Escolar Documentos
Profissional Documentos
Cultura Documentos
lucreaten newBE
lustatus
luactivate newBE
ludelete BE
luupgrade or patchadd
beadmlist
beadmactivate newBE
beadmdestroy BE
pkgupdate
Description
Create a new BE
Display BE information
Activate a BE
Destroy an inactive BE
Upgrade or update a BE
2.
3.
4.
#beadmlist
BEActiveMountpointSpacePolicyCreated
solarisNR/12.24Gstatic2011100409:42
In the above output, NR means the BE is active now and will be the active BE on reboot.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
#pkgupdate
Packagestoremove:117
Packagestoinstall:186
Packagestoupdate:315
Createbootenvironment:Yes
DOWNLOADPKGSFILESXFER(MB)
Completed618/61829855/29855600.7/600.7
.
.
.
If your existing BE name is solaris, a new BE, solaris1, is created and automatically activated after
the pkgupdate operation is complete.
15.
Reboot the system to complete the BE activation. Then, confirm your BE status.
16.
17.
18.
19.
#init6
.
.
.
20.
21.
22.
23.
#beadmlist
BEActiveMountpointSpacePolicyCreated
solarisNR/12.24Gstatic2011100409:42
solaris16.08Gstatic2011101110:42
24.
If an error occurs when booting the new BE, activate and boot to the previous BE.
#beadmactivatesolaris1
Rollback operation
1.Any time you can rollback the Solaris 11 to old boot environment using below command.
root@Unixarena-SOL11:~# beadm activate solaris
root@Unixarena-SOL11:~# beadm list
BE
--
UA-NEW N
solaris R
/
/old-be
root@Unixarena-SOL11:~#
N- Active now
R- Active upon Reboot
#zfsgetsharerpool/fs1
NAMEPROPERTYVALUESOURCE
rpool/fs1sharename=rpool_fs1,path=/rpool/fs1,prot=nfslocal
The new share information is not available in the zfsgetall command syntax.
If you create a share of a newly created ZFS file system, use the zfsgetshare command to identify the share
name name or the sharepath name. For example:
#zfscreateomountpoint=/dataosharenfs=onrpool/data
#zfsgetsharerpool/data
NAMEPROPERTYVALUESOURCE
rpool/datasharename=data,path=/data,prot=nfs
local
The zfsshare property is not inherited from a parent to a descendent file system. In addition, the zfs
setshare command does not support the r option to set a ZFS property on descendent file systems.
If the sharenfs or the sharesmb property is set on a parent file system, the sharenfs or
the sharesmb property is also set on the descendent file systems. For example:
#zfscreateomountpoint=/dsrpool/ds
#zfssetshare=name=ds,path=/ds,prot=nfsrpool/ds
name=ds,path=/ds,prot=nfs
#zfssetsharenfs=onrpool/ds
#cat/etc/dfs/sharetab
/dsrpool_dsnfssec=sys,rw
#zfscreaterpool/ds/ds1
#zfsgetsharenfsrpool/ds/ds1
NAMEPROPERTYVALUESOURCE
rpool/ds/ds1sharenfsoninheritedfromrpool/ds
Any existing child file system also inherits the parent's sharenfs or sharesmb property value.
If the sharenfs or the sharesmb property is set to off on the parent file system, the sharenfs property or
the sharesmb property is set is to off on the descendent file systems. For example:
#zfssetsharenfs=offrpool/ds
$zfsgetrsharenfsrpool/ds
NAMEPROPERTYVALUESOURCE
rpool/dssharenfsofflocal
rpool/ds/ds1sharenfsoffinheritedfromrpool/ds
rpool/ds/ds2sharenfsoffinheritedfromrpool/ds
rpool/ds/ds3sharenfsoffinheritedfromrpool/ds
#zfscreateomountpoint=/dsosharenfs=onrpool/ds
#zfssetshare=name=ds,path=/ds,prot=nfsrpool/ds
name=ds,path=/ds,prot=nfs
Then, add the SMB protocol:
#zfssetshare=name=ds,prot=nfs,prot=smbrpool/ds
name=ds,path=/ds,prot=nfs,prot=smb
Remove the SMB protocol:
#zfssetcshare=name=ds,prot=smbrpool/ds
name=ds,path=/ds,prot=nfs
#zfsgetshare
NAMEPROPERTYVALUESOURCE
rpool/dssharename=ds,path=/ds,prot=nfslocal
Then, remove the share by identifying the sharename name. For example:
#zfssetcshare=name=dsrpool/ds
share'ds'wasremoved.
If a share is established by creating a default share, when the file system is created, then a share can be removed by
the sharename name or the sharepath name. For example, this share is given a default sharename name, data, and
a default sharepath name, /data.
#zfscreateomountpoint=/dataosharenfs=onrpool/data
#zfsgetsharerpool/data
NAMEPROPERTYVALUESOURCE
rpool/datasharename=data,path=/data,prot=nfslocal
Remove the share by identifying the sharename name. For example:
#zfssetcshare=name=datarpool/data
share'data'wasremoved.
Remove the share by identifying the sharepath name. For example:
#zfssetcshare=path=/datarpool/data
share'data'wasremoved.
If a ZFS file system is mounted and available in a non-global zone, it can be shared in that zone.
A file system can be shared in the global zone if it is not mounted in a non-global zone or is not shared to a
non-global zone.
If a ZFS file system's mountpoint property set to legacy, the file system can be shared by using the
legacy share command.
For example, the /export/home/data and /export/home/data1 file systems are available in
the zfszone.
zfszone#shareFnfs/export/home/data
zfszone#cat/etc/dfs/sharetab
/export/home/dataexport_home_datanfssec=sys,rw
zfszone#zfssetshare=name=data1,path=/export/home/data1,prot=nfs
tank/zones/export/home/data1
zfszone#zfssetsharenfs=ontank/zones/export/home/data1
zfszone#cat/etc/dfs/sharetab
/export/home/data1data1nfssec=sys,rw
2.
3.
2.
3.
Unshare the Set the sharenfs property to off. Set the sharenfs property to off.
ZFS file
system.
#zfssetsharenfs=off
#zfssetsharenfs=offtank/fs1
tank/fs1
Set the sharesmb property to off. Set the sharesmb property to off.
#zfssetsharesmb=off
tank/fs2
#zfssetsharesmb=offtank/fs2
Create a
Set the sharenfs property to on. Set the sharenfs property to on.
permanent
NFS share. #zfssetsharenfs=on
#zfssetsharenfs=ontank/fs1
tank/fs1
#sharemgrcreatePsmb
fssmb
#sharemgraddsharerfs
smbs/tank/fs2fssmb
You can't share a parent file system if a subdirectory or descendent file system is already shared.
#shareFnfs/rpool/fs2/dir1
#shareFnfs/rpool/fs2/dir2
#shareFnfs/rpool/fs2
share:NFS:descendantofpathisshared:/rpool/fs2/dir1in
rpool_fs2_dir2
Renaming a share that is created with the zfssetshare command is not supported.
You can create a file system share with both NFS and SMB protocols by using the zfsset
#zfssetshare=name=ds,path=/ds,prot=nfs,prot=smbrpool/ds
name=ds,path=/ds,prot=nfs,prot=smb
If you want to create a file system share with both NFS and SMB protocols by using the
legacy share command, you must specify the command twice. For example:
#shareFnfs/rpool/ds
#shareFsmb/rpool/ds
#zfsgetsharerpool/df
name=rpool_ds,path=/rpool/ds,prot=nfs,prot=smb
A share path or description that includes a comma (,) must be quoted with double quotes.
Things have changed since Solaris 10 (and Solaris 11 Express too!) on how to properly set up a CIFS server on your
Solaris 11 machine so that Windows clients can access files. There's some documentation on the changes here, but
let me share the full instructions from beginning to end.
hostname: adrenaline
username: paulie
poolname: pool
mountpnt: /pool
share: mysharename
Default Share
IPC$
Remote IPC
mysharename
3 shares (total=3, read=3)
Enable an existing UNIX user for CIFS sharing (you may have to reset the password again eg.`passwd
paulie` )
Edit pam to allow for smb authentication (add line to end of file)
Solaris 11 GA only:
other
password required
pam_smb_passwd.so.1 nowarn
Solaris 11 U1 or later:
password required
pam_smb_passwd.so.1 nowarn
\\adrenaline\mysharename
About once a year, I'll find a way to lock myself out of a Solaris system. Here's how to get out of this scenario. You'll
need a Solaris 11 Live CD or Live USB stick.
Switch to root
$ sudo su
password jack
# vi /a/etc/shadow
Convert
username:iEwei23SamPleHashonf0981:15746::::::17216
to
username::15746::::::17216
$ vi /a/etc/default/login
# bootadm update-archive -R /a
# reboot
If prompted for a password, hit return since this has now been blanked.
# cat /etc/openldap/slapd.conf
include
/etc/openldap/schema/core.schema
include
/etc/openldap/schema/cosine.schema
include
/etc/openldap/schema/inetorgperson.schema
include
/etc/openldap/schema/nis.schema
pidfile
/var/openldap/run/slapd.pid
argsfile
/var/openldap/run/slapd.args
database
bdb
suffix
"dc=buford,dc=hillvalley"
rootdn
"cn=admin,dc=buford,dc=hillvalley"
rootpw
secret
directory
/var/openldap/openldap-data
index
objectClass
eq
You may want to change the lines suffix and rootdn to better represent your network naming schema. My LDAP
server's hostname is buford and domain name is hillvalley. You will need to add additional domain components (dc=)
if the name is longer. This schema assumes the LDAP manager will be called admin. Its password is 'secret'. This is
in clear-text just as an example, but you can generate a new one using slappasswd:
# cat /etc/openldap/schema/hillvalley.ldif
dn: dc=buford,dc=hillvalley
objectClass: dcObject
objectClass: organization
o: bufford.hillvalley
dc: buford
dn: ou=groups,dc=buford,dc=hillvalley
objectCLass: top
objectClass: organizationalunit
ou: groups
dn: ou=users,dc=buford,dc=hillvalley
objectClass: top
objectClass: organizationalunit
ou: users
dn: cn=world,ou=groups,dc=buford,dc=hillvalley
objectClass: top
objectClass: posixGroup
cn: world
gidNumber: 1001
dn: uid=paulie,ou=users,dc=buford,dc=hillvalley
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: Paul Johnson
uid: paulie
uidNumber: 1001
gidNumber: 1001
homeDirectory: /paulie/
loginShell: /usr/bin/bash
userPassword: secret
I've created a single group, world, and a single user, paulie. Both share the uid and gid of 1001. LDAP supports lots
of additional variables for configuring a user and group account, but I've kept it basic in this example. Once again, be
sure to change the domain components to match your network. Feel free to also change the user and group details.
I've left the userPassword field in clear-text as 'secret'. The same slappasswd method above applies here as well. It's
time to turn on the server, but first, let's change some ownership permissions:
12:13:49 svc:/network/ldap/server:openldap_24
auth required
pam_unix_auth.so.1
to
auth binding
pam_unix_auth.so.1 server_policy
auth required
pam_ldap.so.1
That's it! Finally, reboot your system and see if you can login with your newly created user.
Update: Glenn Faden wrote an excellent guide to configuring OpenLDAP using the native Solaris user/group/role
management system.
"/etc/namedb/working";
pid-file
"/var/run/named/pid";
dump-file
"/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
forwarders { 208.67.222.222; 208.67.220.220; };
};
zone "hillvalley" {
type master;
file "/etc/namedb/master/hillvalley.db";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/namedb/master/1.168.192.db";
};
My forwarders use the OpenDNS servers, so any request that the local DNS server can't process goes through there.
I've also setup two zones: hillvalley.db for my forward zone and 1.168.192.db for my reverse zone. We need both for
a proper configuration. We also need to create some directories to support this file:
IN
SOA
griff.hillvalley. paulie.griff.hillvalley. (
hillvalley.
IN
NS
griff.hillvalley.
delorean
IN
192.168.1.1
biff
IN
griff
IN
buford
IN
; Router
marty
IN
192.168.1.104 ; Workstation
doc
IN
192.168.1.105 ; Laptop
jennifer
IN
192.168.1.106 ; Boxee
lorraine
IN
192.168.1.107 ; Boxee
Reverse File
IN
SOA
griff.hillvalley. paulie.griff.hillvalley. (
IN
NS
griff.hillvalley.
IN
PTR
delorean.hillvalley.
; Router
101
IN
PTR
biff.hillvalley.
; NFS Server
102
IN
PTR
griff.hillvalley.
; DNS Server
103
IN
PTR
buford.hillvalley.
; LDAP Server
104
IN
PTR
marty.hillvalley.
; Workstation
105
IN
PTR
doc.hillvalley.
; Laptop
106
IN
PTR
jennifer.hillvalley.
; Boxee
107
IN
PTR
lorraine.hillvalley.
; Boxee
I love BTTF
Feel free to tweak this example to match your own network. Finally, enable the DNS service and check that it's online:
22:32:20 svc:/network/dns/server:default
application
config/value_authorization astring
service.dns.client
solaris.smf.value.name-
config/nameserver
net_address 192.168.1.102
config/domain
astring
hillvalley
config/search
astring
hillvalley
And enable:
192.168.1.102
Address:
192.168.1.102#53
Name:
lorraine.hillvalley
Address: 192.168.1.107
192.168.1.102
Address:
192.168.1.102#53
1.1.168.192.in-addr.arpa
name = delorean.hillvalley.
I recently needed to create a two port active:standby IPMP group to be served over Infiniband on Solaris 11. Wow
that's a mouthful of terminology! Here's how I did it:
List available IB links
HCAGUID
PORTGUID
PORT STATE
PKEYS
net5
21280001CF4C96
21280001CF4C97
up
FFFF
net6
21280001CF4C96
21280001CF4C98
up
FFFF
PKEY
OVER
STATE
FLAGS
p8001.net5
8001
net5
unknown
----
p8001.net6
8001
net6
unknown
----
TYPE
STATE
ADDR
p8001.net5/ipv4
static
ok
192.168.1.101/24
p8001.net6/ipv4
static
ok
192.168.1.102/24
CLASS/TYPE STATE
UNDER
ADDR
ipmp0
ipmp
ok
--
--
static
ok
--
192.168.1.100/24
ip
ok
ipmp0
--
ok
--
192.168.1.101/24
ok
ipmp0
--
ok
--
192.168.1.102/24
ipmp0/v4
p8001.net5
p8001.net5/ipv4 static
p8001.net6
ip
p8001.net6/ipv4 static