Documente Academic
Documente Profesional
Documente Cultură
Administration
Electronic Presentation
D72896GC40
Edition 4.0
September 2014
Author
Vijetha M Malkai
Disclaimer
Technical Contributors
and Reviewers
Muhammad Aseel Khan
This document contains proprietary information and is protected by copyright and other intellectual
property laws. You may copy and print this document solely for your own use in an Oracle training
course. The document may not be modified or altered in any way. Except where your use constitutes
"fair use" under copyright law, you may not use, share, download, upload, copy, print, display,
perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part
without the express authorization of Oracle.
Rajesh Rajasekharan
Gary Riseborough
David Maxwell
The information contained in this document is subject to change without notice. If you find any
problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway,
Redwood Shores, California 94065 USA. This document is not warranted to be error-free.
Restricted Rights Notice
Editors
Vijayalakshmi Narasimhan
Smita Kommini
Graphic Designers
Maheshwari Krishnamurthy
James Hans
If this documentation is delivered to the United States Government or anyone using the
documentation on behalf of the United States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS
The U.S. Governments rights to use, modify, reproduce, release, perform, display, or disclose these
training materials are restricted by the terms of the applicable Oracle license agreement and/or the
applicable U.S. Government contract.
Trademark Notice
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be
trademarks of their respective owners.
Publishers
Nita Brozowski
Syed Imtiaz Ali
Introduction
Overview
1-2
Course goals
Course agenda
Introductions
Your learning center
Your lab environment
Course Goals
The goals of this course are to:
Enable you to perform basic Oracle Solaris 11 system
administration tasks successfully and efficiently
Present tasks that cover the full spectrum of system
administrative responsibilities:
1-3
OS installation
Package management
Network, data storage, zones, and user administration
Services and process management
Lesson 1: Introduction
Lesson 2: Installing the Oracle Solaris 11 Operating
System
Lesson 3: Managing Boot and Shutdown of a System
Lesson 4: Administering Services by Using SMF
1-4
1-5
1-6
1-7
1-8
Introductions
1-9
Name
Company affiliation
Title, function, and job responsibility
Experience related to the topics presented in this course
Reasons for enrolling in this course
Expectations for this course
Logistics
Restrooms
Break rooms and designated smoking areas
1 - 10
1 - 11
Objectives
After completing this lesson, you should be able to:
Describe Oracle Solaris 11 OS
Implement a plan for an Oracle Solaris 11 OS installation
Install the Oracle Solaris 11 OS by using the Live Media
installer
Install the Oracle Solaris 11 OS by using the text installer
Verify the installed OS
2-2
Workflow Orientation
Introduction
Processes
Installation
Users
Security
Services
Zones
Packages
Network
2-3
Storage
Lesson Agenda
2-4
2-5
2-6
2-7
Simplified administration
Built-in virtualization
Scalable data management
Advanced protection
Zero-to-complete cloud in minutes with Oracle Solaris and
OpenStack
Greater flexibility with independent and isolated Kernel Zones
virtualization
Fast and agile application provisioning with Unified Archives
Conformation with service-level agreements by using
application-driven software-defined networking
Risk reduction with comprehensive compliance checking and
reporting
Copyright 2014, Oracle and/or its affiliates. All rights reserved.
SPARC
M6-32
M5-32
T-Series
x86
X86 (64-bit
processor)
Virtualization
OS Virtualization
Dynamic Domains,
Logical Domains
Oracle VM for SPARC
Oracle Solaris Zones
formerly known as LDoms
Oracle VM for x86
2-9
2 - 10
Lesson Agenda
2 - 12
2 - 13
Methods of Installing
Oracle Solaris 11 Operating System
Interactive
Live Media
SPARC
Automated
Text Installer
Automated
Installer (AI)
x86
Single system
Multiple-client
systems
2 - 14
Live Media
Text Installer
Packages
Installs desktop-based
packages
Network
configuration
root user
Memory
2 - 16
Installation Process
1
Request
2
Installation
2 - 18
Installer
Package Group
Live Media
solaris-desktop
Memory
Recommended
Minimum Disk
Space
13 GB
2 GB
Text installer
2 - 19
solaris-large-server
9 GB
The Live Media ISO image installer is only for 64-bit x86
platforms.
For SPARC-based systems, use the Text or Automated
Installer.
Interactive installers can perform an initial installation on:
The whole disk
The Oracle Solaris x86 partition
The SPARC slice (text installer)
2 - 20
2 - 21
Lesson Agenda
2 - 22
2 - 23
2 - 24
2 - 25
2 - 26
Welcome Screen
2 - 27
Disk Discovery
2 - 28
Selecting a Disk
2 - 29
2 - 30
2 - 31
Support Registration
2 - 32
2 - 33
2 - 35
2 - 36
2 - 37
2 - 38
2 - 39
Login Screen
2 - 40
2 - 41
Lesson Agenda
2 - 42
2 - 43
2 - 44
2 - 45
2 - 46
Selecting a Disk
2 - 47
2 - 48
2 - 49
Selecting a Network
2 - 50
2 - 51
2 - 52
2 - 53
2 - 54
2 - 55
2 - 56
2 - 57
2 - 58
2 - 59
2 - 60
2 - 61
2 - 62
2 - 63
2 - 64
2 - 65
2 - 66
2 - 67
2 - 68
Login Screen
2 - 69
2 - 70
Lesson Agenda
2 - 71
2 - 72
Text Installation
solaris-text console login:
2 - 73
Text Installation
Password:
Oracle Corporation SunOS 5.11
oracle@solaris-text:~$
2 - 74
11.2
June 2014
2 - 75
2 - 76
2 - 77
2 - 78
2 - 79
Note: The host name should match the computer name that
you provided during installation.
To display the host ID, use the hostid command.
$ hostid
00809442
2 - 80
2 - 81
2 - 82
2 - 83
2 - 84
select a disk
select (define) a disk type
select (define) a partition table
describe the current disk
format and analyze the disk
run the fdisk program
repair a defective sector
write label to the disk
surface analysis
defect list management
search for backup labels
read and display labels
save new disk/partition definitions
show vendor, product and revision
set 8-character volume name
execute <cmd>, then return
page>
2 - 85
Flag
wm
wm
wm
wm
wm
wm
wm
wm
FIRST Sector
256
524544
0
0
0
0
0
3353801
Size
256.00MB
15.74GB
0
0
0
0
0
8.0MB
Last Sector
524543
33538014
0
0
0
0
0
33554398
2 - 86
2 - 87
2 - 88
2 - 89
STATE
ok
ok
ok
ok
ADDR
127.0.0.1/8
10.0.2.15/24
::1/128
fe80::a00:27ff:fe4c:d1cb/10
Baseline System
Information Commands: Summary
System Information
Command
Host name
hostname
Host ID
hostid
uname -a
cat /etc/release
Disk configuration
format
Installed memory
df -h
svcs network/physical
ipadm show-addr
2 - 90
Quiz
The Oracle Device Detection Tool can be used to determine
whether:
a. The OS is installed correctly
b. There are errors on the internal or external hard disks
c. A device driver is available
2 - 91
Quiz
Live Media can be installed only on x86 (64-bit only) hardware.
a. True
b. False
2 - 92
Quiz
In the text installer, the root user _____________.
a. Is always configured as a role
b. Might or might not be configured as a role
c. Is never configured as a role
2 - 93
Quiz
The text installer is used for SPARC-based systems only.
a. True
b. False
2 - 94
2 - 95
Summary
In this lesson, you should have learned how to:
Describe the Oracle Solaris 11 OS
Implement a plan for an Oracle Solaris 11 OS installation
Install the Oracle Solaris 11 OS by using the Live Media
installer
Install the Oracle Solaris 11 OS by using the text installer
Verify the installed OS
2 - 96
Objectives
After completing this lesson, you should be able to:
Analyze the boot design and boot process
Boot a SPARC-based system
Boot an x86-based system
Shut down a system
3-2
Workflow Orientation
Introduction
Processes
Installation
Users
Security
Services
Zones
Packages
Network
3-3
Storage
Lesson Agenda
3-4
3-5
3-6
3-8
System
Configuration
Information
Power-On
Self-Test
(POST)
Ethernet
Address
Built-in
Device Drivers
Configuration
Information
Command-Line
Interface
Host ID
EEPROM
Parameters
Default
Parameters
Binary Machine
Instructions
3-9
SPARC CPU
3 - 12
GRUB
GRUB 2
3 - 13
Boot Process
Boot Loader Phase
Booter Phase
Ramdisk Phase
Kernel Phase
init Phase
svc.startd Phase
3 - 15
3 - 17
3 - 18
Fast Reboot
3 - 19
SMF Milestones
init State
milestone/single-user:default
milestone/multi-user:default
milestone/multi-user-server:default
3 - 21
Quiz
Which SMF service helps in implementing the Fast Reboot
feature?
a. svc:/system/boot-update:default
b. svc:/system/boot-archive:default
c. svc:/system/boot-archive-update:default
d. svc:/system/boot-config:default
e. svc:/system/boot-config-update:default
3 - 22
Quiz
In which phase of the boot process is the OS initialized and a
minimal root file system mounted on the RAM disk that was
constructed from the boot archive?
a. Kernel phase
b. Boot loader phase
c. svc.startd phase
d.
e.
f.
3 - 23
Booter phase
Ramdisk phase
init phase
Lesson Agenda
3 - 24
3 - 25
3 - 26
ok boot -m milestone=single-user
# who -r
. run-level S Nov 11 10:15 S 0 S
#
3 - 27
3 - 28
Description
banner
setenv
reset-all
sifting probe
probe-device
devalias
printenv
eeprom
3 - 29
3 - 30
Lesson Agenda
3 - 31
3 - 32
3 - 33
3 - 34
# init 6
3 - 35
Description
list-menu
generate-menu
set-menu
add-entry
change-entry
install-bootloader
remove-entry
3 - 36
3 - 37
Lesson Agenda
3 - 38
3 - 39
console
pts/0
pts/1
Nov 11 07:30
Nov 11 07:35 (starlite)
Nov 11 07:40 (bluemidget)
ok >
s or S (single-user milestone)
3 (multiuser-server milestone)
3 - 42
Please wait.
3 - 44
Please wait.
3 - 45
Summary
In this lesson, you should have learned how to:
Analyze the boot design and boot process
Boot a SPARC-based system
Boot an x86-based system
Shut down a system
3 - 46
Objectives
After completing this lesson, you should be able to:
Explain the SMF feature and its components
Administer SMF services
Manage SMF services by using the graphical user
interface
4-2
Workflow Orientation
Introduction
Processes
Installation
Users
Services
Security
Zones
Packages
Network
4-3
Storage
Lesson Agenda
4-4
4-5
4-6
SMF Capabilities
Booting faster
Restarting failed services
Inspecting services
Managing services
Configuring services
Auditing service changes
Securely delegating tasks
Creating new services
Debugging service problems
Configuring failure notification
Converting inetd.conf configurations to SMF services
4-7
SMF Service
4-9
Service Instance
Example FMRI:
svc:/system/filesystem/root:default
where:
The prefix svc indicates that this service is managed by SMF
The highest category of the service points to the system
facilities (system)
Within system, the next level category is filesystem
The next lower category is root, which points to the root file
system
The service name is system/filesystem/root:default
An instance of the service is default
4 - 10
Service Models
SMF services are one of the following three models:
SMF Model
Description
Transient service
The service performs some task, and then exits without starting any long
running processes.
The service is restarted whenever its child process exits cleanly. A child
process that exits cleanly is not treated as an error.
Contract or daemon
service
4 - 11
Service States
A service instance can have different states, as listed in the
following table:
Service State
Description
online
offline
offline*
disabled
legacy_run
Running. The service is not directly managed by SMF, but it was started at
some point.
uninitialized
Starting up. This state is the initial state for all services before their
configuration has been read.
maintenance
degraded
4 - 12
4 - 13
System
Boots
4 - 14
svc.startd
Daemon
svc.startd
Daemon
Quiz
What is the service category in the
svc:/network/ssh:default service FMRI?
a. svc
b. network
c. ssh
d. default
4 - 15
Quiz
Which of the following daemons is responsible for starting
services?
a. svc.startd
b. /etc/init
c. svc.configd
4 - 16
Quiz
If a service instance is in the state of starting, which of the
following states will it be identified with?
a. uninitialized
b. online
c. offline
d. offline*
4 - 17
Lesson Agenda
4 - 18
To list all the services defined in the system, run the svcs -a
command.
# svcs -a
STATE
STIME
legacy_run
1:25:08
legacy.run
1:25:08
legacy_run
1:25:08
disabled
1:23:38
<output omitted>
4 - 20
FMRI
lrc:/etc/rc2_d/S47pppd
lrc:/etc/rc2_d/S81dodatadm_udaplt
lrc:/etc/rc2_d/S89PRESERVE
svc:/system/device/mpxio-upgrade:default
4 - 21
4 - 22
4 - 23
Disabling a Service
1. Use the svcs -D FMRI command to check the dependents
of the service that you want to disable.
2. Use the svcadm disable FMRI command to disable the
service:
# svcadm disable svc:/network/ssh:default
4 - 24
Enabling a Service
1. Use the svcs -l FMRI | grep online command to
determine whether service dependencies are satisfied.
2. Use the svcadm enable FMRI command to enable the
service:
# svcadm enable svc:/network/ssh:default
4 - 26
4 - 28
4 - 29
4 - 31
to-uninitialized
to-disabled
from-uninitialized
from-disabled
to-maintenance
to-online
from-maintenance
from-online
to-offline
to-degraded
from-offline
from-degraded
4 - 32
4 - 33
To configure notifications for a single service, run the svccfg s FMRI setnotify from-online
mailto:root@localhost command.
4 - 34
4 - 35
4 - 36
4 - 37
Quiz
Which of the following commands would you use to determine
why a service is in maintenance state?
a. svcadm
b. svccfg
c. svcs
4 - 38
Lesson Agenda
4 - 39
4 - 40
4 - 41
4 - 42
4 - 43
4 - 44
4 - 45
Summary
In this lesson, you should have learned how to:
Describe the SMF feature and its components
Administer SMF services
Manage SMF services by using the graphical user
interface
4 - 46
Objectives
After completing this lesson, you should be able to:
Describe IPS, its components, and interfaces
Configure an IPS client to access the local IPS repository
Manage package publishers
Manage software packages
Manage signed packages and package properties
5-2
Workflow Orientation
Introduction
Processes
Installation
Users
Services
Security
Packages
Zones
Network
5-3
Storage
Lesson Agenda
5-4
Oracles
Default
Repository
Local
Repository
Server
Client
CLI: pkg (1)
Desktop: Package Manager
Update Manager
5-5
Introducing IPS
Oracle Network
Repositories
Firewall
Mirrored Network
Repository
Operating System
Live Production
Environment
Cloned Production
Environment
Oracle Solaris
Image Packaging System
5-6
Server
Client
5-8
Original
Repository
Mirror
Repository
Catalog
Repository
Package
Payload
CLI pkg(1)
Desktop Package Manager
Web Browser
5 - 11
Package Manager
5 - 12
Package Manager
5 - 13
Update Manager
5 - 14
Update Manager
5 - 15
Update Manager
5 - 16
5 - 17
Lesson Agenda
5 - 18
5 - 19
5 - 20
s11-server1.mydomain.com
192.168.0.100
# ping s11-server1
s11-server1 is alive
5 - 21
STATUS P LOCATION
online F http://pkg.oracle.com/solaris/release
5 - 22
STATUS P LOCATION
online F http://s11-server1.mydomain.com/
5 - 23
5 - 24
Lesson Agenda
5 - 25
5 - 26
# pkg publisher -P
PUBLISHER
solaris
TYPE
origin
STATUS
online
P LOCATION
F http://s11-server1.mydomain.com/
5 - 27
STATUS
online
online
P LOCATION
F http://s11-server1.mydomain.com
F http://pkg.example.com/release
5 - 28
TYPE
origin
origin
STATUS
online
online
P LOCATION
F http://pkg.example.com/release
F http://s11-server1.mydomain.com
5 - 29
To move a publisher lower in the search order, run pkg setpublisher --search-after publisher_name
publisher_name.
# pkg set-publisher --search-after example1.com example2.com
5 - 30
5 - 31
5 - 32
Quiz
You want to set mypublisher.com as the highest-ranked
publisher for your local IPS repository. Which command would
you use to execute this task?
a. pkg publisher -P mypublisher.com
b. pkg publisher -n mypublisher.com
c. pkg set-publisher -P mypublisher.com
d. pkg set-publisher -e mypublisher.com
5 - 33
Quiz
You have three publishers listed in the following order:
mypublisher.com (the highest-ranked publisher), solaris,
and whoisit. For search order purposes, you want to move
the whoisit publisher before the solaris publisher. Which
command would you use to execute this task?
a. pkg set-publisher --search-before solaris
whoisit
b. pkg set-publisher --search-after solaris
whoisit
c. pkg set-publisher --search-before whoisit
solaris
5 - 34
Lesson Agenda
5 - 35
5 - 36
5 - 37
VERSION
0.5.11-0.175.2.0.0.42.0
IFO
i--
5 - 39
5 - 40
5 - 41
1
31.96 GB
19.83 MB
No
No
No
Changed packages:
solaris
developer/apptrace
None -> 0.5.11,5.11-0.175.2.0.0.42.2:20140624T183919Z
5 - 42
Installing Packages
IPS checks
manifest.
Administrator
requests
package.
IPS downloads
packages.
5 - 43
Installing a Package
To install a package, run pkg install pkg-fmri.
# pkg install apptrace
Packages to install:
Create boot environment:
Create backup boot environment:
DOWNLOAD
Completed
PKGS
1/1
FILES
10/10
PHASE
Install new actions
Updating package state database
Updating package cache
Updating image state
Creating fast lookup database
Updating package cache
5 - 44
1
No
No
XFER (MB) SPEED
0.1/0.1
31.6k/s
ITEMS
29/29
Done
0/0
Done
Done
1/1
5 - 45
STATUS
OK
5 - 46
ACTION
dir
dir
file
set
set
VALUE
etc/bash
usr/share/bash
usr/bin/bash
bash
solaris/shell/bash
PACKAGE
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
Uninstalling a Package
To uninstall a package, run pkg uninstall pkg-fmri.
# pkg uninstall apptrace
Packages to remove:
Create boot environment:
Create backup boot environment:
PHASE
Removing
Updating
Updating
Updating
Creating
Updating
5 - 47
old actions
package state database
package cache
image state
fast lookup database
package cache
1
No
No
ACTIONS
25/25
Done
1/1
Done
Done
1/1
IPS Command
pkg list
pkg info
pkg contents
pkg update
pkg install
pkg verify
pkg search
Uninstall a package.
pkg uninstall
5 - 48
Managing Packages
by Using the Package Manager GUI
5 - 49
Managing Packages
by Using the Package Manager GUI
5 - 51
Managing Packages
by Using the Package Manager GUI
5 - 52
5 - 53
5 - 54
5 - 55
5 - 56
5 - 57
5 - 58
5 - 59
Uninstalling a Package
5 - 60
5 - 61
Lesson Agenda
5 - 62
Unsigned
5 - 63
Signed
5 - 64
Property
Description
trust-anchordirectory
5 - 65
5 - 67
pkg
pkg
pkg
pkg
Description
5 - 68
5 - 69
5 - 70
5 - 71
$ pkg history
START
2014-06-24T15:20:16
2014-06-24T15:20:16
2014-06-24T15:20:16
# pkg purge-history
5 - 72
OPERATION
set-property
images-create
add-publisher
CLIENT
transfer module
transfer module
transfer module
OUTCOME
Succeeded
Succeeded
Succeeded
Quiz
Which command enables you to configure your current image
to ensure that all manifests with signatures are validly signed?
a. # pkg set-property signature-policy verify
b. # pkg set-property signature-policy
require-names
c. # pkg set-property signature-policy
require-signature
5 - 73
Quiz
Which pkg subcommand or option of the set-publisher
subcommand is used to configure publisher properties for
signed packages?
a. set-property
b. set-publisher
c. set-publisher property
d. --set-publisher
e. --set-property
5 - 74
Summary
In this lesson, you should have learned how to:
Describe IPS, its components, and interfaces
Configure an IPS client to access the local IPS repository
Manage package publishers
Manage software packages
Manage signed packages and package properties
5 - 75
Objectives
After completing this lesson, you should be able to:
Explain the role of ZFS in data management
Administer ZFS storage pools
Administer ZFS file systems
Administer ZFS properties
Administer ZFS snapshots and clones
6-2
Workflow Orientation
Introduction
Processes
Installation
Users
Services
Security
Packages
Zones
Network
6-3
Storage
Lesson Agenda
6-4
Introducing ZFS
Administering ZFS Storage Pools
Administering ZFS File Systems
Administering ZFS Properties
Administering ZFS Snapshots and Clones
6-5
Introduction to ZFS
6-6
ZFS Terms
Term
Description
Checksum
Clone
A file system with contents that are identical to the contents of a ZFS
snapshot
Dataset
Resilvering
Scrub
A tool that validates and repairs the ZFS file system (including the
metadata) while the file system is online and mounted
Snapshot
zpool
6-8
6-9
6 - 10
6 - 11
6 - 13
Examples
On a SPARC-based system with 72-GB disk:
68 GB of usable space in slice 0
6 - 14
No administration required
Not changeable
6 - 16
Possible configurations:
Stand-alone (non-redundant)
Mirrored
RAID-Z
6 - 17
6 - 18
Data
Stripe
Stripe 3
Stripe 1
Stripe 2
Data
2
Mirror Device
36 GB
36 GB
36 GB
36 GB
36 GB
36 GB
Stand-alone Devices
6 - 19
Mirror Device
36 GB
36 GB
36 GB
Mirrored Devices
36 GB
RAID-Z Device
6 - 20
Data
Stripe 2
RAID-Z Device
Description
6 - 21
6 - 22
Description
root (/)
Is the top of the hierarchical file tree and contains directories and files
that are critical for system operation
/dev
/etc
/usr
Contains system files and directories that can be shared with other
users
/export/home or
/home
Is the mount point for user home directories, which store user work
files. By default, the /home directory is an automounted file system.
/var
Includes system files and directories that are likely to change or grow
over the life of the local system. These include system logs.
/opt
6 - 23
Managing Data
As part of learning how to manage data, you will learn about
implementing the following in the next section:
ZFS storage pool functionality
ZFS file system functionality
ZFS snapshot and clone functionality
6 - 24
Lesson Agenda
6 - 25
Introducing ZFS
Administering ZFS Storage Pools
Administering ZFS File Systems
Administering ZFS Properties
Administering ZFS Snapshots and Clones
Determining Your
ZFS Storage Pool Requirements
As part of data management, you should identify your storage
pool device requirements:
Disks that are at least 128 MB in size
Disks not in use by other parts of the operating system
Entire disks that are formatted as a single, large slice or
individual slices on a preformatted disk
6 - 26
6 - 27
6 - 28
6 - 29
Data is:
Dynamically striped across both mirrors
Redundant between each disk within a mirror
6 - 30
6 - 31
6 - 32
6 - 33
6 - 34
6 - 35
6 - 36
VALUE
85K
off
off
0%
0
1.00x
on
wait
15.9G
13211416720083688767
ONLINE
off
off
off
15.9G
35
SOURCE
default
default
default
default
default
default
default
default
default
default
default
6 - 37
VALUE
85K
off
off
0%
0
1.00x
on
wait
15.9G
13211416720083688767
ONLINE
off
off
off
15.9G
35
SOURCE
default
default
default
default
default
default
default
default
default
default
default
6 - 38
VALUE
85K
off
off
0%
0
1.00x
on
wait
15.9G
13211416720083688767
ONLINE
off
off
off
15.9G
35
SOURCE
default
default
default
default
default
default
default
default
default
default
default
6 - 39
ALLOC
22.3G
384G
FREE
47.7G
816G
CAP
28%
32%
DEDUP
1.00x
1.00x
HEALTH
ONLINE
ONLINE
ALTROOT
-
6 - 40
6 - 41
6 - 42
capacity
alloc free
----- ----100G
20.0G
12.3G 67.7G
----- -----
operations
read
write
----- ----1.2M
102K
132K
15.2K
----- -----
bandwidth
read
write
----- ----1.2M
3.45K
32.1K 1.20K
----- -----
6 - 43
6 - 44
operations
read
write
----- ----0
22
0
22
1
295
1
299
----- -----
bandwidth
read
write
----- ----0
6.00
0
6.00
11.2K
148
11.2K
148
----- -----
6 - 45
6 - 46
Description
DEGRADED
ONLINE
SUSPENDED
UNAVAIL
6 - 47
Description
ONLINE
DEGRADED
OFFLINE
REMOVED
UNAVAIL
6 - 48
State of Pool
Result
ONLINE
DEGRADED
UNAVAIL or
SUSPENDED
6 - 49
6 - 50
status hrpool
hrpool
ONLINE
none requested
NAME
hrpool
mirror-0
c1t3d0
c1t4d0
STATE
ONLINE
ONLINE
ONLINE
ONLINE
READ
0
0
0
0
WRITE
0
0
0
0
CKSUM
0
0
0
0
6 - 51
6 - 52
6 - 53
Quiz
What command is used to create a ZFS storage pool?
a. zpool start new pool
b. zpool storagepool
c. zpool create
d. zpool make
6 - 54
Quiz
After you have created a pool, you must manually create the
mount point for the pool.
a. True
b. False
6 - 55
Quiz
Which command is used to display all the property settings
within a pool?
a. zpool show all <poolname>
b. zpool get all <poolname>
c. zpool display all <poolname>
d. zpool set all <poolname>
6 - 56
Quiz
Which command is used to display basic pool usage
information?
a. zpool list
b. zpool iostat
c. zpool history
d. zpool status
6 - 57
Quiz
If a pool is in DEGRADED state, the data is completely
inaccessible.
a. True
b. False
6 - 58
6 - 59
Lesson Agenda
6 - 60
Introducing ZFS
Administering ZFS Storage Pools
Administering ZFS File Systems
Administering ZFS Properties
Administering ZFS Snapshots and Clones
Storage Pool
Financial
Marketing
Accounts
Receivable
Accounts
Payable
Documentation
Financial
Reports
(property=compressed)
6 - 61
The pool name and initial file system names identify the location
in the hierarchy where a new file system will be created.
The last name identifies the file system to be created.
6 - 63
6 - 64
6 - 65
Option Results
-f
-r
-R
6 - 67
6 - 68
6 - 69
6 - 70
USED
476K
18K
296K
277K
18K
AVAIL REFER
16.5G
21K
16.5G
18K
16.5G
19K
16.5G
277K
16.5G
18K
MOUNTPOINT
/pool
/pool/clone
/pool/home
/pool/home/data
/test
6 - 71
MOUNTPOINT
/pool/home/data
6 - 72
/hrpool
/hrpool/home
/hrpool/home/reports
6 - 73
6 - 74
Quiz
Which command is used to create a ZFS file system?
a. zfs make
b. zfs create
c. zpool create
d. zpool make
6 - 76
Quiz
Which option, when used with the zfs destroy command,
can destroy an active ZFS file system?
a. -a
b. -f
c. -r
d. -R
6 - 77
Quiz
When you relocate a file system through rename, the new
location must be within the same pool.
a. True
b. False
6 - 78
6 - 79
Lesson Agenda
6 - 80
Introducing ZFS
Administering ZFS Storage Pools
Administering ZFS File Systems
Administering ZFS Properties
Administering ZFS Snapshots and Clones
6 - 81
File systems
Volumes
Snapshots
Clones
User-defined
6 - 82
Read-only statistics
Can be retrieved but not set
Are not inherited
Settable
Can be both retrieved and set
Are inheritable (exceptions: quotas and reservations)
6 - 83
Type
Default
Value
Description
compression
String
off
mountpoint
String
N/A
quota
Number (or
none)
none
readonly
Boolean
off
sharenfs
String
off
6 - 84
6 - 85
6 - 86
VALUE
on
SOURCE
default
Definition
default
local
The property was explicitly set on the dataset by using the zfs set
command.
inherited from
dataset-name
temporary
This property value was set by using the zfs mount -o option, and is
valid only for the lifetime of the mount.
- (none)
6 - 87
6 - 88
VALUE
restricted
discard
on
15.6G
on
SOURCE
default
default
default
default
SOURCE
local
6 - 89
-o
Allows customization of output
Takes a comma-separated list of literal fields to display,
together with a separate list of properties
6 - 90
6 - 91
Source Value
Definition
default
local
6 - 92
# zfs list
NAME
USED
datapool
176K
datapool/software
65K
datapool/software/solaris
42K
datapool/software/solaris/ar 21K
AVAIL
1.95G
1.95G
1.95G
1.95G
6 - 93
REFER
23K
23K
21K
21K
VALUE
off
off
off
off
MOUNTPOINT
/export/share
/export/share/software
/export/share/software/solaris
/export/share/software/solaris/ar
SOURCE
default
default
default
default
6 - 94
SOURCE
default
default
local
inherited from datapool/software/solaris
6 - 95
SOURCE
default
default
default
default
Lesson Agenda
6 - 96
Introducing ZFS
Administering ZFS Storage Pools
Administering ZFS File Systems
Administering ZFS Properties
Administering ZFS Snapshots and Clones
6 - 97
ZFS Snapshots
6 - 98
6 - 99
REFER
29.5K
2.15M
1.89M
1.89M
2.15M
MOUNTPOINT
-
6 - 100
REFER
21K
280K
538K
MOUNTPOINT
-
6 - 101
6 - 102
6 - 103
6 - 104
AVAIL REFER
16.5G
22K
16.5G
22K
22K
16.5G 18K
18K
@2daysago
MOUNTPOINT
/users
/users/home
/users/home/jjones
-
AVAIL REFER
16.5G 22K
22K
16.5G 18K
18K
MOUNTPOINT
/users/home
/users/home/jjones
-
6 - 105
Is initialized to zero
Increases by one whenever a hold is put on the snapshot
Decreases by one whenever a hold is released
Must be at zero before the snapshot can be destroyed
Note: Each snapshot has its own tag namespace, and tags
must be unique within that space. keep is only a tag.
6 - 106
6 - 107
6 - 108
6 - 109
6 - 110
SOURCE
-
6 - 111
6 - 112
6 - 113
6 - 114
AVAIL
2.20G
2.20G
2.20G
2.20G
2.20G
2.20G
2.20G
2.22G
2.20G
2.20G
2.20G
2.20G
2.23G
USED
13.2G
4.49G
4.49G
354M
156K
63K
31K
792M
6.88G
6.77G
108M
108M
1.03G
USEDSNAP
0
0
70.2M
156M
0
0
0
0
0
0
0
0
0
USEDDS
4.97M
31K
4.08G
198M
93K
32K
31K
768M
34K
6.77G
32K
108M
1.00G
USEDREFRESERV
0
0
0
0
0
0
0
24.4M
0
0
0
0
32.5M
USEDCHILD
13.2G
4.49G
354M
0
63K
31K
0
0
6.88G
0
108M
0
0
6 - 115
Identifier
6 - 117
ZFS Clones
6 - 118
6 - 119
6 - 120
6 - 121
6 - 122
REFER
27.5K
288K
288K
288K
MOUNTPOINT
/hrpool/reviews
/hrpool/reviews/q4
/hrpool/reviews/q4sum
-
6 - 123
6 - 124
Quiz
You want to create a snapshot named thursday of the file
system /hrpool/home/smith. Which of the following
commands would you use to do this?
a. zfs snapshot thursday hrpool/home/smith
b. zfs snapshot hrpool/home/smith thursday
c. zfs snapshot hrpool/home/smith@thursday
d. zfs snapshot hrpool/home/smith_thursday
6 - 125
6 - 126
Summary
In this lesson, you should have learned how to:
Describe ZFS and its features
Administer ZFS storage pools
Administer ZFS file systems
Administer ZFS properties
Administer ZFS snapshots and clones
6 - 127
Objectives
After completing this lesson, you should be able to:
Explain some of the basic networking concepts
Administer a datalink configuration
Administer a network interface
Administer a profile-based network configuration
Configure a virtual network
Verify the network operations
Manage resources on the network
7-2
Workflow Orientation
Introduction
Processes
Installation
Users
Services
Security
Packages
Zones
Network
7-3
Storages
Lesson Agenda
7-4
7-5
OSI Layer
Equivalent
TCP/IP Layer
TCP/IP Protocol
Examples
5, 6, 7
Application, (7)
Presentation (6)
Session (5)
Application
telnet, ftp,
rlogin, DNS,
LDAP, and NFS
Transport
Transport
TCP
Network
Internet
IPv4, IPv6
Datalink (2)
Datalink
IEEE 802.2.
Ethernet (IEEE
802.3)
Physical
Physical Network
7-6
Destination System
Application X
Application Y
Encapsulation
Application
Layer
Transport Layer
TH
Internet Layer
Network
Interface Layer
Hardware Layer
IH
NH
Decapsulation
User Data
Message
or Stream
A-PDU
Segment
or Datagram
T-PDU
I-PDU
Datagram
NT Frame NH
TH
IH
User Data
Application
Layer
A-PDU
Transport Layer
Internet Layer
T-PDU
I-PDU
NT
Signal
Network
Interface Layer
Hardware Layer
Communication Path
Physical Transmission Medium
TH=Transport Header IH=Internet Header NH=Network Header NT=Network Trailer
7-9
Program
Naming/directory services
192.168.222.5.53428
net0/v4
192.168.222.5
net0
net0/v4a
192.168.222.6
vnic0/v4
192.168.222.7
vnic0
vnic1
net1
etherstub0
Datalink Layer
dladm show-link
net0
Physical VNICs
dladm show-phys
Hardware
7 - 10
ixgbe0
Etherstubs
dladm show-etherstub
nxge0
7 - 12
IP addresses
Netmask
Domain name
Name service
Default router
IPv4 Addressing
192.168.3.56/24
Network part
7 - 13
Host part
Network prefix
IPv6 Addressing
7 - 15
2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b
Site Prefix
Subnet ID
Interface ID
7 - 17
Receivers
7 - 18
Subnets:
Allow allocation of the host
address space to network
addresses
Are created by using a
netmask
Netmasks determine:
How many and which bits in
the host address space
represent the subnet number
How many and which bits
represent the host number
Subnet masks determine which bits
in the host address bytes are
applied to the subnet and host
addresses.
Internet
Subnet A
192.168.0.0
Subnet B
192.168.1.0
7 - 19
Oracle Solaris 11
Network Administration Commands
Command
Description
dladm
ipadm
netcfg
Used to manage various types of profiles, for example, NCPs and location profiles
netadm
Used to enable and disable profiles and display information about profiles and their
states
7 - 20
7 - 21
Quiz
Which layer of the TCP/IP protocol stack is responsible for
accepting and delivering packets for the network?
a. Datalink
b. Transport
c. Internet
d. Application
7 - 22
Quiz
The TCP/IP protocol supports only IPv4 addressing.
a. True
b. False
7 - 23
Quiz
This is an example of an IPv4 address: 192.168.3.56/24
a. True
b. False
7 - 24
Lesson Agenda
7 - 25
7 - 26
Interface
Datalink Layer
Link
Device Layer
Software
lo0
Device Instance
e1000g0
nxge
e1000g0
nxge
e1000g0
nxge3
nxge2
nxge1
nxge0
Hardware
7 - 27
NIC
e1000g
nxge
7 - 28
STATE
up
up
up
unknown
SPEED
1000
1000
1000
0
DUPLEX
full
full
full
unknown
DEVICE
e1000g1
e1000g2
e1000g0
e1000g3
7 - 29
MTU
1500
1500
1500
1500
STATE
up
up
up
unknown
OVER
-----
7 - 30
Quiz
Which utility is used to create virtual switches and VNICs?
a. lnkadm
b. dladm
c. vniccfg
d. dlcfg
7 - 31
Lesson Agenda
7 - 32
7 - 33
7 - 34
STATE
ok
ok
ok
ok
ACTIVE
yes
yes
yes
yes
OVER
-----
7 - 35
STATE
ok
ok
ok
ok
ok
ok
ADDR
127.0.0.1/8
192.168.0.100/24
192.168.0.201/24
192.168.0.202/24
::1/128
fe80::a00:27ff:fe68:6f2d/10
Configuring a Physical
Network Interface Manually: Example
# svcs network/physical
STATE
STIME
FMRI
online
9:34:40 svc:/network/physical:default
# ipadm create-ip net0
# ipadm create-addr -T static -a 192.168.0.100/24 net0/v4add1
# ipadm show-if
IFNAME
CLASS
STATE
ACTIVE OVER
lo0
loopback ok
yes
-net0
ip
ok
yes
-# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
net0/v4add1
static
ok
192.168.0.100/24
lo0/v6
static
ok
::1/128
7 - 38
7 - 39
STATE
ok
ok
ok
ok
down
ok
disabled
ADDR
127.0.0.1/8
192.168.0.100/24
192.168.0.201/24
192.168.0.202/24
192.168.0.203/24
::1/128
::
7 - 40
STATE
ok
ok
ok
ok
ok
ok
disabled
ADDR
127.0.0.1/8
192.168.0.100/24
192.168.0.201/24
192.168.0.202/24
192.168.0.203/24
::1/128
fe80::a00:27ff:fe68:6f2d/10
7 - 41
Deleting a Physical
Network Interface Manually: Example
# ipadm
# ipadm
# ipadm
IFNAME
lo0
# ipadm
ADDROBJ
lo0/v4
lo0/v6
7 - 42
ipadm Command
ipadm show-if
ipadm show-addr
7 - 43
7 - 44
Lesson Agenda
7 - 45
7 - 46
7 - 49
7 - 50
Network virtualization
Virtual machines: Oracle VM Server for SPARC (formerly
Logical Domains) and Oracle VM VirtualBox
Oracle Solaris zones and stack instances
7 - 52
netcfg Command
netcfg Subcommand
Description
create
select object-type
Select the profiles that are available at the current scope level and move into that
objects scope.
walkprop
Walk each property associated with the current profile. For each property, the name
and current value are displayed, and a prompt is given to allow the user to change
the current value.
set prop-name=value1
Set the current (in-memory) value of the specified property. If the process is
performed in non-interactive mode, the change is also committed to persistent
storage.
list
List all profiles, property-value pairs, and resources that exist at the current or
specified scope.
verify
commit
end
End the current profile specification, and move to the next higher scope.
exit
Exit the netcfg session. The current profile is verified and committed before
ending.
destroy
7 - 54
netadm Command
netadm
Subcommand
Description
enable
Enable the specified profile. If the profile name is not unique, the profile type must be
specified to identify the profile that is to be enabled.
disable
Disable the specified profile. If the profile name is not unique, the profile type must be
specified to identify the profile that is to be disabled.
list
List all available profiles and their current state. If a profile is specified by name, list only
the current state of that profile.
show-events
Listen for a stream of events from the NWAM daemon and display them.
scan-wifi
select-wifi
Select a wireless network to connect to, from the scan results on link linkname. You may
be prompted for selection, WiFi key, and so forth, if necessary.
help
7 - 55
Description
svc:/network/loopback:default
svc:/network/netcfg:default
svc:/network/physical:default
svc:/network/location:default
7 - 56
7 - 57
7 - 58
7 - 59
netcfg:loc:office> list
loc:office
activation-mode
conditions
enabled
nameservices
nameservices-config-file
dns-nameservice-configsrc
dns-nameservice-domain
dns-nameservice-servers
netcfg:loc:office> verify
All properties verified
netcfg:loc:office> commit
Committed changes
netcfg:loc:office> end
netcfg> exit
7 - 60
conditional-all
"system-domain is mydomain.com
false
dns
"/etc/nsswitch.dns
manual
"mydomain.com
"192.168.0.100
Modifying Profiles
# netcfg
netcfg> select ncp my_profile
netcfg:ncp:my_profile> select ncu net1
netcfg:ncp:my_profile:ncu:net1> list
ncu:net1
type
link
class
phys
parent
my_profile
activation-mode
manual
enabled
true
netcfg:ncp:my_profile:ncu:net1> set activation-mode=prioritized
netcfg:ncp:my_profile:ncu:net1> list
ncu:net1
type
link
class
phys
parent
my_profile
activation-mode
prioritized
enabled
true
netcfg:ncp:my_profile:ncu:net1> commit
Committed changes
netcfg:ncp:my_profile:ncu:net1> end
netcfg:ncp:my_profile> exit
7 - 61
7 - 62
enable office
loc office
enable my_profile
ncp my_profile
7 - 63
7 - 64
STATE
disabled
disabled
online
online
online
online
offline
offline
offline
7 - 65
STATE
disabled
disabled
online
online
online
online
offline
offline
offline
AUXILIARY STATE
disabled by administrator
disabled by administrator
active
interface/link is up
interface/link is up
active
conditions for activation are unmet
conditions for activation are unmet
conditions for activation are unmet
7 - 66
7 - 67
7 - 68
Lesson Agenda
7 - 69
Network virtualization:
Is the process of combining hardware network resources
and software network resources
Provides efficient, controlled, and secure sharing of network
resources
Virtual networks:
External networks: Several local networks that are
administered by software as a single entity
Internal networks: One system that uses virtual machines
or zones that are configured over at least one pseudo
network interface
7 - 70
System
Zone 2
Zone 3
VNIC 2
VNIC 3
Virtual Switch
NIC
Switch
Internet
7 - 72
7 - 73
7 - 74
MTU
1500
1500
1500
1500
9000
STATE
up
up
up
up
unknown
OVER
------
7 - 75
7 - 76
SPEED
40000
40000
40000
MACADDRESS
2:8:20:70:d0:f8
2:8:20:80:65:0
2:8:20:1f:c5:bd
MACADDRTYPE
random
random
random
VID
0
0
0
System
VNIC 1
VNIC 2
Etherstub
7 - 77
Quiz
Which utility is used to create virtual switches and VNICs?
a. lnkadm
b. dladm
c. vniccfg
d. dlcfg
7 - 78
Quiz
A VNIC is a virtual network device with the same datalink
interface as a physical interface.
a. True
b. False
7 - 79
Quiz
In which order is a virtual network created?
a. Virtual switch, VNICs, zones
b. Zones, VNICs, virtual switch
c. VNICs, virtual switch, zones
7 - 80
Quiz
You have created an etherstub called stub2. You now want to
create vnic1 and attach it to stub2. Which set of commands
would you use to do this?
a. # dladm create-vnic1
b. # dladm create-vnic -l vnic1
c. # dladm create-vnic -l stub2 vnic0
d. # dladm create-vnic -l stub2 vnic1
7 - 81
7 - 82
Lesson Agenda
7 - 83
7 - 84
7 - 85
STATE
ok
ok
ok
ok
ok
ok
ok
ADDR
127.0.0.1/8
192.168.0.111/24
192.168.0.101/24
192.168.0.202/24
192.168.0.203/24
::1/128
fe80::a00:27ff:fe68:6f2d/10
7 - 87
STATE
ok
ok
ok
ok
ok
ACTIVE
yes
yes
yes
yes
yes
OVER
------
7 - 89
input
packets
2732
0
1
5
0
0
(Total)
output
errs packets errs
0
1364
0
0
0
0
0
2
0
0
1
0
0
0
0
0
0
0
colls
0
0
0
0
0
0
Mtu Net/Dest
8232 loopback
1500 server1
Address
localhost
server1
...
(output truncated)
7 - 90
7 - 91
Flags
----UH
U
Ref
--2
4
Use
---2817
14293
Interface
--------lo0
net0
7 - 92
Command
---------------/lib/inet/in.mpathd
/lib/inet/in.mpathd
/lib/inet/nwamd
/lib/inet/nwamd
/usr/sbin/cupsd -C
/usr/sbin/named
/usr/sbin/named
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/lib/inet/in.ndpd
/usr/sbin/in.routed
/sbin/dhcpagent
/sbin/dhcpagent
7 - 93
PROTO
UDP
UDP
INT
net0
net0
BYTES
39.0
28.0
7 - 94
5
PID
795
795
795
795
795
in:
PROTO SADDR
UDP
s11-server1.mydo
UDP
s11-desktop.mydo
UDP
s11-desktop.mydo
UDP
s11-desktop.mydo
UDP
s11-server1.mydo
34.0 bytes out: 23.0
SPORT
53
42857
59127
38509
53
DADDR
s11-desktop.mydo
s11-server1.mydo
s11-server1.mydo
s11-server1.mydo
s11-desktop.mydo
DPORT
42857
53
53
53
59127
BYTES
20.0
9.0
7.0
7.0
7.0
7 - 95
7 - 96
Quiz
Which command can you use to display your systems current
network interface configuration?
a. ipadm
b. ping
c. netstat -I
7 - 97
7 - 98
Lesson Agenda
7 - 99
7 - 100
7 - 102
7 - 103
7 - 104
7 - 105
phys
etherstub
phys
phys
phys
vnic
vnic
vnic
1500
9000
1500
1500
1500
9000
9000
9000
up
unknown
up
up
up
up
up
up
-----stub0
stub0
stub0
7 - 106
7 - 107
LPORT RADDR
80
--
RPORT DSFLD
---
7 - 108
7 - 109
7 - 110
show-flowprop
PROPERTY
maxbw
priority
hwflow
http1
PERM VALUE
rw
100
rw
medium
roff
DEFAULT
-medium
--
POSSIBLE
-low,medium,high
on,off
To view the priority property for a link, use dladm showlinkproperty -p priority vnic.
# dladm show-linkprop -p priority vnic1
LINK
PROPERTY
PERM VALUE
EFFECTIVE
vnic1
priority
rw
high
high
7 - 111
DEFAULT
medium
POSSIBLE
low,medium,high
Quiz
Which two properties do flows use to control resources?
1. speed and mtu
2. maxbw and priority
3. flowctrl and threshold
7 - 112
7 - 113
Summary
In this lesson, you should have learned how to:
Describe some of the basic networking concepts
Administer a datalink configuration
Administer a network interface
Administer a profile-based network configuration
Configure a virtual network
Verify the network operations
Manage resources on the network
7 - 114
Objectives
After completing this lesson, you should be able to:
Explain the fundamentals of Oracle Solaris zones
Configure an Oracle Solaris zone
Determine an Oracle Solaris zone configuration
8-2
Workflow Orientation
Introduction
Processes
Installation
Users
Services
Security
Zones
Packages
Network
8-3
Storage
Lesson Agenda
8-4
8-5
Server Virtualization
Dynamic Domains
Are available on Oracles Sun SPARC Enterprise M-Series
servers
Divide a single machine into multiple electrically isolated
partitions for efficient workload isolation
8-7
Desktop Virtualization
Oracle VM VirtualBox
Is an open-source solution that allows systems to run
multiple environments at the same time to get the most
flexibility and utilization
8-9
Integrated Solutions
Oracle Enterprise Manager provides a comprehensive
management solution for:
Managing virtual machines
Operating systems
Software
8 - 10
8 - 11
Network Services
(BIND 8.3, sendmail)
Network Services
(BIND 9.2, sendmail)
Core Services
(ypbind, automountd)
Core Services
(ypbind, inetd, rpcbind)
Core Services
(inetd, ldap_cachemgr)
zoneadmd
zcons
zcons
zoneadmd
bge1
Enterprise Services
(Oracle databases)
e1000g1
Web Services
(Apache 2.2.18)
bge0
Login Services
(OpenSSH sshd 3.4)
e1000g0
Web Services
(Apache 2.2.18, J2SE)
zcons
/opt/yt
zoneadmd
8 - 12
Remote Admin/monitoring
(SNMP, WBEM)
<>
Network Device (bge0)
Platform Administration
(syseventd, devfadm, ...)
Storage Complex
Application
Environment
Virtual
Platform
Host 2
Host 3
App 1
App 2
App 3
NIC Port
NIC Port
NIC Port
1 GB
1 GB
100 MB
AFTER CONSOLIDATION
Oracle Solaris
Oracle Solaris
Oracle Solaris
ZONE 1
ZONE 2
ZONE 3
VNIC
VNIC
VNIC
1 GB
300 MB
Physical NIC Port
10 GB
8 - 13
100 MB
8 - 14
Zone Types
8 - 15
Non-Global Zone
8 - 16
Non-Global Zone
Is the only zone that is aware of all device Is not aware of the existence of any other
file systems, and non-global zones along zones
with their configurations
Is the only zone from which a non-global
zone can be configured, installed,
managed, or uninstalled
8 - 17
Branded Zones
8 - 18
8 - 19
8 - 21
Quiz
Which type of zone is the default zone for a system?
a. Global zone
b. Non-global zone
c. Branded zone
8 - 22
Quiz
Zones are isolated from each other and from the rest of the
system.
a. True
b. False
8 - 23
Quiz
A shared-IP zone must share a network interface with at least
one other non-global zone.
a. True
b. False
8 - 24
Quiz
Non-global zones can communicate only over a virtual network.
a. True
b. False
8 - 25
Lesson Agenda
8 - 26
8 - 27
8 - 28
Zone 2
Zone 3
VNIC 1
VNIC 2
VNIC 3
Virtual Switch
8 - 29
Non-Global Zone
Configuration Process: Overview
Start
8 - 31
create
Undefined
Configured
delete
Installed
uninstall
uninstall
halt
attach failure
attach
Unavailable
storage unavailable, incompatible software
halt / shutdown
ready
reboot
Running
8 - 32
boot
Ready
8 - 34
To verify that the file system exists and that it has been
mounted, use the following command:
# zfs list rpool/zones
NAME
USED AVAIL
rpool/zones
31K 22.6G
8 - 35
REFER
31K
MOUNTPOINT
/zones
8 - 36
8 - 39
PATH
/
/zones/hrzone
/zones/itzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
8 - 40
-iv
STATUS
running
installed
installed
PATH
/
/zones/hrzone
/zones/itzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
8 - 42
PATH
/
/zones/hrzone
/zones/itzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
Logging In to a Zone
To log in to a zone, use zlogin followed by the zone name.
# zlogin -C hrzone
[Connected to zone hrzone console]
8 - 43
8 - 44
8 - 45
11.2
June 2014
ADDR
127.0.0.1/8
192.168.1.100/24
::1/128
fe80::8:20ff:fe43:7986/10
8 - 46
Halting a Zone
To halt a zone, run zoneadm -z <zone_name> halt.
global# zoneadm -z hrzone halt
8 - 47
PATH
/
/zones/itzone
/zones/hrzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
8 - 48
# zoneadm list -p
0:global:running:/::solaris:shared:-:none
1:hrzone:running:/zones/hrzone:<UUID>:solaris:excl:R:strict
2:itzone:running:/zones/itzone:<UUID>:solaris:excl:R:fixed-configuration
3:userszone:running:/zones/userszone:<UUID>:solaris:shared:R:flexibleconfiguration
8 - 49
8 - 51
-w
8 - 52
Quiz
The privileges of a zone administrator are confined to a nonglobal zone.
a. True
b. False
8 - 53
Quiz
After you have run the zonecfg -z zonename command,
which command would you use to start the configuration of a
new zone?
a. add zone
b. begin
c. create
d. start
8 - 54
Quiz
To use VNICs, as which IP type must a zone be configured?
a. Shared-IP
b. Exclusive-IP
c. Either shared or exclusive
8 - 55
Quiz
You have created the configuration for a new zone. What is the
next step?
a. Boot the new zone.
b. Commit the configuration.
c. Exit the configuration.
d. Verify the configuration.
8 - 56
Quiz
Which command is used to perform a clean shutdown of a
zone?
a. exit
b. zoneadm -z zonename shutdown
c. zoneadm -z zonename halt
d. ~.
8 - 57
8 - 58
Lesson Agenda
8 - 59
8 - 60
8 - 61
PATH
/
/zones/itzone
/zones/hrzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
8 - 62
8 - 63
8 - 64
TYPE
static
static
static
static
static
static
addrconf
STATE
ok
ok
ok
ok
ok
ok
ok
ADDR
127.0.0.1/8
127.0.0.1/8
192.168.0.100/24
192.168.0.10/24
::1/128
::1/128
fe80::a00:27ff:fe68:6f2d/10
8 - 65
Determining a Zones
Kernel File System Statistics
# fsstat -z
new name
file remov
93
82
248
237
12.0K 1.90K
12.0K 1.90K
# fsstat -A
new name
file remov
360K 1.79K
359K 1.48K
93
82
248
237
60.0K 41.9K
49.4K 38.1K
5.28K 1.90K
5.25K 1.90K
8 - 67
Quiz
If you want to see additional information about all configured,
running, and installed zones on a system, which command
would you use?
a. zoneadm list
b. zoneadm list -c
c. zoneadm list -civ
8 - 68
Quiz
Which command would you use to display configuration
information about a zone named myzone?
a. zoneadm myzone status
b. zoneadm myzone info
c. zonecfg -z myzone info
d. zonecfg -z myzone verify
8 - 69
8 - 70
Summary
In this lesson, you should have learned how to:
Explain the fundamentals of Oracle Solaris zones
Configure an Oracle Solaris zone
Determine an Oracle Solaris zone configuration
8 - 71
Objectives
After completing this lesson, you should be able to:
Establish system and file access control
Control access to systems
Control access to files
Secure access to a remote host
9-2
Workflow Orientation
Introduction
Processes
Installation
Users
Security
Services
Packages
Zones
Network
9-3
Storage
9-4
9-5
Lesson Agenda
9-6
9-7
9-8
9-9
/etc/security/crypt.conf File
#
#ident
"%Z%%M%
%I%
%E% SMI"
#
# The algorithm name __unix__ is reserved.
1
2a
md5
5
6
crypt_bsdmd5.so.1
crypt_bsdbf.so.1
crypt_sunmd5.so.1
crypt_sha256.so.1
crypt_sha512.so.1
Identifier
Description
MD5 algorithm
2a
Blowfish algorithm
md5
SHA256 algorithm
SHA512 algorithm
_unix_
9 - 10
9 - 11
9 - 12
9 - 13
itadmin
110
/export/home/jjones
/usr/bin/bash
PS 010170 -1 -1 -1
joe jones
1016
1009
501
staff
staff
other
10
10
1
olin mai
maddy hatter
terry bone
9 - 15
9 - 16
9 - 17
2013
2013
2013
2013
2013
9 - 18
SYSLOG=YES
SYSLOG_FAILED_LOGINS=0
# touch /var/adm/authlog
# chmod 600 /var/adm/authlog
# chgrp sys /var/adm/authlog
# vi /etc/syslog.conf
# grep auth.notice /etc/syslog.conf
*.err;kern.notice;auth.notice
/dev/sysmsg
auth.notice
/var/adm/authlog
#auth.notice
ifdef(`LOGHOST', /var/log/authlog, @loghost)
# svcadm refresh system/system-log
<Test the entry by attempting to log in as user using an incorrect
password>
# cat /var/adm/authlog
Dec 2 16:57:27 client1 su: [ID 810491 auth.crit] 'su jdoe' failed for
oracle on /dev/pts/1
9 - 20
9 - 21
9 - 22
9 - 23
9 - 24
jjones-root
jjones-root
root-omai
jdoe-root
jdoe-root
Quiz
In which file can you specify the password algorithms
configuration?
a. /etc/passwd
b. /etc/shadow
c. /etc/security/crypt.conf
d. /etc/security/policy.conf
9 - 25
9 - 26
Lesson Agenda
9 - 27
Description
ls
chown
chgrp
chmod
9 - 28
File Types
Symbol
Description
Directory
Symbolic link
Socket
Door
Named pipe
- (minus sign)
9 - 29
9 - 30
Read
Write
Execute
Denied
Description
File
Directory
File
Directory
File
Directory
File and
Directory
Interpretation
-rwx------
This file has read, write, and execute permissions set only for the
file owner. Permissions for the class group and other are denied.
dr-xr-x---
This directory has read and execute permissions set only for
the directory owner and the group.
-rwxr-xr-x
This file has read, write, and execute permissions set for the file
owner. Read and execute permissions are set for
the class group and other.
9 - 31
9 - 32
9 - 34
Function
Description
who
User (owner)
who
Group
who
Others
who
All
operator
Assign
operator
Add
operator
Remove
permissions
Read
permissions
Write
permissions
Execute
permissions
permissions
permissions
9 - 35
Permissions Description
---
No permissions
--x
-w-
-wx
r--
r-x
rw-
rwx
9 - 36
Octal Value
Sticky bit
setgid
setuid
9 - 37
9 - 38
4
33
1
1
root
root
root
root
bin
sys
bin
root
454
45
12772
10
Oct
Oct
Oct
Oct
28
27
19
27
05:10
10:00
20:55
10:00
.
..
autopush*
accept -> cupsaccept
9 - 39
root
10
Oct 27
9 - 40
staff
staff
9 - 41
9 - 42
9 - 43
9 - 44
9 - 46
9 - 47
Disabling Programs
from Using Executable Stacks
1. Save a copy of the /etc/system file.
2. Edit the /etc/system file and add the following system
directives:
set noexec_user_stack=1
set noexec_user_stack_log=0
3. Reboot the system by using init 6.
# vi /etc/system
# cat /etc/system
set noexec_user_stack=1
set noexec_user_stack_log=0
# init 6
9 - 49
Quiz
Which command enables you to change permissions on a file
that is owned by a group?
a. chown
b. chgrp
c. chmod
9 - 50
Quiz
The chmod command can be used only with the absolute
mode.
a. True
b. False
9 - 51
Quiz
Which permission gives the following?
This file has read, write, and execute permissions set for the file
owner. Read and execute permissions are set for the group
and other.
a. -rwx-----b. dr-xr-x--c. -rwxr-xr-x
9 - 52
Quiz
The special permission types setuid and setgid constitute a
risk.
a. True
b. False
9 - 53
9 - 54
Lesson Agenda
9 - 55
Description
Secure RPC
Pluggable Authentication
Module (PAM)
Secure Shell
Kerberos service
9 - 56
Secure Shell
9 - 58
Secure Shell
With Secure Shell, you can:
Log in to another host securely over an unsecured network
Copy files securely between the two hosts
Run commands securely on the remote host
Login
SSH
Client
SSH
Server
OK
9 - 59
Server
9 - 60
Description
SSH Transfer
Protocol
SSH Authentication
Protocol
Is used to verify the identity of the user that runs the ssh
client. This protocol uses the established transfer protocol.
SSH Channel
Protocol
9 - 61
Description
GSS-API
Host-based
authentication
Public key
authentication
Password
authentication
9 - 62
Host-Based Authentication
Authentication
Method
(Protocol
Version)
Host-based (v2)
User account
Local host private and public key in
the /etc/ssh directory
ssh_host_rsa_key
ssh_host_rsa1_key
ssh_host_dsa_key
HostbasedAuthentication yes in
the /etc/ssh/sshd_config
directory
Private key in ~/.ssh/id_rsa or
~/.ssh/id_dsa
User account
Local host public key in the /etc/ssh
directory
HostbasedAuthentication yes in
/etc/ssh/sshd_config
9 - 63
Client1 entry in
/etc/ssh/shosts.equiv,
/etc/hosts.equiv, ~/.rhosts, or
~/.shosts
Client1 host name in
/etc/ssh/ssh_known_hosts or
~/.ssh/known_hosts
IgnoreRhosts no in
/etc/ssh/sshd_config
9 - 64
or
# svcadm restart ssh
9 - 65
9 - 66
Client side
# grep jjones /etc/passwd
jjones:x:1003:110:joe jones:/export/home/jjones:/usr/bin/bash
9 - 67
9 - 68
9 - 69
9 - 70
00:00
9 - 72
9 - 73
9 - 74
9 - 75
9 - 76
9 - 77
jjones@server1:~$ ssh-add -X
Enter lock password: <password>
Agent unlocked.
jjones@server1:~$ ssh client1
Last login: Tue Jul 29 08:27:36 2014 from server1
Oracle Corporation
SunOS 5.11
11.2
Connection to client1 closed.
9 - 78
June 2014
Quiz
Secure Shell is an authentication service that _______.
a. Enables a user to securely access a remote host over an
unsecure network
b. Provides authentication and security services to network
protocols
c. Protects NFS mounts and a naming service
9 - 79
Quiz
If you do not want to type your passphrase and your password
to use Secure Shell, which of the following should you use?
a. ssh-add
b. ssh-agent
c. ssh-keygen
9 - 80
9 - 81
Summary
In this lesson, you should have learned how to:
Establish system and file access control
Control access to systems
Control access to files
Secure access to remote host
9 - 82
Objectives
After completing this lesson, you should be able to:
Get started with user administration
Set up user accounts
Manage user accounts
Manage user initialization files
Configure user disk quotas
Use shell metacharacters
10 - 2
Workflow Orientation
Introduction
Processes
Installation
Users
Services
Security
Packages
Zones
Network
10 - 3
Storage
Lesson Agenda
10 - 4
10 - 5
Description
User
Group
Role
A special account that can be assigned to one or more users and that
provides a set of functions and permissions that are specific to the
role
10 - 6
Description
Username
Password
Comment
10 - 8
Description
/etc/passwd
/etc/shadow
/etc/default/passwd
/etc/group
10 - 10
10 - 11
Description
loginID
UID
Contains the UID number that is used by the system to identify the user
GID
Contains the GID number that is used by the system to identify the users
primary group
comment
home_directory
login_shell
10 - 13
10 - 15
Description
loginID
password
lastchg
The number of days between January 1, 1970 and the last password modification date
min
max
The maximum number of days that the password is valid before the user is prompted to enter a new
password at login
warn
Number of days that the user is warned before the password expires
inactive
Number of inactive days allowed for the user before the users account is locked
expire
flag
10 - 16
10 - 20
Description
groupname
group-password
GID
username-list
10 - 22
10 - 23
Quiz
A user must belong to at least one group.
a. True
b. False
10 - 24
Quiz
Which file contains encrypted user passwords?
a. /etc/shadow
b. /etc/default/passwd
c. /etc/skel
10 - 25
Lesson Agenda
10 - 26
10 - 27
10 - 28
10 - 29
10 - 31
Adding a Group
To add a group, use groupadd -g GID groupname.
# groupadd -g 110 support
10 - 32
10 - 33
10 - 35
10 - 36
10 - 37
10 - 38
10 - 39
10 - 40
Quiz
/var/sadm/defadduser is the file that you use to add new
users.
a. True
b. False
10 - 42
Quiz
When you create a new user, which of the following files
receives user-related information?
a. /etc/skell
b. /etc/shaddow
c. /etc/group
d. /etc/password
10 - 43
Lesson Agenda
10 - 44
10 - 45
10 - 46
10 - 48
10 - 49
10 - 50
Command
useradd
usermod
Delete a user.
userdel
Add a group.
groupadd
Modify a group.
groupmod
Delete a group.
groupdel
10 - 51
10 - 52
Lesson Agenda
10 - 53
Path
Comments
Korn Shell
/usr/bin/ksh
C Shell and
enhanced C Shell
/usr/bin/csh and
/usr/bin/tcsh
POSIX-compliant
Shell
/usr/xpg4/bin/sh
POSIX-compliant shell
Z Shell
/usr/bin/zsh
Z Shell
10 - 54
10 - 56
Initialization Files
Oracle Solaris 11 provides two types of initialization files:
Site initialization files: Enable you to introduce new
functionality to the users work environment
User initialization files: Enable both you and the user to
customize the users work environment
10 - 58
10 - 59
10 - 60
10 - 61
10 - 62
10 - 64
10 - 65
Purpose
bash
/etc/profile
$HOME/.bash_profile
$HOME/.bash_login
$HOME/.profile
ksh93
10 - 66
/etc/profile
$HOME/.profile
$ENV
Shell
Initialization File
Templates
bash
/etc/skel/local.profile
$HOME/.profile
ksh93
/etc/skel/local.profile
$HOME/.profile
10 - 67
# cd /etc/skel
# ls
local.cshrc local.login
local.profile
# more local.profile
<header output omitted>
stty istrip
PATH=/usr/bin:/usr/sbin
export PATH
#
10 - 68
10 - 69
Quiz
Which of the following is an enhanced C shell?
a.
b.
c.
d.
10 - 70
/usr/bin/csh
/usr/bin/tcsh
/usr/bin/ksh
/usr/bin/bash
10 - 71
Lesson Agenda
10 - 72
10 - 73
To display the quota setting for a file system, use zfs get
followed by quota and the file system name.
# zfs get quota rpool/export/home/jjones
NAME
PROPERTY VALUE
rpool/export/home/jjones quota
10g
SOURCE
local
Note: The quota cannot be less than the current dataset usage.
10 - 74
To display the user quota setting for a file system, use zfs get
followed by userquota@<name> and the file system name.
# zfs get userquota@student1 students/compsci
NAME
PROPERTY
VALUE
students/compsci
userquota@student1 10g
10 - 75
SOURCE
local
10 - 76
userspace students/compsci
NAME
USED
User
jjones
7K
User
root
227M
User
student1 455M
QUOTA
10g
none
10g
10 - 77
SOURCE
local
10 - 78
Lesson Agenda
10 - 79
10 - 80
$ cd ~/dir1
$ pwd
/home/student/dir1/
$
10 - 81
10 - 82
To list all the files and directories that start with a specific
letter, followed by zero or more other characters, use ls
letter*.
$ cd
$ ls f*
feathers file.1 file.2 file.3 file4 fruit2
feathers_6 file1 file2 file3 fruit
$
10 - 83
To list all the files and directories that start with the string
dir and are followed by one other character, use ls
dir?.
$ ls dir?
dir1:
coffees fruit trees
dir2:
beans notes recipes
dir3:
cosmos moon planets space sun vegetables
dir5:
$
10 - 84
10 - 85
Quiz
If you want to change to your home directory, which of the
following characters helps you do that?
a. Tilde (~) character
b. Dot (.) character
c. Asterisk (*) character
d. Dash (-) character
10 - 86
10 - 87
Summary
In this lesson, you should have learned how to:
Get started with user administration
Set up user accounts
Manage user accounts
Manage user initialization files
Configure user disk quotas
Use shell metacharacters
10 - 88
Objectives
After completing this lesson, you should be able to:
Explain system processes management
Manage system processes
Schedule system administration tasks
11 - 2
Workflow Orientation
Introduction
Processes
Installation
Users
Services
Security
Packages
Zones
Network
11 - 3
Storage
Lesson Agenda
11 - 4
11 - 5
11 - 6
11 - 7
Disk I/O
Subsystem
11 - 8
Network
Subsystem
Memory
Subsystem
CPU
Subsystem
Description
run
sleep
zombie
stop
11 - 9
Description
ptree
ps
pgrep
prstat
pstop
prun
11 - 10
Signal Number
Signal Name
Event
Default Action
SIGHUP
Hangup
Exit
SIGINT
Interrupt
Exit
SIGKILL
Kill
Exit
15
SIGTERM
Terminate
Exit
11 - 11
11 - 13
STIME TTY
Jul 31 ?
TIME CMD
0:01 gnome-panel
# ptree 1345
1032
/usr/sbin/gdm-binary
1046
/usr/lib/gdm-simple-slave --display-id /org/gnome/DisplayManager/Displa
1258
/usr/lib/gdm-session-worker
1280
gnome-session
1345
gnome-panel
11 - 14
11 - 15
TTY
pts/4
pts/4
pts/4
TIME
0:00
0:00
0:00
CMD
bash
su
ps
11 - 17
PPID
0
0
0
0
C
0
0
0
0
STIME
06:50:42
06:50:40
06:50:40
06:50:43
TTY
?
?
?
?
TIME
0:02
0:02
0:02
0:00
CMD
sched
zpool-rpool
kmem_task
usr/sbin/init
11 - 18
11 - 19
11 - 21
11 - 22
11 - 23
Killing a Process
1. Obtain the process ID of the process that you want to
terminate by using pgrep process.
2. Terminate the process by using kill [-signal] pid
or pkill [-signal] process.
3. Verify that the process has been terminated by using
pgrep pid or pgrep process.
$ pgrep -l mail
215 sendmail
470 dtmail
$ pkill dtmail
$ pgrep -l mail
215 sendmail
$
11 - 24
Description
ps
pgrep
prstat
kill, pkill
Terminates a process
11 - 25
Quiz
What state is a parent process in when it is waiting for an event
to complete?
a. run
b. sleep
c. zombie
d. stop
11 - 26
Quiz
When used with kill or pkill, which signal terminates a
process instantly with no opportunity to perform an orderly
shutdown?
a. 1, SIGHUP
b. 2, SIGINT
c. 9, SIGKILL
d. 15, SIGTERM
11 - 27
11 - 28
Lesson Agenda
11 - 29
11 - 30
Creating an at Job
1. Start the at utility, specifying the time you want your job to
be executed.
2. At the at prompt, type the commands or scripts that you
want to execute, one per line.
3. Press Control-D to exit the at utility and save the at job.
$ at -m 1930
at> rm /home/jones/*.backup
at> <Press Control-D>
job 897355800.a at Thu Jul 12 19:30:00 2004
11 - 31
at Commands
Command
Description
atq
at -l [job-id]
at -r [job-id]
11 - 32
11 - 34
11 - 36
10 3 * * 0 /usr/sbin/logadm
Field
Range of Values
minute
hour
day of month
month
day of week
command
11 - 37
# crontab -l
#ident "%Z%%M% %I%
%E% SMI"
<header and copyright content omitted>
#
# The root crontab should be used to perform accounting data
collection.
#
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 [ -x /usr/lib/fs/nfs/nfsfind ] &&
/usr/lib/fs/nfs/nfsfind
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] &&
/usr/lib/gss/gsscred_clean
30 0,9,12,18,21 * * * /usr/lib/update-manager/update-refresh.sh
11 - 38
crontab Files
11 - 40
# cat /etc/cron.d/cron.deny
daemon
bin
nuucp
11 - 41
11 - 42
11 - 43
# EDITOR=vi
# export EDITOR
# crontab -e jjones
30 17 * * 5 /usr/bin/banner "Time to go!" >
:wq
# crontab -l jjones
30 17 * * 5 /usr/bin/banner "Time to go!" >
# ls -l /var/spool/cron/crontabs
-rw-r--r-- 1 root
sys
190 Sep
-rw------- 1 root
staff
225 Nov
-rw-r--r-- 1 root
root
1063 Nov
-rw-r--r-- 1 root
sys
441 Sep
-rw------- 1 root
staff
60 Nov
-rw-r--r-- 1 root
sys
308 Sep
11 - 45
/dev/console
/dev/console
19
5
5
19
5
19
16:23
09:19
16:23
16:25
09:15
16:23
adm
jjones
lp
root
smith
sys
11 - 46
11 - 47
190
1063
441
60
308
Sep 19
Nov 5
Sep 19
Nov 5
Nov 19
16:23
16:23
16:25
09:15
16:23
adm
lp
root
smith
sys
11 - 48
11 - 49
Quiz
If the cron.allow file does not exist, all users (except the
users listed in the cron.deny file) can create, edit, display, or
remove the crontab files.
a. True
b. False
11 - 50
11 - 51
Summary
In this lesson, you should have learned how to:
Explain system processes management
Manage system processes
Schedule system administration tasks
11 - 52