Escolar Documentos
Profissional Documentos
Cultura Documentos
SA-202-S10
Copyright 2007 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California, 95054, U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Sun, Sun Microsystems, the Sun logo,Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, and UltraSPARC are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Suns licensees who implement OPEN LOOK GUIs and otherwise comply with Suns written license agreements. U.S. Government approval might be required when exporting the product. RESTRICTED RIGHTS: Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) and FAR 52.227-19(6/87), or DFAR 252.227-7015 (b)(6/95) and DFAR 227.7202-3(a). DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
Copyright 2007 Sun Microsystems Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits rservs. Ce produit ou document est protg par un copyright et distribu avec des licences qui en restreignent lutilisation, la copie, la distribution, et la dcompilation. Aucune partie de ce produit ou document ne peut tre reproduite sous aucune forme, par quelque moyen que ce soit, sans lautorisation pralable et crite de Sun et de ses bailleurs de licence, sil y en a. Le logiciel dtenu par des tiers, et qui comprend la technologie relative aux polices de caractres, est protg par un copyright et licenci par des fournisseurs de Sun. Sun, Sun Microsystems, le logo Sun, Solaris, JumpStart, SunSolve, OpenBoot, Ultra, Solstice DiskSuite, Sun Java, et UltraSPARC sont des marques de fabrique ou des marques dposes de Sun Microsystems, Inc. aux Etats-Unis et dans dautres pays. Toutes les marques SPARC sont utilises sous licence sont des marques de fabrique ou des marques dposes de SPARC International, Inc. aux Etats-Unis et dans dautres pays. Les produits portant les marques SPARC sont bass sur une architecture dveloppe par Sun Microsystems, Inc. UNIX est une marques dpose aux Etats-Unis et dans dautres pays et licencie exclusivement par X/Open Company, Ltd. Linterfaces dutilisation graphique OPEN LOOK et Sun a t dveloppe par Sun Microsystems, Inc. pour ses utilisateurs et licencis. Sun reconnat les efforts de pionniers de Xerox pour larecherche et le dveloppement du concept des interfaces dutilisation visuelle ou graphique pour lindustrie de linformatique. Sun dtient une licence non exclusive de Xerox sur linterface dutilisation graphique Xerox, cette licence couvrant galement les licencis de Sun qui mettent en place linterface dutilisation graphique OPEN LOOK et qui en outre se conforment aux licences crites de Sun. Laccord du gouvernement amricain est requis avant lexportation du produit. LA DOCUMENTATION EST FOURNIE EN LETAT ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A LAPTITUDE A UNE UTILISATION PARTICULIERE OU A LABSENCE DE CONTREFAON.
Course Contents
About This Course ...................................................................................... Preface-xv
Course Goals ..............................................................................................................................Preface-xvi Course Map ...............................................................................................................................Preface-xvii Topics Not Covered ............................................................................................................... Preface-xviii How Prepared Are You? ........................................................................................................Preface-xxiii Introductions ............................................................................................................................Preface-xxv
iv
Sun Services
The Service Management Facility (SMF) ............................................................................................. 2-6 Services ..................................................................................................................................................... 2-8 Service and Instance Nodes ................................................................................................................... 2-9 Service Identifiers .................................................................................................................................. 2-10 Listing Service Information ................................................................................................................. 2-12 Service States ......................................................................................................................................... 2-13 Milestones .............................................................................................................................................. 2-14 The svc.startd Daemon .................................................................................................................... 2-17 The Service Configuration Repository ............................................................................................... 2-18 Starting Server Processes ..................................................................................................................... 2-19 The Impact of SMF on Network Services .......................................................................................... 2-20 Introducing Network Ports ................................................................................................................. 2-21 Starting Services That Use a Well-Known Port ................................................................................ 2-24 Requesting a Well-Known Service ..................................................................................................... 2-25 Starting RPC Services ........................................................................................................................... 2-26 Starting RPC Services at Boot Time .................................................................................................... 2-27 Starting RPC Services on Demand ..................................................................................................... 2-28 Requesting an RPC Address ............................................................................................................... 2-29 Using the rpcinfo Commands .......................................................................................................... 2-30 Deleting RPC Service Registration ..................................................................................................... 2-31
Sun Services
Caching Patches With Update Manager's Proxy .............................................................................. 3-12 Sun Connection Hosted Web Application ........................................................................................ 3-13 Establishing a Sun Online Account .................................................................................................... 3-15 Obtain a Sun Service Plan .................................................................................................................... 3-16 Downloading and Installing the Update Manager Client Software .............................................. 3-17 Starting the Update Manager Client For the First Time .................................................................. 3-18 Registering Systems .............................................................................................................................. 3-19 Select Service Level ............................................................................................................................... 3-22 Registration Confirmation ................................................................................................................... 3-23 Registration Complete .......................................................................................................................... 3-24 Installing Updates With the Update Manager Client ...................................................................... 3-25 Setting Update Manager Client Preferences ..................................................................................... 3-28 Update Managers Proxy ..................................................................................................................... 3-29 Configuring the Update Managers Proxy ........................................................................................ 3-30 Configuring Clients to Use the Update Managers Proxy .............................................................. 3-31 Patch Administration From the CLI ................................................................................................... 3-33 Using the smpatch Command ............................................................................................................ 3-34 Phases for Applying Updates ............................................................................................................. 3-35 Command Examples ............................................................................................................................ 3-36 Configuring the Patch Management Environment .......................................................................... 3-39 Command Examples ............................................................................................................................ 3-40 Using the Update Policy for Applying Updates .............................................................................. 3-43 Example of Using the Update Policy ................................................................................................. 3-44
vi
Sun Services
Paging ....................................................................................................................................................... 4-8 Configuring Swap Space ........................................................................................................................ 4-9 Displaying the Current Swap Configuration .................................................................................... 4-10 Adding Swap Space .............................................................................................................................. 4-12 Removing Swap Space ......................................................................................................................... 4-14
vii
Sun Services
Delegation .............................................................................................................................................. 6-14 Configuring an NFS Server and Client .............................................................................................. 6-15 Managing an NFS Server ..................................................................................................................... 6-16 NFS Server Daemons ............................................................................................................................ 6-20 Managing the NFS Server Daemons .................................................................................................. 6-25 NFS Server Commands ........................................................................................................................ 6-27 Configuring the NFS Server for Sharing Resources ......................................................................... 6-28 Managing the NFS Client ..................................................................................................................... 6-32 NFS Client Daemons ............................................................................................................................ 6-34 Managing the NFS Client Daemons ................................................................................................... 6-35 NFS Client Commands ......................................................................................................................... 6-37 Configuring the NFS Client for Mounting Resources ..................................................................... 6-38 The mount Command Options ............................................................................................................ 6-42 Fundamentals of NFS Server Logging ............................................................................................... 6-43 Configuring NFS Log Paths ................................................................................................................ 6-44 Initiating NFS Logging ......................................................................................................................... 6-47 Managing NFS With the Solaris Management Console Storage Folder Tools ............................ 6-48
viii
Sun Services
Describing RAID and the Solaris Volume Manager Software ........................... 8-1
Objectives ................................................................................................................................................. 8-2 Introducing RAID ................................................................................................................................... 8-3 RAID 0 ...................................................................................................................................................... 8-4 RAID 1 ...................................................................................................................................................... 8-6 RAID 0+1 .................................................................................................................................................. 8-7 RAID 1+0 .................................................................................................................................................. 8-8 Mirror Options ........................................................................................................................................ 8-9 Mirror Read Policies ............................................................................................................................. 8-10 Mirror Write Policies ............................................................................................................................ 8-11 RAID 5 .................................................................................................................................................... 8-12 Hardware Considerations ................................................................................................................... 8-16 Choosing Storage Mechanisms ........................................................................................................... 8-17 Optimizing Redundant Storage ......................................................................................................... 8-18 Introducing Solaris Volume Manager Software Concepts ............................................................. 8-19 Logical Volume ..................................................................................................................................... 8-20 Soft Partitions ........................................................................................................................................ 8-21 Introducing the State Database ........................................................................................................... 8-22
ix
Sun Services
Configuring an x86-Based System for Mirrored Failover ............................................................... 9-31 Unmirroring the Root (/) File System ................................................................................................ 9-37
Sun Services
Monitoring a syslog File in Real Time ........................................................................................... 11-13 Using the Solaris Management Console Log Viewer .................................................................... 11-14
xi
Sun Services
Configuring the Network Information Service (NIS) ........................................... 14-1
Objectives ............................................................................................................................................... 14-2 NIS Fundamentals ................................................................................................................................ 14-3 NIS Namespace Information ............................................................................................................... 14-4 Map Contents and Sort Keys ............................................................................................................... 14-5 Commands to Read Maps .................................................................................................................... 14-6 NIS Domains .......................................................................................................................................... 14-7 NIS Master Server ................................................................................................................................. 14-8 NIS Slave Servers .................................................................................................................................. 14-9 NIS Clients ........................................................................................................................................... 14-10 NIS Processes ....................................................................................................................................... 14-11 Configuring the Name Service Switch ............................................................................................. 14-12 NIS Security ......................................................................................................................................... 14-13 Configuring an NIS Domain ............................................................................................................. 14-14 Generating NIS Maps ......................................................................................................................... 14-16 Locating Source Files .......................................................................................................................... 14-17 Converting ASCII Source Files Into NIS Maps ............................................................................... 14-19 Configuring the NIS Master Server .................................................................................................. 14-20 Testing the NIS Service ...................................................................................................................... 14-23 Configuring the NIS Client ................................................................................................................ 14-24 Configuring the NIS Slave Server ..................................................................................................... 14-26 Updating the NIS Map ....................................................................................................................... 14-29
xii
Sun Services
Zone Daemons ....................................................................................................................................... 15-9 Zone File Systems ............................................................................................................................... 15-11 Zone Networking ................................................................................................................................ 15-14 Zone States ........................................................................................................................................... 15-15 Configuring Zones .............................................................................................................................. 15-16 Identifying Zone Components .......................................................................................................... 15-17 Allocating File System Space ............................................................................................................. 15-18 Using the zonecfg Command .......................................................................................................... 15-19 The zonecfg Subcommands ............................................................................................................. 15-21 The zonecfg Resource Parameters .................................................................................................. 15-22 Zone Configuration Walk-Through ................................................................................................. 15-24 Viewing the Zone Configuration ...................................................................................................... 15-27 Using the zoneadm Command .......................................................................................................... 15-28 Installing Packages in Zones ............................................................................................................. 15-35
xiii
Sun Services
Managing ZFS Properties .................................................................................................................. 16-53 Mounting ZFS File Systems ............................................................................................................... 16-58 ZFS Web-Based Management ........................................................................................................... 16-66 ZFS Snapshots ..................................................................................................................................... 16-67 ZFS Snapshots ..................................................................................................................................... 16-72 ZFS Clones ........................................................................................................................................... 16-74 Using ZFS on a Solaris System With Zones Installed .................................................................... 16-81
xiv
Sun Services
Preface
About This Course
Sun Services
Course Goals
Upon completion of this course, you should be able to: Describe network basics Manage virtual le systems and core dumps Manage storage volumes Control access and congure system messaging Set up name services Perform advanced installation procedures
Sun Services
Course Map
Describing Network Basics
Sun Connection Services
Configuring NFS
Configuring AutoFS
Configuring Virtualization
Introduction to Zones
Configuring ZFS
Sun Services
Basic UNIX commands Covered in SA-100-S10: UNIX Essentials Featuring the Solaris 10 Operating System The vi editor Covered in SA-100-S10: UNIX Essentials Featuring the Solaris 10 Operating System Basic UNIX file security Covered in SA-100-S10: UNIX Essentials Featuring the Solaris 10 Operating System Software package administration Covered in SA-200S10: Intermediate System Administration for the Solaris 10 Operating System
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Introductions
Name Company affiliation Title, function, and job responsibility Experience related to topics presented in this course Reasons for enrolling in this course Expectations for this course
Sun Services
Module 1
Describing Interface Configuration
Sun Services
Objectives
Control and monitor network interfaces Configure Internet Protocol Version 4 (IPv4) interfaces at boot time
Module 1, slide 2 of 17
Sun Services
Module 1, slide 3 of 17
Sun Services
Module 1, slide 4 of 17
Sun Services
Module 1, slide 5 of 17
Sun Services
Module 1, slide 6 of 17
Sun Services
Module 1, slide 7 of 17
Sun Services
Module 1, slide 8 of 17
Sun Services
Module 1, slide 9 of 17
Sun Services
Module 1, slide 10 of 17
Sun Services
Module 1, slide 11 of 17
Sun Services
Interface
First e1000g (Intel PRO/1000 Gigabit family device driver) Ethernet interface in the system First bge (Broadcom Gigabit Ethernet device driver) Ethernet interface in the system Second bge Ethernet interface in the system First ce (Cassini Gigabit-Ethernet device driver) Ethernet interface in the system First qfe (Quad Fast-Ethernet device driver) Ethernet interface in the system First hme (Fast-Ethernet device driver) Ethernet interface in the system First eri (eri Fast-Ethernet device driver) Ethernet interface in the system First nge (Nvidia Gigabit Ethernet driver) Ethernet interface in the system
Module 1, slide 12 of 17
Sun Services
Module 1, slide 13 of 17
Sun Services
Module 1, slide 14 of 17
Sun Services
Module 1, slide 15 of 17
Sun Services
Module 1, slide 16 of 17
Sun Services
Module 1, slide 17 of 17
Sun Services
Module 2
Describing the Client-Server Model
Sun Services
Objectives
Describe client-server processes Start server processes
Module 2, slide 2 of 31
Sun Services
Module 2, slide 3 of 31
Sun Services
Module 2, slide 4 of 31
Sun Services
Client 1
Client 4
Printer A
Printer B
Printer C
Storage Array 1
Storage Array 2
Module 2, slide 5 of 31
Sun Services
Module 2, slide 6 of 31
Sun Services
Module 2, slide 7 of 31
Sun Services
Services
The fundamental unit of administration in SMF is the service. It provides a known list of capabilities to other local and remote services. Services are represented as instance nodes which are children of service nodes. One service might have many instances such as a Web server on multiple ports. Both service nodes and instance nodes can have properties. If an instance does not have property X, the service's property X is used.
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Module 2, slide 8 of 31
Sun Services
Module 2, slide 9 of 31
Sun Services
Service Identiers
The service identifier is in the form of a Fault Management Resource Identifier or FMRI. The FMRI indicates the type of service or category, and the name and instance of the service.
Service Category milestone device system system/security network application application/ management application/security site platform Description Synthetic service s for clean dependency statement General device services Services concerned with host-centric, nonnetworked capabilities Low-level host-centric services implementing security facilities Services concerned with host-centric, network infrastructure capabilities General software services Services implementing management facilities Services implementing high-level security facilities Services implementing site-specic software Services implementing platform-specic software
Module 2, slide 10 of 31
Sun Services
Module 2, slide 11 of 31
Sun Services
Module 2, slide 12 of 31
Sun Services
Service States
Service put in maintenance state Service disabled
UNINITALIZED Cant read config Administrator intervention Re-read config data Dependency not met or start failed MAINTENANCE OFFLINE Unresolvable error or thresholds reached Service shutdown, restart or disable Unresolvable error or thresholds reached Dependency met and service enabled ONLINE Service shutdown, restart or disable Start service Re-read config data
No improvement in service
Module 2, slide 13 of 31
Sun Services
Milestones
A milestone can be regarded as a system state to reach. This system state requires a dened set of services to be running. These services depend on other services being available. Currently there are six milestones: single-user multi-user multi-user-server network name-services sysconfig devices
Module 2, slide 14 of 31
Sun Services
Milestones (cont.)
milestone
network
system
application
name-services
net-physical
filesystem
X11
/usr
/var
Module 2, slide 15 of 31
Sun Services
Milestones (cont.)
milestone multiuser /var/svc/manifest/milestone/ multi-user-server.xml dependency list
exec /sbin/rc3
dependency list
dependency list
method
/lib/svc/method/fs-local
Module 2, slide 16 of 31
Sun Services
Module 2, slide 17 of 31
Sun Services
Module 2, slide 18 of 31
Sun Services
Module 2, slide 19 of 31
Sun Services
Module 2, slide 20 of 31
Sun Services
Module 2, slide 21 of 31
Sun Services
Module 2, slide 22 of 31
Sun Services
Module 2, slide 23 of 31
Sun Services
Module 2, slide 24 of 31
Sun Services
Time
23
telnet ...in.telnetd
= port number n
Module 2, slide 25 of 31
Sun Services
Module 2, slide 26 of 31
Sun Services
Module 2, slide 27 of 31
Sun Services
Module 2, slide 28 of 31
Sun Services
Host 1 (Client)
Host 2 (Server)
Time
111 nnnnn nnnnn spray/1... rpc.sprayd rpc.sprayd (port nnnnn) nnnnn 6 nnnnn
= port number n
Module 2, slide 29 of 31
Sun Services
Module 2, slide 30 of 31
Sun Services
The deleted RPC service that uses program number 100012 is sprayd. To register the sprayd service again, restart the inetd daemon as follows:
# svcadm disable svc:/network/rpc/spray:udp # svcadm enable svc:/network/rpc/spray:udp
Module 2, slide 31 of 31
Sun Services
Module 3
Introducing Sun Connection Services
Sun Services
Objectives
Implement patch management using Sun Connection Services including the Update Manager client, the smpatch command line, and Sun Connection hosted Web application
Module 3, slide 2 of 47
Sun Services
Module 3, slide 3 of 47
Sun Services
Module 3, slide 4 of 47
Sun Services
Administering Patches
The Sun Connection tools include the following: Update Manager client graphical user interface (GUI) Sun Connection hosted Web application Update Manager client command-line interface (smpatch)
Module 3, slide 5 of 47
Sun Services
Module 3, slide 6 of 47
Sun Services
Module 3, slide 7 of 47
Sun Services
Module 3, slide 8 of 47
Sun Services
Module 3, slide 9 of 47
Sun Services
Module 3, slide 10 of 47
Sun Services
Module 3, slide 11 of 47
Sun Services
Module 3, slide 12 of 47
Sun Services
Module 3, slide 13 of 47
Sun Services
Module 3, slide 14 of 47
Sun Services
Module 3, slide 15 of 47
Sun Services
Module 3, slide 16 of 47
Sun Services
On x86-based systems:
# smpatch update -i 12119-05
Module 3, slide 17 of 47
Sun Services
Module 3, slide 18 of 47
Sun Services
Registering Systems
Module 3, slide 19 of 47
Sun Services
Module 3, slide 20 of 47
Sun Services
Module 3, slide 21 of 47
Sun Services
Module 3, slide 22 of 47
Sun Services
Registration Conrmation
Module 3, slide 23 of 47
Sun Services
Registration Complete
Module 3, slide 24 of 47
Sun Services
Module 3, slide 25 of 47
Sun Services
Module 3, slide 26 of 47
Sun Services
Module 3, slide 27 of 47
Sun Services
Module 3, slide 28 of 47
Sun Services
Module 3, slide 29 of 47
Sun Services
Module 3, slide 30 of 47
Sun Services
Module 3, slide 31 of 47
Sun Services
Module 3, slide 32 of 47
Sun Services
Module 3, slide 33 of 47
Sun Services
Module 3, slide 34 of 47
Sun Services
Module 3, slide 35 of 47
Sun Services
Command Examples
Analyze your local system and determine the appropriate, available updates for it.
# smpatch analyze > plist # vi plist ... 119397-06 SunOS 5.10: patch for North America region locales issues # patchadd -p | grep 119397
/var/sadm/spool
Module 3, slide 36 of 47
Sun Services
Remove an update.
# smpatch remove -i 119397-06 remove patch 119397-06 Transition old-style patching. Patch 119397-06 has been backed out. # smpatch analyze | grep 119397-06 119397-06 SunOS 5.10: patch for North America region locales issues
Module 3, slide 37 of 47
Sun Services
Module 3, slide 38 of 47
Sun Services
Module 3, slide 39 of 47
Sun Services
Command Examples
Display the current environment parameter values.
# smpatch get patchpro.backout.directory "" patchpro.baseline.directory /var/sadm/spool patchpro.download.directory /var/sadm/spool patchpro.install.types rebootafter:reconfigafter:standard patchpro.patch.source http://192.168.201.1:3816/solaris/ https:// getupdates1.sun.com/solaris/ patchpro.patchset current patchpro.proxy.host "" patchpro.proxy.passwd **** **** patchpro.proxy.port 8080 patchpro.proxy.user ""
Module 3, slide 40 of 47
Sun Services
Module 3, slide 41 of 47
Sun Services
Configure an update set which defines a subset of updates that commands will work with.
# smpatch set patchpro.patchset=recommended # smpatch analyze
Module 3, slide 42 of 47
Sun Services
Module 3, slide 43 of 47
Sun Services
Module 3, slide 44 of 47
Sun Services
Module 3, slide 45 of 47
Sun Services
Module 3, slide 46 of 47
Sun Services
Module 3, slide 47 of 47
Sun Services
Module 4
Managing Swap Configuration
Sun Services
Objectives
Describe virtual memory Configure swap space
Module 4, slide 2 of 15
Sun Services
Module 4, slide 3 of 15
Sun Services
Physical RAM
When working with swap space, RAM is the most critical resource in your system. Virtual and physical addresses The Solaris 10 OS virtual memory management system maps the files on disk to virtual addresses in virtual memory. Anonymous memory pages Physical memory pages associated with a running process can contain private data or stack information that does not exist in any file system on disk. These are anonymous memory pages.
Module 4, slide 4 of 15
Sun Services
Swap Space
Sometimes a process must give up some of its memory space allocation to another process. Anonymous memory pages are placed in a swap area, but unchanged le system pages are not. Swap slices The primary swap space on the system is a disk slice. In the Solaris 10 OS, the default location for the primary swap space is slice 1 of the boot disk which, by default, starts at cylinder 0. As additional swap space becomes necessary, you can configure additional swap slices.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Module 4, slide 5 of 15
Sun Services
Module 4, slide 6 of 15
Sun Services
Swap Slice
RAM
Module 4, slide 7 of 15
Sun Services
Paging
The transfer of selected memory pages between RAM and the swap areas. Physical RAM is made available for other processes to use. Use the pagesize command to display the size of a memory page in bytes. On SPARC-based systems:
# pagesize 8192
On x86-based systems:
# pagesize 4096
Module 4, slide 8 of 15
Sun Services
Module 4, slide 9 of 15
Sun Services
Reserved
Available Arrow up: swap -d subtracts the amount of available swap space Arrow down: swap -a adds the amount of available swap space
Module 4, slide 10 of 15
Sun Services
Module 4, slide 11 of 15
Sun Services
Edit the /etc/vfstab file and add a line similar to the following:
/dev/dsk/c1t3d0s1 - - swap - no -
Module 4, slide 12 of 15
Sun Services
Module 4, slide 13 of 15
Sun Services
Edit the /etc/vfstab file, and remove the swap slice entry from the file.
Module 4, slide 14 of 15
Sun Services
Edit the /etc/vfstab file, and remove the swap file entry.
Module 4, slide 15 of 15
Sun Services
Module 5
Managing Crash Dumps and Core Files
Sun Services
Objectives
Manage crash dump behavior Manage core file behavior
Module 5, slide 2 of 19
Sun Services
Module 5, slide 3 of 19
Sun Services
Crash Dump
When the operating system crashes, the savecore command is automatically executed during a boot. The savecore command places kernel core information in the /var/crash/nodename/vmcore.X file. The savecore command places name list information and symbol table information in the /var/crash/nodename/unix.X file. You can use the dumpadm command to congure the location of the dump device and the savecore directory.
Module 5, slide 4 of 19
Sun Services
Module 5, slide 5 of 19
Sun Services
Use the dumpadm command to make all modications to the crash dump conguration, rather than attempting to edit the /etc/dumpadm.conf le manually.
Module 5, slide 6 of 19
Sun Services
Module 5, slide 7 of 19
Sun Services
Core Files
A core file is a disk copy of the address space of a process at a certain point in time. The operating system generates two possible copies of core files: The global core le The per-process core le
Module 5, slide 8 of 19
Sun Services
Module 5, slide 9 of 19
Sun Services
Module 5, slide 10 of 19
Sun Services
Module 5, slide 11 of 19
Sun Services
The root user can use the following coreadm command options to configure system-wide core file options.
coreadm [-g pattern] [-G content] [-i pattern] [-I [-d option...] [-e option...] content]
Pattern options determine how core files are named. Content options determine the content of global core files.
Module 5, slide 12 of 19
Sun Services
Module 5, slide 13 of 19
Sun Services
Module 5, slide 14 of 19
Sun Services
Module 5, slide 15 of 19
Sun Services
Module 5, slide 16 of 19
Sun Services
Module 5, slide 17 of 19
Sun Services
Module 5, slide 18 of 19
Sun Services
Module 5, slide 19 of 19
Sun Services
Module 6
Configuring NFS
Sun Services
Objectives
Describe the benefits of NFS Describe the fundamentals of the NFS distributed file system Manage an NFS server Manage an NFS client Enable the NFS server logging Manage NFS with the Solaris Management Console storage folder tools Troubleshoot NFS errors
Module 6, slide 2 of 48
Sun Services
NFS Benets
The NFS service enables computers of different architectures running different operating systems to share le systems across a network. You can implement the NFS environment on different operating systems (OS) because NFS denes an abstract model of a le system. NFS le system operations, such as reading and writing, work as if they were accessing a local le.
Module 6, slide 3 of 48
Sun Services
NFS Benets
The benets of the NFS service are as follows: Allows multiple computers to use the same files, because all users on the network can access the same data Reduces storage costs by sharing applications on computers instead of allocating local disk space for each user application Provides data consistency and reliability, because all users can read the same set of files Supports heterogeneous environments, including those found on a personal computer (PC) Reduces system administration overhead
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Module 6, slide 4 of 48
Sun Services
Module 6, slide 5 of 48
Sun Services
export
opt
rdbms
rdbms
bin
lib
share
Module 6, slide 6 of 48
Sun Services
export
opt
rdbms
rdbms
bin
lib
share
Module 6, slide 7 of 48
Sun Services
Module 6, slide 8 of 48
Sun Services
Pseudo-File System
Server exports: /export_fs/local /export_fs/projects/nfs4 Server file systems: / /export_fs Exported directories
export_fs
export_fs
local
projects
payroll
local
projects
nfs4x
nfs4
nfs4
Module 6, slide 9 of 48
Sun Services
Strong Security
Remote Procedure Call (RPC) implementation of the General Security Service framework (GSS) New security flavor RPCSEC_GSS Used with Sun Enterprise Authentication Mechanism (SEAM) software Other GSS_API applications
Module 6, slide 10 of 48
Sun Services
Compound Procedures
NFS version 3
-> LOOKUP "export" <- OK ->LOOKUP "testdata" <- OK -> ACCESS "testdata" <- OK -> READ "testdata" <- OK (sends data)
NFS version 4
->OPEN "export/testdata" READ <- OPEN OK READ OK (sends data)
Module 6, slide 11 of 48
Sun Services
Extended Attributes
Mandatory Minimal level of operation Recommended Operating environment dependent Named Byte string, data associated with files or file system
Module 6, slide 12 of 48
Sun Services
File Handles
File handles are created on the server and contain information that uniquely identifies files and directories. NFS version 4 protocol permits a server to declare that its file handles are volatile. Clients must support volatile file handles if the server uses them. Upon file handle expiration, the client: Flushes the cached information that refers to that le handle. Searches for that le's new le handle. Retries the operation.
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Module 6, slide 13 of 48
Sun Services
Delegation
The server delegates the management of a file to a client. The server alone decides whether to grant a delegation. The new nfs4cbd (1M) daemon is used for callback. The server sends callback to get the updated state of the file and to revoke the delegation. Different NFS client versions behave differently when a conflict occurs. Delegation is enabled by default.
Module 6, slide 14 of 48
Sun Services
Module 6, slide 15 of 48
Sun Services
Module 6, slide 16 of 48
Sun Services
Module 6, slide 17 of 48
Sun Services
Module 6, slide 18 of 48
Sun Services
The /etc/default/nfs file The /etc/default/nfs file lists parameters that can be set for NFS daemon and NFS protocols.
Module 6, slide 19 of 48
Sun Services
If a system has entries in its /etc/dfs/dfstab le, the NFS server daemons start when the system enters the multi-user-server milestone.
Module 6, slide 20 of 48
Sun Services
In NFSv4, the features provided by the mountd and lockd daemons are integrated into the NFSv4 protocol.
Module 6, slide 21 of 48
Sun Services
Module 6, slide 22 of 48
Sun Services
Module 6, slide 23 of 48
Sun Services
Module 6, slide 24 of 48
Sun Services
Module 6, slide 25 of 48
Sun Services
To stop the NFS server daemons manually, perform the following command:
# svcadm disable svc:/network/nfs/server
Module 6, slide 26 of 48
Sun Services
Module 6, slide 27 of 48
Sun Services
Module 6, slide 28 of 48
Sun Services
Module 6, slide 29 of 48
Sun Services
Displaying currently shared NFS resources The dfshares command displays currently shared NFS resources.
# dfshares RESOURCE sys-02:/usr/local/data
Advanced System Administration for the Solaris 10 Operating System
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Module 6, slide 31 of 48
Sun Services
Module 6, slide 32 of 48
Sun Services
The /etc/mnttab file The /etc/mnttab file system provides read-only access to the table of mounted file systems for the current host. Mounting a file system adds an entry to the /etc/mnttab file.
Module 6, slide 33 of 48
Sun Services
Module 6, slide 34 of 48
Sun Services
Module 6, slide 35 of 48
Sun Services
Module 6, slide 36 of 48
Sun Services
Module 6, slide 37 of 48
Sun Services
Module 6, slide 38 of 48
Sun Services
When mounting a read-only remote resource, you can specify a comma-separated list of sources for the remote resource, which are then used as a list of failover resources.
# mount -o ro sys-45,sys-43,sys-41:/multi_homed_data / remote_shared_data
Module 6, slide 39 of 48
Sun Services
Mounting all file resources The /usr/sbin/mountall command mounts all file resources listed in the /etc/vfstab file with a mount at boot value of yes. To limit the action of this command to remote file resources, use the -r option.
# mountall -r
Module 6, slide 40 of 48
Sun Services
Mounting remote resources at boot time To mount a remote file resource at boot time, create an appropriate entry in the clients /etc/vfstab file. For example:
sys-02:/usr/local/data - /usr/remote_data nfs - yes soft,bg
Module 6, slide 41 of 48
Sun Services
Module 6, slide 42 of 48
Sun Services
Module 6, slide 43 of 48
Sun Services
Module 6, slide 44 of 48
Sun Services
For example:
global defaultdir=/var/nfs \ log=nfslog fhtable=fhtable buffer=nfslog_workbuffer
Module 6, slide 45 of 48
Sun Services
Create any directories you specify in /etc/nfs/nfslog.conf before starting NFS server logging.
Module 6, slide 46 of 48
Sun Services
4. Check that the NFS service is running on the server. 5. Run the share command to verify that the correct options are listed for the directory you shared.
Module 6, slide 47 of 48
Sun Services
Managing NFS With the Solaris Management Console Storage Folder Tools
You can manage the NFS system by using components of the storage folder tools from the default tool box of the Solaris Management Console. The Mounts and Shares tool lets you view, create, and manage several types of mounts and shares.
Module 6, slide 48 of 48
Sun Services
Module 7
Configuring AutoFS
Sun Services
Objectives
Describe the fundamentals of the AutoFS file system Use automount maps
Module 7, slide 2 of 17
Sun Services
AutoFS Fundamentals
AutoFS is a le system mechanism that provides automatic mounting using the NFS protocol. AutoFS is a client-side service. The AutoFS service mounts and unmounts le systems as required without any user intervention. The automount facility contains three components: The AutoFS file system The automountd daemon The automount command
Module 7, slide 3 of 17
Sun Services
AutoFS Fundamentals
RAM
AutoFS
=KJ
K J
Automount Maps
=KJ
K J@
Module 7, slide 4 of 17
Sun Services
AutoFS Fundamentals
AutoFS file system An AutoFS file systems mount points are defined in the automount maps on the client system. After the AutoFS mount points are set up, activity under the mount points can trigger file systems to be mounted under the mount points. If a mount request is made for an AutoFS resource not currently mounted, the AutoFS service calls the automountd daemon, which mounts the requested resource.
Module 7, slide 5 of 17
Sun Services
AutoFS Fundamentals
The automountd daemon The /lib/svc/method/svc-autofs script starts the automountd daemon. The automountd daemon mounts file systems on demand and unmounts idle mount points. The automount command The automount command, called at system startup time, reads the master map to create the initial set of AutoFS mounts. These AutoFS mounts are not automatically mounted at startup time, they are the points under which file systems are mounted on demand.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Module 7, slide 6 of 17
Sun Services
Module 7, slide 7 of 17
Sun Services
etc
auto_master /net /home /auto_direct /opt/moreapps pluto: /export/opt/apps -hosts auto_home auto_direct [options] [options] [options]
Module 7, slide 8 of 17
Sun Services
Module 7, slide 9 of 17
Sun Services
The -hosts map provides access to all resources shared by NFS servers. The auto_home map provides the mechanism to allow users to access their centrally located $HOME directories.
Module 7, slide 10 of 17
Sun Services
Module 7, slide 11 of 17
Sun Services
Creating a Direct Map Direct maps specify the absolute path name of the mount point, the specic options for this mount, and the shared resource to mount. For example:
# cat /etc/auto_direct # Superuser-created direct map for automounter # /apps/frame -ro,soft server1:/export/framemaker,v6.0 /opt/local -ro,soft server2:/export/unbundled /usr/share/man -ro,soft server3,server4,server5:/usr/share/man
Module 7, slide 12 of 17
Sun Services
Creating an indirect map Entries in an indirect map list the remainder of the preferred mount point, and the resource to mount. For example:
stevenu host5:/export/home/stevenu johnnyd host6:/export/home/johnnyd
Module 7, slide 13 of 17
Sun Services
The wildcard character (*) matches any key. The substitution character (&) at the end of the path is replaced with the matched key eld.
Module 7, slide 14 of 17
Sun Services
export home home mary ernie mary autofs autofs Mount on Demand by automountd auto_home etc
Module 7, slide 15 of 17
Sun Services
Module 7, slide 16 of 17
Sun Services
Starting the automount system To enable the service manually, enter the following command:
# svcadm enable svc:/system/filesystem/autofs
Module 7, slide 17 of 17
Sun Services
Module 8
Describing RAID and the Solaris Volume Manager Software
Sun Services
Objectives
Describe RAID Describe Solaris Volume Manager software concepts
Module 8, slide 2 of 22
Sun Services
Introducing RAID
RAID is a classication of methods to back up and to store data on multiple disk drives. The Solaris Volume Manager software uses metadevices, which are product-specic denitions of logical storage volumes, to implement RAID 0, RAID 1, RAID 1+0, and RAID 5: RAID 0: Non-redundant disk array (concatenation and striping) RAID 1: Mirrored disk array RAID 5: Block-interleaved striping with distributed parity
Module 8, slide 3 of 22
Sun Services
RAID 0
Concatenated volumes (or concatenations)
RAID 0 (Concatenation) Logical Volume Physical Slice A
Physical Slice B
Physical Slice C
Module 8, slide 4 of 22
Sun Services
RAID 0 (cont.)
Striped volumes (or stripes)
Physical Slice A Interlace 1 Interlace 4 Physical Slice B Interlace 2 Interlace 5 Physical Slice C Interlace 3 Interlace 6
Interlace 1 Interlace 4
Interlace 2 Interlace 5
Interlace 3 Interlace 6
Module 8, slide 5 of 22
Sun Services
RAID 1
Submirror 1 Interlace 1 Interlace 2 Interlace 3 Interlace 4 Solaris Volume Manager Submirror 1
Int 1 Int 2 Int 3 Int 4
Submirror 2
Int 1 Int 2 Int 3 Int 4
Module 8, slide 6 of 22
Sun Services
RAID 0+1
Physical Slice A Physical Slice B Physical Slice C Physical Slice D Physical Slice E Physical Slice F
Module 8, slide 7 of 22
Sun Services
RAID 1+0
Physical Slice A RAID 1 (Mirror) Logical Volume Physical Slice B RAID 1 (Mirror) Logical Volume Physical Slice C RAID 1 (Mirror) Logical Volume
Physical Slice D
Physical Slice E
Physical Slice F
Module 8, slide 8 of 22
Sun Services
Mirror Options
Mirror performance can be modied by using the following options: Mirror read policy Mirror write policy You can dene mirror options when you initially create the mirror or after you set up the mirror. You can distribute the load across the submirrors to improve read performance.
Module 8, slide 9 of 22
Sun Services
First
Module 8, slide 10 of 22
Sun Services
Serial
Module 8, slide 11 of 22
Sun Services
RAID 5
Interlace 1
Physical Slice A
P(4-6) Interlace 7
Physical Slice B
Interlace 3
Physical Slice C
P(1-3)
Physical Slice D
Module 8, slide 12 of 22
Sun Services
RAID 5 (cont.)
Requirements for RAID-5 Volumes The general conguration guidelines for conguring RAID-5 volumes are: Create a RAID-5 volume with a minimum of three slices. The more slices a RAID-5 volume contains, the longer read and write operations take when a slice fails. Do not stripe, concatenate, or mirror RAID-5 volumes. Do not create a RAID-5 volume from a slice that contains an existing file system, because you will erase the data during the RAID-5 initialization process.
Module 8, slide 13 of 22
Sun Services
RAID 5 (cont.)
When you create a RAID-5 volume, you can define the interlace value. If you do not specify a value, a default value of 16 Kbytes is assigned. A RAID-5 volume (with no hot spares) can only handle a single slice failure. To optimize performance, use slices across separate controllers when creating RAID-5 volumes. Use disk slices of the same size. Creating a RAID-5 volume of different-sized slices results in unused disk space on the larger slices.
Module 8, slide 14 of 22
Sun Services
RAID 5 (cont.)
Suggestions for RAID 5 Volumes The following general suggestions can help avoid common performance problems when using RAID-5 volumes: Because of the complexity of parity calculations, volumes with greater than about 20 percent writes should probably not be RAID-5 volumes. If data redundancy on a write-heavy volume is needed, consider mirroring. If the slices in the RAID-5 volume reside on different controllers and the accesses to the volume are primarily large sequential accesses, then setting the interlace value to 32 Kbytes might improve performance.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Module 8, slide 15 of 22
Sun Services
Hardware Considerations
For any given application there are trade-offs in performance, availability, and hardware costs. A few categories of information that you must address during the storage planning phase are: General storage guidelines Determining storage characteristics Storage performance guidelines
Module 8, slide 16 of 22
Sun Services
No
Yes
Module 8, slide 17 of 22
Sun Services
Module 8, slide 18 of 22
Sun Services
Module 8, slide 19 of 22
Sun Services
Logical Volume
SVM software uses virtual disks called logical volumes to manage physical disks and their associated data. You can create the Solaris Volume Manager software volumes from slices (disk partitions) or from other Solaris Volume Manager software volumes. The Enhanced Storage tool within the Solaris Management Console allows you to list, create, and modify any type of SVM software volumes or components.
Module 8, slide 20 of 22
Sun Services
Soft Partitions
Soft partitions provide a mechanism for dividing large storage spaces into smaller, more manageable sizes. Use soft partitioning to divide a slice or volume into as many divisions as needed. A soft partition, once named, can be directly accessed by applications, including le systems, as long as it is not included in another volume.
Module 8, slide 21 of 22
Sun Services
Module 8, slide 22 of 22
Sun Services
Module 9
Configuring Solaris Volume Manager Software
Sun Services
Objectives
Describe Solaris Volume Manager software concepts Build a RAID-0 (concatenated) volume Build a RAID-1 (mirror) volume for the root (/) file system
Module 9, slide 2 of 39
Sun Services
Module 9, slide 3 of 39
Sun Services
Module 9, slide 4 of 39
Sun Services
Module 9, slide 5 of 39
Sun Services
Module 9, slide 6 of 39
Sun Services
Module 9, slide 7 of 39
Sun Services
Creating the State Database Using the Solaris Management Console (cont.)
Module 9, slide 8 of 39
Sun Services
Creating the State Database Using the Solaris Management Console (cont.)
Module 9, slide 9 of 39
Sun Services
Conguring RAID-0
RAID-0 volumes let you expand disk storage capacity efciently. These volumes do not provide data redundancy, but can be used to expand disk storage capacity. RAID-0 comes in two forms, stripes and concatenations. Striping enables parallel data access because multiple controllers can access the data at the same time. A stripe distributes data equally across all slices in the stripe. A concatenated volume writes data to the first available slice. When the first slice is full, the volume writes data to the next available slice.
Module 9, slide 10 of 39
Sun Services
In this example, assume that the /export/home (/dev/dsk/c0t0d0s7) file system is almost at capacity. A new slice from another disk will be concatenated to it, making a RAID-0 concatenated volume.
Module 9, slide 11 of 39
Sun Services
The -f option is required if one of these slices is currently mounted. The metadevice name used for this concatenation is d0. In a concatenation, the number of stripes is equal to the number of slices being added, in this case 2. The number of slices in each stripe is one, so the number 1 appears before each slice.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Module 9, slide 12 of 39
Sun Services
Module 9, slide 13 of 39
Sun Services
The existing file system needs to be grown into the new space. This is done with the growfs command. Use the option -M to specify a mount point:
# growfs -M /export/home /dev/md/rdsk/d0 ...
Module 9, slide 14 of 39
Sun Services
Module 9, slide 15 of 39
Sun Services
Module 9, slide 16 of 39
Sun Services
Module 9, slide 17 of 39
Sun Services
Module 9, slide 18 of 39
Sun Services
Module 9, slide 19 of 39
Sun Services
Conguring RAID-1
RAID-1 volumes are also known as mirrors and provide data redundancy. A RAID-1 volume maintains identical copies of the data in the RAID-0 volumes from which it is made. Using multiple submirrors A mirror is made of two or more RAID-0 volumes. The mirrored RAID-0 volumes are called submirrors. A mirror consisting of two submirrors is known as a two-way mirror. You can attach or detach a submirror from a mirror at any time.
Module 9, slide 20 of 39
Sun Services
Module 9, slide 21 of 39
Sun Services
Module 9, slide 22 of 39
Sun Services
Module 9, slide 23 of 39
Sun Services
Module 9, slide 24 of 39
Sun Services
Module 9, slide 25 of 39
Sun Services
Creating the RAID-1 volume The following metainit example creates a mirrored volume named d10. This command attaches the volume d11 as a submirror of the mirror named d10.
# /usr/sbin/metainit d10 -m d11 d10: Mirror is setup
Module 9, slide 26 of 39
Sun Services
Module 9, slide 27 of 39
Sun Services
Attaching the secondary submirror Attach the secondary submirror by using the metattach command:
# metattach d10 d12 d10: submirror d12 is attached
Module 9, slide 28 of 39
Sun Services
Module 9, slide 29 of 39
Sun Services
Redefine the boot-device variable to reference both the primary and secondary submirrors, in the order in which you want to access them.
ok setenv boot-device disk backup_root net boot-device= disk backup_root net
Module 9, slide 30 of 39
Sun Services
Module 9, slide 31 of 39
Sun Services
Module 9, slide 32 of 39
Sun Services
0 1
Sector 0 = mboot + fdisk Partition table Sector 0 = stage1 Sector 1 + 2 = disk label + VTOC
Module 9, slide 33 of 39
Sun Services
Module 9, slide 34 of 39
Sun Services
Module 9, slide 35 of 39
Sun Services
Module 9, slide 36 of 39
Sun Services
Module 9, slide 37 of 39
Sun Services
Module 9, slide 38 of 39
Sun Services
Module 9, slide 39 of 39
Sun Services
Module 10
Configuring Role-Based Access Control (RBAC)
Sun Services
Objectives
Describe RBAC fundamentals Describe component interaction within RBAC Manage RBAC by using the Solaris Management Console Manage RBAC by using the command line
Sun Services
RBAC Fundamentals
In conventional UNIX systems, the root user (also referred to as the superuser) has the ability to perform any task. In systems implementing RBAC, individual users can be assigned to roles, where roles are associated with rights proles. Rights proles list the rights to run specic commands and applications with escalated privileges. Roles can also be assigned authorizations. An authorization grants access to restricted functions in RBAC compliant applications.
Sun Services
Sun Services
Sun Services
Roles
A role is a special identity, similar to a user account, used to run privileged applications or commands. You assign users to roles so those users can run the commands associated with those roles. No predefined roles are shipped with the Solaris 10 OS. You assign rights profiles to a role when you define a role. The roles command lists the roles a user has been assigned:
# roles root No roles
Sun Services
Sun Services
Each line starts with the rights profile name. The middle fields are not used, and the last two fields hold a comment and a pointer to a help file.
Sun Services
Every account has the All rights profile. It allows any command to be executed, but with special security attributes. Other rights profiles given to all new user accounts are defined in the /etc/security/policy.conf file.
# grep 'PROFS' /etc/security/policy.conf PROFS_GRANTED=Basic Solaris User
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
This example associates the level1 role with the user chris:
# usermod -R level1 chris #
Sun Services
Using Roles
As it is not possible to directly log in to a role account, log in as a regular user rst. The roles command shows the roles available to your account.
$ id uid=103(paul) gid=1(other) $ roles level1
Sun Services
Authorizations
An authorization grants access to restricted functions in RBAC-compliant applications. Some applications and commands in the Solaris 10 OS are written to check the authorizations of the user calling them. The predened authorizations are listed in the /etc/security/auth_attr le.
# cat /etc/security/auth_attr (output omitted) solaris.jobs.:::Job Scheduler::help=JobHeader.html solaris.jobs.admin:::Manage All Jobs::help=AuthJobsAdmin.html solaris.jobs.grant:::Delegate Cron & At Administration::help=JobsGrant.html ...
Sun Services
Default Authorizations
All users have the Basic Solaris User prole by default.
# profiles chris Printer Management Basic Solaris User All
The Basic Solaris User prole grants users access to all listed authorizations. The All prole grants unrestricted access to all Solaris OS commands that have not been restricted by a denition in a previously listed authorization.
Sun Services
Assigning Authorizations
Authorizations can be assigned to user accounts. Authorizations can also be assigned to roles or embedded in a rights prole, which can be assigned to a user or role. Authorizations may be assigned from the command line or with SMC. This example shows the useradd command used with the -A option to add an authorization to a user:
# usermod -A solaris.jobs.admin chris
Sun Services
Assigning Authorizations
The usermod command automatically updates the /etc/user_attr le with this new information.
# grep chris /etc/user_attr chris::::type=normal;auths=solaris.jobs.admin;profiles=Printer Management
Sun Services
Sun Services
Sun Services
Sun Services
FH B =JJH
Profiles
ANA? =JJH
Privileges
Sun Services
=HEI IOIJA
From the
AJ? KIAH =JJH database: A FH BE AI ,ALE?A = =CA A J ) H = =KJDI I = =CA A J .E AIOIJA @=JA H AI IOI=@ E
JOFA
=HEI IOIJA
2HE JAH = =CA A J = =CA FHE JAHI @=A I IF E C DA F 4J2H J)@ E DJ =KJDI I =HEI =@ E @ E FHE JAH @EBO I =HEI =@ E FHE JAH @A AJA
From the
AJ? IA?KHEJO ANA? =JJH database: = = = = = =CA =CA =CA =CA =CA A A A A A J J J J J IKIAH IKIAH IKIAH IKIAH IKIAH ? ? ? ? ? @ @ @ @ @ KIH KIH AJ? KIH KIH I>E K?> E EJ >E E> =??AFJ AKE@ F FG AKE@ @ F AKE@ FIJ=J AKE@ F FI?DA@ KE@
Sun Services
Sun Services
Sun Services
Sun Services
Module 11
Configuring System Messaging
Sun Services
Objectives
Describe the fundamentals of the syslog function Configure the /etc/syslog.conf file Configure syslog messaging Use the Solaris Management Console log viewer
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
"
Selector Field
Action Field
IOI
C@
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Jun 14 13:15:39 host1 inetd[2359]:[ID 317013 daemon.notice] telnet[2361] from 192.9.200.1 45800
Sun Services
Sun Services
Sun Services
Module 12
Using Name Services
Sun Services
Objectives
Describe the name service concept Describe the name service switch file /etc/nsswitch.conf Describe the name service cache daemon (nscd) Get name service information
Sun Services
Sun Services
AJ? IIMEJ?D ?
AJ? D IJI
Local File
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Module 13
Configuring Name Service Clients
Sun Services
Objectives
Configure a DNS client Configure an LDAP client
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Client Authentication
An LDAP client must establish a session with an LDAP server. This authentication process is known as binding. After a client is authenticated, it can then perform operations, such as search and modify, on the data.
Sun Services
Client Authentication
Details on how the client is authenticated and what data the client is authorized to access is maintained on the LDAP server. To avoid having to re-enter the same information for each and every client, a single client prole is created on the directory server.
Sun Services
Sun Services
Client Initialization
The client profile and proxy account are created as part of the Sun Java Directory Server setup procedures on the Solaris 10 OS. By default, the client profile named default and the proxy account proxyagent are created under a special profile directory entry. When the Solaris LDAP client is initialized, a copy of the client profile is retrieved from the server and stored on disk.
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Module 14
Configuring the Network Information Service (NIS)
Sun Services
Objectives
Describe NIS fundamentals Configure the name service switch file Describe NIS security Configure an NIS domain Build custom NIS maps Troubleshoot NIS
Sun Services
NIS Fundamentals
NIS facilitates the creation of server systems that act as central repositories for several of the administrative les found on UNIX systems. The benets of NIS include the following: Centralized administration of configuration files Better scaling of configuration file administration as networks grow NIS is organized into named administrative domains. Within each domain there is one NIS master server, zero or more slave servers, and one or more clients.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Sun Services
Sun Services
Sun Services
NIS Domains
An NIS domain is a collection of hosts and interconnecting networks that are organized into a single administrative authority. Each NIS domain contains: One NIS master server NIS slave servers (optional) NIS clients
Sun Services
Sun Services
Sun Services
NIS Clients
Within each domain, the NIS clients have the following characteristics: Do not contain the original source ASCII files used to build the NIS maps Do not contain any NIS maps Bind to the master server or to a slave server to obtain access to the administrative file information contained in that servers NIS maps Dynamically rebind to another server in case of server failure Make all appropriate system calls aware of NIS
Sun Services
NIS Processes
The main daemons involved in the running of an NIS domain are as follows: The ypserv daemon The ypbind daemon The rpc.yppasswdd daemon The ypxfrd daemon The rpc.ypupdated daemon
Sun Services
Changing lookup requests to go from NIS to files Entries in /etc/nsswitch.conf with the following form cause requests to search NIS first, and then files:
hosts: nis [NOTFOUND=return] files
Sun Services
NIS Security
Just as NIS makes the network information more manageable, it can also create inadvertent security holes. Two methods of closing these security holes are using the securenets le to restrict access to a single host or to a subnetwork, and using the passwd.adjunct le to limit access to the password information across the network.
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
10.Before starting the ypserv daemon on the slave server, stop the client with the following command:
# svcadm disable svc:/network/nis/client:default
11. When the NIS server is started, it also starts the ypbind client daemon.
# svcadm enable svc:/network/nis/server:default
Sun Services
Sun Services
Module 15
Introduction to Zones
Sun Services
Objectives
Identify the different zones features Understand how and why zone partitioning is used Configure zones Install zones Boot zones Administer packages with zones Upgrade the Solaris 10 OS with installed zones
Sun Services
Solaris Zones
Solaris zones technology enables software partitioning of a Solaris 10 OS to support multiple instances of the operating system services with independent process space, allocated resources, and users. Zones provide virtual operating system services that look like different Solaris instances to users and applications. Solaris zones allow administrators to dedicate system resources to individual zones. Each zone exists with separate process and le system space, and can only monitor and interact with local processes.
Sun Services
Zone Features
Security Isolation Virtualization Granularity Transparency
Sun Services
Zone Types
The Solaris Operating System supports two types of zones: Global Non-global
Sun Services
Global Zones
Every Solaris system contains a global zone. The global zone has two functions: It is the default zone for the system. It is the zone used for system-wide administrative control. The global zone is the only zone from which a non-global zone can be congured, installed, managed, or uninstalled. The global zone contains a complete installation of the Solaris system software packages.
Sun Services
Global Zones
Each zone, including the global zone, is assigned a zone name. The global zone always uses the name global. Non-global zones must have user-dened names. The system always assigns zone ID 0 to the global zone. The system assigns non-zero zone IDs to non-global zones when they boot.
Sun Services
Non-Global Zones
Non-global zones contain an installed subset of the complete Solaris Operating System software packages. They can also contain Solaris software packages shared from the global zone and additional installed software packages not shared from the global zone. Non-global zones share operation under the Solaris kernel booted from the global zone. Non-global zones are not aware that any other zones exist.
Sun Services
Zone Daemons
The system uses two daemons to control zone operation, zoneadmd and zsched. The zoneadmd daemon is the primary process for managing the zones virtual platform. The zoneadmd daemon is responsible for the following: Managing zone booting and shutting down Allocating the zone ID and starting the zsched system process Setting zone-wide resource controls Preparing the zones devices as specified in the zone configuration
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision C
Sun Services
Zone Daemons
The zoneadmd daemon is also responsible for the following: Plumbing virtual network interfaces Mounting loopback and conventional file systems The zsched process involves the following: Every active zone has an associated kernel process, zsched. The zsched process enables the zones subsystem to keep track of per-zone kernel threads. Kernel threads doing work on behalf of the zone are owned by zsched.
Sun Services
Sun Services
Sun Services
Sun Services
Zone Networking
Each non-global zone that requires network connectivity has one or more dedicated IP addresses. These addresses are associated with logical network interfaces that can be placed in a zone by using the ifconfig command. For example, if the primary network interface in the global zone is ce0, then the non-globals logical network interface might be ce0:1. Logical interfaces are automatically assigned the next available identifier, for example, ce0:2, ce0:3.
Sun Services
Zone States
As you congure a non-global zone, bring it into operation, use the zone, reboot, or shut it down, the state that the zoneadm command reports for that zone changes. The zoneadm command reports the following zone states: Undefined Configured Incomplete Installed Ready Running Shutting down and Down
Module 15, slide 15 of 45
Sun Services
Conguring Zones
Conguring a zone requires completing the following tasks: Identifying the components that will make up the zone Configuring the zone with the zonecfg command Verifying and committing the configured zone
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Zone installation takes time to complete. Booting a zone Booting a zone places the zone in the running state.
global# zoneadm -z work-zone boot global# zoneadm list -v ID NAME STATE PATH 0 global running / 1 work-zone running /export/work-zone
Sun Services
Sun Services
The first time that you connect to the zones virtual console, the system identification process starts automatically. The ~. (tilde dot) character sequence terminates the console connection.
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Module 16
Introduction to the ZFS File System
Revision A
Sun Services
Objectives
Describe the Solaris ZFS file system Create new ZFS pools and file systems Modify ZFS file system properties Mount and unmount ZFS file systems Destroy ZFS pools and file systems Work with ZFS snapshots and Clones Use ZFS datasets with Solaris Zones
Sun Services
Sun Services
What Is ZFS?
ZFS Snapshots ZFS snapshots are read-only copies of file systems that initially consume no additional space in a pool. Simplified Administration ZFS uses a simplified command set, uses an hierarchical file system layout, supports file system property inheritance and automatic mount points.
Sun Services
ZFS Terminology
checksum - A 256-bit hash of the data in a file system block. clone - A file system whose initial contents are identical to the contents of a snapshot. dataset - A generic name for the following ZFS entities: clones, file systems, snapshots, or volumes. file system - A dataset that contains a standard POSIX file system. mirror - A virtual device that stores identical copies of data on two or more disks.
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Pool
File (for test only)
Disk slice
Sun Services
Sun Services
01 001 0 1
Data 01 1 10
0 Stripe 2 1 0 1 0 1 0
00
Stripe 3
10
36
01
36
36
36
36
36
Sun Services
Sun Services
Stripe 1
10
01 001
Data
01 1 1
00 0
Stripe 2
10
Mirror device
01
Mirror device
36
36
36
36
Sun Services
Sun Services
If you are creating a RAID-Z conguration with many disks, as in this example, a RAID-Z conguration with 14 disks is better split into a two 7-disk groupings. RAID-Z congurations with single-digit groupings of disks should perform better.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Sun Services
RAID-Z device
36
36
36
Sun Services
Sun Services
Stripe 1
00
0101
Data
01 1 1
00 0
Stripe 2
10
RAID-Z device
01
RAID-Z device
Sun Services
Sun Services
Sun Services
Creating a Single-Parity RAID-Z Storage Pool Creating a RAID-Z pool is identical to creating a mirrored pool, except that the raidz keyword is used instead of mirror.
# zpool create tank raidz c1t0d0 c2t0d0 c3t0d0 c4t0d0 /dev/dsk/c5t0d0
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Sun Services
Sun Services
Some of these errors can be overridden by using the -f option, but most errors cannot.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
If the le system to be destroyed is busy and so cannot be unmounted, the zfs destroy command fails. The zfs destroy command also fails if a le system has children.
System Administration for the Solaris 10 Operating System, Part 2
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Sun Services
Sun Services
The following example shows how to use zfs rename to relocate a le system.
# zfs rename tank/home/maybee tank/ws/maybee
Sun Services
ZFS Properties
Properties provide the main mechanism that you use to control the behavior of le systems, volumes, snapshots, and clones. Properties are either read-only statistics or settable properties. Most settable properties are also inheritable. An inheritable property is a property that, when set on a parent, is propagated to all of its descendants.
Sun Services
Sun Services
Type
String
Default Value
secure
Description
Controls how ACL entries are inherited when les and directories are created. Controls how an ACL entry is modied during a chmod operation Controls whether the access time for les is updated when they are read.
aclmode
String
groupmask
atime
Boolean
on
Type
Number
Default Value
N/A
Description
Read-only property that identies the amount of space available to the dataset and all its children, assuming no other activity in the pool. Controls the checksum used to verify data integrity. Controls the compression algorithm used for this dataset. Read-only property that identies the compression ratio achieved for this dataset. Read-only property that identies the date and time that this dataset was created.
checksum compression
compressratio
on off N/A
creation
Number
N/A
Type
Boolean
Default Value
on
Description
Controls whether device nodes found within this le system can be opened. Controls whether programs within this le system are allowed to be executed. Read-only property that indicates whether this le system, clone, or snapshot is currently mounted. Controls the mount point used for this le system.
exec
Boolean
on
mounted
Boolean
N/A
mountpoint
String
N/A
Type
String
Default Value
N/A
Description
Read-only property for cloned le systems or volumes that identies the snapshot from which the clone was created. Limits the amount of space a dataset and its descendants can consume. Controls whether this dataset can be modied. Species a suggested block size for les in the le system. Read-only property that identies the amount of data accessible by this dataset.
quota
Number none (or none) Boolean Number Number off 128K N/A
Type
Default Value
Description
The minimum amount of space guaranteed to a dataset and its descendants. Controls whether the le system is available over NFS, and what options are used. Controls whether setuid the bit is honored in the le system. Controls whether the .zfs directory is hidden or visible in the root of the le system. Read-only property that identies the dataset type as lesystem (le system or clone), volume, or snapshot.
sharenfs
setuid snapdir
Boolean String
on hidden
type
String
N/A
Type
Number
Default Value
N/A
Description
Read-only property that identies the amount of space consumed by the dataset and all its descendants. For volumes, species the logical size of the volume. For volumes, species the block size of the volume. Indicates whether this dataset has been delegated to a non-global zone.
volsize
Number
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
The -s option to zfs get enables you to specify, by source value, the type of properties to display.
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
This command does not mount legacy managed le systems. When a le system mounts, it uses a set of mount options based on the property values associated with the dataset.
Sun Services
To temporarily change a property on a le system that is currently mounted, you must use the special remount option.
Sun Services
In the following example, the le system is unmounted by specifying its mount point:
# zfs unmount /export/home/tabriz
Sun Services
If you type the appropriate URL and are unable to reach the ZFS Administration console, the server might not be started. To start the server, run the following command:
# /usr/sbin/smcwebserver start
If you want the server to run automatically when the system boots, run the following command:
# /usr/sbin/smcwebserver enable
Sun Services
ZFS Snapshots
A snapshot is a read-only copy of a le system or volume. Snapshots are created almost instantly, and initially consume no additional disk space within the pool. ZFS snapshots include the following features: Snapshots persist across system reboots. The theoretical maximum number of snapshots is 264. Snapshots use no separate backing store. Snapshots consume disk space directly from the same storage pool as the file system from which they were created.
Sun Services
The following example creates a snapshot of tank/home/ ahrens that is named friday.
# zfs snapshot tank/home/ahrens@friday
Sun Services
A dataset cannot be destroyed if snapshots of the dataset exist. In addition, if clones have been created from a snapshot, then they must be destroyed before the snapshot can be destroyed.
Sun Services
Displaying and Accessing ZFS Snapshots Snapshots of le systems are accessible in the .zfs/ snapshot directory within the root of the containing le system. For example:
# ls /home/ahrens/.zfs/snapshot tuesday wednesday thursday
Sun Services
You can list snapshots that were created for a particular le system as follows:
# zfs list -r -t snapshot -o name,creation pool/home NAME CREATION pool/home/anne@monday Mon Mar 13 11:46 2006 pool/home/bob@monday Mon Mar 13 11:46 2006
Sun Services
ZFS Snapshots
Snapshot Space Accounting When you create a snapshot, its space is initially shared between the snapshot and the le system, and possibly with previous snapshots. As the le system changes, space that was previously shared becomes unique to the snapshot, and thus is counted in the snapshots used property. Additionally, deleting snapshots can increase the amount of space unique to (and thus used by) other snapshots.
Sun Services
Sun Services
ZFS Clones
A clone is a writable volume or le system whose initial contents are the same as the snapshot from which it was created. As with snapshots, creating a clone is nearly instantaneous, and initially consumes no additional disk space. You can only create clones from a snapshot. When you clone a snapshot, an implicit dependency is created between the clone and snapshot. A clone does not inherit properties from the dataset from which it was created.
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services
Sun Services