Documente Academic
Documente Profesional
Documente Cultură
This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and
decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of
Sun and its licensors, if any.
Third-party software, including font technology, is copyrighted and licensed from Sun suppliers.
Sun, Sun Microsystems, the Sun logo, Solaris, Sunsolve, JumpStart, Java, Sun Java System, Sun Update Connection, Sun Update Manager,
Sun Enterprise Authentication Mechanism, and Ultra are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and
other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc.
in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.
Federal Acquisitions: Commercial Software – Government Users Subject to Standard License Terms and ConditionsExport Laws. Products,
Services, and technical data delivered by Sun may be subject to U.S. export controls or the trade laws of other countries. You will comply
with all such laws and obtain all licenses to export, re-export, or import as may be required after delivery to You. You will not export or re-
export to entities on the most current U.S. export exclusions lists or to any country subject to U.S. embargo or terrorist controls as specified
in the U.S. export laws. You will not use or provide Products, Services, or technical data for nuclear, missile, or chemical biological
weaponry end uses.
DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE
LEGALLY INVALID.
THIS MANUAL IS DESIGNED TO SUPPORT AN INSTRUCTOR-LED TRAINING (ILT) COURSE AND IS INTENDED TO BE
USED FOR REFERENCE PURPOSES IN CONJUNCTION WITH THE ILT COURSE. THE MANUAL IS NOT A STANDALONE
TRAINING TOOL. USE OF THE MANUAL FOR SELF-STUDY WITHOUT CLASS ATTENDANCE IS NOT RECOMMENDED.
Please
Recycle
Copyright 2006 Sun Microsystems Inc., 901 San Antonio Road, Palo Alto, California 94303, Etats-Unis. Tous droits réservés.
Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribution,
et la décompilation. Aucune partie de ce produit ou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit,
sans l’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y en a.
Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié
par des fournisseurs de Sun.
Sun, Sun Microsystems, le logo Sun, Solaris, SunSolve, JumpStart, Java, Sun Java System, Sun Update Connection, Sun Update Manager,
Sun Enterprise Authentication Mechanism, etUltra sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux
Etats-Unis et dans d’autres pays.
Toutes les marques SPARC sont utilisées sous licence sont des marques de fabrique ou des marques déposées de SPARC International, Inc.
aux Etats-Unis et dans d’autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun
Microsystems, Inc.UNIX est une marques déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company,
Ltd.Législation en matière dexportations. Les Produits, Services et données techniques livrés par Sun peuvent être soumis aux contrôles
américains sur les exportations, ou à la législation commerciale dautres pays. Nous nous conformerons à lensemble de ces textes et nous
obtiendrons toutes licences dexportation, de ré-exportation ou dimportation susceptibles dêtre requises après livraison à Vous. Vous
nexporterez, ni ne ré-exporterez en aucun cas à des entités figurant sur les listes américaines dinterdiction dexportation les plus courantes,
ni vers un quelconque pays soumis à embargo par les Etats-Unis, ou à des contrôles anti-terroristes, comme prévu par la législation
américaine en matière dexportations. Vous nutiliserez, ni ne fournirez les Produits, Services ou données techniques pour aucune utilisation
finale liée aux armes nucléaires, chimiques ou biologiques ou aux missiles.
LA DOCUMENTATION EST FOURNIE “EN L’ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES
EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y
COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE
UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON.
CE MANUEL DE RÉFÉRENCE DOIT ÊTRE UTILISÉ DANS LE CADRE D’UN COURS DE FORMATION DIRIGÉ PAR UN
INSTRUCTEUR (ILT). IL NE S’AGIT PAS D’UN OUTIL DE FORMATION INDÉPENDANT. NOUS VOUS DÉCONSEILLONS DE
L’UTILISER DANS LE CADRE D’UNE AUTO-FORMATION.
Please
Recycle
Table of Contents
About This Course .................................................................Preface-i
Course Goals............................................................................ Preface-i
Course Map..............................................................................Preface-ii
Topics Not Covered...............................................................Preface-iii
How Prepared Are You?.......................................................Preface-iv
Introductions ........................................................................... Preface-v
How to Use Course Materials ..............................................Preface-vi
Conventions ...........................................................................Preface-vii
Typographical Conventions ..................................... Preface-viii
Managing Services With the Service Management Facility
(SMF)..................................................................................................1-1
Objectives ........................................................................................... 1-1
Additional Resources ........................................................................ 1-3
The Service Management Facility.................................................... 1-4
Features ...................................................................................... 1-4
The SMF Architecture............................................................... 1-4
Services ...................................................................................... 1-6
Writing a Service Manifest..................................................... 1-14
Example New Service Script ................................................ 1-23
The /usr/share/lib/xml/dtd/service_bundle.dtd
File ............................................................................................. 1-29
Managing Services .................................................................. 1-29
Troubleshooting ...................................................................... 1-43
Example of Adding a Service to startd ............................. 1-51
Example of Adding a Service to inetd................................ 1-53
Exercise: Listing, Enabling, and Disabling Services.................... 1-56
Preparation............................................................................... 1-56
Task ........................................................................................... 1-56
Exercise: Implementing an SMF Service....................................... 1-58
Preparation............................................................................... 1-58
Task ........................................................................................... 1-58
Exercise: Implementing an SMF inetd Service ......................... 1-60
vii
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Preparation............................................................................... 1-60
Task ........................................................................................... 1-60
Exercise: Creating Your Own Services.......................................... 1-62
Preparation............................................................................... 1-62
Task ........................................................................................... 1-62
Exercise Summary............................................................................ 1-64
Exercise Solutions: Listing, Enabling, and Disabling
Services .............................................................................................. 1-65
Task ........................................................................................... 1-65
Exercise Solutions: Implementing an SMF Service ..................... 1-69
Task ........................................................................................... 1-69
Exercise Solutions: Implementing an SMF inetd Service........ 1-70
Task ........................................................................................... 1-70
Exercise Solutions: Creating Your Own Services ........................ 1-72
Task ........................................................................................... 1-72
Introducing the Solaris OS Directory Hierarchy ........................... 2-1
Objectives ........................................................................................... 2-1
Additional Resources ........................................................................ 2-3
System Directory Changes................................................................ 2-4
In-Memory versus On-disk System Directories ................... 2-4
Directory Name Changes and New/Old Directories.......... 2-5
Managing Local Disk Devices......................................................... 3-1
Objectives ........................................................................................... 3-1
Additional Resources ........................................................................ 3-3
Listing a System’s Devices................................................................ 3-4
The format Command............................................................. 3-4
Multiterabyte Volume Support With EFI Disk Labels ........ 3-7
Reconfiguring Devices .................................................................... 3-11
/devices and /dev Directory Link Changes ..................... 3-11
Managing the Solaris OS File System............................................ 4-1
Objectives ........................................................................................... 4-1
Additional Resources ........................................................................ 4-3
Pseudo File Systems .......................................................................... 4-4
Pseudo File Systems in the /etc/vfstab File...................... 4-4
Multiterabyte UFS File Systems....................................................... 4-5
UFS Logging Enabled by Default ........................................... 4-6
Logging and the /etc/vfstab File........................................ 4-7
New mount Command Flags............................................................ 4-8
Installing the Solaris OS.................................................................. 5-1
Objectives ........................................................................................... 5-1
Additional Resources ........................................................................ 5-3
Installation Methods.......................................................................... 5-4
Solaris 10 OS Installation and Upgrade Options.................. 5-4
Solaris Installation Command Line Interpreter (CLI) ......... 5-4
ix
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Installing Patch Clusters ................................................................. 6-59
Further Information......................................................................... 6-64
Introducing the Sun Update Connection Hosted Web
Application ....................................................................................... 6-65
Using the Sun Update Connection Hosted Web
Application ....................................................................................... 6-67
Leveraging the Systems Affected Function......................... 6-75
Performing User Administration .................................................... 7-1
Objectives ........................................................................................... 7-1
Relevance............................................................................................. 7-2
Additional Resources ........................................................................ 7-3
Performing User Administration..................................................... 7-4
Managing User Accounts......................................................... 7-4
Miscellaneous Items................................................................. 7-5
Changes in Command-Line Tools ................................................... 7-6
Using the smuser Command .................................................. 7-7
Using the smgroup Command ............................................. 7-11
Changes in GUI Tools ..................................................................... 7-13
Introducing the Solaris Management Console ................... 7-13
Performing System Security........................................................... 8-1
Objectives ........................................................................................... 8-1
Relevance............................................................................................. 8-2
Additional Resources ........................................................................ 8-3
Controlling System Access ............................................................... 8-4
File Transfer Protocol (FTP) Access........................................ 8-4
System Files That Store User Account Information ............. 8-6
Password Management............................................................ 8-7
Configuring and Using Printer Services........................................ 9-1
Objectives ........................................................................................... 9-1
Relevance............................................................................................. 9-2
Additional Resources ........................................................................ 9-3
Network Printing Fundamentals..................................................... 9-4
Printer Filters ............................................................................. 9-4
Printer Tools........................................................................................ 9-6
GUI Tools ................................................................................... 9-6
Command Line Tools ............................................................... 9-9
Other Changes in Functionality..................................................... 9-10
Directory and File Locations ................................................. 9-10
Print Requests From the Network ........................................ 9-11
Describing Network Basics........................................................... 10-1
Objectives ......................................................................................... 10-1
Additional Resources ...................................................................... 10-3
Interface Configuration ................................................................... 10-4
Interface Files........................................................................... 10-4
xi
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Exercise: Mirroring the Root (/) File System .................... 14-76
Task ......................................................................................... 14-76
Controlling Access and Configuring System Messaging .......... 15-1
Objectives ......................................................................................... 15-1
Additional Resources ...................................................................... 15-3
Configuring System Messaging ..................................................... 15-4
The loghost Setting ............................................................... 15-4
The /etc/syslog.conf File ................................................ 15-6
Naming Services ............................................................................ 16-1
Objectives ......................................................................................... 16-1
Additional Resources ...................................................................... 16-3
Lightweight Directory Access Protocol (LDAP) ......................... 16-4
LDAP Directory Server .......................................................... 16-4
Changes in the /etc/nsswitch File ............................................. 16-5
The /etc/nsswitch.conf File .................................................. 16-5
The /etc/nsswitch.dns File ................................................... 16-5
The /etc/nsswitch.ldap File................................................. 16-7
The /etc/nsswitch.nis File.................................................... 16-8
Configuring the NIS Domain ......................................................... 16-9
The /var/yp/Makefile File ................................................. 16-9
NIS to LDAP Transition Tool .............................................. 16-10
Configuring the Custom JumpStart Procedure .......................... 17-1
Objectives ......................................................................................... 17-1
Relevance........................................................................................... 17-2
Additional Resources ...................................................................... 17-3
Introducing JumpStart Differences ............................................... 17-4
Boot Services ............................................................................ 17-4
Identification Services ............................................................ 17-5
Configuration Services ........................................................... 17-5
Installation Services ................................................................ 17-5
Examples of the sysidcfg File ............................................. 17-6
Changes to the Profile File ................................................. 17-8
Booting the JumpStart Client ............................................. 17-14
Finish Scripts.......................................................................... 17-14
Performing a Flash Installation .................................................... 18-1
Objectives ......................................................................................... 18-1
Additional Resources ...................................................................... 18-3
Introducing Flash Archives and Installations.............................. 18-4
Creating and Manipulating Flash Archives........................ 18-5
Creating a Flash Archive........................................................ 18-6
Administering a Flash Archive ............................................. 18-8
Using a Flash Archive for Installation ............................... 18-10
Differential Flash Archives ........................................................... 18-18
Creating a Differential Flash Archive ................................ 18-18
xiii
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Preface
Course Goals
Upon completion of this course, you should be able to describe
differences between the Solaris™ 8 or 9 OS and the Solaris 10 OS as they
relate to the administration tasks in the following areas:
● Managing file systems
● Installing software
● Performing system boot procedures
● Performing user and security administration
● Managing network printers and system processes
● Performing system backups and restores
● Describing network basics
● Managingvirtual file systems and core dumps
● Managing storage volumes
● Controlling access and configure system messaging
● Setingt up name services
● Performing advanced installation procedures
Preface-i
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Sun Services, Revision A
Course Map
Course Map
The course map enables you to see what you have accomplished and
where you are going in reference to the course goals.
Managing Services
Managing
Services
With the
Service
Management
Facility
Introducing Managing
Managing
the Solaris™ Local Disk the Solaris OS
OS Directory File System
Devices
Hierarchy
Introducing the
Installing Performing Performing
Fundamentals
the User Security
of Package
Solaris OS and Patch Administration Administration
Administration
Configuring Describing
and Using Network
Printer Services Basics
Managing
Crash Dumps, Configuring Configuring
Core Files, NFS AutoFS
and Paging
Controlling Access
Managing Setting Up
and Configuring
Storage Volumes Naming Services
System Messaging
Configuring Controlling
Solaris Access Using
Volume and Configuring Name
Manager System Services
Software Messaging
Refer to the Sun Educational Services catalog for specific information and
registration.
Introductions
Now that you have been introduced to the course, introduce yourself to
the other students and the instructor, addressing the following items:
● Name
● Company affiliation
● Title, function, and job responsibility
● Experience related to topics presented in this course
● Reasons for enrolling in this course
● Expectations for this course.
Conventions
The following conventions are used in this course to represent various
training elements and alternative learning resources.
Icons
Note – Indicates additional information that can help students but is not
crucial to their understanding of the concept being described. Students
should be able to understand the concept or complete the task without
this information. Examples of notational information include keyword
shortcuts and minor system adjustments.
Typographical Conventions
Courier is used for the names of commands, files, directories,
programming code, and on-screen computer output; for example:
Use ls -al to list all files.
system% You have mail.
Courier bold is used for characters and numbers that you type; for
example:
To list the files in this directory, type:
# ls
Palatino italics is used for book titles, new words or terms, or words that
you want to emphasize; for example:
Read Chapter 6 in the User’s Guide.
These are called class options.
If you are teaching an LVC, display the PDF file of the Student Guide in the whiteboard area.
Total
Lecture Lab
Module Time
(Minutes) (Minutes)
(Minutes)
About This Course 40 40
Managing Services With the Service Management 90 75 165
Facility (SMF)
Introducing the Solaris OS Directory Hierarchy 15 0 15
Managing Local Disk Devices 15 0 15
Managing the Solaris OS File System 15 0 15
Installing the Solaris OS 30 0 30
Introducing the Fundamentals of Package and 120 0 120
Patch Administration
Performing User Administration 30 0 30
Performing System Security 15 0 15
Configuring and Using Printer Services 15 0 15
Describing Network Basics 15 0 15
Managing Crash Dumps, Core Files and Paging 15 00 15
Configuring NFS 30 0 30
Configuring AutoFS 15 0 15
OK Configuring Solaris Volume Manager Software 90 60 150
Controlling Access and Configuring System 15 0 15
Messaging
Naming Services 15 0 15
Configuring the Custom JumpStart Procedure 15 0 15
Performing a Flash Installation 30 45 75
Using Live Upgrade 60 0 60
Total
Lecture Lab
Module Time
(Minutes) (Minutes)
(Minutes)
Introducing WANBoot 60 90 150
Objectives
This module is an overview of the service management features included
in the Solaris™ 10 Operating System (Solaris 10 OS).
1-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Features
An SMF infrastructure consisting of a service configuration repository,
process re-starter, and administrative CLI utilities along with supporting
kernel functionality is available, enabling Solaris services to express the
following:
● Restart requirements
● Requirements for the presence of prerequisite services and system
facilities (such as networking)
● Requirements for identity and privileges for various tasks
● Configuration settings per instance
Management Observability
inet-service Service
Agent Agent
inetd(1M)
Repository API
svc.configd(1M) svc.startd(1M)
init(1M)
Process Repository
Contract Client
Kernel
Services
The fundamental unit of administration in SMF is the service. Generically,
a service is an entity which provides a known list of capabilities to other
local and remote services. The categories of services are:
● milestone – Synthetic services for clean dependency statements
● device – General device services
● system – Services concerned with host-centric, non networked
capabilities
● system/security – Low-level host-centric services implementing
security facilities
● network – Services concerned with host-centric, network
infrastructure capabilities
● application – General software services
● application/management – Services implementing management
facilities
● application/security – Services implementing high-level security
facilities
● site – Services implementing site-specific software
● platform – Services implementing platform-specific software
Information about services and their state is kept in the repository. This
information can be accessed using the svcs command.
sys-01# svcs
STATE STIME FMRI
legacy_run 9:17:58 lrc:/etc/rcS_d/S10pfil
legacy_run 9:17:58 lrc:/etc/rcS_d/S29wrsmcfg
legacy_run 9:17:58 lrc:/etc/rcS_d/S35cacheos_sh
legacy_run 9:17:58 lrc:/etc/rcS_d/S41cachefs_root
legacy_run 9:17:58 lrc:/etc/rcS_d/S55fdevattach
legacy_run 9:18:09 lrc:/etc/rc2_d/S10lu
legacy_run 9:18:09 lrc:/etc/rc2_d/S20sysetup
legacy_run 9:18:09 lrc:/etc/rc2_d/S40llc2
legacy_run 9:18:09 lrc:/etc/rc2_d/S42ncakmod
legacy_run 9:18:09 lrc:/etc/rc2_d/S47pppd
legacy_run 9:18:10 lrc:/etc/rc2_d/S65ipfboot
legacy_run 9:18:10 lrc:/etc/rc2_d/S70sckm
legacy_run 9:18:10 lrc:/etc/rc2_d/S70uucp
. . .
online 9:16:08 svc:/system/svc/restarter:default
online 9:17:12 svc:/milestone/name-services:default
online 9:17:28 svc:/network/loopback:default
online 9:17:29 svc:/network/initial:default
online 9:17:29 svc:/network/physical:default
online 9:17:30 svc:/network/service:default
online 9:17:44 svc:/network/ssh:default
online 9:17:46 svc:/milestone/devices:default
online 9:17:46 svc:/system/device/local:default
online 9:17:55 svc:/system/filesystem/minimal:default
online 9:17:56 svc:/network/rpc/bind:default
online 9:17:56 svc:/network/rpc/keyserv:default
. . .
online 9:55:48 svc:/system/console-login:default
online 13:19:00 svc:/network/telnet:default
offline 9:16:11 svc:/application/print/ipp-listener:default
Service States
Service
disabled
UNINITALIZED
Can’t read
config
Start
Administrator service Re-read
intervention config data
Re-read
config data
Dependency
not met or Service marked
start failed disabled
MAINTENANCE OFFLINE DISABLED
Unresolvable error Service enabled
or thresholds reached by admin
Service shutdown,
restart or disable
Unresolvable error or
thresholds reached
Dependency met
and service enabled
ONLINE
Service shutdown,
restart or disable
Refresh
Unresolvable error or
thresholds reached Partial failure of
service or dependency
Service Components
Most of the class should be familiar with HTML. As necessary describe how tags match their beginning and
ending. This is particularly important when looking at manifest files. Do not get too detailed about the
contents of this file. Emphasize instances.
<!--
svc.startd(1M) services
-->
<service name='system/coreadm' version='1' type='service'>
<instance name='default' enabled='true'/>
</service>
<!--
Include inetd(1M) services profile.
-->
<xi:include href='file:/var/svc/profile/inetd_services.xml' />
</service_bundle>
A manifest is a list of things pertaining to each service. The list contains the
name of the service, the method to start and stop the service, and many
other things. All manifests live in the /var/svc/manifest directory tree.
This directory contains subdirectories that logically group services.
Do not get too detailed about the contents of this file. Emphasize dependencies and properties.
...
<service_bundle type=’manifest’ name=’SUNWcsr:coreadm’>
<service
name=’system/coreadm’
type=’service’
version=’1’>
<single_instance />
<dependency
name=’usr’
type=’service’
grouping=’require_all’
restart_on=’none’>
<service_fmri value=’svc:/system/filesystem/minimal’ />
</dependency>
<exec_method
type=’method’
name=’start’
exec=’/usr/bin/coreadm -u’
timeout_seconds=’60’ />
<exec_method
type=’method’
name=’stop’
exec=’:true’
timeout_seconds=’60’ />
<template>
<common_name>
<loctext xml:lang=’C’>
System-wide core file configuration
service
</loctext>
</common_name>
<documentation>
<manpage
title=’coreadm’
section=’1M’
manpath=’/usr/share/man’ />
</documentation>
</template>
</service>
</service_bundle>
General service categories for naming of services are provided, but these
categories aren’t used by the system. They help the administrator in
identifying the general use of the service.
The service name describes what is being provided and includes both any
category identifier and the actual service name, separated by forward
slashes (/). Service names should usefully identify the service being
provided by the administrator.
The instance name describes any specific features about the instance. Most
services deliver a default instance. Some services such as Oracle may
want to create instances based on administrative configuration choices.
SMF interacts with services primarily by its methods. The stop and start
methods must be provided for services managed by svc.startd. The
service can either directly invoke a service binary, or a script which
invokes a more complex setup. The refresh method is optional for
svc.startd-managed services. Different restarters may require different
methods.
Existing init scripts can easily serve as the basis for service methods. The
following rules and guidance for the methods supported by svc.startd:
All Methods
Start Methods
● For contract and transient services, the start method should not
return success until the service is being provided. Note that this is
true for daemons as well. Daemons should not fork() then exit()
from their initial process, they should wait to return until startup
errors have been accumulated and can be reported. Many init scripts
previously started up the daemon and return immediately, counting
on the fact that the serial boot took some time to start dependent
services. Now that dependent services are started precisely, and
often immediately after your service returns successfully from its
start method, imprecise semantics are not acceptable.
● If code changes to the daemon/service can not be made, a positive
test for service is required before returning success. If no other
options are available, insert an appropriate long sleep() before
successful return.
Stop Methods
Refresh Methods
A set of method tokens are available for use in method specification for
commonly used property values. A comprehensive list is available in
smf_method(5).
Finally, each method may specify a method context to define system and
security attributes used during method execution. It is recommend that
long-running services are started with reduced privileges and safe uids
and gids, when possible. The following is an example of a start method:
<exec_method
type=’method’
name=’start’
exec=’/lib/svc/method/svc-cron’
timeout_seconds=’60’>
<method_context>
<method_credential user=’root’ group=’root’ />
</method_context>
</exec_method>
Identify Dependencies
First, identify what other services are required for your service to start.
For example, does your service require the network to be plumbed, local
devices to be configured, or name services to be available? Once you’ve
decided what your service is dependent on, specify the fault propagation
model:
Identify Dependents
For example, if you’re delivering a service (mysvc) that must start before
syslog, use the following:
<dependent
name=’mysvc_syslog’
grouping=’optional_all’
restart_on=’none’>
<service_fmri value=’svc:/system/system-log’ />
<dependent>
For example, if your service was previously started at run level 2, this
clause will make sure that run level 2 is not considered complete until
your service has started:
<dependent
name=’mysvc_multi-user’
grouping=’require_all’
restart_on=’none’>
<service_fmri value=’svc:/milestone/multi-user’ />
<dependent>
You could then create another script to terminate this service and shut
down the database server before the network services are stopped.
The correct procedure is to incorporate the new service into the SMF. This
procedure can be quite complex. The general steps required are detailed
in the following list:
● Determine the process for starting and stopping your service.
● Establish a name for the service, and the category this service falls
into.
● Determine whether your service runs multiple instances.
● Identify any dependency relationships between this service and any
other services.
● If a script is required to start and stop the process, create the script
and place it in a local directory such as /usr/local/svc/method.
● Create a service manifest file for your service. This file describes the
service and any dependency relationships. Service manifests are
pulled into the repository either by using the svccfg command or
at boot time.
● Incorporate the script into the SMF using the svccfg utility.
case "$1" in
’start’)
/usr/bin/newservice &
;;
’stop’)
/usr/bin/pkill -x -u 0 newservice
;;
*)
echo "Usage: $0 { start | stop }"
;;
esac
exit 0
# cd /var/svc/manifest/site
# vi newservice.xml
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM
"/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
<service
name=’site/newservice’
type=’service’
version=’1’>
<single_instance/>
<dependency
name=’usr’
type=’service’
grouping=’require_all’
restart_on=’none’>
<service_fmri value=’svc:/system/filesystem/local’ />
</dependency>
<dependent
name=’newservice’
grouping=’require_all’
restart_on=’none’>
<service_fmri value=’svc:/milestone/multi-user’ />
</dependent>
<exec_method
type=’method’
name=’start’
exec=’/lib/svc/method/newservice start’
timeout_seconds=’30’ />
<exec_method
type=’method’
name=’stop’
exec=’/lib/svc/method/newservice stop’
timeout_seconds=’30’ />
<template>
<common_name>
<loctext xml:lang=’C’>
New service
</loctext>
</common_name>
</template>
</service>
</service_bundle>
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM
"/usr/share/lib/xml/dtd/service_bundle.dtd.1">
● Comment section.
<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
timeout_seconds=’30’ />
<exec_method
type=’method’
name=’stop’
exec=’/lib/svc/method/newservice stop’
timeout_seconds=’30’ />
● Define any dependencies for this service. The first entry states that
the newservice requires the filesystem/local service.
<dependency
name=’usr’
type=’service’
grouping=’require_all’
restart_on=’none’>
<service_fmri value=’svc:/system/filesystem/local’ />
</dependency>
● The second entry makes sure that your service is associated with the
multi-user milestone and that the multi-user milestone requires this
service.
<dependent
name=’newservice’
grouping=’require_all’
restart_on=’none’>
<service_fmri value=’svc:/milestone/multi-user’ />
</dependent>
After the service has been imported into SMF it should be visible using
the svcs command.
# svcs newservice
STATE STIME FMRI
online 8:43:45 svc:/site/newservice:default
#
Finally, you can observe that the multiuser milestone requires the
newservice in order to complete its requirements.
# svcs -d milestone/multi-user:default
STATE STIME FMRI
disabled 8:43:16 svc:/platform/sun4u/sf880drd:default
online 8:43:16 svc:/milestone/name-services:default
online 8:43:33 svc:/system/rmtmpfiles:default
online 8:43:42 svc:/network/rpc/bind:default
online 8:43:46 svc:/milestone/single-user:default
online 8:43:46 svc:/system/utmp:default
online 8:43:47 svc:/system/system-log:default
online 8:43:47 svc:/system/system-log:default
online 8:43:49 svc:/system/filesystem/local:default
online 8:44:01 svc:/system/mdmonitor:default
online 9:11:54 svc:/site/newservice:default
#
The /usr/share/lib/xml/dtd/service_bundle.dtd
File
The /usr/share/lib/xml/dtd/service_bundle.dtd file is a DTD
(Document Type Definition) file that defines the structure the *.xml files
used in SMF. This file has many comments that explain the use of the
elements and attributes used in the *.xml files. Elements their attributes
are the building blocks of the data structures or models used for defining
services and manifests. Consult this file for additional information when
writing services.
Point out that the filename may actually have a .1 or .2 appended to it which is the naming convention being
use for revision marking.
Students will have varying backgrounds on XML files and the syntax used in DTDs. Share a session and walk
students through what is in this somewhat self documenting DTD file. (For example, explain notation like the
asterisk symbol which specifies that that element can appear zero or more times in a parent structure.) Use
the grep command to find the strings ELEMENT and ATTRIBUTE where the main data models are defined.
Instruct students that they may want to use this technique during the lab exercise which has them write a
simple service.
Managing Services
This section contains a number of command examples and output. Engage the students and keep the
training interactive by having them execute appropriate ones on a lab system in a shared window for all to
see.
One of the more significant benefits of SMF is visibility into services and
their dependencies. There are mechanisms to accomplish the following:
● Enable or disable service startup
● View and modify a service’s dependencies
● View the current state of all services
● View and modify service startup configuration data
The tools responsible for running services and accessing the repository are
as follows:
● svc.startd(1M) – Responsible for starting and stopping services as
requested
● svc.configd(1M) – Responsible for accessing the configuration
repository
● inetd(1M) – Delegated restarter
The tools available for observing and managing services are as follows:
● svcs(1) – Show services, their current state, and their dependencies
● svcprop(1) – Show property values for services
● svcadm(1M) – Manipulate service instances
● svccfg(1M) – Import, export and modify service configurations
● inetadm(1M) – Observe or configure inetd- controlled services
The inetd daemon performs the same function as, but is implemented
significantly different from, the daemon of the same name in Solaris 9 and
prior Solaris operating system releases. In the current Solaris release,
inetd is part of SMF and runs only within that facility.
The svcs command displays the current state of system services. Using
the svcs command with the -a option shows all services. Without the -a
the svcs command shows only services which are running or available to
run.
sys-01# svcs -a
STATE STIME FMRI
legacy_run Aug_31 lrc:/etc/rcS_d/S10pfil
legacy_run Aug_31 lrc:/etc/rcS_d/S29wrsmcfg
legacy_run Aug_31 lrc:/etc/rcS_d/S35cacheos_sh
legacy_run Aug_31 lrc:/etc/rcS_d/S41cachefs_root
legacy_run Aug_31 lrc:/etc/rcS_d/S55fdevattach
legacy_run Aug_31 lrc:/etc/rc2_d/S10lu
legacy_run Aug_31 lrc:/etc/rc2_d/S20sysetup
. . .
disabled Aug_31 svc:/platform/sun4u/mpxio-upgrade:default
disabled Aug_31 svc:/network/dns/client:default
disabled Aug_31 svc:/network/ldap/client:default
disabled Aug_31 svc:/network/nis/client:default
disabled Aug_31 svc:/network/nis/server:default
disabled Aug_31 svc:/network/rpc/nisplus:default
disabled Aug_31 svc:/network/dns/server:default
disabled Aug_31 svc:/network/inetd-upgrade:default
disabled Aug_31 svc:/platform/sun4u/sf880drd:default
disabled Aug_31 svc:/system/consadm:default
disabled Aug_31 svc:/application/print/cleanup:default
disabled Aug_31 svc:/application/print/server:default
. . .
online Aug_31 svc:/system/svc/restarter:default
online Aug_31 svc:/milestone/name-services:default
online Aug_31 svc:/network/loopback:default
online Aug_31 svc:/network/initial:default
online Aug_31 svc:/network/physical:default
online Aug_31 svc:/network/service:default
online Aug_31 svc:/network/ssh:default
online Aug_31 svc:/milestone/devices:default
online Aug_31 svc:/system/device/local:default
online Aug_31 svc:/system/filesystem/minimal:default
online Aug_31 svc:/network/rpc/bind:default
. . .
online Aug_31 svc:/network/telnet:default
online 17:03:46 svc:/network/smtp:sendmail
offline Aug_31 svc:/application/print/ipp-listener:default
The svcs command has a -p option that allows you to see the processes
that are associated with a service. The following example uses a pattern
match to specify the services to display.
sys-01# svcs -p "*nfs*"
disabled Feb_18 svc:/network/nfs/cbd:default
disabled Feb_18 svc:/network/nfs/mapid:default
disabled Feb_18 svc:/network/nfs/server:default
online Feb_18 svc:/network/nfs/status:default
Feb_18 191 statd
online Feb_18 svc:/network/nfs/nlockmgr:default
Feb_18 200 lockd
online Feb_18 svc:/network/nfs/rquota:default
online Feb_18 svc:/network/nfs/client:default
The following example shows the service instances which depend on the
service instance /system/filesystem/minimal:default.
# svcs -d filesystem/minimal
STATE STIME FMRI
online Aug_31 svc:/system/cryptosvc:default
online Aug_31 svc:/system/sysidtool:net
online Aug_31 svc:/system/sysidtool:system
The svcprop command allows you to see the properties associated with a
service instance. The following example shows the properties for the
syslog default instance.
sys-01# svcprop svc:/system/system-log:default
general/package astring SUNWcsr
general/enabled boolean true
restarter/contract count 41
restarter/start_pid count 593
restarter/auxiliary_state astring none
restarter/next_state astring none
restarter/state astring online
restarter/state_timestamp time 1093965480.562821000
restarter_actions/refresh integer
When a service is disabled, all dependent services are also disabled. The
svcs -D command can be used to see the impact of disabling a service.
# svcadm disable apache2
The disable setting not only persists across reboots, but also across
software upgrades and patch installation. Use this command to disable
any Solaris service.
To verify that the service is in fact running, examine the service with the
svcs command.
# svcs -l sar
fmri svc:/system/sar:default
enabled true
state online
next_state none
restarter svc:/system/svc/restarter:default
dependency require_all/none svc:/system/filesystem/minimal (online)
After the above command is running, the svcs command can be used to
follow the progress of services being brought online.
After starting the svccfg utility, the list subcommand prints a list of the
service identifiers for all services installed on the system:
example% svccfg
svc:> list
system/console-login
milestone/devices
system/device/local
system/identity
system/filesystem/local
system/manifest-import
system/filesystem/minimal
milestone/multi-user-server
milestone/multi-user
milestone/name-services
network/initial
network/loopback
network/physical
system/svc/restarter
system/filesystem/root
milestone/single-user
system/filesystem/usr
network/rpc/bind
network/inetd-upgrade
system/utmp
system/metainit
system/mdmonitor
smf/manifest
...
Notice the list contains not only the default instance but also the
:properties value. The presence of this string in the list output
identifies that there are properties related to the currently selected FMRI.
Type the listprop command to list the SMF properties associated with
the name service cache:
svc:/system/name-service-cache> listprop
usr dependency
usr/entities fmri svc:/system/filesystem/usr
usr/grouping astring require_all
usr/restart_on astring none
usr/type astring service
config_data dependency
config_data/entities fmri file://localhost/etc/nscd.conf
file://localhost/etc/nsswitch.conf
config_data/grouping astring require_all
config_data/restart_on astring restart
config_data/type astring path
general framework
general/entity_stability astring Unstable
general/single_instance boolean true
stop method
stop/exec astring :kill
stop/timeout_seconds count 3
stop/type astring method
start method
start/exec astring /lib/svc/method/svc-nscd
start/timeout_seconds count 30
start/type astring method
tm_man_nscd template
tm_man_nscd/manpath astring /usr/man
tm_man_nscd/section astring 1M
tm_man_nscd/title astring nscd
tm_common_name template
tm_common_name/C ustring "Name service cache daemon"
general framework
general/package astring SUNWcsr
general/enabled boolean true
restarter framework NONPERSISTENT
restarter/contract count 180
restarter/start_pid count 2430
restarter/auxiliary_state astring none
restarter/next_state astring none
restarter/state astring online
restarter/state_timestamp time 1094137041.968560000
restarter_actions framework NONPERSISTENT
restarter_actions/refresh integer
You can modify a single property using the setprop command. For
example, to set the start method timeout to 15 seconds, type:
svc:/system/name-service-cache> setprop start/timeout_seconds = 15
The property names, values, and meanings are explained in further detail
in the SMF System Administration Guide documentation. You can also
use the editprop command to edit groups of properties in your preferred
text editor. SMF automatically stores a persistent snapshot of the changes
made to the current configuration to serve as backup copy of your
changes and to permit administrators to undo any configuration mistakes.
The listsnap subcommand can be used to list configuration snapshots
associated with the service instance:
svc:/system/name-service-cache> select default
svc:/system/name-service-cache:default> listsnap
initial
running
start
When you execute an undo operation with the revert command, SMF
automatically restores your configuration settings and then starts, restarts,
and stops services based on the new settings immediately and
automatically.
The inetadm command with no arguments lists all the services under the
control of the inetd daemon.
# inetadm
ENABLED STATE FMRI
disabled disabled svc:/network/rpc/ocfserv:default
disabled disabled svc:/network/lp:default
enabled online svc:/network/rpc/mdcomm:tcp
The -l option of the inetadm command allows you to see all the
properties for a particular service. Those values preceded by default are
values inherited from the inetd service.
# inetadm -l network/telnet:default
SCOPE NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
Services can be enabled and disabled with the -e and -d options of the
inetadm command respectively. The following is an example of enabling
the services to allow the rdate command to work.
# rdate localhost
rdate: connect: Connection refused
# inetadm -e network/time:dgram
# inetadm -e network/time:stream
# rdate localhost
Thu Sep 2 16:18:59 2004
It is also possible to modify the properties of the inetd service and any
service that is inetd-controlled. Following are command examples for
modifying the properties of an inetd-controlled service.
First find the service of interest and verify that its restarter is inetd:
# svcs ftp
STATE STIME FMRI
online 12:49:06 svc:/network/ftp:default
# svcs -l ftp
fmri svc:/network/ftp:default
name FTBR server
enabled true
state online
next_state none
state_time Thu Apr 21 12:49:06 2005
restarter svc:/network/inetd:default
contract_id
# inetadm -l ftp
SCOPE NAME=VALUE
name="ftp"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.ftpd -a"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
tcp_trace=TRUE
default tcp_wrappers=FALSE
Either of the following commands will disable this property for the ftp
service:
# inetadm -m ftp tcp_wrappers=
# inetadm -m ftp tcp_wrappers=false
Troubleshooting
A common problem experienced by users new to SMF is the diagnosis of
failure of a service to start either automatically at boot time or manually.
To debug a system hang on boot, use the -m option of the boot command.
For this type of problem specify milestone=none as the -m option (see
kernel(1M)).
{1} ok boot -m milestone=none
Resetting ...
After you receive the sulogin prompt, log in with the root password.
This brings the system to a console prompt with no services running.
single-user privilege assigned to /dev/console.
Entering System Maintenance Mode
Next, you use the svcadm command with the all option to specify that all
services should be started. The all milestone is a special one meaning all
services possible.
# svcadm milestone all
# Configuring devices.
Progress of the service startup can be watched with the svcs command.
# svcs
STATE STIME FMRI
online 11:52:41 svc:/system/svc/restarter:default
online 11:54:05 svc:/network/loopback:default
online 11:54:05 svc:/system/filesystem/root:default
online 11:54:07 svc:/system/filesystem/usr:default
online 11:54:16 svc:/network/physical:default
online 11:54:17 svc:/system/identity:node
online 11:54:19 svc:/network/initial:default
online 11:54:19 svc:/network/service:default
online 11:54:23 svc:/milestone/devices:default
online 11:54:23 svc:/system/device/local:default
online 11:54:23 svc:/system/filesystem/minimal:default
online 11:54:23 svc:/system/sysevent:default
The above output shows that all dependencies are met. The next step is to
look for errors in the error logs in the /var/svc/log directory.
If students ask about the output showing sysidtool being offline you can refer them to the explanation which
is a comment in the /var/svc/manifest/milestone/single-user.xml file. For convenience, here is that
information:
SMF can be put in a debug mode by using the boot -m debug command.
This causes SMF to start all services serially and display messages on the
console for all services.
Executing last command: boot -m debug
Boot device: /pci@1f,0/pci@1/scsi@8/disk@0,0:a File and args: -m debug
SunOS Release 5.10 Version s10_66 64-bit
Copyright 1983-2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
-
INIT: Executing svc.startd
Sep 3 08:04:00/1: Initialized restarter protocol
Sep 3 08:04:00/1: Initialized restarter
Sep 3 08:04:00/1: Initialized graph
Sep 3 08:04:00/6: Graph adding svc:/system/console-login:default.
Sep 3 08:04:00/6: Graph engine: Refreshing svc:/system/console-
login:default.
Sep 3 08:04:00/6: Graph adding svc:/system/sysidtool:net.
Sep 3 08:04:00/6: Graph engine: Refreshing svc:/system/sysidtool:net.
Sep 3 08:04:00/6: Graph adding svc:/system/identity:node.
Sep 3 08:04:00/6: Graph engine: Refreshing svc:/system/identity:node.
Sep 3 08:04:00/3: svc:/system/console-login:default is a wait-style
service
Sep 3 08:04:00/3: svc:/system/console-login:default: inserted instance
into restarter list
Sep 3 08:04:00/3: svc:/system/sysidtool:net is a transient-style service
Sep 3 08:04:00/3: svc:/system/sysidtool:net: inserted instance into
restarter list
Sep 3 08:04:00/3: svc:/system/identity:node is a transient-style service
Sep 3 08:04:00/3: svc:/system/identity:node: inserted instance into
restarter list
Sep 3 08:04:00/6: Graph adding svc:/network/physical:default.
Sep 3 08:04:00/6: Graph engine: Refreshing
svc:/network/physical:default.
Sep 3 08:04:00/6: Enabling svc:/network/physical:default.
Sep 3 08:04:00/6: Graph adding svc:/network/loopback:default.
Sep 3 08:04:00/6: Graph engine: Refreshing
svc:/network/loopback:default.
Sep 3 08:04:00/6: Enabling svc:/network/loopback:default.
Sep 3 08:04:00/6: Enabling svc:/system/identity:node.
Sep 3 08:04:00/6: Graph adding svc:/system/identity:domain.
Debugging a Service
After running the previous command, the service still shows as disabled.
sys-02# svcs print/server
STATE STIME FMRI
disabled 11:14:24 svc:/application/print/server:default
The first step would be to determine if all the dependencies are met. To do
this, use the following command:
sys-02# svcs -d print/server
STATE STIME FMRI
sys-02
sys-02# svccfg
svc:> select print/server:default
svc:/application/print/server:default> listsnap
initial
running
svc:/application/print/server:default>
This shows that you could revert to the initial configuration for this
service.
svc:/application/print/server:default> revert initial
svc:/application/print/server:default> listsnap
initial
running
previous
svc:/application/print/server:default>
The svcs command now shows that the service is running. The problem
is fixed. If the print server still had not started, the error logs should be
searched for problems.
sys-02# more /var/svc/log/application-print-server:default.log
Aug 25 11:43:50 Executing start method ("/lib/svc/method/print-server
start")
Print services started.
sys-02#
You can also use the following command to check for additional errors.
The -l option to svcs lists the status of the FMRI. Any error or
complaints from svc.startd is reported here.
sys-02# svcs -l print/server:default
fmri svc:/application/print/server:default
enabled true
state online
next_state none
restarter svc:/system/svc/restarter:default
contract_id 122
sys-02#
Repository Problems
There are two types of problems that can occur with the repository. The
repository can be corrupted, or it can be inaccessible. The following is an
example of an inaccessible repository:
# svccfg
svc:> select network/nfs/client
svccfg: Could not connect to repository server: repository server
unavailable.
If the repository becomes unusable, you can restore the repository from
backup data, or you can copy in the initial seed repository and reboot.
There is a script that walks you through the procedure.
If there are any problems which need human intervention, this script will
give instructions and then exit back to your shell.
Note that upon full completion of this script, the system will be
rebooted
using reboot(1M), which will interrupt any active services.
boot-20050126_115535
manifest_import-20050126_115846
boot-20050126_124919
boot-20050203_082002
manifest_import-20050203_082451
The backups are named based on their type and the time what they were
taken.
Backups beginning with "boot" are made before the first change is made to
the repository after system boot. Backups beginning with
"manifest_import"
are made after svc:/system/manifest-import:default finishes its
processing.
The time of backup is given in YYYYMMDD_HHMMSS format.
Rebooting in 5 seconds.
<service
name=’site/test’
type=’service’
version=’1’>
<exec_method
type=’method’
name=’start’
exec=’/opt/ses/labs/smf/run.boot.script’
timeout_seconds=’60’ />
<exec_method
type=’method’
name=’stop’
exec=’:true’
timeout_seconds=’60’ />
</service_bundle>
3. Register the .xml file with the repository:
# svccfg -v import /var/svc/manifest/site/test.xml
svccfg: Taking "initial" snapshot for svc:/site/test:default.
svccfg: Taking "last-import" snapshot for svc:/site/test:default.
svccfg: Refreshed site/test:default.
svccfg: Successful import.
4. To verify it has been added, use the svcs command:
# svcs test
disabled 8:48:17 svc:/site/test:default
5. To enable the service, use the svcadm command:
# svcadm enable /site/test
6. To verify it has started running, use the svcs command again:
# svcs test
online 11:15:22 svc:/site/test:default
7. Verify that your script ran properly:
# cd /tmp
# more test
This is only a test
Another tip: xmllint is helpful in finding XML syntax errors. See the
xmllint(1) man page for details.
<template>
<common_name>
<loctext xml:lang=’C’> swat </loctext>
</common_name>
<description>
<loctext xml:lang=’C’>
Swat supports a browser interface for Samba.
</loctext>
</description>
</template>
</service>
</service_bundle>
Preparation
None.
Task
1. List all the services available on your system.
________________________________________________________
2. How many legacy services are running on your system?
________________________________________________________
3. How many SMF-controlled services are running on your system?
________________________________________________________
4. List the service status for network/shell instances.
________________________________________________________
5. List the state and dependencies for all network/shell instances.
________________________________________________________
6. What is the restarter for these instances?
________________________________________________________
7. Display the current settings for the default instance.
________________________________________________________
8. Enable TCP tracing for this service.
________________________________________________________
9. Execute the spray command to send packets to your host (localhost).
What happens? Why?
________________________________________________________
Preparation
The lab exercises reference the location for the files you need as
$LABFILES. Ask your instructor where your lab files directory is located.
Task
1. Create a script for a service in the /opt/svc/method directory by
copying the method called samba in your $LABFILES/smf directory
to the /opt/svc/method directory. Use the chmod command to make
the method executable (755).
________________________________________________________
________________________________________________________
________________________________________________________
________________________________________________________
2. Create the manifest for the script by copying samba.xml file in your
$LABFILES/smf directory to the /var/smv/manifest/site
directory.
________________________________________________________
________________________________________________________
3. Create an empty log file called site-samba:default.log for the
service in the /var/svc/log directory.
________________________________________________________
________________________________________________________
4. Create an smb.conf file to allow the service to start automatically by
executing the following commands:
# cd /etc/sfw
# cp smb.conf-example smb.conf
# mv /etc/rc3.d/S90samba /etc/rc3.d/s90samba
5. Import the service into the database by executing the following
svccfg command:
# svccfg -v import /var/svc/manifest/site/samba.xml
svccfg: Taking "initial" snapshot for svc:/site/samba:default. svccfg:
Taking "last-import" snapshot for svc:/site/samba:default. svccfg:
Refreshed svc:/site/samba:default.
svccfg: Successful import.
6. Check that the new service is online by executing the following svcs
command:
# svcs samba
Preparation
None.
Task
1. Edit the /etc/services file and add and following line:
swat 901/tcp # Samba Web Administration Tool
2. Edit the /etc/inetd.conf file and add the following line:
swat stream tcp6 nowait root /usr/sfw/sbin/swat swat
3. Convert the existing swat run control script by executing the
following command:
# /usr/sbin/inetconv -n
4. Rename the swat-tcp6.xml file reported as the converted script by
inetconv to swat.xml.
________________________________________________________
________________________________________________________
5. Edit the swat.xml file and change the name of the service from
network/swat/tcp6 to network/swat.
6. Now register the XML file with the repository by executing the
following command:
# svccfg import /var/svc/manifest/network/swat.xml
7. Verify that the service has started by executing the following svcs
command:
# svcs swat
online 9:54:20 svc:/network/swat:default
8. The swat application is now ready to be accessed through the
following URL:
Start a browser and verify that it is accessible. (The root username and
password is used for swat authentication.)
Preparation
None.
Task
1. Create a script called /opt/ses/labs/smf/run.boot.script that
writes “Hello World” to /opt/ses/labs/smf/test. Make sure execute
permissions are set on the script.
________________________________________________________
2. Create a manifest for the service named test.xml in the directory
/var/svc/manifest/site by executing the following command:
# svccfg export system/utmp > /var/svc/manifest/site/test.xml
This will provide a template, but you should make modifications to
this file for your service consulting the “Writing a Service” section in
the Student Guide. There is more than one solution, but one is
provided in the solution section.
3. Validate the test.xml file with the svccfg command.
________________________________________________________
If errors are returned, fix the errors before proceeding.
4. Import the manifest into the repository.
________________________________________________________
If there is an error that it cannot parse the document, check to make
sure there are no typographical errors in the path name. If the same
service has been imported more than once, the output will be slightly
different as it updates the snapshot.
Exercise Summary
Manage the discussion based on the time allowed for this module, which was provided in the “About This
Course” module. If you do not have time to spend on discussion, then just highlight the key concepts students
should have learned from the lab exercise.
● Experiences
Ask students what their overall experiences with this exercise have been. Go over any trouble spots or
especially confusing areas at this time.
● Interpretations
Ask students to interpret what they observed during any aspect of this exercise.
● Conclusions
Have students articulate any conclusions they reached as a result of this exercise experience.
● Applications
Explore with students how they might apply what they learned in this exercise to situations at their workplace.
Task
1. List all the services available on your system.
# svcs -a
STATE STIME FMRI
legacy_run Jun_07 lrc:/etc/rcS_d/S29wrsmcfg
legacy_run Jun_07 lrc:/etc/rc2_d/S10lu
legacy_run Jun_07 lrc:/etc/rc2_d/S20sysetup
legacy_run Jun_07 lrc:/etc/rc2_d/S40llc2
legacy_run Jun_07 lrc:/etc/rc2_d/S42ncakmod
legacy_run Jun_07 lrc:/etc/rc2_d/S47pppd
legacy_run Jun_07 lrc:/etc/rc2_d/S70sckm
legacy_run Jun_07 lrc:/etc/rc2_d/S70uucp
legacy_run Jun_07 lrc:/etc/rc2_d/S72autoinstall
. . .
2. How many legacy services are running on your system?
# svcs | grep legacy | wc -l
41
This number will vary depending on the version of the Solaris 10 OS you
are running.
3. How many SMF-controlled services are running on your system?
# svcs | grep online | wc -l
67
This number will vary depending on the number of services that have been
modified.
4. List the service status for network/shell instances.
# svcs network/shell
STATE STIME FMRI
disabled Jun_20 svc:/network/shell:kshell
online Jun_20 svc:/network/shell:default
# svcs shell
STATE STIME FMRI
disabled Jun_20 svc:/network/shell:kshell
online Jun_20 svc:/network/shell:default
# svcs svc:/network/shell
fmri svc:/network/shell:default
name rsh
enabled true
state online
next_state none
state_time Fri Jun 20 10:50:41 2005
restarter svc:/network/inetd:default
contract_id
dependency require_any/error svc:/network/loopback (online)
dependency optional_all/error svc:/milestone/network (online)
6. What is the restarter for these instances?
The inetd command.This means that inetadm is used to change settings.
7. Display the current settings for the default instance.
# inetadm -l svc:/network/shell:default
SCOPE NAME=VALUE
name="shell"
endpoint_type="stream"
proto="tcp6only,tcp"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.rshd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
8. Enable TCP tracing for this service.
# inetadm -m shell:default tcp_trace=true
The -m option enables TCP tracing for this service while the -M option
enables TCP tracing for all inetd services. Verify that it has been changed.
# inetadm -l svc:/network/shell:default
SCOPE NAME=VALUE
name="shell"
endpoint_type="stream"
proto="tcp6only,tcp"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.rshd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=TRUE
default tcp_wrappers=FALSE
9. Execute the spray command to send packets to your host (localhost).
What happens? Why?
# spray localhost
spray: cannot clnt_create localhost:netpath: RPC: Program not
registered
The spray command does not work. Look at the spray service instances to
see if they are enabled.
# svcs -l ’*spray*’
fmri svc:/network/rpc/spray:default
name RPC spray
enabled false
state disabled
next_state none
state_time Tue Jun 07 10:50:33 2005
restarter svc:/network/inetd:default
dependency require_all/restart svc:/network/rpc/bind (online)
All instances of the spray service are disabled.
10. Change your system so that spray works.
# svcadm enable svc:/network/rpc/spray:default
There are no errors, so try the spray command again.
# spray localhost
sending 1162 packets of length 86 to localhost ...
163 packets (14.028%) dropped by localhost
66 packets/sec, 5702 bytes/sec
11. Reboot your machine. Does spray still work? Why?
# /etc/reboot
...
# spray localhost
sending 1162 packets of length 86 to localhost ...
163 packets (14.028%) dropped by localhost
66 packets/sec, 5702 bytes/sec
The spray command still works because a change using the svcadm
command is persistent across reboots.
12. What processes are associated with the cron service?
# svcs -p ’*cron*’
STATE STIME FMRI
online Jun_07 svc:/system/cron:default
Jun_07 556 cron
13. Kill the cron service. What does SMF show now for cron processes?
# pkill cron
# svcs -p ’*cron*’
STATE STIME FMRI
online 11:52:24 svc:/system/cron:default
11:52:24 1766 cron
The service is still there but the process number for cron has changed. It is
automatically restarted by SMF.
14. Disable the cron service. What does SMF show now for cron
processes?
# svcadm disable svc:/system/cron:default
# svcs -p ’*cron*’
STATE STIME FMRI
disabled 11:53:58 svc:/system/cron:default
Task
1. Create a script for a service in the /opt/svc/method directory by
copying the method called samba in your $LABFILES/smf directory
to the /opt/svc/method directory. Use the chmod command to make
the method executable (755).
# mkdir -p /opt/svc/method
# cd /opt/svc/method
# cp $LABFILES/smf/samba .
# chmod 755 samba
2. Create the manifest for the script by copying samba.xml file in your
$LABFILES/smf directory to the /var/smv/manifest/site
directory.
# cd /var/svc/manifest/site
# cp $LABFILES/smf/samba.xml .
3. Create an empty log file called site-samba:default.log for the
service in the /var/svc/log directory.
# cd /var/svc/log
# touch site-samba:default.log
4. Create an smb.conf file to allow the service to start automatically by
executing the following commands:
# cd /etc/sfw
# cp smb.conf-example smb.conf
# mv /etc/rc3.d/S90samba /etc/rc3.d/s90samba
5. Import the service into the database by executing the following
svccfg command:
# svccfg -v import /var/svc/manifest/site/samba.xml
svccfg: Taking "initial" snapshot for svc:/site/samba:default. svccfg:
Taking "last-import" snapshot for svc:/site/samba:default. svccfg:
Refreshed svc:/site/samba:default.
svccfg: Successful import.
6. Check that the new service is online by executing the following svcs
command:
# svcs samba
online 15:53:31 svc:/site/samba:default
Task
1. Edit the /etc/services file and add and following line:
swat 901/tcp # Samba Web Administration Tool
2. Edit the /etc/inetd.conf file and add the following line:
swat stream tcp6 nowait root /usr/sfw/sbin/swat swat
3. Convert the existing swat run control script by executing the
following command:
# /usr/sbin/inetconv -n
inetconv: Notice: Service manifest for 100235/1 already generated as
/var/svc/manifest/network/rpc/100235_1-rpc_ticotsord.xml, skipped
inetconv: Notice: Service manifest for 100083/1 already generated as
/var/svc/manifest/network/rpc/100083_1-rpc_tcp.xml, skipped
inetconv: Notice: Service manifest for 100068/2-5 already generated as
/var/svc/manifest/network/rpc/100068_2-5-rpc_udp.xml, skipped
swat -> /var/svc/manifest/network/swat-tcp6.xml
4. Rename the swat-tcp6.xml file reported as the converted script by
inetconv to swat.xml.
# cd /var/svc/manifest/network
# mv swat-tcp6.xml swat.xml
5. Edit the swat.xml file and change the name of the service from
network/swat/tcp6 to network/swat.
6. Now register the XML file with the repository by executing the
following command:
# svccfg import /var/svc/manifest/network/swat.xml
7. Verify that the service has started by executing the following svcs
command:
# svcs swat
online 9:54:20 svc:/network/swat:default
8. The swat application is now ready to be accessed through the
following URL:
http://hostname:901 in any browser.
Start a browser and verify that it is accessible. (The root username and
password is used for swat authentication.)
Task
1. Create a script called /opt/ses/labs/smf/run.boot.script that
writes “Hello World” to /opt/ses/labs/smf/test. Make sure execute
permissions are set on the script.
# cd /opt/ses/labs/smf
# cat run.boot.script
#!/bin/sh
echo "Hello World" > /opt/ses/labs/smf/test
# chmod 744 run.boot.script
2. Create a manifest for the service named test.xml in the directory
/var/svc/manifest/site by executing the following command:
# svccfg export system/utmp > /var/svc/manifest/site/test.xml
This will provide a template, but you should make modifications to
this file for your service consulting the “Writing a Service” section in
the Student Guide. There is more than one solution, but one is
provided in the solution section.
# cd /var/svc/manifest/site/
# cat test.xml
<?xml version=’1.0’ encoding=’UTF-8’?>
<!DOCTYPE service_bundle SYSTEM ’/usr/share/lib/xml/dtd/service_bundle.dtd.1’>
<service
name=’site/test’
type=’service’
version=’1’>
<create_default_instance enabled=’false’/>
<single_instance/>
<exec_method
type=’method’
name=’start’
exec=’/opt/ses/labs/smf/run.boot.script’
timeout_seconds=’60’>
</exec_method>
<exec_method
type=’method’
name=’stop’
exec=’:kill’
timeout_seconds=’60’>
</exec_method>
</service>
</service_bundle>
3. Validate the test.xml file with the svccfg command.
# svccfg validate /var/svc/manifest/site/test.xml
If errors are returned, fix the errors before proceeding.
4. Import the manifest into the repository.
# svccfg -v import /var/svc/manifest/site/test.xml
svccfg: Taking "initial" snapshot for svc:/site/test:default.
svccfg: Taking "last-import" snapshot for svc:/site/test:default.
svccfg: Refreshed svc:/site/test:default.
svccfg: Successful import.
If there is an error that it cannot parse the document, check to make
sure there are no typographical errors in the path name. If the same
service has been imported more than once, the output will be slightly
different as it updates the snapshot.
5. Verify the service has been added.
# svcs test
disabled 16:55:02 svc:/site/test:default
If the service is already online, a default instance was created by a
line in the XML file:
<create_default_instance enabled=’true’/>
6. Enable the service.
# svcadm enable test
7. Verify the service has started running.
# svcs test
online 17:01:22 svc:/site/test:default
8. Verify that your script ran properly.
# more /opt/ses/labs/smf/test
Hello World
9. Disable the service.
Objectives
Upon completion of this module, you should be able to identify System
Directory Changes.
2-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
The system/contact file system keeps track of processes including those resulting from zones. In the case of
those resulting from zones the command ctstat shows that processes are owned based on a zone id #.
Objectives
Upon completion of this module, you should be able to:
● Identify changes to the format command
● Implement EFI disk labels
● Identify changs to the behavior of the devfsadm command
3-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
In the Solaris 10 OS one of the tag names shown in the output of the
format command changed to Sun StorEdgeTM Volume Manager (from
Veritas Volume Manager). This reflects the use of the newer storage
product.
The format command now supports the -e option which is the scsi expert
option. When invoked with this option the following format menu output
shows (in bold) new submenu entries after you select a disk to work with.
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
inquiry - show vendor, product and revision
scsi - independent SCSI mode selects
cache - enable, disable or query SCSI disk cache
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format>
The cache and scsi submenus will display only for supported SCSI
devices (and only if you use the -e option with the format command).
SCSI MENU:
p<n> - display a mode sense page
p<n> b<n> <op> [~]<n> - change a byte and issue mode select
b<n> <op> [~]<n> - add an operation to the mode select list
for the current page
Be sure students see the warning associated with this expert menu.
CACHE MENU:
After the release of the Solaris 8 OS and before the first release of the
Solaris 9 OS, the format command supported specifiying the ending
cylinder size as an alternative way to size a partition.
For example, in the Solaris 8 OS, the prompt for entering a partition size is
is shown below (bolded):
....
partition> 3
Part Tag Flag Cylinders Size Blocks
3 unassigned wm 0 0 (0/0/0)
0
The Solaris 9 4/03 release provides support for disks that are larger than 1
terabyte (Tbyte) on systems that run a 64-bit Solaris kernel.
The EFI disk label differs from the VTOC disk label in the following ways:
● Support for disks that are greater than 1 Tbyte in size is provided.
● Slices 0-6, where slice 2 is just another slice, are provided.
● Partitions, or slices, cannot overlap with the primary or backup label,
nor with any other partitions. The size of the EFI label is usually 34
sectors, so partitions start at sector 34. This feature means that no
partition can start at sector zero (0).
● No cylinder, head, or sector information is stored in the label. Sizes
are reported in blocks.
● Information that was stored in the alternate cylinders area, the last
two cylinders of the disk, is now stored in slice 8.
● If you use the format utility to change partition sizes, the unassigned
partition tag is assigned to partitions with sizes equal to zero. By
default, the format utility assigns the usr partition tag to any
partition with a size greater than zero. You can use the partition
change menu to reassign partition tags after the partitions are
changed. However, you cannot change a partition with a non-zero
size to the unassigned partition tag.
format> label
[0] SMI Label
[1] EFI Label
Specify Label type[0]: 1
Ready to label disk, continue? yes
format> quit
The following example shows the disk label information for disk with a
VTOC label.
# prtvtoc /dev/rdsk/c0t0d0s0
* /dev/rdsk/c0t0d0s0 partition map
*
* Dimensions:
* 512 bytes/sector
* 63 sectors/track
* 15 tracks/cylinder
* 945 sectors/cylinder
* 8894 cylinders
* 8892 accessible cylinders
*
* Flags:
* 1: unmountable
* 10: read-only
*
* First Sector Last
* Partition Tag Flags Sector Count Sector Mount Directory
0 2 00 1048950 3381210 4430159 /
1 3 01 0 1048950 1048949
2 5 00 0 8402940 8402939
7 8 00 4430160 3972780 8402939 /export/home
The following example shows the disk label information for disk with an
EFI label.
# prtvtoc /dev/rdsk/c3t1d0s0
* /dev/rdsk/c3t1d0s0 partition map
*
* Dimensions:
* 512 bytes/sector
* 2479267840 sectors
* 2479267773 accessible sectors
*
* Flags:
* 1: unmountable
* 10: read-only
*
There is bug logged which discusses an issue where if an EFI label is written to a disk that has an SMI label
the slice 7 still shows (it shouldn’t). The workaround is to quit the format command and re-invoke it (with the
-e option). The CR is 6290529: format displays slice 7 after converting disk to EFI label.
In a shared web browser, show students where much more of this information is available:
Reconfiguring Devices
The devfsadm command attempts to load every driver in the system and
attach all possible device instances. It then creates symbolic links in the
/devices directory and the logical links in the /dev directory to the
kernel maintained device files. In addition to managing these directories,
the devfsadm command also maintains the /etc/path_to_inst file.
The first example shows 2 disk devices on a system before a new disk
device is added:
# cd /devices/pci@1f,0/pci@1,1/scsi@2
# ls -l
total 4
The next example shows the links in support of the current configuration
and above output:
# cd /dev/dsk
# ls -l
total 48
...
lrwxrwxrwx 1 root root 46 Jan 31 17:17 c0t0d0s0 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@0,0:a
lrwxrwxrwx 1 root root 46 Jan 31 17:17 c0t0d0s1 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@0,0:b
...
lrwxrwxrwx 1 root root 46 Jan 31 17:17 c0t0d0s7 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@0,0:h
...
lrwxrwxrwx 1 root root 46 Jan 31 17:17 c0t1d0s0 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@1,0:a
lrwxrwxrwx 1 root root 46 Jan 31 17:17 c0t1d0s1 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@1,0:b
...
lrwxrwxrwx 1 root root 46 Jan 31 17:17 c0t1d0s7 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@1,0:h
Another disk device was added at address 3 and turned on. Following is
the execution of the devfsadm command to implement the new device
configuration:
# devfsadm -v
devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s0 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:a
devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s1 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:b
devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s2 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:c
devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s3 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:d
devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s4 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:e
The next example displays the new links to the devices under the
/dev/dsk directory:
# cd /dev/dsk
# ls -l
total 64
...
lrwxrwxrwx 1 root other 46 Feb 3 10:17 c0t3d0s0 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:a
lrwxrwxrwx 1 root other 46 Feb 3 10:17 c0t3d0s1 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:b
lrwxrwxrwx 1 root other 46 Feb 3 10:17 c0t3d0s2 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:c
lrwxrwxrwx 1 root other 46 Feb 3 10:17 c0t3d0s3 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:d
lrwxrwxrwx 1 root other 46 Feb 3 10:17 c0t3d0s4 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:e
lrwxrwxrwx 1 root other 46 Feb 3 10:17 c0t3d0s5 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:f
lrwxrwxrwx 1 root other 46 Feb 3 10:17 c0t3d0s6 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:g
lrwxrwxrwx 1 root other 46 Feb 3 10:17 c0t3d0s7 ->
../../devices/pci@1f,0/pci@1,1/scsi@2/sd@3,0:h
The final example shows the new entry made to the path_to_inst file for
the disk device at address 3:
# cat /etc/path_to_inst
"/pci@1f,0/pci@1,1/scsi@2/sd@3,0" 3 "sd"
Objectives
Upon completion of this module, you should be able to:
● Identify changes related to pseudo file systems
● Describe features of the Multiterabyte UFS
● Describe changes related to logging in UFS
● Describe the default behaviour and output of the mount command
with respect to logging in the UFS
● Describe the meaning of the devices flag of the mount command
4-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
To see the file system types currently in use, have the students issue the mount -p command.
The Solaris 9 8/03 release provides support for multiterabyte UFS file
systems on systems that run a 64-bit Solaris kernel. Previously, UFS file
systems were limited to approximately 1 terabyte (Tbyte) on both 64-bit
systems and 32-bit systems. All UFS file system commands and utilities
have been updated to support multiterabyte UFS You can initially create a
UFS file system that is less than one Tbyte.
You can specify that the file system can eventually be grown to a
multiterabyte file system by using the newfs -T command. This
command sets the inode and fragment density to scale appropriately for a
multiterabyte file system.
Logging is now enabled by default for all UFS file systems except under
the following conditions:
● When logging is explicitly disabled
● If insufficient file system space exists for the log
In Solaris releases prior to Solaris 9 9/04, you had to enable UFS logging
explicitly.
In the Solaris 10 OS, because logging is enabled by default for UFS file
systems, the directive is no longer needed.
logging flag
Since the Solaris 9 9/04 release, logging is enabled by default for all UFS
file systems. The mount command output shows the logging flag as the
default. If logging is disabled, the nologging flag appears.
devices flag
Also introducted at that time was the devices flag which is the default
value (as opposed to nodevices). The devices flag indicates that the
opening of device-special files is allowed.
/export/home on /dev/dsk/c0t0d0s7
read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=22000
0f on Sun Oct 24 08:57:41 2004
There exists a bug with the umountall command (#4687955) which concerns a number of options to the
umountall command not working. As of the writing of this course, this fix has been delivered and scheduled
to release with build 22 of the Solaris 10 OS.
Objectives
Upon completion of this module, you should be able to:
● Describe the installation methods available for the Solaris 10 OS
● State the installation requirements for the Solaris 10 OS
● Describe additional software groups introduced in the Solaris 10 OS
5-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Installation Methods
There are two ways to install the Solaris 10 OS on your system,
suninstall and Flash installation.
To protect the integrity of the installation, you can use private keys to
authenticate and encrypt data. You can also transmit your installation
data and files over a secure HTTPS connection by configuring your
systems to use digital certificates.
Wan Boot is covered in more detail (along with a lab exercise) at the end of the course.
Table 5-1 and Table 5-2 on page 5-7 show additional details about
memory, swap, and processor requirements for the Solaris 10 OS
installation.
Size
Size
Table 5-3 and Table 5-4 describe SPARC and x86 platform memory
requirements for display options.
Size
Size
Installation Media
The Solaris 10 OS is available on a set of CD-ROMs or all on a single
DVD-ROM. Following are the contents of the CD-ROM set.
● Solaris 10 OS Software 1 – This CD is the only bootable CD. From
this CD, you can access both the Solaris OS installation graphical
user interface (GUI) and the console-based installation.
● Solaris 10 OS Software 2 - This CD contains Solaris OS packages
which the software prompts you to install if necessary.
● Solaris 10 OS Software 3 - This CD contains Solaris OS packages
which the software prompts you to install if necessary.
● Solaris 10 OS Software 4 - This CD contains Solaris OS packages
which the software prompts you to install if necessary and
ExtraValue software.
● Solaris 10 OS Languages CD - This CD contains translated message
files and other software in languages other than English.
This is a new metacluster. This group contains the minimum software that
is required to boot and run a Solaris system with limited network service
support. The Reduced Networking software group provides a multiuser
text-based console and system administration utilities. This software
group also enables the system to recognize network interfaces, but does
not activate network services.
Be default, in the Solaris 10 OS, the installation methods create only the
root file sysem, the /export/home file system and a swap partition.
The GRUB menu displays after the system boots and the memory test and
hardware detection phase is completed.
GNU GRUB version 0.95 (631K lower / 2095488K upper memory)
+---------------------------------------------------------------------+
| Solaris
| Solaris Serial Console ttya
| Solaris Serial Console ttyb (for lx50, v60x and v65x)
|
|
+---------------------------------------------------------------------+
Use the ^ and v keys to select which entry is highlighted.
Press enter to boot the selected OS, 'e' to edit the
commands before booting, or 'c' for a command-line.
+---------------------------------------------------------------------+
| root (hd0,2,a)
| kernel /platform/i86pc/multiboot
| module /platform/i86pc/boot_archive
|
|
+---------------------------------------------------------------------+
Use the ^ and v keys to select which entry is highlighted.
Press 'b' to boot, 'e' to edit the selected command in the
boot sequence, 'c' for a command-line, 'o' to open a new line
after ('O' for before) the selected line, 'd' to remove the
selected line, or escape to go back to the main menu.
Use the up and down arrow keys to select a line for editting and type the
e command again to start editting that entry. After modifying the entry,
type Enter to save your changes and return to the GRUB menu or enter
ESC to return to the main GRUB boot selection menu without saving your
changes.
The module command entry references the boot archive. The boot archive
is a collection of core kernel modules and configuration files packed in
either ufs or isofs format. At boot time, GRUB loads the boot archive
into system memory. The kernel can now initialize itself from data and
text in the boot archive without performing I/O to the root device.
Once the kernel gains sufficient I/O capability, it mounts the root
filesystem on the real root device as specified by the bootpath property.
At this point, the boot archive loaded by GRUB is discarded from
memory.
The following kernel command line will boot a 64-bit capable x86 system
with a 32-bit kernel:
The following kernel command line will boot a 64-bit capable x86 system
with a 32-bit kernel in single user mode:
The following kernel command line will set the console property to ttya:
The following kernel command line will boot a 64-bit capable x86 system
with a 32-bit kernel with the kernel debugger enabled:
When you edit the GRUB menu during a GRUB edit session the
/boot/grub/menu.lst file is changed. You can manually modify this file
to effect the GRUB menu. For example to enable a fail-safe boot of Solaris
add the following lines to the /boot/grub/menu.lst file:
title Solaris fail-safe single user
root (hd0,1,a)
kernel /platform/i86pc/multiboot -B console=ttya -s
module /boot/x86.miniroot-safe
Tell the students that GRUB starts counting partitions (not fdisk) at 0 and that GRUB sees the first disk a hd0
regardless of type.
Edit the GRUB menu outside of that altered by the bootadm command so
that it looks like the following:
chainloader +1
makeactive
title Linux
root (hd0,1)
kernel <from Linux's GRUB menu...>
initrd <from Linux's GRUB menu...>
title Windows
root (hd0,0)
chainloader +1
Note – Note that the Solaris fdisk partition must be the active partition.
Do not put use the makeactive directive under the Windows menu
otherwise the system will always boot Windows.
If Linux installed GRUB on the master boot block, you will not be able to
get to Solaris even if you make Solaris the active partition. In this case,
you can chainload from the Linux GRUB by modifying the menu on
Linux.
If students want to see a more complete writeup on the full x86/x64 installation, share a browser session for
all to see and examine the how to guild at www.sun.com:
http://www.sun.com/software/solaris/howtoguides/installationhowto.jsp
If you are teaching this class as an LVC, engage a student by having them do the above.
prealloc-chunk-size=0x2000
bootpath=/pci@0,0/pci-ide@1f,1/ide@0/cmdk@0,0:a
console=ttya
# eeprom selftest-#megs=5
# eeprom selftest-#megs
selftest-#megs=5
# eeprom selftest-#megs=1024
# eeprom selftest-#megs
selftest-#megs=1024
Objectives
The new terminology for patches is updates. Throughout this module the terms are used interchangably.
6-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
The Administration Guides and White Paper are in the /opt/ses/docs directory on each system if the
student bundle for this course was installed.
In the Solaris 8 release, the patchadd command could be used only for
unsigned patches. Since Solaris 9 12/03 release, it can be used for both
unsigned and signed patches. Implementing signed patches requires that
the keystore is set up properly.
Before you can add a package or patch with digital signatures to your
system, you must set up a keystore with trusted certificates that are used
to identify that the digital signature on the package or patch is valid.
Note – For information about setting up the package keystore and adding
signed packages or patches to your system, see the Adding and Removing
Signed Packages (Task Map) in the System Administration Guide: Basic
Administration.
Take this opportunity to engage the students by selecting someone to browse to docs.sun.com for additional
information about signed patches and packages. Project the navigation session so all students can watch.
Following is a suggested navigation to the start of the detailed information:
http://www.sun.com/service/sunconnection/solaris10patches.html
Go over the details of the table, stressing the key points made in the bullet list that follows.
If you are teaching an LVC, select a student to display the table cited above for all to see while you go over
the key points.
The web URLs for the resources listed in the Additional Resources section of this module are:
White Paper: Patch Management Solutions for the Solaris 10 Operating System Sun Update Connection,
November 2005:
http://www.sun.com/service/sunupdate/patchmgtsolaris10.pdf
Project a browser session for the entire class to view. Go to: http://www.sun.com/service/sunupdate/
and start the 4 minute overview demo of Sun Update Connection linked on that page. This demo will
introduce the students at a high level to this new service. You will need the flash pluggin for your Mozilla
browser. Check that it has been installed and configured when the classroom was installed.
The product referenced as Sun UC Client (SunUC Client) includes the Sun Update Manager GUI, the
smpatch CLI and the patchpro analysis engine.
Administering Patches
A new set of tools and framework for administering patches (now called
software updates) was introduced in the Solaris 10 OS. This set of tools
and framework is collectively called the Sun Update Connection.
This new set of tools must be added to a system installed with Solaris 10 FCS but now is all bundled in the
Solaris 10 01/06 (update 1) release.
Figure Figure 6-1 shows that this local update approach enables each
system to interact with Sun Update Connection independently of other
systems. Multiple systems can simultaneously interact with Sun Update
Connection.
Customer Business Applications
and Infrastructure
Customer
Firewall Sun Update Manager Client
or smpatch CLI
System A
Sun
Update Sun Update Manager Client
Connection or smpatch CLI
System B
System C
As Figure 6-2 shows, the Sun Update Manager will present a list of all
current patches available from Sun that are applicable to that particular
Solaris 10 system. The Available Updates tab provides important
information about each patch including patch id, a synopsis, the patch
release date, download size, and notice of any special handling
requirements. The Installed Updates tab shows what updates have been
installed.
Note – You can also start the Sun Update Manager by clicking the desktop
notification icon on your Java Desktop.
Not shown here is the process for obtaining a Sun Online Account and the procedure for registering the
system. These steps would need to be done first, and the Check for Updates button clicked, before you would
see the updates listed as in Figure 6-2. These details for registering a system will be presented later in the
module.
When you elect to install updates, you are asked to approve any
dependencies so that all required patches are installed together in the
proper order. After dependencies are approved, all updates except those
which require special handling are automatically applied in real time. For
updates that require a system restart, or which must be applied while the
system is in single user mode, installation is deferred until the system is
restarted by the user.
These deferred updates are then automatically applied during the next
system restart.
The smpatch command line interface (CLI) for Sun Update Connection is
built into the Solaris 10 OS and is an updated version of the smpatch CLI
that has been available in earlier distributions of the Solaris OS. If you are
familiar with the Solaris smpatch command you can immediately be
productive using Sun Update Connection. (Note however, that the Solaris
10 OS must be registered with the Sun Update Connection before the
smpatch command will be allowed to connect.)
The smpatch CLI provides much the same functionality as the Sun
Update Manager GUI including the ability to:
● Analyze and produce a list of recommended patches for a system
using the smpatch update command
● Download one or more patches to a system using the
smpatch download command
Before the 1.0.4 release, this smpatch command would download only the most current revision of the patch.
Starting with the 1.0.4 release, is is possible to download any revision, even back or obsolete revisions.
Commands from the smpatch CLI can also be embedded in shell scripts
that address multiple different system in order to increase efficiency by
executing a series of system updates in serial fashion.
Note – Good update management practices dictate that you should not
attempt to use both Sun Update Manager GUI and the smpatch CLI at the
same time. While it is safe to use both interfaces at different times, using
them together can result in synchronization issues wherein data for Sun
Update Manager data can become stale. If this situation does occur, it is
necessary to restart the Sun Update Manager application.
System A
Sun
Sun Update Sun Update Manager Client
Update
Connection or smpatch CLI
Connection
Proxy
System B
System C
The Sun Update Connection Proxy is a caching proxy server that acts as
an intermediary between Sun Update Connection client systems and the
Sun Update Connection servers. Client systems can be configured to use
the Proxy as their patch source so that all of their requests for patches and
patch metadata are directed to the Sun Update Connection Proxy. If the
proxy can satisfy a request from data stored in its local cache, it does so. If
it doesn't have the requested patch in its cache, it retrieves the requested
patch, stores it in its cache for future references, and then responds to the
original client request. Once a patch or the current patch metadata is
present in the proxy cache, this data can be accessed by many local clients.
This not only helps to reduce outside network traffic, but can also help
reduce the average time required to apply patches.
Figure 6-4 shows placement and use of the Hosted Web application.
Sun
Update
Connection
Web Browser
IT Manager/Sysadmin
Hosted Web
Application
System A
System B
System C
The Sun Update Connection Hosted Web application includes all the
features of Sun Update Manager plus the ability to manage many systems
using commands that address multiple systems in a single operation. The
same client software that powers the Sun Update Manager and the
smpatch command is also at the core of this hosted service. The Sun
Update Connection Hosted web application is available to all Solaris 10
systems covered under a service plan.
What is covered by a service plan and what is available without a plan is discussed later in the module. It is
a bit involved to cover here in this overview section.
The hosted web application monitors and evaluates all registered systems
for necessary updates. It performs the analysis work in the background so
that you can focus on other tasks. When it’s time to take action, you can
then use the Web-based portal to apply specific updates, or to review
detailed information about the available updates, pending tasks, or the
update history for specific systems.
The Sun Update Connection hosted web application also allows you to
manage with a system-centric view or a patch-centric view. In the system-
centric view, you can drill down to see which updates are needed for a
specific system. In the patch-centric view, you can select a patch and see
which of the systems being managed have a need for that particular
patch. Then, with a single click, the patch can be deployed to all affected
systems.
Use the following URL in a browser to connect with the Sun Update
Manager Host Web application:
http://updates.sun.com/
If you are teaching an LVC, you may want to engage a student by selecting one to drive the demo with your
direction.
This section presents a simple tour through some of the screens and tasks
you perform using the Sun Update Manager.
and click on the My Sun link. From there you can create a new account.
Note – You might already have a Sun Online Account if you registered for
an account with programs such as Java Developer Connection, Online
Support Center (OSC), MySun, SunSolve, or SunStore.
For a system installed with the Solaris 10 OS, the Sun Update Connection
client (1.0.4) software for SPARC systems can be downloaded and
installed as follows:
# smpatch update -i 121118-05
Remind students that these patch numbers will change for clients later than 1.0.4 and that any patches that
these depend on will also be applied.
# /usr/bin/updatemanager
After a few moments, while the client loads system information, the
Registration Wizard’s welcome screen displays as shown in Figure 6-6.
Registering Systems
Only systems that have been registered with Sun Update Manager can be
managed remotely by the Sun Update Connection services.
After you click the Register to Manage Updates button you will see the
first screen which is shown in Figure 6-7.
From this Step 1 screen you can do any of the following tasks:
● Configure the system to retrieve updates from a local source.
This option is used to connect this system to a Sun Update
Connection proxy as shown in Figure 6-3. You should have that
proxy server installed and configured before exercising this option
for a connection.
● Configure network proxy settings
If you are connecting this system directly to the Sun Update
Connection servers without using an in-house proxy, you may need
to configure this Sun Update Manager client to use a proxy to access
the Internet.
Explain that this proxy setting is different than the one discussed in the prior bullet. This one is more
analogous to how you set a proxy in a browser. The Sun Update Connection Manager has the same
requirement as a browser accessing the Internet through a company firewall, for example.
Assuming you have already established a Sun Online Account, fill in the
username and password and click Next. The screen show in Figure 6-8
will display.
This step 3 of 3 screen is where you register your local system. Its name is
filled in by default. (You can also override this filled in value to register an
alias name for your system; Sun Update Connection Services will then
know your system by that alias.) If you click the links for either of the
demonstrations your browser will be sent to the main Sun Microsystems
web site for animations.
Select the option to manage your local system using remote Sun Update
Connection services and click the Finish button. The screen shown in
Figure 6-10 might display.
This failure message displays in this case because when the Sun Update
Manager client attempted to send system information out to the Internet
to the Sun Update Connection services web site, it didn’t have the
necessary proxy information to pass through a corporate firewall. You can
click the link to configure a proxy or decide that you will use the services
of an internal installed Sun Update Connection Proxy and therefore not
need a proxy setting for the Sun Update Manager client.
For this example, we will need to configure a proxy for the local Sun
Update Manager client to use for access to the Internet. After that link is
clicked, the screeen shown in Figure 6-11 displays.
After a storing system information progress bar finishes, you will see the
screen shown in Figure 6-12.
After registration of your local system completes you can either close the
window and start management of your system using the Sun Update
Manager or use the link to launch Sun Update Services which would
launch a browser and direct you to the Sun Update Connection Hosted
Web application for management of all your registered systems.
In this example scenario you close the registration complete window and
use the Sun Update Manager client application for update management.
That interface looks like that shown in Figure 6-13.
This is the main window from which you manage updates for your local
system. You can use this GUI to perform the following tasks:
● Analyze your system
● Apply updates you select
● Remove updates
● Configure your update management environment
You can always use the Check for Updates button to check for available
updates at anytime. If you are using the Java Desktop environment, an
icon will alert you when new updates are available.
When you single click an update entry the bottom panel displays typical
information about that update including ID, size, patches obsoleted or in
conflict with the update, a list of files in the update, the bugs addressed,
the x86 version patch number, and so on.
Entries marked with the Download Only icon will not automatically
install after you click the Install Item Now Button. For such updates you
need to read the update’s readme file for instructions required for a
manual installation.
Updates marked with the Restart Required icon will also not install after
pressing the Install Item button. They will download but will be installed
only on the next system restart. Updates in this state (after download but
before install) will appear in the Updates Available tab of the Sun Update
Manager with a dash (-) in the first column.
After you click checkmarks next to the updates of interest, click the Install
Item Now to download and install. An analysis of your system will be
performed, the update(s) downloaded and, those able to be installed will
be installed. If an update has dependencies on other updates, they also
will be downloaded and installed. A notice will display with the status of
the operation when it completes.
The screen in Figure 6-15 shows the Installed Updates tab of the Sun
Update Manager.
From this screen you can select an updates that you want to uninstall.
Once you do so, the Uninstall Selected Update button becomes available
for use.
From the file menu you can also purchase a subscription and receive a
Subscription Key for access to, and management of, patches beyond
security and hardware driver updates. (You use your Sun Online Account
credentials to do this.)
From the file menu you can also launch a browser for update
management using the Sun Update Connection web application.
So far we have been managing updates to a local system using a locally installed Sun Update Manager
client. The next section looks at setting up a Sun Update Manager Proxy for more efficient management of a
number of systems.
By using a Sun Update Connection Proxy on your intranet, you can serve
updates to your local systems and minimize the Internet traffic between
your systems and the Sun update server. This type of proxy caches any
updates that are downloaded from its update source.
The Sun Update Connection Proxy obtains updates from its source of
updates on a per-request basis. You do not need to stock your proxy with
updates before you use it.
This proxy supports client systems that use the Sun Update Connection
1.0 software and the Sun Patch Manager 2.0 software.
Note – The system that you choose to act as the Sun Update Connection
Proxy must be running at least Solaris 10 and have at least the Developer
Solaris Software Group installed. This system must also have the Sun
Update Manager 1.0 software installed.
Registration
If you locally manage a system that is a client of a Sun Update Connection
Proxy on your intranet, you do not need to register the client system. You
must register the system that acts as the proxy. If, however, your client
system is also remotely managed directly by the Sun Update Connection
services (in the context of the web application or its own local Sun Update
Manager client software, for example), the client system must be
registered.
If you already have a service plan and the Sun Update Manager client
installed, you can use this manager to obtain and install the update which
is the Sun Update Connection Proxy.
Use the following command to verify that required packages are on your
system:
# pkginfo | grep SUNWpsvr
system SUNWpsvrr Patch Server Deployment (Root)
system SUNWpsvru Patch Server Deployment (Usr)
Set the network proxy for the Sun Update Connection Proxy by typing the
following command with your specific network proxy and port
information:
# patchsvr setup -x network_proxy:port
By default the update source for the Sun Update Connection Proxy is the
Sun update server. You can change it to another source if your update
strategy requires it. For example, you can implement a chain of proxies,
each one using another earlier in the chain as its source.
To specify the Sun update server, which is the default, type the following
command:
# patchsvr setup -p https://getupdates.sun.com/solaris/
Remind students that in an implementation of chained proxies, only the most upstream one typically needs to
have its network proxy configured since it is the only one that would need access to the Internet to reach the
Sun update server.
Refer students to Figure 6-3 and Figure 6-4 to help explain this.
This will be the case for the short scenario which follows. The assumption is that the Sun Update Connection
Proxy has already be setup up, registered and configured to reach the Sun update server (via a network
proxy setting) on another system and it already has retrieve a store of update information. Provide this
context for the students.
Install and start the Sun Update Manager on the client by typing the
following command:
# /usr/bin/updatemanager
When the Registration Wizard Welcome screen displays, click the Apply
Updates Manually button (Figure 6-6).
On the Apply Updates Manually screen, click the link labelled, Set up the
Sun Update Manager Service. The Registration Wizard screen 1 of 3 will
display (Figure 6-7).
Figure 6-16 Sun Update Manager - Use a Local Source for Updates
Supply a URL like the following using your specific proxy host name:
http://proxy-hostname:3816/solaris/
Tell students that they just supply the proxy-hostname. The port number and solaris directory name
shown should be used.
Click the Finish button at the bottom of the screen. The Sun Update
Manager will then automatically analyze the client system, contact the
proxy, and retrieve a list of the available updates appropriate for the
client. Management of the client can begin at that point.
Note – Do not use the Sun Update Manager GUI, the smpatch command,
and the patchadd command simultaneously to manage updates on your
system. While the Update Manager GUI is running, changes made by
smpatch and patchadd might not be reflected correctly in Update
Manager.
It is possible to use one tool for some tasks, finish with that tool, and then startup another to do other tasks.
It is the simultaneous use and latency in each tool’s updated knowledge of system state that can be
problematic.
http://www.sun.com/software/solaris/solaris-express/
Other older commands, like patchadd, still work (and is actually called by smpatch) but have students get
into the habit of using the smpatch command.
Starting with the Solaris 9 OS, the smpatch command was available in
two modes - local mode and remote mode:
● Local mode can only be run on the local system.
This mode can be run while the system is in single-user or multiuser
mode.
● Remote mode can be used to perform tasks on remote systems.
Typically the -n system_name option is added to smpatch
commands to run them on remote systems
If you specify any of the remote or authentication options (except for -L),
remote mode is used.
Tell students that the remote mode, while supported in S9 and the original S10 Patch Manager is not
supported with Sun Update Connection services. The S9 and original S10 version of Patch Manager
optionally operated in remote mode using the CIM/WBEM service but the Update Connection client does not
support this mode of operation. They should use local mode only moving forward.
Example Commands
Using the three commands allows greater control and flexibility when
applying a patch.
1. Assume that you want to have the latest update(s) for the devfsadm
command. The following command will analyze your local system
and determine the appropriate, available updates for it. (It will not
download or apply them.) The command will write the list to the file
plist. You can then look in the plist file for updates involving
devfsadm.
# smpatch analyze > plist
# vi plist
120199-04 SunOS 5.10: sysidtool Patch
119252-09 SunOS 5.10: System Administration Applications Patch
...
119984-03 SunOS 5.10: devfsadm patch
119685-05 SunOS 5.10: svc.startd patch
119681-06 SunOS 5.10: wanboot patch
121268-01 SunOS 5.10: tmpfs patch
...
There is an ealier version of this update on the system but not the newly
available -03 version.
Note – You can still use the showrev -p command to accomplish the
same thing and it executes more quickly.
2. The following command will download (but not apply) the new
update for the devfsadm command:
# smpatch download -i 119984-03
com.sun.patchpro.util.Percentage@57ae58
119984-03 has been validated.
The update has been downloaded to the downloaded area and validated.
By default, this directory is /var/sadm/spool. If it had been changed
from the default, you could query the system with the smpatch get
command to learn the new value. The following example shows that the
default is still in effect.
# smpatch get | grep download
patchpro.download.directory - /var/sadm/spool
The will a more complete treatment of properties later in the module. Just point out that if the default location
had been changed, it would have appeared in the second column of the output shown above where a hyphen
now appears.
The following commands show the update has been downloaded as the
*.jar file:
# cd /var/sadm/spool ; ls
119984-03.jar
...
Remind students that if this update had an prerequisite updates, they also would have been downloaded.
Remind the students that smpatch add behaves differently than the smpatch update command. The former
does not consult the update policy This will be examined more thoroughly later in the module.
Verify that the patch is installed on your system using this command:
# patchadd -p | grep 119984-03
Patch: 119984-03 Obsoletes: Requires: Incompatibles: Packages: SUNWcsu
Tell students that after the installation and after the remove the patch itself remains in the spool area.
An analysis now shows that this update is once again appropriate and
available for this system:
# smpatch analyze | grep 119984-03
119984-03 SunOS 5.10: devfsadm patch
Use the smpatch update to analyze your system, download and apply
the update in one step. For example this FMA (Fault Management
Architecture) recommended update can be applied to the system with this
command:
Explain that the first column is the environment parameter or property, the second column contains values
changed by the smpatch set command and the third column is the default value for that parameter. In the
above output the patchpro.patch.source parameter has been changed from its default of
https://getupdates.sun.com/solaris/. On this particular system (and earlier in the module), the Sun
Update Manager was used to set this value to a Sun Update Manager Proxy.)
Display a system for all students to see and display the smpatch man page for a description of the
environment parameters.
If you are teaching an LVC, engage a student to do this same thing as you discuss the parameters.
The following smpatch set and get commands will set a new value for
the update source. (This is typically what you would do to direct your
local client to a new update proxy server.)
# smpatch set patchpro.patch.source=http://newproxy.apex.com:3816/solaris/
# smpatch get
patchpro.backout.directory - ""
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source http://newproxy.apex.com:3816/solaris/ https://getupdates.sun.com/solaris/
patchpro.patchset - current
patchpro.proxy.host - ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
You can also set the source of updates to a local or remote directory as the
following examples illustrate:
# smpatch set patchpro.patch.source=file:/net/sys-04/export/updates
You can configure an update set which defines a subset of updates that
commands will work with. For example, the following commands will
result in an analysis only on recommended updates:
# smpatch set patchpro.patchset=recommended
# smpatch analyze
When you apply patches using the smpatch update command the
update policy is consulted before an update is actually applied.
The following are the types of updates that are applied to the system:
● Standard updates that are applied immediately and require no
system restart
● Updates that require a system restart
● Updates that must be manually applied
If you use the smpatch update command to update your system, you get
the benefit of the guidelines established by update/patch developers in
how best to apply the update. However, you can customize the policy for
applying updates using the patchpro.install.types parameter.
Be sure students understand the ramifications and responsibilities associated with customizing the default
policy.
Table 6-1 Install Type Parameter Values and Sun Update Manager GUI Icons
patchpro. Sun
install. Update
Description
types Manager
value GUI Icon
Table 6-1 Install Type Parameter Values and Sun Update Manager GUI Icons
patchpro. Sun
install. Update
Description
types Manager
value GUI Icon
singleuser Restart Do not apply this update in multiuser mode. You
Required must apply this update on a quiet system with no
network traffic and with extremely restricted I/O
activity.
interactive Download Only downloaded to your system and must be
Only applied manually according to the instructions in the
update’s README file.
The default value for this parameter is shown with this smpatch get
command:
# smpatch get patchpro.install.types
patchpro.install.types - rebootafter:reconfigafter:standard
Remind students that the above example was for the FMA patch applied with the smpatch update command
earlier in the module. The update policy permitted this update to be applied at that time. Will the effects of
this update be visible immediately?
Explain to the students that before using the smpatch update command, which consults the update policy,
the smpatch add command will be used to see the potential danger of not consulting the policy.
Analyze your system and learn if any updates involving wanboot are
appropriate and available:
# smpatch analyze | grep wanboot
119681-06 SunOS 5.10: wanboot patch
Determine if any prior versions of the wanboot update are already on the
system:
# patchadd -p | grep 119681
Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr
Makes sense. It is no longer listed as available/appropriate since it is already installed on the system.
Especially when you use the smpatch add command it is always a good
practice to read information about the update. Go to the download spool
area and see what information there is about this update:
# cd /var/sadm/spool ; ls
119681-06.jar
cache
patchpro_dnld_2006.02.13@10:10:29:MST.txt
# cat *.txt
This patch bundle was generated by PatchPro.
Please refer to the README file within each patch for installation
instructions. To properly patch your system, the following patches
should be installed in the listed order:
The *.txt and other readme files often contain important information. In
this case the warning to immediately reboot implies that the
PATCH_PROPERTIES value for install type is either reconfigimmediate
or rebootimmediate.
When a requested patch has prerequisite patches, the order for applying them is also in this file.
The following commmand sequence will display the install type value for
this update:
# cd /var/sadm/spool
# jar xvf 119681-06.jar 119681-06/patchinfo
inflated: 119681-06/patchinfo
# grep PROP 119681-06/patchinfo
PATCH_PROPERTIES='reconfigimmediate clientroot'
Impress upon the students that using the smpatch add command implies the responsibility of reading the
information that is included with the update.
The smpatch update command will analyze your system, download the
update and apply it in one step. It also provides safeguards that are not
available with smpatch add because it consults the update policy.
ID's of the updates that are disallowed by installation policy have been
written to file
/var/sadm/spool/disallowed_patch_list
One or more updates that you installed requires a system shutdown to activate it. To
initiate the system shutdown, you must use one of the following commands:
o Power down the system - init 0 or shutdown -i 0
o Drop to the firmware prompt - init 5 or shutdown -i 5
o Restart the system - init 6 or shutdown -i 6
Recall that smpatch add command informs you about the required reboot
in the *.txt in the download spool area. smpatch update, on the other
hand, displayed this to standard out, creates a disallowed_patch_list
and gave instructions about the reboot.
# cat /var/sadm/spool/disallowed_patch_list
119681-06
Part of the smpatch update command applies the updates. Updates that
cannot be applied for some reason are listed in the
disallowed_patch_list. Typically you attend to updates listed in this
file manually.
Verify that the only version of this update installed on the system is the
prior version (05):
# patchadd -p | grep 119681
Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr
A subsequent analysis of the system still shows that this patch is available
and still appropriate for this system. It is in the spooled area awaiting
installation and a system reboot.
# smpatch analyze | grep wanboot
119681-06 SunOS 5.10: wanboot patch
Be sure students understand the advantages of using smpatch update over the add commands:
consultation of update policy and accommodation of update dependencies.
Multiple instances of the -i option are permitted if you just have a few
updates to apply:
# smpatch update -i 118927-02 -i 118822-15 -i 119681-06
A list of update IDs can be listing in a file, one per line, and referenced
using the -x idlist= option:
# smpatch update -x idlist=/var/sadm/spool/disallowed_patch_list
The following example shows how to create a list of patches that you
actually want to apply from the larger list available and appropriate. It
also resolves the dependencies for the updates you want to apply.
Generate the full list of updates available and appropriate for your
system:
# smpatch analyze > my.list
Edit my.list and remove the ones you are not interested in:
# vi my.list
...
Analyze just the ones that are left and resolve dependencies:
# smpatch analyze -x idlist=my.list > /tmp/justdothese.list
Display Acrobat Reader for all to see. Open the Sun Update Manager 1.0 Administration Guide and go to
page 15 (Update List Operations). Discuss these examples with the class.
If you are teaching an LVC, engage a student to display this page for the class.
Note – This delegation feature is not possible with the Sun Update
Manager GUI client application.
You should not install cluster patches on systems with limited disk space.
Consult the cluster README file for details on this and other important
requirements like if installation should be done in single-user mode. Often
each package or patch included in the cluster has its own README file.
These files will contain important installation considerations.
By default, the cluster installation procedure saves the base objects being
patched. Prior to installing the patches, the cluster installation script first
determines if enough system disk space is available to save the base
packages and terminates if not enough space is available.
You can override the save feature by using the -nosave option when you
are executing the cluster installation script. If you use the -nosave option,
you will not be able to back out individual patches if the need arises.
You can remove individual patches that were installed by the patch
cluster by using the patchrm command. The README file is located in the
specific patch directory under the /var/sadm/spool directory after the
patch has been installed. To install a patch cluster, perform the following
steps:
1. Be sure the patch cluster has been unzipped and extracted.
2. Decide on which method to use to install the cluster—the
recommended default save option or the -nosave option.
3. Change to the directory that contains the patch cluster (this is
typically the top level directory extracted from the achive file). Read
the CLUSTER_README file, which contains information about the
bundled set of patches, including:
● Cluster description
● Patches included
● Important notes and warnings
● Save and backout options
● Special install instructions
● Special patch circumstances
Tell students that in this example, the J2SE_Solaris_10_Recommended cluster contains three update/patch
components: 117461-08, 118822-27, and 119578-16, each of which have their own README files.
# ./install_cluster
Patch cluster install script for J2SE Solaris 10 Recommended Patch
Cluster
*WARNING* SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES:
With or without using the save option, the patch installation process
will still require some amount of disk space for installation and
administrative tasks in the /, /usr, /var, or /opt partitions where
patches are typically installed. The exact amount of space will
depend on the machine's architecture, software packages already
installed, and the difference in the patched objects size. To be
safe, it is not recommended that a patch cluster be installed on a
system with less than 4 MBytes of available space in each of these
partitions. Running out of disk space during installation may result
in only partially loaded patches. Check and be sure adequate disk space
is available before continuing.
Using /var/sadm/spool/clusters/J2SE_Solaris_10_Recommended/patch_order
file for
patch installation sequence
Installing 119578-16...
Installation of 119578-16 succeeded. Return code 0.
Installing 118822-27...
Installation of 118822-27 succeeded. Return code 0.
Installing 117461-08...
Installation of 117461-08 failed. Return code 1.
Installing 119578-16...
Validating patches...
...
Installing 118822-27...
Validating patches...
...
Installing 117461-08...
Validating patches...
...
Point out (bolded) that the log file tells us the reason why the install script did not install 117461-08 and the
showrev -p command showed that it was installed.
Further Information
Many other tasks can be learned by consulting docs.sun.com. Table 6-2 is
brief listing of other tasks and their URLs on docs.sun.com.
As time and interest permit, display a browser for all to see and visit some of these resources.
Task URL
Also, if of interest, page 13 of 88 in the Sun Update Manager 1.0 Admin Guide contains a table comparing
the Sun Update Manager and the smpatch commands. This and other documents are in the /opt/ses/docs
directory, installed from the student bundle.
Sun
Update
Connection
Web Browser
IT Manager/Sysadmin
Hosted Web
Application
System A
System B
System C
Figure 6-17 The Sun Update Connection Web Hosted Application
Before you can manage your systems with the Sun Update Connection
services, you must register them using the Sun Update Manager
registration wizard. This includes specifying your intention to remotely
manage updates.
The Sun Update Connection services use the system information you provided at system registration time to
determine which updates are appropriate for each of your Solaris 10 systems.
Note – Do not use the Sun Update Manager GUI, the Sun Update
Connection Hosted Web application, the smpatch command, and the
patchadd command simultaneously to manage updates on your system.
You can use all these methods, but not simultaneously.
The same registration process, including the required Sun Online account and submission of a subscription
key, discussed from Figure 6-6 to Figure 6-12 applies here before you are able to log in and start
management of registered systems. (However, if this procedure was done during installation of a Sun Update
Manager client, then it would not be required again during initial contact using the web hosted application;
only the very first contact with the Sun Update Connection Services invokes the registration screens.
The four tabs (Summary, Systems, Updates, and Jobs) are the main
categories of management tasks available with this interface. A quick
glance at this Summary screen alerts you to
● The security and recommended updates available
● The number of your systems that are registered and the number that
have not cheched in with the Sun update server
● The status of update jobs including the number that failed and
succeeded
Clicking the System tab brings up the level of detail shown in Figure 6-19.
You can select a system in the left column and then click View Available
Updates to find details on the updates relevant for that system.
Figure 6-20 shows this detail.
You can click the Type heading (column 2) and order the rows on those
values. This will bring all the security updates to the top of the list
followed by the recommended patches. The non-critical updates would be
at the bottom.
Each Update ID value and each Synopsis string is a link. Clicking one
brings up the detail for that update as shown in Figure 6-21.
From the Available Updates screen (Figure 6-20) you start the update
process by selecting the updates you want to apply. Once the updates are
selected, click the Apply Updates to schedule the work. Scheduled work
is a job.
The required dependencies screen gives you a look at what other updates
are required to support those you explicitly selected. You can cancel if you
need to, otherwise click the Install button to submit the jobs.
This confirmation page can be printed for your records. Notice also that
the six jobs show now as Pending in the All Jobs table.
Students may ask about why there are 12 in the figure. This is because there were 6 earlier jobs on this
system before this scenario began.
Clicking the Jobs tab presents details about the jobs for this and other
sessions as shown in Figure 6-24.
Figure 6-24 Sun Update Connection Job Screen Showing Jobs Pending
Pending means that the job has been submitted but is waiting in a queue
for the managed system to retrieve it. In progress means that the managed
system has received the job but has not responded back with a success for
failed completion status message.
The default check in interval is set to 2 hours. This can be changed but 2
hours is the minimum possible. If you leave the session open, you will be
disconnected.
Log back in to Sun Update Connection Services to check the status of the
jobs. You may see what is shown in Figure 6-25
Figure 6-25 Sun Update Connection Job Screen Showing Job Success
After logging in and checking the Jobs tab, we see that the six jobs have
succeed. The UTC time shown for Jobs with this status is the time the job
completed. Notice the update of the Job Summary table. The number
shown for Added this Session restarts at 0 when you log out and log back
in.
Overtime, your Jobs tab screen will included many rows of information.
You can archive the older ones by clicking the icon next to the Succeeded
status of each job. Alternatively, you can use the checkbox in column one
to selecte multiple jobs and click the Archive Jobs button.
The Systems Affected screen lists all the registered systems to which these
updates apply. Following are details to note about the information
displayed on this screen:
● By default, all the left column checkboxes are filled in but you can
deselect full system or any update or any system
● The last column shows any previous versions of the selected updates
that are already installed on any of the systems
● The small triangular twistee next to the update name collapses
nested information
Obviously having a course development environment with only two registered systems does not make a big
impression about this Systems Affected functionality. Remind students how beneficial this would be when
managing hundreds of systems.
After selecting the systems and updates to apply, click the Apply Updates
button to create jobs for the updates. Figure 6-28 shows the next screen
you can expect to see.
This dependency screen is similar to the one shown earlier except that the
information is displayed for all systems to be updated. Click on the Install
button on the bottom of this screen (not shown) to schedule the jobs.
The confirmation page shows the number of jobs pending in the all jobs
summary box and also announces the time the jobs are scheduled to
execute so you can log back in at a known time to check that status of the
work.
Objectives
Upon completion of this module, you should be able to:
● Describe the Changes in User Administration between Solaris 8, 9,
and 10
● Perform user Installations, Modifications, and Deletions with new
tools and commands
7-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Relevance
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Each entry in the /etc/shadow file contains nine fields. A colon separates
each field.
Prior to Solaris 10, the last field (flag) was not used. In Solaris 10, it is used
to track failed logins. The count is in low order four bits. The remainder is
reserved for future use, set to zero.
Miscellaneous Items
The cron daemon will no longer run cron jobs associated with locked user
accounts. A locked account is no longer considered a valid user account.
The dtlogin program does not implement the failback shell for root
although you can log in as a normal user and su to root.
The smuser command enables you to manage one or more users on the
system with the following set of subcommands:
● add – Adds a new user account
● modify – Modifies a user’s account
● delete – Deletes a user’s account
● list – Lists one or more user entries
The smuser and smgroup commands interact with naming services, can
use autohome functionality, and are better suited for remote management.
The smgroup command enables you to manage one or more groups on the
system with the following set of subcommands:
● add – Adds a new group entry
● modify – Modifies a group entry
● delete – Deletes a group entry
Any subcommand to add, modify, list, or delete users with the smuser
and smgroup commands requires authentication with the Solaris
Management Console server and requires the initialization of the Solaris
Management Console. For example, the following is the command format
for the smuser command:
/usr/sadm/bin/smuser subcommand [auth_args] -- [subcommand_args]
The following is the command format for the smuser add command:
smuser add [auth_args] -- [subcommand_args]
Table 7-1 shows some of the most common subcommand arguments for
the smuser add command.
Subcommand
Definition
Argument
Note – The -x autohome=N option to the smuser command adds the user
without automounting the user’s home directory. See the man page for
automount for more information.
Use the passwd command to create a new password for the user.
# passwd newuser2
New Password: 123pass
Re-enter new Password: 123pass
passwd: password successfully changed for newuser2
Confirm that the password change has been applied by viewing the entry
for that user in the /etc/shadow file:
# grep ’newuser2’ /etc/shadow
newuser2:FSMOsxncoc6yI:12708::::::
The following is the command format for the smuser modify command:
smuser modify [auth_args] -- [subcommand_args]
In general, the options for the smuser modify command function the
same as for the smuser add command. Refer to the smuser(1M) man
page for additional options.
Table 7-2 shows the options for the smuser modify command.
Option Definition
The following example changes the login name and home directory for
newuser2 to userb.
# /usr/sadm/bin/smuser modify -- -n newuser2 -N userb -d
/export/home/userb
Authenticating as user: root
The following is the command format for the smuser delete command:
smuser delete [auth_args] -- [subcommand_args]
The following example removes the userb account from the system:
# /usr/sadm/bin/smuser delete -- -n userb
Authenticating as user: root
Note – Unlike the userdel command, the smuser delete command has
no -r equivalent option for deleting the home directory. The user’s home
directory must be deleted manually.
The following is the command format for the smgroup add command:
/usr/sadm/bin/smgroup subcommand [auth_args] -- [subcommand_args]
Table 7-3 shows the options for the smgroup add command.
Option Description
The following example uses the smgroup add command to create a new
group called workgroup with a GID of 123, and to add usera to the
group:
# /usr/sadm/bin/smgroup add -- -n workgroup -g 123 -m usera
Authenticating as user: root
The following is the command format for the smgroup modify command:
/usr/sadm/bin/smgroup subcommand [auth_args] -- [subcommand_args]
Table 7-4 shows the options for the smgroup modify command.
Option Description
The following is the command format for the smgroup delete command:
/usr/sadm/bin/smgroup subcommand [auth_args] -- [subcommand_args]
You can use the -n group_name option with the smgroup delete
command to specify the name of the group you want to delete.
The following example deletes the group entry schoolgroup from the
local system:
# /usr/sadm/bin/smgroup delete -- -n schoolgroup
Loading Tool: com.sun.admin.usermgr.cli.group.UserMgrGroupCli from sys-02
Login to sys-02 as user root was successful.
Download of com.sun.admin.usermgr.cli.group.UserMgrGroupCli from sys-02
was successful.
The Solaris Management Console can be started from the command line
or from within the Application Manager by clicking the Solaris
Management Console icon.
Log in to your system as root, and type smc& in a terminal window. You
can start the Solaris Management Console as a normal user, but some
tools and applications are not available to you. When you initiate the
Solaris Management Console for the first time, it can take a few minutes
to launch.
When the system is first booted the Java based SMC server program is not
started. In its place are 3 programs called smcboot. Executing the pfiles
command on the first instance of smcboot will show that it is listening at
port 898 for any incoming SMC server requests. If SMC is run, the 3
smcboot programs are replaced by the Java based SMC server program.
The program can be found by running ps -ef | grep smc.
You will also note that the SMC console program is now running and is:
java -
Djava.security.policy=/usr/sadm/lib/smc/policy/smcconsole.
The default toolbox for a Solaris Management Console server includes the
following folders and tools:
Note – If this is the first time SMC has been run after a reboot, this
command may show an error.
To stop the Solaris Management Console server, as the root user, perform
the command:
# /etc/init.d/init.wbem stop
To start the Solaris Management Console server, as the root user, perform
the command:
# /etc/init.d/init.wbem start
Menu bar
Location bar
Navigation pane
View pane
Information pane
Status bar
Note – The Location bar does not appear by default when you first launch
the Solaris Management Console. Click View on the Menu bar, select the
Show option, and select the Location option to display the Location bar.
Navigation Pane
The Navigation pane works like a frame in a web page. Clicking an item
in the Navigation pane determines what appears in the View pane. The
turner icon is displayed to the left of items that represent a group of items.
Click the icon or the item to expand or collapse the group.
View Pane
The View pane displays the contents of the node selected in the
Navigation pane. The contents could be a folder or a tool.
If the node selected in the Navigation pane is a folder, the View pane
displays the contents of that folder.
If the node selected is a simple tool, such as the Process tool, the View
pane displays a list of current processes. If the node selected is a complex
tool, such as User Manager, the View pane displays additional tools, such
as the tools for user accounts and email accounts. Select one of the
additional tools, such as the user accounts node, and the View pane
displays the contents of the tool.
Information Pane
The Context Help tab and Console Events tab determine what is shown in
the Information pane. Click the Context Help tab to display context help
for the object selected. Click the Console Events tab to display a list of
events and alarms for all Console events.
Location Bar
The Location bar, beneath the tool bar in the Solaris Management Console
window, displays a Home Toolbox icon and a Toolbox field. Click the
Home Toolbox icon to open the home toolbox. The Toolbox field indicates
the current toolbox and the item currently selected in the toolbox. Click
the button to the right of the Toolbox field to display a pull-down menu of
recent toolboxes visited. Select a toolbox from the pull-down menu to
open that toolbox.
Status Bar
The Status bar, located across the bottom of the Solaris Management
Console window, displays three panes. The left pane of the Status bar
indicates the number of nodes directly subordinate to the node selected in
the Navigation pane. The center pane of the Status bar indicates Console
activity. A moving bar inside the center pane functions as an activity
indicator when Console activity occurs. The right pane of the Status bar
provides progress information during some Console tasks.
6. Type SA200user in the User Template Name field. You can provide
an optional description if you would like.
7. Click the Home Directory tab. Type your system name in the Home
Directory Server field. Uncheck the check box labelled Automatically
Mount Home Directory.
Figure 7-3 shows the Add User Template window with the Home
Directory Information completed.
9. Click User Accounts from the Navigation pane, and a list of user
accounts on the system appears in the View pane. See Figure 7-5.
10. From the Menu Bar, select Action. Then select Add User, and then
select From Template. The Add User From Template window
appears. See Figure 7-6.
Because you only have one template created, it is the default template
available from the User Template pull-down list.
11. In the field beside User Name, enter the login ID of the user you
want to create. A full name and description are optional.
12. Click the button User Must Use and fill in the password and
confirmation fields with the password 123pass.
13. Click OK and the Solaris Management Console (User Accounts)
window reappears with the user account you just created in the
View pane.
14. Double-click the user account you just created. The User Properties
window appears, as shown in Figure 7-7. You can view and modify
the properties of that user account.
The screen changes to reveal a list of groups. Figure 7-8 shows the
information under the Group tab, including the primary group to
which the user belongs and a list of available groups.
16. You can click a group listed under Available Groups, then click Add,
and the group moves into the Member Of column.
17. Add the groups to which you want the user to belong, and then click
OK.
Objectives
Upon completion of this module, you should be able to describe the
Changes in Basic Security Administration between Solaris 8, 9, and 10.
8-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Relevance
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Security topics that are discussed in this module are limited to the topics
that are covered in the System Administration I and II courses. There is
far more information on security available in the following courses:
● SC-300; Administering Security on the Solaris Operating System
● SC340; Enterprise Security Assessment and Best Practices
● SC345; Solaris(TM) Operating Environment Network Intrusion Detection
● SC360; Enterprise Security Using Kerberos and LDAP
● SC410; Computer Security Forensics and System Recovery
The root entry is included in the ftpusers file as a security measure. The
default security policy is to disallow remote logins for the root user.
Other files located under the /etc/ftpd structure are described in the
following table.
File Description
The Solaris 10 release includes several changes to the FTP service. The ftp
command has been changed. The default mode for transfer of files has
been changed from ascii to binary. By default, a Solaris FTP client
connected to a Solaris FTP server lists both directories as well as plain files
when the ls command is issued to the client. If the FTP server is not
running in the Solaris OS, directories may not be listed.
The /etc/shells file was removed in Solaris 9. The addition of the wu-
ftpd version of FTP resulted in better control in restricting FTP access
than was available with the /etc/shells file.
User User
Description
name ID
User User
Description
name ID
Password Management
Solaris 10 introduced a much more robust password policy. A password
can now be a combination of up to 256 letters, numbers, or special
characters that a user enters with the login name to gain access to a
system.
The passwd command has two new options, -N and -u. The -N option
creates a password entry for a non-login account. This option is useful for
accounts that should not be logged in to, but must run cron jobs. The -u
option unlocks a previously locked account. The passwd -N username
command sets the password field in /etc/shadow to NP which is an
unmatchable password. This effectively disables the account from logging
in.
The following example shows how to prevent a user from reusing too
many previous passwords.
# vi /etc/default/passwd
(output edited for brevity)
# HISTORY sets the number of prior password changes to keep and
# check for a user when changing passwords.
# The maximum value of HISTORY is 26.
#
# This flag is only enforced for user accounts defined in the
# local passwd(4)/shadow(4) files.
#
#HISTORY=0
#
Locate the line called #HISTORY=0, and remove the comment from the
beginning of the line. Modify the number to 3, so the line shows as
HISTORY=3. Write and quit the file. As a regular user, log in and attempt
to change your password a number of times, using different passwords
and then one of the previous passwords.
# telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is ’^]’.
login: testuser
Password: 123pass
$ passwd
passwd: Changing password for testuser
Enter existing login password: 123pass
New Password: pass123
Re-enter new Password: pass123
passwd: password successfully changed for testuser
$ passwd
passwd: Changing password for testuser
Enter existing login password: pass123
New Password: 123pass
passwd: Password in history list.
Please try again
New Password: newpas1
Re-enter new Password: newpas1
passwd: password successfully changed for testuser
$
Note – To pre-build the dictionary database, refer to the man page for
mkpwdict(1M).
Objectives
Upon completion of this module, you should be able to:
● Identify network printing fundamental changes
● Configure and administer printer services
9-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Relevance
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Printer Filters
In Solaris 10, modifications have been made to incorporate support for a
wide array of printers. This functionality differs greatly from previous
Solaris software releases.
The RIP enables you to print to printers that do not have resident
PostScript processing capabilities. The Solaris printing software now
provides the print server RIP and supporting technologies. The RIP occurs
behind the scenes. However, to use the appropriate driver, you need to
configure each printer, by using either Solaris Print Manager or a new
option to the lpadmin command.
When a printer vendor creates a printer which has features not referenced
by PostScript, a PostScript Printer Description (PPD) file describes the
device dependent features. It was also created by Adobe to allow printer
manufacturers to implement their own special features into PostScript.
Printer Tools
Printing tools have changed across the Solaris 8, 9, and 10 versions of the
Operating System.
GUI Tools
In Solaris 8, the Solaris Print Manager GUI was introduced as the tool to
setup and manage both local and remote printers. Solaris 8 also retained
the print functionality through the old admintool GUI which could setup
and manage local printers only.
In Solaris 8 and 9, the Solaris Print Manager GUI was started with the
following command:
# /usr/sadm/admin/bin/printmgr
With Solaris 10, the Solaris Print Manager GUI is started with the
following command:
# /usr/sbin/printmgr
Through Solaris 9 and now with Solaris 10, the Solaris Print Manager has
been modified with some cosmetic changes to make it easier to use. More
importantly, the screens have been updated to enable you to choose a PPD
file for the print queue through the selection of make, model, and driver.
This new feature differs greatly from previous Solaris software releases. In
previous releases, the provided list of printer types, and information
about whether the printer accepted PostScript or ASCII text, was limited.
Solaris 10 has removed the old admintool GUI from the Operating
System.
Previously, you only had two choices for printing banner pages in Solaris
Print Manager:
● You could enable the -always print banner- option in Solaris Print
Manager
● You could select the banner on or off option when you submitted a
print job. This option was on by default.
Printer Name A unique name for the printer. The name can
contain a maximum of 14 alphanumeric characters,
including dashes and underscores. This is the name
entered on the command line with a print
command.
Printer Server Defaults to the name of the system on which you are
currently running the Solaris OS Print Manager.
This system is the print server for this network
printer.
Description This field is optional. A printer’s description
commonly contains information to help users
identify the printer, for example, physical location
or printer type.
Printer Port Only required for attached printers.
Printer Type Yes PPD is enabled by default
in the Print Manager.
Not, by default, for the This allows you to choose
Solaris 9 OS /04 release a printer from the range
of supported printers in
/usr/lib/lp/model/p
pd/system/foomatic.
File Content Type Yes Yes, by deselecting the
Use PPD files options in
Not, by default, for the the Print Manager
Solaris 9 OS /04 release drop-down menu.
Printer Make No Yes
To check the status of the print service, use the svcs -a command:
# svcs -a |grep ’print’
disabled 16:59:17 svc:/application/print/server:default
online 16:59:49 svc:/application/print/cleanup:default
offline 16:59:35 svc:/application/print/ipp-listener:default
offline 17:00:43 svc:/application/print/rfc1179:default
Use the svcadm command to enable or disable the service. Changes made
to the state of the service persist across reboots:
# svcadm enable svc:/application/print/server:default
# svcs -a | grep ’print/server’
online 19:01:09 svc:/application/print/server:default
When a request arrives, the inetd daemon executes the server program
that is associated with the service. Print servers listen for print requests
with the inetd daemon, and upon hearing a request, start up the in.lpd
daemon.
The IPP listener for the Solaris OS listens for Hypertext Transfer Protocol
(HTTP) requests on port 631. The listener receives print client requests
and communicates those requests to the printing system.
After the print server has been configured, the IPP listening service
automatically starts:
# svcs ipp-listener
online 19:01:11 svc:/application/print/ipp-listener:default
A print client needs to know the print server name and the name of a
printer to print to. For example, on a Microsoft Windows system, a
network printer can be configured with the network path:
http://server-name:631/printers/printer-name.
Objectives
Upon completion of this module, you should be able to:
● Describe Network Interface Configuration Changes
● Describe Changes to the Client-Service Model
10-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Interface Configuration
The network interfaces that a system uses to communicate with other
systems on the network use both hardware and software configuration
components. When adding a network interface to a system, you must
configure specific files to establish a relationship between the hardware
and the software addresses.
Interface Files
You can get a basic understanding of network interfaces by learning the
function of a few files and services. Solaris 8 and 9 used the following files
for configuration and startup:
● The /etc/rcS.d/S30network.sh file
● The /etc/hostname.xxn file
● The /etc/inet/hosts file
● The /etc/inet/ipnodes file for IPv6 only
Now, the entire configuration can be accomplished with editing the single
configuration file, for example:
# cat /etc/hostname.hme0
10.1.1.1 netmask 255.255.255.0 broadcast + up
addif 10.1.1.2 netmask 255.255.255.0 broadcast + up
The ipnodes file is a local database that associates the names of nodes
with their Internet Protocol (IP) addresses. The ipnodes file can be used
in conjunction with, or instead of, other ipnodes databases, including the
Domain Name System (DNS), the NIS ipnodes map, and LDAP.
The ipnodes file has one entry for each IP address of each node, and can
contain either IPv4 or an IPv6 addresses.
If a node has more than one IP address, it will have one entry for each, on
consecutive lines. The format of each line is:
IP-address official-node-name nicknames...
Items are separated by any number of spaces or tab characters. The first
item on a line is the host’s IP address. The second entry is the host’s
official name. Subsequent entries on the same line are alternative names
for the same machine, or nicknames. Nicknames are optional.
# cat /etc/inet/ipnodes
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost
192.168.30.68 sys68 loghost
IP addresses can be defined in the ipnodes file or in the hosts file. The
ipnodes file will be searched first, then the hosts file.
Note – If crash dump is enabled on the system, the system name needs to
be changed under /var/crash.
Solaris 8 and 9 also had the hostname in files located under /etc/net in
the directories ticlts, ticots, and ticotsord which each contained a
hosts file.
Reviewing these files in Solaris 10 shows they no longer have any entries,
and contain a message that states they may be removed from a future
release of Solaris.
To start services for server processes, you must know which files to use
for automatic service configuration. You must also know how to manually
start the services.
The inetd daemon is a special network process that runs on each system
and starts server processes that do not automatically start at boot time.
The inetd daemon is the server process for both the standard Internet
services and Sun Remote Procedure Call (Sun RPC) services. The inetd
daemon starts at boot time by svc.startd. There is a legacy
configuration file for inetd, /etc/inet/inetd.conf. Services listed in
this file are imported into the Service Management Facility (SMF) by the
inetconv command. Once the inetd.conf file has been converted, use
the inetadm command to alter the characteristics of an inet service.
Some services will allow you to change them with inetadm or svcadm,
such as the spray service.
.(output truncated)
When the inetd daemon received a network request, it ran the associated
command in the inetd.conf file. The previous example shows three
examples of remote services.
The SMF has a major impact on network services in that each service can
be independently enabled or disabled using the inetadm command.
The various parameters and values can be set using the inetadm
command. The values can then be stored in the appropriate SMF reference
files for each service. Changes can be maintained across system reboots.
To see whether or not the telnet facility is enabled, use the following
command:
# inetadm | grep telnet
enabled online svc:/network/telnet:default
Note – When a network service is affected, any related services are also
affected. By disabling one service, a number of other services may become
unavailable.
Objectives
Upon completion of this module, you should be able to:
● Describe the differences in the coreadm command from Solaris 9 to
Solaris 10
● Describe MPSS
11-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
This discussion question is added here to get the students to think about all of the recommendations and
best practices they have learned in the past about swap size. In actuality, with Solaris 10, a system can run
just fine without any swap configured.
Additional Resources
Solaris 10 added new options to the coreadm command for global core file
content. You use the coreadm command without arguments to display the
current configuration. The following example shows the default output
from a system running Solaris 9:
# coreadm
1 global core file pattern:
2 global core file content: default
3 global core dumps: disabled
4 per-process core dumps: enabled
5 global setid core dumps: disabled
6 per-process setid core dumps: disabled
7 global core dump logging: disabled
The following example shows the default output from a system running
Solaris 10:
# coreadm
1 global core file pattern:
2 global core file content: default
3 init core file pattern: core
4 init core file content: default
5 global core dumps: disabled
6 per-process core dumps: enabled
7 global setid core dumps: disabled
8 per-process setid core dumps: disabled
9 global core dump logging: disabled
Note – The line numbers in the example are not part of the configuration.
They are part of the example only to assist with the following description
of the file.
Line 1 of the output identifies the name to use for core files placed in a
global directory.
Line 2 of the output identifies that the content of core files is the default
setting. The resultant core file contains all the process information
pertinent to debugging.
Line 3 of the output identifies the default name that per-process core files
must use. This name is set for the init process, meaning it is inherited by
all other processes on the system.
Line 4 of the output indicates that the init core file content is the default
content structure.
Line 6 indicates that core file generation in the current working directory
of a process is enabled.
Line 7 indicates that generation of global core files with setuid or setgid
permissions are disabled.
Line 8 indicates that generation of per process core files with setuid or
setgid permissions are disabled.
Caution – A process that has a setuid mode presents security issues with
respect to dumping core files. The files might contain sensitive
information in its address space to which the current non-privileged
owner of the process should not have access. Therefore, by default,
setuid core files are not generated because of this security issue.
You can enable or disable two configurable core file paths, per-process
and global, separately. If a global core file path is enabled and set to
/corefiles/core, for example, then each process that terminates
abnormally produces two core files: one in the current working directory,
and one in the /corefiles/core directory.
Note – If the directory defined in the global core file path does not exist,
you must create it.
Users can run the coreadm command with the -p option to specify the file
name pattern for the operating system to use when generating a
per-process core file.
coreadm [-p pattern] [pid]...
Only the root user can run the following coreadm command options to
configure system-wide core file options.
coreadm [-g pattern] [-i pattern] [-d option ... ] [-e option ... ]
‘‘The coreadm Command Options’’ on page 11-7 describes the core file
options.
Note – A regular user can only use the -p option, the superuser can use
all options.
-i pattern Sets the per-process core file name pattern from init to
pattern. This option is the same as the coreadm -p
pattern 1 command, except that the setting is
persistent after a reboot.
-e option Enables the specified core file option, where option is:
● global – Enables core dumps by using the global
core pattern.
● process – Enables core dumps by using the
per-process core pattern.
● global-setid – Enables setid core dumps by
using the global core pattern.
● proc-setid – Enables setid core dumps by using
the per-process core pattern.
● log – Generates a syslog (3) message when a user
attempts to generate a global core file.
A core file named pattern is a file system path name with embedded
variables. The embedded variables are specified with a leading percent (%)
character. The operating system expands these variables from values in
effect when the operating system generates a core file. The possible
variables are listed in Table 11-2.
Option Meaning
%p PID
%u Effective user ID (EUID)
%g Effective group ID (EGID)
%f Executable file name
%n System node name (uname -n)
%m Machine hardware name (uname -m)
%t The time in seconds since midnight January 1, 1970
%d Executable file directory/name (new is Solaris 10)
%z Zonename (new is Solaris 10)
%% Literal %
Table 11-2 shows the pattern options for the global core file content.
Table 11-2 Pattern Options for the Global Core File Content
Option Meaning
Note – The $$ variable is the PID of the currently running shell. The
per-process core file name pattern is inherited by all child processes.
The following command places all of the user’s core files into the
corefiles subdirectory of the user’s home directory, differentiated by
the system node name. This example is useful for users who use many
different systems, but share a single home directory across multiple
systems.
$ coreadm -p $HOME/corefiles/%n.%f.%p $$
Example 3 – Enabling and Setting the Core File Global Name Pattern
Note – In the above coreadm examples, the corefiles file and the core
directory must be created manually. The coreadm command does not
create them automatically.
To verify that this parameter is now part of the core file configuration, run
the coreadm command again:
# coreadm
globalcore file pattern: /var/core/core.%f.%p
globalcore file content: default
initcore file pattern: core
initcore file content: default
global core dumps: enabled
per-process core dumps: enabled
global setid core dumps: disabled
per-process setid core dumps: disabled
global core dump logging: disabled
Running the coreadm command with a list of PIDs reports each process’s
per-process core file name pattern, for example:
# coreadm 228 507
228: core default
507: /usr/local/swap/corefiles/%n.%f.%p default
Only the owner of a process or the superuser can query a process by using
the coreadm command with a list of PIDs.
When using the all option in the previous command, examples of the
core file content include:
anon = anonymous private maps
data = writable private file mapping
stack = process stack
symtab = symbol table sections for loaded object files
Paging
Paging is the transfer of selected memory pages between RAM and the
swap areas. When you page private data to swap spaces, physical RAM is
made available for other processes to use. If you need the pages that were
paged out, you can retrieve them (page them in) from swap and map
them back into physical memory. Moving these pages back into RAM
might require more paging (page outs) of other process’s pages to make
room. Swapping is the movement of all modified data memory pages
associated with a process, between RAM and a disk.
Swapping does not typically occur in the Solaris OS. The required amount
of swap space varies from system to system. The amount of available
swap space must satisfy two criteria:
● It must be sufficient to supplement physical RAM to meet the needs
of concurrently running processes
● It must be sufficient to hold a crash dump (in a single slice)
Configuring NFS
Objectives
Upon completion of this module, you should be able to:
● Describe the differences in the Network File System in Solaris 8, 9,
and 10
● Describe the enhancements to Network File System version 4 (NFS
version 4)
12-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
NFSv4 includes features that were not in the previous versions of NFS.
These features include the following:
● Stateful connections, and single protocol, reducing the number of
service-side daemons.
NFS version 4 is stateful, and there are OPEN and CLOSE operations to
obtain file data access. Functions previously handled by separate
protocols (for example, MOUNTD, STATD, LOCKD) are incorporated into
one protocol.
NFS version 4 handles file handle-to-path name mapping. This
removes the need for a separate mountd daemon on the server,
therefore reducing server-side support daemons and easing server-
side implementation.
● Improved Firewall Support. NFSv4 uses the well-known port
number 2049.
● Pseudo file systems which ensure the NFS client has seamless access
to all exported objects on the server and that portions of a server file
system that are not explicitly exported are not visible to the client.
● Strong security.
● Extended attributes.
● Delegation. In the Solaris 10 NFSv4 release, the NFS server can hand
over delegation of management of a shared file to the client
requesting that file. It is the server that decides whether or not to
apply delegation. By delegating read or write management control to
the client, this can greatly reduce the amount of network traffic that
would otherwise be caused by clients making requests of the server
for the current state of a shared file.
Pseudo-File System
Previous versions of NFS required use of the mount protocol, which does
not use assigned ports. This made NFS hard to use through a firewall.
Implementation of NFS version 4 must support Transmission Control
Protocol/Internet Protocol (TCP/IP) to provide congestion control. NFS
version 4 uses the well-known port 2049, thus improving firewall
support.
NFS version 4 maps file handles to path names, which the mountd
protocol did in previous versions of NFS. In NFS version 4, the server
provides a root file handle that represents the top of the file system that
the server exported. The server attaches multiple file systems with a
pseudo-file system. The pseudo-file system provides paths that bridge
non-exported portions of the real file system.
export_fs export_fs
In Figure 12-1 the client cannot see the payroll directory and the nfs4x
directory because these directories are not exported and do not lead to
exported directories. However, the client can see the local directory
because local is an exported directory. The projects directory is visible
to the client because the projects directory leads to the exported
directory, nfs4. Thus, portions of the server namespace that are not
explicitly exported are bridged with a pseudo-file system that views only
the exported directories and those directories that lead to server exports.
Previous versions of NFS did not permit a client to traverse server file
systems without mounting each file system. However, in NFS version 4,
the server namespace does the following:
● Restricts the client's file-system view to directories that lead to server
exports.
● Provides clients with seamless access to server exports without
requiring that the client mount each underlying file system. See the
previous example in Figure 12-1. However, different operating
systems (OSs) might require the client to mount each server
file system.
NFS version 4 is the default NFS version on Solaris 10 OS. The nfs(4) file
in the /etc/default directory configures the client or server to use NFS
versions 2, 3, or 4. In addition, the mount command (mount_nfs (1M))
can use the vers=version_number option to mount a file system using
only the version specified.
Strong Security
The client negotiates with the server to determine the security mechanism
that meets the requirements for the server and client. The RPCSEC_GSS
framework delivers Sun Enterprise Authentication Mechanism™ (SEAM)
software authentication.
You can mix the security mechanisms on a single server, which allows
security to be applied on a per-share basis.
Compound Procedures
Fewer RPC calls result in faster NFS response. This allows the client to
tailor its request to appropriately match the operating environment of the
client, thus enhancing cross-platform interoperability.
Extended Attributes
Earlier NFS versions used a fixed set of file and file system attributes that
were modeled on the UNIX® type files and file systems. A non-UNIX-like
server or client had to simulate those attributes, making implementation
on a non-UNIX system difficult. NFS version 4 introduces three categories
of attributes: mandatory, recommended, and named. All NFS version 4
clients and servers supported the mandatory attributes to ensure a
minimum level of interoperability.
The named attribute is in the form of a byte stream that is associated with
a file or file system and is referred to by a string name. This allows the
client to associate data with a specific file or file system.
File handles are created on the server and contain information that
uniquely identifies files and directories. In NFS versions 2 and 3, the
server returned persistent file handles. This meant the client could
guarantee that the server would generate a file handle that always
referred to the same file. The following is an example:
● If a file was deleted and replaced with a file of the same name, the
server would generate a new file handle for the new file. If the client
used the old file handle, the server would return an error that the file
handle was stale.
● If a file was renamed, the file handle would remain the same.
● If you had to reboot the server, the file handles would remain the
same.
When the server received a request from a client that included a file
handle, the resolution was straightforward, and the file handle always
referred to the correct file.
This method of identifying files and directories for NFS operations was
fine for most UNIX-based servers, but could not be implemented on
servers that relied on other methods of identification such as a file's path
name. To resolve this problem, the NFS version 4 protocol permits a
server to declare that its file handles are volatile. Thus, a file handle could
change. If the file handle does change, the client must find the new file
handle.
Like NFS versions 2 and 3, the Solaris OS NFS version 4 server always
provides persistent file handles. However, Solaris OS NFS version 4
clients that access non-Solaris OS NFS version 4 servers must support
volatile file handles if the server uses them. Specifically, when the server
tells the client that the file handle is volatile, the client must cache the
mapping between path name and file handle. The client uses the volatile
file handle until it expires. Upon expiration, the client does the following:
● Flushes the cached information that refers to that file handle
● Searches for that file's new file handle
● Retries the operation
UTF-8
File and directory names are UTF-8 encoded. This encoding includes 16 or
32 bit characters and allows one superset to handle all character sets. This
allows the client and the server to be unaware of each other's localization
and supports internationalization.
Note – If the server does not recognize the given user name or group
name (even if the domain is correct), the server cannot map the user or
group to its integer ID. More specifically, the server maps unrecognized id
from the client to nobody. Administrators should avoid making special
accounts that exist only on a client.
Delegation
NFS version 4 provides both client support and server support for
delegation. Delegation is a technique by which the server delegates the
management of a file to a client. For example, the server could grant either
a read delegation or a write delegation to a client. You can grant read
delegations to multiple clients at the same time, because these read
delegations do not conflict with each other. A write delegation can be to
only one client, because a write delegation conflicts with any file accessed
by any other client. While holding a write delegation, the client would not
send various operations to the server because the client is guaranteed
exclusive access to a file. Similarly, the client would not send various
operations to the server while holding a read delegation because the
server guarantees that no client can open the file in write mode.
The server alone decides whether to grant a delegation. A client does not
request a delegation. The server decides based on the access patterns for
the file. If several clients recently accessed a file in write mode, the server
might not grant a delegation because this access pattern indicates the
potential for future conflicts.
Note that in both situations, the second client is not granted a delegation
because a conflict now exists. When a conflict occurs, the server uses a
callback mechanism to contact the client that currently holds the
delegation. Upon receiving this callback, the client sends the file's
updated state to the server and returns the delegation. If the client fails to
respond to the recall, the server revokes the delegation. In such instances,
the server rejects all operations from the client for this file, and the client
reports the requested operations as failures. Generally, these failures are
reported to the application as input/output (I/O) errors. To recover from
these errors, the file must be closed and then reopened.
One server does not resolve access conflicts for a file that is stored on
another server. Thus, an NFS server resolves only conflicts for files that it
stores. Furthermore, in response to conflicts that are caused by clients that
are running various versions of NFS, an NFS server can initiate only
recalls to the client that is running NFS version 4. An NFS server cannot
initiate recalls for clients that are running earlier versions of NFS.
The process for detecting conflicts varies. For example, unlike NFS
version 4, because version 2 and version 3 do not have an open procedure,
the conflict is detected only after the client attempts to read, write, or lock
a file. The server's response to these conflicts varies also. The following
are sample responses:
● For NFS version 3, the server returns the JUKEBOX error, which
causes the client to halt the access request and retry later. The client
prints the message: File unavailable.
● For NFS version 2, because an equivalent of the JUKEBOX error does
not exist, the server makes no response, which causes the client to
wait and then retry. The client prints the message NFS server not
responding. Note that these conditions clear when the delegation
conflict is resolved.
The NFS version 4 callback daemon, nfs4cbd (1M), provides the callback
service on the client. This daemon is started automatically whenever a
mount for NFS version 4 is enabled. By default, the client provides the
necessary callback information to the server for all Internet transports that
are listed in the /etc/netconfig system file. If the client is enabled for
Internet Protocol version 6 (IPv6) and if the IPv6 address for the client's
name can be determined, then the callback daemon accepts IPv6
connections.
Server Configuration
You must log in as superuser or assume an equivalent role to edit the file.
1. Edit the /etc/default/nfs file.
2. Make the following entries to configure an NFS version 4 only
server:
NFS_SERVER_VERSMAX=4
NFS_SERVER_VERSMIN=4
While numerous parameters are supported, only those used to
configure the NFS version 4 server are considered here.
See the nfs(4) man page for a complete list of possible parameters.
NFS_SERVER_VERSMIN=num
NFS_SERVER_VERSMAX=num
The NFS server uses only NFS versions in the range these variables
specify. Valid values or versions are: 2, 3, and 4. By default these
variables are unspecified (commented out) and the client's default
minimum is Version 2. The default maximum is Version 4.
3. If required, make the following entry:
NFS_SERVER_DELEGATION=off
By default, this variable is commented out and the NFS server does
provide delegations to clients. The user can turn off delegations for
all exported file systems by setting this variable to off (case
sensitive). This variable applies only to NFS version 4.
4. If required, make the following entry:
NFSMAPID_DOMAIN=my.comany.com
By default, the nfsmapid daemon uses the Domain Name Service
(DNS) domain of the system. This setting overrides the default. This
domain is used for identifying user and group attribute strings in the
NFS version 4 protocol. Clients and servers must match with this
domain for operation to proceed normally. This variable applies only
to NFS version 4.
Client Configuration
You must login as superuser or assume an equivalent role to edit the file.
1. Edit the /etc/default/nfs file.
2. Insert the following lines to configure a NFS version 4 only client:
NFS_CLIENT_VERSMAX=4
NFS_CLIENT_VERSMIN=4
While numerous parameters are supported, only those used to
configure the NFS version 4 client are considered here.
See the nfs(4) man page for a complete list of possible parameters.
The NFS client only uses NFS versions in the range specified by
these variables. Valid values or versions are: 2, 3, and 4. By default
these variables are unspecified (commented out) and the client's
default minimum is Version 2. The default maximum is Version 4.
3. Mount a file system.
# mount server_name:share_point local_dir
● server_name – Provides the name of the server
● share_point – Provides the path of the remote directory to be
shared
● local_dir – Provides the path of the local mount point
Two NFS daemons, the statd daemon and the lockd daemon, run both
on the NFS servers and the NFS clients. These daemons start
automatically when a system enters the network milestone. This can be
seen by examining the dependencies for the network milestone.
# svcs -D milestone/network
STATE STIME FMRI
disabled 15:34:35 svc:/network/dns/client:default
disabled 15:34:37 svc:/network/nfs/cbd:default
disabled 15:34:38 svc:/network/rpc/bootparams:default
disabled 15:34:39 svc:/network/rarp:default
disabled 15:34:51 svc:/network/dns/server:default
disabled 15:34:52 svc:/network/slp:default
disabled 15:35:20 svc:/network/shell:kshell
online 15:35:03 svc:/milestone/single-user:default
online 15:35:04 svc:/network/initial:default
online 15:35:13 svc:/network/inetd:default
online 15:35:24 svc:/network/nfs/client:default
online 15:35:26 svc:/network/shell:default
online 15:35:30 svc:/network/nfs/server:default
online 15:35:31 svc:/network/nfs/mapid:default
online 16:31:18 svc:/network/nfs/nlockmgr:default
online 16:33:12 svc:/network/nfs/status:default
Both the statd and lockd daemons provide crash recovery and locking
services for NFS version 2 and 3. If a server crashes, clients can quickly re-
establish connections with files they were using. Therefore, the server has
a record of the clients that were using its NFS resources. It contacts each
client for information about which files were in use, which helps to
provide continuous operation. You can start both of these daemons using
the svcadm command.
Daemon Description
Note – Since the dfmounts command uses the mountd daemon to display
currently shared NFS resources, it will not display NFS version 4 shares.
Configuring AutoFS
Objectives
Upon completion of this module, you should be able to describe new map
entries with AutoFS.
13-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Special Mountings
The /etc/auto_master file contains mount points for special maps. In
Solaris 9, the xfn map provided access to resources available through the
Federated Naming Service (FNS). Resources associated with FNS were
mounted below the /xfn directory. Support for FNS was dropped in
Solaris 10. Examples of the /etc/auto_master files from both releases are
shown below:
Now, the same specifications that you would make on the command line
can be made in this new configuration file. However, unlike the
specifications you would make on the command line, this file preserves
your specifications, even during upgrades to your operating system.
Objectives
The Solaris Volume Manager software provides commands and a
graphical user interface (GUI) tool to configure physical slices of disks
into logical volumes.
14-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
The soft partition feature of the Solaris Volume Manager software enables
administrators to divide a large partition or an existing volume into
smaller areas or extents.
You can create multiple soft partitions on a single hard partition and use
them directly to create small file systems. Using soft partitions directly is
simple, but does not provide data protection.
If insufficient state database replicas are available, you must boot into
single-user mode and delete enough of the corrupt replicas to achieve a
majority consensus.
default-size replica with the Solaris Volume Manager software, you will
overwrite the first 7158 blocks of any file system occupying the rest of the
shared slice, which destroys the data.
To create state database replicas using the command line, use the metadb
command. The syntax of the command is:
metadb -a [-f] [-c n] [-l nnnn] disk_slice
where:
Note – The metadb command without options reports the status of all
replicas.
This example lists the four replicas that were just created. Each replica
begins at block 16 of the assigned disk slice. Each replica is 8192 blocks, or
4 Mbytes in size. The flags indicate that the replica is active and up to
date. If there are capital letters in the flags field, it is an indication that the
replica is corrupt.
Note – The previous example places the state database replicas on disks
on different controllers. This is an appropriate fault tolerant configuration
for a production environment.
Note – After you start the Solaris Management Console, you must log in
after you open the first tool.
Note – A disk set is a set of shared disk drives that contain logical Volume
Manager objects that can be shared exclusively but not concurrently by
one or two hosts. Disk sets are enablers for host fail-over scenarios.
When you choose disk slices on which to store the state database
replicas, select at least three slices. Figure 14-6 shows that you can
choose to configure as many slices as are required by the size of your
system’s disk configuration. The size of these disk slices are pre-set
using the partitioning mechanism of the format utility.
Note – Alternatively, to select multiple slices, hold down the Control key
while you make your selections.
Figure 14-8 shows the selections you have chosen for your state
database replicas. Additionally, this window shows the commands
that the Storage Volume Manager uses to build your selected
configuration.
Showing the commands is a nice feature of SVM, and one that you may want to point out to students so they
may capture command output, then use for future CLI or scripting efforts.
16. Double-check your selections to ensure that they meet the criteria of
your state database replicas.
Note – Before you click Finish, click Show Commands to view and,
optionally, log the commands used to accomplish the specified Enhanced
Storage Tool operations.
Figure 14-9 shows that the newly configured state database replicas
appear in the View pane of the Solaris Management Console.
Note – The configuration represented in this example does not follow Sun
Microsystems best practices. State database replicas should be distributed
across multiple devices and disk controllers wherever possible.
Configuring RAID-0
RAID-0 volumes allow you to expand disk storage capacity efficiently.
These volumes do not provide data redundancy but can be used to
expand disk storage capacity. If a single slice fails on a RAID-0 volume,
there is a loss of data. RAID-0 comes in two forms, stripes and
concatenations.
● Concatenated volumes (or concatenations)
A concatenated volume writes data to the first available slice. When
the first slice is full, the volume writes data to the next available slice.
● Striped volumes (or stripes)
A stripe distributes data equally across all slices in the stripe.
Solaris Volume
Manager
RAID 0
(Stripe)
Logical Volume
In this example, the slice being used for the /export/home file system is
almost at capacity. A new slice from another disk is concatenated to it,
making a RAID-0 concatenated volume. The existing slice is shown:
# df -h /export/home
Filesystem size used avail capacity Mounted on
/dev/dsk/c0t0d0s7 470M 395M 28M 94% /export/home
where:
Note – The metastat command does not show information about soft
partitioning.
The d0 metadevice is shown, with the two stripes which make up the
concatenation. The new device is represented with block and character
special device files:
# ls -lL /dev/md/dsk
total 0
brw-r----- 1 root sys 85, 0 Oct 25 12:35 d0
# ls -lL /dev/md/rdsk
total 0
crw-r----- 1 root sys 85, 0 Oct 25 12:35 d0
The new metadevice (d0) has been created but is not being used yet. The
/export/home file system is still mounted as a regular disk slice:
# df -h /export/home
Filesystem size used avail capacity Mounted on
/dev/dsk/c0t0d0s7 470M 395M 28M 94% /export/home
Then un-mount and re-mount the file system using the new device files:
# umount /export/home
# mount /export/home
# df -h /export/home
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d0 470M 395M 28M 94% /export/home
The file system is now mounted using the metadevice device file. Notice
that the file system does not appear to be any bigger, and the capacity is
still at 94%. The existing file system needs to be grown into the new space.
This is done with the growfs command. Use the option -M to specify a
mount point:
# growfs -M /export/home /dev/md/rdsk/d0
/dev/md/rdsk/d0: 3118752 sectors in 3094 cylinders of 16 tracks, 63
sectors
1522.8MB in 194 cyl groups (16 c/g, 7.88MB/g, 3776 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 16224, 32416, 48608, 64800, 80992, 97184, 113376, 129568, 145760,
2968096, 2984288, 3000480, 3016672, 3032864, 3049056, 3065248, 3081440,
3096608, 3112800,
The file system now occupies all the space in the d0 metadevice:
# df -h /export/home
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d0 1.4G 395M 988M 29% /export/home
The same slices and file systems are used in this example as was used in
the previous command line example. It assumes the metastate databases
are already configured.
1. To check this, start the Solaris Management Console:
# smc &
2. Select the Volumes tool and Create Volume from the Action menu, as
shown in Figure 14-11.
Every time you create a new volume, you can create additional state
database replicas. When creating RAID-0 volumes, it is usually
unnecessary to create additional state database replicas.
Every time you create a new volume, as shown in Figure 14-13, you can
relocate it on alternate disk sets.
You can name the volume, as shown in Figure 14-15. In this example
d0 is being used:
Select the slice already being used and an unused slice, as shown in
Figure 14-16.
8. Select the existing slice and click Add to move it to the Selected list.
9. Select an unused slice and click Add to move it to the Selected list.
10. Click Next to continue.
You can select the order of presentation of the slices within the
volume, as shown in Figure 14-17.
Power user – A hot spare pool is a set of slices you can use to improve the
fault tolerance of the system. To allow continued data accesses to a failed
volume until you can replace a failed slice, hot spares are automatically
swapped in to replace the failed slice. After replacing the failed slice, the
hot spare is automatically swapped back onto the replacement slice, as
shown in Figure 14-18.
RAID-0 does not have any data redundancy features and no hot spare
pools have been created. The Hot Spare Pool window is shown in
Figure 14-18.
Figure 14-20 shows the metadevice for the newly created RAID-0
volume.
# mount /export/home
# growfs -M /export/home /dev/md/rdsk/d0
/dev/md/rdsk/d0: 3118752 sectors in 3094 cylinders of 16 tracks, 63
sectors
1522.8MB in 194 cyl groups (16 c/g, 7.88MB/g, 3776 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 16224, 32416, 48608, 64800, 80992, 97184, 113376, 129568, 145760,
2968096, 2984288, 3000480, 3016672, 3032864, 3049056, 3065248, 3081440,
3096608, 3112800,
# df -h /export/home
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d0 1.4G 395M 988M 29% /export/home
Configuring RAID-1
RAID-1 volumes are also known as mirrors and provide data redundancy.
In a two-way mirror, the data is written to two disk slices of the same size.
If one disk fails, the other will have an up-to-date copy of the data.
You can mirror any file system, including existing file systems.
Their is a fairly subtle consideration related to the State DBs when they support a mirror volume. A read-write
mirror uses what is called a Dirty Region Log (DRL) and these DRLs are located in the State DBs. The DRL
is used to record all changes made to the mirror volume. If the system panics before some sub-mirrors get
updated, or a sub-mirror was offline for some reason, entries in the DRL significantly reduce the time needed
to syncronize the sub-mirror data again. Rather than copying all of the mirrors data to a sub-mirror being
attached, the DRL can be used to indicate the changes that have occured and avoid copying data that is
already on the sub-mirror.
You can attach or detach a submirror from a mirror at any time, though at
least one submirror must remain attached to the mirror at all times.
Usually, you begin the creation of a mirror with only a single submirror,
after which you can attach additional submirrors.
Mirror Options
Note – The mirror options listed here are representative of the options
presented when configuring RAID-1 mirrors using the Solaris Volume
Manager software.
You can define mirror options when you initially create the mirror or after
you set up the mirror. You can distribute the load across the submirrors to
improve read performance. Table 14-1 describes the configurable mirror
read policies.
When a submirror is offline, any writes to the mirror are tracked in a dirty
region log. When the submirror is brought back online, those regions
must be updated or resynchronized.
This section describes how to create a RAID-1 volume for the root (/) file
system, which cannot be unmounted. To create a mirror, do the following:
1. Create a RAID-0 volume for the file system you want to mirror.
2. Create a second RAID-0 volume to contain the second submirror of
the RAID-1 volume.
3. Create a one-way mirror using the RAID-0 volume that contains the
file system to be mirrored.
4. Use the metaroot command to update the system’s configuration, as
this is a root (/) mirror.
5. Reboot your system, as this is a root (/) mirror.
6. Attach the second submirror to the file system mirror.
7. Record the alternate boot path that is used in the event of a failure of
the primary submirror, as this is a mirror of the root (/) file system.
The Scenario
The scenario assumes the root (/) file system is on disk slice c0t0d0s0.
1. A RAID-0 volume called d11 is created from slice c0t0d0s0.
2. A second RAID-0 volume is created as metadevice d12 from a spare
disk slice at c3t3d0s1.
3. A RAID-1 volume is created and named d10 using the RAID-0
volumes named d11 and d12, as shown in Figure 14-21.
RAID 1
Volume
@
@ @
RAID 0 RAID 0
Volume Volume
The command line forces the creation of volume d11. Volume d11 creates
a concatenation composed of a single stripe, one slice wide, and it is
stored on the /dev/dsk/c0t0d0s0 disk slice.
Note – In this example, the root (/) file system is stored on the disk slice
/dev/dsk/c0t0d0s0. Because the root (/) file system is stored at that
location, you must use of the -f option to force the creation of a volume
on the mounted partition.
To create additional volumes from the command line, use the metainit
command again:
# metainit d12 1 1 c3t3d0s1
d12: Concat/Stripe is setup
To create the same metadevice from the GUI, complete the following
steps:
1. Click the Volumes icon.
Every time you create a new volume, you can create additional state
database replicas. When creating RAID-0 volumes, it is usually
unnecessary to create additional state database replicas.
4. Select Don’t Create State Database Replicas in the Create Volume
window, as shown in Figure 14-24.
Every time you create a new volume, as shown in Figure 14-25, you
can relocate it on alternate disk sets.
6. If only one disk set exists on the system, select the default of <none>.
7. Click Next to continue.
You can also select a slice that the new volume occupies, as shown in
Figure 14-28. This volume is the secondary submirror of a mirror,
therefore the size of this slice must be equal to or greater than the
size of the primary submirror of the mirror.
12. Select a slice equal to or greater than the size of the primary
submirror RAID-0 volume.
13. Click Add to move it to the Selected list.
14. Click Next to continue.
You can select the order of presentation of the slices within the stripe
group, if you are mirroring a file system that can span multiple
slices, as shown in Figure 14-29.
Note – When mirroring root (/), you cannot span multiple slices.
This window is used when building multiple slices into a single volume. Because this is a mirror of root, where
a single slice is involved, this window serves no function in this procedure.
A hot spare pool is a set of slices you can use to improve the fault
tolerance of the system. To allow continued data accesses to a failed
volume until you can replace a failed slice, hot spares are
automatically swapped in to replace the failed slice. After replacing
the failed slice, the hot spare is automatically swapped back onto the
replacement slice.
16. Because no hot spare pools have been created, select No Hot Spare
Pool, as shown in Figure 14-30.
Figure 14-32 shows the metadevice for the newly created RAID-0
volume.
In this procedure, you created two RAID-0 volumes, d11 and d12. The
d11 volume contains the slice where the root (/) file system is stored, and
the d12 volume contains space for a copy of the root (/) file system.
where:
Note – If neither the -g nor -r options are specified, reads are made in a
round-robin order from all submirrors in the mirror. This process enables
load balancing across the submirrors.
You can also create the mirror by using the Enhanced Storage Tool within
the Solaris Volume Manager software.
To create a mirror:
1. Click the Volumes icon.
The previously configured RAID-0 volumes are displayed, as shown
in Figure 14-33. If these volumes are not displayed, you must first
configure the RAID-0 volumes before you can use them as
submirrors of the RAID-1 volume.
Because the dirty region logs that are used to track which data blocks
in the submirrors have been modified are recorded within the state
database replicas, when you create RAID-1 volumes, you can add
additional state database replicas. You do not have to create
additional replicas when creating RAID-1 volumes, but mirror
performance might suffer if you do not.
3. Due to equipment limitations in the classroom, select Don’t Create
State Database Replicas, as shown in Figure 14-35.
Note – When you are mirroring root, you must use the local disk set.
11. Select metadevice d11 for use as the primary submirror, as shown in
Figure 14-39.
The Create Volume: Set Mirror Parameters window lets you set the
mirror parameters, as shown in Figure 14-41. These parameters were
described in the metainit command example that was used to
configure a RAID-1 volume.
You can click on the d10 volume to highlight it, and then use the right mouse button to display a menu. From
this menu, you can select Properties to view the configuration and verify the sub-mirrors included.
When creating mirrors of mounted file systems, you must update the
/etc/vfstab file to change the mount point from a slice, such as
/dev/dsk/c#t#d#s#, to a volume, such as /dev/md/dsk/d##. When
mirroring any mounted file system other than root (/), you can use the vi
editor to update the /etc/vfstab file.
When mirroring the root (/) file system, use the metaroot command to
modify the /etc/vfstab and /etc/system files, as follows:
metaroot device
The following example shows that the /etc/vfstab file has been
updated by the metaroot command to point to the RAID-1 mirrored
metadevice.
# metaroot d10
# grep md /etc/vfstab
/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -
In addition to modifying the /etc/vfstab file to update the root (/) file
system pointer, the metaroot command updates the /etc/system file to
support the logical volumes. For example:
# tail /etc/system
rootdev:/pseudo/md@0:0,10,blk
You must reboot the system before attaching the secondary submirror.
When the system boots, it mounts the root file system using the
metadevice device file. Enter the init command to reboot the system:
# init 6
After the reboot is complete, the root file system is mounted through the
d10 metadevice:
# df -h /
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d10 141M 111M 15M 88% /
The metastat command shows the state of the metadevices. Notice here
that only one submirror is in the d10 metadevice:
# metastat
d10: Mirror
Submirror 0: d11
State: Okay
Pass: 1
Read option: roundrobin (default)
Write option: parallel (default)
Size: 307440 blocks (150 MB)
If you mirror your root (/) file system, record the alternate boot path
contained in the boot-device PROM variable. In the following example,
you determine the path to the alternate boot device by using the ls -l
command on the slice that is being attached as the secondary submirror to
the root (/) mirror.
# ls -l /dev/dsk/c3t3d0s1
lrwxrwxrwx 1 root root 57 Oct 25 11:22 /dev/dsk/c3t3d0s1 -
> ../../devices/pci@1f,0/pci@1/pci@1/SUNW,isptwo@4/sd@3,0:b
Caution – When using some disk controllers, the path to the device varies
between the entries in the /devices directory and the entries in the
OpenBoot programmable read-only memory (PROM). In these instances,
follow the entries in the OpenBoot PROM.
from the /devices directory, yet the show-disks command from the
OpenBoot PROM returned:
/pci@1f,0/pci@1/scsi@4,1/disk
/pci@1f,0/pci@1/scsi@4,1/disk@2,0:b
If you do not adapt to the change when attempting to boot from the
alternate boot device, you get an error stating:
can’t open boot device
To get the system to boot automatically from the alternate boot device in
the event of a primary root submirror failure, complete the following
steps:
1. Use the OpenBoot nvalias command to define a backup_root
device alias for the secondary root mirror. For example:
ok nvalias backup_root /pci@1f,0/pci@1/pci@1/SUNW,isptwo@4/sd@3,0:b
2. Redefine the boot-device variable to reference both the primary
and secondary submirrors, in the order in which you want to access
them. For example:
ok printenv boot-device
boot-device= disk net
ok setenv boot-device disk backup_root net
boot-device= disk backup_root net
In the event of primary root disk failure, the system automatically boots
from the secondary submirror. To test the secondary submirror, boot the
system manually, as follows:
ok boot backup_root
3. Because this is a root (/) file system mirror, run the metaroot
command to update the /etc/vfstab and etc/system files.
# metaroot /dev/dsk/c0t0d0s0
# grep c0t0d0s0 /etc/vfstab
/dev/dsk/c0t0d0s0/dev/rdsk/c0t0d0s0/ufs1no-
Use the command line to specify the quality of service attributes you
require, and allow the metassist command to create the necessary
volumes for you. A simple example would be:
# metassist create -s storagepool -S 10Gb
For more information about the metassist command, see the following
resource:
Preparation
This exercise mirrors the root (/) file system of your system’s boot disk.
This exercise requires a second disk that is not in use. Steps in this
exercise direct you to partition the second disk so that it has one partition
equal to the root (/) partition on the boot disk, and at least two partitions
to be used for state database replicas.
Task
Complete the following steps:
1. Start the Solaris Management Console and complete the following
steps:
a. Open the Enhanced Storage Tool within the Solaris
Management Console, and leave it open throughout this
exercise to use it as a monitoring tool.
b. Use the tools within the Enhanced Storage Tool to view objects
that you create using command line commands.
2. Use the df command to list file systems in use and the format utility
to display the partition table for your system’s boot disk.
You should record the following information:
● Disk slice used for the root (/) file system, and its size in
megabytes. This will become the primary submirror:
_______________________________________________
● Does the slice used for the root (/) file system start on cylinder
0 of the boot disk?
_______________________________________________
● Disk slice for state database replica 1: _______________________
● Disk slice for state database replica 2: _______________________
3. Use the format utility to partition your spare disk so that it includes
the partitions listed:
● Set the size of slice 0 to be equal to or greater than the disk slice
used for the root (/) file system. This slice is a candidate to
become the secondary submirror.
● Set the size of slice 1 to be equal to or greater than the disk slice
used for the root (/) file system. This slice is a candidate to
become the secondary submirror.
● Set the size of slice 6 to be at least 4 Mbytes. This slice will be
used for state database replica 3.
● Set the size of slice 7 to be at least 4 Mbytes. This slice will be
used for state database replica 4.
Both slice 0 and slice 1 were set to match the boot disk root slice size to provide a choice of two slices to use
for the secondary submirror. Explain to students that you cannot mirror a slice that contains a disk label to
one that does not.
Different training centers may have built the student systems differently, some where slice 0 of the boot disk
starts on cylinder 0, others where it does not. Explain the need to choose the slice on the second disk, 0 or
1, that correlates to how the root slice is defined on the boot disk. Also, explain that it is not a general SVM
requirement to define partitions exactly as they are here in the exercise.
b. Use the tools within the Enhanced Storage Tool to view objects
that you create using command line commands.
12. Attach the RAID-0 volume used as the root (/) file system’s
secondary submirror to the RAID-1 volume and allow the mirror
synchronization to complete before continuing.
What is the primary reason for using the command line to attach a
secondary submirror to a mirror?
_______________________________________________
_______________________________________________
13. Determine the physical device path to the alternate root (/) device
you selected in step 7 (as reported by the Solaris 10 OS).
14. Use the init 0 command to enter the OpenBoot PROM, and then
the show-disks command to determine the path to the alternate root
(/) device (as reported by the OpenBoot PROM).
15. Define a backup root (/) device alias.
16. Add the backup_root device alias to the boot-device variable.
You should retain the alias for the primary boot disk.
17. Test the ability to boot the secondary root (/) submirror and log in as
root when the boot process completes.
18. Verify the status of the root (/) submirrors.
19. Detach one submirror to make the root (/) mirror a one-way mirror.
20. Update the /etc/vfstab file to redefine the root (/) mount point
using the original disk slice, and the /etc/system file to remove the
forceload statements.
21. Shut down the system to the OBP level.
22. If you changed your boot-device variable to an alternate boot path,
complete the following steps:
a. Reset it to its default setting.
b. Boot the system to the multi-user milestone.
23. Clear the mirror and submirrors.
24. Remove all state database replicas.
Exercise Summary
Manage the discussion based on the time allowed for this module, which was provided in the “About This
Course” module. If you do not have time to spend on discussion, then just highlight the key concepts students
should have learned from the lab exercise.
● Experiences
Ask students what their overall experiences with this exercise have been. Go over any trouble spots or
especially confusing areas at this time.
● Interpretations
Ask students to interpret what they observed during any aspect of this exercise.
● Conclusions
Have students articulate any conclusions they reached as a result of this exercise experience.
● Applications
Explore with students how they might apply what they learned in this exercise to situations at their workplace.
Exercise Solutions
This section contains solutions to the exercise.
Task
Review the following solutions:
1. Start the Solaris Management Console and complete the following
steps:
a. Open the Enhanced Storage Tool within the Solaris
Management Console, and leave it open throughout this
exercise to use it as a monitoring tool.
b. Use the tools within the Enhanced Storage Tool to view objects
that you create using command line commands.
# smc &
2. Use the df command to list file systems in use, and the format
utility to display the partition table for your system’s boot disk.
Record the following information:
● Disk slice used for the root (/) file system, and its size in
megabytes. This will become the primary submirror:
As pre-defined for your lab system. (Slice 0 and 500 Mbytes, in this
example.)
● Does the slice used for the root (/) file system start on cylinder
0 of the boot disk?
As pre-defined for your lab system. (No, in this example.) This
information is required to determine what slice on the second disk to
use as the secondary submirror, for the purpose of this exercise.
● Disk slice for state database replica 1:
As pre-defined for your lab system. (Slice 4, in this example.)
● Disk slice for state database replica 2:
As pre-defined for your lab system. (Slice 5, in this example.)
# df -h
/dev/dsk/c0t0d0s0 470M 194M 229M 46% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 854M 880K 853M 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
/dev/dsk/c0t0d0s6 4.8G 2.9G 1.9G 61% /usr
fd 0K 0K 0K 0% /dev/fd
/dev/dsk/c0t0d0s3 479M 57M 375M 14% /var
swap 853M 0K 853M 0% /tmp
swap 853M 40K 853M 1% /var/run
/dev/dsk/c0t0d0s7 2.1G 2.1M 2.0G 1% /export
# format
(output omitted)
format> partition
(output omitted)
partition> print
Current partition table (original):
Total disk cylinders available: 17660 + 2 (reserved cylinders)
partition> q
(output omitted)
format> q
#
3. Use the format utility to partition your spare disk so that it includes
the partitions listed:
● Set the size of slice 0 to be equal to or greater than the disk slice
used for the root (/) file system. This slice is a candidate to
become the secondary submirror.
● Set the size of slice 1 to be equal to or greater than the disk slice
used for the root (/) file system. This slice is a candidate to
become the secondary submirror.
● Set the size of slice 6 to be at least 4 Mbytes. This slice will be
used for state database replica 3.
● Set the size of slice 7 to be at least 4 Mbytes. This slice will be
used for state database replica 4.
Both slice 0 and slice 1 were set to match the boot disk root slice size to provide a choice of two slices to use
for the secondary submirror. Explain to students that you cannot mirror a slice that contains a disk label to
one that does not.
Different training centers may have built the student systems differently, some where slice 0 of the boot disk
starts on cylinder 0, others where it does not. Explain the need to choose the slice on the second disk, 0 or
1, that correlates to how the root slice is defined on the boot disk. Also, explain that it is not a general SVM
requirement to define partitions exactly as they are here in the exercise.
# format
(output omitted)
partition> print
Volume: test
Current partition table (test):
Total disk cylinders available: 4924 + 2 (reserved cylinders)
partition>
4. Determine the names of Solaris Volume Manager objects to use for
this exercise:
● Volume to map to the root (/) file system primary submirror:
As defined for your lab system. (The examples use d11.)
● Volume to map to the root (/) file system secondary submirror:
As defined for your lab system. (The examples use d12.)
● Volume to map to the root (/) file system mirror:
As defined for your lab system. (The examples use d10.)
5. Create a sufficient number of state database replicas to support the
majority consensus algorithm used in the Solaris Volume Manager
software. For example:
# /usr/sbin/metadb -a -f c0t0d0s4
# /usr/sbin/metadb -a c0t0d0s5
# /usr/sbin/metadb -a c1t5d0s6
# /usr/sbin/metadb -a c1t5d0s7
#
What is the minimum number of state database replicas necessary to
support the majority consensus algorithm?
As a best practice, you should use three state database replicas as the
minimum to support the majority consensus algorithm.
6. Create a RAID-0 volume to use as the root (/) file system’s primary
submirror.
# /usr/sbin/metainit -f d11 1 1 c0t0d0s0
d11: Concat/Stripe is setup
(The variable points to the root (/) slice.)
7. Create a RAID 0 volume on the secondary drive to use as the root (/)
file system’s secondary submirror.
You should refer to step 2 to determine which of the following
conditions is true.
a. If the root slice on your boot disk starts on cylinder 0, use slice 0
on the second disk as the secondary submirror.
# /usr/sbin/metainit d12 1 1 c1t5d0s0
d12: Concat/Stripe is setup
b. If the root slice on your boot disk does not start on cylinder 0, use
slice 1 on the second disk as the secondary submirror.
13. Determine the physical device path to the alternate root (/) device
you selected in step 7 (as reported by the Solaris 10 OS).
This varies by system. Use the ls -l command.
# ls -l /dev/dsk/c1t5d0s1
lrwxrwxrwx 1 root root 57 May 24 12:47 /dev/dsk/c1t5d0s1 -
> ../../devices/pci@1f,0/pci@1/pci@1/SUNW,isptwo@4/sd@5,0:b
14. Use the init 0 command to enter the OpenBoot PROM, and then
the show-disks command to determine the path to the alternate root
(/) device (as reported by the OpenBoot PROM).
This varies by system.
ok show-disks
15. Define a backup root (/) device alias.
This varies by system. Use the nvalias command.
ok nvalias backup_root device_path
16. Add the backup_root device alias to the boot-device variable.
You should retain the alias for the primary boot disk.
This varies by system. Use a combination of the printenv and setenv
commands.
ok printenv boot-device
boot-device = disk net
ok setenv boot-device disk backup_root
boot-device = disk backup_root
17. Test the ability to boot the secondary root (/) submirror and log in as
root when the boot process completes.
ok boot backup_root
18. Verify the status of the root (/) submirrors.
# /usr/sbin/metastat d10
d10: Mirror
Submirror 0: d11
State: Okay
Submirror 1: d12
State: Okay
Pass: 1
Read option: roundrobin (default)
Write option: parallel (default)
Objectives
Upon completion of this module, you should be able to:
● Describe the effect of the /etc/inet/ipnodes file on the loghost
variable
● Describe generic log rotation
15-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
While the file names and functionality has remained much the same
through Solaris 8, 9, and 10, a change to how the loghost variable is
determined in Solaris 10 needs explanation.
Example A /etc/inet/hosts:
192.9.200.1 host1 loghost
192.9.200.2 host2
Example B /etc/inet/hosts:
192.9.200.1 host1
192.9.200.2 host2 loghost
When the syslogd daemon starts at system boot, the syslogd daemon
evaluates the /etc/hosts file, and checks the Internet Protocol (IP)
address associated with the hostname as compared to the IP address
associated with loghost.
This functionality has not changed through the Solaris releases mentioned
in this course, but there has been a change in Solaris 10 that affects the
loghost setting. Previous to Solaris 10, the /etc/inet/ipnodes file was
only populated with IPv6 addresses. Now, the /etc/inet/ipnodes
can contain either IPv4 or an IPv6 addresses, as shown in the following
example:
cat /etc/inet/ipnodes
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost
192.9.200.1 host1 loghost
192.9.200.2 host2
Ideally, both of these files will contain the same information so that there
would not be any inconsistency between loghost variables.
The logadm command is a general log rotation tool that is can be run from
cron. The logadm command reads the /etc/logadm.conf file and checks
for the presence of those named log files to see if they should be rotated.
The corresponding log file gets renamed by adding a number suffix such
as logfile.0, logfile.1, etc. By default, ten versions of the logfile are
kept.
Solaris 10 has changed the way many services are handles with the release
of the SMF. For example, in Solaris 9, enabling and logging inetd trace
messages would have been accomplished by performing the following
procedure:
1. Edit the /etc/inet/inetsvc file and changing the line that read:
/usr/sbin/inetd -s to /usr/sbin/inetd -s -t
2. Edit the /etc/default/inetd file and setting the following field:
ENABLE_CONNECTION_LOGGING=YES
3. Stopping and starting the inetd process:
# /etc/init.d/inetsvc stop
# /etc/init.d/inetsvc start
The same change in procedures applies when stopping and starting the
syslog process. With Solaris 9, the procedure would be:
# /etc/init.d/syslog stop/start
Naming Services
Objectives
Upon completion of this module, you should be able to descibe the
differences in:
● The name service switch file
● The LDAP name service
16-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
The Sun Java System Directory Server is no longer bundled with Solaris
10. The Sun Java System Directory Server is now bundled with the Java
Enterprise Server CDs.
The Sun Java System Directory Server must be set up and then configured
to support Solaris LDAP clients.
The output of each diff command has been edited to increase readability.
> # Note that IPv4 addresses are searched for in all of the ipnodes
databases before searching the hosts databases.
> ipnodes: files dns
>
< sendmailvars: files
Notice in the example that the first line has a note explaining that the
appropriate SMF service must be enabled and online. This note is
prevelant through all examples of the Solaris 10 configuration files, and is
a result of the introduction of the Service Management Facility.
The third item shown is the database sendmailvars, which has been
removed in Solaris 10.
< # audit
< audit_user: files ldap
Notice in the example that the first comment, followed by the exec_attr,
user_attr, and audit_user databases show that RBAC functionality was
introduced in Solaris 9.
The second line shown illistrates the printers database is now supported.
The printers database provides centralized printer configuration
information to print clients on the network. This is new functionality in
Solaris 9.
> # Note that IPv4 addresses are searched for in all of the ipnodes
databases before searching the hosts databases.
> ipnodes: ldap [NOTFOUND=return] files
> # Note that IPv4 addresses are searched for in all of the ipnodes
databases before searching the hosts databases.
> ipnodes: nis [NOTFOUND=return] files
The two new variables are INETDIR, and RBACDIR and are found in the
first section of the /var/yp/Makefile file, as highlighted below:
#B=-b
B=
DIR =/etc
INETDIR=/etc/inet
RBACDIR=/etc/security
PWDIR =/etc
DOM = ‘domainname‘
NOPUSH = ""
ALIASES = /etc/mail/aliases
YPDIR=/usr/lib/netsvc/yp
SBINDIR=/usr/sbin
YPDBDIR=/var/yp
YPPUSH=$(YPDIR)/yppush
MAKEDBM=$(SBINDIR)/makedbm
MULTI=$(YPDIR)/multi
REVNETGROUP=$(SBINDIR)/revnetgroup
STDETHERS=$(YPDIR)/stdethers
STDHOSTS=$(YPDIR)/stdhosts
MKNETID=$(SBINDIR)/mknetid
MKALIAS=$(YPDIR)/mkalias
N2L is a replacement for the existing NIS server side product which
provides a migration path from NIS to LDAP. It enables NIS maps to be
synchronized with NIS like information in the directory and accessed
with NIS like speed and extensibility.
If you are teaching an LVC, you may also want to have one of the students bring up
http://www.sun.com/bigadmin/content/n2l/NIS2LDAP.pdf in a shared window to keep the students interest.
Objectives
Upon completion of this module, you should be able to describe the
differences in:
● Boot Services
● Identification Services
● Configuration Services
● Installation Services
17-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Relevance
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Boot Services
Solaris 8 and 9 used the same boot services, there were no changes
between these two versions of the Operating System. Solaris 10
introduced SMF, which changed the way processes are started and
stopped.
After the /etc/dfs/dfstab file has been edited, you must verify that
NFS services are running, and if necessary, start them:
1. Run the svcs command to check that NFS services are enabled.
# svcs -a |grep nfs
STATE STIME FMRI
disabled 14:56:34 svc:/network/nfs/mapid:default
disabled 14:56:34 svc:/network/nfs/cbd:default
disabled 14:56:36 svc:/network/nfs/server:default
online 14:56:56 svc:/network/nfs/status:default
online 14:56:57 svc:/network/nfs/nlockmgr:default
online 14:57:13 svc:/network/nfs/client:default
online 14:57:13 svc:/network/nfs/rquota:ticlts
online 14:57:13 svc:/network/nfs/rquota:udp
Identification Services
JumpStart clients require support from a server to automatically get the
answers to system identification questions that the client systems issue.
Configuration Services
JumpStart clients require support from a server to obtain answers for
system configuration questions that they issue.
Installation Services
JumpStart clients require support from a server to find an image of the
Solaris OS to install. A system that provides this service is called an install
server. An install server shares a Solaris OS image from a CD-ROM, DVD,
or local disk. JumpStart clients use the NFS service to mount the
installation image during the installation process.
Beginning with the Solaris 8 2/02 release, the Solaris Media Kit has been
available on either CD-ROM or DVD media.
network_interface=qfe0 { hostname=sys01
ip_address=192.168.2.101
protocol_ipv6=no netmask=255.255.255.0
default_route=192.168.2.1}
network_interface=qfe1 { hostname=sys02
ip_address=192.168.2.111
protocol_ipv6=no netmask=255.255.255.0
default_route=192.168.2.1}
network_interface=qfe3 { ip_address=192.168.2.121
protocol_ipv6=no netmask=255.255.255.0
default_route=192.10.10.1}
security_policy=none
name_service=none
timezone=US/Mountain
system_locale=en_US
timeserver=192.10.10.1
root_password=Hx23475vABDDM
The rules file enables groups of clients with the same characteristics to
be grouped together as a class. Consequently the profile file is frequently
referred to as the class file, particularly with Solaris 8.
The package keyword prior to Solaris 10 was only used to add or delete
packages from the installation that were part of the installation media.
The keyword has been enhanced to allow package installations that are
not part of the installation media. Previously this was only possible by
using a finish script.
The syntax for the entry in the profile varies depending on the location
selected, as shown in Table 17-1.
Configuration Cluster
Interactive Installation Name
Name
The following example describes a profile file that installs the Entire
Distribution configuration cluster (SUNWCall), and removes the SUNWman
package. The example uses explicit partitioning and declares the slices
and sizes assigned to the root (/), swap, /usr, /var, and /opt file
systems.
install_type initial_install
system_type standalone
partitioning explicit
filesys c0t0d0s0 150 /
filesys c0t0d0s1 128 swap
filesys c0t0d0s6 800 /usr
filesys c0t0d0s7 free /var
filesys c0t1d0s7 all /opt
cluster SUNWCall
package SUNWman delete
The filesys keyword can be used in the profile file to create RAID-1
volumes on the client system.
The mirror keyword causes one state database replica to be put on each
slice in the mirror automatically. The administrator may choose to create
additional metastate databases.
The following profile example creates RAID-1 volumes (mirrors) for the
root (/), /usr, and /var file systems:
install_type initial_install
cluster SUNWCXall
filesys mirror c0t0d0s0 c1t3d0s0 850 /
filesys mirror:d10 c0t0d0s1 c1t3d0s1 1000 /var
filesys c0t0d0s3 512 swap
filesys c1t3d0s3 512
metadb c0t0d0s4 count 4
metadb c1t3d0s4 count 4
filesys mirror c0t0d0s6 c1t3d0s6 5000 /usr
filesys c0t0d0s7 free /export/home
filesys c1t3d0s7 free
7. Four state database replicas are created on slice c0t0d0s4 and slice
c1t3d0s4.
8. The /usr filesystem is created and mirrored on slices c0t0d0s6
and c1t3d0s6. The name of the RAID-1 volume is automatically
assigned.
9. The /export/home file system is created on the remaining free
space on disk c0t0d0.
10. Slice c1t3d0s7 is created on the remaining free space on c1t3d0
but is not allocated to any file system.
As of Solaris 8 7/01 new options have been added for use with the boot
command when you perform a custom JumpStart installation:
With the boot command, you can specify the location of the configuration
files to use to perform the installation. You can specify a path to an HTTP
server, an NFS server, or a file that is available on local media. If you do
not know the path to the files, you can require that the installation
program prompt you for the path after the machine boots and connects to
the network.
The nowin option enables you to specify that the custom JumpStart
program not begin the X program. You do not need to use the X program
to perform a custom JumpStart installation, so you can shorten the
installation time by using the nowin option.
Finish Scripts
Finish scripts are Bourne scripts that JumpStart clients run after installing
the Solaris Operating System but before they reboot. Finish scripts allow
you to perform a variety of post-installation tasks on the JumpStart client,
including:
● Setting the power-management configuration
● Retrieving backed-up data from a server on the network
● Copying selected files from a JumpStart server to the client
● Specify the NFS4 domain
touch ${STATE}
exit 0
Objectives
Upon completion of this module, you should be able to describe the
differences in:
● Describe the Flash installation feature
● Manipulate a Flash archive
● Use a Flash archive for installation
18-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
The Flash installation feature uses one or more archives created from a
master system that acts as a reference configuration. The master system is
an installed system that has been customized as required. Customization
can include adding or removing software packages, adding third-party or
unbundled software products, and modifying configuration files, such as
the SMF method scripts and run control script, and by enabling or
disabling SMF managed services. Further customization can be done
when creating the archive.
Hardware Requirements
Software Requirements
There are certain limitations to the Flash utility, including, but not limited
to, the configuration of the Solaris Volume Manager software and the
current versions of the Solaris OS:
● Flash does not support metadevices or non-UFS file systems.
● You can only create the archive from material available on the master
system.
You can create the archive when the system is running in single-user
mode, multiuser mode, or being booted from the Solaris 10 OS 1 CD-
ROM, or DVD.
During installation you must specify a directory and a location where the
Flash archive resides. Options during installation are:
● Network file system (NFS) server
● Hypertext Transfer Protocol (HTTP) server
● File Transfer Protocol (FTP) server
● Local or remote tape
● Compact Disc Read-Only Memory (CD-ROM)
● Local drive of clone machine
The Flash installation process involves creation of the Flash archive prior
to the deployment of the Flash archive to the clones.
where:
Examples
In the example :
-n flash_root is the name of the Flash archive
-c causes the archive to be compressed
-R / creates the archive rooted at the root (/) directory
-e root_archive is the description of the archive
-x /export/flash excludes this directory from the archive
Note – Be sure that you have enough disk space to contain the Flash
archives that you build. In the above example, the /export/flash
directory is large enough to contain the 518 Mbyte archive.
The following example creates a Flash archive and customizes the files to
be included in the archive:
# flar create -n local_apps -x /usr/local/ -y
/usr/local/custom_scripts local_archive
-n local_apps is the name of the archive
-x /usr/local is excluded from the archive
-y /usr/local/custom_scripts is included on the archive
The archive is created from the root (/) directory as -R has not been
specified.
where:
To list the header data that is created with the archive, use the flar info
command:
# flar info flash_archive1
archive_id=f67e46f0096ab9ac580cea5ba3ffeb72
files_archived_method=cpio
creation_date=20041005160703
creation_master=sys65
content_name=build68
creation_node=sys65
creation_hardware_class=sun4u
creation_platform=SUNW,UltraSPARC-IIi-cEngine
creation_processor=sparc
creation_release=5.10
creation_os_name=SunOS
creation_os_version=s10_68
files_compressed_method=compress
content_architectures=sun4u
type=FULL
You can also use additional keywords for administering the archive.
You can use any of the Solaris OS installation methods to install Flash
archives, for example:
● Install Flash archives with the Solaris Web Start program
● Install Flash archives with the Solaris OS suninstall program
● Install Flash archives with a JumpStart installation
● The WAN Boot procedure
The initial steps for using a Flash archive for installation are the same as
setting up for a JumpStart installation. Using a Flash archive can be
interactive during the installation, or completely hands-off, depending on
how you set up your installation server.
Note – The text screens shown in this installation sequence have been
edited for brevity and readability. Depending on your installation method,
you press the appropriate function key or it’s Escape key equivalent.
On the following screens, you can accept the defaults or you can
customize how Solaris software will be installed by:
On this screen you must select a method to retrieve the Flash archive.
The retrieval method depends on where the archive is stored. For
example, if the archive is stored on a tape, select "Local Tape".
Please specify the path to the network file system where the Flash
archive is located. For example:
=========================================================================
5. Press F2 to continue.
Next, you add a Flash archive. If the NFS file system is mounted and
shared, and if you can locate the Flash archive within the file system,
you are prompted for additional Flash archive names. A Solaris OS
image must exist on a clone system before you can install additional
Flash archives. The first Flash archive you install must also contain a
bootable Solaris OS image.
Flash Archive Selection
You selected the following Flash archives to use to install this system.
If you want to add another archive to install select "New".
====================================================================
NFS build74L2
On this screen you must select the disks for installing Solaris software.
Start by looking at the Suggested Minimum field; this value is the
approximate space needed to install the software you’ve selected. Keep
selecting disks until the Total Selected value exceeds the Suggested
Minimum value.
NOTE: ** denotes current boot disk
=========================================================================
[X] ** c0t0d0 19457 MB (F4 to edit)
[ ] c1t0d0 8633 MB
7. Press F2 to continue.
The system is queried and you are given the opportunity to preserve
any existing data on the target disk. If you decide to preserve data
you then select the file systems to preserve.
8. Press F2 to continue.
File System and Disk Layout
The summary below is your current file system and disk layout, based on
the information you’ve supplied.
========================================================================
/ c0t0d0s0 5000 MB
swap c0t0d0s1 512 MB
overlap c0t0d0s2 19457 MB
/export/home c0t0d0s7 13945 MB
9. Press F2 to continue.
The Mount Remote File Systems window appears. If your Flash
archives are stored on the master Flash archive server, press F2 to
continue.
-Profile
========================================================================
The next screen shows the steps involved in completing the Flash
installation. After you install the Flash archive, the cleanup scripts
complete the installation housekeeping tasks, and the system either
reboots or prompts you to reboot, depending on your earlier
configuration.
Customizing system files
- Mount points table (/etc/vfstab)
- Unselected disk mount points
(/var/sadm/system/data/vfstab.unselected)
- Network host addresses (/etc/hosts)
Cleaning devices
Pausing for 90 seconds at the "Reboot" screen. The wizard will continue
to the next step unless you select "Pause". Enter ’p’ to pause. Enter ’c’
to continue. [c]
A differential archive fails if the clone has been manually updated after it
was Flash installed from the master source.
Option Description
Option Description
-M Excludes the manifest file. When you use this
option, no validation occurs on the differential
archive. When creating a differential archive, flar
create creates a long list of the files in the system
that are unchanged, are changed, and are to be
deleted from the archive. This list is stored in the
manifest section of the archive. When the
differential archive is deployed, the software uses
this list to perform a file-by-file check, ensuring
the integrity of the clone system. Use of this
option avoids such a check and saves the space
that is used by the manifest section in a
differential archive.
The only keywords that are valid when you install a Solaris Flash archive
are the following:
Initial Differential
Keyword
Installation Archive
archive_location (required) X X
fdisk (x86 only) X X
filesys X
forced_deployment X
install_type (required) X X
local_customization X X
no_content_check X
no_master_check X
package X
root_device X X
Preparation
The following tasks require a system that is running the Solaris 10 Update
1 OS.
Task
This task has you use the flarcreate command along with some
additional options as a means of giving you practice with customizing a
Flash archive.
Create a file that lists the directories and files to exclude and include. Use
the plus (+) and minus (-) signs when creating the file.
Note – Do not use this flar for any other purpose in this course.
Exercise Summary
Manage the discussion based on the time allowed for this module. If you do not have time to spend on
discussion, highlight just the key concepts students should have learned from the lab exercise.
● Experiences
Ask students what their overall experiences with this exercise have been. Go over any trouble spots or
especially confusing areas at this time.
● Interpretations
Ask students to interpret what they observed during any aspect of this exercise.
● Conclusions
Have students articulate any conclusions they reached as a result of this exercise experience.
● Applications
Explore with students how they might apply what they learned in this exercise to situations at their workplace.
Exercise Solutions
This section provides the answers to the exercise tasks.
- /usr/apache2/
- /usr/staroffice7/
2. Check the disk size of the drives. The Flash archive you create
requires 1.73 Gbytes of free space in some filesystems. If the primary
disk does not have enough free space, create and mount a suitable
filesystem on the second disk.
# df -h /a
Filesystem size used avail capacity Mounted on
/dev/dsk/c1t1d0s7 26G 4.7G 21G 19% /a
3. Create the Flash archive after arranging for the destination file
system to use to hold it.
Verify the command worked by listing all of the files within the Flash
archive that contain the string bin/cat.
# flar info -l /a/test.flar |grep -i bin/cat
usr/bin/catman
usr/apache/tomcat/bin/catalina.sh
usr/bin/cat
usr/bin/cat
4. Remove the flar file.
# rm /a/test.flar
Note – Do not use this flar for any other purpose in this course.
Objectives
Upon completion of this module, you should be able to:
● Create an alternate boot environment cloned from a running system
● Create a differential flash archive in a Live Upgrade boot
environment
● Create an empty alternative boot environment and understand when
this is necessary
● Extend a base boot environment with a differential flash archive
19-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
Take a moment and share a browser session for all to see and point out key documentation on Live Update
at docs.sun.com. Search for Solaris 10 Installation Guide: Solaris Live Upgrade and Upgrade Planning which
is located at:
http://docs.sun.com/app/docs/doc/817-5505?q=Live+Update
If you are teaching this class as an LVC, engage a student by having them do the above.
Explain how this could be part of the strategy to adopt and incorporate monthly Solaris Express upgrades.
The release of the Solaris Live Upgrade packages must match the release
of the OS you are upgrading to. For example, if your current OS is the
Solaris 9 release and you want to upgrade to the Solaris 10 release, you
need to install the Solaris Live Upgrade packages from the Solaris 10
release.
Note – See the following for more information about the Live Upgrade
packages and required patches:
http://docs.sun.com/app/docs/doc/817-
5505/6mkv5m1kk?q=Live+Update&a=view
LU Command Description
Explain all the options used. -S dispenses with the time consuming size calculation that gets written into the
flash archive header. -c is to compress the archive.
creation_node=sys-01
creation_hardware_class=sun4u
creation_platform=SUNW,UltraAX-i2
creation_processor=sparc
...
files_compressed_method=compress
content_architectures=sun4u
type=FULL
1 /swap 1
3 3
4 4 Current release X
Critical file system root (/)
5 5
Inactive release X
6 6 Critical file systems root(/)
Active
6. Check that the partitioning on the second disk matches that of the
first disk.
# prtvtoc /dev/rdsk/c1t1d0s2
* /dev/rdsk/c1t1d0s2 partition map
*
...
Explain the command line options as necessary. The -c option is used only once, to name the first
environment. Explain that the absence of a -m option instance for the /export/home file system is what
configures it to be shared in both BEs.
# lufslist sys_env_2
# more sys_env_1:sys_env_2
/:root:root:22:40755:DIR:
/lost+found:root:root:2:40700:DIR:
/export:root:sys:3:40755:DIR:
/var:28385:100:44:40775:DIR:
/var/sadm:root:other:13:40755:DIR:
/var/sadm/install:root:bin:4:40555:DIR:
/var/sadm/install/admin:root:bin:2:40555:DIR:
...
This step is just to make students aware that a comparison of environments is maintained.
**********************************************************************
The target boot environment has been activated. It will be used when you
reboot. NOTE: You MUST NOT USE the reboot, halt, or uadmin commands. You
MUST USE either the init or the shutdown command when you reboot. If you
do not use either init or shutdown, the system will not boot using the
target BE.
**********************************************************************
boot
**********************************************************************
Stress the importance of this information that indicates the original boot device. If the need would arise, you
may have to set the OBP boot-device variable to get the original environment to boot.
13. When the system comes back up, login and verify that the sys_env_2
environment is active with the lustatus command.
# lustatus
Boot Environment Is Active Active Can Copy
sys_env_1 sys_env_2
c1t0d0 c1t1d0
1 /swap 1
3 3
4 4 Current release X
Critical file system root (/)
5 5
Inactive release X
6 6 Critical file systems root(/)
Modified
14. Modify the system state of the sys_env_2 environment by adding the
SMCtop package to the system.
# cd /var/spool/pkgs
# pkgadd -d .
Checksums differ
01 <
/var/sadm/install/.lockfile:root:root:1:100600:REGFIL:128:1845941275:
02 >
/var/sadm/install/.lockfile:root:root:1:100600:REGFIL:128:582217747:
Sizes differ
01 < /var/sadm/pkg/SUNWcsu/pkginfo:root:root:1:100644:REGFIL:7214:
02 > /var/sadm/pkg/SUNWcsu/pkginfo:root:root:1:100644:REGFIL:5897:
...
sys_env_1 sys_env_2
c1t0d0 c1t1d0
root (/)
/a 0
Mount
1
root (/)
0
3
Create 1 /swap
Differential 4 Current release X
Flash Archive 3 Critical file system root (/)
5
4 Inactive release X
6 Critical file systems root(/)
5
7 Shared file systems
6
7 /export/home
Point out that this time the type for the archive is DIFFERENTIAL.
1 /swap
1 1
3 3 3
4 Install Master
4 4
and
Differential
5 5 5
Flash Archives
6 6 6
7 /export/home 7 7
Current release X
Critical file system root (/)
Inactive release X
Critical file systems root(/)
During this development of the course it was learned that the disks have to be the same size otherwise you
get an fmthard error duing the luupgrade step shown later.
23. Before making the new boot environment, unmount /a with the
luumount command.
# luumount /a
24. Create a new boot environment with the following specifications:
● use c2t0d0
● do not clone a boot environemnt. Use the -s - option to make it
empty
● name the new boot environment sys_env_3
When prompted for the / and swap devices via the menu, select
those devices appropriate for the new boot environment that is being
created.
# lucreate -n "sys_env_3" -s -
...
Updating system configuration files.
...
Since lucreate cannot determine the new / device on its own, the
menu appears and you need to specify, with the F2, ENTER and F3
keys, the /ans swap devices:
-------------------------------------------------------------------------
New boot environment - sys_env_3
Recommended
Mount Point Device FS Type Size (MB) Min
Size(MB)
/ ufs 0
- swap 0
Esc F2 F3 F4 F5 F6 F7 F8 F9 ^D ^X
HELP CHOICE SAVE SLICE PRINT CANCEL SCHEDULE SPLIT MERGE CLR OTHR
In this example, for the above menu interaction, c2t0d0s0 was
specified for the / device and c2t0d0s1 was specified for the swap
device. The F2 key is used to display a drop down menu from which
to select the devices (using the ENTER key). When finished, the F3
key is used to save the configuration and then the menu exits and
output continues.
Note – The menu appeared because the root file system location was not
specified on the lucreate command line. The menu would not have
appeared if this command were used instead:
25. Use the lustatus command to see all statuses for the boot
environments.
# lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
sys_env_1 yes no no yes -
sys_env_2 yes yes yes no -
sys_env_3 no no no yes -
At the time of development of this course, it was necessary to be sure that the install image referenced
matched was Solaris 10 U1 (not FCS). At the time this was because the Solaris 10 FCS install image was
missing a merge script needed by the luupgrade command executed in the next step.
30. Use the lustatus command to check the status of the new
environment.
# lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
sys_env_1 yes no no yes -
sys_env_2 yes yes yes no -
sys_env_3 yes no no yes -
Note that now sys_env_3 shows being complete, but still not active.
31. Create a profile file to reference in for applying the differential
archive.
# cat /profile
install_type flash_update
archive_location local_file /differ_flar_on_sys_env_1_new_pkg.flar
no_content_check
no_master_check
Go over the contents of the profile file as needed. The no_content_check and no_master_check
keywords are helpful when you are sure of the origin of the master archive previously applied and want to
dispense with minor comparison errors that may prevent a successful application of the differential archive.
32. Use the luupgrade command to apply the differential flash archive
to the new sys_env_3 BE. Reference the profile just created.
# luupgrade -f -n sys_env_3 -s /net2/SunOS5.10_0106_sun4 -j /profile \
-l /errorlog
Validating the contents of the media </net2/SunOS5.10_0106_sun4>.
The media is a standard Solaris media.
Validating the contents of the miniroot
</net2/SunOS5.10_0106_sun4/Solaris_10/Tools/Boot>.
Locating the flash install program.
Checking for existence of previously scheduled Live Upgrade requests.
Constructing flash profile to use.
Performing the operating system flash update of the BE <sys_env_3>.
CAUTION: Interrupting this process may leave the boot environment
unstable or unbootable.
Extracting Flash Archive: 100% completed (of 162.01 megabytes)
The operating system flash update completed.
**********************************************************************
The target boot environment has been activated. It will be used when you
reboot. NOTE: You MUST NOT USE the reboot, halt, or uadmin commands. You
MUST USE either the init or the shutdown command when you reboot. If you
do not use either init or shutdown, the system will not boot using the
target BE.
**********************************************************************
boot
**********************************************************************
38. Verify that the differential archive has been applied by verifying that
the SMCtop package is included in the system.
# pkginfo -l SMCtop
PKGINST: SMCtop
...
Reverting to a previous BE
Introducing WANBoot
Objectives
The WAN Boot procedure is an automatic installation process much like
the JumpStart installation process. It provides a mechanism for
automatically installing the Solaris 10 OS on multiple systems
simultaneously across a wide area network.
20-1
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A
Objectives
Relevance
Present the following questions to stimulate the students and get them thinking about the issues and topics
presented in this module. While they are not expected to know the answers to these questions, the answers
should be of interest to them and inspire them to learn the material presented in this module.
Additional Resources
The advantages of using the WAN Boot procedure include some of the
same advantages as using a traditional JumpStart for installations.
Advantages provided by WAN Boot include the following:
● Simplifies installations by avoiding the lengthy question-and-answer
session that is part of the interactive installation process.
● Faster than interactive installations – It lets system administrators
install different types of systems simultaneously.
● It allows automatic installation of the Solaris 10 OS and unbundled
software.
Features
WAN Boot is part of the Solaris 10 OS but works with a minimum of
OpenBoot programmable read-only memory (PROM) firmware version
4.14 to support new requirements on the client. If a minimum of
OpenBoot PROM revision 4.14 or later is not available, WAN Boot may be
performed with a CDROM-based installation. The new firmware supports
TCP/HTTP connections, SHA-1 authentication, 3DES or AES encryption,
SSL v3 certificates, and several new values and command-line arguments
to support these new features. These new features allow the client to
contact the WAN Boot server and request the download of the new boot
binary wanboot.
New features specific to the client for WAN Boot are key management,
signature verification, and new OBP arguments.
The wanboot unmounts the boot file system and mounts the miniroot
file system. The kernel from miniroot is then loaded into RAM and
executed.
9. The installation program requests download of the installation files.
The system.conf file in the appropriate location under
/etc/netboot is included with the miniroot and has the locations
of the JumpStart configuration files. The following example shows
the entries in system.conf:
SsysidCF=https://WANBootserv/bootfiles/config
SjumpsCF=https://WANBootserv/bootfiles/config
The JumpStart profile file specifies where to get the Flash archive to
install on the client. The following syntax shows part of the contents
of the JumpStart profile file:
archive_location https://WANBootserv/flashdir/solaris.flar
10. The installation program installs the Solaris Flash archive.
The Flash archive is downloaded and installed on the client.
wanboot
Two
install The client downloads the wanboot
Solaris_10 program (approx 1 MB)
... Seven
flash The client extracts the flash archive
solaris.flar
index.html
config The default file a web browser gets from
check this server
rules Six
The client gets identity info and
profile installation profile
sysidcfg One
The client asks the wanboot-cgi program
cgi-bin
for the location of the wanboot file
wanboot-cgi
bootlog-cgi
The client uses this cgi program to send
back log messages
WAN Boot requires a Solaris 10 SPARC or x86 server platform with a web
server supporting at least HTTP 1.1 and also supporting HTTPS if digital
certificates are used. Apache and iPlanet servers have been tested.
If HTTPS is used, the SSL must be configured. WAN Boot requires access
to wanboot, miniroot, custom JumpStart files, and the Flash archive(s).
These are typically stored in the web servers document root directory. It
also requires access to wanboot-cgi and bootlog-cgi programs to serve
CGI requests from WAN boot clients. These are typically stored in the
web server’s cgi-bin directory.
Thus one finds administrative scripts that, when used, ask the
administrator to perform a second action on a (possibly) different
machine.
Although the steps to configure a WAN Boot server are different than
setting up a JumpStart server, anyone who has configured a JumpStart
server should be able to configure a WAN boot server. Reference the
following URL:
http://docs.sun.com/db/doc/817-5504
http://docs.sun.com
http://docs.sun.com/source/816-5683-10/contents.htm
● Apache web server configuration information:
http://httpd.apache.org/docs-project/
2. Optionally, configure the WAN Boot server as a DHCP server. Two
new vendor options support WAN Boot:
● SbootURI Symbol Vendor=SUNW.Sun-Blade-100 <other
architectures>,16,ASCII,1,0
● SHTTPproxy Symbol Vendor=SUNW.Sun-Blade-100 <other
architectures>,17,ASCII,1,0
WAN Boot install clients are named using a network number-client
ID combination that is designed to be unique (client IDs are required
to be unique per network). DHCP originally used this naming
scheme and it works well with the framework of WAN Boot.
3. Configure the WAN Boot server as a JumpStart server. Use the
following URL:
http://docs.sun.com/db/doc/817-5506
The wanboot program must be copied from install media to a
location under the web server's documents directory:
# cp /cdrom/cdrom0/s0/Solaris_10/Tools/Boot/platform/sun4u/wanboot \
/var/apache/htdocs/wanboot10/wanboot
The WAN Boot miniroot file system must be created in a location
under the web server's documents directory:
# /cdrom/cdrom0/s0/Solaris_10/Tools/setup_install_server -w `pwd`/wpath \
`pwd`/ipath; cp `pwd`/wpath/miniroot
/var/apache/htdocs/wanboot10/miniroot
The URL paths to the sysidcfg file, rules.ok file, profile file, and
begin and finish scripts are specified by the SsysidCF and SjumpsCF
parameters in the system.conf file on the miniroot:
SsysidCF=https://WANBootserv/bootfiles/config
SjumpsCF=https://WANBootserv/bootfiles/config
Alternatively, you can use DHCP with the new vendor options SbootURL
and SHTTPproxy. Use the SbootURL option to specify the location of the
wanboot-cgi script. This option is preferable to using the standard
BootFile option. Use the SHTTPproxy option to define the HTTP or
HTTPS proxy if one is to be used. The wanboot and miniroot file systems
must each be small enough to fit into the client's RAM. WAN Boot
requires the same JumpStart files needed for an NFS install, including a
Solaris Flash archive, a sysidcfg file, a rules.ok file, and a profile file.
The JumpStart files (Solaris Flash archive, sysidcfg, rules.ok, and
profile) must be accessible to the web server. Copy these files to a
location under the web server's documents directory:
# cp /export/config /var/apache/htdocs/wanboot10/config
The wanboot.conf file contains information used to drive the WAN Boot
process. The CGI program wanboot-cgi uses information contained in
these files to determine file paths, encryption, signing policies, and other
characteristics of the operating environment. The following is a sample
available at /etc/inet/wanboot.conf.sample:
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident"@(#)wanboot.conf.sample1.204/01/30 SMI"
####################################################################
# wanboot.conf(4): boot configuration file.
#
# Please consult wanboot.conf(4) for further information. Note that
The WAN Boot web server CGI programs must be copied to the web
server cgi-bin directory:
# cp /usr/lib/inet/wanboot/*-cgi /webhome/cgi-bin/*-cgi
The wanboot-cgi uses the encr program to encrypt the boot file system
before sending it to the client:
Usage: encr -o type=<3des|aes> -k key_file
The wanboot-cgi uses the hmac program to generate HMAC SHA-1 hash
signatures of components transmitted to the client:
Usage: hmac [-i input_file] -k key_file
Preparation
Instructor Preparation note: Verify the EduJump installation of the timesaver bundle
SA225_B_timesaverflar_SunOS5.10_sun4u_en-US_1_1_S.tar.gz (for SA225) or SA210-
S10_A_timesaverflar_SunOS5.10_sun4u_en-US_1_1_S.tar.gz (for SA210). The postinstall scripts in
these bundles move a small flash archive into the /var/apache/htdocs/flashdir directory.
At the time of this writing, there is a bug that prevents WANBoot from working correctly. The CR # is
6369598, and the result of the boot is that the miniroot loads, but the system fails during the search for the
Jumpstart directory with the message “/usr/sbin/install.d/profind: bad substitution”. This bug
was introduced in Solaris 10 Update 1. It was not a problem in Solaris 10 FCS and will not be a problem
later, in Solaris 10 Update 2 build 4 and beyond. Because this course is based on Solaris 10 Update 1, the
problem will present in this lab.
This lab also requires that Solaris 10 Update 1 DVDs are in the DVD
drives.
______________________________________________________________
● WAN Boot server IP Address:
______________________________________________________________
● Directory containing the web server documents, also known as the
docroot. (default: /var/apache/htdocs):
______________________________________________________________
● Directory under the docroot that contains the Solaris 10 OS Flash
archive. (default:/var/apache/htdocs/flashdir/):
______________________________________________________________
● Directory under the docroot that contains the wanboot program file
and miniroot filesystem.
(default: /var/apache/htdocs/wanboot10):
______________________________________________________________
● Directory under the docroot that contains the sysidcfg, rules, and
profile files. (default: /var/apache/htdocs/config):
______________________________________________________________
● Directory that contains the wanboot.conf and system.conf files
(default: /etc/netboot):
______________________________________________________________
● WAN Boot client name (for example, WANBootclient):
______________________________________________________________
● WAN Boot client IP address (for example, 192.168.1.25):
______________________________________________________________
Note – Prior to booting the client, make sure that the Install Server setup
complete message has appeared on the server system.
Use the banner command at the ok prompt to show your version of the
PROM.
1. Boot wanboot using the Solaris 10 Update 1 OS CD 1.
2. Enter all of the client networking and Wan Boot server information
at the interactive boot prompt.
3. Check the boot log on the WAN Boot server, or observe the console
messages, and make sure the client system is starting the install over
the http protocol.
Exercise Summary
Manage the discussion based on the time allowed for this module. If you do not have time to spend on
discussion, highlight just the key concepts students should have learned from the lab exercise.
● Experiences
Ask students what their overall experiences with this exercise have been. Go over any trouble spots or
especially confusing areas at this time.
● Interpretations
Ask students to interpret what they observed during any aspect of this exercise.
● Conclusions
Have students articulate any conclusions they reached as a result of this exercise experience.
● Applications
Explore with students how they might apply what they learned in this exercise to situations at their workplace.
Exercise Solutions
This section provides the answers to the exercise tasks.
The following information is not shown in the course either in the SG or in IG. It is tagged so as to be hidden
to all but future course developers (Conditional Comment tag) who might benefit from these notes at some
time.
If the patch to fix the profind error were to be applied, the follow steps would be added to the procedure to
do so. The gist of the fix is to run an additional setup_install_server command to set up an install server
that is writable so that the patch can be applied to it. Then a second setup_install_server command is
issue to set up the wanboot server under the apache area.
The steps are not formally part of the lab because it adds about 2 more hours to the lab and requires 4 more
Gbytes of disk space and the point gained is minor. The lab, as the student will see and do it, shows the
server configuration and the process for booting the client. The only thing missing is a successful client
installation near the end of the procedure.
Discuss this patching procedure if students express an interest in how to get WANboot to work on a Solaris
10 Update 1 system. The patch required has been deposited on the classroom systems, via a lab bundle, in
the /var/sadm/spool directory so if there was interest, time and disk space, you could share these steps
with the students and get the client to successfully install. At the very least, discuss this issue with the
students to make them aware that the problem will go away in update 2 and the procedure in this lab will
produce a successfully installed client at that time. Also mention that the procedure below uses a temp patch
(T patch) and a regular one should be available for customers soon.
1a) This step assumes there is sufficient space (4 GB) in the /export/home file system. If you do not have
sufficient space in that file system, find a large enough file system (on the second disk or elsewhere).
Execute a command similar to the following to install a patchable install server. This command will take
about 2 hours.
# cd /cdrom/cdrom0/s0/Solaris_10/Tools
# ./setup_install_server /export/home/s10u1/dvds/wanbootfix
Verifying target directory...
Calculating the required disk space for the Solaris_10 product
1b) Execute the following command to set an environment variable to avoid deleting a symbolic link for the
var directory under the miniroot during a subsequent setup_install_server command:
# PKG_NONABI_SYMLINKS="true"
# export PKG_NONABI_SYMLINKS
1c) Add the patch to fix the error in the profind script distributed on the Solaris 10 Update 1 DVD but now
in a writable area:
# cd /var/sadm/spool
# patchadd -C /export/home/s10u1/dvds/wanbootfix/Solaris_10/Tools/Boot T119081-14
At this point the patched area should be used for the following step 2 (not hidden in these instructor notes).
In other words, execute the next setup_install_server command from
/export/home/s10u1/dvds/wanbootfix/Solaris_10/Tools, not from the unpatched area included in the
visible lab, /cdrom/cdrom0/s0/Solaris_10/Tools).
2. Setup the wanboot install server. The -b switch installs the server
only. Since a Flash archive will be used for this exercise, spooling the
entire Solaris 10 OS is not needed. This step will take about 30
minutes to complete. Continue with the following steps in a new
terminal window. There is no need to wait until completion to
continue.
# cd /cdrom/cdrom0/s0/Solaris_10/Tools
# ./setup_install_server -b -w /var/apache/htdocs/wanboot \
/var/apache/htdocs/install
3. Copy the architecture dependent wanboot image over to the
wanboot directory. Different images must be used for different
architectures.
# cd /cdrom/cdrom0/s0/Solaris_10/Tools/Boot/platform/sun4u/
# cp wanboot /var/apache/htdocs/wanboot
4. Copy the cgi scripts needed for JumpStart to work, and set their
permissions to 755.
wanboot-cgi – serves all requests including parsing of wanboot
server files (wanboot.conf and system.conf) and client
configuration files (profile and sysidcfg)
bootlog-cgi – creates a log of all client activity in the
/tmp/bootlog.client file
# cp /usr/lib/inet/wanboot/wanboot-cgi /var/apache/cgi-bin/wanboot-cgi
# chmod 755 /var/apache/cgi-bin/wanboot-cgi
# cp /usr/lib/inet/wanboot/bootlog-cgi /var/apache/cgi-bin
# chmod 755 /var/apache/cgi-bin/bootlog-cgi
5. Configure the install server wanboot parameters in the
wanboot.conf file. All server configuration files are placed in the
/etc/netboot directory.
# mkdir /etc/netboot
# vi /etc/netboot/wanboot.conf
boot_file=/wanboot/wanboot
root_server=http://<WANBooter_IP>/cgi-bin/wanboot-cgi
root_file=/wanboot/miniroot
signature_type=
encryption_type=
server_authentication=no
client_authentication=no
resolve_hosts=
boot_logger=http://WANBooter_IP/cgi-bin/bootlog-cgi
system_conf=system.conf
Note – In the wanboot.conf file above, the boot_logger is set to log all
messages to the server, by default under the /tmp directory. An alternative
is to leave this option blank and watch all messages on the client console.
# cd /var/apache/htdocs/config
8. Set up client networking parameters in the sysidcfg file.
# vi sysidcfg
timeserver=localhost
system_locale=C
network_interface=<interface_type> { default_route=none
netmask=255.255.255.0 protocol_ipv6=no }
timezone=US/Central
terminal=vt100
name_service=NONE
security_policy=NONE
root_password=your_password
Note – In the above example of the root_password, make sure that you
cut and paste the actual root password out of the /etc/shadow file.
# ./check
# more rules.ok
Note – Prior to booting the client, make sure that the Install Server setup
complete message has appeared on the server system.
Use the banner command at the ok prompt to show your version of the
PROM.
1. Boot wanboot using the Solaris 10 OS Update 1 CD 1.
ok boot cdrom -o prompt -F wanboot - install
2. Enter all of the client networking and Wan Boot server information
at the interactive boot prompt.
boot> prompt
host-ip? WanBootClient1_IP
subnet-mask? 255.255.255.0
router-ip?
hostname? WanBootClient1
http-proxy?
client-id?
aes?
3des?
sha1?
bootserver? http://WANBootserv_IP/cgi-bin/wanboot-cgi
Ignore the error:
Unknown variable '/129.148.192.83/cgi-bin/wanboot-cgi'; ignored
boot> list
host-ip: WanbootClient1_IP
subnet-mask: 255.255.255.0
router-ip: UNSET
hostname: WANBootclient1
http-proxy: UNSET
client-id: UNSET
aes: *HIDDEN*
3des: *HIDDEN*
sha1: *HIDDEN*
bootserver: http://WANBootserv-IP/cgi-bin/wanboot-cgi
boot> go
3. If you configured the boot_logger to log all messages to the
WANBoot server in Task 2, Step 5, check the boot log and make sure
the client system is starting the install over the http protocol.
# tail -f /tmp/bootlog.WanBootClient1
Feb 01 10:31:43 sys-02 wanboot: [ID 848080 user.progress] miniroot: Read
34712 of 247776 kB (14%)
Feb 01 10:31:59 sys-02 wanboot: [ID 193690 user.progress] miniroot: Read
54552 of 247776 kB (22%)
...
Download complete
Note – This lab is using Solaris 10 Update 1. There is a known bug with
this update release that prevents the client from completely installing.
The error message displayed on the client console is as follows:
...
Starting Solaris installation program...
Searching for JumpStart directory...
/usr/sbin/install.d/profind: bad substitution
Warning: Could not find matching rule in rules.ok
This error is fixed and will be available as a patch for Solaris 10 Update 1
installations. The fix will be included in Solaris 10 Update 2.