SA-202-S10 Part2
-
Upload
adam-kasperek -
Category
Documents
-
view
218 -
download
0
Transcript of SA-202-S10 Part2
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 1/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2
System Administration for the
Solaris™ 10 Operating System, Part 2
SA-202-S10
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 2/534
Copyright 2007 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California, 95054, U.S.A. All rights reserved.
Thisproduct or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any.
Third-party software, including font technology, is copyrighted and licensed from Sun suppliers.
Sun, Sun Microsystems, the Sun logo,Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, and UltraSPARC are trademarks or registered trademarks of SunMicrosystems, Inc. in the U.S. and other countries.
All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARCtrademarks are based upon an architecture developed by Sun Microsystems, Inc.
UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.
The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering effortsof Xerox in researchingand developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, whichlicense also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements.
U.S. Government approval might be required when exporting the product.
RESTRICTED RIGHTS: Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) and FAR 52.227-19(6/87), or DFAR 252.227-7015(b)(6/95) and DFAR 227.7202-3(a).
DOCUMENTATION IS PROVIDED “ASIS” ANDALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, ANDWARRANTIES,INCLUDING ANY IMPLIED WARRANTYOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS AREHELD TO BE LEGALLY INVALID.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 3/534
Copyright 2007 Sun Microsystems Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.
Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribution, et la décompilation. Aucune partie de ceproduit ou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y en a.
Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié par des fournisseurs de Sun.
Sun, Sun Microsystems, le logo Sun, Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, et UltraSPARC sont des marques de fabrique ou des marques déposéesde Sun Microsystems, Inc. aux Etats-Unis et dans d’autres pays.
Toutes les marques SPARC sont utilisées sous licence sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d’autres pays. Lesproduits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.
UNIX est une marques déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd.
L’interfaces d’utilisation graphique OPEN LOOKet Sun™ a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts de pionniers de Xeroxpour larecherche et le développement du concept des interfaces d’utilisation visuelle ou graphique pour l’industrie de l’informatique. Sun détient une licence non exclusive de Xerox surl’interface d’utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l’interface d’utilisation graphique OPEN LOOK et qui en outre seconforment aux licences écrites de Sun.
L’accord du gouvernement américain est requis avant l’exportation du produit.
LA DOCUMENTATION EST FOURNIE “EN L’ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENTEXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, AL’APTITUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 14/534
Sun Services
Advanced System Administration for the Solaris™ 10 Operating System xivCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Managing ZFS Properties .................................................................................................................. 16-53Mounting ZFS File Systems ............................................................................................................... 16-58ZFS Web-Based Management ........................................................................................................... 16-66ZFS Snapshots ..................................................................................................................................... 16-67ZFS Snapshots ..................................................................................................................................... 16-72ZFS Clones ........................................................................................................................................... 16-74Using ZFS on a Solaris System With Zones Installed .................................................................... 16-81
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 15/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2
Preface
About This Course
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 16/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xvi of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Course Goals
Upon completion of this course, you should be able to:
• Describe network basics• Manage virtual file systems and core dumps
• Manage storage volumes
• Control access and configure system messaging• Set up name services
• Perform advanced installation procedures
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 17/534
Sun Services
Course Map
Describing
InterfaceConfiguration
Describing the
Client-ServerModel
Using
NameServices
Configuring
NameService Clients
Configuring
the NetworkInformation
Service (NIS)
Describing Network Basics
ManagingSwap
Configuration
ManagingCrash Dumps
and
Core Files
ConfiguringNFS
ConfiguringAutoFS
Configuring
Role-BasedAccess Control
(RBAC)
Configuring
SystemMessaging
Managing Virtual File Systems and Core Dumps
Describing
RAID andSolaris
VolumeManagerSoftware
Configuring
SolarisVolume
ManagerSoftware
Managing Storage VVolumes
Controlling Access and Configuring System Messaging
Setting Up Name Services
Configuring Virtualization
SunConnectionServices
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 18/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xviii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
This course does not cover the following topics. Many of thesetopics are covered in other courses offered by Sun Services:
• Basic UNIX® commands – Covered in SA-100-S10:UNIX® Essentials Featuring the Solaris™ 10 OperatingSystem
• The vi editor – Covered in SA-100-S10: UNIX®Essentials Featuring the Solaris™ 10 Operating System
• Basic UNIX file security – Covered in SA-100-S10:UNIX® Essentials Featuring the Solaris™ 10 Operating
System• Software package administration – Covered in SA-200-
S10: Intermediate System Administration for the Solaris™10 Operating System
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 19/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xix of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
• Patch maintenance – Covered in SA-200-S10:Intermediate System Administration for the Solaris™ 10Operating System
• Adding users using the Solaris Management Consolesoftware – Covered in SA-200-S10: Intermediate System
Administration for the Solaris™ 10 Operating System• Basic system security – Covered in SA-100-S10: UNIX®Essentials Featuring the Solaris™ 10 Operating System
• Administering initialization files – Covered in SA-200-
S10: Intermediate System Administration for the Solaris™10 Operating System
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 20/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xx of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
• Advanced file permissions – Covered in SA-200-S10:Intermediate System Administration for the Solaris™ 10Operating System
• Backup and recovery – Covered in SA-200-S10:Intermediate System Administration for the Solaris™ 10
Operating System• The lp print service and print commands – Covered inSA-200-S10: Intermediate System Administration for theSolaris™ 10 Operating System
• Process control – Covered in SA-200-S10: IntermediateSystem Administration for the Solaris™ 10 OperatingSystem
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 21/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxi of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
• All the new features in Solaris 10 – Covered in SA-225S10: Solaris™ 10 for Experienced System Administrators
• Hardware or software troubleshooting – Covered inST-350: Sun™ Systems Fault Analysis Workshop System
tuning – Covered in SA-400:Enterprise System
Performance Management
• Detailed shell programming – Covered in SA-245: ShellProgramming for System Administrators
• Detailed network administration concepts – Covered inSA-300-S10: Network Administration for the Solaris™ 10Operating System
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 22/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Topics Not Covered
Refer to the Sun Services catalog for specific information on coursecontent and registration.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 23/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxiii of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
How Prepared Are You?
To be sure you are prepared to take this course, can youanswer yes to the following questions?
• Can you install and boot the Solaris™ 10 OperatingSystem (Solaris 10 OS) on a stand-alone workstation?
• Can you implement basic system security?
• Can you add users to the system using the SolarisManagement Console software?
• Can you use the pkgadd command to add software
packages?
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 24/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxiv of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
How Prepared Are You?
• Can you monitor and mount file systems?
• Can you manage disk devices and processes?• Can you perform backups and restorations?
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 25/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Preface, slide xxv of xxvCopyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introductions
• Name
• Company affiliation• Title, function, and job responsibility
• Experience related to topics presented in this course
• Reasons for enrolling in this course
• Expectations for this course
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 26/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2
Module 1
Describing Interface Configuration
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 27/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 2 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Control and monitor network interfaces
• Configure Internet Protocol Version 4 (IPv4) interfacesat boot time
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 28/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 3 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Controlling and Monitoring NetworkInterfaces
Network commands, such asifconfig
,ping
, andsnoop
,control and monitor the functionality of network interfaces.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 29/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 4 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Displaying the MAC Address
The media access control (MAC) address is your computer’sunique hardware address.
Two ways to display the MAC address or the Ethernet addressare:
• Use the ifconfig -a command:# ifconfig -alo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet127.0.0.1 netmask ff000000nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:93:c9:af
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 30/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 5 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Displaying the MAC Address (cont.)
• Use the boot programmable read-only memory(PROM) banner command on SPARC®-based systems:
ok bannerSun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), Keyboard PresentOpenBoot 3.31 256 MB (60ns) memory installed, Serial #9685423.Ethernet address 8:0:20:93:c9:af, Host ID: 8093c9af.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 31/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 6 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Displaying the IP Address
The ifconfig -a command displays the current configurationfor the network interfaces.
# ifconfig -alo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232index 1 inet 127.0.0.1 netmask ff000000nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255ether 8:0:20:93:c9:af
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 32/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 7 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Marking an Ethernet Interface as Down
You can use the ifconfig command to mark an Ethernetinterface as up or down.
# ifconfig nge0 down# ifconfig -alo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232index 1 inet 127.0.0.1 netmask ff000000nge0: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255ether 8:0:20:93:c9:af
# ifconfig nge0 up# ifconfig -alo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1 inet 127.0.0.1 netmask ff000000nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255ether 8:0:20:93:c9:af
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 33/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 8 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sending ICMP ECHO_REQUEST Packets
To determine if you can contact another system over thenetwork, enter the ping command:
# ping sys41sys41 is alive
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 34/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 9 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Capturing and Inspecting Network Packets
You can use the snoop utility to capture and inspect networkpackets to determine what kind of data is transferred between
systems.
# snoop sys41 sys42sys41 -> sys42 ICMP Echo request (ID: 615 Sequence number: 0)sys42 -> sys41 ICMP Echo reply (ID: 615 Sequence number: 0)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 35/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 10 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Capturing and Inspecting Network Packets
Some additional snoop options include:
snoop Summary outputsnoop -V Summary verbose output
snoop -v Detailed verbose output
snoop -o filename Redirects the snoop utility output to filename
in summary modesnoop -i filename Displays packets that were previously captured
in filename
snoop -d device Receive packets from a network interface
specified bydevice
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 36/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 11 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring IPv4 Interfaces at Boot Time
Introducing IPv4 Interface Files
Network interfaces in the Solaris OS are controlled by filesand services.
• The svc:/network/physical:default service
• The /etc/hostname.xxn file• The /etc/inet/hosts file
• The /etc/inet/ipnodes file
S S i
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 37/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 12 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The /etc/hostname.xxn File Entries andCorresponding Interfaces
Entry Interface
/etc/hostname.e1000g0 First e1000g (Intel PRO/1000 Gigabit family device driver)Ethernet interface in the system
/etc/hostname.bge0 First bge (Broadcom Gigabit Ethernet device driver) Ethernetinterface in the system
/etc/hostname.bge1 Second bge Ethernet interface in the system
/etc/hostname.ce0 First ce (Cassini Gigabit-Ethernet device driver) Ethernetinterface in the system
/etc/hostname.qfe0 First qfe (Quad Fast-Ethernet device driver) Ethernetinterface in the system
/etc/hostname.hme0 First hme (Fast-Ethernet device driver) Ethernet interface in
the system
/etc/hostname.eri0 First eri (eri Fast-Ethernet device driver) Ethernet interfacein the system
/etc/hostname.nge0 First nge (Nvidia Gigabit Ethernet driver) Ethernet interfacein the system
S S i
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 38/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 13 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The /etc/inet/ipnodesFile
A local database that associates the names of nodes with theirInternet Protocol (IP) addresses.
cat /etc/inet/ipnodes## Internet host table#::1 localhost127.0.0.1 localhost192.168.30.41 sys41 loghost
S S i
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 39/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 14 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Changing the System Host Name
The host name of a system is contained in four files on thesystem. You must modify all of these files, and perform a
reboot, to successfully change a system’s host name. The filesthat contain the host name of a system are:
• The /etc/nodename file
• The /etc/hostname.xxn file• The /etc/inet/hosts file
• The /etc/inet/ipnodes file
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 40/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 15 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The sys-unconfigCommand
You can use the /usr/sbin/sys-unconfig command torestore a system’s configuration to an unconfigured state,
ready to be reconfigured again.
The sys-unconfig command does the following:
• Saves the current /etc/inet/hosts file information inthe /etc/inet/hosts.saved file.
• If the current /etc/vfstab file contains Network FileSystem (NFS) mount entries, it saves the /etc/vfstab
file to the /etc/vfstab.orig file.• Restores the default /etc/inet/hosts file.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 42/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 1, slide 17 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The sys-unconfigCommand
• Executes all system configuration applications. Theseapplications are defined by prior executions of a
sysidconfig -a command.• Removes the /etc/resolv.conf file for DNS clients.
• Disables Lightweight Directory Access Protocol
(LDAP) by removing:• The /var/ldap/ldap_client_cache file
• The /var/ldap/ldap_client_file file
• The /var/ldap/ldap_client_cred file
• The /var/ldap/cachemgr.log file
• Regenerates keys for the Secure Shell Daemon (sshd)
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 43/534
Sun Services
Advanced System Administration for the Solaris™ 10 Operating System
Module 2
Describing the Client-Server Model
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 44/534
Sun Services
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 2 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Describe client-server processes
• Start server processes
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 45/534
Sun Services
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 3 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Client-Server Processes
The client-server model describes network services and theclient programs of those services.
One example of the client-server relationship is the nameserver and resolver model of the DNS.
Another example of the client and server relationship is theNFS.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 46/534
Sun Services
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 4 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Client Processes
The client is a host or a process that uses services from anotherhost or program, known as a server.
File
Server
Name
Server
Server
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 47/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 5 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Server Processes
The server is a host or a process that provides services toanother program known as a client.
Printer A
Server Storage
Server
Storage
Array 1
Storage
Array 2
Client 3 Client 4Client 1 Client 2
Printer B Printer C
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 48/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 6 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The Service Management Facility (SMF)
SMF provides a centralized configuration structure formanaging system services and the interaction of a service
with other services. SMF includes the following:
• A mechanism to establish and formalize dependencyrelationships between services.
• Information on procedures to start, stop, and restartservices.
• A centralized repository for information on startup behavior and service status.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 49/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 7 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The Service Management Facility (cont.)
• A structured mechanism for Fault Management ofsystem services.
• Detailed information about misconfigured servicessuch as an explanation of why a service is not running.
• Individual log files for each service.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 50/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 8 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Services
• The fundamental unit of administration in SMF is theservice.
• It provides a known list of capabilities to other localand remote services.
• Services are represented as instance nodes which are
children of service nodes.• One service might have many instances such as a Webserver on multiple ports.
• Both service nodes and instance nodes can have
properties.• If an instance does not have property X, the service's
property X is used.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 51/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 9 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Service and Instance Nodes
Sun Services
S i Id tifi
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 52/534
Service Identifiers
• The service identifier is in the form ofa Fault Management ResourceIdentifier or FMRI.
• The FMRI indicates the type of serviceor category, and the name andinstance of the service.
Service Category Description
milestone Synthetic service s for clean dependencystatement
device General device services
system Services concerned with host-centric, non-networked capabilities
system/security Low-level host-centric services implementingsecurity facilities
network Services concerned with host-centric, networkinfrastructure capabilities
application General software services
application/management
Services implementing management facilities
application/security Services implementing high-level security
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 53/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 11 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Service Identifiers (cont.)• FMRI examples:
svc:/system/filesystem/root:default
lrc:/etc/rc3_d/S90samba
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 54/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 12 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Listing Service InformationThe svcs command to list the FMRIs and states:
# svcsSTATE STIME FMRIlegacy_run Feb_10 lrc:/etc/rc2_d/S10lulegacy_run Feb_10 lrc:/etc/rc2_d/S20sysetuplegacy_run Feb_10 lrc:/etc/rc2_d/S90wbemlegacy_run Feb_10 lrc:/etc/rc2_d/S99dtloginlegacy_run Feb_10 lrc:/etc/rc3_d/S81volmgt
(output removed)online Feb_10 svc:/system/system-log:defaultonline Feb_10 svc:/system/fmd:defaultonline Feb_10 svc:/system/console-login:defaultonline Feb_10 svc:/network/smtp:sendmailonline Feb_10 svc:/milestone/multi-user:default
online Feb_10 svc:/milestone/multi-user-server:defaultonline Feb_10 svc:/system/zones:defaultoffline Feb_10 svc:/application/print/ipp-listener:defaultoffline Feb_10 svc:/application/print/rfc1179:default maintenance 10:24:15 svc:/network/rpc/spray:default
Sun Services
S i S
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 55/534
Service States
Service put in maintenance state
Service
disabled
Can’t read
config
Service marked
disabled
Service enabled
by admin
Dependency
not met or
start failed
Dependency met
and service enabled
Service shutdown,
restart or disable
Partial failure of
service or dependency
Refresh
No improvementin service
Dependencies staisfied
and service is healthy
Unresolvable error
or thresholds reached
Unresolvable error or
thresholds reached
Unresolvable error or
thresholds reached
Service shutdown,
restart or disable
Re-readconfig data
Re-read
config data
Administrator
intervention
Start
service
UNINITALIZED
MAINTENANCE OFFLINE
ONLINE
DEGRADED
DISABLED
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 56/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 14 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
MilestonesA milestone can be regarded as a system state to reach. Thissystem state requires a defined set of services to be running.
These services depend on other services being available.
Currently there are six milestones:
• single-user
• multi-user
• multi-user-server
• network
• name-services
• sysconfig
• devices
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 57/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 15 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Milestones (cont.)
milestone
network system application
name-services net-physical filesystem print X11
/ /usr /var
Sun Services
Milestones (cont )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 58/534
Milestones (cont.)
/var/svc/manifest/milestone/multi-user-server.xml
dependency list
dependency list
multi-user milestone
/var/svc/manifest/milestone/multi-user.xml
exec /sbin/rc3
dependency list
single-user milestone
/var/svc/manifest/milestone/
single-user.xml
name-services milestone
filesystem
/var/svc/manifest/system/
filesystem/local-fs.xml
method
/lib/svc/method/fs-local
milestone multiuser
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 59/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 17 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The svc.startdDaemonThe svc.startd is the daemon which is responsible formaintaining the system services. It is svc.startd which
ensures that the system boots to the appropriate milestone.
Currently the milestones that can be used at boot time are:
• none
• single-user
• multi-user
• multi-user-server
• all
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 60/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 18 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The Service Configuration RepositoryThe repository database stores information about the state ofeach service instance. It also stores configuration information
about the services and system.
The disk-based database is /etc/svc/repository.db.
This file can only be manipulated using the SMF interfaceutilities svccfg and svcprop.
A corrupt repository can be repaired by booting the system tosingle user, and running the command:
# /lib/svc/bin/restore_repository
and following the instructions.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 61/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 19 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting Server ProcessesTo start services for server processes, you must know whichfiles to use for automatic service configuration. You must also
know how to manually start the services.
Introducing the Internet Service Daemon (inetd)
The inetd daemon is a special network process that runs oneach system and starts server processes that do notautomatically start at boot time.
The inetd daemon starts at boot time by svc.startd. There
is a legacy configuration file for inetd, /etc/inet/inetd.conf. Services listed in this file are imported into theService Management Facility (SMF) by the inetconvcommand.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 62/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 20 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The Impact of SMF on Network ServicesSMF has a major impact on network services in that eachservice can be independently enabled or disabled using the
inetadm command.
To disable the telnet facility:
# inetadm -d telnet
# inetadm | grep telnetdisabled disabled svc:/network/telnet:default
To enable the telnet facility:
# inetadm -e telnet# inetadm | grep telnetenabled online svc:/network/telnet:default
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 63/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 21 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Network PortsNetwork ports help transport protocols distinguish betweenmultiple service requests arriving at a given host computer.
There are two fundamental approaches to port assignments:
• Central authority
• All users must agree to allow the central authority toassign all port numbers.
• The central authority is responsible for publishingthe list of port number assignments, called well-
known port assignments.• Well-known port assignments dictate software
requirements on a system.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 64/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 22 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Network Ports• Dynamic binding
• The ports are unknown to the client in advance. The
system software dynamically assigns ports to theprograms that require them.
• To obtain the current port assignments on anycomputer, the software generates a request to thetarget machine for the port number information. Thetarget machine then responds with the port number.
• These port number assignments are considered
ephemeral since assignments are short lived, onlylasting until the system is rebooted.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 65/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 23 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Network PortsWell-known ports are stored in the/etc/inet/servicesfile.
# grep telnet /etc/inet/services
telnet 23/tcp
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 66/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 24 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting Services That Use a Well-KnownPort
Services following the central authority approach that use a
well-known port includes:
• Services that start by default at system boot time
• Services that do not start automatically at boot, and
must start on demand
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 67/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 25 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Requesting a Well-Known Service
23
n
32
6
7
1
sys41 (Client)
telnet ...in.telnetd
sys42 (Server)
Traaffic oic on
nnnnn nnnnTraffic on
nnnnn
= port number n
T i m e
4
in.telnetd n.telnetd (portport nnnnn nnnn)in.telnetd (port nnnnn ) 5
nnnnn 23
inetdtelnet sys42
8 in.telnetd
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 68/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 26 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting RPC ServicesRPC services are services developed using a set of utilitiesdeveloped by Sun Microsystems, Inc. While RPC services are
assigned a unique program number by the programmer whenthey are written, the RPC services are not typically assigned towell-known ports.
Types of RPC services that follow the dynamic bindingapproach include:
• Services that start by default at system boot time
• Services that do not start automatically at boot andmust start on demand
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 69/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 27 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting RPC Services at Boot TimeRPC services started at boot time with startup scripts run onavailable ports above 32768. The rpcbind process associates
RPC program numbers with port numbers.The /lib/svc/method/rpc-bind startup script initializesthe rpcbind service. The port number used by the rpcbinddaemon is listed in the /etc/inet/services file.
After the system starts up, the rpcbind daemon startslistening at port 111. To view the port number and protocol,perform the command:
# grep rpcbind /etc/servicessunrpc 111/udp rpcbindsunrpc 111/tcp rpcbind
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 70/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 28 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting RPC Services on DemandSome rpcbind services start only on demand. The portnumbers are registered with the rpcbindprocess during boot.
When a client application requests a service, the rpcbindprocess returns the port number of the service to the clientmachine.
The client machine generates a new request using the portnumber that it just received for the requested service.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 71/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 29 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Requesting an RPC Address
n = port number n
1
1112
6
Host 1 (Client)
spray host2
4
3
spray/1... rpc.sprayd
rpc.sprayd (port nnnnn)
Host 2 (Server)
T i m e
5
nnnnn nnnnn
nnnnn
nnnnn
rpcbind
inetd
Start rpcbind (port 111)
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 72/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 30 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the rpcinfoCommandsThe rpcinfo command makes an RPC call to an RPC server,and reports what it finds.
To list all the services registered with the rpcbind process,enter the rpcinfo command as follows:
rpcinfo -p [ host ]
For example:# rpcinfo -pprogram vers proto port service100000 4 tcp 111 rpcbind100000 3 tcp 111 rpcbind100000 2 tcp 111 rpcbind
100000 4 udp 111 rpcbind100000 3 udp 111 rpcbind100000 2 udp 111 rpcbind100232 10 udp 32772 sadmind
<output truncated>
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 73/534
Advanced System Administration for the Solaris™ 10 Operating System Module 2, slide 31 of 31Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Deleting RPC Service RegistrationTo unregister the RPC service given a specified prognum
(program number) and versnum (version number), perform
the rpcinfo command:rpcinfo -d prognum versnum
For example:# rpcinfo -d 100012 1
The deleted RPC service that uses program number 100012 issprayd. To register the sprayd service again, restart theinetd daemon as follows:
# svcadm disable svc:/network/rpc/spray:udp# svcadm enable svc:/network/rpc/spray:udp
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 74/534
System Administration for the Solaris™ 10 Operating System, Part 2
Module 3
Introducing Sun Connection Services
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 75/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 2 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
ObjectivesImplement patch management using Sun ConnectionServices including the Update Manager client, the smpatch
command line, and Sun Connection hosted Web application
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 76/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 3 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Solaris 10 OS Patch Access PolicyThe new Solaris 10 OS patch access policy:
• A service plan is not required for security, dataintegrity or hardware driver updates.
• A Sun Online Account is required for any patchesobtained using the Sun Connection.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 77/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 4 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Introducing Sun ConnectionSun Connection is a seamless architecture that provides:
• Notifications to let administrators• Automated procedures
• Fast intelligent software dependency checks
• Optional local caching of updates
• A Web hosted service
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 78/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 5 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Administering PatchesThe Sun Connection tools include the following:
• Update Manager client graphical user interface (GUI)• Sun Connection hosted Web application
• Update Manager client command-line interface(smpatch)
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 79/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 6 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Connection Modes• Local management of individual systems using the
Update Manager client or the smpatchCLI
• Remote and centralized management of multiplesystems using the Sun Connection hosted Webapplication
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 80/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 7 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Locally Managing Updates for IndividualSystems
• Maintain your own updates to the Solaris 10 OS by
establishing a connection to Sun Connection.• Sun Connection client software enables access to the
Sun Connection servers hosted at Sun.
• Automatic notification
• Update Manager client application
• The smpatch command
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 81/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 8 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Locally Managing Updates for IndividualSystems (cont.)
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 82/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 9 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Update Manager Client• The Update Manager client is a successor to the Solaris
Patch Manager application.
• PatchPro analysis engine• A new user interface
• Users can:
• Analyze system to check for available updates• View a list of updates currently available and
applicable for the system
• View details about a specific update
• Install selected updates
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 83/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 10 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Update Manager Client (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 85/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 12 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Caching Patches With Update Manager'sProxy
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 86/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 13 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Connection Hosted Web Application
Sun Services
S C i H d W b A li i
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 87/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 14 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Connection Hosted Web Application(cont.)
Sun Services
E t bli hi S O li A t
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 88/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 15 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Establishing a Sun Online Account• A Sun Online Account is required for using the Sun
Connection services regardless of the mode of
connection you choose.• There is no charge for establishing such an account.
Start at:http://www.sun.com/
• Click on the My Account link.
Sun Services
Obt i S S i Pl
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 89/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 16 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Obtain a Sun Service Plan• A Sun Service Plan is optional.
• Without one you will get security and hardware driver
updates only.• If you want all the other updates available contact your
Sun Service Representative and subscribe to anappropriate service plan.
• Obtain a subscription key associated with that plan foruse later when you install and register systems for SunConnection functionality.
Sun Services
D l di d I t lli th U d t
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 90/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 17 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Downloading and Installing the UpdateManager Client Software
• Solaris OS versions that precede the Solaris 10 1/06
release.• Solaris 10 1/6 and later releases.
• The Update Manager client (1.0.4) download andinstallation:
• On SPARC-based systems# smpatch update -i 121118-05
• On x86-based systems:
# smpatch update -i 12119-05
Sun Services
St ti th U d t M Cli t F th
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 91/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 18 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting the Update Manager Client For theFirst Time
Click on the Java™ Desktop notification icon or run the
# /usr/bin/updatemanager command.
Sun Services
Registering Systems
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 92/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 19 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registering Systems
Sun Services
Registering Systems (cont )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 93/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 20 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registering Systems (cont.)
Sun Services
Registering Systems (cont )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 94/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 21 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registering Systems (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 95/534
Sun Services
Registration Confirmation
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 96/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 23 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registration Confirmation
Sun Services
Registration Complete
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 97/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 24 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Registration Complete
Sun Services
Installing Updates With the UpdateManager Client
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 98/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 25 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Updates With the UpdateManager Client
Sun Services
Installing Updates With the UpdateManager Client (cont )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 99/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 26 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Updates With the UpdateManager Client (cont.)
Sun Services
Installing Updates With the UpdateManager Client (cont )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 100/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 27 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Updates With the UpdateManager Client (cont.)
Sun Services
Setting Update Manager Client Preferences
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 101/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 28 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Setting Update Manager Client Preferences• The source of your updates.
• The Update Manager’s proxy hostname, IP address
and authentication details.• The directory where updates will be downloaded.
(Default is /var/sadm/spool.)
• The backout data directory setting.
• New update available notification icon for your JavaDesktop.
• Daily automatic update analysis.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 102/534
Sun Services
Configuring the Update Manager’s Proxy
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 103/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 30 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Verify that required packages are on your system:# pkginfo | grep SUNWpsvrsystem SUNWpsvrr Patch Server Deployment (Root)
system SUNWpsvru Patch Server Deployment (Usr)• Set the network proxy for the Update Manager’s proxy:
# patchsvr setup -x network_proxy:port
• Specify the next update server:
# patchsvr setup -p http://server-name:port/solaris/
• Specify the default Sun update server:# patchsvr setup -p https://getupdates1.sun.com/solaris/
• Start the proxy server:
# patchsvr start
• Configure the proxy server to start on subsequent system boots:# patchsvr enable
Sun Services
Configuring Clients to Use the UpdateManager’s Proxy
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 104/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 31 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring Clients to Use the UpdateManager s Proxy
Install and start the Update Manager client software on the
client by typing the following command:# /usr/bin/updatemanager
Sun Services
Configuring Clients to Use the UpdateManager’s Proxy (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 105/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 32 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
C g g C U UpManager s Proxy (cont.)
Sun Services
Patch Administration From the CLI
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 106/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 33 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• A Solaris OS update types include:
• Standard updates
• Recommended patches• Update clusters
• An update is distributed as a directory that is identified
by a unique number:105050-01.jar
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 107/534
Sun Services
Phases for Applying Updates
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 108/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 35 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
pp y g p• The full sequence involves these phases:
• Analyzing your system
• Downloading the necessary updates• Applying the updates
• Phase control:
• The smpatch update command performs all three
functions in one command.• The smpatch analyze and smpatch update
commands performs all three functions using twocommands.
• The smpatch analyze, smpatch download, andsmpatch add commands will perform all threefunctions using three commands.
Sun Services
Command Examples
l l l d d h
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 109/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 36 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Analyze your local system and determine theappropriate, available updates for it.# smpatch analyze > plist# vi plist...119397-06 SunOS 5.10: patch for North America region localesissues# patchadd -p | grep 119397
• Download (but not apply) a new update.# smpatch download -i 119397-06119379-06 has been validated.# smpatch get | grep download
patchpro.download.directory - /var/sadm/spool# cd /var/sadm/spool ; ls119397-06.jar...
Sun Services
Command Examples (cont.)
I ll d if d
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 110/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 37 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Install and verify an update.# smpatch add -i 119397-06add patch 119397-06
Patch 119397-06 has been successfully installed.# patchadd -p | grep 119397-06Patch: 119397-06 Obsoletes: Requires: 121734-01 Incompatibles:Packages: SUNWnameos SUNWnamdt SUNWnamow# smpatch analyze | grep 119397-06
• Remove an update.# smpatch remove -i 119397-06remove patch 119397-06Transition old-style patching.
Patch 119397-06 has been backed out.# smpatch analyze | grep 119397-06119397-06 SunOS 5.10: patch for North America region localesissues
Sun Services
Command Examples (cont.)
A l d t i t
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 111/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 38 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Apply an update in one step.# smpatch update -i 118815-05118815-05 has been validated.
Installing patches from /var/sadm/spool...118815-05 has been applied./var/sadm/spool/patchpro_dnld_2007.03.16@12:36:36:MST.txt hasbeen moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2007.03.16@12:36:36:MST.txt
Sun Services
Configuring the Patch ManagementEnvironment
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 112/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 39 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• The smpatch get, smpatch set and smpatch unset
commands are used to configure the patchmanagement environment:
• smpatch get displays the current settings forenvironment parameters.
• smpatch set changes values for environmentparameters.
• smpatch unset enables the default values forenvironment parameters.
Sun Services
Command Examples
• Displa the current en ironment parameter alues
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 113/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 40 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Display the current environment parameter values.# smpatch getpatchpro.backout.directory - ""
patchpro.baseline.directory - /var/sadm/spoolpatchpro.download.directory - /var/sadm/spoolpatchpro.install.types - rebootafter:reconfigafter:standardpatchpro.patch.source http://192.168.201.1:3816/solaris/ https://getupdates1.sun.com/solaris/patchpro.patchset - currentpatchpro.proxy.host - ""patchpro.proxy.passwd **** ****patchpro.proxy.port - 8080patchpro.proxy.user - ""
• Set a new value for the update source.# smpatch set patchpro.patch.source=http://newproxy.apex.com:3816/solaris/# smpatch getpatchpro.backout.directory - ""patchpro.baseline.directory - /var/sadm/spoolpatchpro.download.directory - /var/sadm/spool
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 114/534
Sun Services
Command Examples (cont.)
patchpro.download.directory - /var/sadm/spool
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 115/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 42 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
patchpro.download.directory /var/sadm/spoolpatchpro.install.types - rebootafter:reconfigafter:standardpatchpro.patch.source - https://getupdates1.sun.com/solaris/patchpro.patchset - current
patchpro.proxy.host - ""patchpro.proxy.passwd **** ****patchpro.proxy.port - 8080patchpro.proxy.user - ""
• Configure an update set which defines a subset of
updates that commands will work with.# smpatch set patchpro.patchset=recommended# smpatch analyze
Sun Services
Using the Update Policy for ApplyingUpdates
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 116/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 43 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• The patchpro.install.types property defines the
update policy in effect for the update managementenvironment.
• Types of updates that are applied to the system:
• Standard updates that are applied immediately and
require no system restart• Updates that require a system restart
• Updates that must be manually applied
Sun Services
Example of Using the Update Policy
• Not Using the smpatch update command
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 117/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 44 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Not Using the smpatch update command# smpatch analyze | grep wanboot119681-06 SunOS 5.10: wanboot patch
# patchadd -p | grep 119681Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr# smpatch download -i 119681-06119681-06 has been validated.# smpatch add -i 119681-06add patch 119681-06...
Validating patches...Loading patches installed on the system...Done!Loading patches requested to install.Done!Checking patches that you specified for installation.
Done!Approved patches will be installed in this order:119681-06Patch 119681-06 has been successfully installed.
Sun Services
Example of Using the Update Policy (cont.)
# patchadd -p | grep 119681
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 118/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 3, slide 45 of 47Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
|Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakrPatch: 119681-06 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr# smpatch analyze | grep 119681-06
## cd /var/sadm/spool ; ls119681-06.jarcachepatchpro_dnld_2006.02.13@10:10:29:MST.txt# cat *.txtThis patch bundle was generated by PatchPro.
Please refer to the README file within each patch for installationinstructions. To properly patch your system, the following patchesshould be installed in the listed order:
1) 119681-06 !!! IMMEDIATE REBOOT !!!
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 120/534
Sun Services
Module 4
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 121/534
System Administration for the Solaris™ 10 Operating System, Part 2
Module 4
Managing Swap Configuration
Sun Services
Objectives
• Describe virtual memory
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 122/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 2 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
y
• Configure swap space
Sun Services
Introducing Virtual Memory
Virtual memory combines RAM and dedicated disk storage
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 123/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 3 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
y gareas known as swap space.
Virtual memory management software maps copies of files ondisk to virtual addresses.
Programs use these virtual addresses, rather than real
addresses, to store instructions and data.Virtual memory makes it possible for the operating system(OS) to use a large range of memory.
Sun Services
Physical RAM
When working with swap space, RAM is the most critical
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 124/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 4 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
g p presource in your system.
• Virtual and physical addressesThe Solaris 10 OS virtual memory managementsystem maps the files on disk to virtual addresses invirtual memory.
• Anonymous memory pages
Physical memory pages associated with a runningprocess can contain private data or stack information
that does not exist in any file system on disk. Theseare anonymous memory pages.
Sun Services
Swap Space
Sometimes a process must give up some of its memory space
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 125/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 5 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
allocation to another process.
Anonymous memory pages are placed in a swap area, butunchanged file system pages are not.
• Swap slices
The primary swap space on the system is a disk slice.In the Solaris 10 OS, the default location for theprimary swap space is slice 1 of the boot disk which, by default, starts at cylinder 0.
As additional swap space becomes necessary, youcan configure additional swap slices.
Sun Services
Swap Space (cont.)
• Swap files
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 126/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 6 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
It is also possible to provide additional swap space
on a system by using swap files.Swap files are files that reside on a file system, andthat have been created using the mkfile command.
Swap files can be permanently included in the swap
configuration by creating an entry for the swap filein the /etc/vfstab file.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 127/534
Sun Services
Paging
• The transfer of selected memory pages between RAMd th
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 128/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 8 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
and the swap areas.
• Physical RAM is made available for other processes touse.
• Use the pagesize command to display the size of amemory page in bytes.
• On SPARC-based systems:# pagesize8192
• On x86-based systems:
# pagesize4096
Sun Services
Configuring Swap Space
The swap command provides a method of adding, deleting,d it i th d b th k l
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 129/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 9 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
and monitoring the swap areas used by the kernel.
Swap area changes made from the command line are notpermanent and are lost after a reboot.
To create permanent additions to the swap space, create an
entry in the /etc/vfstab file.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 131/534
Sun Services
Adding Swap Space
Use the following procedures to add additional swap space toyour system
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 132/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 12 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
your system.
• To add swap slices, use the swap -a command:# swap -a /dev/dsk/c1t3d0s1
Edit the /etc/vfstab file and add a line similar tothe following:/dev/dsk/c1t3d0s1 - - swap - no -
Sun Services
Adding Swap Space
• To add swap files, use the mkfile command to createthe swap file For example:
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 133/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 13 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
the swap file. For example:# mkfile 20m /usr/local/swap/swapfile
Add the swap file to the system’s swap space.# swap -a /usr/local/swap/swapfile
Add an entry for the swap file to the /etc/vfstab
file./usr/local/swap/swapfile - - swap - no -
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 134/534
Sun Services
Removing Swap Space
• Removing swap files
Delete a swap file from the current swap
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 135/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 4, slide 15 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Delete a swap file from the current swapconfiguration.# swap -d /usr/local/swap/swapfile
• Remove the file to free the disk space that it isoccupying.
# rm /usr/local/swap/swapfile
• Edit the /etc/vfstab file, and remove the swap fileentry.
Sun Services
Module 5
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 136/534
System Administration for the Solaris™ 10 Operating System, Part 2
Managing Crash Dumps and Core Files
Sun Services
Objectives
• Manage crash dump behavior
• Manage core file behavior
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 137/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 2 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Manage core file behavior
Sun Services
Managing Crash Dump Behavior
If a fatal operating system error occurs, the operating systemgenerates a crash dump by writing some of the contents of the
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 138/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 3 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
g p y gphysical memory to a predetermined dump device, which
must be a local disk slice.
You can configure the dump device by using the dumpadmcommand.
After the operating system has written the crash dump to thedump device, the system reboots.
The crash dump is saved for future analysis to help determine
the cause of the fatal error.
Sun Services
Crash Dump
When the operating system crashes, the savecore commandis automatically executed during a boot.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 139/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 4 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
y g
• The savecore command places kernel coreinformation in the/var/crash/nodename/vmcore.X file.
• The savecore command places name list information
and symbol table information in the/var/crash/nodename/unix.X file.
You can use the dumpadm command to configure the location
of the dump device and the savecore directory.
Sun Services
Displaying the Current Dump Configuration
To view the current dump configuration, use the dumpadmcommand without arguments.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 140/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 5 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
g
# dumpadm Dump content: kernel pagesDump device: /dev/dsk/c0t0d0s1 (swap)Savecore directory: /var/crash/sys-02Savecore enabled: yes
Sun Services
Changing the Crash Dump Configuration
The dumpadm command manages the configuration of thecrash dump facility.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 141/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 6 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
p y
The syntax of the dumpadm command is as follows:/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device][-m mink | minm | min%] [-s savecore-dir] [-r root-dir]
Use the dumpadm command to make all modifications to thecrash dump configuration, rather than attempting to edit the/etc/dumpadm.conf file manually.
Sun Services
Managing Core File Behavior
When a process terminates abnormally, it typically producesa core file.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 142/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 7 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
You can use the coreadm command to specify the name orlocation of core files produced by abnormally terminatingprocesses.
Sun Services
Core Files
• A core file is a disk copy of the address space of aprocess at a certain point in time.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 143/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 8 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• The operating system generates two possible copies ofcore files:
• The global core file
• The per-process core file
Sun Services
Displaying the Current Core File
Configuration
You use the coreadm command without arguments to display
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 144/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 9 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
g p ythe current configuration.
# coreadm global core file pattern:global core file content: defaultinit core file pattern: core
init core file content: defaultglobal core dumps: disabledper-process core dumps: enabledglobal setid core dumps: disabledper-process setid core dumps: disabledglobal core dump logging: disabled
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 145/534
Sun Services
Changing the Core File Configuration
• The coreadm command allows you to control how corefiles are generated.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 146/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 11 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• For example, you can use the coreadm command toconfigure a system so that all process core files areplaced in a single directory.
• You can separately enable or disable two configurable
core file paths: per-process and global.
Sun Services
Changing the Core File Configuration
• All users can run the coreadm command with the -poption to specify the file name pattern to use forper process core files
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 147/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 12 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
per-process core files.
coreadm [-p pattern] [pid...]
• The root user can use the following coreadm commandoptions to configure system-wide core file options.coreadm [-g pattern] [-G content] [-i pattern] [-I content]
[-d option...] [-e option...]
• Pattern options determine how core files are named.
• Content options determine the content of global corefiles.
Sun Services
Pattern Options for the coreadmCommand
• %p - PID
• %u - Effective user ID (EUID)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 148/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 13 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• %g - Effective group ID (EGID)• %f - Executable file name
• %n - System node name (uname -n)
• %m - Machine hardware name (uname -m)
• %t - The time in seconds since midnight January 1, 1970
• %d - Executable file directory/name
• %z - Zonename
• %% - Literal %
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 149/534
Sun Services
Pattern Options for the Global Core File
Content
• rodata – Read-only private file mappings
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 150/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 15 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• shanon – Anonymous shared mappings• shfile – Shared mappings that are backed by files
• shm – System V shared memory
• stack – Process stack
• symtab – Symbol table sections for loaded object
• text – Readable and executable private file mappings
Sun Services
Examples of the coreadmCommand
• Example 1 – Setting the core file name pattern as aregular user
Wh t d f ’ $HOME/ fil
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 151/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 16 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
When executed from a user’s $HOME/.profile or$HOME/.login file, the following entry sets the corefile name pattern for all processes run during thelogin session:
# coreadm -p core.%f.%p $$
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 152/534
Sun Services
Examples of the coreadmCommand
• Example 3 – Enabling and setting the core file globalname pattern
The following is an example of setting system wide
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 153/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 18 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The following is an example of setting system-wide
parameters that add the executable file name andPID to the name of any core file that is created:
# coreadm -g /var/core/core.%f.%p -eglobal
Sun Services
Examples of the coreadmCommand
• Example 4 – Checking the core file configuration forspecific PIDs
Running the coreadm command with a list of PIDs
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 154/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 5, slide 19 of 19Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Running the coreadm command with a list of PIDs
reports each process’s per-process core file namepattern, for example:# coreadm 228 507228: core default
507: /usr/local/swap/corefiles/%n.%f.%p default
Sun Services
Module 6
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 155/534
Advanced System Administration for the Solaris™ 10 Operating System
Configuring NFS
Sun Services
Objectives
• Describe the benefits of NFS
• Describe the fundamentals of the NFS distributed filesystem
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 156/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 2 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
system
• Manage an NFS server
• Manage an NFS client
• Enable the NFS server logging
• Manage NFS with the Solaris Management Consolestorage folder tools
• Troubleshoot NFS errors
Sun Services
NFS Benefits
The NFS service enables computers of different architecturesrunning different operating systems to share file systemsacross a network.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 157/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 3 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
You can implement the NFS environment on differentoperating systems (OS) because NFS defines an abstractmodel of a file system.
NFS file system operations, such as reading and writing, workas if they were accessing a local file.
Sun Services
NFS Benefits
The benefits of the NFS service are as follows:
• Allows multiple computers to use the same files,
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 158/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 4 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
because all users on the network can access the samedata
• Reduces storage costs by sharing applications oncomputers instead of allocating local disk space for
each user application• Provides data consistency and reliability, because all
users can read the same set of files
• Supports heterogeneous environments, includingthose found on a personal computer (PC)
• Reduces system administration overhead
Sun Services
NFS Distributed File System Fundamentals
The NFS environment contains the following components:
• NFS server
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 159/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 5 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• NFS client
The Solaris 10 OS supports versions 2, 3, and 4 NFSsimultaneously.
The default is to use NFSv4.
Version-related checks are applied whenever a client hostattempts to access a server’s file share.
Sun Services
NFS Distributed File System Fundamentals
(cont.)
• NFS serverNFS Server (Host 1) NFS Client (Host 2)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 160/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 6 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
( )
Shared
Directories and
Disk Storage
NFS server
shares disk
storage with
NFS client.
( )
/ /
export opt
rdbms
sharelibbin
rdbms
Host1# share /export/rdbms
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 162/534
Sun Services
Pseudo-File System
Server exports:
/export_fs/local
/export_fs/projects/nfs4 /export_fs
/
Exported directoriesServer file systems:
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 163/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 9 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
export_fs export_fs
local
nfs4x
projects payroll
nfs4
local projects
nfs4
Client view of server’s export_fs dir:Server file systems:
Sun Services
Strong Security
• Remote Procedure Call (RPC) implementation of theGeneral Security Service framework (GSS)
• New security flavor RPCSEC_GSS
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 164/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 10 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Used with Sun Enterprise Authentication Mechanism(SEAM) software
• Other GSS_API applications
Sun Services
Compound Procedures
NFS version 3 NFS version 4
-> LOOKUP "export" ->OPEN "export/testdata"
<- OK READ
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 165/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 11 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
->LOOKUP "testdata" <- OPEN OK<- OK READ OK
-> ACCESS "testdata" (sends data)
<- OK
-> READ "testdata"<- OK
(sends data)
Sun Services
Extended Attributes
• Mandatory – Minimal level of operation
• Recommended – Operating environment dependent
• Named – Byte string, data associated with files or file
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 166/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 12 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
y g,system
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 167/534
Sun Services
Delegation
• The server delegates the management of a file to aclient.
• The server alone decides whether to grant a delegation.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 168/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 14 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• The new nfs4cbd (1M) daemon is used for callback.
• The server sends callback to get the updated state of thefile and to revoke the delegation.
• Different NFS client versions behave differently whena conflict occurs.
• Delegation is enabled by default.
Sun Services
Configuring an NFS Server and Client
• nfs(4) configuration file:
/etc/default/nfs
• Enabling NFS versions on server:
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 169/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 15 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NFS_SERVER_VERSMIN=num
NFS_SERVER_VERSMAX=num
• Enabling NFS versions on client:
NFS_CLIENT_VERSMIN=num
NFS_CLIENT_VERSMAX=num
num =version 2, 3 or 4
• Other options in nfs(4)
Sun Services
Managing an NFS Server
• NFS server files
You need several files to support NFS serveractivities on any computer.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 170/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 16 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• /etc/dfs/dfstab
• /etc/dfs/sharetab
• /etc/dfs/fstypes
• /etc/rmtab• /etc/nfs/nfslog.conf
• /etc/default/nfslogd
• /etc/default/nfs
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 171/534
Sun Services
Managing an NFS Server
• The /etc/dfs/sharetab file
The /etc/dfs/sharetab file contains a table of localresources currently being shared.# / /df / h b
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 172/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 18 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# cat /etc/dfs/sharetab/usr/local/data - nfs ro Shared data files/rdbms_files - nfs ro,root=sys01 Database files
Sun Services
Managing an NFS Server
• The /etc/rmtab file
The /etc/rmtab file contains a table of file systemsremotely mounted by NFS clients.# t / t / t b
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 173/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 19 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# cat /etc/rmtabsys-03:/usr/local/datasys-02:/export/config...
• The /etc/default/nfs file
The /etc/default/nfs file lists parameters that can be set for NFS daemon and NFS protocols.
Sun Services
NFS Server Daemons
To start the NFS server daemons, enable thesvc:/network/nfs/server service.
# svcadm -v enable nfs/server
/ t k/ f / d f lt bl d
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 174/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 20 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
svc:/network/nfs/server:default enabled.
If a system has entries in its /etc/dfs/dfstab file, the NFSserver daemons start when the system enters the
multi-user-servermilestone.
Sun Services
NFS Server Daemons
• mountd
• nfsd
• statd
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 175/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 21 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• lockd
• nfslogd
• nfsmapid
In NFSv4, the features provided by the mountd and lockddaemons are integrated into the NFSv4 protocol.
Sun Services
NFS Server Daemons
• The mountd daemon
The mountd daemon handles NFS file system mountrequests from remote systems and provides access
control
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 176/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 22 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
control.The mountd daemon determines if a particulardirectory is being shared, and if the requesting clienthas permission to access it.
• The nfsd daemon
When a client process attempts to access a remotefile resource, the nfsd daemon on the NFS server
receives the request and the resource’s file handle,and then performs the requested operation.
Sun Services
NFS Server Daemons
• The statd daemon
The statd daemon works with the lock managerlockd daemon to provide crash recovery functions
for the lock manager
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 177/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 23 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
for the lock manager.• The lockd daemon
The lockd daemon supports record-lockingoperations for NFS files.
• The nfslogd daemon
The nfslogd daemon provides operational loggingfor an NFS server.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 178/534
Sun Services
Managing the NFS Server Daemons
The NFS daemons start conditionally when the systemtransitions through run levels, or they start manually whenenabling the svc:/network/nfs/server service.
The svcs command can be used to show the dependencies of
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 179/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 25 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The svcs command can be used to show the dependencies ofthe nfs/server service.
# svcs | grep nfs
online 15:35:24 svc:/network/nfs/client:defaultonline 15:35:29 svc:/network/nfs/status:default...# svcs -l nfs/serverfmri svc:/network/nfs/server:defaultname NFS server
...
Sun Services
Managing the NFS Server Daemons
• Starting and stopping the NFS server daemons
To start the NFS server daemons manually, place anentry in the /etc/dfs/dfstab file and perform the
following command:
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 180/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 26 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
following command:# svcadm enable svc:/network/nfs/server
To stop the NFS server daemons manually, performthe following command:# svcadm disable svc:/network/nfs/server
Sun Services
NFS Server Commands
• share
• unshare
• shareall
• unshareall
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 181/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 27 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• unshareall
• dfshares
• dfmounts
Sun Services
Configuring the NFS Server for Sharing
ResourcesWhen the NFS server daemons are running, you can use theshare command to make file resources available.
For example to share the /usr/local/data directory as a
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 182/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 28 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
For example, to share the /usr/local/data directory as aread-only shared resource, perform the following command:
# share -o ro /usr/local/data
Sun Services
Configuring the NFS Server for Sharing
ResourcesThe share command options:
• ro
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 183/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 29 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
ro• rw
• root=access-list
• ro=access-list
• rw=access-list
• anon=n
Sun Services
Configuring the NFS Server for Sharing
Resources• Making file resources unavailable for mounting
Use the unshare command to make file resources
unavailable for mount operations.F l t k th / /l l/d t
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 184/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 30 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
unavailable for mount operations.For example, to make the /usr/local/datadirectory unavailable for client-side mountoperations, perform the following command:
# unshare /usr/local/data
• Displaying currently shared NFS resources
The dfshares command displays currently sharedNFS resources.# dfsharesRESOURCE SERVER ACCESS TRANSPORTsys-02:/usr/local/data sys-02 - -
Sun Services
Configuring the NFS Server for Sharing
Resources• Displaying NFS mounted resources
The dfmounts command displays remotely mounted
NFS resource information.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 185/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 31 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# dfmountsRESOURCE SERVER PATHNAME CLIENTS- sys-02 /usr/local/data sys-03
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 186/534
Sun Services
Managing the NFS Client
• The /etc/vfstab file
To mount remote file resources at boot time, enterthe appropriate entries in the client’s /etc/vfstab
file. For example:
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 187/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 33 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
psys-02:/usr/local/data - /usr/remote_data nfs - yes soft,bg
• The /etc/mnttab file
The /etc/mnttab file system provides read-onlyaccess to the table of mounted file systems for thecurrent host.
Mounting a file system adds an entry to the
/etc/mnttab file.
Sun Services
NFS Client Daemons
The NFS client daemons are started using thesvc:/network/nfs/client service.
• statd
• lockd
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 188/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 34 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
lockd
• nfs4cbd
Sun Services
Managing the NFS Client Daemons
Two NFS daemons, the statd daemon and the lockddaemon, run both on the NFS servers and the NFS clients.
These daemons start automatically when a system enters thenetworkmilestone.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 189/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 35 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# svcs -D milestone/networkSTATE STIME FMRIdisabled 15:34:35 svc:/network/dns/client:default
disabled 15:34:37 svc:/network/nfs/cbd:default(output omitted)online 16:31:18 svc:/network/nfs/nlockmgr:defaultonline 16:33:12 svc:/network/nfs/status:default
Sun Services
Managing the NFS Client Daemons
• The lockd daemon is started by the SMF servicenfs/nlockmgr.# svcadm -v enable nfs/nlockmgrsvc:/network/nfs/nlockmgr:default enabled.
• The statd daemon is started by the SMF service
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 190/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 36 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
ynfs/status.# svcadm -v enable nfs/statussvc:/network/nfs/status:default enabled.
To manually restart these daemons, perform thefollowing commands:# svcadm -v restart nfs/statusAction restart set for svc:/network/nfs/status:default.
# svcadm -v restart nfs/nlockmgrAction restart set for svc:/network/nfs/nlockmgr:default.#
Sun Services
NFS Client Commands
• dfshares
• mount
• umount
• mountall
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 191/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 37 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• umountall
Sun Services
Configuring the NFS Client for Mounting
Resources• Displaying a server’s available resources
You can use the dfshares command to list resources
made available by an NFS server.#
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 192/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 38 of 48
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# dfshares sys-02RESOURCE SERVER ACCESS TRANSPORTsys-02:/usr/local/data sys-02 - -...
Sun Services
Configuring the NFS Client for Mounting
Resources• Accessing the remote file resource
Use the /usr/sbin/mount command to attach a local
or remote file resource to the local file systemhierarchy For example:
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 193/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 39 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
hierarchy. For example:# mount sys-02:/rdbms_files /rdbms_files
When mounting a read-only remote resource, youcan specify a comma-separated list of sources for theremote resource, which are then used as a list offailover resources.# mount -o ro sys-45,sys-43,sys-41:/multi_homed_data /
remote_shared_data
Sun Services
Configuring the NFS Client for Mounting
Resources• Unmounting the remote file resources from the client
Use the umount command to detach local and remotefile resources from the file system hierarchy.# umount /rdbms_files
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 194/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 40 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Mounting all file resources
The /usr/sbin/mountall command mounts all file
resources listed in the /etc/vfstab file with a mountat boot value of yes.
To limit the action of this command to remote fileresources, use the -r option.# mountall -r
Sun Services
Configuring the NFS Client for Mounting
Resources• Unmounting all currently mounted file resources
Use the umountall command with the -r option to
restrict unmounting to only remote file systems.# umountall r
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 195/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 41 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# umountall -r
• Mounting remote resources at boot time
To mount a remote file resource at boot time, createan appropriate entry in the client’s /etc/vfstab file.For example:sys-02:/usr/local/data - /usr/remote_data nfs - yes soft,bg
Sun Services
The mountCommand Options
• rw|ro
• bg|fg
• soft|hard
• intr|nointr
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 196/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 42 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• suid|nosuid
• timeo=n
• retry=n• retrans=n
Sun Services
Fundamentals of NFS Server Logging
The NFS server logging feature records NFS transactions.
The nfslogd daemon provides operational logging.
When you enable NFS server logging, the NFS kernel modulewrites records of all NFS operations on the file system into a
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 197/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 43 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
p y buffer file.
The nfslogd DaemonThe nfslogddaemon converts the raw data from the loggingoperation into ASCII records, and stores the raw data in ASCIIlog files.
Sun Services
Configuring NFS Log Paths
The /etc/nfs/nfslog.conf file defines the path, file names,and type of logging that the nfslogd daemon must use.
A tag corresponds to each definition.
To configure NFS server logging, identify or create the tag
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 198/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 44 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
g gg g, y gentries for each of the server’s shared resources.
The global tag defines default values.
Sun Services
Configuring NFS Log Paths
Tagged entries in /etc/nfs/nfslog.conf use the followingformat:
<tag> [ defaultdir=<dir_path> ] \
[ log=<logfile_path> ] [ fhtable=<table_path> ] \[ buffer=<bufferfile_path> ] [ logformat=basic|extended ]
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 199/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 45 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
For example:
global defaultdir=/var/nfs \log=nfslog fhtable=fhtable buffer=nfslog_workbuffer
Sun Services
Configuring NFS Log Paths
Use the following parameters with each tag, as required:
• defaultdir=dir_path
• log=logfile_path
• fhtable=table_path
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 200/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 46 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• buffer=bufferfile_path
• logformat=basic|extended
Create any directories you specify in/etc/nfs/nfslog.conf before starting NFS server logging.
Sun Services
Initiating NFS Logging
To initiate NFS server logging, complete the following steps:
1. Become superuser.
2. Optional: Change the configuration settings in the/etc/nfs/nfslog.conf file.
3 Sh h fil f hi h bl
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 201/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 47 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
3. Share the file system for which you want to enablelogging, adding the -o log option, or the log=tag
option. Example:share -F nfs -o log /export/sys44_data
4. Check that the NFS service is running on the server.
5. Run the share command to verify that the correctoptions are listed for the directory you shared.
Sun Services
Managing NFS With the Solaris
Management Console Storage Folder ToolsYou can manage the NFS system by using components of thestorage folder tools from the default tool box of the Solaris
Management Console.The Mounts and Shares tool lets you view create and manage
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 202/534
Advanced System Administration for the Solaris™ 10 Operating System Module 6, slide 48 of 48Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The Mounts and Shares tool lets you view, create, and manageseveral types of mounts and shares.
Sun Services
Module 7
Configuring AutoFS
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 203/534
System Administration for the Solaris™ 10 Operating System, Part 2
Sun Services
Objectives
• Describe the fundamentals of the AutoFS file system
• Use automount maps
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 204/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 2 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
AutoFS Fundamentals
AutoFS is a file system mechanism that provides automaticmounting using the NFS protocol.
AutoFS is a client-side service.
The AutoFS service mounts and unmounts file systems asi d ith t i t ti
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 205/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 3 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
required without any user intervention.
The automount facility contains three components:• The AutoFS file system
• The automountd daemon
• The automount command
Sun Services
AutoFS Fundamentals
RAM
Automount Maps
a u t o m o u n t - vAutoFS
a u t o m o u n t d
a u t o m o u n t d
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 206/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 4 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Master map
Direct map
Indirect map
Special map
Sun Services
AutoFS Fundamentals
• AutoFS file system
An AutoFS file system’s mount points are defined inthe automount maps on the client system.
After the AutoFS mount points are set up, activityunder the mount points can trigger file systems to bem t d d th m t i t
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 207/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 5 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
mounted under the mount points.
If a mount request is made for an AutoFS resource
not currently mounted, the AutoFS service calls theautomountd daemon, which mounts the requestedresource.
Sun Services
AutoFS Fundamentals
• The automountd daemon
The /lib/svc/method/svc-autofs script starts theautomountd daemon.
The automountd daemon mounts file systems ondemand and unmounts idle mount points.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 208/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 6 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• The automount command
The automount command, called at system startuptime, reads the master map to create the initial set ofAutoFS mounts.
These AutoFS mounts are not automatically
mounted at startup time, they are the points underwhich file systems are mounted on demand.
Sun Services
Using Automount Maps
The following lists the AutoFS map types:
• Master map
• Direct map
• Indirect map
• Special
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 209/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 7 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Special
Sun Services
Using Automount Maps (cont.)
NFS Client"venues"
/
auto_master
etc
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 210/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 8 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
/net -hosts [options]
/home auto_home [options]
/- auto_direct [options]
auto_direct
/opt/moreapps pluto: /export/opt/apps
auto_home
Ernie mars:/export/home/ernieMary mars:/export/home/mary
Sun Services
Configuring the Master Map
The auto_master map associates a directory, also called amount point, with a map.
The auto_mastermap is a master list specifying all the maps
that the AutoFS service should check.
The following example shows an /etc/auto master file
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 211/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 9 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The following example shows an /etc/auto_master file.
# cat /etc/auto_master
# Master map for automounter#+auto_master/net -hosts -nosuid,nobrowse/home auto_home -nobrowse
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 212/534
Sun Services
Using the /netDirectory
Shared resources associated with the hosts map entry aremounted below the /net/hostname directory.
For example, a shared resource named
/documentation on host sys42 is mounted by the command:
# cd /net/sys42/documentation
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 213/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 11 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Adding Direct Map Entries
A /- entry in the master map defines a mount point for adirect map.
/- auto_direct -ro
Creating a Direct Map
Direct maps specify the absolute path name of the mount
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 214/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 12 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Direct maps specify the absolute path name of the mountpoint, the specific options for this mount, and the shared
resource to mount. For example:
# cat /etc/auto_direct# Superuser-created direct map for automounter#
/apps/frame -ro,soft server1:/export/framemaker,v6.0/opt/local -ro,soft server2:/export/unbundled/usr/share/man -ro,soft server3,server4,server5:/usr/share/man
Sun Services
Adding Indirect Map Entries
Indirect maps obtain the initial path of the mount point fromthe master map. For example, the /home entry in the mastermap defines the base for mount points listed in the indirectmap called auto_home.
/home auto_home -nobrowse
• Creating an indirect map
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 215/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 13 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Creating an indirect map
Entries in an indirect map list the remainder of thepreferred mount point, and the resource to mount.For example:stevenu host5:/export/home/stevenujohnnyd host6:/export/home/johnnyd
Sun Services
Adding Indirect Map Entries (cont.)
• Reducing the auto_home map to a single line
In this example, the use of substitution characterswithin auto_home specifies that for every login ID,
the client remotely mounts the/export/home/loginID directory from the NFSserver.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 216/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 14 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
* server1:/export/home/&
• The wildcard character (*) matches any key.• The substitution character (&) at the end of the path
is replaced with the matched key field.
Sun Services
Adding Indirect Map Entries (cont.)
NFS Server
"mars"
export
NFS Client
"venus"
/
home
etc
/
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 217/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 15 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
home
ernie
Mount on Demand
by automountd
auto_homeuto_home
autofsutofs
auto_home
autofs
mary
mary
Sun Services
Updating the Automount Maps
When making changes to the master map or creating a directmap, run the automount command to make the changeseffective.
You do not have to stop and restart the automountd daemon.
You can modify existing entries in a direct map at any time.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 218/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 16 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The new information is used when the automountd daemon
next accesses the map entry to perform a mount.Any modifications to indirect maps are automatically used bythe automountd daemon.
Sun Services
Stopping and Starting the Automount
System• Stopping the automount system
To disable the service manually, enter the following
command:# svcadm disable svc:/system/filesystem/autofs
• Starting the automount system
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 219/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 7, slide 17 of 17Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Starting the automount system
To enable the service manually, enter the followingcommand:# svcadm enable svc:/system/filesystem/autofs
Sun Services
Module 8
Describing RAID and the Solaris™Volume Manager Software
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 220/534
System Administration for the Solaris™ 10 Operating System, Part 2
Sun Services
Objectives
• Describe RAID
• Describe Solaris Volume Manager software concepts
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 221/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 2 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 222/534
Sun Services
RAID 0
• Concatenated volumes (or concatenations)
Physical
Slice A
RAID 0
(Concatenation)
Logical Volume
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 223/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 4 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Physical
Slice B
Physical
Slice C
Solaris Volume
Manager
Sun Services
RAID 0 (cont.)
• Striped volumes (or stripes)
Interlace 4
Interlace 1
Interlace 5
Interlace 2
Interlace 6
Interlace 3
Physical
Slice A
Physical
Slice B
Physical
Slice C
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 224/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 5 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Solaris VolumeManager
RAID 0(Stripe)
Logical Volume
Interlace 4 Interlace 5
Interlace 2
Interlace 6
Interlace 1 Interlace 3
Sun Services
RAID 1
Interlace 2
Interlace 3
Interlace 4
Interlace 1
Submirror 1
RAID 1
(Mirror)
Logical Volume
Submirror 2Submirror 1
Submirror 2Solaris Volume
Manager
Int 1
Int 2
Int 1
Int 2
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 225/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 6 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Interlace 2
Interlace 3
Interlace 4
Interlace 1 Int 3
Int 4
Int 3
Int 4
Sun Services
RAID 0+1
PhysicalSlice A
PhysicalSlice B
PhysicalSlice C
PhysicalSlice D
PhysicalSlice E
PhysicalSlice F
RAID 0(Striped)
Volume
Submirror 1
RAID 0(Striped)
Volume
Submirror 2
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 226/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 7 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
RAID 1
(Mirrored)
Volume
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 227/534
Sun Services
Mirror Options
Mirror performance can be modified by using the followingoptions:
• Mirror read policy
• Mirror write policy
You can define mirror options when you initially create themirror or after you set up the mirror You can distribute the
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 228/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 9 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
mirror or after you set up the mirror. You can distribute the
load across the submirrors to improve read performance.
Sun Services
Mirror Read Policies
Read Policy Description
Round Robin (default) Balances the load across the submirrors
Geometric Enables the system to divide reads amongsubmirrors on the basis of a logical disk block
addressFirst Directs all reads to the first submirror
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 229/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 10 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Mirror Write Policies
Write Policy Description
Parallel (Default) Replicates a write to a mirror, and dispatchesthe write to all of the submirrorssimultaneously
Serial Specifies that writes to one submirror mustcomplete before initiating writes to the nextsubmirror
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 230/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 11 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
RAID 5
P(4-6)
Interlace 7
Interlace 10
Interlace 1
Physical
Slice A
Interlace 4
P(7-9)
Interlace 11
Interlace 2
PhysicalSlice B
Interlace 3
RAID 5Logical Volume
Interlace 8
Interlace 7
Interlace 6
Interlace 2
Interlace 3
Interlace 4
Interlace 5
Interlace 1
Solaris Volume
Manager
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 231/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 12 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Interlace 5
Interlace 8
P(10-12)
Physical
Slice C
P(1-3)
Interlace 9
Interlace 12
Interlace 6Physical
Slice D
Interlace 12
Interlace 9
Interlace 10
Interlace 11
Sun Services
RAID 5 (cont.)
Requirements for RAID-5 Volumes
The general configuration guidelines for configuring RAID-5volumes are:
• Create a RAID-5 volume with a minimum of threeslices. The more slices a RAID-5 volume contains, thelonger read and write operations take when a slice fails.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 232/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 13 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
g p
• Do not stripe, concatenate, or mirror RAID-5 volumes.• Do not create a RAID-5 volume from a slice that
contains an existing file system, because you will erasethe data during the RAID-5 initialization process.
Sun Services
RAID 5 (cont.)
• When you create a RAID-5 volume, you can define theinterlace value. If you do not specify a value, a defaultvalue of 16 Kbytes is assigned.
• A RAID-5 volume (with no hot spares) can only handlea single slice failure.
• To optimize performance, use slices across separatecontrollers when creating RAID-5 volumes.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 233/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 14 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
g
• Use disk slices of the same size. Creating a RAID-5volume of different-sized slices results in unused diskspace on the larger slices.
Sun Services
RAID 5 (cont.)
Suggestions for RAID 5 Volumes
The following general suggestions can help avoid commonperformance problems when using RAID-5 volumes:
• Because of the complexity of parity calculations,volumes with greater than about 20 percent writesshould probably not be RAID-5 volumes. If data
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 234/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 15 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
p y
redundancy on a write-heavy volume is needed,consider mirroring.
• If the slices in the RAID-5 volume reside on differentcontrollers and the accesses to the volume are primarily
large sequential accesses, then setting the interlacevalue to 32 Kbytes might improve performance.
Sun Services
Hardware Considerations
For any given application there are trade-offs in performance,availability, and hardware costs. A few categories ofinformation that you must address during the storageplanning phase are:
• General storage guidelines
• Determining storage characteristics
St f id li
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 235/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 16 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Storage performance guidelines
Sun Services
Choosing Storage Mechanisms
Feature RAID-0Concatenation
RAID-0Stripe
RAID-1Mirror
RAID-5 StripeWith Parity
Redundantdata
No No Yes Yes
Improved readperformance
No Yes Depends ontheunderlyingdevice
Yes
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 236/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 17 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Improvedwriteperformance
No Yes No No
Sun Services
Optimizing Redundant Storage
Factors RAID 1(Mirror)
RAID 5 Non-Redundant
Write operations Faster Slower Neutral
Random read Slower Faster Neutral
Hardware cost Highest Higher Lowest
Performanceduring failure
Best Poor Data loss
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 237/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 18 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Introducing Solaris Volume ManagerSoftware Concepts
The Solaris Volume Manager software lets you manage largenumbers of disks and the data on those disks. Most tasksinclude:
• Increasing storage capacity
• Increasing data availability
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 238/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 19 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Making the administration of large storage deviceseasier
Sun Services
Logical Volume
SVM software uses virtual disks called logical volumes tomanage physical disks and their associated data.
You can create the Solaris Volume Manager software volumes
from slices (disk partitions) or from other Solaris VolumeManager software volumes.
The Enhanced Storage tool within the Solaris ManagementC l ll t li t t d dif t f
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 239/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 20 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Console allows you to list, create, and modify any type ofSVM software volumes or components.
Sun Services
Soft Partitions
Soft partitions provide a mechanism for dividing largestorage spaces into smaller, more manageable sizes.
Use soft partitioning to divide a slice or volume into as many
divisions as needed. A soft partition, once named, can bedirectly accessed by applications, including file systems, aslong as it is not included in another volume.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 240/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 21 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Introducing the State Database
Before creating volumes using the Solaris Volume Managersoftware, state database replicas must exist on the SolarisVolume Manager software system.
The Solaris Volume Manager software automatically updatesthe state database when a configuration or state changeoccurs.
The state database is a collection of multiple replicated
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 241/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 8, slide 22 of 22Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The state database is a collection of multiple, replicateddatabase copies. Having copies of the state database protectsagainst data loss from single points-of-failure.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 242/534
Sun Services
Objectives
• Describe Solaris Volume Manager software concepts• Build a RAID-0 (concatenated) volume
• Build a RAID-1 (mirror) volume for the root (/) file
system
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 243/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 2 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Solaris Volume Manager Concepts
The Solaris Volume Manager software in the Solaris 9 OS andSolaris 10 OS replaces the Solstice DiskSuite™ software usedin releases of the Solaris OS prior to Solaris 9 OS.
The Solaris Volume Manager software is used to implementRAID 0, RAID 1, RAID 1+0, and RAID 5.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 244/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 3 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
State Database Replicas
The state database stores information on disk about the stateof your Solaris Volume Manager software configuration.
Multiple copies of the database, called replicas, provide
redundancy. The state database replicas should be distributedacross multiple disks.
Solaris Volume Manager software uses a majority consensusalgorithm to determine which state database replicas contain
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 245/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 4 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
algorithm to determine which state database replicas containvalid data.
The algorithm requires that a majority (half +1) of the statedatabase replicas are available before any of them are
considered valid.
Sun Services
State Database Replicas
The majority consensus algorithm:
• Makes sure that the system stays running if at least halfof the state database replicas are available.
• Causes the system to panic if fewer than half of the statedatabase replicas are available.
• Prevents the system from starting the Solaris VolumeManager software unless a majority of the total number
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 246/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 5 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
g j y
of state database replicas are available.
Sun Services
Creating the State Database
You can create state database replicas by using the following:
• The metadb -a command
• The Solaris Volume Manager software GUI
The following example shows using metadb to create statedatabase replicas:
# metadb -a -f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 247/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 6 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# metadbflags first blk block count
a u 16 8192 /dev/dsk/c0t0d0s4a u 16 8192 /dev/dsk/c0t0d0s5a u 16 8192 /dev/dsk/c1t0d0s0a u 16 8192 /dev/dsk/c1t0d0s1
Sun Services
Creating the State Database Using theSolaris Management Console
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 248/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 7 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Creating the State Database Using theSolaris Management Console (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 249/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 8 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Creating the State Database Using theSolaris Management Console (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 250/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 9 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring RAID-0
RAID-0 volumes let you expand disk storage capacityefficiently. These volumes do not provide data redundancy, but can be used to expand disk storage capacity.
RAID-0 comes in two forms, stripes and concatenations.• Striping enables parallel data access because multiple
controllers can access the data at the same time. Astripe distributes data equally across all slices in the
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 251/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 10 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
ystripe.
• A concatenated volume writes data to the first availableslice. When the first slice is full, the volume writes data
to the next available slice.
Sun Services
Creating a RAID-0 Volume Using theCommand Line
• State database replicas must exist before you canconfigure any metadevices.
• For example, to create two replicas on each of twoslices, use the command:# metadb -a -f -c 2 c3t2d0s7 c3t3d0s7
• In this example, assume that the /export/home
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 252/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 11 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
(/dev/dsk/c0t0d0s7) file system is almost at capacity.A new slice from another disk will be concatenated toit, making a RAID-0 concatenated volume.
Sun Services
Creating a RAID-0 Volume Using theCommand Line
• Use the metainit command to create metadevices andassociate slices with them. For example:# metainit -f d0 2 1 c0t0d0s7 1 c3t2d0s0
d0: Concat/Stripe is setup
• The -f option is required if one of these slices iscurrently mounted.
• The metadevice name used for this concatenation is
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 253/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 12 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
d0.
• In a concatenation, the number of stripes is equal tothe number of slices being added, in this case 2.
• The number of slices in each stripe is one, so thenumber 1 appears before each slice.
Sun Services
Creating a RAID-0 Volume Using theCommand Line
• The new metadevice (d0) has been created, but is not being used yet. It needs to be remounted using the newmetadevice device files.
• Locate the entry in the /etc/vfstab file that mountsthe file system at boot time:/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/home ufs 2 yes -
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 254/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 13 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Change the device names to match the metadevicenames:/dev/md/dsk/d0 /dev/md/rdsk/d0 /export/home ufs 2 yes -
Sun Services
Creating a RAID-0 Volume Using theCommand Line
• Un-mount and re-mount the file system using the newdevice files:# umount /export/home
# mount /export/home# df -h /export/homeFilesystem size used avail capacity Mounted on/dev/md/dsk/d0 470M 395M 28M 94% /export/home
• The existing file system needs to be grown into the new
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 255/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 14 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
space.• This is done with the growfs command. Use the option
-M to specify a mount point:# growfs -M /export/home /dev/md/rdsk/d0...
Sun Services
Creating a RAID-0 Volume Using SolarisManagement Console
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 256/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 15 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Creating a RAID-0 Volume Using SolarisManagement Console (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 257/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 16 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Creating a RAID-0 Volume Using SolarisManagement Console (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 258/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 17 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Creating a RAID-0 Volume Using SolarisManagement Console (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 259/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 18 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Creating a RAID-0 Volume Using SolarisManagement Console (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 260/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 19 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring RAID-1
RAID-1 volumes are also known as mirrors and provide dataredundancy. A RAID-1 volume maintains identical copies ofthe data in the RAID-0 volumes from which it is made.
• Using multiple submirrors• A mirror is made of two or more RAID-0 volumes.
• The mirrored RAID-0 volumes are calledsubmirrors.
• A mirror consisting of two submirrors is known as a
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 261/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 20 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• A mirror consisting of two submirrors is known as atwo-way mirror.
• You can attach or detach a submirror from a mirror
at any time.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 262/534
Sun Services
Building a Mirror of the Root (/) File System
The procedure for building a mirror of the root (/) file systemcan be accomplished using the command line exclusively, butit is not possible to use the Solaris Management Console(SMC) exclusively.
This section describes how to create a RAID-1 volume for theroot (/) file system, which cannot be unmounted.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 263/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 22 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Building a Mirror of the Root (/) File System(cont.)
Creating a mirror of the root (/) file system requires thefollowing general steps:
1. Create a RAID-0 volume for the file system you wantto mirror.
2. Create a second RAID-0 volume to contain thesecond submirror of the RAID-1 volume.
3 Create a one-way mirror using the RAID-0 volume
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 264/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 23 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
3. Create a one-way mirror using the RAID-0 volumethat contains the file system to be mirrored.
4. Use the metaroot command to update the system’s
configuration, because this is a root (/) mirror.5. Reboot your system, because this is a root (/) mirror.
Sun Services
Building a Mirror of the Root (/) File System(cont.)
6. Attach the second submirror to the file systemmirror.
7. Record the alternate boot path that is used in theevent of a failure of the primary submirror, becausethis is a mirror of the root (/) file system.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 265/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 24 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Building a Mirror of the Root (/) File System(cont.)
• Creating the RAID-0 volumes
The first step when building a mirror of the root (/) filesystem is to create RAID-0 volumes, which you later
combine to form the mirror.Each RAID-0 volume becomes a submirror to themirror.
• Use the metainit command to create a RAID-0volume to be used as the primary submirror of the root
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 266/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 25 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
volume to be used as the primary submirror of the root(/) file system:# / usr/sbin/metainit -f d11 1 1 c0t0d0s0
d11: Concat/Stripe is setup
This command forces the creation of the d11 volume.
Sun Services
Building a Mirror of the Root (/) File System(cont.)
• To create a RAID-0 volume to be used as thesecondary submirror of the root file system, use the metainit command again:
# metainit d12 1 1 c3t3d0s1d12: Concat/Stripe is setup
• Creating the RAID-1 volume
The following metainit example creates a mirroredvolume named d10.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 267/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 26 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
volume named d10.
This command attaches the volume d11 as asubmirror of the mirror named d10.
# /usr/sbin/metainit d10 -m d11d10: Mirror is setup
Sun Services
Building a Mirror of the Root (/) File System(cont.)
• Executing the metaroot command
When creating mirrors of mounted file systems, youmust update the /etc/vfstab file to change the mount
point from a slice to a volume.The /etc/system file must change to include entriesrelated to SVM drivers.
When mirroring the root (/) file system, use the metaroot command to modify the /etc/vfstab and /
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 268/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 27 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
eta oot y /etc/ stab /etc/system files, as follows:# metaroot d10# grep md /etc/vfstab/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -# tail /etc/system rootdev:/pseudo/md@0:0,10,blk
Sun Services
Building a Mirror of the Root (/) File System(cont.)
• Rebooting the system
You must reboot the system before attaching thesecondary submirror.# init 6
• Attaching the secondary submirror
Attach the secondary submirror by using the
metattach command:
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 269/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 28 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# metattach d10 d12d10: submirror d12 is attached
Sun Services
Building a Mirror of the Root (/) File System(cont.)
The metastat command shows the mirror synchronizationtaking place.
# metastat d10d10: MirrorSubmirror 0: d11State: OkaySubmirror 1: d12State: Resyncing
Resync in progress: 83 % donePass: 1
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 270/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 29 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Pass: 1Read option: roundrobin (default)
Write option: parallel (default)Size: 307440 blocks (150 MB)
Sun Services
Building a Mirror of the Root (/) File System(cont.)
• Updating the boot-device PROM variable
Use the OpenBoot nvalias command to define abackup_root device alias for the secondary rootmirror. For example:ok nvalias backup_root /pci@1f,0/pci@1/pci@1/SUNW,isptwo@4/sd@3,0:b
Redefine the boot-device variable to reference both
the primary and secondary submirrors, in the orderh h h
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 271/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 30 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
p y y ,in which you want to access them.ok setenv boot-device disk backup_root netboot-device= disk backup_root net
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 272/534
Sun Services
Configuring an x86-Based System forMirrored Failover (cont.)
• The GNU GRand Unified Bootloader (GRUB)
• GRUB is responsible for loading a boot archive intothe system's memory.
• Understanding the GRUB device namingconventions can assist you in correctly specifyingdrive and partition information when you configureGRUB on your system.
• The functional GRUB components include the
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 273/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 32 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The functional GRUB components include thestage1 and stage2 programs, and the menu.lstfile.
Sun Services
Configuring an x86-Based System forMirrored Failover (cont.)
• x86/x64 Boot Program Locations
Sector 0 =
mboot + fdiskPartition table
Sector 0 = stage1
Sector 1 + 2 =disk label + VTOC
Disk Cylinders
0
1
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 274/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 33 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sector 50 = stage2- extends for 200 + sectors
Solaris fdisk partitioncylinder 0 (disk cyl 1) = slice 8
0
Sun Services
Configuring an x86-Based System forMirrored Failover (cont.)
• Creating a RAID-1 Volume From the root File System
• Configure the ordering for the BIOS boot devices, ifpossible.
• Configure the Solaris fdisk partition and root sliceon the mirror disk.
• Install the mboot program.
# fdisk -b /usr/lib/fs/ufs/mboot -n /dev/rdsk/c2d0p0
• Install the GRUB stage1 and stage2 programs
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 275/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 34 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Install the GRUB stage1 and stage2 programs.# /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 \/dev/rdsk/c2d0p0
Sun Services
Configuring an x86-Based System forMirrored Failover (cont.)
• Identify the slice that contains the existing root (/)file system to be mirrored.
• Create a new RAID-0 volume on the existing
root (/) file system to be mirrored.• Create a second RAID-0 volume on an unused slice
to act as the second submirror.
• Create a one-way mirror.• Remount your newly mirrored file system then
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 276/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 35 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
• Remount your newly mirrored file system, thenreboot the system.
# metaroot volume-name
# reboot
Sun Services
Configuring an x86-Based System forMirrored Failover (cont.)
• Attach the second submirror.# metattach volume-name submirror-name
• Define the alternative boot path in the
/boot/grub/menu.lst file.# vi /boot/grub/menu.lst....title alternate bootroot (hd1,0,a)
kernel /boot/multibootmodule /boot/x86.miniroot-safe
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 277/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 36 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
module /boot/x86.miniroot safe
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 278/534
Sun Services
Unmirroring the Root (/) File System (cont.)
• Because this is a root (/) file system mirror, run the metaroot command to update the /etc/vfstab and/etc/system files.# metaroot /dev/dsk/c0t0d0s0
• Reboot the system.# init 6
• Run the metaclear command to clear the mirror andsubmirrors.# metaclear -r d10d10: Mirror is cleared
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 279/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 38 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
d10: Mirror is clearedd11: Concat/Stripe is cleared# metaclear d12d12: Concat/Stripe is cleared
Sun Services
Unmirroring the Root (/) File System (cont.)
If you changed your boot-device variable to an alternate boot path, return it to its original setting.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 280/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 9, slide 39 of 39Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Module 10
Configuring Role-Based Access Control
(RBAC)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 281/534
System Administration for the Solaris™ 10 Operating System, Part 2
Sun Services
Objectives
• Describe RBAC fundamentals• Describe component interaction within RBAC
• Manage RBAC by using the Solaris ManagementConsole
• Manage RBAC by using the command line
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 282/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 2 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
RBAC Fundamentals
In conventional UNIX® systems, the root user (also referredto as the superuser) has the ability to perform any task.
In systems implementing RBAC, individual users can beassigned to roles, where roles are associated with rightsprofiles.
Rights profiles list the rights to run specific commands andapplications with escalated privileges.
Roles can also be assigned authorizations. An authorizationi d f i i RBAC li
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 283/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 3 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
grants access to restricted functions in RBAC compliantapplications.
Sun Services
Key RBAC Files
RBAC authorizations, roles, rights profiles, and privilegedcommands are defined in four files:
• The /etc/user_attr file
• The /etc/security/prof_attr file• The /etc/security/policy.conf file
• The /etc/security/exec_attr file
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 284/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 4 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
The user_attrFile
The /etc/user_attr file lists the rights profiles andauthorizations associated with users and roles.
When you create a new user account with no rights profiles,authorizations, or roles, nothing is added to the file.
Changes to this file will be illustrated as related RBACfeatures are described in this module.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 285/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 5 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Roles
• A role is a special identity, similar to a user account,used to run privileged applications or commands.
• You assign users to roles so those users can run thecommands associated with those roles.
• No predefined roles are shipped with the Solaris 10 OS.• You assign rights profiles to a role when you define a
role.
• The roles command lists the roles a user has beenassigned:
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 286/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 6 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# roles rootNo roles
Sun Services
Assigning Rights Profiles to Users
• A rights profile is a collection of rights that can beassigned to a user.
• A right is a command or script which runs with specialsecurity attributes.
• Many examples of rights profiles are shipped with theSolaris 10 OS.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 287/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 7 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Rights Profiles to Users
• The /etc/security/prof_attr file contains rightsprofile names and descriptions.# cat /etc/security/prof_attr(output omitted)All:::Execute any command as the user or role:help=RtAll.html
Log Management:::Manage log files:help=RtLogMngmnt.html...
• Each line starts with the rights profile name.
• The middle fields are not used, and the last two fields
hold a comment and a pointer to a help file.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 288/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 8 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Rights Profiles to Users
• The profiles command lists rights profiles assignedto a user.# profiles chrisBasic Solaris UserAll
• Every account has the All rights profile. It allows anycommand to be executed, but with special securityattributes.
• Other rights profiles given to all new user accounts aredefined in the /etc/security/policy.conf file.# grep 'PROFS' /etc/security/policy conf
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 289/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 9 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
# grep PROFS /etc/security/policy.confPROFS_GRANTED=Basic Solaris User
Sun Services
Assigning Rights Profiles to Users
• Rights profiles can be assigned to a user account withthe usermod command or the Solaris ManagementConsole (SMC).# usermod -P "Printer Management" chris# profiles chris
Printer ManagementBasic Solaris UserAll
• This automatically updates the/etc/user_attr file as
shown by the following:# grep chris /etc/user_attrchris::::type=normal;profiles=Printer Management
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 290/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 10 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
yp ;p g
Sun Services
The /etc/security/exec_attrFile
The /etc/security/exec_attr file holds executionattributes.
• An execution attribute is either a command with nooption, or a script that contains a command, possiblywith options.
• In this file, the special security attributes UID, EUID,GID, and EGID, specify attributes to add to a processwhen it runs.
• Only the users and roles assigned access to a particularrights profile can run its associated commands with
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 291/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 11 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
rights profile can run its associated commands withtheir special security attributes.
Sun Services
The /etc/security/exec_attrFile
Commands and special security attributes for the PrinterManagement rights profile are listed as follows:
# grep 'Printer Management' /etc/security/exec_attrPrinter Management:suser:cmd:::/etc/init.d/lp:euid=0;uid=0Printer Management:suser:cmd:::/usr/bin/cancel:euid=lp;uid=lpPrinter Management:suser:cmd:::/usr/bin/lpset:egid=14Printer Management:suser:cmd:::/usr/bin/lpstat:euid=0Printer Management:suser:cmd:::/usr/lib/lp/local/accept:uid=lpPrinter Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=8
Printer Management:suser:cmd:::/usr/lib/lp/lpsched:uid=0Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp;uid=lp...
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 292/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 12 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Rights Profiles to Roles
If a large number of user accounts require the sameconfiguration and management of rights profiles, it can beeasier to assign the rights profiles to a role and give the usersaccess to the role.
• Creating a roleThe roleadd command creates a role entry in the/etc/passwd, /etc/shadow, and /etc/user_attrfiles.# roleadd -m -d /export/home/level1 -c "Level One Support" \-P "Printer Management,Media Backup,Media Restore" level164 bl k
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 293/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 13 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
64 blocks
The role cannot be used until a password for it is set.
Sun Services
Assigning Rights Profiles to Roles
The changes to the /etc/passwd, /etc/shadow, and/etc/user_attr files are shown as follows:
# grep level1 /etc/passwdlevel1:x:102:1:Level One Support:/export/home/level1:/bin/pfsh# grep level1 /etc/shadow level1:CUs8aQ64vTrZ.:12713::::::# grep level1 /etc/user_attrlevel1::::type=role;profiles=Printer Management,MediaBackup,MediaRestore
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 294/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 14 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Rights Profiles to Roles
• Modifying a roleTo modify the login information of a role on asystem, use the rolemod command.
This example modifies the role’s rights profiles.# rolemod -P profile1,profile2 -s /usr/bin/pfksh level1
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 295/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 15 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Rights Profiles to Roles
• Purpose of the profile shellsA profile shell is a special type of shell that enablesaccess to the privileged rights that are assigned tothe rights profile.
The standard UNIX shells cannot be used, as theyare not aware of the RBAC files, and do not consultthem.
The profile shells are pfsh, pfcsh, and pfksh.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 296/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 16 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Roles to Users
The useradd command or the Solaris Management Console(SMC) can be used to assign users to roles.
The example shows the useradd command being used withthe -R option to assign roles:
# useradd -m -d /export/home/paul -R level1 paul64 blocks#
This example associates the level1 role with the user chris:# usermod -R level1 chris#
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 297/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 17 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
#
Sun Services
Using Roles
As it is not possible to directly log in to a role account, log inas a regular user first.
The roles command shows the roles available to youraccount.
$ iduid=103(paul) gid=1(other)$ roleslevel1
Switch the user to the role account with the su command.
$ su level1
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 298/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 18 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
$ su level1Password:$ id
uid=102(level1) gid=1(other)
Sun Services
Authorizations
An authorization grants access to restricted functions inRBAC-compliant applications.
Some applications and commands in the Solaris 10 OS arewritten to check the authorizations of the user calling them.
The predefined authorizations are listed in the/etc/security/auth_attr file.
# cat /etc/security/auth_attr
(output omitted)solaris.jobs.:::Job Scheduler::help=JobHeader.htmlsolaris.jobs.admin:::Manage All Jobs::help=AuthJobsAdmin.htmll i j b l
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 299/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 19 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
solaris.jobs.grant:::Delegate Cron & AtAdministration::help=JobsGrant.html
...
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 300/534
Sun Services
Assigning Authorizations
Authorizations can be assigned to user accounts.Authorizations can also be assigned to roles or embedded ina rights profile, which can be assigned to a user or role.
Authorizations may be assigned from the command line orwith SMC.
This example shows the useradd command used with the -A
option to add an authorization to a user:# usermod -A solaris.jobs.admin chris
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 301/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 21 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Authorizations
Theusermod
command automatically updates the/etc/user_attr file with this new information.
# grep chris /etc/user_attrchris::::type=normal;auths=solaris.jobs.admin;profiles=Printer
Management
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 302/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 22 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Authorizations to Roles
If a large number of user accounts require the sameconfiguration and management of authorizations, it can beeasier to assign the authorizations to a role and give the usersaccess to the role.
You can assign authorizations to roles with the roleaddcommand or with SMC.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 303/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 23 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Authorizations to Roles
This example uses theroleadd -P
and-A
options to create arole called level2 that is assigned the authorizationsolaris.admin.usermgr.*.
# roleadd -m -d /export/home/level2 -P "Mail Management" \
-A "solaris.admin.usermgr.*" level264 blocks#
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 304/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 24 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Assigning Authorizations to Rights Profiles
A rights profile usually includes a list of commands andspecial security attributes, the rights, as defined in the /etc/security/exec_attr file.
It is also possible to include predefined authorizations from
the /etc/security/auth_attr file in the rights profile byadding the authorizations to the /etc/security/prof_attrfile.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 305/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 25 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
RBAC Configuration File Summary
The figure on this slide shows how the four files used byRBAC are interrelated.
u s e r _ a t t r
Users
Roles
p r o f _ a t t r
Profiles
e x e c _ a t t r
Privileges
a u t h _ a t t r
Authorization
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 306/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 26 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
RBAC Configuration File SummaryFrom the / e t c / s e c u r i t y / a u t h _ a t t r database:
s o l a r i s . s y s t e m . d a t e : : : S e t D a t e & T i m e : : h e l p = S y s D a t e . h t m l
From the / e t c / u s e r _ a t t r database:
s y s a d m i n : : : : t y p e = r o l e ; p r o f i l e s = D e v i c e M a n a g e m e n t , F i l e s y s t e m
M a n a g e m e n t , P r i n t e r M a n a g e m e n t , A l l
j o h n d o e : : : : t y p e = n o r m a l ; a u t h s = s o l a r i s . s y s t e m . d a t e ; r o l e s = s y s a d m i n
From the / e t c / s e c u r i t y / p r o f _ a t t r database:
P r i n t e r M a n a g e m e n t : : : M a n a g e p r i n t e r s , d a e m o n s ,
s p o o l i n g : h e l p = R t P r n t A d m i n . h t m l ; a u t h s = s o l a r i s . a d m i n . p r i n t e r . r e a d , s o l a r i s . a
d m i n . p r i n t e r . m o d i f y , s o l a r i s . a d m i n . p r i n t e r . d e l e t e
From the / e t c / s e c u r i t y / e x e c _ a t t r database:
P r i n t e r M a n a g e m e n t : s u s e r : c m d : : : / u s r / s b i n / a c c e p t : e u i d = l p
P r i n t e r M a n a g e m e n t : s u s e r : c m d : : : / u s r / u c b / l p q : e u i d = 0
P r i n t e r M a n a g e m e n t : s u s e r : c m d : : : / e t c / i n i t . d / l p : e u i d = 0
P r i n t e r M a n a g e m e n t : s u s e r : c m d : : : / u s r / b i n / l p s t a t : e u i d = 0
P r i n t e r M a n a g e m e n t : s u s e r : c m d : : : / u s r / l i b / l p / l p s c h e d : u i d = 0
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 307/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 27 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Managing RBAC Using the SolarisManagement Console
The Solaris Management Console in the Solaris 10 OS enablesyou to configure RBAC features using a GUI console.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 308/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 28 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Managing RBAC Using the SolarisManagement Console
To set up privileged access using SMC, complete thefollowing steps:
1. Build the user accounts that will be assigned theRBAC rights profiles and roles.
2. Build the rights profiles needed to support theprivileged access requirements.
3. Build the role that will provide access to the rightsprofiles for designated users.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 309/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 29 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Managing RBAC Using the SolarisManagement Console
To access RBAC features in SMC, complete the followingsteps:
1. Select Management Tools.
2. Click This Computer.
3. Click System Configuration.
4. Double-click the Users icon.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 310/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 10, slide 30 of 30Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Module 11
Configuring System Messaging
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 311/534
System Administration for the Solaris™ 10 Operating System, Part 2
Sun Services
Objectives
• Describe the fundamentals of the syslog function
• Configure the /etc/syslog.conf file
• Configure syslogmessaging
• Use the Solaris Management Console log viewer
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 312/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 2 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
The syslogConcept
The syslog function sends messages generated by thekernel and system utilities and applications to the syslogddaemon. With the syslog function you can control messagelogging, depending on the configuration of the /etc/syslog.conf file. The daemon can:
• Write messages to a system log
• Forward messages to a centralized log host
• Forward messages to a list of users• Write messages to the system console
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 313/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 3 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
The /etc/syslog.confFile
A configuration entry in the /etc/syslog.conf file consistsof two tab-separated fields: selector and action.
The selector field has two components, a facility and alevelwritten as facility.level.
The action field determines where to send the message.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 314/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 4 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
The syslogdDaemon and the m4MacroProcessor
The syslogd daemon, the m4macro processor, and the /etc/syslog.conf file interact in conceptual phases to determinethe correct message routing.
These conceptual phases are described as:
1. The syslogd daemon runs the m4 macro processor.
2. The m4 processor reads the /etc/syslog.conf file,
processes any m4 statements in the input, and passesthe output to the syslogd daemon.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 315/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 5 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 316/534
Sun Services
The syslogdDaemon and the m4MacroProcessor
• The m4Macro Processor
s y s l o g . c o n f
Selector
Field
Action
Field
m 4
m 4
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 317/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 7 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
s y s l o g d
Sun Services
Configuring the /etc/syslog.confFile
The target locations for the syslogmessage files are definedwithin the /etc/syslog.conf file. You must restart thesyslogddaemon whenever you make any changes to this file.
The following excerpt from the /etc/syslog.conf file
shows how various events are logged by the system.*.err;kern.notice;auth.notice /dev/sysmsg*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages*.alert;kern.err;daemon.err operator
*.alert root*.emerg *
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 318/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 8 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring the /etc/syslog.confFile
In Line 1, every error event (*.err) and all kernel andauthorization facility events of level notice, which are noterror conditions but might require special handling, will write amessage to the /dev/sysmsg file.
In Line 2, every error event (*.err), all kernelfacility
eventsof level debug, all daemon facility events of level notice,and all critical levelmail events will record a message in the /var/adm/messages file. Therefore, errors are logged to bothfiles.
Line 3 indicates that all alert level events, including thekernel error level and daemon error level events, are sent tothe user operator if this user is logged in.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 319/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 9 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring the /etc/syslog.confFile
Line 4 indicates that all alert level events are sent to the rootuser if the root user is logged in.
Line 5 indicates that any event that the system interprets as anemergency will be logged to the terminal of every logged-in user.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 320/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 10 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Stopping and Starting the syslogdDaemon
The /lib/svc/method/system-log file starts the syslogdprocess during each system boot.
You can manually stop or start the syslogd daemon, or send
it a refresh command, which causes the daemon to rereadthe /etc/syslog.conf file.
# svcadm disable svc:/system/system-log:defaultTo start the syslogd daemon, perform the command:
# svcadm enable svc:/system/system-log:defaultTo send a refresh to the syslogd daemon, perform the command:# svcadm refresh svc:/system/system-log:default
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 321/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 11 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring syslogMessaging
The inetd daemon is the network listener process for manynetwork services. The inetd daemon listens for servicerequests on the TCP and User Datagram Protocol (UDP) portsassociated with each of the services listed in the inetdconfiguration file.
The inetd daemon is controlled through the use of theinetadm command.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 322/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 12 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Monitoring a syslogFile in Real Time
The tail -f command holds the file open so that you canview messages being written to the file by the syslogddaemon, for example:
# tail -f /var/adm/messages
Jun 14 13:15:39 host1 inetd[2359]:[ID 317013 daemon.notice] telnet[2361]
from 192.9.200.1 45800
1
7
2 5 63 4
8
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 323/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 13 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Using the Solaris Management ConsoleLog Viewer
You can use the Solaris Management Console Log Viewerapplication to view syslogmessage files. You can also usethis application to view and capture information from theManagement Tool logs. To open the viewer, perform thefollowing steps:
1. Use the smc command to open the SolarisManagement Console:
# smc &
The Solaris Management Console applicationlaunches.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 324/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 14 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Using the Solaris Management ConsoleLog Viewer
2. Select This Computer (hostname).
3. Select System Status.
4. Select Log Viewer.
The initial Log Viewer display lists Management Tools logentries from the /var/sadm/wbem/log directory.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 325/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 11, slide 15 of 15Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Module 12
Using Name Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 326/534
System Administration for the Solaris™ 10 Operating System, Part 2
Sun Services
Objectives
• Describe the name service concept
• Describe the name service switch file/etc/nsswitch.conf
• Describe the name service cache daemon (nscd)
• Get name service information
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 327/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 2 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Name Service Concept
Name services centralize the shared information in a network.
A single system, the name server, maintains the informationpreviously maintained on each individual host.
The name servers provide information, such as host names,Internet Protocol (IP) addresses, user names, passwords, andautomount maps.
Other hosts in the name service domain (called clients),request the information from the name server.
This name server system responds to clients, and translates,or resolves their requests from its memory-based (cached) or
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 328/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 3 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
disk-based databases.
Sun Services
Name Service Concept
/ e t c / n s s w i t c h . c o n f
/ e t c / h o s t s
Client DatabaseNameServer
LocalFile
1 2
3
5
4
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 329/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 4 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Name Service Concept
The name service concept provides the following benefits:
• A single point of administration for name service data
• Consistent name service information for systemswithin the domain
• All clients have access to changed data
• Assurance that clients do not miss updates
• Secondary servers prevent a single point-of-failure
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 330/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 5 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Domain Name System (DNS)
• Domain Name System (DNS) is an Internet-wide
naming system for resolving host names to IPaddresses and IP addresses to host names.
• DNS supports name resolution for both local andremote hosts, and uses the concept of domains to allowhosts with the same name to coexist on the Internet, solong as they are in different domains.
• For example:
www.sun.com and www.microsoft.com
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 331/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 6 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Domain Name System (DNS)
• The collection of networked systems that use DNS is
referred to as the DNS namespace.• The DNS namespace is divided into a hierarchy of
domains.
• Each domain is usually supported by two or morename servers, a master name server, and one or moreslave name servers.
• Each server implements DNS by running thein.named
daemon.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 332/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 7 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Domain Name System (DNS)
• On the client’s side, DNS is implemented through the
resolver. The resolver library resolves users’ queries.• The DNS name servers store the host and IP address
information in files called zone files.
• The svc:/network/dns/server:default servicestarts the DNS server during the boot process if theDNS server has been configured.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 333/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 8 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Network Information Service (NIS)
• Network Information Service (NIS) was developed
independently of DNS and has a slightly differentfocus.
• NIS stores information about host names, IP addresses,users, groups, and others.
• This collection of network information is referred to asthe NIS namespace.
• NIS namespace information is stored in files called NIS
maps.• NIS maps were designed to supplement many of the
UNIX /etc files.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 334/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 9 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Network Information Service (NIS)
• NIS maps are database files created from source files in
the /etc directory (or in a directory that you specify).• By default, these maps are stored in the
/var/yp/domainname directory on NIS servers.
• NIS uses domains to define who can access the hostnames, user information, and other administrative datain its namespace.
• However, NIS does not use a domain hierarchy to store
its data. Therefore, the NIS namespace is flat.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 335/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 10 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Network Information Service (NIS)
• Replicated NIS servers provide services to NIS clients.
• The principal server is called a master server, and, forreliability, it has a backup, or a slave server.
• Each server implements NIS by running the ypserv
daemon.• All NIS clients and servers must run the ypbind
daemon.
• The svc:/network/nis/server:default service
starts the NIS server during the boot process.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 336/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 11 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Network Information Service Plus (NIS+)
• Network Information Service Plus (NIS+) is similar to
NIS, but provides many more features.• NIS+ enables you to store information about machine
addresses, security information, mail information,Ethernet interfaces, and network services in centrallocations.
• This configuration of network information is referredto as the NIS+ namespace.
• The NIS+ namespace is hierarchical and is similar instructure to the UNIX directory tree.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 337/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 12 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Network Information Service Plus (NIS+)
• An NIS+ namespace can be divided into multiple
domains that can be administered independently.• NIS+ uses a client-server model to store and gain access
to the information contained in an NIS+ namespace.
• The principal server is called the root server, and the backup servers are called replica servers.
• Both root and replica servers run NIS+ server software,as well as maintain copies of NIS+ tables.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 338/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 13 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Network Information Service Plus (NIS+)
• NIS+ includes a sophisticated security system to
protect the structure of the namespace and itsinformation.
• NIS+ uses authentication and authorization to verifywhether a client’s request for information should befulfilled.
• Each server implements NIS+ by running therpc.nisd daemon.
• The svc:/network/rpc/nisplus:default servicestarts the NIS+ name service during the boot process.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 339/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 14 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Lightweight Directory Access Protocol(LDAP)
• LDAP is the protocol clients use to communicate witha directory server.
• It is a vendor-independent protocol and can be used on
common TCP/IP networks.• The Solaris 10 OS comes with an LDAP client andLDAP server.
• The LDAP Directory Server is called the Sun Java™
System Directory Server.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 340/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 15 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Lightweight Directory Access Protocol(LDAP)
• A directory server stores information in a DirectoryInformation Tree (DIT).
• Clients can query the directory server for information
or make changes to the information stored on theserver.
• The hierarchy of the directory tree structure is similarto that of the UNIX file system.
• Entries are named according to their position in thistree structure by a distinguished name (DN).
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 341/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 16 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Lightweight Directory Access Protocol(LDAP)
• The DN is similar to an absolute path name in UNIX.
• A Relative Distinguished Name (RDN) is similar to arelative path name in UNIX.
• A directory entry is composed of attributes that have atype, and one or more values.
• Similar to the DNS namespace, LDAP names start withthe least significant component and proceed to the
most significant.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 342/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 17 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Name Service Switch File
• The name service switch file determines which name
services a system uses to search for information, and inwhich order the name service request is resolved.
• All Solaris OS systems use the /etc/nsswitch.conffile as the name service switch file.
• The nsswitch.conf file is loaded with the contents ofa template file during the installation of the Solaris OS,depending on the name service that is selected.
• The /etc/nsswitch.conf file includes a list ofdatabases that are sources of information about IPaddresses, users, and groups.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 343/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 18 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Name Service Switch File
• The following entries are from the
/etc/nsswitch.conf file configured to support theNIS name service:...passwd: files nisgroup: files nis# consult /etc "files" only if nis is down.hosts: nis [NOTFOUND=return] files...networks: nis [NOTFOUND=return] filesprotocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] filesethers: nis [NOTFOUND=return] filesnetmasks: nis [NOTFOUND=return] filesbootparams: nis [NOTFOUND=return] filespublickey: nis [NOTFOUND=return] files...
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 344/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 19 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Name Service Switch File
• The information sources in/etc/nsswitch.conf are
listed in the order that they are searched.• Information sources
• files
• nisplus• nis
• dns
• ldap• user
If two or more sources are listed, the first listedsource is searched before moving to the next source.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 345/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 20 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Name Service Switch File
• When a name service is referenced, the attempt to
search this source can return one of the following statuscodes:
• SUCCESS
• UNAVAIL• NOTFOUND
• TRYAGAIN
• For each status code, two actions are possible:
• return
• continue
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 346/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 21 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Name Service Switch File
• When the action is not explicitly specified, the default
action is to continue the search using the next specifiedinformation source, as follows:
• SUCCESS = return
• UNAVAIL = continue• NOTFOUND = continue
• TRYAGAIN = continue
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 347/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 22 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring the Name Service CacheDaemon (nscd)
• The nscd daemon
• The nscd daemon is a process that provides a cachefor the most common name service requests.
• The nscd daemon starts during multiuser boot.• The /etc/nscd.conf configuration file controls the
behavior of the nscd daemon.
• The nscd daemon provides caching for the passwd,group, hosts, ipnodes, exec_attr, prof_attr,and user_attr databases.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 348/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 23 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring the Name Service CacheDaemon (nscd)
• Configuring the nscd daemon
• The/etc/nscd.conffile contains the configurationinformation for the nscd daemon.
• Each line specifies either an attribute and a value, oran attribute, a cache name, and a value.
• An example of an attribute and a value is as follows:
logfile /var/adm/nscd.log
• An example of an attribute, a cache name, and avalue is as follows:
enable-cache hosts no
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 349/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 24 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring the Name Service CacheDaemon (nscd)
• Stopping and starting the nscd daemon
• The nscddaemon’s cache might become out of datedue to various abnormal circumstances.
• A common way to force the nscddaemon to updateits cache is to stop and start the daemon.
• Restarting the nscd daemon
Clearing the cache by restarting the daemon can behelpful in removing old cached data:# svcadm restart system/name-service-cache:default
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 350/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 25 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Retrieving Name Service Information
• The getent command
You can query name service information sourceswith specific tools, such as the ypcat, nslookup,niscat, and ldaplist commands. However, thensswitch.conf file is not referenced by these
commands.The getent command has the following advantages:
• The getent searches the information sources in the
order listed in the name service switch file.• By using the name service switch file, the defined
status message codes and actions are tested as theyare currently configured.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 351/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 26 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Retrieving Name Service Information
• Using the getent command
The getent command retrieves a list of entries fromthe administrative database specified by database.
The sources for the database are specified in the/etc/nsswitch.conf file. The syntax is asfollows:
getent database [key]...
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 352/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 12, slide 27 of 27Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Module 13
Configuring Name Service Clients
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 353/534
System Administration for the Solaris™ 10 Operating System, Part 2
Sun Services
Objectives
• Configure a DNS client
• Configure an LDAP client
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 354/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 2 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring a DNS Client
Name resolution using the Internet domain name system
begins with the client-side resolver.
The client resolver code is controlled by the following files:
• /etc/resolv.conf
• /etc/nsswitch.conf
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 355/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 3 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring the DNS Client DuringInstallation
During the system identification phase of a Solaris 10 OSinstallation, use the following:
• The Name Service window, to select DNS as the name
service• The Domain Name window, to enter the DNS domain
name to which the client will belong
• The DNS Server Address window, to enter the IPaddresses of up to three DNS servers that the client willuse for lookups
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 356/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 4 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring the DNS Client DuringInstallation
During the system identification phase of a Solaris 10 OSinstallation, use the following:
• The DNS Search List window, to enter search suffixes
to supplement searches for names that are not fullyqualified
• The Confirm Information window, to verify that youhave provided accurate information
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 357/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 5 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Editing DNS Client Configuration Files
To use DNS with another name service, such as NIS or LDAP,
you must manually modify configuration files.
• Editing the /etc/resolv.conf file
The /etc/resolv.conf file contains configuration
directives for the DNS resolver. The directivesinclude the following:
• nameserver
• domain
• search
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 358/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 6 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Editing DNS Client Configuration Files
The following resolv.conf example shows two
name servers for the suned.sun.com domain.It also specifies two domain names,training.sun.com and sun.com, to append to anyrequests received that are not fully qualified.# cat /etc/resolv.confnameserver 192.168.10.11nameserver 192.168.20.88domain suned.sun.com training.sun.com sun.com
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 359/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 7 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Editing DNS Client Configuration Files
• Copying the /etc/nsswitch.dns file to the
/etc/nsswitch.conf file• To configure a client to use DNS in combination with
the system’s local files, copy the/etc/nsswitch.dns file to the
/etc/nsswitch.conf file.• This action only changes the hosts entry.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 360/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 8 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Setting Up an LDAP Client
Native LDAP is the client implementation of the LDAP name
service.
An LDAP server, such as the Sun Java Directory Server that is bundled with the Solaris 10 OS, must exist on the network.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 361/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 9 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Client Authentication
An LDAP client must establish a session with an LDAP server.
This authentication process is known as binding.
After a client is authenticated, it can then perform operations,such as “search and modify,” on the data.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 362/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 10 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Client Authentication
Details on how the client is authenticated and what data the
client is authorized to access is maintained on the LDAPserver.
To avoid having to re-enter the same information for each and
every client, a single client profile is created on the directoryserver.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 363/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 11 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Client Profile and Proxy Account
A single client profile defines the configuration parameters
for a group of Solaris OS clients allowed to access the LDAPdatabase.
Client profile:
• Contains the client’s credential information• Describes how authentication is to take place
• Provides the client with various configuration
parametersA proxy account is created to allow multiple clients to bind tothe server with the same access privileges.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 364/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 12 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Client Initialization
• The client profile and proxy account are created as part
of the Sun Java Directory Server setup procedures onthe Solaris 10 OS.
• By default, the client profile named default and theproxy account proxyagent are created under a special
profile directory entry.• When the Solaris LDAP client is initialized, a copy of
the client profile is retrieved from the server and storedon disk.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 365/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 13 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Configuring the LDAP Client DuringInstallation
To configure the LDAP client, complete the following steps:
• In the Name Service window, select LDAP as the nameservice.
• In the Domain Name window, enter the domain namewhere the system is located.
• In the LDAP Profile window, enter the profile nameand server IP address.
• In the LDAP Proxy Bind window, select No.
• In the Confirm Information window, verify that youhave provided accurate information.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 366/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 14 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Initializing the Native LDAP Client
You execute the ldapclient command on the client system
once to initiate the client as a native LDAP client.
The following example describes a typical client initialization:
# ldapclient init -a proxyPassword=proxy \
-a proxyDN=cn=proxyagent,ou=profile,dc=suned,dc=sun,dc=com\-a domainname=suned.sun.com 192.168.0.100System successfully configured
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 367/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 15 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Copying the /etc/nsswitch.ldapFile tothe /etc/nsswitch.conf File
During LDAP client initialization, the/etc/nsswitch.ldap file is copied over to the/etc/nsswitch.conf file.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 368/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 16 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Listing LDAP Entries
You use the ldaplist command to list the naming
information from the LDAP servers.Without any arguments, the ldaplist command returns allof the containers in the current search base DN.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 369/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 17 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
S t Ad i i t ti f th S l i ™ 10 O ti S t P t 2 M d l 13 lid 18 f 18
Unconfiguring an LDAP Client
To unconfigure an LDAP client, use the ldapclient
command with the uninit option.This command removes the client files from the/var/ldap directory and restores the previous/etc/nsswitch.conf file.
# ldapclient uninitSystem successfully unconfigured
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 370/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 13, slide 18 of 18Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
S f S O S
Module 14
Configuring the Network Information
Service (NIS)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 371/534
System Administration for the Solaris™ 10 Operating System, Part 2
Sun Services
System Administration for the Solaris™ 10 Operating System Part 2 Module 14 slide 2 of 29
Objectives
• Describe NIS fundamentals
• Configure the name service switch file• Describe NIS security
• Configure an NIS domain
• Build custom NIS maps• Troubleshoot NIS
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 372/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 2 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System Part 2 Module 14 slide 3 of 29
NIS Fundamentals
NIS facilitates the creation of server systems that act as central
repositories for several of the administrative files found onUNIX systems.
The benefits of NIS include the following:
• Centralized administration of configuration files• Better scaling of configuration file administration as
networks grow
NIS is organized into named administrative domains.
Within each domain there is one NIS master server, zero ormore slave servers, and one or more clients.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 373/534
System Administration for the Solaris 10 Operating System, Part 2 Module 14, slide 3 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 4 of 29
NIS Namespace Information
NIS stores information about host names and their IP
addresses, users, groups, and others.NIS maps can replace or be used with the configuration filesthat exist on each UNIX system.
NIS maps are located in the/var/yp/domainname directoryon NIS servers.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 374/534
System Administration for the Solaris 10 Operating System, Part 2 Module 14, slide 4 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 5 of 29
Map Contents and Sort Keys
Each map contains a key and value pair.
The key represents data used to perform the lookup in themap, while the value represents data returned after asuccessful lookup.
For example, for the domain name training, the NIS mapfiles list for the hostsmap are as follows:
• The /var/yp/training/hosts.byname.pag file
• The /var/yp/training/hosts.byname.dir file• The /var/yp/training/hosts.byaddr.pag file
• The /var/yp/training/hosts.byaddr.dir file
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 375/534
y p g y , ,Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 6 of 29
Commands to Read Maps
You can use two commands to read maps:
• ypcat [ -k ] mname
• ypmatch [ -k ] value mname
# ypcat hosts192.168.30.30 instructor instructor. loghost192.168.30.30 instructor instructor. loghost127.0.0.1 localhost...
# ypmatch sys44 hosts
sys44: 192.168.30.44 sys44 loghost# ypmatch usera passwdusera: usera:LojyTdiQev5i2:3001:10::/export/home/usera:/bin/ksh
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 376/534
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 7 of 29
NIS Domains
An NIS domain is a collection of hosts and interconnecting
networks that are organized into a single administrativeauthority.
Each NIS domain contains:
• One NIS master server• NIS slave servers (optional)
• NIS clients
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 377/534
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 8 of 29C i ht 2007 S Mi t I All Ri ht R d S S i R i i C
NIS Master Server
Within each domain, the NIS master server has the following
characteristics:• Contains the original source ASCII files used to build
the NIS maps
• Contains the NIS maps generated from the ASCII files• Provides a single point-of-control for the entire NIS
domain
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 378/534
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 9 of 29Copyright 2007 Sun Microsystems Inc All Rights Reserved Sun Services Revision C
NIS Slave Servers
Within each domain, the NIS slave servers have the following
characteristics:• Do not contain the original source ASCII files used to
build the NIS maps
• Contain copies of the NIS maps copied from the NISmaster server
• Provide a backup for NIS map information
• Provide redundancy in case of server failures
• Provide load sharing on large networks
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 379/534
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 10 of 29Copyright 2007 Sun Microsystems Inc All Rights Reserved Sun Services Revision C
NIS Clients
Within each domain, the NIS clients have the following
characteristics:• Do not contain the original source ASCII files used to
build the NIS maps
• Do not contain any NIS maps• Bind to the master server or to a slave server to obtain
access to the administrative file information containedin that server’s NIS maps
• Dynamically rebind to another server in case of serverfailure
• Make all appropriate system calls aware of NIS
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 380/534
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 11 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Processes
The main daemons involved in the running of an NIS domain
are as follows:• The ypserv daemon
• The ypbind daemon
• The rpc.yppasswdd daemon• The ypxfrd daemon
• The rpc.ypupdated daemon
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 381/534
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 12 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the Name Service Switch
When you select NIS as the name service during installation,the /etc/nsswitch.nis configuration file loads into thedefault /etc/nsswitch.conf file.
• Changing lookup requests to go from files to NIS
Entries in /etc/nsswitch.conf with the following form
cause requests to search files first, and then NIS:passwd: files nis
• Changing lookup requests to go from NIS to files
Entries in /etc/nsswitch.conf with the following form
cause requests to search NIS first, and then files:hosts: nis [NOTFOUND=return] files
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 382/534
py g y g
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 13 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
NIS Security
Just as NIS makes the network information more manageable,
it can also create inadvertent security holes.Two methods of closing these security holes are using thesecurenets file to restrict access to a single host or to asubnetwork, and using the passwd.adjunct file to limitaccess to the password information across the network.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 383/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 14 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an NIS Domain
To generate NIS maps, you need the source files.
You can find source files in the /etc directory on the masterserver.
Do not keep the source files in the /etcdirectory, because the
contents of the maps are then the same as the contents of thelocal files that control access to the master server.
This is a special problem for the /etc/passwd and
/etc/shadow files.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 384/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 15 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring an NIS Domain
• To locate the source files in another directory, modify
the /var/yp/Makefile file:• Change the INETDIR line to DIR=/ your-choice
• Change the DIR=/etc line to DIR=/ your-choice
• Change the PWDIR=/etc line toPWDIR=/ your-choice
• Copy files from/etc,/etc/inet,and/etc/servicesto DIR=/ your-choice
• Before you make any modifications to the/var/yp/Makefile file, save a copy of the originalMakefile file.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 385/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 16 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Generating NIS Maps
The NIS configuration script, /usr/sbin/ypinit, and the
make utility generate NIS maps.The ypinit command reads the /var/yp/Makefile file forsource file locations, and converts ASCII source files into NISmaps.
For security reasons and to prevent unauthorized root access,the files that build the NIS password maps should not containan entry for the root user.
To make sure of this, copy the files to an alternative directory,and modify the PWDIR entry in the Makefile file.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 386/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 17 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Locating Source Files
• The source files are located in the /etcdirectory on the
master server, but the files can be copied into anotherdirectory, such as /etc/yp_dir.
• The /etc/defaultdomain file sets the NIS domainname during system boot.
• The ypinit script calls the program make, which usesthe Makefile file located in the /var/yp directory.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 387/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 18 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Locating Source Files
• The /var/yp directory contains a subdirectory named
after the NIS domain name. This domainnamedirectory is the repository for the NIS maps.
• The /var/yp/binding/domainname directorycontains theypservers file where the names of the NIS
master server and NIS slave servers are stored.• The /usr/lib/netsvc/yp directory contains the
ypstop and ypstart commands that stop and startNIS services, respectively.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 388/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 19 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Converting ASCII Source Files Into NISMaps
To build new maps on the master server, perform thefollowing command:
# /usr/sbin/ypinit -m
The ypinit command prompts for a list of other machines to become NIS slave servers.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 389/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 20 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Master Server
To set up the NIS name service master server, complete the
following steps:1. Determine which machines on your network domain
will be NIS servers.
2. Choose an NIS domain name.3. Use the domainname command to set the local NISdomain.
4. Create an /etc/defaultdomain file that contains the
domain name.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 390/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 21 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Master Server
5. If the files do not already exist, use the touch
command to create zero-length files with thefollowing names: /etc/ethers, /etc/bootparams,/etc/locale, /etc/timezone, /etc/netgroup, and/etc/netmasks.
6. Install an updated Makefile file in the /var/ypdirectory if you intend to use NIS on the system thatfunctions as your JumpStart software server.
7. Create or populate the /etc/locale file, and make
an entry for each domain on your network.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 391/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 22 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Master Server
8. Initialize the master server by using the local /etc
files. Enter the ypinit -m command.a. When the program prompts you for a list of slave
servers, and after you complete your list, pressControl-D.
b. The program asks if you want to terminate it onthe first fatal error.
9. Copy the /etc/nsswitch.nis file to the/etc/nsswitch.conf file.
10.Start the NIS daemons on the master server with thefollowing command:# svcadm enable svc:/network/nis/server:default
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 392/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 23 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Testing the NIS Service
There are a number of commands that you can use to obtain
information from and about the NIS database.The most commonly used NIS commands are as follows:
• ypcat
• ypmatch• ypwhich
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 393/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 24 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Client
To configure the NIS client, complete the following steps:
1. Edit the /etc/inet/hosts file to ensure that the NISmaster server and all slave servers have beendefined.
2. Execute thedomainname domainname
command toset the local NIS domain.
3. Create or populate the /etc/defaultdomain filewith the domain name.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 394/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 25 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Client
4. To initialize the system as an NIS client, perform the
following command:# ypinit -c
5. When the system prompts you for a list of NISservers, enter the names of the NIS master and all
slave servers.6. Copy the /etc/nsswitch.nis file to the
/etc/nsswitch.conf file.
7. Start NIS with the following command:# svcadm enable svc:/network/nis/client:default
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 395/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 26 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Slave Server
To configure an NIS slave server, complete the following steps
on the system that you want to designate as the slave server:1. Edit the /etc/inet/hosts file to ensure that the NIS
master server and all slave servers have beendefined.
2. Execute the domainname domainname command toset the local NIS domain.
3. Create or populate the /etc/defaultdomain file
with the domain name.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 396/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 27 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Slave Server
4. To initialize the system as an NIS client, perform the
following command:# ypinit -c
5. When the system prompts for a list of NIS servers,enter the NIS master host followed by the name of
the local host and all other NIS slave servers on thelocal network.
6. Copy the /etc/nsswitch.nis file to the/etc/nsswitch.conf file.
7. On the NIS master, ensure that the ypserv process isrunning.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 397/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 28 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring the NIS Slave Server
8. On the proposed NIS slave system, start the ypbind
daemon.# svcadm enable svc:/network/nis/client:default
9. Initialize the system as an NIS slave by performingthe following command:
# ypinit -s master
10.Before starting the ypserv daemon on the slaveserver, stop the client with the following command:# svcadm disable svc:/network/nis/client:default
11. When the NIS server is started, it also starts theypbind client daemon.# svcadm enable svc:/network/nis/server:default
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 398/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 14, slide 29 of 29Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Updating the NIS Map
Because database files change with time, you must update
your NIS maps. To update the NIS maps (on the masterserver), complete the following steps:
1. Update the text files in your source directory.
2. Change to the /var/yp directory.
# cd /var/yp
3. Refresh the NIS database maps using the makeutility.
# /usr/ccs/bin/make
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 399/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2
Module 15
Introduction to Zones
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 400/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 2 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Objectives
• Identify the different zones features
• Understand how and why zone partitioning is used• Configure zones
• Install zones
• Boot zones• Administer packages with zones
• Upgrade the Solaris 10 OS with installed zones
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 401/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 3 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Solaris Zones
Solaris zones technology enables software partitioning of aSolaris 10 OS to support multiple instances of the operatingsystem services with independent process space, allocatedresources, and users.
Zones provide virtual operating system services that look like
different Solaris instances to users and applications.
Solaris zones allow administrators to dedicate systemresources to individual zones.
Each zone exists with separate process and file system space,and can only monitor and interact with local processes.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 402/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 4 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Features
• Security
• Isolation• Virtualization
• Granularity
• Transparency
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 403/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 5 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Types
The Solaris Operating System supports two types of zones:
• Global• Non-global
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 404/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 6 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Global Zones
Every Solaris system contains a global zone.
The global zone has two functions:
• It is the default zone for the system.
• It is the zone used for system-wide administrative
control.
The global zone is the only zone from which a non-globalzone can be configured, installed, managed, or uninstalled.
The global zone contains a complete installation of the Solarissystem software packages.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 405/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 7 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Global Zones
Each zone, including the global zone, is assigned a zone name.
The global zone always uses the name global. Non-globalzones must have user-defined names.
The system always assigns zone ID 0 to the global zone.
The system assigns non-zero zone IDs to non-global zoneswhen they boot.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 406/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 8 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Non-Global Zones
Non-global zones contain an installed subset of the completeSolaris Operating System software packages.
They can also contain Solaris software packages shared fromthe global zone and additional installed software packagesnot shared from the global zone.
Non-global zones share operation under the Solaris kernel booted from the global zone.
Non-global zones are not aware that any other zones exist.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 407/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 9 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Daemons
The system uses two daemons to control zone operation,zoneadmd and zsched.
The zoneadmd daemon is the primary process for managingthe zone’s virtual platform.
The zoneadmd daemon is responsible for the following:• Managing zone booting and shutting down
• Allocating the zone ID and starting the zsched system
process• Setting zone-wide resource controls
• Preparing the zone’s devices as specified in the zoneconfiguration
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 408/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 10 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Daemons
The zoneadmd daemon is also responsible for the following:
• Plumbing virtual network interfaces• Mounting loopback and conventional file systems
The zsched process involves the following:
• Every active zone has an associated kernel process,zsched.
• The zsched process enables the zones subsystem to
keep track of per-zone kernel threads.• Kernel threads doing work on behalf of the zone are
owned by zsched.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 410/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 12 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone File Systems
• Sparse root model
• The sparse root model installs a minimal number offiles from the global zone when you initialize anon-global zone.
• Files that need to be shared between a non-global
zone and the global zone are mounted throughread-only loopback file systems.
• By default, in the sparse root model, the directories/lib, /platform, /sbin, and /usr are mounted in
this manner.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 411/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 13 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone File Systems
• Whole root model
• The whole root model provides the maximumconfigurability.
• All of the required and any selected optional Solarispackages are installed into the private file systems of
the zone.• The disk requirements for this model are
determined by the disk space used by the packagescurrently installed in the global zone.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 412/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 14 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Networking
• Each non-global zone that requires networkconnectivity has one or more dedicated IP addresses.
• These addresses are associated with logical networkinterfaces that can be placed in a zone by using theifconfig command.
• For example, if the primary network interface in theglobal zone is ce0, then the non-global’s logicalnetwork interface might be ce0:1.
• Logical interfaces are automatically assigned the next
available identifier, for example, ce0:2, ce0:3.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 413/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 15 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone States
As you configure a non-global zone, bring it into operation,use the zone, reboot, or shut it down, the state that thezoneadm command reports for that zone changes.
The zoneadm command reports the following zone states:
• Undefined• Configured
• Incomplete
• Installed• Ready
• Running
• Shutting down and Down
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 414/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 16 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Configuring Zones
Configuring a zone requires completing the following tasks:
• Identifying the components that will make up the zone• Configuring the zone with the zonecfg command
• Verifying and committing the configured zone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 415/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 17 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Identifying Zone Components
When planning zones for your environment, you mustconsider the components that make up each zone’sconfiguration. These components include the following:
• A zone name
• A path to the zone’s root
• The zone network interfaces
• The file systems mounted in zones
• The configured devices in zones
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 416/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 18 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Allocating File System Space
There are no limits on how much disk space can be consumed by a zone.
The nature of the packages installed in the global zone affectsthe space requirements of the non-global zones that arecreated.
• As a general guideline, about 100 megabytes of freedisk space per non-global zone using the sparse rootmodel is required.
• By default, any additional packages installed in theglobal zone also populate the non-global zones.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 417/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 19 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zonecfgCommand
You can perform the following operations with zonecfg:
• You can create or delete a zone configuration.• You can add resources to a particular configuration.
• You can set properties for resources added to aconfiguration.
• You can remove resources from a particularconfiguration.
• You can query or verify a configuration.
• You can commit to a configuration.• You can revert to a previous configuration.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 418/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 20 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zonecfgCommand
• To simplify the user interface, zonecfg utilizes theconcept of a scope.
• The default scope is global.
• The zonecfg interactive command prompt changes toreflect the current scope.
• You can use the add and select subcommands toselect a specific resource, at which point the scopechanges to that resource.
• The end and cancel subcommands cause the scope torevert to global.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 419/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 21 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The zonecfgSubcommands
• Subcommands within the zonecfg utility are used toconfigure and provision zones.
• The zonecfg prompt indicates if the scope is global oris confined to a particular resource.
Note: The zonecfg subcommands are demonstrated
in the “Zone Configuration Walk-Through” section,later in this module.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 420/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 22 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The zonecfgResource Parameters
Resource types within the zonecfg utility include thefollowing:
• zonename• zonepath• autoboot
• pool• fs• inherit-pkg-dir• net• device• rctl• attr
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 421/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 23 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
The zonecfgResource Parameters
Parameters associated with the fs resource include thefollowing:
• dir
• special
• raw
• type
• options
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 422/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 24 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Configuration Walk-Through
To create a zone, you must log in to the global system as rootor a role-based access control (RBAC)-allowed user.
The following shows an example of configuring a zone named work-zone:
1 global# zonecfg -z work-zone2 zonecfg:work-zone> create3 zonecfg:work-zone> set zonepath=/export/work-zone4 zonecfg:work-zone> set autoboot=true5 zonecfg:work-zone> set pool=pool_default6 zonecfg:work-zone> add fs
7 zonecfg:work-zone:fs> set dir=/mnt8 zonecfg:work-zone:fs> set special=/dev/dsk/c0t0d0s7
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 423/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 25 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Configuration Walk-Through
9 zonecfg:work-zone:fs> set raw=/dev/rdsk/c0t0d0s710 zonecfg:work-zone:fs> set type=ufs11 zonecfg:work-zone:fs> add options [logging]12 zonecfg:work-zone:fs> end13 zonecfg:work-zone> add inherit-pkg-dir14 zonecfg:work-zone:inherit-pkg-dir> set dir=/opt/sfw 15 zonecfg:work-zone:inherit-pkg-dir> end
16 zonecfg:work-zone> add net17 zonecfg:work-zone:net> set physical=ce018 zonecfg:work-zone:net> set address=192.168.0.119 zonecfg:work-zone:net> end20 zonecfg:work-zone> add device21 zonecfg:work-zone:device> set match=/dev/sound/*
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 424/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 26 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Zone Configuration Walk-Through
22 zonecfg:work-zone:device> end28 zonecfg:work-zone:attr> set name=comment29 zonecfg:work-zone:attr> set type=string30 zonecfg:work-zone:attr> set value="The work zone."31 zonecfg:work-zone:attr> end32 zonecfg:work-zone> verify33 zonecfg:work-zone> commit34 zonecfg:work-zone> exit
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 425/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 27 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Viewing the Zone Configuration
You can use the zonecfg command to view the zoneconfiguration.
# zonecfg -z work-zone infozonepath: /export/work-zoneautoboot: truepool: pool_defaultinherit-pkg-dir:
dir: /libinherit-pkg-dir:
dir: /platforminherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:dir: /usr
...
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 426/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 28 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmCommand
The zoneadm command is the primary tool used to install andadminister non-global zones.
Operations using the zoneadm command must be run fromthe global zone.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 427/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 29 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmCommand
The following tasks can be performed using the zoneadmcommand:
• Verify a zone’s configuration
• Install a zone
• Boot a zone
• Reboot a zone
• Display information about a running zone
• Uninstall a zone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 428/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 30 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmCommand
• Verifying a configured zone
You can verify a zone before you install it. If youskip this procedure, the verification is performedautomatically when you install the zone.global# zoneadm -z work-zone verify Warning: /export/work-zone does not exist, so it cannot be verified. When
zoneadm install is run, install will try to create /export/work-zone, andverify will be tried again, but the verify may fail if: the parentdirectory of /export/work-zone is group- or other-writable or/export/work-zone overlaps with any other installed zones.
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 429/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 31 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmCommand
• Installing a configured zone
You use thezoneadm -z zone_name install
command to install a non-global zone.global# zoneadm -z work-zone install
Zone installation takes time to complete.
• Booting a zoneBooting a zone places the zone in the running state.global# zoneadm -z work-zone bootglobal# zoneadm list -v
ID NAME STATE PATH0 global running /1 work-zone running /export/work-zone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 430/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 32 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmCommand
• Halting a zone
The zoneadm halt command is used to remove boththe application environment and the virtual platformfor a zone.global# zoneadm -z work-zone haltglobal# zoneadm list -v
ID NAME STATE PATH0 global running /- work-zone installed /export/work-zone
• Rebooting a zone
The zoneadm reboot command is used to reboot azone.global# zoneadm -z work-zone reboot
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 431/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 33 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmCommand
• Logging in to the zone console
After you boot the zone for the first time, it isimportant to connect to the zone’s virtual consoleand complete the zone’s system identification beforeyou can begin using the zone.
Use the zlogin command with the -C option.global# zlogin -C work-zone
The first time that you connect to the zone’s virtualconsole, the system identification process starts
automatically.The ~. (tilde dot) character sequence terminates theconsole connection.
S S i
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 432/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 34 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using the zoneadmCommand
• Deleting a zone
The following zoneadm example removes a zone:# zoneadm list -cp0:global:running:/3:work-zone:running:/export/work-zone# zoneadm -z work-zone halt# zoneadm list -cp
0:global:running:/-:work-zone:installed:/zones/work-zone# zoneadm -z work-zone uninstallAre you sure you want to uninstall zone work-zone (y/[n])? y# zoneadm list -cp
0:global:running:/-:work-zone:configured:/export/work-zone# zonecfg -z work-zone deleteAre you sure you want to delete zone work-zone (y/[n])? y# zoneadm list -cp0:global:running:/
S S i
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 433/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 35 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zones
The standard Solaris package management tools, for example,pkgadd and pkgrm, are used to administer packages in the
zones environment.
Package parameters listed in the pkginfo file for a packagecontrol how the Solaris package tools can administer the
package.Currently, three package parameters control how packagesare administered. They are as follows:
• SUNW_PKG_ALLZONES• SUNW_PKG_HOLLOW
• SUNW_PKG_THISZONE
S S i
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 434/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 36 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zones
You can list parameters for packages using the pkgparamcommand.
# pkgparam -v SUNWzoneuCLASSES='none'BASEDIR='/'LANG='C'(output omitted)EMAIL=''SUNW_PKGVERS='1.0'SUNW_PKG_ALLZONES='true'SUNW_PKG_HOLLOW='false'PSTAMP='gaget20050121155950'
PKGINST='SUNWzoneu'PKGSAV='/var/sadm/pkg/SUNWzoneu/save'INSTDATE='Jan 26 2005 10:21'
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 435/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 37 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zones
• The -G option to the pkgadd command causes pkgaddto add a package to the current zone only.
• Package operations possible in the global zone
If the package is not currently installed in the globalzone and not currently installed in any non-global
zone, the package can be installed according to thefollowing guidelines:
• Only in the global zone, ifSUNW_PKG_ALLZONES=false
• In the global zone and all non-global zones
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 436/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 38 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zones
If the package is currently installed in the global zone only, thefollowing guidelines apply:
• The package can be installed in all non-global zones.
• The package can be removed from the global zone.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 437/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 39 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zones
If a package is currently installed in the global zone andcurrently installed in only a subset of the non-global zones,
the following guidelines apply:
• SUNW_PKG_ALLZONES must be set to false.
• The package can be installed in all non-global zones.
Existing instances in any non-global zone are updatedto the revision being installed.
• The package can be removed from the global zone.
• The package can be removed from the global zone andfrom all non-global zones.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 438/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 40 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zones
If a package is currently installed in the global zone andcurrently installed in all non-global zones, the package can be
removed from the global zone and from all non-global zones.
These rules ensure the following:
• Packages that are installed in the global zone are eitherinstalled in the global zone only, or installed in theglobal zone and all non-global zones.
• Packages that are installed in the global zone and also
installed in any non-global zone are the same across allzones.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 439/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 41 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Installing Packages in Zones
• If a package is not currently installed in the non-globalzone, the package can be installed only if
SUNW_PKG_ALLZONES=false.• If a package is currently installed in the non-global
zone, the following guidelines apply:
• The package can be installed over the existinginstance of the package only ifSUNW_PKG_ALLZONES=false.
• The package can be removed from the non-global
zone only if SUNW_PKG_ALLZONES=false.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 440/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 42 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Upgrading Solaris 10 OS With InstalledNon-Global Zones
The normal upgrade path from Solaris 10 to Solaris 10 01/06is not available if installed zones are present. There are threeoptions:
• Uninstall the zones, upgrade the OS, and reinstall the
zones.• Reinstall the entire OS from an initial install, with the
loss of existing zones configuration.
• Use the new features of Solaris 10 update 01/06 toupgrade the OS and any installed zones.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 441/534
Sun Services
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 43 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Solaris Install Media Support
• The new upgrade method for Solaris 10 update 01/06is only available on the DVD media.
• If no DVD reader is available, a network installationmust be used.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 442/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 44 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Upgrading the Solaris 10 OS
• Boot the system to be installed.
ok boot net - install
• Select Standard install.
• Choose Upgrade option.
• If installed zones are present, the upgrade continues
with the new method.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 443/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 15, slide 45 of 45Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Using Custom Jumpstart
• Custom jumpstart can be used to upgrade Solaris 10update 01/06 with installed zones.
• Only two profile keywords should be used:
• install_type
• root_device
• Other keywords will be ignored or will cause jumpstartto fail.
• Ignored: cluster, geo, locale, package, patch
• Causes failure: backup_media,layout_constraint
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 444/534
System Administration for the Solaris™ 10 Operating System, Part 2 Revision A
Module 16
Introduction to the ZFS File System
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 445/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 2 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Objectives
• Describe the Solaris ZFS file system
• Create new ZFS pools and file systems
• Modify ZFS file system properties
• Mount and unmount ZFS file systems
• Destroy ZFS pools and file systems
• Work with ZFS snapshots and Clones
• Use ZFS datasets with Solaris Zones
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 446/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 3 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
What Is Solaris ZFS?
• ZFS Pooled Storage
ZFS aggregates devices into storage pools.
• Transactional Semantics
Any sequence of operations is either entirelycommitted or entirely ignored.
• Checksums and Self-Healing DataAll data and metadata is checksummed, anddetected errors are corrected using replicated data.
• Unparalleled ScalabilitySolaris ZFS is a 128-bit file system, allowing for 256quadrillion zettabytes of storage.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 447/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 4 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
What Is ZFS?
• ZFS Snapshots
ZFS snapshots are read-only copies of file systemsthat initially consume no additional space in a pool.
• Simplified Administration
ZFS uses a simplified command set, uses an
hierarchical file system layout, supports file systemproperty inheritance and automatic mount points.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 448/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 5 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Terminology• checksum - A 256-bit hash of the data in a file system
block.
• clone - A file system whose initial contents are identicalto the contents of a snapshot.
• dataset - A generic name for the following ZFS entities:clones, file systems, snapshots, or volumes.
• file system - A dataset that contains a standard POSIXfile system.
• mirror - A virtual device that stores identical copies of
data on two or more disks.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 449/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 6 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Terminology (cont.)• pool - A logical group of devices describing the layout
and physical characteristics of the available storage.
• RAID-Z - A virtual device that stores data and parityon multiple disks, similar to RAID-5.
• resilvering -The process of transferring data from onedevice to another device is known as resilvering.
• snapshot - A read-only image of a file system orvolume at a given point in time.
• virtual device - A logical device in a pool, which can be
a physical device, a file, or a collection of devices.• volume - A dataset used to emulate a physical device.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 450/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 7 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Component Naming RequirementsEmpty components are not allowed.
Each component can only contain alphanumeric characters inaddition to the following four special characters:
• Underscore (_)
• Hyphen (-)• Colon (:)
• Period (.)
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 451/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 8 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Component Naming Requirements(cont.)
Pool names must begin with a letter, except that the beginning
sequencec[0-9] is not allowed. In addition, pool names that begin with mirror,raidz, orspare are not allowed as thesename are reserved.
Dataset names must begin with an alphanumeric character.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 452/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 9 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Hardware and Software Requirementsand Recommendations
A SPARC® or x86 system that is running the Solaris 10 6/06
release.
The minimum disk size is 128 Mbytes. The minimum amountof disk space required for a storage pool is approximately 64
Mbytes.
For good ZFS performance, at least one Gbyte or more ofmemory is recommended.
If you create a mirrored disk configuration, multiplecontrollers are recommended.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 453/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 10 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating ZFS File SystemsOne goal of the ZFS design is to reduce the number ofcommands needed to create a usable file system.
When you create a new pool, a new ZFS file system is createdand mounted automatically.
Within a pool, you will probably want to create additional filesystems.
In most cases, you will probably want to create and organizea hierarchy of file systems that matches your organizational
needs.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 454/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 11 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Components of a ZFS Storage PoolUsing Disks in a ZFS Storage Pool
Physical storage can be any block device of at least 128 Mbytesin size.
Typically, this device is a hard drive that is visible to thesystem in the /dev/dsk directory.
A storage device can be a whole disk (c1t0d0) or anindividual slice (c0t0d0s7).
The recommended mode of operation is to use an entire disk.ZFS applies an EFI label when you create a storage pool withwhole disks.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 455/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 12 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Components of a ZFS Storage Pool (cont.)Using Disks in a ZFS Storage Pool (continued)
Disks can be specified by using either the full path, such as/dev/dsk/c1t0d0, or a shorthand name.
For example, the following are valid disk names:
• c1t0d0• /dev/dsk/c1t0d0
• c0t0d6s2
ZFS works best when given whole physical disks.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 456/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 13 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Components of a ZFS Storage Pool (cont.)Using Files in a ZFS Storage Pool
ZFS also allows you to use UFS files as virtual devices in yourstorage pool.
This feature is aimed primarily at testing and enabling simpleexperimentation, not for production use.
The reason is that any use of files relies on the underlying filesystem for consistency.
All files must be specified as complete paths and must be atleast 128 Mbytes in size.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 457/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 14 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Components of a ZFS Storage Pool (cont.)ZFS pools can consist of whole disks, disk slices, or files.
Pool
Whole disk
(preferred)
Disk slice
File(for test only)
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 458/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 15 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Components of a ZFS Storage Pool (cont.)Virtual Devices in a Storage Pool
Each storage pool is comprised of one or more virtual devices.Two top-level virtual devices provide data redundancy:mirror and RAID-Z virtual devices. These virtual devicesconsist of disks, disk slices, or files.
Disks, disk slices, or files that are used in pools outside ofmirrors and RAID-Z virtual devices, function as top-levelvirtual devices themselves.
Storage pools typically contain multiple top-level virtualdevices. ZFS dynamically stripes data among all of the top-level virtual devices in a pool.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 459/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 16 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Components of a ZFS Storage Pool (cont.)A ZFS pool that uses disks as top level virtual devicesprovides no data replication.
36 3636
0
1
0
1
01
0
Data
0 1 0 1 0 0
0 101 0111 0
0 0 1 0
36 36 36
Stripe 1 Stripe 3
Stripe 2
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 460/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 17 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Replication Features of a ZFS Storage PoolMirrored Storage Pool Configuration
A mirrored storage pool configuration requires at least twodisks, preferably on separate controllers.
You can create more than one mirror in each pool.
A simple mirrored configuration would look similar to thefollowing:
mirror c1t0d0 c2t0d0
A more complex mirrored configuration would look similarto the following:
mirror c1t0d0 c2t0d0 c3t0d0 mirror c4t0d0 c5t0d0 c6t0d0
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 461/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 18 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Replication Features of a ZFS Storage Pool(cont.)
ZFS stripes data among mirror virtual devices in a pool, and
data is replicated within each mirror.
Data
0 1 0 1 0 0 0 10
10111 0 0
0 1 0
Stripe 1 Stripe 2
Mirror device Mirror device
36 36 36 36
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 462/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 19 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Replication Features of a ZFS Storage Pool(cont.)
RAID-Z Storage Pool Configuration
RAID-Z is similar to RAID-5.
In RAID-Z, ZFS uses variable-width RAID stripes so that all
writes are full-stripe writes.You need at least two disks for a RAID-Z configuration.
Conceptually, RAID-Z configuration with three disks would
look similar to the following:raidz c1t0d0 c2t0d0 c3t0d0
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 463/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 20 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Replication Features of a ZFS Storage Pool(cont.)
RAID-Z Storage Pool Configuration (continued)
A more complex conceptual RAID-Z configuration wouldlook similar to the following:
raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 c5t0d0 c6t0d0 c7t0d0 raidz
c8t0d0 c9t0d0 c10t0d0 c11t0d0 c12t0d0 c13t0d0 c14t0d0
If you are creating a RAID-Z configuration with many disks,as in this example, a RAID-Z configuration with 14 disks is
better split into a two 7-disk groupings.RAID-Z configurations with single-digit groupings of disksshould perform better.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 464/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 21 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Replication Features of a ZFS Storage Pool(cont.)
ZFS uses variable width stripes within RAID-Z devices.
36 3636
0
1
0
1
0
1
0
Data
RAID-Z device
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 465/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 22 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Replication Features of a ZFS Storage Pool(cont.)
Self-Healing Data in a Replicated Configuration
ZFS provides for self-healing data in a mirrored or RAID-Zconfiguration.
When a bad data block is detected, not only does ZFS fetch the
correct data from another replicated copy, but it also repairs the baddata by replacing it with the good copy.
Dynamic Striping in a Storage Pool
For each virtual device that is added to the pool, ZFS dynamicallystripes data across all available devices.
No fixed width stripes are created at allocation time.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 466/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 23 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Replication Features of a ZFS Storage Pool(cont.)
ZFS dynamically stripes data across all virtual devices in a
pool.
Data
0 1 0 1 0
0 0 101 0111
0 0 0 1 0
Stripe 1 Stripe 2
RAID-Z device RAID-Z device
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 467/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 24 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Replication Features of a ZFS Storage Pool(cont.)
Dynamic Striping in a Storage Pool (continued)
When virtual devices are added to a pool, ZFS graduallyallocates data to the new device in order to maintainperformance and space allocation policies.
While ZFS supports combining different types of virtualdevices within the same pool, this practice is notrecommended.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 468/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 25 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS Storage PoolsBy design, creating and destroying pools is fast and easy.However, be cautious when doing these operations.
Creating a ZFS Storage Pool
To create a storage pool, use the zpool create command.This command takes a pool name and any number of virtual
devices as arguments.
Creating a Basic Storage Pool
The following command creates a new pool named tank thatconsists of the disks c1t0d0 and c1t1d0:
# zpool create tank c1t0d0 c1t1d0
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 469/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 26 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS Storage Pools(cont.)
Creating a Mirrored Storage Pool
To create a mirrored pool, use the mirror keyword, followed by any number of storage devices that will comprise themirror.
# zpool create tank mirror c1d0 c2d0 mirror c3d0 c4d0
Creating a Single-Parity RAID-Z Storage Pool
Creating a RAID-Z pool is identical to creating a mirroredpool, except that the raidz keyword is used instead of mirror.
# zpool create tank raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 /dev/dsk/c5t0d0
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 470/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 27 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS Storage Pools(cont.)
Creating a Double-Parity RAID-Z Storage Pool
You can create a double-parity RAID-Z configuration byusing the raidz2 keyword when the pool is created. Forexample:
# zpool create tank raidz2 c1t0d0 c2t0d0 c3t0d0
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 471/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 28 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS Storage Pools(cont.)
Detecting in Use Devices
Before formatting a device, ZFS first determines if the disk is in use by ZFS or some other part of the operating system.
If the disk is in use, you might see errors such as the following:
# zpool create tank c1t0d0 c1t1d0invalid vdev specificationuse ’-f’ to override the following errors:/dev/dsk/c1t0d0s0 is currently mounted on //dev/dsk/c1t0d0s1 is currently mounted on swap
/dev/dsk/c1t1d0s0 is part of active ZFS pool ’zeepool’Please see zpool(1M)
Some of these errors can be overridden by using the -f option, but most errorscannot.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 472/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 29 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS Storage Pools(cont.)
Mismatched Replication Levels
Creating pools with virtual devices of different replicationlevels is not recommended.
The zpool command tries to prevent you from accidentallycreating a pool with mismatched replication levels.
Doing a Dry Run of Storage Pool Creation
The zpool create command with the -n option simulatescreating the pool without actually writing data to disk.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 473/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 30 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS Storage Pools(cont.)
Destroying ZFS Storage Pools
Pools are destroyed by using the zpool destroy command.
# zpool destroy tank
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 474/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 31 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS Storage Pool StatusThe zpool list command provides a number of ways torequest information regarding pool status.
Listing Information About All Storage Pools
With no arguments, the zpool list command displays allthe fields for all pools on the system. For example:
# zpool listNAME SIZE USED AVAIL CAP HEALTH ALTROOTtank 80.0G 22.3G47.7G 28% ONLINE -dozer 1.2T 384G 816G 32% ONLINE -
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 475/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 32 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS Storage Pool Status (cont.)Listing Specific Storage Pool Statistics
You can request specific statistics by using the -o option.
For example, to list only the name and size of each pool, youuse the following syntax:
# zpool list -o name,sizeNAME SIZEtank 80.0Gdozer 1.2T
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 476/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 33 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS Storage Pool Status (cont.)Health Status of ZFS Storage Pools
ZFS provides an integrated method of examining pool anddevice health. The health of a pool is determined from thestate of all its devices.
This state information is displaying by using the zpool
status command.
Each device can fall into one of the following states:
• ONLINE• DEGRADED
• FAULTED
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 477/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 34 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS Storage Pool Status (cont.)Health Status of ZFS Storage Pools (continued)
• OFFLINE
• UNAVAILABLE
Basic Storage Pool Health Status
The simplest way to request a quick overview of pool healthstatus is to use the zpool status command:
# zpool status -xall pools are healthy
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 478/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 35 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS Storage Pool Status (cont.)Detailed Health Status
You can request a more detailed health summary by using the-v option. For example:
# zpool status -v tankpool: tankstate: DEGRADEDstatus: One or more devices could not be opened. Sufficient replicas exist
for the pool to continue functioning in a degraded state.action: Attach the missing device and online it using ’zpool online’.see: http://www.sun.com/msg/ZFS-8000-2Qscrub: none requestedconfig:
NAME STATE READ WRITE CKSUMtank DEGRADED 0 0 0 mirror DEGRADED 0 0 0
c1t0d0 FAULTED 0 0 0 cannot openc1t1d0 ONLINE 0 0 0
errors: No known data errors
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 479/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 36 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS File SystemsCreating a ZFS File System
You use the zfs create command to create ZFS filesystems. The create subcommand takes a single argument:the name of the file system to create.
Specify the file system name as a path name starting from the
name of the pool:
pool-name/[filesystem-name/]filesystem-name
The pool name and initial file system names in the pathidentify the location in the hierarchy where the new filesystem will be created. All the intermediate file system namesmust already exist in the pool.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 480/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 37 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS File Systems(cont.)
Creating a ZFS File System (cont.)
In the following example, a file system named bonwick iscreated in the tank/home file system.
# zfs create tank/home/bonwick
ZFS automatically mounts the newly created file system if it iscreated successfully.
Sun Services
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 481/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 38 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS File Systems(cont.)
Destroying a ZFS File System
You use the zfs destroy command to destroy ZFS filesystems. The destroyed file system is automaticallyunmounted and unshared.
In the following example, the tabriz file system isdestroyed.
# zfs destroy tank/home/tabriz
If the file system to be destroyed is busy and so cannot beunmounted, the zfs destroy command fails. The zfsdestroy command also fails if a file system has children.
Sun Services
C i d D i ZFS Fil S
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 482/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 39 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS File Systems(cont.)
Renaming a ZFS File System
You use the zfs rename command to rename ZFS filesystems.
The rename subcommand can perform the followingoperations:
• Change the name of a file system.
• Relocate the file system to a new location within the
ZFS hierarchy.• Change the name of a file system and relocate it within
the ZFS hierarchy.
Sun Services
C ti d D t i ZFS Fil S t
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 483/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 40 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS File Systems(cont.)
Renaming a ZFS File System (cont.)
The following example uses the rename subcommand tosimply rename a file system:
# zfs rename tank/home/kustarz tank/home/kustarz_old
The following example shows how to use zfs rename torelocate a file system.
# zfs rename tank/home/maybee tank/ws/maybee
Sun Services
ZFS P ti
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 484/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 41 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS PropertiesProperties provide the main mechanism that you use tocontrol the behavior of file systems, volumes, snapshots, and
clones.Properties are either read-only statistics or settable properties.
Most settable properties are also inheritable.
An inheritable property is a property that, when set on aparent, is propagated to all of its descendants.
Sun Services
ZFS P ti ( t )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 485/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 42 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Properties (cont.)All inheritable properties have an associated source.
The source indicates how a property was obtained. The sourceof a property can have the following values:
• default
• local
• inherited from dataset-name
• temporary
• - (none)
Sun Services
ZFS P ti ( t )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 486/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 43 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Properties (cont.)PropertyName
TypeDefaultValue
Description
aclinherit String secure Controls how ACL entries areinherited when files anddirectories are created.
aclmode String groupmask Controls how an ACL entry ismodified during a chmod
operation
atime Boolean on Controls whether the access timefor files is updated when they areread.
Sun Services
Property Type Defaultl Description
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 487/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 44 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
available Number N/A Read-only property that identifiesthe amount of space available tothe dataset and all its children,
assuming no other activity in thepool.
checksum String on Controls the checksum used toverify data integrity.
compression String off Controls the compressionalgorithm used for this dataset.
compressratio Number N/A Read-only property that identifiesthe compression ratio achieved forthis dataset.
creation Number N/A Read-only property that identifiesthe date and time that this datasetwas created.
PropertyName Type DefaultValue Description
Sun Services
PropertyN Type DefaultV l Description
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 488/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 45 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
devices Boolean on Controls whether device nodesfound within this file systemcan be opened.
exec Boolean on Controls whether programswithin this file system are allowedto be executed.
mounted Boolean N/A Read-only property that indicates
whether this file system,clone, or snapshot is currentlymounted.
mountpoint String N/A Controls the mount point used forthis file system.
PropertyName Type DefaultValue Description
Sun Services
PropertyN Type DefaultV l Description
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 489/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 46 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
origin String N/A Read-only property for cloned filesystems or volumes that identifiesthe snapshot from which the clone
was created.
quota Number(or none)
none Limits the amount of space adataset and its descendants canconsume.
readonly Boolean off Controls whether this dataset can be modified.
recordsize Number 128K Specifies a suggested block size forfiles in the file system.
referencedNumber N/A Read-only property that identifiesthe amount of data accessible by
this dataset.
PropertyName Type DefaultValue Description
Sun Services
PropertyName Type DefaultValue Description
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 490/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 47 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
reservation Number(or none)
none The minimum amount of spaceguaranteed to a dataset and itsdescendants.
sharenfs String off Controls whether the file system isavailable over NFS, and whatoptions are used.
setuid Boolean on Controls whether setuid the bit is
honored in the file system.snapdir String hidden Controls whether the .zfs
directory is hidden or visible inthe root of the file system.
type String N/A Read-only property that identifiesthe dataset type asfilesystem (file system or clone),volume, or snapshot.
PropertyName Type DefaultValue Description
Sun Services
PropertyName Type DefaultValue Description
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 491/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 48 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
used Number N/A Read-only property that identifiesthe amount of spaceconsumed by the dataset and all
its descendants.
volsize Number N/A For volumes, specifies the logicalsize of the volume.
volblocksize Number 8 Kbytes For volumes, specifies the block
size of the volume.zoned Boolean N/A Indicates whether this dataset has
been delegated to a non-globalzone.
PropertyName Type DefaultValue Description
Sun Services
ZFS Properties (cont )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 492/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 49 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ZFS Properties (cont.)Read-Only ZFS Properties
Read-only properties are properties that you can retrieve, butnot set. Read-only properties are not inherited.
Settable ZFS Properties
Settable properties are properties whose values you can bothretrieve and set.
Settable properties are set by using the zfs set command.
With the exceptions of quotas and reservations, settableproperties are inherited.
Sun Services
Querying ZFS File System Information
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 493/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 50 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS File System InformationThe zfs list command provides an extensible mechanismfor viewing and querying dataset information.
Listing Basic ZFS Information
You can list basic dataset information by using the zfs listcommand with no options. For example:
# zfs listNAME USED AVAIL REFER MOUNTPOINTpool 84.0K 33.5G - /poolpool/clone 0 33.5G 8.50K /pool/clonepool/test 8K 33.5G 8K /test
pool/home 17.5K 33.5G 9.00K /pool/homepool/home/marks 8.50K 33.5G 8.50K /pool/home/markspool/home/marks@snap 0 - 8.50K /pool/home/marks@snap
Sun Services
Querying ZFS File System Information(cont )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 494/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 51 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS File System Information(cont.)
Listing Basic ZFS Information (cont.)
You can also use the zfs list command to display specificdatasets by providing the dataset name on the command line.
Use the the -r option to recursively display all descendants
of a dataset.
Creating Complex ZFS Queries
The zfs list output can be customized by using of the -o, -t, and -H options. For example:
# zfs list -o name,sharenfs,mountpointNAME SHARENFS MOUNTPOINTtank rw /export
Sun Services
Querying ZFS File System Information(cont )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 495/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 52 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Querying ZFS File System Information(cont.)
Creating Complex ZFS Queries (cont.)
You can use the -t option to specify the types of datasets todisplay. The valid types are:
• filesystem
• volume
• snapshot
You can use the -H option to omit the zfs list header fromthe generated output.
With the -H option, all white space is output as tabs. Thisoption can be useful when you need parsable output.
Sun Services
Managing ZFS Properties
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 496/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 53 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Managing ZFS PropertiesDataset properties are managed through the zfs command’sset, inherit, and get subcommands.
Setting ZFS Properties
You can use the zfs set command to modify any settabledataset property.
Only one property at a time can be set or modified using zfsset.
The following example sets the atime property to off fortank/home.
# zfs set atime=off tank/home
Sun Services
Managing ZFS Properties (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 497/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 54 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Managing ZFS Properties (cont.)Inheriting ZFS Properties
All settable properties, with the exception of quotas and
reservations, inherit their value from their parent.
If no ancestor has an explicit value set for an inheritedproperty, the default value for the property is used.
You can use thezfs inherit command is to clear a propertysetting, thus causing the setting to be inherited from theparent.
The inherit subcommand applies recursively when youspecify the -r option.
Sun Services
Managing ZFS Properties (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 498/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 55 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Managing ZFS Properties (cont.)Querying ZFS Properties
The simplest way to query property values is by using the
zfs list command.
For more complex queries and for scripting, you can use thezfs get command to obtain more detailed information in a
customized format.
You can use the zfs get command to retrieve any datasetproperty. For example:
# zfs get checksum tank/wsNAME PROPERTY VALUE SOURCEtank/ws checksum on default
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 499/534
Sun Services
Managing ZFS Properties (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 500/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 57 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
g g S p ( )Querying ZFS Properties (cont.)
You can use the special keyword all to retrieve all dataset
properties. The following example uses the all keyword toretrieve all existing dataset properties:
# zfs get all poolNAME PROPERTY VALUE SOURCE
pool type filesystem -pool creation Mon Mar 13 11:41 2006 -pool used 2.62M -<output omitted>
The -s option to zfs get enables you to specify, by sourcevalue, the type of properties to display.
Sun Services
Mounting ZFS File Systems
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 501/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 58 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
g yManaging ZFS Mount Points
By default, all ZFS file systems are mounted by ZFS at boot by
using SMF’s svc://system/filesystem/local service.
File systems are mounted under /path, where path is thename of the file system.
You can override the default mount point by using the zfsset command to set the mountpoint property to a specificpath.
ZFS automatically creates this mount point, if needed.
The mountpoint property is inherited.
Sun Services
Mounting ZFS File Systems (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 502/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 59 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
g y ( )Managing ZFS Mount Points (cont.)
You can set the mountpoint property to none to prevent a
file system from being mounted.
If desired, you can explicitly manage file systems throughlegacy mount interfaces by setting the mountpoint property
to legacy.
Sun Services
Mounting ZFS File Systems (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 503/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 60 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
g y ( )Automatic Mount Points
When you create a pool, you can set the default mount point
for the root dataset by using zpool create -m.
Any dataset whose mountpoint property is not legacy ismanaged by ZFS.
When you change the mountpoint property, the file systemis automatically unmounted from the old mount point andremounted to the new mount point.
Mount point directories are created as needed.
Sun Services
Mounting ZFS File Systems (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 504/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 61 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Legacy Mount Points
You can manage ZFS file systems with legacy tools by setting
the mountpoint property to legacy.
Legacy file systems must be managed through the mount andumount commands and the /etc/vfstab file.
The following examples show how to set up and manage aZFS dataset in legacy mode:
# zfs set mountpoint=legacy tank/home/eschrock
# mount -F zfs tank/home/eschrock /mnt
Sun Services
Mounting ZFS File Systems (cont.)
M ti ZFS Fil S t
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 505/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 62 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems
ZFS automatically mounts file systems when file systems are
created or when the system boots.
The zfs mount command is only necessary when changingmount options, or explicitly mounting or unmounting filesystems.
The zfs mount command with no argument shows allcurrently mounted file systems that are managed by ZFS.
# zfs mount
tank /tanktank/home /tank/hometank/home/bonwick /tank/home/bonwick
Sun Services
Mounting ZFS File Systems (cont.)
M ti ZFS Fil S t ( t )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 506/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 63 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Mounting ZFS File Systems (cont.)
You can use the -a option to mount all ZFS managed file
systems. For example:
# zfs mount -a
This command does not mount legacy managed file systems.
When a file system mounts, it uses a set of mount options based on the property values associated with the dataset.
Sun Services
Mounting ZFS File Systems (cont.)
Temporar Mo nt Properties
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 507/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 64 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Temporary Mount Properties
If you explicitly set mount options by using the -o option
with the zfs mount command, the corresponding propertyvalue is temporarily overridden.
In the following example, the read-only mount option is
temporarily set on the tank/home/perrin file system:# zfs mount -o ro tank/home/perrin
To temporarily change a property on a file system that is
currently mounted, you must use the special remountoption.
Sun Services
Mounting ZFS File Systems (cont.)
Unmounting ZFS File Systems
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 508/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 65 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Unmounting ZFS File Systems
You can unmount file systems by using the zfs unmount
subcommand. The unmount command accepts either themount point or the file system name as an argument.
In the following example, a file system is unmounted by
specifying its file system name:# zfs unmount tank/home/tabriz
In the following example, the file system is unmounted by
specifying its mount point:# zfs unmount /export/home/tabriz
Sun Services
ZFS Web-Based Management
A web-based ZFS management tool is available to perform many
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 509/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 66 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
A web-based ZFS management tool is available to perform manyadministrative actions. You can access the ZFS Administrationconsole through a secure web browser at the following URL:
https://system-name:6789/zfs
If you type the appropriate URL and are unable to reach the ZFSAdministration console, the server might not be started. To start
the server, run the following command:# /usr/sbin/smcwebserver start
If you want the server to run automatically when the system
boots, run the following command:# /usr/sbin/smcwebserver enable
Sun Services
ZFS Snapshots
A snapshot is a read only copy of a file system or volume
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 510/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 67 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
A snapshot is a read-only copy of a file system or volume.
Snapshots are created almost instantly, and initially consume
no additional disk space within the pool.
ZFS snapshots include the following features:
• Snapshots persist across system reboots.• The theoretical maximum number of snapshots is 264.
• Snapshots use no separate backing store. Snapshotsconsume disk space directly from the same storage
pool as the file system from which they were created.
Sun Services
ZFS Snapshots (cont.)
Creating and Destroying ZFS Snapshots
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 511/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 68 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS Snapshots
You use the zfs snapshot command to create ZFS
snapshots. The zfs snapshot command takes the name ofthe snapshot to create as its only argument.
Snapshot names use the following format:
filesystem@snapname
volume@snapname
The following example creates a snapshot of tank/home/
ahrens that is named friday.# zfs snapshot tank/home/ahrens@friday
Sun Services
ZFS Snapshots (cont.)
Creating and Destroying ZFS Snapshots
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 512/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 69 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Creating and Destroying ZFS Snapshots
Snapshots have no modifiable properties. Dataset properties
cannot be applied to a snapshot.
You use the zfs destroy command to destroy a ZFSsnapshot. For example:
# zfs destroy tank/home/ahrens@friday
A dataset cannot be destroyed if snapshots of the dataset exist.
In addition, if clones have been created from a snapshot, thenthey must be destroyed before the snapshot can be destroyed.
Sun Services
ZFS Snapshots (cont.)
Renaming ZFS Snapshots
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 513/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 70 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Renaming ZFS Snapshots
You can rename snapshots, but they must remain within the
pool and dataset from which they were created. For example:
# zfs rename tank/home/cindys@031306 tank/home/cindys@today
Displaying and Accessing ZFS Snapshots
Snapshots of file systems are accessible in the .zfs/snapshot directory within the root of the containing filesystem. For example:
# ls /home/ahrens/.zfs/snapshottuesday wednesday thursday
Sun Services
ZFS Snapshots (cont.)
Displaying and Accessing ZFS Snapshots (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 514/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 71 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Displaying and Accessing ZFS Snapshots (cont.)
You can list all snapshots as follows:
# zfs list -t snapshotNAME USED AVAIL REFER MOUNTPOINTpool/home/anne@monday 0 - 780K -pool/home/bob@monday 0 - 1.01M -<output omitted>
You can list snapshots that were created for a particular filesystem as follows:
# zfs list -r -t snapshot -o name,creation pool/homeNAME CREATIONpool/home/anne@monday Mon Mar 13 11:46 2006pool/home/bob@monday Mon Mar 13 11:46 2006
Sun Services
ZFS Snapshots
Snapshot Space Accounting
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 515/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 72 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Snapshot Space Accounting
When you create a snapshot, its space is initially shared
between the snapshot and the file system, and possibly withprevious snapshots.
As the file system changes, space that was previously shared
becomes unique to the snapshot, and thus is counted in thesnapshot’s used property.
Additionally, deleting snapshots can increase the amount ofspace unique to (and thus used by) other snapshots.
Sun Services
ZFS Snapshots (cont.)
Rolling Back to a ZFS Snapshot
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 516/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 73 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
g p
You can use the zfs rollback command to discard all
changes made since a specific snapshot.
Thezfs rollback command causes the file system to revertto its state at the time the snapshot was taken.
By default, the zfs rollback command cannot roll back toa snapshot other than the most recent snapshot.
To roll back to an earlier snapshot, you must destroy all
intermediate snapshots. You can destroy more recentsnapshots by specifying the -r option.
Sun Services
ZFS Clones
A clone is a writable volume or file system whose initial
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 517/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 74 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
ycontents are the same as the snapshot from which it wascreated.
As with snapshots, creating a clone is nearly instantaneous,and initially consumes no additional disk space.
You can only create clones from a snapshot.When you clone a snapshot, an implicit dependency is created between the clone and snapshot.
A clone does not inherit properties from the dataset fromwhich it was created.
Sun Services
ZFS Clones (cont.)
Creating a ZFS Clone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 518/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 75 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
g
To create a clone, use the zfs clone command. Specify the
snapshot from which to create the clone, and the name of thenew file system or volume.
The new file system or volume can be located anywhere in the
ZFS hierarchy within the same pool.The following example creates a new clone named tank/home/ahrens/bug123, with the same initial contents asthe snapshot tank/ws/gate@yesterday.
# zfs snapshot tank/ws/gate@yesterday# zfs clone tank/ws/gate@yesterday tank/home/ahrens/bug123
Sun Services
ZFS Clones (cont.)
Destroying a ZFS Clone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 519/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 76 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
You use the zfs destroy command to destroy ZFS clones.
For example:# zfs destroy tank/home/ahrens/bug123
Clones must be destroyed before the parent snapshot can be
destroyed.
Sun Services
ZFS Clones (cont.)
Replacing a ZFS File System With a ZFS Clone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 520/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 77 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
You can use the zfs promote command to replace an active
ZFS file system with a clone of that file system.
This feature facilitates the ability to clone and replace filesystems so that the ’origin’ file system become the clone of the
specified file system.In addition, this feature makes it possible to destroy the filesystem from which the clone was originally created.
Without clone promotion, you cannot destroy a ’origin’ filesystem of active clones.
Sun Services
ZFS Clones (cont.)
Replacing a ZFS File System With a ZFS Clone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 521/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 78 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
In the following example, the tank/test/productA file
system is cloned and then the clone file system, tank/test/productAbeta becomes the tank/test/productA filesystem.
# zfs create tank/test
# zfs create tank/test/productA # zfs snapshot tank/test/productA@today# zfs clone tank/test/productA@today tank/test/productAbeta# zfs list -r tank/testNAME USED AVAIL REFER MOUNTPOINTtank/test 314K 8.24G 25.5K /tank/test
tank/test/productA 288K 8.24G 288K /tank/test/productAtank/test/productA@today 0 - 288K -tank/test/productAbeta 0 8.24G 288K /tank/test/productAbeta
Sun Services
ZFS Clones (cont.)
Replacing a ZFS File System With a ZFS Clone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 522/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 79 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
# zfs promote tank/test/productAbeta# zfs list -r tank/test
NAME USED AVAIL REFER MOUNTPOINTtank/test 316K 8.24G 27.5K /tank/testtank/test/productA 0 8.24G 288K /tank/test/productAtank/test/productAbeta 288K 8.24G 288K /tank/test/productAbetatank/test/productAbeta@today 0 - 288K -
Sun Services
ZFS Clones (cont.)
Replacing a ZFS File System With a ZFS Clone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 523/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 80 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Complete the clone replacement process by renaming the file
systems. For example:# zfs rename tank/test/productA tank/test/productAlegacy# zfs rename tank/test/productAbeta tank/test/productA # zfs list -r tank/testNAME USED AVAIL REFER MOUNTPOINT
tank/test 316K 8.24G 27.5K /tank/testtank/test/productA 288K 8.24G 288K /tank/test/productAtank/test/productA@today 0 - 288K -tank/test/productAlegacy 0 8.24G 288K /tank/test/productAlegacy
Sun Services
Using ZFS on a Solaris System With ZonesInstalled
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 524/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 81 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
You can associate ZFS datasets with non-global zones either by adding them to the zones, or delegating them to the zones.Typically you would associate ZFS file systems or volumeswith non-global zones.
For example, adding a file system to a non-global zone allows
the non-global zone to share space with the global zone. As anadded dataset, the non-global zone administrator cannotcontrol properties of the file system, or create new ZFS filesystems below the added file system.
Sun Services
Using ZFS on a Solaris System With ZonesInstalled (cont.)
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 525/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 82 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
When you delegate a dataset to a non-global zone, you givecomplete control over the dataset and all its children to thezone administrator.
For example, if you delegate a file system to a non-globalzone, the zone administrator can create and destroy file
systems within that dataset, and modify their properties.
The zone administrator cannot affect datasets that have not been delegated to the zone, and cannot exceed any top-level
quotas set on the delegated dataset.
Sun Services
Using ZFS on a Solaris System With ZonesInstalled (cont.)
Addi ZFS Fil S N Gl b l Z
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 526/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 83 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Adding ZFS File Systems to a Non-Global Zone
You can add a ZFS file system as a generic file system whenthe goal is solely to share space with the global zone. A ZFSfile system that is added to a non-global zone must have its mountpoint property set to legacy.
You can add a ZFS file system to a non-global zone by usingthe add fs subcommand in zonecfg. For example:
zonecfg:zone1> add fs
zonecfg:zone1:fs> set type=zfszonecfg:zone1:fs> set special=tank/zone/zone1zonecfg:zone1:fs> set dir=/export/sharedzonecfg:zone1:fs> end
Sun Services
Using ZFS on a Solaris System With ZonesInstalled (cont.)
D l ti D t t t N Gl b l Z
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 527/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 84 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Delegating Datasets to a Non-Global Zone
If the primary goal is to delegate the administration of storageto a zone, then ZFS supports adding datasets to a non-globalzone through use of the add dataset subcommand inzonecfg. For example:
zonecfg:zone1> add datasetzonecfg:zone1:dataset> set name=tank/zone/zone1zonecfg:zone1:dataset> end
Sun Services
Using ZFS on a Solaris System With ZonesInstalled (cont.)
D l ti D t t t N Gl b l Z ( t )
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 528/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 85 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Delegating Datasets to a Non-Global Zone (cont.)
The zone administrator can set file system properties, andcreate new file systems below the delegated file system.
In addition, the zone administrator can take snapshots, create
clones, and otherwise control the entire file system hierarchyfrom the delegated file system down.
Sun Services
Using ZFS on a Solaris System With ZonesInstalled (cont.)
Adding ZFS Volumes to a Non Global Zone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 529/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 86 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Adding ZFS Volumes to a Non-Global Zone
You can add emulated volumes to a non-global zone by usingthe add device subcommand in zonecfg.
In the following example, a ZFS emulated volume is added to
a non-global zone by the administrator in the global zone:zonecfg:zone1> add devicezonecfg:zone1:device> set match=/dev/zvol/dsk/tank/volzonecfg:zone1:device> end
Sun Services
Using ZFS on a Solaris System With ZonesInstalled (cont.)
Using ZFS Storage Pools Within a Zone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 530/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 87 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Using ZFS Storage Pools Within a Zone
You cannot create or modify ZFS storage pools from within anon-global zone.
The delegated administration model centralizes control of
physical storage devices within the global zone, and control ofvirtual storage to non-global zones.
While a pool-level dataset can be added to a non-global zone,any command that modifies the physical characteristics of thepool, such as creating, adding, or removing devices, is notallowed from within a non-global zone.
Sun Services
Using ZFS on a Solaris System With ZonesInstalled (cont.)
Property Management Within a Non Global Zone
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 531/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 88 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Property Management Within a Non-Global Zone
Once a dataset is delegated to a zone, the zone administrator cancontrol specific dataset properties.
When a dataset is delegated to a zone, its ancestors are visible tozfs list
in the non-global zone, but their content remainsinaccessible. The delegated dataset itself is writable, as are all itschildren.
The zone administrator cannot change the sharenfs property,
because non-global zones cannot act as NFS servers.Neither can the zone administrator change the zoned property.
Sun Services
Using ZFS on a Solaris System With Zones
Installed (cont.)
Understanding the zoned Property
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 532/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 89 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Understanding the zoned Property
When a dataset is added to a non-global zone, the datasetmust be specially marked so that certain properties are notinterpreted within the context of the global zone.
Once a dataset has been added to a non-global zone under thecontrol of a zone administrator, its contents can no longer betrusted.
ZFS uses the zoned property to indicate that a dataset has been delegated to a non-global zone at one point in time.
Sun Services
Using ZFS on a Solaris System With Zones
Installed (cont.)
Understanding the zoned Property
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 533/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 90 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Understanding the zoned Property
The zoned property is a boolean value that is automaticallyturned on when a zone containing a ZFS dataset is first booted.
If the zonedproperty is set, the dataset cannot be mounted orshared in the global zone.
When a dataset is removed from a zone or a zone is destroyed,the zoned property is not automatically cleared.
Sun Services
Using ZFS on a Solaris System With Zones
Installed (cont.)
Understanding the zoned Property
8/4/2019 SA-202-S10 Part2
http://slidepdf.com/reader/full/sa-202-s10-part2 534/534
System Administration for the Solaris™ 10 Operating System, Part 2 Module 16, slide 91 of 91Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Understanding the zoned Property
To prevent accidental security risks, the zonedproperty must bemanually cleared by the global administrator if you want toreuse the dataset in any way.
Before setting the zoned property to off, make sure that the mountpoint property for the dataset and all its children are set
to reasonable values and that no setuid binaries exist, or turn offthe setuid property.
Once you have verified that no security vulnerabilities are left,the zoned property can be turned off by using the zfs set orzfs inherit commands.