Maps ......................................................................Configuring the Master Map ...............................................................Identifying Mount Points for Special Maps ......................................Using the /net Directory .....................................................................Adding Direct Map Entries .................................................................Adding Indirect Map Entries ..............................................................Updating the Automount Maps .........................................................Stopping and Starting the Automount System .................................

Advan ixCopyrig

tware ........................... 8-1.................................................. 8-2.................................................. 8-3.................................................. 8-4.................................................. 8-6.................................................. 8-7.................................................. 8-8................................................... 8-9................................................ 8-10................................................ 8-11................................................ 8-12................................................ 8-16................................................ 8-17................................................ 8-18................................................ 8-19................................................ 8-20................................................ 8-21................................................ 8-22

..................................... 9-1

.................................................. 9-2

.................................................. 9-3

.................................................. 9-4

.................................................. 9-6ole ............................................ 9-7................................................ 9-10................................................ 9-11................................................ 9-15................................................ 9-20................................................ 9-22

Sun Services


Describing RAID and the Solaris™ Volume Manager SofObjectives ...............................................................................................Introducing RAID .................................................................................RAID 0 ....................................................................................................RAID 1 ....................................................................................................RAID 0+1 ................................................................................................RAID 1+0 ................................................................................................Mirror Options .....................................................................................Mirror Read Policies .............................................................................Mirror Write Policies ............................................................................RAID 5 ....................................................................................................Hardware Considerations ...................................................................Choosing Storage Mechanisms ...........................................................Optimizing Redundant Storage .........................................................Introducing Solaris Volume Manager Software Concepts .............Logical Volume .....................................................................................Soft Partitions ........................................................................................Introducing the State Database ...........................................................

Configuring Solaris Volume Manager Software ...............Objectives ...............................................................................................Solaris Volume Manager Concepts ....................................................State Database Replicas ........................................................................Creating the State Database .................................................................Creating the State Database Using the Solaris Management ConsConfiguring RAID-0 .............................................................................Creating a RAID-0 Volume Using the Command Line ...................Creating a RAID-0 Volume Using Solaris Management Console .Configuring RAID-1 .............................................................................Building a Mirror of the Root (/) File System ...................................

Advan xCopyrig

................................................ 9-31

................................................ 9-37

................................... 10-1

................................................ 10-2

................................................ 10-3

................................................ 10-4

................................................ 10-5

................................................ 10-6

................................................ 10-7............................................... 10-11.............................................. 10-13.............................................. 10-17.............................................. 10-18.............................................. 10-19.............................................. 10-20.............................................. 10-21.............................................. 10-23.............................................. 10-25.............................................. 10-26.............................................. 10-28

................................... 11-1

................................................ 11-2

................................................ 11-3................................................. 11-4................................................ 11-5................................................. 11-8............................................... 11-11............................................... 11-12

Sun Services


Configuring an x86-Based System for Mirrored Failover ...............Unmirroring the Root (/) File System ................................................

Configuring Role-Based Access Control (RBAC) ............Objectives ...............................................................................................RBAC Fundamentals ............................................................................Key RBAC Files .....................................................................................The user_attr File ...............................................................................Roles ........................................................................................................Assigning Rights Profiles to Users .....................................................The /etc/security/exec_attr File ...............................................Assigning Rights Profiles to Roles ......................................................Assigning Roles to Users .....................................................................Using Roles ............................................................................................Authorizations .......................................................................................Default Authorizations .........................................................................Assigning Authorizations ....................................................................Assigning Authorizations to Roles .....................................................Assigning Authorizations to Rights Profiles ....................................RBAC Configuration File Summary ...................................................Managing RBAC Using the Solaris Management Console .............

Configuring System Messaging ........................................Objectives ...............................................................................................The syslog Concept .............................................................................The /etc/syslog.conf File ..............................................................The syslogd Daemon and the m4 Macro Processor ........................Configuring the /etc/syslog.conf File .........................................Stopping and Starting the syslogd Daemon ...................................Configuring syslog Messaging ........................................................

Advan xiCopyrig

.............................................. 11-13

.............................................. 11-14

................................... 12-1

................................................ 12-2

................................................ 12-3

................................................ 12-6

................................................ 12-9

.............................................. 12-12

.............................................. 12-15

.............................................. 12-18

.............................................. 12-23

.............................................. 12-26

................................... 13-1

................................................ 13-2

................................................ 13-3

................................................ 13-4

................................................ 13-6

................................................ 13-9

.............................................. 13-10

.............................................. 13-12

.............................................. 13-13

.............................................. 13-14

.............................................. 13-15onf File ............................. 13-16.............................................. 13-17.............................................. 13-18

Sun Services


Monitoring a syslog File in Real Time .............................................Using the Solaris Management Console Log Viewer ......................

Using Name Services ..........................................................Objectives ...............................................................................................Name Service Concept .........................................................................Domain Name System (DNS) .............................................................Network Information Service (NIS) ...................................................Network Information Service Plus (NIS+) ........................................Lightweight Directory Access Protocol (LDAP) ..............................Name Service Switch File .....................................................................Configuring the Name Service Cache Daemon (nscd) ...................Retrieving Name Service Information ...............................................

Configuring Name Service Clients ....................................Objectives ...............................................................................................Configuring a DNS Client ...................................................................Configuring the DNS Client During Installation .............................Editing DNS Client Configuration Files ............................................Setting Up an LDAP Client ..................................................................Client Authentication ...........................................................................Client Profile and Proxy Account .......................................................Client Initialization ...............................................................................Configuring the LDAP Client During Installation ...........................Initializing the Native LDAP Client ...................................................Copying the /etc/nsswitch.ldap File to the /etc/nsswitch.cListing LDAP Entries ............................................................................Unconfiguring an LDAP Client ..........................................................

Advan xiiCopyrig

................................... 14-1

................................................ 14-2

................................................ 14-3

................................................ 14-4

................................................ 14-5

................................................ 14-6

................................................ 14-7

................................................ 14-8

................................................ 14-9

.............................................. 14-10

.............................................. 14-11

.............................................. 14-12

.............................................. 14-13

.............................................. 14-14

.............................................. 14-16

.............................................. 14-17

.............................................. 14-19

.............................................. 14-20

.............................................. 14-23

.............................................. 14-24

.............................................. 14-26

.............................................. 14-29

................................... 15-1

................................................ 15-2

................................................ 15-3

................................................ 15-4

................................................ 15-5

................................................ 15-6

................................................ 15-8

Sun Services


Configuring the Network Information Service (NIS) ........Objectives ...............................................................................................NIS Fundamentals ................................................................................NIS Namespace Information ...............................................................Map Contents and Sort Keys ...............................................................Commands to Read Maps ....................................................................NIS Domains ..........................................................................................NIS Master Server .................................................................................NIS Slave Servers ..................................................................................NIS Clients .............................................................................................NIS Processes .........................................................................................Configuring the Name Service Switch ...............................................NIS Security ...........................................................................................Configuring an NIS Domain ...............................................................Generating NIS Maps ...........................................................................Locating Source Files ............................................................................Converting ASCII Source Files Into NIS Maps .................................Configuring the NIS Master Server ....................................................Testing the NIS Service ........................................................................Configuring the NIS Client ..................................................................Configuring the NIS Slave Server .......................................................Updating the NIS Map .........................................................................

Introduction to Zones .........................................................Objectives ...............................................................................................Solaris Zones ..........................................................................................Zone Features ........................................................................................Zone Types .............................................................................................Global Zones ..........................................................................................Non-Global Zones .................................................................................

Advan xiiiCopyrig

................................................ 15-9

.............................................. 15-11

.............................................. 15-14

.............................................. 15-15

.............................................. 15-16

.............................................. 15-17

.............................................. 15-18............................................... 15-19.............................................. 15-21.............................................. 15-22.............................................. 15-24.............................................. 15-27............................................... 15-28.............................................. 15-35

................................... 16-1

................................................ 16-2

................................................ 16-3

................................................ 16-4

................................................ 16-5

................................................ 16-7ns ........................................... 16-9.............................................. 16-10.............................................. 16-11.............................................. 16-17.............................................. 16-25.............................................. 16-31.............................................. 16-36.............................................. 16-41.............................................. 16-50

Sun Services


Zone Daemons .......................................................................................Zone File Systems .................................................................................Zone Networking ..................................................................................Zone States .............................................................................................Configuring Zones ................................................................................Identifying Zone Components ............................................................Allocating File System Space ...............................................................Using the zonecfg Command ...........................................................The zonecfg Subcommands ...............................................................The zonecfg Resource Parameters ....................................................Zone Configuration Walk-Through ...................................................Viewing the Zone Configuration ........................................................Using the zoneadm Command ...........................................................Installing Packages in Zones ...............................................................

Introduction to the ZFS File System ..................................Objectives ...............................................................................................What Is Solaris ZFS? .............................................................................What Is ZFS? ..........................................................................................ZFS Terminology ...................................................................................ZFS Component Naming Requirements ...........................................ZFS Hardware and Software Requirements and RecommendatioCreating ZFS File Systems ...................................................................Components of a ZFS Storage Pool ....................................................Replication Features of a ZFS Storage Pool .......................................Creating and Destroying ZFS Storage Pools .....................................Querying ZFS Storage Pool Status .....................................................Creating and Destroying ZFS File Systems .......................................ZFS Properties .......................................................................................Querying ZFS File System Information .............................................

Advan xivCopyrig

.............................................. 16-53

.............................................. 16-58

.............................................. 16-66

.............................................. 16-67

.............................................. 16-72

.............................................. 16-74

.............................................. 16-81

Sun Services


Managing ZFS Properties ....................................................................Mounting ZFS File Systems .................................................................ZFS Web-Based Management .............................................................ZFS Snapshots .......................................................................................ZFS Snapshots .......................................................................................ZFS Clones .............................................................................................Using ZFS on a Solaris System With Zones Installed ......................

Sun

System Administra

Services


Preface

About This Course

System Preface, slide xvi of xxvCopyrig

Up e able to:

umps

essaging

res

Sun Services

Administration for the Solaris™ 10 Operating System, Part 2ht 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

Course Goals

on completion of this course, you should b

• Describe network basics• Manage virtual file systems and core d• Manage storage volumes• Control access and configure system m• Set up name services• Perform advanced installation procedu

Sun Services

Course Map

DescribingInterface

Configuration

Describing theClient-Server

Model

UsingName

Services

ConfiguringName

Service Clients

Configuringthe NetworkInformation

Service (NIS)

Describing Network Basics

ManagingSwap

Configuration

ManagingCrash Dumps

and Core Files

ConfiguringNFS

ConfiguringAutoFS

ConfiguringRole-Based

Access Control(RBAC)

ConfiguringSystem

Messaging

Managing Virtual File Systems and Core Dumps

DescribingRAID andSolarisVolume

ManagerSoftware

ConfiguringSolarisVolumeManagerSoftware

Managing Storage VV olumes

Controlling Access and Configuring System Messaging

Setting Up Name Services

Configuring Virtualization

Introductionto

Zones

ConfiguringZFS

SunConnectionServices

System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xvii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C

System Preface, slide xviii of xxvCopyrig

Thi any of thesetop Services:

SA-100-S10: 10 Operating

UNIX®ating SystemA-100-S10: 10 Operating

ered in SA-200-for the Solaris™

Sun Services


Topics Not Covered

s course does not cover the following topics. Mics are covered in other courses offered by Sun

• Basic UNIX® commands – Covered in UNIX® Essentials Featuring the Solaris™System

• The vi editor – Covered in SA-100-S10:Essentials Featuring the Solaris™ 10 Oper

• Basic UNIX file security – Covered in SUNIX® Essentials Featuring the Solaris™System

• Software package administration – CovS10: Intermediate System Administration 10 Operating System

System Preface, slide xix of xxvCopyrig

0-S10:e Solaris™ 10

ment Consolermediate Systemting System00-S10: UNIX®ating Systemered in SA-200-for the Solaris™

Sun Services


Topics Not Covered

• Patch maintenance – Covered in SA-20Intermediate System Administration for thOperating System

• Adding users using the Solaris Managesoftware – Covered in SA-200-S10: InteAdministration for the Solaris™ 10 Opera

• Basic system security – Covered in SA-1Essentials Featuring the Solaris™ 10 Oper

• Administering initialization files – CovS10: Intermediate System Administration 10 Operating System

System Preface, slide xx of xxvCopyrig

n SA-200-S10:e Solaris™ 10

200-S10:e Solaris™ 10

s – Covered instration for the

0: Intermediate0 Operating

Sun Services


Topics Not Covered

• Advanced file permissions – Covered iIntermediate System Administration for thOperating System

• Backup and recovery – Covered in SA-Intermediate System Administration for thOperating System

• The lp print service and print commandSA-200-S10: Intermediate System AdminiSolaris™ 10 Operating System

• Process control – Covered in SA-200-S1System Administration for the Solaris™ 1System

System Preface, slide xxi of xxvCopyrig

ered in SA-em

– Covered inorkshop SystemSystem

in SA-245: Shell

ts – Covered inthe Solaris™ 10

Sun Services


Topics Not Covered

• All the new features in Solaris 10 – Cov225S10: Solaris™ 10 for Experienced SystAdministrators

• Hardware or software troubleshootingST-350: Sun™ Systems Fault Analysis Wtuning – Covered in SA-400: Enterprise Performance Management

• Detailed shell programming – CoveredProgramming for System Administrators

• Detailed network administration concepSA-300-S10: Network Administration for Operating System

System Preface, slide xxii of xxvCopyrig

Ref ation on coursecon

Sun Services


Topics Not Covered

er to the Sun Services catalog for specific informtent and registration.

System Preface, slide xxiii of xxvCopyrig

To e, can youans

0 Operating workstation?ity? the Solaris

dd software

Sun Services


How Prepared Are You?

be sure you are prepared to take this courswer yes to the following questions?

• Can you install and boot the Solaris™ 1System (Solaris 10 OS) on a stand-alone

• Can you implement basic system secur• Can you add users to the system using

Management Console software?• Can you use the pkgadd command to a

packages?

System Preface, slide xxiv of xxvCopyrig

s?esses?ions?

Sun Services


How Prepared Are You?

• Can you monitor and mount file system• Can you manage disk devices and proc• Can you perform backups and restorat

System Preface, slide xxv of xxvCopyrig

in this course

Sun Services


Introductions

• Name• Company affiliation• Title, function, and job responsibility• Experience related to topics presented • Reasons for enrolling in this course• Expectations for this course

Sun

System Administra

D uration

Services


Module 1

escribing Interface Config

System Module 1, slide 2 of 17Copyrig

sIPv4) interfaces

Sun Services


Objectives

• Control and monitor network interface• Configure Internet Protocol Version 4 (

at boot time


work

Ne , and snoop,con ork interfaces.

Sun Services


Controlling and Monitoring NetInterfaces

twork commands, such as ifconfig, pingtrol and monitor the functionality of netw


ss

Th ur computer’sun

Tw Ethernet addressare

# ilo0: mtu 8232 index 1 inet127.nge0 500 index 2 30.255

Sun Services


Displaying the MAC Addre

e media access control (MAC) address is yoique hardware address.

o ways to display the MAC address or the:

• Use the ifconfig -a command:fconfig -a flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>0.0.1 netmask ff000000: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1 inet 192.168.30.41 netmask ffffff00 broadcast 192.168. ether 8:0:20:93:c9:af


ont.)

memory-based systems:

ok bSun d PresentOpen 685423.Ethe

Sun Services


Displaying the MAC Address (c

• Use the boot programmable read-only (PROM) banner command on SPARC®

annerUltra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), KeyboarBoot 3.31 256 MB (60ns) memory installed, Serial #9rnet address 8:0:20:93:c9:af, Host ID: 8093c9af.


s

Th rent configurationfor

# ilo0: IRTUAL> mtu 8232indenge0 > mtu 1500 index 2 92.168.30.255

Sun Services


Displaying the IP Addres

e ifconfig -a command displays the cur the network interfaces.

fconfig -a flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,Vx 1 inet 127.0.0.1 netmask ff000000: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4 inet 192.168.30.41 netmask ffffff00 broadcast 1 ether 8:0:20:93:c9:af


Down

You an Ethernetint

# if# iflo0: IRTUAL> mtu 8232indenge0 tu 1500 index 2 92.168.30.255 # if# iflo0: IRTUAL> mtu 8232indenge0 > mtu 1500 index 2 92.168.30.255

Sun Services


Marking an Ethernet Interface as

can use the ifconfig command to markerface as up or down.

config nge0 downconfig -a flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,Vx 1 inet 127.0.0.1 netmask ff000000: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> m inet 192.168.30.41 netmask ffffff00 broadcast 1 ether 8:0:20:93:c9:afconfig nge0 upconfig -a flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,Vx 1 inet 127.0.0.1 netmask ff000000: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4 inet 192.168.30.41 netmask ffffff00 broadcast 1 ether 8:0:20:93:c9:af


S Packets

To m over thenet

# psys4

Sun Services


ending ICMP ECHO_REQUEST

determine if you can contact another systework, enter the ping command:

ing sys411 is alive


C Packets

You nspect networkpac ferred betweensys

# snsys4 er: 0)sys4 : 0)

Sun Services


apturing and Inspecting Network

can use the snoop utility to capture and ikets to determine what kind of data is transtems.

oop sys41 sys421 -> sys42 ICMP Echo request (ID: 615 Sequence numb2 -> sys41 ICMP Echo reply (ID: 615 Sequence number


C Packets

Som

sno

sno

sno

sno put to filename

sno viously captured

sno k interface

Sun Services


apturing and Inspecting Network

e additional snoop options include:

op Summary output

op -V Summary verbose output

op -v Detailed verbose output

op -o filename Redirects the snoop utility outin summary mode

op -i filename Displays packets that were prein filename

op -d device Receive packets from a networspecified by device


C ot Time

Intr

Ne olled by filesand

ult service

Sun Services


onfiguring IPv4 Interfaces at Bo

oducing IPv4 Interface Files

twork interfaces in the Solaris OS are contr services.

• The svc:/network/physical:defa• The /etc/hostname.xxn file• The /etc/inet/hosts file• The /etc/inet/ipnodes file


T tries and

En/et ily device driver)

/et ice driver) Ethernet

/et em

/et driver) Ethernet

/et er) Ethernet

/et hernet interface in

/et ) Ethernet interface

/et ) Ethernet interface

Sun Services


he /etc/hostname.xxn File EnCorresponding Interfaces

try Interfacec/hostname.e1000g0 First e1000g (Intel PRO/1000 Gigabit fam

Ethernet interface in the system

c/hostname.bge0 First bge (Broadcom Gigabit Ethernet devinterface in the system

c/hostname.bge1 Second bge Ethernet interface in the syst

c/hostname.ce0 First ce (Cassini Gigabit-Ethernet deviceinterface in the system

c/hostname.qfe0 First qfe (Quad Fast-Ethernet device drivinterface in the system

c/hostname.hme0 First hme (Fast-Ethernet device driver) Etthe system

c/hostname.eri0 First eri (eri Fast-Ethernet device driverin the system

c/hostname.nge0 First nge (Nvidia Gigabit Ethernet driverin the system


ile

A l odes with theirInt

## In#::1 127.192.

Sun Services


The /etc/inet/ipnodesF

ocal database that associates the names of nernet Protocol (IP) addresses.

cat /etc/inet/ipnodes

ternet host table

localhost0.0.1 localhost168.30.41 sys41 loghost


me

Th r files on thesys d perform areb name. The filestha

Sun Services


Changing the System Host Na

e host name of a system is contained in foutem. You must modify all of these files, anoot, to successfully change a system’s hostt contain the host name of a system are:

• The /etc/nodename file• The /etc/hostname.xxn file• The /etc/inet/hosts file• The /etc/inet/ipnodes file


nd

You ommand tores gured state,rea

Th ing:

information in

s Network Filee /etc/vfstab

file.

Sun Services


The sys-unconfigComma

can use the /usr/sbin/sys-unconfig ctore a system’s configuration to an unconfidy to be reconfigured again.

e sys-unconfig command does the follow

• Saves the current/etc/inet/hosts filethe /etc/inet/hosts.saved file.

• If the current /etc/vfstab file containSystem (NFS) mount entries, it saves thfile to the /etc/vfstab.orig file.

• Restores the default /etc/inet/hosts


nd

ured interfaces.he

e

.

. user in the

IS+.

Sun Services



• Removes the default host name in the/etc/hostname.xxn files for all config

• Removes the default domain name in t/etc/defaultdomain file.

• Restores the time zone to PST8PDT in th/etc/TIMEZONE file.

• Resets naming services to local files.• Removes the /etc/inet/netmasks file• Removes the /etc/defaultrouter file• Removes the password set for the root

/etc/shadow file.• Removes the /etc/.rootkey file for N


nd

ications. Thesetions of a

r DNS clients. Protocol

e file file file

aemon (sshd)

Sun Services



• Executes all system configuration applapplications are defined by prior execusysidconfig -a command.

• Removes the /etc/resolv.conf file fo• Disables Lightweight Directory Access

(LDAP) by removing:• The /var/ldap/ldap_client_cach• The /var/ldap/ldap_client_file• The /var/ldap/ldap_client_cred• The /var/ldap/cachemgr.log file

• Regenerates keys for the Secure Shell D

Sun

Advanced System

De r Model

Services

Administration for the Solaris™ 10 Operating System

Module 2

scribing the Client-Serve

Advan Module 2, slide 2 of 31Copyrig

Sun Services


Objectives

• Describe client-server processes• Start server processes


sses

Th rvices and theclie

On is the nameser

An tionship is theNF

Sun Services


Introducing Client-Server Proce

e client-server model describes network sent programs of those services.

e example of the client-server relationshipver and resolver model of the DNS.

other example of the client and server relaS.


s

Th es from anotherho

Sun Services


Introducing Client Processe

e client is a host or a process that uses servicst or program, known as a server.

FileServer

NameServer

PrintServer


es

Th services toano

StorageArray 1

StorageArray 2

Client 4

Sun Services


Introducing Server Process

e server is a host or a process that providesther program known as a client.

Printer A

PrintServer

StorageServer

Client 3Client 1 Client 2

Printer B Printer C


T (SMF)

SM cture forma of a servicewi ng:

e dependency

p, and restart

n on startup

Sun Services


he Service Management Facility

F provides a centralized configuration strunaging system services and the interaction

th other services. SMF includes the followi

• A mechanism to establish and formalizrelationships between services.

• Information on procedures to start, stoservices.

• A centralized repository for informatiobehavior and service status.


T (cont.)

agement of

red servicesis not running.

Sun Services


he Service Management Facility

• A structured mechanism for Fault Mansystem services.

• Detailed information about misconfigusuch as an explanation of why a service

• Individual log files for each service.


in SMF is the

to other local

des which are

s such as a Web

can have

, the service's

Sun Services


Services

• The fundamental unit of administrationservice.

• It provides a known list of capabilities and remote services.

• Services are represented as instance nochildren of service nodes.

• One service might have many instanceserver on multiple ports.

• Both service nodes and instance nodes properties.

• If an instance does not have property Xproperty X is used.


s

Sun Services


Service and Instance Node

Sun Services

Service Identifiers

• The service identifier is in the form ofa Fault Management ResourceIdentifier or FMRI.

• The FMRI indicates the type of serviceor category, and the name andinstance of the service.

Service Category Description

milestone Synthetic service s for clean dependencystatement

device General device services

system Services concerned with host-centric, non-networked capabilities

system/security Low-level host-centric services implementingsecurity facilities

network Services concerned with host-centric, networkinfrastructure capabilities

application General software services

application/management

Services implementing management facilities

application/security Services implementing high-level securityfacilities

site Services implementing site-specific software

platform Services implementing platform-specificsoftware

Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 10 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C


Sun Services


Service Identifiers (cont.)

• FMRI examples:svc:/system/filesystem/root:defaultlrc:/etc/rc3_d/S90samba


Th es:

# svSTATlegalegalegalegalega(outonlionlionlionlionlionli ltonlioffl faultofflmain

Sun Services


Listing Service Information

e svcs command to list the FMRIs and stat

csE STIME FMRIcy_run Feb_10 lrc:/etc/rc2_d/S10lucy_run Feb_10 lrc:/etc/rc2_d/S20sysetupcy_run Feb_10 lrc:/etc/rc2_d/S90wbemcy_run Feb_10 lrc:/etc/rc2_d/S99dtlogincy_run Feb_10 lrc:/etc/rc3_d/S81volmgtput removed)ne Feb_10 svc:/system/system-log:defaultne Feb_10 svc:/system/fmd:defaultne Feb_10 svc:/system/console-login:defaultne Feb_10 svc:/network/smtp:sendmailne Feb_10 svc:/milestone/multi-user:defaultne Feb_10 svc:/milestone/multi-user-server:defaune Feb_10 svc:/system/zones:defaultine Feb_10 svc:/application/print/ipp-listener:deine Feb_10 svc:/application/print/rfc1179:defaulttenance 10:24:15 svc:/network/rpc/spray:default

Sun Services

Service StatesService put in maintenance state

Service disabled

Can’t read config

Service marked disabled

Service enabled by admin

Dependency not met or start failed

Dependency metand service enabled

Service shutdown,restart or disable

Partial failure ofservice or dependency

Refresh

No improvement in service

Dependencies staisfied and service is healthy

Unresolvable erroror thresholds reached

Unresolvable error orthresholds reached

Unresolvable error orthresholds reached

Service shutdown,restart or disable

Re-readconfig data

Re-readconfig data

Administratorintervention

Startservice

UNINITALIZED

MAINTENANCE OFFLINE

ONLINE

DEGRADED

DISABLED



A m to reach. Thissys to be running.Th available.

Cu

Sun Services


Milestones

ilestone can be regarded as a system statetem state requires a defined set of servicesese services depend on other services being

rrently there are six milestones:

• single-user• multi-user• multi-user-server• network• name-services• sysconfig• devices


on

n X11

Sun Services


Milestones (cont.)

milestone

network system applicati

ame-services net-physical filesystem print

/ /usr /var

Sun Services

Milestones (cont.)

/var/svc/manifest/milestone/multi-user-server.xml

dependency list

dependency list

multi-user milestone

/var/svc/manifest/milestone/multi-user.xml

exec /sbin/rc3

dependency list

single-user milestone

/var/svc/manifest/milestone/single-user.xml

name-services milestone

filesystem

/var/svc/manifest/system/filesystem/local-fs.xml

method

/lib/svc/method/fs-local

milestone multiuser



Th onsible forma artd whichens ate milestone.

Cu oot time are:

Sun Services


The svc.startdDaemon

e svc.startd is the daemon which is respintaining the system services. It is svc.stures that the system boots to the appropri

rrently the milestones that can be used at b

• none• single-user• multi-user• multi-user-server• all


sitory

Th out the state ofeac on informationabo

Th itory.db.

Th F interfaceuti

A c g the system tosin

# /

and

Sun Services


The Service Configuration Repo

e repository database stores information abh service instance. It also stores configuratiut the services and system.

e disk-based database is /etc/svc/repos

is file can only be manipulated using the SMlities svccfg and svcprop.

orrupt repository can be repaired by bootingle user, and running the command:

lib/svc/bin/restore_repository

following the instructions.


To st know whichfile . You must alsokn

Intr td)

Th ss that runs oneac o notaut

Th .startd. Thereis a inet/ine ported into theSer etconvcom

Sun Services


Starting Server Processes

start services for server processes, you mus to use for automatic service configurationow how to manually start the services.

oducing the Internet Service Daemon (ine

e inetd daemon is a special network proceh system and starts server processes that domatically start at boot time.

e inetd daemon starts at boot time by svc legacy configuration file for inetd, /etc/td.conf. Services listed in this file are im

vice Management Facility (SMF) by the inmand.


T ervices

SM in that eachser led using theine

To

# i# idisa

To

# i# ienab

Sun Services


he Impact of SMF on Network S

F has a major impact on network services vice can be independently enabled or disabtadm command.

disable the telnet facility:

netadm -d telnetnetadm | grep telnetbled disabled svc:/network/telnet:default

enable the telnet facility:

netadm -e telnetnetadm | grep telnetled online svc:/network/telnet:default


Ne guish betweenmu ost computer.

Th t assignments:

tral authority to

for publishing called well-

e software

Sun Services


Introducing Network Ports

twork ports help transport protocols distinltiple service requests arriving at a given h

ere are two fundamental approaches to por

• Central authority• All users must agree to allow the cen

assign all port numbers.• The central authority is responsible

the list of port number assignments,known port assignments.

• Well-known port assignments dictatrequirements on a system.


in advance. Thes ports to the

ts on anyequest to theformation. The

he port number. considered

rt lived, only

Sun Services



• Dynamic binding• The ports are unknown to the client

system software dynamically assignprograms that require them.

• To obtain the current port assignmencomputer, the software generates a rtarget machine for the port number intarget machine then responds with t

• These port number assignments areephemeral since assignments are sholasting until the system is rebooted.


We /servicesfile.

# gteln

Sun Services



ll-known ports are stored in the/etc/inet

rep telnet /etc/inet/serviceset 23/tcp


S l-Known

Ser ach that use awe

boot time at boot, and

Sun Services


tarting Services That Use a WelPort

vices following the central authority approll-known port includes:

• Services that start by default at system • Services that do not start automatically

must start on demand


vice

Sun Services


Requesting a Well-Known Ser

23

n

32

6

7

1

sys41 (Client)

telnet ...in.telnetd

sys42 (Server)

Traraffic ofic onnnnnnnnnnnTraffic onnnnnn

= port number n

Time

4

in.telnetd in.telnetd (port (port nnnnnnnnnn)in.telnetd (port nnnnn ) 5

nnnnn 23

inetdtelnet sys42

8 in.telnetd


RP et of utilitiesdev PC services areass grammer whenthe ally assigned towe

Typ c bindingapp

boot time at boot and

Sun Services


Starting RPC Services

C services are services developed using a seloped by Sun Microsystems, Inc. While R

igned a unique program number by the proy are written, the RPC services are not typicll-known ports.

es of RPC services that follow the dynamiroach include:

• Services that start by default at system • Services that do not start automatically

must start on demand


Time

RP scripts run onava cess associatesRP

Th ipt initializesthe y the rpcbinddae file.

Aft on startslist r and protocol,per

# gsunrsunr

Sun Services


Starting RPC Services at Boot

C services started at boot time with startupilable ports above 32768. The rpcbind pro

C program numbers with port numbers.

e /lib/svc/method/rpc-bind startup scrrpcbind service. The port number used bmon is listed in the /etc/inet/services

er the system starts up, the rpcbind daemening at port 111. To view the port numbeform the command:

rep rpcbind /etc/servicespc 111/udp rpcbindpc 111/tcp rpcbind


and

Som . The portnu ess during boot.

Wh he rpcbindpro to the clientma

Th sing the portnu service.

Sun Services


Starting RPC Services on Dem

e rpcbind services start only on demandmbers are registered with the rpcbindproc

en a client application requests a service, tcess returns the port number of the servicechine.

e client machine generates a new request umber that it just received for the requested


s

Sun Services


Requesting an RPC Addres

n = port number n

1

1112

6

Host 1 (Client)

spray host2

4

3

spray/1... rpc.spraydrpc.sprayd (port nnnnn)

Host 2 (Server)

Time

5

nnnnn nnnnn

nnnnn

nnnnn

rpcbind

inetd

Start rpcbind (port 111)


ds

Th an RPC server,and

To ind process,ent

rpciFor # rp

p <out

Sun Services


Using the rpcinfoComman

e rpcinfo command makes an RPC call to reports what it finds.

list all the services registered with the rpcber the rpcinfo command as follows:

nfo -p [ host ]example:cinfo -program vers proto port service100000 4 tcp 111 rpcbind100000 3 tcp 111 rpcbind100000 2 tcp 111 rpcbind100000 4 udp 111 rpcbind100000 3 udp 111 rpcbind100000 2 udp 111 rpcbind100232 10 udp 32772 sadmindput truncated>


ation

To d prognum(pr ber), performthe

rpciFor # rp

Th mber 100012 isspr restart theine

# sv# sv

Sun Services


Deleting RPC Service Registr

unregister the RPC service given a specifieogram number) and versnum (version numrpcinfo command:

nfo -d prognum versnumexample:cinfo -d 100012 1

e deleted RPC service that uses program nuayd. To register the sprayd service again,td daemon as follows:

cadm disable svc:/network/rpc/spray:udpcadm enable svc:/network/rpc/spray:udp

Sun

System Administra

Intr Services

Services


Module 3

oducing Sun Connection


Im nectionSer , the smpatchcom eb application

Sun Services


Objectives

plement patch management using Sun Convices including the Update Manager clientmand line, and Sun Connection hosted W


olicy

Th

ity, data

ny patches

Sun Services


Solaris 10 OS Patch Access P

e new Solaris 10 OS patch access policy:

• A service plan is not required for securintegrity or hardware driver updates.

• A Sun Online Account is required for aobtained using the Sun Connection.


n

Su t provides:

ecks

Sun Services


Introducing Sun Connectio

n Connection is a seamless architecture tha

• Notifications to let administrators• Automated procedures• Fast intelligent software dependency ch• Optional local caching of updates• A Web hosted service


Th ng:

nterface (GUI)ninterface

Sun Services


Administering Patches

e Sun Connection tools include the followi

• Update Manager client graphical user i• Sun Connection hosted Web applicatio• Update Manager client command-line

(smpatch)


s using the CLIf multipleed Web

Sun Services


Sun Connection Modes

• Local management of individual systemUpdate Manager client or the smpatch

• Remote and centralized management osystems using the Sun Connection hostapplication


ividual

ris 10 OS byction. access to the

Sun Services


Locally Managing Updates for IndSystems

• Maintain your own updates to the Solaestablishing a connection to Sun Conne

• Sun Connection client software enablesSun Connection servers hosted at Sun.• Automatic notification• Update Manager client application• The smpatch command


ividual

Sun Services


Locally Managing Updates for IndSystems (cont.)


or to the Solaris

le updateslable and

Sun Services


Update Manager Client

• The Update Manager client is a successPatch Manager application.• PatchPro analysis engine• A new user interface

• Users can:• Analyze system to check for availab• View a list of updates currently avai

applicable for the system• View details about a specific update• Install selected updates


t.)

Sun Services


Update Manager Client (con


terface

CLI) for SunS.

ended patcheste command.

ystem using the

using

patch remove

Sun Services


The smpatchCommand Line In

• The smpatch command line interface (Connection is built into the Solaris 10 O

• The smpatch CLI enables you to:• Analyze and produce a list of recomm

for a system using the smpatch upda• Download one or more patches to a s

smpatch download command.• Add one or more patches to a system

smpatch add command.• Back out unwanted patches usingsm

command.


C nager's

Sun Services


aching Patches With Update MaProxy


S lication

Sun Services


un Connection Hosted Web App


S lication

Sun Services


un Connection Hosted Web App(cont.)


ount

sing the Sunode of

an account.

Sun Services


Establishing a Sun Online Acc

• A Sun Online Account is required for uConnection services regardless of the mconnection you choose.

• There is no charge for establishing suchStart at:http://www.sun.com/

• Click on the My Account link.


ardware driver

le contact yourbe to an

ith that plan forystems for Sun

Sun Services


Obtain a Sun Service Plan

• A Sun Service Plan is optional.• Without one you will get security and h

updates only.• If you want all the other updates availab

Sun Service Representative and subscriappropriate service plan.

• Obtain a subscription key associated wuse later when you install and register sConnection functionality.


pdate

laris 10 1/06

nload and

Sun Services


Downloading and Installing the UManager Client Software

• Solaris OS versions that precede the Sorelease.

• Solaris 10 1/6 and later releases.• The Update Manager client (1.0.4) dow

installation:• On SPARC-based systems# smpatch update -i 121118-05

• On x86-based systems:# smpatch update -i 12119-05


S t For the

Cli or run the# /

Sun Services


tarting the Update Manager ClienFirst Time

ck on the Java™ Desktop notification icon usr/bin/updatemanager command.


Sun Services


Registering Systems


.)

Sun Services


Registering Systems (cont


Sun Services


Select Service Level


Sun Services


Registration Confirmation


Sun Services


Registration Complete


date

Sun Services


Installing Updates With the UpManager Client


date

Sun Services


Installing Updates With the UpManager Client (cont.)


Se ferences

e, IP address

wnloaded.

for your Java

Sun Services


tting Update Manager Client Pre

• The source of your updates.• The Update Manager’s proxy hostnam

and authentication details.• The directory where updates will be do

(Default is /var/sadm/spool.)• The backout data directory setting.• New update available notification icon

Desktop.• Daily automatic update analysis.


s the Internetun update

pdates from itss. use the Suntch Manager 2.0

Sun Services


Update Manager’s Proxy

• The Update Manager’s proxy minimizetraffic between your systems and the Sserver.

• The Update Manager’s proxy obtains usource of updates on a per-request basi

• The proxy supports client systems thatConnection 1.0 software and the Sun Pasoftware.


Proxy

ystem:

(Root) (Usr)

ger’s proxy:

solaris/

com/solaris/

quent system

Sun Services


Configuring the Update Manager’s

• Verify that required packages are on your s# pkginfo | grep SUNWpsvrsystem SUNWpsvrr Patch Server Deploymentsystem SUNWpsvru Patch Server Deployment

• Set the network proxy for the Update Mana# patchsvr setup -x network_proxy:port

• Specify the next update server:# patchsvr setup -p http://server-name:port/

• Specify the default Sun update server:# patchsvr setup -p https://getupdates1.sun.

• Start the proxy server:# patchsvr start

• Configure the proxy server to start on subseboots:# patchsvr enable


pdate

Ins ftware on theclie

Sun Services


Configuring Clients to Use the UManager’s Proxy

tall and start the Update Manager client sont by typing the following command:

# /usr/bin/updatemanager


pdate

Sun Services


Configuring Clients to Use the UManager’s Proxy (cont.)


CLI

hat is identified

Sun Services


Patch Administration From the

• A Solaris OS update types include:• Standard updates• Recommended patches• Update clusters

• An update is distributed as a directory tby a unique number:105050-01.jar


nd

n two modes:

.entication

used.

Sun Services


Using the smpatchComma

• The smpatch command was available i• Local mode• Remote mode

• By default, smpatch runs in local mode• If you specify any of the remote or auth

options (except for -L), remote mode is


s

s:

rms all three

updates using two

load, and all three

Sun Services


Phases for Applying Update

• The full sequence involves these phase• Analyzing your system• Downloading the necessary updates• Applying the updates

• Phase control:• The smpatch update command perfo

functions in one command.• The smpatch analyze and smpatch

commands performs all three functioncommands.

• The smpatch analyze, smpatch downsmpatch add commands will performfunctions using three commands.


ine the

egion locales

te.

/var/sadm/spool

Sun Services


Command Examples

• Analyze your local system and determappropriate, available updates for it.# smpatch analyze > plist# vi plist...119397-06 SunOS 5.10: patch for North America rissues# patchadd -p | grep 119397

• Download (but not apply) a new upda# smpatch download -i 119397-06119379-06 has been validated.# smpatch get | grep downloadpatchpro.download.directory - # cd /var/sadm/spool ; ls119397-06.jar...


.)

.

Incompatibles:

egion locales

Sun Services


Command Examples (cont

• Install and verify an update.# smpatch add -i 119397-06add patch 119397-06Patch 119397-06 has been successfully installed# patchadd -p | grep 119397-06Patch: 119397-06 Obsoletes: Requires: 121734-01Packages: SUNWnameos SUNWnamdt SUNWnamow# smpatch analyze | grep 119397-06

• Remove an update.# smpatch remove -i 119397-06remove patch 119397-06Transition old-style patching.Patch 119397-06 has been backed out.# smpatch analyze | grep 119397-06119397-06 SunOS 5.10: patch for North America rissues


.)

36:MST.txt has/

Sun Services



• Apply an update in one step.# smpatch update -i 118815-05118815-05 has been validated.Installing patches from /var/sadm/spool...118815-05 has been applied./var/sadm/spool/patchpro_dnld_2007.03.16@12:36:been moved to /var/sadm/spool/patchproSequesterpatchpro_dnld_2007.03.16@12:36:36:MST.txt


ment

mpatch unsettch

ettings for

vironment

values for

Sun Services


Configuring the Patch ManageEnvironment

• The smpatch get, smpatch set and scommands are used to configure the pamanagement environment:• smpatch get displays the current s

environment parameters.• smpatch set changes values for en

parameters.• smpatch unset enables the default

environment parameters.


eter values.# smpatcpatc lpatc lpatc configafter:standardpatc https://getupatcpatcpatcpatcpatc

# sm 816/solaris/# smpatcpatc lpatc l

Sun Services


Command Examples

• Display the current environment parampatch gethpro.backout.directory - ""hpro.baseline.directory - /var/sadm/spoohpro.download.directory - /var/sadm/spoohpro.install.types - rebootafter:rehpro.patch.source http://192.168.201.1:3816/solaris/ pdates1.sun.com/solaris/hpro.patchset - currenthpro.proxy.host - ""hpro.proxy.passwd **** ****hpro.proxy.port - 8080hpro.proxy.user - ""

• Set a new value for the update source.patch set patchpro.patch.source=http://newproxy.apex.com:3patch gethpro.backout.directory - ""hpro.baseline.directory - /var/sadm/spoohpro.download.directory - /var/sadm/spoo


.)

patc configafter:standardpatc ttps://getupatcpatcpatcpatcpatc

mote directory.# sm dates# sm# sm

eter back to

# sm# smpatcpatc

Sun Services



hpro.install.types - rebootafter:rehpro.patch.source http://newproxy.apex.com:3816/solaris/ hpdates1.sun.com/solaris/hpro.patchset - currenthpro.proxy.host - ""hpro.proxy.passwd **** ****hpro.proxy.port - 8080hpro.proxy.user - ""

• Set the source of updates to a local or repatch set patchpro.patch.source=file:/net/sys-04/export/uppatch set patchpro.patch.source=file:/local/updatespatch set patchpro.patch.source=file:/cdrom/cdrom0

• Set the patchpro.patch.source paramthe default value.

patch unset patchpro.patch.sourcepatch gethpro.backout.directory - ""hpro.baseline.directory - /var/sadm/spool


.)

patcpatc r:standardpatc com/solaris/patcpatcpatcpatcpatc

a subset of.

# sm# sm

Sun Services



hpro.download.directory - /var/sadm/spoolhpro.install.types - rebootafter:reconfigaftehpro.patch.source - https://getupdates1.sun.hpro.patchset - currenthpro.proxy.host - ""hpro.proxy.passwd **** ****hpro.proxy.port - 8080hpro.proxy.user - ""

• Configure an update set which definesupdates that commands will work with

patch set patchpro.patchset=recommendedpatch analyze


lying

ty defines theanagement

e system:mediately and

tlied

Sun Services


Using the Update Policy for AppUpdates

• The patchpro.install.types properupdate policy in effect for the update menvironment.

• Types of updates that are applied to th• Standard updates that are applied im

require no system restart• Updates that require a system restar• Updates that must be manually app


olicy

and# sm1196# paPatc SUNWcakr# sm1196# smadd ...ValiLoadDoneLoadDoneChecDoneAppr1196Patc

Sun Services


Example of Using the Update P

• Not Using the smpatch update commpatch analyze | grep wanboot81-06 SunOS 5.10: wanboot patchtchadd -p | grep 119681h: 119681-05 Obsoletes: Requires: Incompatibles: Packages:patch download -i 119681-0681-06 has been validated.patch add -i 119681-06patch 119681-06

dating patches...ing patches installed on the system...!ing patches requested to install.!king patches that you specified for installation.!oved patches will be installed in this order:81-06h 119681-06 has been successfully installed.


E y (cont.)

# paPatc SUNWcakrPatc SUNWcakr# sm## c1196cachpatc# caThis

Plea tioninst tchesshou

1) 1

Sun Services


xample of Using the Update Polic

tchadd -p | grep 119681h: 119681-05 Obsoletes: Requires: Incompatibles: Packages:h: 119681-06 Obsoletes: Requires: Incompatibles: Packages:patch analyze | grep 119681-06d /var/sadm/spool ; ls81-06.jarehpro_dnld_2006.02.13@10:10:29:MST.txtt *.txt patch bundle was generated by PatchPro.

se refer to the README file within each patch for installaructions. To properly patch your system, the following pald be installed in the listed order:

19681-06 !!! IMMEDIATE REBOOT !!!


E y (cont.)

# cd# ja inf# grPATC

# sm1196InstNOTI tem shutdown./var been moved to /var/sadm :MST.txt/var been moved to /var/sadm :MST.txt

Sun Services



/var/sadm/spoolr xvf 119681-06.jar 119681-06/patchinfolated: 119681-06/patchinfoep PROP 119681-06/patchinfoH_PROPERTIES='reconfigimmediate'

• Using the smpatch update Commandpatch update -i 119681-0681-06 has been validated.alling patches from /var/sadm/spool...CE: Patch 119681-06 cannot be installed until the next sys/sadm/spool/patchpro_dnld_2006.02.15@06:02:43:MST.txt has /spool/patchproSequester/patchpro_dnld_2006.02.15@06:02:43/sadm/spool/patchpro_dnld_2006.02.15@06:09:14:MST.txt has /spool/patchproSequester/patchpro_dnld_2006.02.15@06:09:14


E y (cont.)

(cont.)

ID's have beenwrit

One wn to activate it. Toinit g commands:o Poo Dro Re# ca1196

Sun Services



• Using the smpatch update Command

of the updates that are disallowed by installation policyten to file

/var/sadm/spool/disallowed_patch_list

or more updates that you installed requires a system shutdoiate the system shutdown, you must use one of the followinwer down the system - init 0 or shutdown -i 0op to the firmware prompt - init 5 or shutdown -i 5start the system - init 6 or shutdown -i 6t /var/sadm/spool/disallowed_patch_list81-06

Sun

System Administra

ration

Services


Module 4

Managing Swap Configu


Sun Services


Objectives

• Describe virtual memory• Configure swap space


y

Vir d disk storageare

Vir opies of files ondis

Pro han realadd

Vir rating system(OS

Sun Services


Introducing Virtual Memor

tual memory combines RAM and dedicateas known as swap space.

tual memory management software maps ck to virtual addresses.

grams use these virtual addresses, rather tresses, to store instructions and data.

tual memory makes it possible for the ope) to use a large range of memory.


Wh most criticalres

nagemental addresses in

th a runningck informationon disk. These

Sun Services


Physical RAM

en working with swap space, RAM is the ource in your system.

• Virtual and physical addressesThe Solaris 10 OS virtual memory masystem maps the files on disk to virtuvirtual memory.

• Anonymous memory pagesPhysical memory pages associated wiprocess can contain private data or stathat does not exist in any file systemare anonymous memory pages.


Som memory spaceallo

An ap area, butun

is a disk slice.on for theot disk which,

cessary, you

Sun Services


Swap Space

etimes a process must give up some of itscation to another process.

onymous memory pages are placed in a swchanged file system pages are not.

• Swap slicesThe primary swap space on the systemIn the Solaris 10 OS, the default locatiprimary swap space is slice 1 of the boby default, starts at cylinder 0.As additional swap space becomes necan configure additional swap slices.


al swap space

e system, andle command.ed in the swapthe swap file

Sun Services


Swap Space (cont.)

• Swap filesIt is also possible to provide additionon a system by using swap files.Swap files are files that reside on a filthat have been created using the mkfiSwap files can be permanently includconfiguration by creating an entry forin the /etc/vfstab file.


Sw for the processmu

Sun Services


The swapfsFile System

ap space for any private data or stack spacest be reserved.

Swap Slice

Swap File

RAM

Swap Space


between RAM

er processes to

the size of a

Sun Services


Paging

• The transfer of selected memory pagesand the swap areas.

• Physical RAM is made available for othuse.

• Use the pagesize command to displaymemory page in bytes.• On SPARC-based systems:# pagesize8192

• On x86-based systems:# pagesize4096


Th ding, deleting,and ernel.

Sw line are notper

To ace, create anent

Sun Services


Configuring Swap Space

e swap command provides a method of ad monitoring the swap areas used by the k

ap area changes made from the command manent and are lost after a reboot.

create permanent additions to the swap spry in the /etc/vfstab file.


D guration

s the amount pace

the amountpace

subtracts the swap space

-a adds the swap space

Sun Services


isplaying the Current Swap Confi

Memory paging affectof memory allocated s

Task activation affectsof memory reserved s

Arrow up: swap -damount of available

Arrow down: swap amount of available

Allocated

Reserved

Available

swap -sTotal Swap Allocation


D guration

To mplete thefol

l swap space.

= 47088k used,

al swap areas.

Sun Services


isplaying the Current Swap Confi

view the current swap space allocation, colowing steps:

1. List a summary of the system’s virtua# swap -stotal: 41776k bytes allocated + 5312k reserved 881536k available

2. List the details of the system’s physic# swap -lswapfile dev swaplo blocks free/dev/dsk/c0t0d0s1 136,9 16 1048304 1048304


Us l swap space toyou

mmand:

ine similar to

Sun Services


Adding Swap Space

e the following procedures to add additionar system.

• To add swap slices, use the swap -a co# swap -a /dev/dsk/c1t3d0s1

Edit the /etc/vfstab file and add a lthe following:/dev/dsk/c1t3d0s1 - - swap - no -


mand to create

p space.

/etc/vfstab

Sun Services


Adding Swap Space

• To add swap files, use the mkfile comthe swap file. For example:# mkfile 20m /usr/local/swap/swapfile

Add the swap file to the system’s swa# swap -a /usr/local/swap/swapfile

Add an entry for the swap file to thefile./usr/local/swap/swapfile - - swap - no -


If y ce, you candel nal swap slicesand

wap

the swap slice

Sun Services


Removing Swap Space

ou no longer need the additional swap spaete the swap space by removing any additio swap files.

• Removing swap slicesDelete a swap slice from the current sconfiguration.# swap -d /dev/dsk/c1t3d0s1

Edit the /etc/vfstab file, and removeentry from the file.


ap

at it is

the swap file

Sun Services


Removing Swap Space

• Removing swap filesDelete a swap file from the current swconfiguration.# swap -d /usr/local/swap/swapfile

• Remove the file to free the disk space thoccupying.# rm /usr/local/swap/swapfile

• Edit the /etc/vfstab file, and removeentry.

Sun

System Administra

Man Core Files

Services


Module 5

aging Crash Dumps and


Sun Services


Objectives

• Manage crash dump behavior• Manage core file behavior


vior

If a erating systemgen contents of theph evice, whichmu

You the dumpadmcom

Aft sh dump to thedu

Th help determinethe

Sun Services


Managing Crash Dump Beha

fatal operating system error occurs, the operates a crash dump by writing some of the

ysical memory to a predetermined dump dst be a local disk slice.

can configure the dump device by using mand.

er the operating system has written the cramp device, the system reboots.

e crash dump is saved for future analysis to cause of the fatal error.


Wh core commandis a

core

.ist information

You re the locationof y.

Sun Services


Crash Dump

en the operating system crashes, the saveutomatically executed during a boot.

• The savecore command places kernelinformation in the/var/crash/nodename/vmcore.X file

• The savecore command places name land symbol table information in the/var/crash/nodename/unix.X file.

can use the dumpadm command to configuthe dump device and the savecore director


D guration

To the dumpadmcom

Sun Services


isplaying the Current Dump Confi

view the current dump configuration, use mand without arguments.

# dumpadmDump content: kernel pagesDump device: /dev/dsk/c0t0d0s1 (swap)Savecore directory: /var/crash/sys-02Savecore enabled: yes


C uration

Th ation of thecra

Th lows:

dump-device]oot-dir]

Us cations to thecra ting to edit the/et

Sun Services


hanging the Crash Dump Config

e dumpadm command manages the configursh dump facility.

e syntax of the dumpadm command is as fol

/usr/sbin/dumpadm [-nuy] [-c content-type] [-d [-m mink | minm | min%] [-s savecore-dir] [-r r

e the dumpadm command to make all modifish dump configuration, rather than attempc/dumpadm.conf file manually.


or

Wh ically producesa c

You the name orloc terminatingpro

Sun Services


Managing Core File Behavi

en a process terminates abnormally, it typore file.

can use the coreadm command to specifyation of core files produced by abnormallycesses.


space of a

ssible copies of

Sun Services


Core Files

• A core file is a disk copy of the addressprocess at a certain point in time.

• The operating system generates two pocore files:• The global core file• The per-process core file


File

You ents to displaythe

Sun Services


Displaying the Current CoreConfiguration

use the coreadm command without argum current configuration.

# coreadmglobal core file pattern:global core file content: defaultinit core file pattern: coreinit core file content: defaultglobal core dumps: disabledper-process core dumps: enabledglobal setid core dumps: disabledper-process setid core dumps: disabledglobal core dump logging: disabled


File

Th arameters thatare

ead.

Sun Services


Displaying the Current CoreConfiguration

e /etc/coreadm.conf file lists the same p displayed by coreadm.

# cat /etc/coreadm.conf## coreadm.conf## Parameters for system core file configuration.# Do NOT edit this file by hand -- use coreadm(1) inst#COREADM_GLOB_PATTERN=COREADM_GLOB_CONTENT=defaultCOREADM_INIT_PATTERN=coreCOREADM_INIT_CONTENT=defaultCOREADM_GLOB_ENABLED=noCOREADM_PROC_ENABLED=yesCOREADM_GLOB_SETID_ENABLED=noCOREADM_PROC_SETID_ENABLED=noCOREADM_GLOB_LOG_ENABLED=no


ration

ontrol how core

command toore files are

o configurable

Sun Services


Changing the Core File Configu

• The coreadm command allows you to cfiles are generated.

• For example, you can use the coreadm configure a system so that all process cplaced in a single directory.

• You can separately enable or disable twcore file paths: per-process and global.


ration

d with the -pto use for

eadm commandfile options.[-I content]

es are named. of global core

Sun Services


Changing the Core File Configu

• All users can run the coreadm commanoption to specify the file name pattern per-process core files.coreadm [-p pattern] [pid...]

• The root user can use the following coroptions to configure system-wide core coreadm [-g pattern] [-G content] [-i pattern] [-d option...] [-e option...]

• Pattern options determine how core fil• Content options determine the content

files.


P ommand

-m)January 1, 1970

Sun Services


attern Options for the coreadmC

• %p - PID• %u - Effective user ID (EUID)• %g - Effective group ID (EGID)• %f - Executable file name• %n - System node name (uname -n)• %m - Machine hardware name (uname • %t - The time in seconds since midnight• %d - Executable file directory/name• %z - Zonename• %% - Literal %


re File

includingstacksr loaded object

Sun Services


Pattern Options for the Global CoContent

• anon – Anonymous private mappings,thread stacks that are not main thread

• ctf – CTF type information sections fofiles

• data – Writable private file mappings• dism – DISM mappings• heap – Process heap• ism – ISM mappings


re File

ngssked by files

ed objecte file mappings

Sun Services


Pattern Options for the Global CoContent

• rodata – Read-only private file mappi• shanon – Anonymous shared mapping• shfile – Shared mappings that are bac• shm – System V shared memory• stack – Process stack• symtab – Symbol table sections for load• text – Readable and executable privat


mand

pattern as a

profile ory sets the core

during the

Sun Services


Examples of the coreadmCom

• Example 1 – Setting the core file name regular userWhen executed from a user’s $HOME/.$HOME/.login file, the following entrfile name pattern for all processes runlogin session:# coreadm -p core.%f.%p $$


mand

s into a

the user’s coreof the user’ssystem node

%n.%f.%p $$

Sun Services



• Example 2 – Dumping a user’s core filesubdirectoryThe following command places all offiles into the corefiles subdirectoryhome directory, differentiated by thename.$ coreadm -p $HOME/corefiles/


mand

ore file global

system-widee name ands created:%f.%p -e

Sun Services



• Example 3 – Enabling and setting the cname patternThe following is an example of settingparameters that add the executable filPID to the name of any core file that i# coreadm -g /var/core/core.global


mand

figuration for

a list of PIDse file name

Sun Services



• Example 4 – Checking the core file conspecific PIDsRunning the coreadm command withreports each process’s per-process corpattern, for example:# coreadm 228 507228: core default507: /usr/local/swap/corefiles/%n.%f.%p default

Sun

Advanced System

Services

Administration for the Solaris™ 10 Operating System

Module 6

Configuring NFS


istributed file

ent Console

Sun Services


Objectives

• Describe the benefits of NFS• Describe the fundamentals of the NFS d

system• Manage an NFS server• Manage an NFS client• Enable the NFS server logging• Manage NFS with the Solaris Managem

storage folder tools• Troubleshoot NFS errors


Th nt architecturesrun file systemsacr

You differentop n abstractmo

NF d writing, workas

Sun Services


NFS Benefits

e NFS service enables computers of differening different operating systems to share

oss a network.

can implement the NFS environment on erating systems (OS) because NFS defines adel of a file system.

S file system operations, such as reading anif they were accessing a local file.


Th :

ame files,cess the same

cations onisk space for

y, because all

, includingC)ad

Sun Services


NFS Benefits

e benefits of the NFS service are as follows

• Allows multiple computers to use the sbecause all users on the network can acdata

• Reduces storage costs by sharing applicomputers instead of allocating local deach user application

• Provides data consistency and reliabilitusers can read the same set of files

• Supports heterogeneous environmentsthose found on a personal computer (P

• Reduces system administration overhe


NF amentals

Th components:

Th 4 NFSsim

Th

Ver a client hostatt

Sun Services


S Distributed File System Fund

e NFS environment contains the following

• NFS server• NFS client

e Solaris 10 OS supports versions 2, 3, and ultaneously.

e default is to use NFSv4.

sion-related checks are applied whenever empts to access a server’s file share.


NF mentals

Sun Services


S Distributed File System Funda(cont.)

• NFS serverNFS Server (Host 1)

Shared

Directories andDisk Storage

NFS servershares diskstorage withNFS client.

NFS Client (Host 2)

/ /

export opt

rdbms

sharelibbin

rdbms

Host1# share /export/rdbms


NF mentals

Sun Services


S Distributed File System Funda(cont.)

• NFS clientNFS Server (Host 1)

Shared

Directories andDisk Storage

NFS servershares diskstorage withNFS client.

NFS Client (Host 2)

/ /

optexport

sharelibbin

Host2# mount Host1:/export/rdbms /opt/rdbms

rdbms rdbms


Sun Services


NFS Version 4 (NFSv4)

• Stateful connections• Single protocol• Improved Firewall Support• Pseudo file systems• Strong security• Extended attributes• Delegation


s

s

nfs4

rted directories

port_fs dir:

Sun Services


Pseudo-File System

Server exports: /export_fs/local/export_fs/projects/nfs4 /export_fs

export_fs export_f

local

nfs4x

projects payroll

nfs4

local project

/Expo

Client view of server’s ex

Server file systems:

Server file systems:


ntation of theSS)

on Mechanism

Sun Services


Strong Security

• Remote Procedure Call (RPC) implemeGeneral Security Service framework (G

• New security flavor RPCSEC_GSS• Used with Sun Enterprise Authenticati

(SEAM) software• Other GSS_API applications


testdata"

Sun Services


Compound Procedures

NFS version 3 NFS version 4

-> LOOKUP "export" ->OPEN "export/

<- OK READ

->LOOKUP "testdata" <- OPEN OK

<- OK READ OK

-> ACCESS "testdata" (sends data)

<- OK

-> READ "testdata"

<- OK

(sends data)


nnt dependentith files or file

Sun Services


Extended Attributes

• Mandatory – Minimal level of operatio• Recommended – Operating environme• Named – Byte string, data associated w

system


nd contains and

to declare that

les if the server

efers to that file

le.

Sun Services


File Handles

• File handles are created on the server ainformation that uniquely identifies filedirectories.

• NFS version 4 protocol permits a serverits file handles are volatile.

• Clients must support volatile file handuses them.

• Upon file handle expiration, the client:• Flushes the cached information that r

handle.• Searches for that file's new file hand• Retries the operation.


f a file to a

nt a delegation. for callback.

ated state of the

ifferently when

Sun Services


Delegation

• The server delegates the management oclient.

• The server alone decides whether to gra• The new nfs4cbd (1M) daemon is used• The server sends callback to get the upd

file and to revoke the delegation.• Different NFS client versions behave d

a conflict occurs.• Delegation is enabled by default.


Client

Sun Services


Configuring an NFS Server and

• nfs(4) configuration file:/etc/default/nfs

• Enabling NFS versions on server:NFS_SERVER_VERSMIN=num

NFS_SERVER_VERSMAX=num

• Enabling NFS versions on client:NFS_CLIENT_VERSMIN=num

NFS_CLIENT_VERSMAX=num

num=version 2, 3 or 4• Other options in nfs(4)


server

Sun Services


Managing an NFS Server

• NFS server filesYou need several files to support NFSactivities on any computer.• /etc/dfs/dfstab

• /etc/dfs/sharetab

• /etc/dfs/fstypes

• /etc/rmtab

• /etc/nfs/nfslog.conf

• /etc/default/nfslogd

• /etc/default/nfs


e commandsof the dfstab

<pathname>

/export/home2local/dataes" /rdbms_files

Sun Services



• The /etc/dfs/dfstab fileThe /etc/dfs/dfstab file contains ththat share local directories. Each linefile consists of a share command.# cat /etc/dfs/dfstab(output omitted)# the very first entry to this file.## share [-F fstype] [ -o options] [-d "<text>"][resource]# .e.g,# share -F nfs -o rw=engineering -d "home dirs"share -F nfs -o ro -d "Shared data files" /usr/share -F nfs -o rw,root=sys-01 -d "Database fil


a table of local

Sun Services



• The /etc/dfs/sharetab fileThe /etc/dfs/sharetab file containsresources currently being shared.# cat /etc/dfs/sharetab/usr/local/data - nfs ro Shared data files/rdbms_files - nfs ro,root=sys01 Database files


f file systems

eters that cancols.

Sun Services



• The /etc/rmtab fileThe /etc/rmtab file contains a table oremotely mounted by NFS clients.# cat /etc/rmtabsys-03:/usr/local/datasys-02:/export/config...

• The /etc/default/nfs fileThe /etc/default/nfs file lists parambe set for NFS daemon and NFS proto


To svc

If a b file, the NFSser themul

Sun Services


NFS Server Daemons

start the NFS server daemons, enable the:/network/nfs/server service.

# svcadm -v enable nfs/serversvc:/network/nfs/server:default enabled.

system has entries in its /etc/dfs/dfstaver daemons start when the system enters ti-user-server milestone.


In d and lockddae col.

Sun Services


NFS Server Daemons

• mountd

• nfsd

• statd

• lockd

• nfslogd

• nfsmapid

NFSv4, the features provided by the mountmons are integrated into the NFSv4 proto


system mountvides access

articularquesting client

ess a remoteNFS server

s file handle,ation.

Sun Services


NFS Server Daemons

• The mountd daemonThe mountd daemon handles NFS filerequests from remote systems and procontrol.The mountd daemon determines if a pdirectory is being shared, and if the rehas permission to access it.

• The nfsd daemonWhen a client process attempts to accfile resource, the nfsd daemon on thereceives the request and the resource’and then performs the requested oper


ck managerery functions

cking

ional logging

Sun Services


NFS Server Daemons

• The statd daemonThe statd daemon works with the lolockd daemon to provide crash recovfor the lock manager.

• The lockd daemonThe lockd daemon supports record-looperations for NFS files.

• The nfslogd daemonThe nfslogd daemon provides operatfor an NFS server.


d in NFSv4.nd groupnt and server

e

Sun Services


NFS Server Daemons

• The nfsmapid daemonThe nfsmapid daemon is implementeThe nfsmapid daemon maps owner aidentification that both the NFSv4 clieuse.The nfsmapid daemon is started by thsvc:/network/nfs/mapid service.


mons

Th e systemtra anually whenena vice.

Th ependencies ofthe

Sun Services


Managing the NFS Server Dae

e NFS daemons start conditionally when thnsitions through run levels, or they start mbling the svc:/network/nfs/server ser

e svcs command can be used to show the dnfs/server service.

# svcs | grep nfsonline 15:35:24 svc:/network/nfs/client:defaultonline 15:35:29 svc:/network/nfs/status:default...# svcs -l nfs/serverfmri svc:/network/nfs/server:defaultname NFS server...


mons

aemonsually, place and perform the

ually, perform

Sun Services


Managing the NFS Server Dae

• Starting and stopping the NFS server dTo start the NFS server daemons manentry in the /etc/dfs/dfstab file anfollowing command:# svcadm enable svc:/network/nfs/server

To stop the NFS server daemons manthe following command:# svcadm disable svc:/network/nfs/server


Sun Services


NFS Server Commands

• share

• unshare

• shareall

• unshareall

• dfshares

• dfmounts


haring

Wh ou can use thesha ble.

For irectory as area ing command:

Sun Services


Configuring the NFS Server for SResources

en the NFS server daemons are running, yre command to make file resources availa

example, to share the /usr/local/data dd-only shared resource, perform the follow

# share -o ro /usr/local/data


haring

Th

Sun Services



e share command options:

• ro

• rw

• root=access-list

• ro=access-list

• rw=access-list

• anon=n


haring

ountingile resources

/dataountmand:

rcesrently shared

ANSPORT

Sun Services



• Making file resources unavailable for mUse the unshare command to make funavailable for mount operations.For example, to make the /usr/localdirectory unavailable for client-side moperations, perform the following com# unshare /usr/local/data

• Displaying currently shared NFS resouThe dfshares command displays curNFS resources.# dfsharesRESOURCE SERVER ACCESS TRsys-02:/usr/local/data sys-02 - -


haring

otely mounted

Sun Services



• Displaying NFS mounted resourcesThe dfmounts command displays remNFS resource information.# dfmountsRESOURCE SERVER PATHNAME CLIENTS- sys-02 /usr/local/data sys-03


client activities

Sun Services


Managing the NFS Client

• NFS client filesYou need several files to support NFSon any computer.• /etc/vfstab

• /etc/mnttab

• /etc/dfs/fstypes

• /etc/default/nfs


t time, enter/etc/vfstab

yes soft,bg

s read-onlytems for the

to the

Sun Services


Managing the NFS Client

• The /etc/vfstab fileTo mount remote file resources at boothe appropriate entries in the client’sfile. For example:sys-02:/usr/local/data - /usr/remote_data nfs -

• The /etc/mnttab fileThe /etc/mnttab file system provideaccess to the table of mounted file syscurrent host.Mounting a file system adds an entry/etc/mnttab file.


Thsvc

Sun Services


NFS Client Daemons

e NFS client daemons are started using the:/network/nfs/client service.

• statd

• lockd

• nfs4cbd


ons

Tw e lockddae NFS clients.

Th stem enters thenet

lt

lt

Sun Services


Managing the NFS Client Daem

o NFS daemons, the statd daemon and thmon, run both on the NFS servers and the

ese daemons start automatically when a sywork milestone.

# svcs -D milestone/networkSTATE STIME FMRIdisabled 15:34:35 svc:/network/dns/client:defaudisabled 15:34:37 svc:/network/nfs/cbd:default(output omitted)online 16:31:18 svc:/network/nfs/nlockmgr:defauonline 16:33:12 svc:/network/nfs/status:default


ons

F service

F service

erform the

default.

r:default.

Sun Services


Managing the NFS Client Daem

• The lockd daemon is started by the SMnfs/nlockmgr.# svcadm -v enable nfs/nlockmgrsvc:/network/nfs/nlockmgr:default enabled.

• The statd daemon is started by the SMnfs/status.# svcadm -v enable nfs/statussvc:/network/nfs/status:default enabled.

To manually restart these daemons, pfollowing commands:# svcadm -v restart nfs/statusAction restart set for svc:/network/nfs/status:# svcadm -v restart nfs/nlockmgrAction restart set for svc:/network/nfs/nlockmg#


Sun Services


NFS Client Commands

• dfshares

• mount

• umount

• mountall

• umountall


ounting

eso list resources

Sun Services


Configuring the NFS Client for MResources

• Displaying a server’s available resourcYou can use the dfshares command tmade available by an NFS server.# dfshares sys-02RESOURCE SERVER ACCESS TRANSPORTsys-02:/usr/local/data sys-02 - -...


ounting

o attach a localsystem

esource, yousources for theas a list of

omed_data /

Sun Services



• Accessing the remote file resourceUse the /usr/sbin/mount command tor remote file resource to the local filehierarchy. For example:# mount sys-02:/rdbms_files /rdbms_files

When mounting a read-only remote rcan specify a comma-separated list ofremote resource, which are then usedfailover resources.# mount -o ro sys-45,sys-43,sys-41:/multi_hremote_shared_data


ounting

from the clientcal and remoterarchy.

mounts all filee with a mount

remote file

Sun Services



• Unmounting the remote file resources Use the umount command to detach lofile resources from the file system hie# umount /rdbms_files

• Mounting all file resourcesThe /usr/sbin/mountall commandresources listed in the /etc/vfstab filat boot value of yes.To limit the action of this command toresources, use the -r option.# mountall -r


ounting

resourcese -r option tole systems.

eot time, createc/vfstab file.

yes soft,bg

Sun Services



• Unmounting all currently mounted fileUse the umountall command with threstrict unmounting to only remote fi# umountall -r

• Mounting remote resources at boot timTo mount a remote file resource at boan appropriate entry in the client’s /etFor example:sys-02:/usr/local/data - /usr/remote_data nfs -


gging

Th ransactions.

Th gging.

Wh kernel modulewr e system into abu

Th

Th om the loggingop w data in ASCIIlog

Sun Services


Fundamentals of NFS Server Lo

e NFS server logging feature records NFS t

e nfslogd daemon provides operational lo

en you enable NFS server logging, the NFSites records of all NFS operations on the filffer file.

e nfslogd Daemon

e nfslogddaemon converts the raw data freration into ASCII records, and stores the ra files.


s

Th ath, file names,and must use.

A t

To reate the tagent es.

Th

Sun Services


Configuring NFS Log Path

e /etc/nfs/nfslog.conffile defines the p type of logging that the nfslogd daemon

ag corresponds to each definition.

configure NFS server logging, identify or cries for each of the server’s shared resourc

e global tag defines default values.


s

Tag e the followingfor

\extended ]

For

ffer

Sun Services



ged entries in /etc/nfs/nfslog.conf usmat:

<tag> [ defaultdir=<dir_path> ] \[ log=<logfile_path> ] [ fhtable=<table_path> ][ buffer=<bufferfile_path> ] [ logformat=basic|

example:

global defaultdir=/var/nfs \log=nfslog fhtable=fhtable buffer=nfslog_workbu


s

Us s required:

Cre/et server logging.

Sun Services



e the following parameters with each tag, a

• defaultdir=dir_path

• log=logfile_path

• fhtable=table_path

• buffer=bufferfile_path

• logformat=basic|extended

ate any directories you specify inc/nfs/nfslog.conf before starting NFS


To ollowing steps:

ttings in the

ant to enabler the log=tag

on the server.t the correctu shared.

Sun Services


Initiating NFS Logging

initiate NFS server logging, complete the f

1. Become superuser.2. Optional: Change the configuration se

/etc/nfs/nfslog.conf file.3. Share the file system for which you w

logging, adding the -o log option, ooption. Example:share -F nfs -o log /export/sys44_data

4. Check that the NFS service is running5. Run the share command to verify tha

options are listed for the directory yo


risM der Tools

You ponents of thesto of the SolarisMa

Th te, and managesev

Sun Services


Managing NFS With the Solaanagement Console Storage Fol

can manage the NFS system by using comrage folder tools from the default tool box nagement Console.

e Mounts and Shares tool lets you view, creaeral types of mounts and shares.

Sun

System Administra

Services


Module 7

Configuring AutoFS


FS file system

Sun Services


Objectives

• Describe the fundamentals of the Auto• Use automount maps


Au des automaticmo

Au

Th e systems asreq

Th ents:

Sun Services


AutoFS Fundamentals

toFS is a file system mechanism that proviunting using the NFS protocol.

toFS is a client-side service.

e AutoFS service mounts and unmounts filuired without any user intervention.

e automount facility contains three compon

• The AutoFS file system• The automountd daemon• The automount command


Sun Services


AutoFS Fundamentals

RAM

Automount Maps

Master map

Direct map

Indirect map

Special map

�� AutoFS

��


are defined intem.t up, activitye systems to be

toFS resourcervice calls thehe requested

Sun Services


AutoFS Fundamentals

• AutoFS file systemAn AutoFS file system’s mount pointsthe automount maps on the client sysAfter the AutoFS mount points are seunder the mount points can trigger filmounted under the mount points.If a mount request is made for an Aunot currently mounted, the AutoFS seautomountd daemon, which mounts tresource.


cript starts the

systems onints.

stem startuphe initial set of

ticallypoints undermand.

Sun Services


AutoFS Fundamentals

• The automountd daemonThe /lib/svc/method/svc-autofs sautomountd daemon.The automountd daemon mounts filedemand and unmounts idle mount po

• The automount commandThe automount command, called at sytime, reads the master map to create tAutoFS mounts.These AutoFS mounts are not automamounted at startup time, they are thewhich file systems are mounted on de


Th

Sun Services


Using Automount Maps

e following lists the AutoFS map types:

• Master map• Direct map• Indirect map• Special


t.)

Sun Services


Using Automount Maps (conNFS Client

"venues"

/

auto_master

/net -hosts [options]/home auto_home [options]/- auto_direct [options]

auto_direct

/opt/moreapps pluto: /export/opt/apps

auto_home Ernie mars:/export/home/ernieMary mars:/export/home/mary

etc


p

Th also called amo

Th ng all the mapstha

Th master file.

Sun Services


Configuring the Master Ma

e auto_master map associates a directory,unt point, with a map.

e auto_mastermap is a master list specifyit the AutoFS service should check.

e following example shows an /etc/auto_

# cat /etc/auto_master# Master map for automounter#+auto_master/net -hosts -nosuid,nobrowse/home auto_home -nobrowse


I al Maps

Th e default/et

l resources

anism to allowOMEdirectories.

Sun Services


dentifying Mount Points for Speci

ere are two mount point entries listed in thc/auto_master file.

/net -hosts -nosuid,nobrowse/home auto_home -nobrowse

• The -hosts map provides access to alshared by NFS servers.

• The auto_homemap provides the mechusers to access their centrally located $H


Sha ap entry aremo y.

For/do y the command:

Sun Services


Using the /netDirectory

red resources associated with the hosts munted below the /net/hostname director

example, a shared resource namedcumentationon host sys42 is mounted b

# cd /net/sys42/documentation


A / t point for adir

Cre

Dir f the mountpo the sharedres

,v6.0

:/usr/share/man

Sun Services


Adding Direct Map Entries

- entry in the master map defines a mounect map.

/- auto_direct -ro

ating a Direct Map

ect maps specify the absolute path name oint, the specific options for this mount, andource to mount. For example:

# cat /etc/auto_direct# Superuser-created direct map for automounter#/apps/frame -ro,soft server1:/export/framemaker/opt/local -ro,soft server2:/export/unbundled/usr/share/man -ro,soft server3,server4,server5


s

Ind unt point fromthe in the masterma in the indirectma

ainder of therce to mount.

Sun Services


Adding Indirect Map Entrie

irect maps obtain the initial path of the mo master map. For example, the /home entryp defines the base for mount points listed p called auto_home.

/home auto_home -nobrowse

• Creating an indirect mapEntries in an indirect map list the rempreferred mount point, and the resouFor example:stevenu host5:/export/home/stevenujohnnyd host6:/export/home/johnnyd


ont.)

le linen charactersery login ID,

m the NFS

any key.end of the pathld.

Sun Services


Adding Indirect Map Entries (c

• Reducing the auto_home map to a singIn this example, the use of substitutiowithin auto_home specifies that for evthe client remotely mounts the/export/home/loginID directory froserver.* server1:/export/home/&

• The wildcard character (*) matches • The substitution character (&) at the

is replaced with the matched key fie


ont.)

homehomehome

c

Sun Services


Adding Indirect Map Entries (c

NFS Server"mars"

export

home

ernie

NFS Client"venus"

Mount on Demandby automountd

/

home

auto_auto_

autofsautofs

auto_

autofs

et

mary

/

mary


ps

Wh reating a directma he changeseff

You ountd daemon.

You p at any time.Th ountd daemonnex nt.

An atically used bythe

Sun Services


Updating the Automount Ma

en making changes to the master map or cp, run the automount command to make t

ective.

do not have to stop and restart the autom

can modify existing entries in a direct mae new information is used when the automt accesses the map entry to perform a mou

y modifications to indirect maps are automautomountd daemon.


ount

the following

ofs

the following

fs

Sun Services


Stopping and Starting the AutomSystem

• Stopping the automount systemTo disable the service manually, entercommand:# svcadm disable svc:/system/filesystem/aut

• Starting the automount systemTo enable the service manually, entercommand:# svcadm enable svc:/system/filesystem/auto

Sun

System Administra

De olaris™are

Services


Module 8

scribing RAID and the SVolume Manager Softw


are concepts

Sun Services


Objectives

• Describe RAID• Describe Solaris Volume Manager softw


RA and to storedat

Th etadevices,wh al storagevol D 1+0, andRA

catenation and

distributed

Sun Services


Introducing RAID

ID is a classification of methods to back upa on multiple disk drives.

e Solaris Volume Manager software uses mich are product-specific definitions of logicumes, to implement RAID 0, RAID 1, RAIID 5:

• RAID 0: Non-redundant disk array (constriping)

• RAID 1: Mirrored disk array• RAID 5: Block-interleaved striping with

parity


ns)

Sun Services


RAID 0

• Concatenated volumes (or concatenatio

PhysicalSlice A

PhysicalSlice B

RAID 0(Concatenation)Logical Volume

PhysicalSlice C

Solaris VolumeManager


Sun Services


RAID 0 (cont.)

• Striped volumes (or stripes)

Interlace 4

Interlace 1

Interlace 5

Interlace 2

Interlace 6

Interlace 3

PhysicalSlice A

PhysicalSlice B

PhysicalSlice C


RAID 0(Stripe)

Logical Volume

Interlace 4 Interlace 5

Interlace 2

Interlace 6

Interlace 1 Interlace 3


1 or)olume

Submirror 2

Int 1

Int 2

Int 3

Int 4

Sun Services


RAID 1

Interlace 2

Interlace 3

Interlace 4

Interlace 1

Interlace 2

Interlace 3

Interlace 4

Interlace 1

Submirror 1

RAID(Mirr

Logical V

Submirror 1

Submirror 2Solaris Volume

Manager

Int 1

Int 2

Int 3

Int 4


PhysicalSlice F

AID 0Striped)olumeubmirror 2

Sun Services


RAID 0+1PhysicalSlice A

PhysicalSlice B

PhysicalSlice C

PhysicalSlice D

PhysicalSlice E

RAID 0(Striped)Volume

Submirror 1

R(VS

RAID 1(Mirrored)Volume


RAID 1(Mirror)LogicalVolume

Sun Services


RAID 1+0

PhysicalSlice A

PhysicalSlice D

PhysicalSlice B

PhysicalSlice E

PhysicalSlice C

PhysicalSlice F



RAID 0(Striped)

Logical Volume


Mi the followingop

You ally create themi distribute theloa rformance.

Sun Services


Mirror Options

rror performance can be modified by usingtions:

• Mirror read policy• Mirror write policy

can define mirror options when you initirror or after you set up the mirror. You cand across the submirrors to improve read pe


Rea

Ro irrors

Ge s amongl disk block

Fir rror

Sun Services


Mirror Read Policies

d Policy Description

und Robin (default) Balances the load across the subm

ometric Enables the system to divide readsubmirrors on the basis of a logicaaddress

st Directs all reads to the first submi


Wr

Par dispatches

Ser rror musto the next

Sun Services


Mirror Write Policies

ite Policy Description

allel (Default) Replicates a write to a mirror, andthe write to all of the submirrorssimultaneously

ial Specifies that writes to one submicomplete before initiating writes tsubmirror


e

Sun Services


RAID 5

P(4-6)

Interlace 7

Interlace 10

Interlace 1

PhysicalSlice A

Interlace 4

P(7-9)

Interlace 11

Interlace 2

PhysicalSlice B

Interlace 5

Interlace 8

P(10-12)

Interlace 3

PhysicalSlice C

P(1-3)

Interlace 9

Interlace 12

Interlace 6PhysicalSlice D

RAID 5Logical Volum

Interlace 12

Interlace 8

Interlace 7

Interlace 6

Interlace 2

Interlace 3

Interlace 4

Interlace 5

Interlace 9

Interlace 10

Interlace 11

Interlace 1



Re

Th guring RAID-5vol

um of threee contains, thehen a slice fails.ID-5 volumes.

slice thate you will erasen process.

Sun Services


RAID 5 (cont.)

quirements for RAID-5 Volumes

e general configuration guidelines for confiumes are:

• Create a RAID-5 volume with a minimslices. The more slices a RAID-5 volumlonger read and write operations take w

• Do not stripe, concatenate, or mirror RA• Do not create a RAID-5 volume from a

contains an existing file system, becausthe data during the RAID-5 initializatio


can define thevalue, a default

an only handle

oss separatemes.g a RAID-5in unused disk

Sun Services


RAID 5 (cont.)

• When you create a RAID-5 volume, youinterlace value. If you do not specify avalue of 16 Kbytes is assigned.

• A RAID-5 volume (with no hot spares) ca single slice failure.

• To optimize performance, use slices acrcontrollers when creating RAID-5 volu

• Use disk slices of the same size. Creatinvolume of different-sized slices results space on the larger slices.


Su

Th void commonper olumes:

ulations,rcent writeses. If datas needed,

e on differente are primarily

he interlaceormance.

Sun Services


RAID 5 (cont.)

ggestions for RAID 5 Volumes

e following general suggestions can help aformance problems when using RAID-5 v

• Because of the complexity of parity calcvolumes with greater than about 20 peshould probably not be RAID-5 volumredundancy on a write-heavy volume iconsider mirroring.

• If the slices in the RAID-5 volume residcontrollers and the accesses to the volumlarge sequential accesses, then setting tvalue to 32 Kbytes might improve perf


For n performance,ava ries ofinf storagepla

Sun Services


Hardware Considerations

any given application there are trade-offs iilability, and hardware costs. A few catego

ormation that you must address during thenning phase are:

• General storage guidelines• Determining storage characteristics• Storage performance guidelines


ms

Fea RAID-5 StripeWith Parity

Reddat

Yes

Imper

Yes

Imwrper

No

Sun Services


Choosing Storage Mechanis

ture RAID-0Concatenation

RAID-0Stripe

RAID-1Mirror

undanta

No No Yes

proved readformance

No Yes Depends ontheunderlyingdevice

provediteformance

No Yes No


ge

Fac -Redundant

Wr tral

Ra tral

Ha est

Perdu

loss

Sun Services


Optimizing Redundant Stora

tors RAID 1(Mirror)

RAID 5 Non

ite operations Faster Slower Neu

ndom read Slower Faster Neu

rdware cost Highest Higher Low

formancering failure

Best Poor Data


nager

Th u manage largenu . Most tasksinc

age devices

Sun Services


Introducing Solaris Volume MaSoftware Concepts

e Solaris Volume Manager software lets yombers of disks and the data on those diskslude:

• Increasing storage capacity• Increasing data availability• Making the administration of large stor

easier


SV l volumes toma ata.

You ftware volumesfro ris VolumeMa

Th ManagementCo any type ofSV

Sun Services


Logical Volume

M software uses virtual disks called logicanage physical disks and their associated d

can create the Solaris Volume Manager som slices (disk partitions) or from other Solanager software volumes.

e Enhanced Storage tool within the Solaris nsole allows you to list, create, and modifyM software volumes or components.


Sof ing largesto sizes.

Us e into as manydiv ed, can bedir le systems, aslon

Sun Services


Soft Partitions

t partitions provide a mechanism for dividrage spaces into smaller, more manageable

e soft partitioning to divide a slice or volumisions as needed. A soft partition, once namectly accessed by applications, including fig as it is not included in another volume.


se

Bef ume Managersof the SolarisVo

Th tically updatesthe te changeocc

Th eplicateddat tabase protectsaga .

Sun Services


Introducing the State Databa

ore creating volumes using the Solaris Voltware, state database replicas must exist onlume Manager software system.

e Solaris Volume Manager software automa state database when a configuration or staurs.

e state database is a collection of multiple, rabase copies. Having copies of the state dainst data loss from single points-of-failure

Sun

System Administra

Con Manager

Services


Module 9

figuring Solaris Volume Software


are concepts

root (/) file

Sun Services


Objectives

• Describe Solaris Volume Manager softw• Build a RAID-0 (concatenated) volume• Build a RAID-1 (mirror) volume for the

system


epts

Th olaris 9 OS andSol software usedin r OS.

Th to implementRA

Sun Services


Solaris Volume Manager Conc

e Solaris Volume Manager software in the Saris 10 OS replaces the Solstice DiskSuite™eleases of the Solaris OS prior to Solaris 9

e Solaris Volume Manager software is usedID 0, RAID 1, RAID 1+0, and RAID 5.


Th about the stateof figuration.

Mu s, providered d be distributedacr

Sol rity consensusalg eplicas containval

Th 1) of the statedat hem arecon

Sun Services


State Database Replicas

e state database stores information on diskyour Solaris Volume Manager software con

ltiple copies of the database, called replicaundancy. The state database replicas shouloss multiple disks.

aris Volume Manager software uses a majoorithm to determine which state database rid data.

e algorithm requires that a majority (half +abase replicas are available before any of tsidered valid.


Th

g if at least halfble.half of the state

olaris Volumehe total number

Sun Services


State Database Replicas

e majority consensus algorithm:

• Makes sure that the system stays runninof the state database replicas are availa

• Causes the system to panic if fewer thandatabase replicas are available.

• Prevents the system from starting the SManager software unless a majority of tof state database replicas are available.


e

You g the following:

GUI

Th o create statedat

1t0d0s1

Sun Services


Creating the State Databas

can create state database replicas by usin

• The metadb -a command• The Solaris Volume Manager software

e following example shows using metadb tabase replicas:

# metadb -a -f c0t0d0s4 c0t0d0s5 c1t0d0s0 c# metadb

flags first blk block counta u 16 8192 /dev/dsk/c0t0d0s4a u 16 8192 /dev/dsk/c0t0d0s5a u 16 8192 /dev/dsk/c1t0d0s0a u 16 8192 /dev/dsk/c1t0d0s1


ing thele

Sun Services


Creating the State Database UsSolaris Management Conso


ing thecont.)

Sun Services


Creating the State Database UsSolaris Management Console (


g thent.)

Sun Services


Creating the State Database UsinSolaris Management Console (co


RA capacityeffi a redundancy,bu ity.

RA atenations.

cause multipleme time. Al slices in the

e first availableme writes data

Sun Services


Configuring RAID-0

ID-0 volumes let you expand disk storageciently. These volumes do not provide datt can be used to expand disk storage capac

ID-0 comes in two forms, stripes and conc

• Striping enables parallel data access becontrollers can access the data at the sastripe distributes data equally across alstripe.

• A concatenated volume writes data to thslice. When the first slice is full, the voluto the next available slice.


g the

e you can

ach of two

rt/homeost at capacity.

oncatenated tome.

Sun Services


Creating a RAID-0 Volume UsinCommand Line

• State database replicas must exist beforconfigure any metadevices.

• For example, to create two replicas on eslices, use the command:# metadb -a -f -c 2 c3t2d0s7 c3t3d0s7

• In this example, assume that the /expo(/dev/dsk/c0t0d0s7) file system is almA new slice from another disk will be cit, making a RAID-0 concatenated volu


g the

etadevices and:

hese slices is

oncatenation is

ipes is equal to this case 2.s one, so the

Sun Services



• Use the metainit command to create massociate slices with them. For example# metainit -f d0 2 1 c0t0d0s7 1 c3t2d0s0d0: Concat/Stripe is setup

• The -f option is required if one of tcurrently mounted.

• The metadevice name used for this cd0.

• In a concatenation, the number of strthe number of slices being added, in

• The number of slices in each stripe inumber 1 appears before each slice.


g the

ted, but is notusing the new

le that mounts

me ufs 2 yes -

e metadevice

2 yes -

Sun Services



• The new metadevice (d0) has been creabeing used yet. It needs to be remountedmetadevice device files.

• Locate the entry in the /etc/vfstab fithe file system at boot time:/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/ho

Change the device names to match thnames:/dev/md/dsk/d0 /dev/md/rdsk/d0 /export/home ufs


g the

using the new

ed one

n into the new

. Use the option

Sun Services



• Un-mount and re-mount the file systemdevice files:# umount /export/home# mount /export/home# df -h /export/homeFilesystem size used avail capacity Mount/dev/md/dsk/d0 470M 395M 28M 94% /export/hom

• The existing file system needs to be growspace.

• This is done with the growfs command-M to specify a mount point:# growfs -M /export/home /dev/md/rdsk/d0...


C Solaris

Sun Services


reating a RAID-0 Volume UsingManagement Console


C Solarist.)

Sun Services


reating a RAID-0 Volume UsingManagement Console (con


C Solarist.)

Sun Services




RA d provide datared ntical copies ofthe t is made.

ID-0 volumes.alled

rs is known as a

r from a mirror

Sun Services


Configuring RAID-1

ID-1 volumes are also known as mirrors anundancy. A RAID-1 volume maintains ide data in the RAID-0 volumes from which i

• Using multiple submirrors• A mirror is made of two or more RA• The mirrored RAID-0 volumes are c

submirrors.• A mirror consisting of two submirro

two-way mirror.• You can attach or detach a submirro

at any time.


)

by using the

Sun Services


Configuring RAID-1 (cont.

• Mirror optionsMirror performance can be modifiedfollowing options:• Mirror read policy

• Round robin• Geometric• First

• Mirror write policy• Parallel• Serial


B System

Th t (/) file systemcan exclusively, butit i nt Console(SM

Th volume for theroo ted.

Sun Services


uilding a Mirror of the Root (/) File

e procedure for building a mirror of the roobe accomplished using the command line

s not possible to use the Solaris ManagemeC) exclusively.

is section describes how to create a RAID-1t (/) file system, which cannot be unmoun


B System

Cre quires thefol

stem you want

ntain theme.ID-0 volumerored.e the system’s) mirror.

root (/) mirror.

Sun Services


uilding a Mirror of the Root (/) File(cont.)

ating a mirror of the root (/) file system relowing general steps:

1. Create a RAID-0 volume for the file syto mirror.

2. Create a second RAID-0 volume to cosecond submirror of the RAID-1 volu

3. Create a one-way mirror using the RAthat contains the file system to be mir

4. Use the metaroot command to updatconfiguration, because this is a root (/

5. Reboot your system, because this is a


B System

e system

used in theirror, because

tem.

Sun Services



6. Attach the second submirror to the filmirror.

7. Record the alternate boot path that isevent of a failure of the primary submthis is a mirror of the root (/) file sys


B System

the root (/) fileich you later

rror to the

a RAID-0irror of the root

d0s0

he d11 volume.

Sun Services



• Creating the RAID-0 volumesThe first step when building a mirror ofsystem is to create RAID-0 volumes, whcombine to form the mirror.Each RAID-0 volume becomes a submimirror.• Use the metainit command to create

volume to be used as the primary subm(/) file system:# /usr/sbin/metainit -f d11 1 1 c0t0

d11: Concat/Stripe is setup

This command forces the creation of t


B System

d as thesystem, use the

tes a mirrored

11 as a

Sun Services



• To create a RAID-0 volume to be usesecondary submirror of the root filemetainit command again:# metainit d12 1 1 c3t3d0s1d12: Concat/Stripe is setup

• Creating the RAID-1 volumeThe following metainit example creavolume named d10.This command attaches the volume dsubmirror of the mirror named d10.# /usr/sbin/metainit d10 -m d11d10: Mirror is setup


B System

systems, youange the mount

clude entries

, use the/vfstab and /

Sun Services



• Executing the metaroot commandWhen creating mirrors of mounted filemust update the /etc/vfstab file to chpoint from a slice to a volume.The /etc/system file must change to inrelated to SVM drivers.When mirroring the root (/) file systemmetaroot command to modify the /etcetc/system files, as follows:# metaroot d10# grep md /etc/vfstab/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -# tail /etc/systemrootdev:/pseudo/md@0:0,10,blk


B System

taching the

ing the

Sun Services



• Rebooting the systemYou must reboot the system before atsecondary submirror.# init 6

• Attaching the secondary submirrorAttach the secondary submirror by usmetattach command:# metattach d10 d12d10: submirror d12 is attached


B System

Th nchronizationtak

Sun Services



e metastat command shows the mirror sying place.

# metastat d10d10: MirrorSubmirror 0: d11State: OkaySubmirror 1: d12State: ResyncingResync in progress: 83 % donePass: 1Read option: roundrobin (default)Write option: parallel (default)Size: 307440 blocks (150 MB)


B System

iableto define a

ndary root

1/SUNW,isptwo@4/

reference boths, in the order

Sun Services



• Updating the boot-device PROM varUse the OpenBoot nvalias commandbackup_root device alias for the secomirror. For example:ok nvalias backup_root /pci@1f,0/pci@1/pci@sd@3,0:b

Redefine the boot-device variable tothe primary and secondary submirrorin which you want to access them.ok setenv boot-device disk backup_root netboot-device= disk backup_root net


em for

he right deviceting the master

.probe for

system, the filedisk partition,

Sun Services


Configuring an x86-Based SystMirrored Failover

• The BIOS• The BIOS is responsible for finding t

to boot from, then loading and execuboot record from that device.

• BIOS is configurable to some degree• BIOS may be limited in its ability to

devices.• fdisk Partitioning

• To use the SVM to mirror the root filesystem must use the single Solaris fand no separate boot partition.


em for

RUB)ot archive into

mingtly specifyingn you configure

clude thethe menu.lst

Sun Services


Configuring an x86-Based SystMirrored Failover (cont.)

• The GNU GRand Unified Bootloader (G• GRUB is responsible for loading a bo

the system's memory.• Understanding the GRUB device na

conventions can assist you in correcdrive and partition information wheGRUB on your system.

• The functional GRUB components instage1 and stage2 programs, and file.


em for

Sun Services



• x86/x64 Boot Program Locations

Sector 0 =mboot + fdisk

Partition tableSector 0 = stage1

Sector 1 + 2 =disk label + VTOC

Disk Cylinders

Sector 50 = stage2- extends for200 + sectors

Solaris fdisk partitioncylinder 0 (disk cyl 1) = slice 8

0

0

1


em for

oot File Systemboot devices, if

n and root slice

sk/c2d0p0

2 programs./grub/stage2 \

Sun Services



• Creating a RAID-1 Volume From the r• Configure the ordering for the BIOS

possible.• Configure the Solaris fdisk partitio

on the mirror disk.• Install the mboot program.# fdisk -b /usr/lib/fs/ufs/mboot -n /dev/rd

• Install the GRUB stage1 and stage# /sbin/installgrub /boot/grub/stage1 /boot/dev/rdsk/c2d0p0


em for

isting root (/)

existing

an unused slice

ystem, then

Sun Services



• Identify the slice that contains the exfile system to be mirrored.

• Create a new RAID-0 volume on theroot (/) file system to be mirrored.

• Create a second RAID-0 volume onto act as the second submirror.

• Create a one-way mirror.• Remount your newly mirrored file s

reboot the system.# metaroot volume-name# reboot


em for

e

Sun Services



• Attach the second submirror.# metattach volume-name submirror-name

• Define the alternative boot path in th/boot/grub/menu.lst file.

# vi /boot/grub/menu.lst....title alternate boot root (hd1,0,a) kernel /boot/multiboot module /boot/x86.miniroot-safe


stem

rror to verify

mirror to make

Sun Services


Unmirroring the Root (/) File Sy

• Run the metastat command on the mithat submirror 0 is in the Okay state.# metastat d10d10: MirrorSubmirror 0: d11State: OkaySubmirror 1: d12State: Okay...

• Run the metadetach command on the a one-way mirror.# metadetach d10 d12d10: submirror d12 is detached


U m (cont.)

rror, run thec/vfstab and

the mirror and

Sun Services


nmirroring the Root (/) File Syste

• Because this is a root (/) file system mimetaroot command to update the /et/etc/system files.# metaroot /dev/dsk/c0t0d0s0

• Reboot the system.# init 6

• Run the metaclear command to clear submirrors.# metaclear -r d10d10: Mirror is clearedd11: Concat/Stripe is cleared# metaclear d12d12: Concat/Stripe is cleared


U m (cont.)

If y an alternateboo

Sun Services


nmirroring the Root (/) File Syste

ou changed your boot-device variable tot path, return it to its original setting.

Sun

System Administra

Conf ss Control

Services


Module 10

iguring Role-Based Acce(RBAC)


RBACnagement

line

Sun Services


Objectives

• Describe RBAC fundamentals• Describe component interaction within• Manage RBAC by using the Solaris Ma

Console• Manage RBAC by using the command


In r (also referredto a any task.

In sers can beass ith rightspro

Rig mmands andapp

Ro authorizationgra compliantapp

Sun Services


RBAC Fundamentals

conventional UNIX® systems, the root uses the superuser) has the ability to perform

systems implementing RBAC, individual uigned to roles, where roles are associated wfiles.

hts profiles list the rights to run specific colications with escalated privileges.

les can also be assigned authorizations. Annts access to restricted functions in RBAC lications.


RB d privilegedcom

le

Sun Services


Key RBAC Files

AC authorizations, roles, rights profiles, anmands are defined in four files:

• The /etc/user_attr file• The /etc/security/prof_attr file• The /etc/security/policy.conf fi• The /etc/security/exec_attr file


Th les andaut s.

Wh rights profiles,aut he file.

Ch ed RBACfea

Sun Services


The user_attrFile

e /etc/user_attr file lists the rights profihorizations associated with users and role

en you create a new user account with no horizations, or roles, nothing is added to t

anges to this file will be illustrated as relattures are described in this module.


user account,ommands. can run the

e Solaris 10 OS.n you define a

er has been

Sun Services


Roles

• A role is a special identity, similar to a used to run privileged applications or c

• You assign users to roles so those userscommands associated with those roles.

• No predefined roles are shipped with th• You assign rights profiles to a role whe

role.• The roles command lists the roles a us

assigned:# roles rootNo roles


sers

that can be

ns with special

ipped with the

Sun Services


Assigning Rights Profiles to U

• A rights profile is a collection of rights assigned to a user.

• A right is a command or script which rusecurity attributes.

• Many examples of rights profiles are shSolaris 10 OS.


sers

ontains rights

elp=RtAll.htmlmnt.html

ame. last two fields file.

Sun Services



• The /etc/security/prof_attr file cprofile names and descriptions.# cat /etc/security/prof_attr(output omitted)All:::Execute any command as the user or role:hLog Management:::Manage log files:help=RtLogMng...

• Each line starts with the rights profile n• The middle fields are not used, and the

hold a comment and a pointer to a help


sers

ofiles assigned

e. It allows anycial security

er accounts are.conf file.

Sun Services



• The profiles command lists rights prto a user.# profiles chrisBasic Solaris UserAll

• Every account has the All rights profilcommand to be executed, but with speattributes.

• Other rights profiles given to all new usdefined in the /etc/security/policy# grep 'PROFS' /etc/security/policy.confPROFS_GRANTED=Basic Solaris User


sers

r account withanagement

er_attr file as

t

Sun Services



• Rights profiles can be assigned to a usethe usermod command or the Solaris MConsole (SMC).# usermod -P "Printer Management" chris# profiles chrisPrinter ManagementBasic Solaris UserAll

• This automatically updates the/etc/usshown by the following:# grep chris /etc/user_attrchris::::type=normal;profiles=Printer Managemen


rFile

Th xecutionatt

and with noand, possibly

s UID, EUID,d to a process

s to a particularmands with

Sun Services


The /etc/security/exec_att

e /etc/security/exec_attr file holds eributes.

• An execution attribute is either a commoption, or a script that contains a commwith options.

• In this file, the special security attributeGID, and EGID, specify attributes to adwhen it runs.

• Only the users and roles assigned accesrights profile can run its associated comtheir special security attributes.


rFile

Co the PrinterMa s:

xec_attruid=0;uid=0euid=lp;uid=lpgid=14euid=0l/accept:uid=lpl/

hed:uid=0:euid=lp;uid=lp

Sun Services


The /etc/security/exec_att

mmands and special security attributes fornagement rights profile are listed as follow

# grep 'Printer Management' /etc/security/ePrinter Management:suser:cmd:::/etc/init.d/lp:ePrinter Management:suser:cmd:::/usr/bin/cancel:Printer Management:suser:cmd:::/usr/bin/lpset:ePrinter Management:suser:cmd:::/usr/bin/lpstat:Printer Management:suser:cmd:::/usr/lib/lp/locaPrinter Management:suser:cmd:::/usr/lib/lp/localpadmin:uid=lp;gid=8Printer Management:suser:cmd:::/usr/lib/lp/lpscPrinter Management:suser:cmd:::/usr/sbin/accept...


oles

If a samecon les, it can beeas give the usersacc

entry in the/user_attr

el One Support" \estore" level1

ord for it is set.

Sun Services


Assigning Rights Profiles to R

large number of user accounts require thefiguration and management of rights profiier to assign the rights profiles to a role andess to the role.

• Creating a roleThe roleadd command creates a role/etc/passwd, /etc/shadow, and /etcfiles.# roleadd -m -d /export/home/level1 -c "Lev-P "Printer Management,Media Backup,Media R64 blocks

The role cannot be used until a passw


oles

Th ow, and/et

evel1:/bin/pfsh

,Media

Sun Services



e changes to the /etc/passwd, /etc/shadc/user_attr files are shown as follows:

# grep level1 /etc/passwdlevel1:x:102:1:Level One Support:/export/home/l# grep level1 /etc/shadowlevel1:CUs8aQ64vTrZ.:12713::::::# grep level1 /etc/user_attrlevel1::::type=role;profiles=Printer ManagementBackup,MediaRestore


oles

role on a

s profiles.pfksh level1

Sun Services



• Modifying a roleTo modify the login information of asystem, use the rolemod command.This example modifies the role’s right# rolemod -P profile1,profile2 -s /usr/bin/


oles

ll that enablesassigned to

sed, as theydo not consult

d pfksh.

Sun Services



• Purpose of the profile shellsA profile shell is a special type of sheaccess to the privileged rights that arethe rights profile.The standard UNIX shells cannot be uare not aware of the RBAC files, andthem.The profile shells are pfsh, pfcsh, an


Th ment Console(SM

Th eing used withthe

paul

Th the user chris:

Sun Services


Assigning Roles to Users

e useradd command or the Solaris ManageC) can be used to assign users to roles.

e example shows the useradd command b-R option to assign roles:

# useradd -m -d /export/home/paul -R level164 blocks#

is example associates the level1 role with

# usermod -R level1 chris#


As account, log inas

Th le to youracc

Sw u command.

Sun Services


Using Roles

it is not possible to directly log in to a rolea regular user first.

e roles command shows the roles availabount.

$ iduid=103(paul) gid=1(other)$ roleslevel1

itch the user to the role account with the s

$ su level1Password:$ iduid=102(level1) gid=1(other)


An nctions inRB

Som ris 10 OS arewr r calling them.

Th e/et

tmlJobsAdmin.html

Sun Services


Authorizations

authorization grants access to restricted fuAC-compliant applications.

e applications and commands in the Solaitten to check the authorizations of the use

e predefined authorizations are listed in thc/security/auth_attr file.

# cat /etc/security/auth_attr(output omitted)solaris.jobs.:::Job Scheduler::help=JobHeader.hsolaris.jobs.admin:::Manage All Jobs::help=Authsolaris.jobs.grant:::Delegate Cron & AtAdministration::help=JobsGrant.html...


All le by default.

Th s access to alllist

Th ll Solaris OScom definition in apre

Sun Services


Default Authorizations

users have the Basic Solaris User profi

# profiles chrisPrinter ManagementBasic Solaris UserAll

e Basic Solaris User profile grants usered authorizations.

e All profile grants unrestricted access to amands that have not been restricted by a

viously listed authorization.


Au nts.

Au r embedded ina r er or role.

Au mand line orwi

Th sed with the -Aop

Sun Services


Assigning Authorizations

thorizations can be assigned to user accou

thorizations can also be assigned to roles oights profile, which can be assigned to a us

thorizations may be assigned from the comth SMC.

is example shows the useradd command ution to add an authorization to a user:

# usermod -A solaris.jobs.admin chris


Th s the/et on.

rofiles=Printer

Sun Services


Assigning Authorizations

e usermod command automatically updatec/user_attr file with this new informati

# grep chris /etc/user_attrchris::::type=normal;auths=solaris.jobs.admin;pManagement


oles

If a samecon ions, it can beeas d give the usersacc

You e roleaddcom

Sun Services


Assigning Authorizations to R

large number of user accounts require thefiguration and management of authorizatier to assign the authorizations to a role aness to the role.

can assign authorizations to roles with thmand or with SMC.


oles

Th tions to create arol izationsol

l Management" \

Sun Services


Assigning Authorizations to R

is example uses the roleadd -P and -A ope called level2 that is assigned the authoraris.admin.usermgr.*.

# roleadd -m -d /export/home/level2 -P "Mai-A "solaris.admin.usermgr.*" level264 blocks#


A Profiles

A r ands andspe ed in the /etc/sec

It i rizations fromthe hts profile byadd ty/prof_attrfile

Sun Services


ssigning Authorizations to Rights

ights profile usually includes a list of commcial security attributes, the rights, as definurity/exec_attr file.

s also possible to include predefined autho/etc/security/auth_attr file in the riging the authorizations to the /etc/securi

.


mary

Th les used byRB

Sun Services


RBAC Configuration File Sum

e figure on this slide shows how the four fiAC are interrelated.

��

Users

Roles

��

Profiles

��

Privileges

��

Authorization


mary

��

Sun Services


RBAC Configuration File SumFrom the �� database:

��

From the �� database:

��

��!�� "

#��

From the �� database:

!��

�� $�!��"��

��

From the ��%�� database:

!�� &��

!�� &� �'��(

!�� (

!�� &�� (

!�� &� �� (


laris

Th s 10 OS enablesyou console.

Sun Services


Managing RBAC Using the SoManagement Console

e Solaris Management Console in the Solari to configure RBAC features using a GUI


laris

To lete thefol

ssigned the

port the

to the rights

Sun Services



set up privileged access using SMC, complowing steps:

1. Build the user accounts that will be aRBAC rights profiles and roles.

2. Build the rights profiles needed to supprivileged access requirements.

3. Build the role that will provide accessprofiles for designated users.


laris

To e followingste

Sun Services



access RBAC features in SMC, complete thps:

1. Select Management Tools.2. Click This Computer.3. Click System Configuration.4. Double-click the Users icon.

Sun

System Administra

C aging

Services


Module 11

onfiguring System Mess


og function

g viewer

Sun Services


Objectives

• Describe the fundamentals of the sysl• Configure the /etc/syslog.conf file• Configure syslog messaging• Use the Solaris Management Console lo


Th ed by theker to the syslogddae ntrol messagelog e /etc/sys

host

Sun Services


The syslogConcept

e syslog function sends messages generatnel and system utilities and applications mon. With the syslog function you can coging, depending on the configuration of thlog.conf file. The daemon can:

• Write messages to a system log• Forward messages to a centralized log • Forward messages to a list of users• Write messages to the system console


le

A c nf file consistsof .

Th lity and alev

Th message.

Sun Services


The /etc/syslog.confFi

onfiguration entry in the /etc/syslog.cotwo tab-separated fields: selector and action

e selector field has two components, a faciel written as facility.level.

e action field determines where to send the


T Macro

Th r, and the /etc/sys s to determinethe

Th

cro processor.og.conf file,ut, and passes

Sun Services


he syslogdDaemon and the m4Processor

e syslogd daemon, the m4macro processolog.conf file interact in conceptual phase

correct message routing.

ese conceptual phases are described as:

1. The syslogd daemon runs the m4 ma2. The m4 processor reads the /etc/sysl

processes any m4 statements in the inpthe output to the syslogd daemon.


T Macro

rationor to route

Sun Services



3. The syslogd daemon uses the configuinformation output by the m4 processmessages to the appropriate places.


T Macro

Sun Services



• The m4 Macro Processor

��

��

SelectorField

ActionField

��


C nfFile

Th les are definedwi restart thesys nges to this file.

Th .conf filesho ystem.

*.er smsg*.er m/messages*.al r*.al*.em

Sun Services


onfiguring the /etc/syslog.co

e target locations for the syslog message fithin the /etc/syslog.conf file. You mustlogddaemon whenever you make any cha

e following excerpt from the /etc/syslogws how various events are logged by the s

r;kern.notice;auth.notice /dev/syr;kern.debug;daemon.notice;mail.crit /var/adert;kern.err;daemon.err operatoert rooterg *


C nfFile

In L nel andaut e, which are noterr ling, will write ame

In L acility eventsof l f level notice,and essage in the /var gged to bothfile

Lin luding theker ents, are sent tothe

Sun Services



ine 1, every error event (*.err) and all kerhorization facility events of level noticor conditions but might require special handssage to the /dev/sysmsg file.

ine 2, every error event (*.err), all kernelfevel debug, all daemon facility events o all critical level mail events will record a m/adm/messages file. Therefore, errors are lo

s.

e 3 indicates that all alert level events, incnel error level and daemon error level ev

user operator if this user is logged in.


C nfFile

Lin sent to the rootuse

Lin nterprets as anem y logged-in user.

Sun Services



e 4 indicates that all alertlevel events arer if the root user is logged in.

e 5 indicates that any event that the system iergency will be logged to the terminal of ever


logd

Th s the syslogdpro

You aemon, or sendit a mon to rereadthe

# svTo s# svTo s mmand:# sv

Sun Services


Stopping and Starting the sysDaemon

e /lib/svc/method/system-log file startcess during each system boot.

can manually stop or start the syslogd drefresh command, which causes the dae/etc/syslog.conf file.

cadm disable svc:/system/system-log:defaulttart the syslogd daemon, perform the command:cadm enable svc:/system/system-log:defaultend a refresh to the syslogd daemon, perform the cocadm refresh svc:/system/system-log:default


ing

Th cess for manynet or servicereq col (UDP) portsass he inetdcon

Th use of theine

Sun Services


Configuring syslogMessag

e inetd daemon is the network listener prowork services. The inetd daemon listens fuests on the TCP and User Datagram Protoociated with each of the services listed in tfiguration file.

e inetd daemon is controlled through the tadm command.


l Time

Th that you canvie syslogddae

# t

lnet[2361]

5 6

Sun Services


Monitoring a syslogFile in Rea

e tail -f command holds the file open so w messages being written to the file by themon, for example:

ail -f /var/adm/messages

Jun 14 13:15:39 host1 inetd[2359]:[ID 317013 daemon.notice] te

from 192.9.200.1 45800

1

7

2 3 4

8


onsole

You Log Viewerapp can also usethi ion from theMa erform thefol

laris

lication

Sun Services


Using the Solaris Management CLog Viewer

can use the Solaris Management Consolelication to view syslog message files. You

s application to view and capture informatnagement Tool logs. To open the viewer, p

lowing steps:

1. Use the smc command to open the SoManagement Console:# smc &

The Solaris Management Console applaunches.


onsole

Th ent Tools logent ory.

Sun Services


Using the Solaris Management CLog Viewer

2. Select This Computer (hostname).3. Select System Status.4. Select Log Viewer.

e initial Log Viewer display lists Managemries from the /var/sadm/wbem/log direct

Sun

System Administra

s

Services


Module 12

Using Name Service


n (nscd)

Sun Services


Objectives

• Describe the name service concept• Describe the name service switch file

/etc/nsswitch.conf

• Describe the name service cache daemo• Get name service information


Na n in a network.

A s he informationpre st.

Th s host names,Int asswords, andaut

Oth d clients),req .

Th and translates,or sed (cached) ordis

Sun Services


Name Service Concept

me services centralize the shared informatio

ingle system, the name server, maintains tviously maintained on each individual ho

e name servers provide information, such aernet Protocol (IP) addresses, user names, pomount maps.

er hosts in the name service domain (calleuest the information from the name server

is name server system responds to clients, resolves their requests from its memory-bak-based databases.


atabase

Sun Services



��

��

Client DNameServer

LocalFile

1 2

3

54


Th ing benefits:

me service datar systems

atesnt-of-failure

Sun Services



e name service concept provides the follow

• A single point of administration for na• Consistent name service information fo

within the domain• All clients have access to changed data• Assurance that clients do not miss upd• Secondary servers prevent a single poi


S)

rnet-wides to IPes. local andmains to allowthe Internet, so

com

Sun Services


Domain Name System (DN

• Domain Name System (DNS) is an Intenaming system for resolving host nameaddresses and IP addresses to host nam

• DNS supports name resolution for bothremote hosts, and uses the concept of dohosts with the same name to coexist onlong as they are in different domains.

• For example:www.sun.com and www.microsoft.


S)

at use DNS is

ierarchy of

wo or mored one or more

g thein.named

Sun Services



• The collection of networked systems threferred to as the DNS namespace.

• The DNS namespace is divided into a hdomains.

• Each domain is usually supported by tname servers, a master name server, anslave name servers.

• Each server implements DNS by runnindaemon.


S)

ed through thesers’ queries.

nd IP address

ult servicerocess if the

Sun Services



• On the client’s side, DNS is implementresolver. The resolver library resolves u

• The DNS name servers store the host ainformation in files called zone files.

• The svc:/network/dns/server:defastarts the DNS server during the boot pDNS server has been configured.


NIS)

s developedly different

s, IP addresses,

is referred to as

files called NIS

t many of the

Sun Services


Network Information Service (

• Network Information Service (NIS) waindependently of DNS and has a slightfocus.

• NIS stores information about host nameusers, groups, and others.

• This collection of network informationthe NIS namespace.

• NIS namespace information is stored inmaps.

• NIS maps were designed to supplemenUNIX /etc files.


NIS)

source files int you specify).

servers.cess the hostinistrative data

erarchy to storeis flat.

Sun Services



• NIS maps are database files created fromthe /etc directory (or in a directory tha

• By default, these maps are stored in the/var/yp/domainname directory on NIS

• NIS uses domains to define who can acnames, user information, and other admin its namespace.

• However, NIS does not use a domain hiits data. Therefore, the NIS namespace


NIS)

s to NIS clients.erver, and, forrver.g the ypserv

e ypbind

ult serviceocess.

Sun Services



• Replicated NIS servers provide service• The principal server is called a master s

reliability, it has a backup, or a slave se• Each server implements NIS by runnin

daemon.• All NIS clients and servers must run th

daemon.• The svc:/network/nis/server:defa

starts the NIS server during the boot pr


N (NIS+)

+) is similar to

about machineformation,es in central

tion is referred

d is similar in

Sun Services


etwork Information Service Plus

• Network Information Service Plus (NISNIS, but provides many more features.

• NIS+ enables you to store information addresses, security information, mail inEthernet interfaces, and network serviclocations.

• This configuration of network informato as the NIS+ namespace.

• The NIS+ namespace is hierarchical anstructure to the UNIX directory tree.


N (NIS+)

o multiplependently.and gain access+ namespace.erver, and thes.erver software,

es.

Sun Services



• An NIS+ namespace can be divided intdomains that can be administered inde

• NIS+ uses a client-server model to storeto the information contained in an NIS

• The principal server is called the root sbackup servers are called replica server

• Both root and replica servers run NIS+ sas well as maintain copies of NIS+ tabl


N (NIS+)

system toand its

ation to verifyon should be

ng the

ault servicee boot process.

Sun Services



• NIS+ includes a sophisticated security protect the structure of the namespace information.

• NIS+ uses authentication and authorizwhether a client’s request for informatifulfilled.

• Each server implements NIS+ by runnirpc.nisd daemon.

• The svc:/network/rpc/nisplus:defstarts the NIS+ name service during th


otocol

municate with

can be used on

client and

e Sun Java™

Sun Services


Lightweight Directory Access Pr(LDAP)

• LDAP is the protocol clients use to coma directory server.

• It is a vendor-independent protocol andcommon TCP/IP networks.

• The Solaris 10 OS comes with an LDAPLDAP server.

• The LDAP Directory Server is called thSystem Directory Server.


otocol

a Directory

or informationred on the

cture is similar

sition in this (DN).

Sun Services



• A directory server stores information inInformation Tree (DIT).

• Clients can query the directory server for make changes to the information stoserver.

• The hierarchy of the directory tree struto that of the UNIX file system.

• Entries are named according to their potree structure by a distinguished name


otocol

ame in UNIX. is similar to a

utes that have a

ames start withceed to the

Sun Services



• The DN is similar to an absolute path n• A Relative Distinguished Name (RDN)

relative path name in UNIX.• A directory entry is composed of attrib

type, and one or more values.• Similar to the DNS namespace, LDAP n

the least significant component and promost significant.


s which namermation, and ins resolved.switch.conf

the contents ofthe Solaris OS,

selected. a list ofn about IP

Sun Services


Name Service Switch File

• The name service switch file determineservices a system uses to search for infowhich order the name service request i

• All Solaris OS systems use the /etc/nsfile as the name service switch file.

• The nsswitch.conf file is loaded witha template file during the installation ofdepending on the name service that is

• The /etc/nsswitch.conf file includesdatabases that are sources of informatioaddresses, users, and groups.


o support the

Sun Services



• The following entries are from the/etc/nsswitch.conf file configured tNIS name service:...passwd: files nisgroup: files nis# consult /etc "files" only if nis is down.hosts: nis [NOTFOUND=return] files...networks: nis [NOTFOUND=return] filesprotocols: nis [NOTFOUND=return] filesrpc: nis [NOTFOUND=return] filesethers: nis [NOTFOUND=return] filesnetmasks: nis [NOTFOUND=return] filesbootparams: nis [NOTFOUND=return] filespublickey: nis [NOTFOUND=return] files...


tch.conf ared.

first listedthe next source.

Sun Services



• The information sources in/etc/nsswilisted in the order that they are searche

• Information sources• files

• nisplus

• nis

• dns

• ldap

• user

If two or more sources are listed, thesource is searched before moving to


attempt toollowing status

ssible:

Sun Services



• When a name service is referenced, thesearch this source can return one of the fcodes:• SUCCESS

• UNAVAIL

• NOTFOUND

• TRYAGAIN

• For each status code, two actions are po• return

• continue


ied, the defaulte next specified

Sun Services



• When the action is not explicitly specifaction is to continue the search using thinformation source, as follows:• SUCCESS = return

• UNAVAIL = continue

• NOTFOUND = continue

• TRYAGAIN = continue


ache

rovides a cacheequests.tiuser boot.file controls the

for the passwd,prof_attr,

Sun Services


Configuring the Name Service CDaemon (nscd)

• The nscd daemon• The nscddaemon is a process that p

for the most common name service r• The nscd daemon starts during mul• The /etc/nscd.conf configuration

behavior of the nscd daemon.• The nscd daemon provides caching

group, hosts, ipnodes, exec_attr,and user_attr databases.


ache

e configuration

and a value, orlue.ue is as follows:

name, and a

Sun Services



• Configuring the nscd daemon• The/etc/nscd.conffile contains th

information for the nscd daemon.• Each line specifies either an attribute

an attribute, a cache name, and a va• An example of an attribute and a val

logfile /var/adm/nscd.log

• An example of an attribute, a cache value is as follows:enable-cache hosts no


ache

ome out of dateces.emon to update

on.

aemon can be

default

Sun Services



• Stopping and starting the nscd daemon• The nscddaemon’s cache might bec

due to various abnormal circumstan• A common way to force the nscdda

its cache is to stop and start the daem• Restarting the nscd daemon

Clearing the cache by restarting the dhelpful in removing old cached data:# svcadm restart system/name-service-cache:


ation

ion sourcesnslookup,wever, the

by these

ng advantages:sources in the

ch file.e, the definede tested as they

Sun Services


Retrieving Name Service Inform

• The getent commandYou can query name service informatwith specific tools, such as the ypcat,niscat, and ldaplist commands. Honsswitch.conf file is not referencedcommands.The getent command has the followi• The getent searches the information

order listed in the name service swit• By using the name service switch fil

status message codes and actions arare currently configured.


ation

of entries fromby database.fied in theax is as

Sun Services


Retrieving Name Service Inform

• Using the getent commandThe getent command retrieves a listthe administrative database specifiedThe sources for the database are speci/etc/nsswitch.conf file. The syntfollows:getent database [key]...

Sun

System Administra

C Clients

Services


Module 13

onfiguring Name Service


Sun Services


Objectives

• Configure a DNS client• Configure an LDAP client


Na ame systembeg

Th llowing files:

Sun Services


Configuring a DNS Client

me resolution using the Internet domain nins with the client-side resolver.

e client resolver code is controlled by the fo

• /etc/resolv.conf

• /etc/nsswitch.conf


ring

Du laris 10 OSins

NS as the name

e DNS domain

nter the IPat the client will

Sun Services


Configuring the DNS Client DuInstallation

ring the system identification phase of a Sotallation, use the following:

• The Name Service window, to select Dservice

• The Domain Name window, to enter thname to which the client will belong

• The DNS Server Address window, to eaddresses of up to three DNS servers thuse for lookups


ring

Du laris 10 OSins

search suffixesare not fully

erify that you

Sun Services


Configuring the DNS Client DuInstallation

ring the system identification phase of a Sotallation, use the following:

• The DNS Search List window, to enter to supplement searches for names that qualified

• The Confirm Information window, to vhave provided accurate information


n Files

To s NIS or LDAP,you s.

onfigurationirectives

Sun Services


Editing DNS Client Configuratio

use DNS with another name service, such a must manually modify configuration file

• Editing the /etc/resolv.conf fileThe /etc/resolv.conf file contains cdirectives for the DNS resolver. The dinclude the following:• nameserver

• domain

• search


n Files

shows twodomain.

ppend to anyalified.

Sun Services



The following resolv.conf examplename servers for the suned.sun.comIt also specifies two domain names,training.sun.com and sun.com, to arequests received that are not fully qu# cat /etc/resolv.confnameserver 192.168.10.11nameserver 192.168.20.88domain suned.sun.com training.sun.com sun.com


n Files

o the

mbination with

entry.

Sun Services



• Copying the /etc/nsswitch.dns file t/etc/nsswitch.conf file• To configure a client to use DNS in co

the system’s local files, copy the/etc/nsswitch.dns file to the/etc/nsswitch.conf file.

• This action only changes the hosts


t

Na he LDAP nameser

An ry Server that isbu the network.

Sun Services


Setting Up an LDAP Clien

tive LDAP is the client implementation of tvice.

LDAP server, such as the Sun Java Directondled with the Solaris 10 OS, must exist on


An n LDAP server.

Th ng.

Aft rm operations,suc

Sun Services


Client Authentication

LDAP client must establish a session with a

is authentication process is known as bindi

er a client is authenticated, it can then perfoh as “search and modify,” on the data.


De what data theclie the LDAPser

To on for each andeve n the directoryser

Sun Services


Client Authentication

tails on how the client is authenticated andnt is authorized to access is maintained onver.

avoid having to re-enter the same informatiry client, a single client profile is created over.


unt

A s n parametersfor cess the LDAPdat

Cli

tion placeuration

A p lients to bind tothe

Sun Services


Client Profile and Proxy Acco

ingle client profile defines the configuratio a group of Solaris OS clients allowed to acabase.

ent profile:

• Contains the client’s credential informa• Describes how authentication is to take• Provides the client with various config

parameters

roxy account is created to allow multiple c server with the same access privileges.


created as partprocedures on

ault and theunder a special

zed, a copy ofrver and stored

Sun Services


Client Initialization

• The client profile and proxy account areof the Sun Java Directory Server setup the Solaris 10 OS.

• By default, the client profile named defproxy account proxyagent are createdprofile directory entry.

• When the Solaris LDAP client is initialithe client profile is retrieved from the seon disk.


uring

To llowing steps:

AP as the name

e domain name

profile name

t No.erify that you

Sun Services


Configuring the LDAP Client DInstallation

configure the LDAP client, complete the fo

• In the Name Service window, select LDservice.

• In the Domain Name window, enter thwhere the system is located.

• In the LDAP Profile window, enter theand server IP address.

• In the LDAP Proxy Bind window, selec• In the Confirm Information window, v

have provided accurate information.


lient

You e client systemon ent.

Th nt initialization:

d,dc=sun,dc=com\

Sun Services


Initializing the Native LDAP C

execute the ldapclient command on thce to initiate the client as a native LDAP cli

e following example describes a typical clie

# ldapclient init -a proxyPassword=proxy \-a proxyDN=cn=proxyagent,ou=profile,dc=sune-a domainname=suned.sun.com 192.168.0.100System successfully configured


C pFile toile

Du/et e/et

Sun Services


opying the /etc/nsswitch.ldathe /etc/nsswitch.conf F

ring LDAP client initialization, thec/nsswitch.ldap file is copied over to thc/nsswitch.conf file.


You minginf

Wi and returns allof .

Sun Services


Listing LDAP Entries

use the ldaplist command to list the naormation from the LDAP servers.

thout any arguments, the ldaplist commthe containers in the current search base DN


nt

To lientcom

Th he/va s/et

Sun Services


Unconfiguring an LDAP Clie

unconfigure an LDAP client, use the ldapcmand with the uninit option.

is command removes the client files from tr/ldap directory and restores the previouc/nsswitch.conf file.

# ldapclient uninitSystem successfully unconfigured

Sun

System Administra

Co ormation

Services


Module 14

nfiguring the Network InfService (NIS)


Sun Services


Objectives

• Describe NIS fundamentals• Configure the name service switch file• Describe NIS security• Configure an NIS domain• Build custom NIS maps• Troubleshoot NIS


NI at act as centralrep les found onUN

Th

ation filesinistration as

NI omains.

Wi erver, zero ormo

Sun Services


NIS Fundamentals

S facilitates the creation of server systems thositories for several of the administrative fiIX systems.

e benefits of NIS include the following:

• Centralized administration of configur• Better scaling of configuration file adm

networks grow

S is organized into named administrative d

thin each domain there is one NIS master sre slave servers, and one or more clients.


n

NI their IPadd

NI figuration filestha

NI name directoryon

Sun Services


NIS Namespace Informatio

S stores information about host names andresses, users, groups, and others.

S maps can replace or be used with the cont exist on each UNIX system.

S maps are located in the/var/yp/domain NIS servers.


s

Eac

Th ookup in thema after asuc

For , the NIS mapfile

e.pag filee.dir filer.pag filer.dir file

Sun Services


Map Contents and Sort Key

h map contains a key and value pair.

e key represents data used to perform the lp, while the value represents data returnedcessful lookup.

example, for the domain name trainings list for the hosts map are as follows:

• The /var/yp/training/hosts.bynam• The /var/yp/training/hosts.bynam• The /var/yp/training/hosts.byadd• The /var/yp/training/hosts.byadd


You

e/usera:/bin/ksh

Sun Services


Commands to Read Maps

can use two commands to read maps:

• ypcat [ -k ] mname

• ypmatch [ -k ] value mname# ypcat hosts192.168.30.30 instructor instructor. loghost192.168.30.30 instructor instructor. loghost127.0.0.1 localhost...

# ypmatch sys44 hostssys44: 192.168.30.44 sys44 loghost# ypmatch usera passwdusera: usera:LojyTdiQev5i2:3001:10::/export/hom


An terconnectingnet inistrativeaut

Eac

Sun Services


NIS Domains

NIS domain is a collection of hosts and inworks that are organized into a single admhority.

h NIS domain contains:

• One NIS master server• NIS slave servers (optional)• NIS clients


Wi s the followingcha

used to build

the ASCII filese entire NIS

Sun Services


NIS Master Server

thin each domain, the NIS master server haracteristics:

• Contains the original source ASCII filesthe NIS maps

• Contains the NIS maps generated from• Provides a single point-of-control for th

domain


Wi e the followingcha

II files used to

from the NIS

tionilures

s

Sun Services


NIS Slave Servers

thin each domain, the NIS slave servers havracteristics:

• Do not contain the original source ASCbuild the NIS maps

• Contain copies of the NIS maps copiedmaster server

• Provide a backup for NIS map informa• Provide redundancy in case of server fa• Provide load sharing on large network


Wi followingcha

II files used to

erver to obtaination contained

n case of server

e of NIS

Sun Services


NIS Clients

thin each domain, the NIS clients have the racteristics:

• Do not contain the original source ASCbuild the NIS maps

• Do not contain any NIS maps• Bind to the master server or to a slave s

access to the administrative file informin that server’s NIS maps

• Dynamically rebind to another server ifailure

• Make all appropriate system calls awar


Th an NIS domainare

Sun Services


NIS Processes

e main daemons involved in the running of as follows:

• The ypserv daemon• The ypbind daemon• The rpc.yppasswdd daemon• The ypxfrd daemon• The rpc.ypupdated daemon


witch

Wh ing installation,the ads into thedef

to NISfollowing form

en NIS:

to filesfollowing form

en files:

Sun Services


Configuring the Name Service S

en you select NIS as the name service dur/etc/nsswitch.nis configuration file loault /etc/nsswitch.conf file.

• Changing lookup requests to go from filesEntries in /etc/nsswitch.conf with thecause requests to search files first, and thpasswd: files nis

• Changing lookup requests to go from NIS Entries in /etc/nsswitch.conf with thecause requests to search NIS first, and thhosts: nis [NOTFOUND=return] files


Jus re manageable,it c

Tw re using thesec ost or to asub file to limitacc network.

Sun Services


NIS Security

t as NIS makes the network information moan also create inadvertent security holes.

o methods of closing these security holes aurenets file to restrict access to a single hnetwork, and using the passwd.adjunct ess to the password information across the


n

To les.

You y on the masterser

Do ry, because thecon contents of theloc ver.

Th and/et

Sun Services


Configuring an NIS Domai

generate NIS maps, you need the source fi

can find source files in the /etc directorver.

not keep the source files in the /etcdirectotents of the maps are then the same as the

al files that control access to the master ser

is is a special problem for the /etc/passwdc/shadow files.


n

ectory, modify

our-choice

our-choice

etc/services

the the original

Sun Services


Configuring an NIS Domai

• To locate the source files in another dirthe /var/yp/Makefile file:• Change the INETDIR line to DIR=/y• Change the DIR=/etc line to DIR=/y• Change the PWDIR=/etc line to

PWDIR=/your-choice

• Copy files from /etc, /etc/inet, and /to DIR=/your-choice

• Before you make any modifications to /var/yp/Makefile file, save a copy ofMakefile file.


Th nit, and themak

Th kefile file forsou ce files into NISma

For zed root access,the uld not containan

To ative directory,and file.

Sun Services


Generating NIS Maps

e NIS configuration script, /usr/sbin/ypie utility generate NIS maps.

e ypinit command reads the /var/yp/Marce file locations, and converts ASCII sourps.

security reasons and to prevent unauthorifiles that build the NIS password maps shoentry for the root user.

make sure of this, copy the files to an altern modify the PWDIR entry in the Makefile


irectory on thed into another

NIS domain

ke, which usesp directory.

Sun Services


Locating Source Files

• The source files are located in the /etcdmaster server, but the files can be copiedirectory, such as /etc/yp_dir.

• The /etc/defaultdomain file sets the name during system boot.

• The ypinit script calls the program mathe Makefile file located in the /var/y


irectory namedinname

aps.irectory

ames of the NIS stored.ntains thetop and start

Sun Services


Locating Source Files

• The /var/yp directory contains a subdafter the NIS domain name. This domadirectory is the repository for the NIS m

• The /var/yp/binding/domainname dcontains theypservers file where the nmaster server and NIS slave servers are

• The /usr/lib/netsvc/yp directory coypstop and ypstart commands that sNIS services, respectively.


to NIS

To orm thefol

# /

Th er machines tobec

Sun Services


Converting ASCII Source Files InMaps

build new maps on the master server, perflowing command:

usr/sbin/ypinit -m

e ypinit command prompts for a list of othome NIS slave servers.


rver

To complete thefol

twork domain

the local NIS

at contains the

Sun Services


Configuring the NIS Master Se

set up the NIS name service master server,lowing steps:

1. Determine which machines on your newill be NIS servers.

2. Choose an NIS domain name.3. Use the domainname command to set

domain.4. Create an /etc/defaultdomain file th

domain name.


rver

e touchith the/bootparams,netgroup, and

e /var/yphe system thatserver.ile, and makework.

Sun Services



5. If the files do not already exist, use thcommand to create zero-length files wfollowing names: /etc/ethers, /etc/etc/locale, /etc/timezone, /etc//etc/netmasks.

6. Install an updated Makefile file in thdirectory if you intend to use NIS on tfunctions as your JumpStart software

7. Create or populate the /etc/locale fan entry for each domain on your net


rver

he local /etc

r a list of slaveur list, press

rminate it on

the

erver with the

ault

Sun Services



8. Initialize the master server by using tfiles. Enter the ypinit -m command.a. When the program prompts you fo

servers, and after you complete yoControl-D.

b. The program asks if you want to tethe first fatal error.

9. Copy the /etc/nsswitch.nis file to/etc/nsswitch.conf file.

10.Start the NIS daemons on the master sfollowing command:# svcadm enable svc:/network/nis/server:def


Th n use to obtaininf .

Th as follows:

Sun Services


Testing the NIS Service

ere are a number of commands that you caormation from and about the NIS database

e most commonly used NIS commands are

• ypcat

• ypmatch

• ypwhich


t

To wing steps:

re that the NISve been

e command to

domain file

Sun Services


Configuring the NIS Clien

configure the NIS client, complete the follo

1. Edit the /etc/inet/hosts file to ensumaster server and all slave servers hadefined.

2. Execute the domainname domainnamset the local NIS domain.

3. Create or populate the /etc/defaultwith the domain name.


t

t, perform the

ist of NISaster and all

the

d:nis/

Sun Services


Configuring the NIS Clien

4. To initialize the system as an NIS clienfollowing command:# ypinit -c

5. When the system prompts you for a lservers, enter the names of the NIS mslave servers.


7. Start NIS with the following comman# svcadm enable svc:/network/client:default


rver

To following stepson he slave server:

re that the NISve been

e command to

domain file

Sun Services


Configuring the NIS Slave Se

configure an NIS slave server, complete the the system that you want to designate as t

1. Edit the /etc/inet/hosts file to ensumaster server and all slave servers hadefined.

2. Execute the domainname domainnamset the local NIS domain.

3. Create or populate the /etc/defaultwith the domain name.


rver

t, perform the

NIS servers,the name of

servers on the

the

erv process is

Sun Services



4. To initialize the system as an NIS clienfollowing command:# ypinit -c

5. When the system prompts for a list ofenter the NIS master host followed bythe local host and all other NIS slavelocal network.


7. On the NIS master, ensure that the ypsrunning.


rver

art the ypbind

ault

y performing

the slaveing command:fault

starts the

ault

Sun Services



8. On the proposed NIS slave system, stdaemon.# svcadm enable svc:/network/nis/client:def

9. Initialize the system as an NIS slave bthe following command:# ypinit -s master

10.Before starting the ypserv daemon onserver, stop the client with the follow# svcadm disable svc:/network/nis/client:de

11. When the NIS server is started, it alsoypbind client daemon.# svcadm enable svc:/network/nis/server:def


Bec must updateyou he masterser

irectory.

the make

Sun Services


Updating the NIS Map

ause database files change with time, you r NIS maps. To update the NIS maps (on t

ver), complete the following steps:

1. Update the text files in your source d2. Change to the /var/yp directory.

# cd /var/yp

3. Refresh the NIS database maps usingutility.# /usr/ccs/bin/make

Sun

System Administra

s

Services


Module 15

Introduction to Zone


ning is used

d zones

Sun Services


Objectives

• Identify the different zones features• Understand how and why zone partitio• Configure zones• Install zones• Boot zones• Administer packages with zones• Upgrade the Solaris 10 OS with installe


Sol rtitioning of aSol the operatingsys ce, allocatedres

Zo es that look likedif ations.

Sol systemres

Eac e system space,and processes.

Sun Services


Solaris Zones

aris zones technology enables software paaris 10 OS to support multiple instances oftem services with independent process spaources, and users.

nes provide virtual operating system servicferent Solaris instances to users and applic

aris zones allow administrators to dedicateources to individual zones.

h zone exists with separate process and fil can only monitor and interact with local


Sun Services


Zone Features

• Security• Isolation• Virtualization• Granularity• Transparency


Th pes of zones:

Sun Services


Zone Types

e Solaris Operating System supports two ty

• Global• Non-global


Ev

Th

inistrative

Th non-globalzon r uninstalled.

Th n of the Solarissys

Sun Services


Global Zones

ery Solaris system contains a global zone.

e global zone has two functions:

• It is the default zone for the system.• It is the zone used for system-wide adm

control.

e global zone is the only zone from which ae can be configured, installed, managed, o

e global zone contains a complete installatiotem software packages.


Eac ed a zone name.

Th l. Non-globalzon

Th obal zone.

Th -global zoneswh

Sun Services


Global Zones

h zone, including the global zone, is assign

e global zone always uses the name globaes must have user-defined names.

e system always assigns zone ID 0 to the gl

e system assigns non-zero zone IDs to nonen they boot.


No of the completeSol

Th es shared fromthe are packagesno

No olaris kernelboo

No r zones exist.

Sun Services


Non-Global Zones

n-global zones contain an installed subsetaris Operating System software packages.

ey can also contain Solaris software packag global zone and additional installed softw

t shared from the global zone.

n-global zones share operation under the Sted from the global zone.

n-global zones are not aware that any othe


Th operation,zon

Th for managingthe

Th ollowing:

ownzsched system

d in the zone

Sun Services


Zone Daemons

e system uses two daemons to control zoneeadmd and zsched.

e zoneadmd daemon is the primary process zone’s virtual platform.

e zoneadmd daemon is responsible for the f

• Managing zone booting and shutting d• Allocating the zone ID and starting the

process• Setting zone-wide resource controls• Preparing the zone’s devices as specifie

configuration


Th the following:

ile systems

Th

nel process,

ubsystem to

f the zone are

Sun Services


Zone Daemons

e zoneadmd daemon is also responsible for

• Plumbing virtual network interfaces• Mounting loopback and conventional f

e zsched process involves the following:

• Every active zone has an associated kerzsched.

• The zsched process enables the zones skeep track of per-zone kernel threads.

• Kernel threads doing work on behalf oowned by zsched.


Th system space inno he whole rootmo

Sun Services


Zone File Systems

ere are two models for populating root filen-global zones, the sparse root model and tdel.


imal number of initialize a

a non-globaled through

the directoriesare mounted in

Sun Services


Zone File Systems

• Sparse root model• The sparse root model installs a min

files from the global zone when younon-global zone.

• Files that need to be shared betweenzone and the global zone are mountread-only loopback file systems.

• By default, in the sparse root model,/lib, /platform, /sbin, and /usr this manner.


maximum

optional Solarise file systems of

l arey the packages.

Sun Services


Zone File Systems

• Whole root model• The whole root model provides the

configurability.• All of the required and any selected

packages are installed into the privatthe zone.

• The disk requirements for this modedetermined by the disk space used bcurrently installed in the global zone


ork IP addresses.ical networky using the

terface in the’s logical

igned the next, ce0:3.

Sun Services


Zone Networking

• Each non-global zone that requires netwconnectivity has one or more dedicated

• These addresses are associated with loginterfaces that can be placed in a zone bifconfig command.

• For example, if the primary network inglobal zone is ce0, then the non-globalnetwork interface might be ce0:1.

• Logical interfaces are automatically assavailable identifier, for example, ce0:2


As nto operation,use that thezon ges.

Th zone states:

Sun Services


Zone States

you configure a non-global zone, bring it i the zone, reboot, or shut it down, the stateeadm command reports for that zone chan

e zoneadm command reports the following

• Undefined• Configured• Incomplete• Installed• Ready• Running• Shutting down and Down


Co llowing tasks:

ake up the zone command

ed zone

Sun Services


Configuring Zones

nfiguring a zone requires completing the fo

• Identifying the components that will m• Configuring the zone with the zonecfg• Verifying and committing the configur


ts

Wh you mustcon one’scon following:

Sun Services


Identifying Zone Componen

en planning zones for your environment, sider the components that make up each zfiguration. These components include the

• A zone name• A path to the zone’s root• The zone network interfaces• The file systems mounted in zones• The configured devices in zones


e

Th n be consumedby

Th bal zone affectsthe s that arecre

bytes of freee sparse root

talled in theal zones.

Sun Services


Allocating File System Spac

ere are no limits on how much disk space caa zone.

e nature of the packages installed in the glo space requirements of the non-global zoneated.

• As a general guideline, about 100 megadisk space per non-global zone using thmodel is required.

• By default, any additional packages insglobal zone also populate the non-glob


nd

You h zonecfg:

ration.onfiguration.ded to a

cular

.

ion.

Sun Services


Using the zonecfgComma

can perform the following operations wit

• You can create or delete a zone configu• You can add resources to a particular c• You can set properties for resources ad

configuration.• You can remove resources from a parti

configuration.• You can query or verify a configuration• You can commit to a configuration.• You can revert to a previous configurat


nd

utilizes the

mpt changes to

mmands tot the scope

se the scope to

Sun Services


Using the zonecfgComma

• To simplify the user interface, zonecfgconcept of a scope.

• The default scope is global.• The zonecfg interactive command pro

reflect the current scope.• You can use the add and select subco

select a specific resource, at which poinchanges to that resource.

• The end and cancel subcommands caurevert to global.


s

ity are used to

ope is global or

demonstratedugh” section,

Sun Services


The zonecfgSubcommand

• Subcommands within the zonecfg utilconfigure and provision zones.

• The zonecfg prompt indicates if the scis confined to a particular resource.Note: The zonecfg subcommands arein the “Zone Configuration Walk-Throlater in this module.


eters

Re lude thefol

Sun Services


The zonecfgResource Param

source types within the zonecfg utility inclowing:

• zonename• zonepath• autoboot• pool• fs• inherit-pkg-dir• net• device• rctl• attr


eters

Par clude thefol

Sun Services


The zonecfgResource Param

ameters associated with the fs resource inlowing:

• dir

• special

• raw

• type

• options


ugh

To system as rootor user.

Th g a zone namedwor

k-zone

c0t0d0s7

Sun Services


Zone Configuration Walk-Thro

create a zone, you must log in to the globala role-based access control (RBAC)-allowed

e following shows an example of configurink-zone:

1 global# zonecfg -z work-zone2 zonecfg:work-zone> create3 zonecfg:work-zone> set zonepath=/export/wor4 zonecfg:work-zone> set autoboot=true5 zonecfg:work-zone> set pool=pool_default6 zonecfg:work-zone> add fs7 zonecfg:work-zone:fs> set dir=/mnt8 zonecfg:work-zone:fs> set special=/dev/dsk/


ugh

0d0s7

]

/opt/sfw

.0.1

ound/*

Sun Services



9 zonecfg:work-zone:fs> set raw=/dev/rdsk/c0t10 zonecfg:work-zone:fs> set type=ufs11 zonecfg:work-zone:fs> add options [logging12 zonecfg:work-zone:fs> end13 zonecfg:work-zone> add inherit-pkg-dir14 zonecfg:work-zone:inherit-pkg-dir> set dir=15 zonecfg:work-zone:inherit-pkg-dir> end16 zonecfg:work-zone> add net17 zonecfg:work-zone:net> set physical=ce018 zonecfg:work-zone:net> set address=192.16819 zonecfg:work-zone:net> end20 zonecfg:work-zone> add device21 zonecfg:work-zone:device> set match=/dev/s


ugh

k zone."

Sun Services



22 zonecfg:work-zone:device> end28 zonecfg:work-zone:attr> set name=comment29 zonecfg:work-zone:attr> set type=string30 zonecfg:work-zone:attr> set value="The wor31 zonecfg:work-zone:attr> end32 zonecfg:work-zone> verify33 zonecfg:work-zone> commit34 zonecfg:work-zone> exit


ion

You e zonecon

Sun Services


Viewing the Zone Configurat

can use the zonecfg command to view thfiguration.

# zonecfg -z work-zone infozonepath: /export/work-zoneautoboot: truepool: pool_defaultinherit-pkg-dir:

dir: /libinherit-pkg-dir:

dir: /platforminherit-pkg-dir:

dir: /sbininherit-pkg-dir:

dir: /usr...


nd

Th d to install andadm

Op t be run fromthe

Sun Services


Using the zoneadmComma

e zoneadm command is the primary tool useinister non-global zones.

erations using the zoneadm command mus global zone.


nd

Th he zoneadmcom

one

Sun Services



e following tasks can be performed using tmand:

• Verify a zone’s configuration• Install a zone• Boot a zone• Reboot a zone• Display information about a running z• Uninstall a zone


nd

all it. If youperformed

ne.

t be verified. Whenport/work-zone, and: the parentable ornes.

Sun Services



• Verifying a configured zoneYou can verify a zone before you instskip this procedure, the verification isautomatically when you install the zoglobal# zoneadm -z work-zone verifyWarning: /export/work-zone does not exist, so it cannozoneadm install is run, install will try to create /exverify will be tried again, but the verify may fail ifdirectory of /export/work-zone is group- or other-writ/export/work-zone overlaps with any other installed zo


nd

install.

te.

running state.

Sun Services



• Installing a configured zoneYou use the zoneadm -z zone_namecommand to install a non-global zoneglobal# zoneadm -z work-zone install

Zone installation takes time to comple• Booting a zone

Booting a zone places the zone in theglobal# zoneadm -z work-zone bootglobal# zoneadm list -vID NAME STATE PATH0 global running /1 work-zone running /export/work-zone


nd

to remove bothirtual platform

ed to reboot a

Sun Services



• Halting a zoneThe zoneadm halt command is usedthe application environment and the vfor a zone.global# zoneadm -z work-zone haltglobal# zoneadm list -vID NAME STATE PATH0 global running /- work-zone installed /export/work-zone

• Rebooting a zoneThe zoneadm reboot command is uszone.global# zoneadm -z work-zone reboot


nd

me, it istual consoleification before

option.

zone’s virtualcess starts

terminates the

Sun Services



• Logging in to the zone consoleAfter you boot the zone for the first tiimportant to connect to the zone’s virand complete the zone’s system identyou can begin using the zone.Use the zlogin command with the -Cglobal# zlogin -C work-zone

The first time that you connect to theconsole, the system identification proautomatically.The ~. (tilde dot) character sequenceconsole connection.


nd

ves a zone:

ne (y/[n])? y

(y/[n])? y

Sun Services



• Deleting a zoneThe following zoneadm example remo# zoneadm list -cp0:global:running:/3:work-zone:running:/export/work-zone# zoneadm -z work-zone halt# zoneadm list -cp0:global:running:/-:work-zone:installed:/zones/work-zone# zoneadm -z work-zone uninstallAre you sure you want to uninstall zone work-zo# zoneadm list -cp0:global:running:/-:work-zone:configured:/export/work-zone# zonecfg -z work-zone deleteAre you sure you want to delete zone work-zone # zoneadm list -cp0:global:running:/


s

Th ls, for example,pkg ckages in thezon

Pac for a packagecon inister thepac

Cu ow packagesare

Sun Services


Installing Packages in Zone

e standard Solaris package management tooadd and pkgrm, are used to administer paes environment.

kage parameters listed in the pkginfo filetrol how the Solaris package tools can admkage.

rrently, three package parameters control h administered. They are as follows:

• SUNW_PKG_ALLZONES

• SUNW_PKG_HOLLOW

• SUNW_PKG_THISZONE


s

You e pkgparamcom

Sun Services



can list parameters for packages using thmand.

# pkgparam -v SUNWzoneuCLASSES='none'BASEDIR='/'LANG='C'(output omitted)EMAIL=''SUNW_PKGVERS='1.0'SUNW_PKG_ALLZONES='true'SUNW_PKG_HOLLOW='false'PSTAMP='gaget20050121155950'PKGINST='SUNWzoneu'PKGSAV='/var/sadm/pkg/SUNWzoneu/save'INSTDATE='Jan 26 2005 10:21'


s

causes pkgaddly.al zoned in the globaly non-globalording to the

l zones

Sun Services



• The -G option to the pkgadd commandto add a package to the current zone on

• Package operations possible in the globIf the package is not currently installezone and not currently installed in anzone, the package can be installed accfollowing guidelines:• Only in the global zone, if

SUNW_PKG_ALLZONES=false

• In the global zone and all non-globa


s

If t al zone only, thefol

-global zones.global zone.

Sun Services



he package is currently installed in the globlowing guidelines apply:

• The package can be installed in all non• The package can be removed from the


s

If a l zone andcur -global zones,the

lse.-global zones.ne are updated

global zone.lobal zone and

Sun Services



package is currently installed in the globarently installed in only a subset of the non following guidelines apply:

• SUNW_PKG_ALLZONES must be set to fa• The package can be installed in all non

Existing instances in any non-global zoto the revision being installed.

• The package can be removed from the • The package can be removed from the g

from all non-global zones.


s

If a l zone andcur package can berem n-global zones.

Th

zone are eithertalled in the

l zone and alsosame across all

Sun Services



package is currently installed in the globarently installed in all non-global zones, theoved from the global zone and from all no

ese rules ensure the following:

• Packages that are installed in the globalinstalled in the global zone only, or insglobal zone and all non-global zones.

• Packages that are installed in the globainstalled in any non-global zone are thezones.


s

the non-global if

non-global

e existing

he non-globalalse.

Sun Services



• If a package is not currently installed inzone, the package can be installed onlySUNW_PKG_ALLZONES=false.

• If a package is currently installed in thezone, the following guidelines apply:• The package can be installed over th

instance of the package only ifSUNW_PKG_ALLZONES=false.

• The package can be removed from tzone only if SUNW_PKG_ALLZONES=f


stalled

Th olaris 10 01/06is n There are threeop

d reinstall the

stall, with the

te 01/06 tos.

Sun Services


Upgrading Solaris 10 OS With InNon-Global Zones

e normal upgrade path from Solaris 10 to Sot available if installed zones are present.

tions:

• Uninstall the zones, upgrade the OS, anzones.

• Reinstall the entire OS from an initial inloss of existing zones configuration.

• Use the new features of Solaris 10 updaupgrade the OS and any installed zone


rt

update 01/06

k installation

Sun Services


Solaris Install Media Suppo

• The new upgrade method for Solaris 10is only available on the DVD media.

• If no DVD reader is available, a networmust be used.


S

de continues

Sun Services


Upgrading the Solaris 10 O

• Boot the system to be installed.ok boot net - install

• Select Standard install.• Choose Upgrade option.• If installed zones are present, the upgra

with the new method.


de Solaris 10

sed:

cause jumpstart

kage, patch

Sun Services


Using Custom Jumpstart

• Custom jumpstart can be used to upgraupdate 01/06 with installed zones.

• Only two profile keywords should be u• install_type

• root_device

• Other keywords will be ignored or willto fail.• Ignored: cluster, geo, locale, pac• Causes failure: backup_media,

layout_constraint

Sun

System Administra Revision A

Int System

Services


Module 16

roduction to the ZFS File


Sun Services

Administration for the Solaris™ 10 Operating System, Part 2ht 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A

Objectives

• Describe the Solaris ZFS file system• Create new ZFS pools and file systems• Modify ZFS file system properties• Mount and unmount ZFS file systems• Destroy ZFS pools and file systems• Work with ZFS snapshots and Clones• Use ZFS datasets with Solaris Zones


pools.

entirely

ed, andeplicated data.

llowing for 256

Sun Services


What Is Solaris ZFS?

• ZFS Pooled StorageZFS aggregates devices into storage

• Transactional SemanticsAny sequence of operations is eithercommitted or entirely ignored.

• Checksums and Self-Healing DataAll data and metadata is checksummdetected errors are corrected using r

• Unparalleled ScalabilitySolaris ZFS is a 128-bit file system, aquadrillion zettabytes of storage.


of file systemsspace in a pool.

uses anorts file systemmount points.

Sun Services


What Is ZFS?

• ZFS SnapshotsZFS snapshots are read-only copies that initially consume no additional

• Simplified AdministrationZFS uses a simplified command set,hierarchical file system layout, suppproperty inheritance and automatic


n a file system

nts are identical

ng ZFS entities:mes.tandard POSIX

ntical copies of

Sun Services


ZFS Terminology

• checksum - A 256-bit hash of the data iblock.

• clone - A file system whose initial conteto the contents of a snapshot.

• dataset - A generic name for the followiclones, file systems, snapshots, or volu

• file system - A dataset that contains a sfile system.

• mirror - A virtual device that stores idedata on two or more disks.


bing the layoutable storage.ata and parity

data from onesilvering.ystem or

l, which can beof devices.hysical device.

Sun Services


ZFS Terminology (cont.)

• pool - A logical group of devices descriand physical characteristics of the avail

• RAID-Z - A virtual device that stores don multiple disks, similar to RAID-5.

• resilvering -The process of transferringdevice to another device is known as re

• snapshot - A read-only image of a file svolume at a given point in time.

• virtual device - A logical device in a pooa physical device, a file, or a collection

• volume - A dataset used to emulate a p


ements

Em

Eac ric characters inadd ers:

Sun Services


ZFS Component Naming Requir

pty components are not allowed.

h component can only contain alphanumeition to the following four special charact

• Underscore (_)• Hyphen (-)• Colon (:)• Period (.)


ements

Po t the beginningseq ool names thatbeg llowed as thesenam

Da eric character.

Sun Services


ZFS Component Naming Requir(cont.)

ol names must begin with a letter, except thauence c[0-9] is not allowed. In addition, pin withmirror,raidz, orspare are not ae are reserved.

taset names must begin with an alphanum


ZF irements

A S Solaris 10 6/06rel

Th nimum amountof proximately 64Mb

For or more ofme

If y ultiplecon

Sun Services


S Hardware and Software Requand Recommendations

PARC® or x86 system that is running the ease.

e minimum disk size is 128 Mbytes. The midisk space required for a storage pool is apytes.

good ZFS performance, at least one Gbytemory is recommended.

ou create a mirrored disk configuration, mtrollers are recommended.


s

On mber ofcom m.

Wh stem is createdand

Wi e additional filesys

In te and organizea h organizationalnee

Sun Services


Creating ZFS File System

e goal of the ZFS design is to reduce the numands needed to create a usable file syste

en you create a new pool, a new ZFS file sy mounted automatically.

thin a pool, you will probably want to creattems.

most cases, you will probably want to creaierarchy of file systems that matches your ds.


Pool

Us

Ph east 128 Mbytesin s

Typ ible to thesys

A s 0) or anind

Th e an entire disk.

ZF rage pool withwh

Sun Services


Components of a ZFS Storage

ing Disks in a ZFS Storage Pool

ysical storage can be any block device of at lize.

ically, this device is a hard drive that is vistem in the /dev/dsk directory.

torage device can be a whole disk (c1t0dividual slice (c0t0d0s7).

e recommended mode of operation is to us

S applies an EFI label when you create a stoole disks.


C ol (cont.)

Us )

Dis path, such as/d

For es:

ZF isks.

Sun Services


omponents of a ZFS Storage Po

ing Disks in a ZFS Storage Pool (continued

ks can be specified by using either the fullev/dsk/c1t0d0, or a shorthand name.

example, the following are valid disk nam

• c1t0d0

• /dev/dsk/c1t0d0

• c0t0d6s2

S works best when given whole physical d


C ol (cont.)

Us

ZF devices in yoursto

Th nabling simpleexp

Th underlying filesys

All nd must be atlea

Sun Services



ing Files in a ZFS Storage Pool

S also allows you to use UFS files as virtualrage pool.

is feature is aimed primarily at testing and eerimentation, not for production use.

e reason is that any use of files relies on thetem for consistency.

files must be specified as complete paths ast 128 Mbytes in size.


C ol (cont.)

ZF es, or files.

Sun Services



S pools can consist of whole disks, disk slic

Pool

Whole disk(preferred)

Disk sliceFile

(for test only)


C ol (cont.)

Vir

Eac virtual devices.

Tw undancy:mi tual devicescon

Dis ls outside ofmi as top-levelvir

Sto evel virtualdev all of the top-lev

Sun Services



tual Devices in a Storage Pool

h storage pool is comprised of one or more

o top-level virtual devices provide data redrror and RAID-Z virtual devices. These virsist of disks, disk slices, or files.

ks, disk slices, or files that are used in poorrors and RAID-Z virtual devices, functiontual devices themselves.

rage pools typically contain multiple top-lices. ZFS dynamically stripes data among

el virtual devices in a pool.


C ol (cont.)

A Z l devicespro

Sun Services



FS pool that uses disks as top level virtuavides no data replication.

36 3636

0101010

Data

01010

00101 011100010

36 36 36

Stripe 1 Stripe 3

Stripe 2


R age Pool

Mir

A m s at least twodis

You ool.

A s similar to thefol

A m ld look similarto t

5t0d0 c6t0d0

Sun Services


eplication Features of a ZFS Stor

rored Storage Pool Configuration

irrored storage pool configuration requireks, preferably on separate controllers.

can create more than one mirror in each p

imple mirrored configuration would look lowing:

mirror c1t0d0 c2t0d0

ore complex mirrored configuration wouhe following:

mirror c1t0d0 c2t0d0 c3t0d0 mirror c4t0d0 c


R ge Pool

ZF n a pool, anddat

Sun Services


eplication Features of a ZFS Stora(cont.)

S stripes data among mirror virtual devices ia is replicated within each mirror.

Data

01010

00101 011100010Stripe 1 Stripe 2

Mirror device Mirror device

36 36 36 36


R age Pool

RA

RA

In ipes so that allwr

You figuration.

Co ee disks wouldloo

Sun Services


eplication Features of a ZFS Stor(cont.)

ID-Z Storage Pool Configuration

ID-Z is similar to RAID-5.

RAID-Z, ZFS uses variable-width RAID strites are full-stripe writes.

need at least two disks for a RAID-Z con

nceptually, RAID-Z configuration with thrk similar to the following:

raidz c1t0d0 c2t0d0 c3t0d0


R age Pool

RA d)

A m ation wouldloo

t0d0 c7t0d0 raidzd0 c14t0d0

If y ith many disks,as ith 14 disks isbet

RA pings of diskssho

Sun Services



ID-Z Storage Pool Configuration (continue

ore complex conceptual RAID-Z configurk similar to the following:

raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 c5t0d0 c6c8t0d0 c9t0d0 c10t0d0 c11t0d0 c12t0d0 c13t0

ou are creating a RAID-Z configuration win this example, a RAID-Z configuration wter split into a two 7-disk groupings.

ID-Z configurations with single-digit grouuld perform better.


R age Pool

ZF Z devices.

Sun Services



S uses variable width stripes within RAID-

36 3636

0101010

Data

RAID-Z device


R age Pool

Sel

ZFS r RAID-Zcon

Wh ZFS fetch thecor o repairs the baddat

Dy

For FS dynamicallystri

No e.

Sun Services



f-Healing Data in a Replicated Configuration

provides for self-healing data in a mirrored ofiguration.

en a bad data block is detected, not only does rect data from another replicated copy, but it alsa by replacing it with the good copy.

namic Striping in a Storage Pool

each virtual device that is added to the pool, Zpes data across all available devices.

fixed width stripes are created at allocation tim


R age Pool

ZF l devices in apo

ID-Z device

Sun Services



S dynamically stripes data across all virtuaol.

Data

01010

00101 011100010Stripe 1 Stripe 2

RAID-Z device RA


R age Pool

Dy )

Wh S graduallyallo aintainper

Wh s of virtualdev notrec

Sun Services



namic Striping in a Storage Pool (continued

en virtual devices are added to a pool, ZFcates data to the new device in order to mformance and space allocation policies.

ile ZFS supports combining different typeices within the same pool, this practice is

ommended.


Cr ge Pools

By st and easy.Ho ations.

Cre

To te command.Th mber of virtualdev

Cre

Th med tank thatcon

Sun Services


eating and Destroying ZFS Stora

design, creating and destroying pools is fawever, be cautious when doing these oper

ating a ZFS Storage Pool

create a storage pool, use the zpool creais command takes a pool name and any nuices as arguments.

ating a Basic Storage Pool

e following command creates a new pool nasists of the disks c1t0d0 and c1t1d0:

# zpool create tank c1t0d0 c1t1d0


Cr ge Pools

Cre

To word, followedby mprise themi

c3d0 c4d0

Cre l

Cre g a mirroredpo instead ofmi

/dev/dsk/c5t0d0

Sun Services


eating and Destroying ZFS Stora(cont.)

ating a Mirrored Storage Pool

create a mirrored pool, use the mirror keyany number of storage devices that will corror.

# zpool create tank mirror c1d0 c2d0 mirror

ating a Single-Parity RAID-Z Storage Poo

ating a RAID-Z pool is identical to creatinol, except that the raidz keyword is used rror.

# zpool create tank raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0


Cr ge Pools

Cre l

You uration byusi created. Forexa

Sun Services



ating a Double-Parity RAID-Z Storage Poo

can create a double-parity RAID-Z configng the raidz2 keyword when the pool is mple:

# zpool create tank raidz2 c1t0d0 c2t0d0 c3t0d0


Cr ge Pools

De

Bef the disk is in useby .

If t he following:

wapl ’zeepool’

Som on, but most errorscan

Sun Services



tecting in Use Devices

ore formatting a device, ZFS first determines ifZFS or some other part of the operating system

he disk is in use, you might see errors such as t

# zpool create tank c1t0d0 c1t1d0invalid vdev specificationuse ’-f’ to override the following errors:/dev/dsk/c1t0d0s0 is currently mounted on //dev/dsk/c1t0d0s1 is currently mounted on s/dev/dsk/c1t1d0s0 is part of active ZFS pooPlease see zpool(1M)

e of these errors can be overridden by using the -f optinot.


Cr ge Pools

Mis

Cre t replicationlev

Th m accidentallycre evels.

Do

Th ption simulatescre a to disk.

Sun Services



matched Replication Levels

ating pools with virtual devices of differenels is not recommended.

e zpool command tries to prevent you froating a pool with mismatched replication l

ing a Dry Run of Storage Pool Creation

e zpool create command with the -n oating the pool without actually writing dat


Cr ge Pools

De

Po roy command.

Sun Services



stroying ZFS Storage Pools

ols are destroyed by using the zpool dest

# zpool destroy tank


tatus

Th er of ways toreq

Lis

Wi nd displays allthe ple:

Sun Services


Querying ZFS Storage Pool S

e zpool list command provides a numbuest information regarding pool status.

ting Information About All Storage Pools

th no arguments, the zpool list comma fields for all pools on the system. For exam

# zpool listNAME SIZE USED AVAIL CAP HEALTH ALTROOTtank 80.0G 22.3G47.7G 28% ONLINE -dozer 1.2T 384G 816G 32% ONLINE -


Q s (cont.)

Lis

You -o option.

For each pool, youuse

Sun Services


uerying ZFS Storage Pool Statu

ting Specific Storage Pool Statistics

can request specific statistics by using the

example, to list only the name and size of the following syntax:

# zpool list -o name,sizeNAME SIZEtank 80.0Gdozer 1.2T


Q s (cont.)

He

ZF ing pool anddev ed from thesta

Th the zpoolst

Eac states:

Sun Services



alth Status of ZFS Storage Pools

S provides an integrated method of examinice health. The health of a pool is determin

te of all its devices.

is state information is displaying by using atus command.

h device can fall into one of the following

• ONLINE• DEGRADED• FAULTED


Q s (cont.)

He d)

Ba

Th of pool healthsta d:

Sun Services



alth Status of ZFS Storage Pools (continue

• OFFLINE• UNAVAILABLE

sic Storage Pool Health Status

e simplest way to request a quick overviewtus is to use the zpool status comman

# zpool status -xall pools are healthy


Q s (cont.)

De

You ry by using the-v

nt replicas existd state.ool online’.

Sun Services



tailed Health Status

can request a more detailed health summa option. For example:

# zpool status -v tankpool: tankstate: DEGRADEDstatus: One or more devices could not be opened. Sufficie

for the pool to continue functioning in a degradeaction: Attach the missing device and online it using ’zpsee: http://www.sun.com/msg/ZFS-8000-2Qscrub: none requestedconfig:

NAME STATE READ WRITE CKSUMtank DEGRADED 0 0 0

mirror DEGRADED 0 0 0c1t0d0 FAULTED 0 0 0 cannot openc1t1d0 ONLINE 0 0 0

errors: No known data errors


C Systems

Cre

You e ZFS filesys ngle argument:the

Sp arting from thenam

po stem-name

Th n the pathide e new filesys e system namesmu

Sun Services


reating and Destroying ZFS File

ating a ZFS File System

use the zfs create command to creattems. The create subcommand takes a si name of the file system to create.

ecify the file system name as a path name ste of the pool:

ol-name/[filesystem-name/]filesy

e pool name and initial file system names intify the location in the hierarchy where thtem will be created. All the intermediate filst already exist in the pool.


C Systems

Cre

In bonwick iscre

ZF le system if it iscre

Sun Services


reating and Destroying ZFS File(cont.)

ating a ZFS File System (cont.)

the following example, a file system namedated in the tank/home file system.

# zfs create tank/home/bonwick

S automatically mounts the newly created fiated successfully.


C Systems

De

You roy ZFS filesys ticallyun

In tem isdes

If t so cannot beun ils. The zfsde has children.

Sun Services



stroying a ZFS File System

use the zfs destroy command to desttems. The destroyed file system is automamounted and unshared.

the following example, the tabriz file systroyed.

# zfs destroy tank/home/tabriz

he file system to be destroyed is busy and mounted, the zfs destroy command fastroy command also fails if a file system


C Systems

Re

You e ZFS filesys

Th llowingop

n within the

locate it within

Sun Services



naming a ZFS File System

use the zfs rename command to renamtems.

e rename subcommand can perform the foerations:

• Change the name of a file system.• Relocate the file system to a new locatio

ZFS hierarchy.• Change the name of a file system and re

the ZFS hierarchy.


C Systems

Re

Th ommand tosim

starz_old

Th rename torel

e

Sun Services



naming a ZFS File System (cont.)

e following example uses the rename subcply rename a file system:

# zfs rename tank/home/kustarz tank/home/ku

e following example shows how to use zfsocate a file system.

# zfs rename tank/home/maybee tank/ws/maybe


Pro you use tocon snapshots, andclo

Pro able properties.

Mo

An en set on apar .

Sun Services


ZFS Properties

perties provide the main mechanism that trol the behavior of file systems, volumes,

nes.

perties are either read-only statistics or sett

st settable properties are also inheritable.

inheritable property is a property that, whent, is propagated to all of its descendants


All source.

Th ned. The sourceof

Sun Services


ZFS Properties (cont.)

inheritable properties have an associated

e source indicates how a property was obtaia property can have the following values:

• default

• local

• inherited from dataset-name

• temporary

• - (none)


ProNa

ac L entries areles and

eated.

ac ACL entry is a chmod

at r the access timeed when they are

Sun Services



pertyme

TypeDefaultValue

Description

linherit String secure Controls how ACinherited when fidirectories are cr

lmode String groupmask Controls how anmodified duringoperation

ime Boolean on Controls whethefor files is updatread.


av rty that identifiesace available toll its children,er activity in the

ch cksum used tority.

co pressionor this dataset.

com rty that identifiesratio achieved for

cr rty that identifiese that this dataset

ProNa

Sun Services


ailable Number N/A Read-only propethe amount of spthe dataset and aassuming no othpool.

ecksum String on Controls the cheverify data integ

mpression String off Controls the comalgorithm used f

pressratio Number N/A Read-only propethe compressionthis dataset.

eation Number N/A Read-only propethe date and timwas created.

pertyme

TypeDefaultValue

Description


de r device nodess file system

ex r programsstem are allowed

mo rty that indicates system,

t is currently

mo nt point used for

ProNa

Sun Services


vices Boolean on Controls whethefound within thican be opened.

ec Boolean on Controls whethewithin this file syto be executed.

unted Boolean N/A Read-only propewhether this fileclone, or snapshomounted.

untpoint String N/A Controls the mouthis file system.

pertyme

TypeDefaultValue

Description


or rty for cloned filees that identifieswhich the clone

qu nt of space aescendants can

re r this dataset can

re sted block size forstem.

re rty that identifiesta accessible by

ProNa

Sun Services


igin String N/A Read-only propesystems or volumthe snapshot fromwas created.

ota Number(or none)

none Limits the amoudataset and its dconsume.

adonly Boolean off Controls whethebe modified.

cordsize Number 128K Specifies a suggefiles in the file sy

ferenced Number N/A Read-only propethe amount of dathis dataset.

pertyme

TypeDefaultValue

Description


re ount of spaceataset and its

sh r the file system isFS, and what.

se r setuid the bit isle system.

sn r the .zfsen or visible ine system.

ty rty that identifiesasstem or clone),hot.

ProNa

Sun Services


servation Number(or none)

none The minimum amguaranteed to a ddescendants.

arenfs String off Controls whetheavailable over Noptions are used

tuid Boolean on Controls whethehonored in the fi

apdir String hidden Controls whethedirectory is hiddthe root of the fil

pe String N/A Read-only propethe dataset type filesystem (file syvolume, or snaps

pertyme

TypeDefaultValue

Description


us rty that identifiesace dataset and all

vo cifies the logicale.

vo cifies the blocke.

zo r this dataset haso a non-global

ProNa

Sun Services


ed Number N/A Read-only propethe amount of spconsumed by theits descendants.

lsize Number N/A For volumes, spesize of the volum

lblocksize Number 8 Kbytes For volumes, spesize of the volum

ned Boolean N/A Indicates whethebeen delegated tzone.

pertyme

TypeDefaultValue

Description


Re

Re an retrieve, butno .

Se

Set es you can bothret

Set et command.

Wi s, settablepro

Sun Services



ad-Only ZFS Properties

ad-only properties are properties that you ct set. Read-only properties are not inherited

ttable ZFS Properties

table properties are properties whose valurieve and set.

table properties are set by using the zfs s

th the exceptions of quotas and reservationperties are inherited.


ation

Th ble mechanismfor .

Lis

You the zfs listcom

# zNAMpoopoo nepoopoo epoo e/markspoo e/marks@snap

Sun Services


Querying ZFS File System Inform

e zfs list command provides an extensi viewing and querying dataset information

ting Basic ZFS Information

can list basic dataset information by usingmand with no options. For example:

fs listE USED AVAIL REFER MOUNTPOINTl 84.0K 33.5G - /pooll/clone 0 33.5G 8.50K /pool/clol/test 8K 33.5G 8K /testl/home 17.5K 33.5G 9.00K /pool/homl/home/marks 8.50K 33.5G 8.50K /pool/homl/home/marks@snap 0 - 8.50K /pool/hom


ation

Lis

You play specificdat mmand line.

Us descendantsof

Cre

Th sing of the -o, -

Sun Services


Querying ZFS File System Inform(cont.)

ting Basic ZFS Information (cont.)

can also use the zfs list command to disasets by providing the dataset name on the co

e the the -r option to recursively display alla dataset.

ating Complex ZFS Queries

e zfs list output can be customized by ut, and -H options. For example:

# zfs list -o name,sharenfs,mountpointNAME SHARENFS MOUNTPOINTtank rw /export


ation

Cre

You f datasets todis

You header fromthe

Wi tabs. Thisop utput.

Sun Services


Querying ZFS File System Inform(cont.)

ating Complex ZFS Queries (cont.)

can use the -t option to specify the types oplay. The valid types are:

• filesystem

• volume

• snapshot

can use the -H option to omit the zfs list generated output.

th the -H option, all white space is output astion can be useful when you need parsable o


Da fs command’sse

Se

You y any settabledat

On fied using zfsse

Th ty to off forta

Sun Services


Managing ZFS Properties

taset properties are managed through the zt, inherit, and get subcommands.

tting ZFS Properties

can use the zfs set command to modifaset property.

ly one property at a time can be set or modit.

e following example sets the atime propernk/home.

# zfs set atime=off tank/home


nt.)

Inh

All uotas andres rent.

If n nheritedpro used.

You clear a propertyset d from thepar

Th ly when youspe

Sun Services


Managing ZFS Properties (co

eriting ZFS Properties

settable properties, with the exception of qervations, inherit their value from their pa

o ancestor has an explicit value set for an iperty, the default value for the property is

can use thezfs inherit command is toting, thus causing the setting to be inheriteent.

e inherit subcommand applies recursivecify the -r option.


nt.)

Qu

Th by using thezf

For ou can use thezf nformation in acus

You e any datasetpro

Sun Services



erying ZFS Properties

e simplest way to query property values iss list command.

more complex queries and for scripting, ys get command to obtain more detailed itomized format.

can use the zfs get command to retrievperty. For example:

# zfs get checksum tank/wsNAME PROPERTY VALUE SOURCEtank/ws checksum on default


nt.)

Qu

Th CE, indicatesho le source valuesare

Sun Services



erying ZFS Properties (cont.)

e fourth column in zfs get output, SOURw a property value has been set. The possib:

• default

• inherited from dataset-name

• local

• temporary

• - (none)


nt.)

Qu

You ve all datasetpro ll keyword toret

6 -

Th ecify, by sourceval

Sun Services



erying ZFS Properties (cont.)

can use the special keyword all to retrieperties. The following example uses the a

rieve all existing dataset properties:

# zfs get all poolNAME PROPERTY VALUE SOURCEpool type filesystem -pool creation Mon Mar 13 11:41 200pool used 2.62M -<output omitted>

e -s option to zfs get enables you to spue, the type of properties to display.


s

Ma

By ZFS at boot byusi local service.

Fil e path is thenam

You using the zfsse rty to a specificpat

ZF needed.

Th

Sun Services


Mounting ZFS File System

naging ZFS Mount Points

default, all ZFS file systems are mounted byng SMF’s svc://system/filesystem/

e systems are mounted under /path, where of the file system.

can override the default mount point by t command to set the mountpoint propeh.

S automatically creates this mount point, if

e mountpoint property is inherited.


ont.)

Ma

You e to prevent afile

If d ms throughleg oint propertyto l

Sun Services


Mounting ZFS File Systems (c

naging ZFS Mount Points (cont.)

can set the mountpoint property to non system from being mounted.

esired, you can explicitly manage file systeacy mount interfaces by setting the mountpegacy.


ont.)

Au

Wh lt mount pointfor -m.

An not legacy isma

Wh , the file systemis a unt point andrem

Mo .

Sun Services



tomatic Mount Points

en you create a pool, you can set the defau the root dataset by using zpool create

y dataset whose mountpoint property is naged by ZFS.

en you change the mountpoint propertyutomatically unmounted from the old moounted to the new mount point.

unt point directories are created as needed


ont.)

Leg

You tools by settingthe

Leg the mount andum le.

Th nd manage aZF

ock

Sun Services



acy Mount Points

can manage ZFS file systems with legacymountpoint property to legacy.

acy file systems must be managed throughount commands and the /etc/vfstab fi

e following examples show how to set up aS dataset in legacy mode:

# zfs set mountpoint=legacy tank/home/eschr# mount -F zfs tank/home/eschrock /mnt


ont.)

Mo

ZF e systems arecre

Th hen changingmo unting filesys

Th hows allcur d by ZFS.

Sun Services



unting ZFS File Systems

S automatically mounts file systems when filated or when the system boots.

e zfs mount command is only necessary wunt options, or explicitly mounting or unmotems.

e zfs mount command with no argument srently mounted file systems that are manage

# zfs mounttank /tanktank/home /tank/hometank/home/bonwick /tank/home/bonwick


ont.)

Mo

You anaged filesys

Th ed file systems.

Wh unt optionsbas the dataset.

Sun Services



unting ZFS File Systems (cont.)

can use the -a option to mount all ZFS mtems. For example:

# zfs mount -a

is command does not mount legacy manag

en a file system mounts, it uses a set of moed on the property values associated with


ont.)

Tem

If y e -o optionwi nding propertyval

In t option istem le system:

To tem that iscur remountop

Sun Services



porary Mount Properties

ou explicitly set mount options by using thth the zfs mount command, the correspoue is temporarily overridden.

the following example, the read-only mounporarily set on the tank/home/perrin fi

# zfs mount -o ro tank/home/perrin

temporarily change a property on a file sysrently mounted, you must use the special

tion.


ont.)

Un

You s unmountsub ts either themo ument.

In ounted byspe

In mounted byspe

Sun Services



mounting ZFS File Systems

can unmount file systems by using the zfcommand. The unmount command accepunt point or the file system name as an arg

the following example, a file system is unmcifying its file system name:

# zfs unmount tank/home/tabriz

the following example, the file system is uncifying its mount point:

# zfs unmount /export/home/tabriz


nt

A w o perform manyadm dministrationcon llowing URL:

If y to reach the ZFSAd started. To startthe

If y n the systemboo

Sun Services


ZFS Web-Based Manageme

eb-based ZFS management tool is available tinistrative actions. You can access the ZFS A

sole through a secure web browser at the fo

https://system-name:6789/zfs

ou type the appropriate URL and are unableministration console, the server might not be server, run the following command:

# /usr/sbin/smcwebserver start

ou want the server to run automatically whets, run the following command:

# /usr/sbin/smcwebserver enable


A s or volume.

Sna itially consumeno

ZF :

s.apshots is 264.

e. Snapshotsame storage were created.

Sun Services


ZFS Snapshots

napshot is a read-only copy of a file system

pshots are created almost instantly, and in additional disk space within the pool.

S snapshots include the following features

• Snapshots persist across system reboot• The theoretical maximum number of sn• Snapshots use no separate backing stor

consume disk space directly from the spool as the file system from which they


Cre

You ate ZFSsna es the name ofthe

Sna

Th ank/home/ah

Sun Services


ZFS Snapshots (cont.)

ating and Destroying ZFS Snapshots

use the zfs snapshot command to crepshots. The zfs snapshot command tak snapshot to create as its only argument.

pshot names use the following format:

filesystem@snapnamevolume@snapname

e following example creates a snapshot of trens that is named friday.

# zfs snapshot tank/home/ahrens@friday


Cre

Sna aset propertiescan

You roy a ZFSsna

A d he dataset exist.

In snapshot, thenthe n be destroyed.

Sun Services



ating and Destroying ZFS Snapshots

pshots have no modifiable properties. Datnot be applied to a snapshot.

use the zfs destroy command to destpshot. For example:

# zfs destroy tank/home/ahrens@friday

ataset cannot be destroyed if snapshots of t

addition, if clones have been created from ay must be destroyed before the snapshot ca


Re

You ain within thepo d. For example:

ome/cindys@today

Dis

Sna .zfs/sn ntaining filesys

Sun Services



naming ZFS Snapshots

can rename snapshots, but they must remol and dataset from which they were create

# zfs rename tank/home/cindys@031306 tank/h

playing and Accessing ZFS Snapshots

pshots of file systems are accessible in theapshot directory within the root of the cotem. For example:

# ls /home/ahrens/.zfs/snapshottuesday wednesday thursday


Dis nt.)

You

NTPOINT

You particular filesys

pool/home

006006

Sun Services



playing and Accessing ZFS Snapshots (co

can list all snapshots as follows:

# zfs list -t snapshotNAME USED AVAIL REFER MOUpool/home/anne@monday 0 - 780K -pool/home/bob@monday 0 - 1.01M -<output omitted>

can list snapshots that were created for atem as follows:

# zfs list -r -t snapshot -o name,creation NAME CREATIONpool/home/anne@monday Mon Mar 13 11:46 2pool/home/bob@monday Mon Mar 13 11:46 2


Sn

Wh lly sharedbet possibly withpre

As viously sharedbec ounted in thesna

Ad the amount ofspa shots.

Sun Services


ZFS Snapshots

apshot Space Accounting

en you create a snapshot, its space is initiaween the snapshot and the file system, andvious snapshots.

the file system changes, space that was preomes unique to the snapshot, and thus is cpshot’s used property.

ditionally, deleting snapshots can increasece unique to (and thus used by) other snap


Ro

You discard allcha

Th ystem to revertto i .

By not roll back toa s ot.

To estroy allint e recentsna

Sun Services



lling Back to a ZFS Snapshot

can use the zfs rollback command tonges made since a specific snapshot.

ezfs rollback command causes the file sts state at the time the snapshot was taken

default, the zfs rollback command cannapshot other than the most recent snapsh

roll back to an earlier snapshot, you must dermediate snapshots. You can destroy morpshots by specifying the -r option.


A c ose initialcon hich it wascre

As nstantaneous,and ce.

You

Wh dency is createdbet

A c ataset fromwh

Sun Services


ZFS Clones

lone is a writable volume or file system whtents are the same as the snapshot from w

ated.

with snapshots, creating a clone is nearly i initially consumes no additional disk spa

can only create clones from a snapshot.

en you clone a snapshot, an implicit depenween the clone and snapshot.

lone does not inherit properties from the dich it was created.


Cre

To nd. Specify thesna the name of thenew

Th nywhere in theZF

Th med tank/ho al contents asthe

e/ahrens/bug123

Sun Services


ZFS Clones (cont.)

ating a ZFS Clone

create a clone, use the zfs clone commapshot from which to create the clone, and file system or volume.

e new file system or volume can be located aS hierarchy within the same pool.

e following example creates a new clone name/ahrens/bug123, with the same initi snapshot tank/ws/gate@yesterday.

# zfs snapshot tank/ws/gate@yesterday# zfs clone tank/ws/gate@yesterday tank/hom


De

You roy ZFS clones.For

Clo napshot can bedes

Sun Services


ZFS Clones (cont.)

stroying a ZFS Clone

use the zfs destroy command to dest example:

# zfs destroy tank/home/ahrens/bug123

nes must be destroyed before the parent stroyed.


Re ne

You place an activeZF .

Th replace filesys the clone of thespe

In estroy the filesys reated.

Wi a ’origin’ filesys

Sun Services


ZFS Clones (cont.)

placing a ZFS File System With a ZFS Clo

can use the zfs promote command to reS file system with a clone of that file system

is feature facilitates the ability to clone andtems so that the ’origin’ file system becomecified file system.

addition, this feature makes it possible to dtem from which the clone was originally c

thout clone promotion, you cannot destroytem of active clones.


Re ne

In ductA filesys , tank/test/pro uctA filesys

oductAbeta

OINTtesttest/productA

k/test/productAbeta

Sun Services


ZFS Clones (cont.)


the following example, the tank/test/protem is cloned and then the clone file systemductAbeta becomes the tank/test/prodtem.

# zfs create tank/test# zfs create tank/test/productA# zfs snapshot tank/test/productA@today# zfs clone tank/test/productA@today tank/test/pr# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPtank/test 314K 8.24G 25.5K /tank/tank/test/productA 288K 8.24G 288K /tank/tank/test/productA@today 0 - 288K -tank/test/productAbeta 0 8.24G 288K /tan


Re ne

OINTtesttest/productAk/test/productAbeta -

Sun Services


ZFS Clones (cont.)


# zfs promote tank/test/productAbeta# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPtank/test 316K 8.24G 27.5K /tank/tank/test/productA 0 8.24G 288K /tank/tank/test/productAbeta 288K 8.24G 288K /tantank/test/productAbeta@today 0 - 288K


Re ne

Co naming the filesys

AlegacyductA

OINTtesttest/productA

ank/test/

Sun Services


ZFS Clones (cont.)


mplete the clone replacement process by retems. For example:

# zfs rename tank/test/productA tank/test/product# zfs rename tank/test/productAbeta tank/test/pro# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPtank/test 316K 8.24G 27.5K /tank/tank/test/productA 288K 8.24G 288K /tank/tank/test/productA@today 0 - 288K -tank/test/productAlegacy 0 8.24G 288K /tproductAlegacy


U th Zones

You al zones eitherby to the zones.Typ s or volumeswi

For bal zone allowsthe bal zone. As anadd tor cannotcon new ZFS filesys

Sun Services


sing ZFS on a Solaris System WiInstalled

can associate ZFS datasets with non-globadding them to the zones, or delegating themically you would associate ZFS file system

th non-global zones.

example, adding a file system to a non-glonon-global zone to share space with the gloed dataset, the non-global zone administratrol properties of the file system, or createtems below the added file system.


U th Zones

Wh one, you givecom hildren to thezon

For non-globalzon estroy filesys properties.

Th that have notbee any top-levelqu

Sun Services


sing ZFS on a Solaris System WiInstalled (cont.)

en you delegate a dataset to a non-global zplete control over the dataset and all its ce administrator.

example, if you delegate a file system to ae, the zone administrator can create and dtems within that dataset, and modify their

e zone administrator cannot affect datasetsn delegated to the zone, and cannot exceed

otas set on the delegated dataset.


U th Zones

Ad ne

You system whenthe al zone. A ZFSfile must have itsmo

You zone by usingthe ample:

e1

Sun Services



ding ZFS File Systems to a Non-Global Zo

can add a ZFS file system as a generic file goal is solely to share space with the glob system that is added to a non-global zoneuntpoint property set to legacy.

can add a ZFS file system to a non-globaladd fs subcommand in zonecfg. For ex

zonecfg:zone1> add fszonecfg:zone1:fs> set type=zfszonecfg:zone1:fs> set special=tank/zone/zonzonecfg:zone1:fs> set dir=/export/sharedzonecfg:zone1:fs> end


U th Zones

De

If t ation of storageto a to a non-globalzon mmand inzo

one1

Sun Services



legating Datasets to a Non-Global Zone

he primary goal is to delegate the administrzone, then ZFS supports adding datasetse through use of the add dataset subconecfg. For example:

zonecfg:zone1> add datasetzonecfg:zone1:dataset> set name=tank/zone/zzonecfg:zone1:dataset> end


U th Zones

De ont.)

Th perties, andcre le system.

In apshots, createclo stem hierarchyfro

Sun Services



legating Datasets to a Non-Global Zone (c

e zone administrator can set file system proate new file systems below the delegated fi

addition, the zone administrator can take snnes, and otherwise control the entire file sym the delegated file system down.


U th Zones

Ad

You l zone by usingthe

In t me is added toa n global zone:

sk/tank/vol

Sun Services



ding ZFS Volumes to a Non-Global Zone

can add emulated volumes to a non-globaadd device subcommand in zonecfg.

he following example, a ZFS emulated voluon-global zone by the administrator in the

zonecfg:zone1> add devicezonecfg:zone1:device> set match=/dev/zvol/dzonecfg:zone1:device> end


U th Zones

Us

You s from within ano

Th es control ofph e, and control ofvir

Wh on-global zone,any cteristics of thepo evices, is notallo

Sun Services



ing ZFS Storage Pools Within a Zone

cannot create or modify ZFS storage pooln-global zone.

e delegated administration model centralizysical storage devices within the global zontual storage to non-global zones.

ile a pool-level dataset can be added to a ncommand that modifies the physical chara

ol, such as creating, adding, or removing dwed from within a non-global zone.


U th Zones

Pro one

On ministrator cancon

Wh ors are visible tozf tent remainsina ble, as are all itschi

Th enfs property,bec vers.

Ne zoned property.

Sun Services



perty Management Within a Non-Global Z

ce a dataset is delegated to a zone, the zone adtrol specific dataset properties.

en a dataset is delegated to a zone, its ancests list in the non-global zone, but their conccessible. The delegated dataset itself is writaldren.

e zone administrator cannot change the sharause non-global zones cannot act as NFS ser

ither can the zone administrator change the


U th Zones

Un

Wh , the datasetmu erties are notint ne.

On zone under thecon n no longer betru

ZF dataset hasbee int in time.

Sun Services



derstanding the zoned Property

en a dataset is added to a non-global zonest be specially marked so that certain prop

erpreted within the context of the global zo

ce a dataset has been added to a non-globaltrol of a zone administrator, its contents ca

sted.

S uses the zoned property to indicate that an delegated to a non-global zone at one po


U th Zones

Un

Th automaticallytur set is firstboo

If t be mounted orsha

Wh ne is destroyed,the d.

Sun Services




e zoned property is a boolean value that isned on when a zone containing a ZFS datated.

he zonedproperty is set, the dataset cannotred in the global zone.

en a dataset is removed from a zone or a zozoned property is not automatically cleare


U th Zones

Un

To roperty must bema you want toreu

Bef sure that themou children are setto r exist, or turn offthe

On bilities are left,the he zfs set orzfs

Sun Services




prevent accidental security risks, the zonedpnually cleared by the global administrator ifse the dataset in any way.

ore setting the zoned property to off, makentpoint property for the dataset and all itseasonable values and that no setuid binariessetuid property.

ce you have verified that no security vulnerazoned property can be turned off by using t inherit commands.

sa-202-s10 - weeblykaransingh12.weebly.com/uploads/3/8/3/8/3838844/sa202s10_oh.pdfsun services...

Documents