SA-210-S10

Make the Transition to the Solaris™ 10 Operating System SA-210-S10Student Guide With Instructor Notes Sun Microsystems, Inc. UBRM05-104 500 Eldorado Blvd. Broomfield, CO 80021 U.S.A. Revision A March 29, 2006 12:13 pm Copyright 2006 Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, California 94303, U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Sun, Sun Microsystems, the Sun logo, Solaris, Sunsolve, JumpStart, Java, Sun Java System, Sun Update Connection, Sun Update Manager, Sun Enterprise Authentication Mechanism, and Ultra are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Federal Acquisitions: Commercial Software – Government Users Subject to Standard License Terms and ConditionsExport Laws. Products, Services, and technical data delivered by Sun may be subject to U.S. export controls or the trade laws of other countries. You will comply with all such laws and obtain all licenses to export, re-export, or import as may be required after delivery to You. You will not export or reexport to entities on the most current U.S. export exclusions lists or to any country subject to U.S. embargo or terrorist controls as specified in the U.S. export laws. You will not use or provide Products, Services, or technical data for nuclear, missile, or chemical biological weaponry end uses. DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. THIS MANUAL IS DESIGNED TO SUPPORT AN INSTRUCTOR-LED TRAINING (ILT) COURSE AND IS INTENDED TO BE USED FOR REFERENCE PURPOSES IN CONJUNCTION WITH THE ILT COURSE. THE MANUAL IS NOT A STANDALONE TRAINING TOOL. USE OF THE MANUAL FOR SELF-STUDY WITHOUT CLASS ATTENDANCE IS NOT RECOMMENDED. Export Control Classification Number (ECCN) assigned: 26 March, 2006 Please Recycle Copyright 2006 Sun Microsystems Inc., 901 San Antonio Road, Palo Alto, California 94303, Etats-Unis. Tous droits réservés. Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l’utilisation, la copie, la distribution, et la décompilation. Aucune partie de ce produit ou document ne peut être reproduite sous aucune forme, par quelque moyen que ce soit, sans l’autorisation préalable et écrite de Sun et de ses bailleurs de licence, s’il y en a. Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié par des fournisseurs de Sun. Sun, Sun Microsystems, le logo Sun, Solaris, SunSolve, JumpStart, Java, Sun Java System, Sun Update Connection, Sun Update Manager, Sun Enterprise Authentication Mechanism, etUltra sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d’autres pays. Toutes les marques SPARC sont utilisées sous licence sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d’autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.UNIX est une marques déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd.Législation en matière dexportations. Les Produits, Services et données techniques livrés par Sun peuvent être soumis aux contrôles américains sur les exportations, ou à la législation commerciale dautres pays. Nous nous conformerons à lensemble de ces textes et nous obtiendrons toutes licences dexportation, de ré-exportation ou dimportation susceptibles dêtre requises après livraison à Vous. Vous nexporterez, ni ne ré-exporterez en aucun cas à des entités figurant sur les listes américaines dinterdiction dexportation les plus courantes, ni vers un quelconque pays soumis à embargo par les Etats-Unis, ou à des contrôles anti-terroristes, comme prévu par la législation américaine en matière dexportations. Vous nutiliserez, ni ne fournirez les Produits, Services ou données techniques pour aucune utilisation finale liée aux armes nucléaires, chimiques ou biologiques ou aux missiles. LA DOCUMENTATION EST FOURNIE “EN L’ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFAÇON. CE MANUEL DE RÉFÉRENCE DOIT ÊTRE UTILISÉ DANS LE CADRE D’UN COURS DE FORMATION DIRIGÉ PAR UN INSTRUCTEUR (ILT). IL NE S’AGIT PAS D’UN OUTIL DE FORMATION INDÉPENDANT. NOUS VOUS DÉCONSEILLONS DE L’UTILISER DANS LE CADRE D’UNE AUTO-FORMATION. Please Recycle Table of Contents About This Course .................................................................Preface-i Course Goals............................................................................ Preface-i Course Map..............................................................................Preface-ii Topics Not Covered...............................................................Preface-iii How Prepared Are You?.......................................................Preface-iv Introductions ........................................................................... Preface-v How to Use Course Materials ..............................................Preface-vi Conventions ...........................................................................Preface-vii Typographical Conventions ..................................... Preface-viii Managing Services With the Service Management Facility (SMF)..................................................................................................1-1 Objectives ........................................................................................... 1-1 Additional Resources ........................................................................ 1-3 The Service Management Facility.................................................... 1-4 Features ...................................................................................... 1-4 The SMF Architecture............................................................... 1-4 Services ...................................................................................... 1-6 Writing a Service Manifest..................................................... 1-14 Example New Service Script ................................................ 1-23 The /usr/share/lib/xml/dtd/service_bundle.dtd File ............................................................................................. 1-29 Managing Services .................................................................. 1-29 Troubleshooting ...................................................................... 1-43 Example of Adding a Service to startd ............................. 1-51 Example of Adding a Service to inetd................................ 1-53 Exercise: Listing, Enabling, and Disabling Services.................... 1-56 Preparation............................................................................... 1-56 Task ........................................................................................... 1-56 Exercise: Implementing an SMF Service....................................... 1-58 Preparation............................................................................... 1-58 Task ........................................................................................... 1-58 Exercise: Implementing an SMF inetd Service ......................... 1-60 vii Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Preparation............................................................................... 1-60 Task ........................................................................................... 1-60 Exercise: Creating Your Own Services.......................................... 1-62 Preparation............................................................................... 1-62 Task ........................................................................................... 1-62 Exercise Summary............................................................................ 1-64 Exercise Solutions: Listing, Enabling, and Disabling Services .............................................................................................. 1-65 Task ........................................................................................... 1-65 Exercise Solutions: Implementing an SMF Service ..................... 1-69 Task ........................................................................................... 1-69 Exercise Solutions: Implementing an SMF inetd Service........ 1-70 Task ........................................................................................... 1-70 Exercise Solutions: Creating Your Own Services ........................ 1-72 Task ........................................................................................... 1-72 Introducing the Solaris OS Directory Hierarchy ........................... 2-1 Objectives ........................................................................................... 2-1 Additional Resources ........................................................................ 2-3 System Directory Changes................................................................ 2-4 In-Memory versus On-disk System Directories ................... 2-4 Directory Name Changes and New/Old Directories.......... 2-5 Managing Local Disk Devices......................................................... 3-1 Objectives ........................................................................................... 3-1 Additional Resources ........................................................................ 3-3 Listing a System’s Devices................................................................ 3-4 The format Command............................................................. 3-4 Multiterabyte Volume Support With EFI Disk Labels ........ 3-7 Reconfiguring Devices .................................................................... 3-11 /devices and /dev Directory Link Changes ..................... 3-11 Managing the Solaris OS File System............................................ 4-1 Objectives ........................................................................................... 4-1 Additional Resources ........................................................................ 4-3 Pseudo File Systems .......................................................................... 4-4 Pseudo File Systems in the /etc/vfstab File...................... 4-4 Multiterabyte UFS File Systems....................................................... 4-5 UFS Logging Enabled by Default ........................................... 4-6 Logging and the /etc/vfstab File........................................ 4-7 New mount Command Flags............................................................ 4-8 Installing the Solaris OS.................................................................. 5-1 Objectives ........................................................................................... 5-1 Additional Resources ........................................................................ 5-3 Installation Methods.......................................................................... 5-4 Solaris 10 OS Installation and Upgrade Options.................. 5-4 Solaris Installation Command Line Interpreter (CLI) ......... 5-4 viii Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Solaris WAN Boot ..................................................................... 5-5 Installation Requirements for the Solaris 10 OS ............................ 5-6 Solaris 10 OS Hardware Requirements for Installation ...... 5-6 Memory Requirements for Display Options During Installation............................................................................... 5-7 Installation Media ..................................................................... 5-9 Solaris OS Software Groups .................................................... 5-9 Specific Configuration Changes During Text-Based Solaris Installation................................................................... 5-10 Solaris x86/x64 Installation and GRUB ........................................ 5-12 Influencing Boot Behavior .................................................... 5-17 Introducing the Fundamentals of Package and Patch Administration ..................................................................................6-1 Objectives ........................................................................................... 6-1 Additional Resources ........................................................................ 6-3 Longer Package Names..................................................................... 6-4 Signed Packages and Patches........................................................... 6-5 Solaris 10 OS Patch Access Policy.................................................... 6-7 Introducing the Sun Update Connection ....................................... 6-8 Administering Patches ............................................................. 6-9 Sun Update Connection Modes ........................................... 6-10 Using Sun Update Manager ........................................................... 6-20 Establishing a Sun Online Account ...................................... 6-20 Obtain a Sun Service Plan (Optional)................................... 6-20 Downloading and Installing the Sun Update Connection Client Software................................................... 6-21 Starting Sun Update Manager For the First Time .............. 6-21 Installing Updates With the Sun Update Manager..................... 6-30 Setting Sun Update Manager Client Preferences ........................ 6-32 Sun Update Connection Proxy....................................................... 6-33 Registration .............................................................................. 6-33 Obtaining, Installing and Initially Configuring the Sun Update Connection Proxy.............................................. 6-33 Configuring Clients to Use the Sun Update Connection Proxy .................................................................................................. 6-36 Patch Admininstration From the Command Line (CLI) ............ 6-38 Using the smpatch Command ....................................................... 6-40 Phases for Applying Updates ............................................... 6-40 Example Commands .............................................................. 6-41 Configuring the Patch Management Environment..................... 6-46 Using the Update Policy for Applying Updates ................ 6-47 Example of Using the Update Policy ................................... 6-50 Working With Multiple Updates.......................................... 6-56 Working With Multiple Systems .......................................... 6-57 Authorization and Authentication ....................................... 6-57 ix Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Installing Patch Clusters ................................................................. 6-59 Further Information......................................................................... 6-64 Introducing the Sun Update Connection Hosted Web Application ....................................................................................... 6-65 Using the Sun Update Connection Hosted Web Application ....................................................................................... 6-67 Leveraging the Systems Affected Function......................... 6-75 Performing User Administration .................................................... 7-1 Objectives ........................................................................................... 7-1 Relevance............................................................................................. 7-2 Additional Resources ........................................................................ 7-3 Performing User Administration..................................................... 7-4 Managing User Accounts......................................................... 7-4 Miscellaneous Items................................................................. 7-5 Changes in Command-Line Tools ................................................... 7-6 Using the smuser Command .................................................. 7-7 Using the smgroup Command ............................................. 7-11 Changes in GUI Tools ..................................................................... 7-13 Introducing the Solaris Management Console ................... 7-13 Performing System Security........................................................... 8-1 Objectives ........................................................................................... 8-1 Relevance............................................................................................. 8-2 Additional Resources ........................................................................ 8-3 Controlling System Access ............................................................... 8-4 File Transfer Protocol (FTP) Access........................................ 8-4 System Files That Store User Account Information ............. 8-6 Password Management............................................................ 8-7 Configuring and Using Printer Services........................................ 9-1 Objectives ........................................................................................... 9-1 Relevance............................................................................................. 9-2 Additional Resources ........................................................................ 9-3 Network Printing Fundamentals..................................................... 9-4 Printer Filters ............................................................................. 9-4 Printer Tools........................................................................................ 9-6 GUI Tools ................................................................................... 9-6 Command Line Tools ............................................................... 9-9 Other Changes in Functionality..................................................... 9-10 Directory and File Locations ................................................. 9-10 Print Requests From the Network ........................................ 9-11 Describing Network Basics........................................................... 10-1 Objectives ......................................................................................... 10-1 Additional Resources ...................................................................... 10-3 Interface Configuration ................................................................... 10-4 Interface Files........................................................................... 10-4 x Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Changing the System Host Name ....................................... 10-7 Describing the Client-Server Model .................................... 10-8 Managing Crash Dumps, Core Files and Paging.........................11-1 Objectives ......................................................................................... 11-1 Additional Resources ...................................................................... 11-3 Changing the Core File Configuration ................................ 11-6 Paging .............................................................................................. 11-12 Multiple Page Size Support (MPSS) ................................... 11-12 Configuring NFS .............................................................................12-1 Objectives ......................................................................................... 12-1 Additional Resources ...................................................................... 12-3 NFSv4 (New With Solaris 10)......................................................... 12-4 Pseudo-File System................................................................. 12-5 The /etc/default/nfs file ............................................... 12-14 SMF Effects on NFS ............................................................. 12-16 NFS Server and Client Daemon Recap ............................. 12-19 Displaying NFS Mounted Resources ................................ 12-20 NFS Server Logging.............................................................. 12-20 Configuring AutoFS .......................................................................13-1 Objectives ......................................................................................... 13-1 Additional Resources ...................................................................... 13-3 Special Mountings............................................................................ 13-4 New AutoFS Configuration File .......................................... 13-5 Configuring Solaris Volume Manager Software ..........................14-1 Objectives ......................................................................................... 14-1 Additional Resources ...................................................................... 14-3 Solaris Volume Manager Concepts ............................................... 14-4 The State Database Replicas ........................................................... 14-5 Creating the State Database................................................... 14-6 Configuring RAID-0 ...................................................................... 14-17 RAID-0 Striped Volumes .............................................................. 14-18 Creating a RAID-0 Volume ................................................ 14-20 Configuring RAID-1 ...................................................................... 14-34 Building a Mirror of the Root (/) File System............................ 14-37 The Scenario.......................................................................... 14-38 Creating The RAID-0 Volumes ........................................... 14-38 Creating The RAID-1 Volume............................................. 14-50 Unmirroring the Root (/) File System............................... 14-67 The metassist Command ................................................. 14-69 Exercise: Mirroring the Root (/) File System ............................. 14-71 Preparation............................................................................. 14-71 Task ........................................................................................ 14-71 Exercise Summary.......................................................................... 14-75 Exercise Solutions .......................................................................... 14-76 xi Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Exercise: Mirroring the Root (/) File System .................... 14-76 Task ......................................................................................... 14-76 Controlling Access and Configuring System Messaging .......... 15-1 Objectives ......................................................................................... 15-1 Additional Resources ...................................................................... 15-3 Configuring System Messaging ..................................................... 15-4 The loghost Setting ............................................................... 15-4 The /etc/syslog.conf File ................................................ 15-6 Naming Services ............................................................................ 16-1 Objectives ......................................................................................... 16-1 Additional Resources ...................................................................... 16-3 Lightweight Directory Access Protocol (LDAP) ......................... 16-4 LDAP Directory Server .......................................................... 16-4 Changes in the /etc/nsswitch File ............................................. 16-5 The /etc/nsswitch.conf File .................................................. 16-5 The /etc/nsswitch.dns File ................................................... 16-5 The /etc/nsswitch.ldap File................................................. 16-7 The /etc/nsswitch.nis File.................................................... 16-8 Configuring the NIS Domain ......................................................... 16-9 The /var/yp/Makefile File ................................................. 16-9 NIS to LDAP Transition Tool .............................................. 16-10 Configuring the Custom JumpStart Procedure .......................... 17-1 Objectives ......................................................................................... 17-1 Relevance........................................................................................... 17-2 Additional Resources ...................................................................... 17-3 Introducing JumpStart Differences ............................................... 17-4 Boot Services ............................................................................ 17-4 Identification Services ............................................................ 17-5 Configuration Services ........................................................... 17-5 Installation Services ................................................................ 17-5 Examples of the sysidcfg File ............................................. 17-6 Changes to the Profile File ................................................. 17-8 Booting the JumpStart Client ............................................. 17-14 Finish Scripts.......................................................................... 17-14 Performing a Flash Installation .................................................... 18-1 Objectives ......................................................................................... 18-1 Additional Resources ...................................................................... 18-3 Introducing Flash Archives and Installations.............................. 18-4 Creating and Manipulating Flash Archives........................ 18-5 Creating a Flash Archive........................................................ 18-6 Administering a Flash Archive ............................................. 18-8 Using a Flash Archive for Installation ............................... 18-10 Differential Flash Archives ........................................................... 18-18 Creating a Differential Flash Archive ................................ 18-18 xii Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A ............................. 20-5 The WAN Boot Process ................................. Inc............................................... Enterprise Services. 20-7 WAN Boot Server Configuration......... 18-21 Preparation................................. 20-28 Task 2– Configuring the WAN Boot and JumpStart Files ......................................................................................................... 20-4 Features .............. 20-34 xiii Copyright 2006 Sun Microsystems...................................................................................................... 18-23 Exercise Solutions .................................................................................................................................................................................. 20-29 Task 3– Booting the WAN Boot Client ........................ 18-24 Creating a Flash Archive......... 20-25 Task 2– Configuring the WAN Boot and JumpStart Files ...................................................... 20-3 Introducing the Basics of WANboot (New in Solaris 9 Updates) ............................... 18-24 Using Live Upgrade......................... 20-23 Task 1– Configuring the Apache Web Server................. 19-27 Introducing WANBoot ............................................................................................... 19-1 Additional Resources ..................................................................................................................................................................................................................................................................................................................... 19-6 Example Procedure: Live Upgrade and Differential Flash Archives ......................................... 20-28 Task 1– Configuring the Apache Web Server......Exercise: Creating a Flash Archive .................................................. 20-11 WAN Boot Troubleshooting......... 20-26 Exercise Summary...................................... 20-25 Task 3– Booting the WAN Boot Client .......................... 19-7 Live Upgrade and Other Configurations .........................19-1 Objectives . Revision A ............................................. All Rights Reserved..... 20-4 Advantages of the WAN Boot Procedure ................................. 20-5 WAN Boot Changes..................... 19-3 Introducing Solaris Live Upgrade ........................................................................................................... 19-4 Solaris Live Upgrade Process................................ 20-1 Additional Resources ................... 18-21 Exercise Summary.............................................................. 19-5 Live Upgrade Commands ................................................... 18-21 Task ............. 20-23 Preparation...................................................................................................................................................... 20-27 Exercise Solutions ....................................................................................20-1 Objectives ............................. 20-22 Exercise: Configuring WANboot........................................................................................................................... . Revision A . Sun Services. Inc. you should be able to describe differences between the Solaris™ 8 or 9 OS and the Solaris 10 OS as they relate to the administration tasks in the following areas: ● ● ● ● ● ● ● ● ● ● ● ● Managing file systems Installing software Performing system boot procedures Performing user and security administration Managing network printers and system processes Performing system backups and restores Describing network basics Managingvirtual file systems and core dumps Managing storage volumes Controlling access and configure system messaging Setingt up name services Performing advanced installation procedures Preface-i Copyright 2006 Sun Microsystems.Preface About This Course Course Goals Upon completion of this course. All Rights Reserved. Managing Services Managing Services With the Service Management Facility Managing File Systems Introducing the Solaris™ OS Directory Hierarchy Managing Local Disk Devices Managing the Solaris OS File System Installing Software Installing the Solaris OS Introducing the Fundamentals of Package and Patch Administration Performing User and Security Administration Performing User Administration Performing Security Administration Managing Printers Configuring and Using Printer Services Describing Network Basics Describing Network Basics Managing Virtual File Systems and Core Dumps Managing Crash Dumps. Sun Services. and Paging Configuring NFS Configuring AutoFS Managing Storage Volumes Configuring Solaris Volume Manager Software Controlling Access and Configuring System Messaging Controlling Access and Configuring System Messaging Setting Up Naming Services Using Name Services Performing Advance Installation Procedures Configuring the Custom JumpStart™ Procedure Performing a Flash Installation Using Live Upgrade Introducing WANBoot Preface-ii Make the Transition to the Solaris™ Operating System Copyright 2006 Sun Microsystems. Core Files. All Rights Reserved.Course Map Course Map The course map enables you to see what you have accomplished and where you are going in reference to the course goals. Inc. Revision A . About This Course Copyright 2006 Sun Microsystems. Revision A Preface-iii . All Rights Reserved.Topics Not Covered Topics Not Covered This course does not cover the following topics. Many of these topics are covered in other courses offered by Sun Educational Services: ● Basic UNIX® commands – Covered in SA-100: UNIX® Essentials Featuring the Solaris™ 10 Operating System The vi editor – Covered in SA-100: UNIX® Essentials Featuring the Solaris™ 10 Operating System Basic UNIX file security – Covered in SA-100: UNIX® Essentials Featuring the Solaris™ 10 Operating System Basic system security – Covered in SA-100: UNIX® Essentials Featuring the Solaris™ 10 Operating System Hardware or software troubleshooting – Covered in ST-350: Sun™ Systems Fault Analysis Workshop System tuning – Covered in SA-400: Enterprise System Performance Management Detailed shell programming – Covered in SA-245: Shell Programming for System Administrators Detailed network administration concepts – Covered in SA-300: Network Administration for the Solaris™ 10 Operating System ● ● ● ● ● ● ● Refer to the Sun Educational Services catalog for specific information and registration. Inc. Sun Services. Inc. as a Solaris 8 or Solaris 9 administrator. Sun Services.How Prepared Are You? How Prepared Are You? To be sure you are prepared to take this course. Revision A . can you answer yes to the following questions? ● Can you install and boot the Solaris 10 Operating System (Solaris 10 OS) on a stand-alone workstation? Can you implement basic system security? Can you add users to the system using the Solaris Management Console software? Can you use the pkgadd command to add software packages? Can you monitor and mount file systems? Can you manage disk devices and processes? Can you perform backups and restorations? ● ● ● ● ● ● Preface-iv Make the Transition to the Solaris™ Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. function.Introductions Introductions Now that you have been introduced to the course. All Rights Reserved. Inc. addressing the following items: ● ● ● ● ● ● Name Company affiliation Title. About This Course Copyright 2006 Sun Microsystems. Revision A Preface-v . Sun Services. and job responsibility Experience related to topics presented in this course Reasons for enrolling in this course Expectations for this course. introduce yourself to the other students and the instructor. such as a process. Objectives support goals and can support other higher-level objectives. Visual aids commonly contain graphics. in a visual form. and demonstration. Activities help you facilitate the mastery of an objective. ● ● ● ● Preface-vi Make the Transition to the Solaris™ Operating System Copyright 2006 Sun Microsystems. Objectives – You should be able to accomplish the objectives after completing a portion of instructional content. Revision A . Inc. All Rights Reserved. such as an exercise. self-check. Visual aids – The instructor might use several visual aids to convey a concept. Sun Services. Lecture – The instructor presents information specific to the objective of the module. animation. and video. these course materials contain a learning module that is composed of the following components: ● Goals – You should be able to accomplish the goals after finishing this course and meeting all of its objectives.How to Use Course Materials How to Use Course Materials To enable you to succeed in this course. This information helps you learn the knowledge and skills necessary to succeed with the activities. discussion. Activities – The activities take oemailsn various forms. Inc. ! ? Discussion – Indicates a small-group or class discussion on the current topic is recommended at this time. Sun Services. All Rights Reserved. Students should be able to understand the concept or complete the task without this information. Examples of notational information include keyword shortcuts and minor system adjustments.Conventions Conventions The following conventions are used in this course to represent various training elements and alternative learning resources. Revision A Preface-vii . Note – Indicates additional information that can help students but is not crucial to their understanding of the concept being described. 1 2 3 Demonstration – Indicates a demonstration of the current topic is recommended at this time. Icons Additional resources – Indicates other references that provide additional information on the topics described in the module. About This Course Copyright 2006 Sun Microsystems. and on-screen computer output. programming code. All Rights Reserved. and execute rights for filename to world. or words that you want to emphasize. write. Inc. type: # ls Courier italics is used for variables and command-line placeholders that are replaced with a real name or value. Sun Services. for example: To list the files in this directory. directories. Courier italic bold is used to represent variables whose values are to be entered by the student as part of an activity. for example: Read Chapter 6 in the User’s Guide. group. files. system% You have mail. Preface-viii Make the Transition to the Solaris™ Operating System Copyright 2006 Sun Microsystems. for example: Use ls -al to list all files. Revision A . and users. new words or terms.Conventions Typographical Conventions Courier is used for the names of commands. for example: To delete a file. use the rm filename command. for example: Type chmod a+rwx filename to grant read. These are called class options. Courier bold is used for characters and numbers that you type. Palatino italics is used for book titles. Sun Services. Core Files and Paging Configuring NFS Configuring AutoFS OK Configuring Solaris Volume Manager Software Controlling Access and Configuring System Messaging Naming Services Configuring the Custom JumpStart Procedure Performing a Flash Installation Using Live Upgrade Lecture (Minutes) 40 90 15 15 15 30 120 30 15 15 15 15 30 15 90 15 15 15 30 60 Lab (Minutes) Total Time (Minutes) 40 75 0 0 0 0 0 0 0 0 0 00 0 0 60 0 0 0 45 0 165 15 15 15 30 120 30 15 15 15 15 30 15 150 15 15 15 75 60 About This Course Copyright 2006 Sun Microsystems. If you are teaching an LVC. Module About This Course Managing Services With the Service Management Facility (SMF) Introducing the Solaris OS Directory Hierarchy Managing Local Disk Devices Managing the Solaris OS File System Installing the Solaris OS Introducing the Fundamentals of Package and Patch Administration Performing User Administration Performing System Security Configuring and Using Printer Services Describing Network Basics Managing Crash Dumps. All Rights Reserved. Inc. Revision A Preface-ix .Conventions Notes to the Instructor There are no overheads for this course. display the PDF file of the Student Guide in the whiteboard area. Inc. Sun Services. Revision A .Conventions Total Time (Minutes) 150 Module Introducing WANBoot Lecture (Minutes) 60 Lab (Minutes) 90 Preface-x Make the Transition to the Solaris™ Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. Revision A . Inc. Enterprise Services. you should be able to identify features of the Service Management Facility (SMF). Upon completion of this module. All Rights Reserved. 1-1 Copyright 2006 Sun Microsystems.Module 1 Managing Services With the Service Management Facility (SMF) Objectives This module is an overview of the service management features included in the Solaris™ 10 Operating System (Solaris 10 OS). Enterprise Services.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Inc. Revision A . All Rights Reserved. ! ? Discussion – The following question is relevant to understanding the SMF features in the Solaris 10 OS ● How are services started and managed in the Solaris 10 OS? 1-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. While they are not expected to know the answers to these questions. the answers should be of interest to them and inspire them to learn the material presented in this module. Revision A 1-3 . PN 817-0403 Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. All Rights Reserved.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● System Administration Guide: Basic Administration. Enterprise Services. PN 817-1985 System Administration Guide: Advanced Administration. Inc. instances of such services can be created.The Service Management Facility The Service Management Facility The Service Management Facility (SMF) delivers a unified Solaris service configuration infrastructure capable of accurately modeling any Solaris service and its interaction with Solaris and other services. compatibility or conversion of legacy configuration files is handled on a service-by-service basis. All Rights Reserved. Inc. Rather than the problematic use of rc scripts. and status collected by the infrastructure. Features An SMF infrastructure consisting of a service configuration repository. and reduces dependency conflicts. Enterprise Services. started. enabling Solaris services to express the following: ● ● Restart requirements Requirements for the presence of prerequisite services and system facilities (such as networking) Requirements for identity and privileges for various tasks Configuration settings per instance ● ● Solaris services are modeled by describing them in terms of an SMF schema and associated service methods. SMF starts services in parallel according to dependencies. This saves time and system administration effort. which allows the system to boot faster. and administrative CLI utilities along with supporting kernel functionality is available. process re-starter. The goals of the project are the following: ● ● Supply a mechanism to formalize relationships between services Provide a unified repository for configuration of service startup behavior Allow Solaris to start and restart services automatically over the lifetime of a Solaris instance ● 1-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . stopped. The SMF Architecture The service management facility is a mechanism for providing service start and restart contracts. For existing services converted to SMF services. Once service descriptions are bootstrapped into SMF. inetd) Command-line tools Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Inc. Management Agent Observability Agent inet-service Service inetd(1M) Repository API svc.startd(1M) init(1M) Process Contract Repository Client Kernel Figure 1-1 The SMF Components The main components of SMF are the following: ● ● ● ● ● ● ● Service abstraction Repository of service information Daemon to access the repository (svc.startd) Delegated restarters (for example. Revision A 1-5 .configd) APIs for access to the repository Master restarter daemon (svc.The Service Management Facility Figure 1-1 shows the main components of SMF.configd(1M) svc. Enterprise Services. All Rights Reserved. A milestone corresponds to the system arriving at a defined set of capabilities.The Service Management Facility Services The fundamental unit of administration in SMF is the service. The milestones are used to replace the run levels used with the init command and the rc*.d scripts. The current milestones are: ● milestone/name-services:default – A milestone for use by services who can not run until a name service is running. network infrastructure capabilities application – General software services application/management – Services implementing management facilities application/security – Services implementing high-level security facilities site – Services implementing site-specific software platform – Services implementing platform-specific software ● ● ● ● ● ● ● The milestone service is special in that there is no software to run in connection with the service. ● ● ● ● 1-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Generically. non networked capabilities system/security – Low-level host-centric services implementing security facilities network – Services concerned with host-centric. a service is an entity which provides a known list of capabilities to other local and remote services. Enterprise Services. Revision A . Inc. The categories of services are: ● ● ● milestone – Synthetic services for clean dependency statements device – General device services system – Services concerned with host-centric. All Rights Reserved. milestone/multi-user-server:default – A milestone roughly equivalent to init run level three. milestone/single-user:default – A milestone roughly equivalent to single-user mode or init run level one. milestone/multi-user:default – A milestone roughly equivalent to init run level two. milestone/devices:default – A milestone for use by services that have a dependency on local devices being available. Revision A 1-7 . Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. The lrc scheme is used to support legacy services which have not been migrated to SMF. . Inc. online online offline STIME 9:17:58 9:17:58 9:17:58 9:17:58 9:17:58 9:18:09 9:18:09 9:18:09 9:18:09 9:18:09 9:18:10 9:18:10 9:18:10 9:16:08 9:17:12 9:17:28 9:17:29 9:17:29 9:17:30 9:17:44 9:17:46 9:17:46 9:17:55 9:17:56 9:17:56 FMRI lrc:/etc/rcS_d/S10pfil lrc:/etc/rcS_d/S29wrsmcfg lrc:/etc/rcS_d/S35cacheos_sh lrc:/etc/rcS_d/S41cachefs_root lrc:/etc/rcS_d/S55fdevattach lrc:/etc/rc2_d/S10lu lrc:/etc/rc2_d/S20sysetup lrc:/etc/rc2_d/S40llc2 lrc:/etc/rc2_d/S42ncakmod lrc:/etc/rc2_d/S47pppd lrc:/etc/rc2_d/S65ipfboot lrc:/etc/rc2_d/S70sckm lrc:/etc/rc2_d/S70uucp svc:/system/svc/restarter:default svc:/milestone/name-services:default svc:/network/loopback:default svc:/network/initial:default svc:/network/physical:default svc:/network/service:default svc:/network/ssh:default svc:/milestone/devices:default svc:/system/device/local:default svc:/system/filesystem/minimal:default svc:/network/rpc/bind:default svc:/network/rpc/keyserv:default 9:55:48 svc:/system/console-login:default 13:19:00 svc:/network/telnet:default 9:16:11 svc:/application/print/ipp-listener:default Solaris uses a URI string called a Fault Managed Resource Identifier (FMRI ) to identify system objects for which advanced fault and resource management capabilities are provided. This information can be accessed using the svcs command. The svc scheme is the type used for services that are SMF aware.The Service Management Facility Information about services and their state is kept in the repository. online online online online online online online online online online online online . . sys-01# svcs STATE legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run . All Rights Reserved. . . Services managed by SMF are assigned FMRI strings prefixed with the scheme name svc or lrc. Enterprise Services. For example. There are times when it is helpful to run multiple instances of a service (for example a Web Server serving multiple ports). The following is an example of a service with multiple instances: sys-01# svcs sysidtool STATE STIME FMRI online 9:17:56 svc:/system/sysidtool:net online 9:17:58 svc:/system/sysidtool:system Service States A service can be in one of the following states (see Figure 1-2): ● Uninitialized – Uninitialized is the initial state for all instances. Services in this state are not yet running. Maintenance – The maintenance state indicates the service is unavailable due to maintenance activities or requires administrator intervention. Instances remaining in this state are usually the victim of unsatisfied dependencies or errors occurring during the start method. and their configuration data is unread. the administrator must interact with SMF to start the service. Inc. SMF provides for service instances. Offline – Instances are in the offline state when their configuration has been read but they aren’t running. All Rights Reserved. Revision A . Disabled – The disabled state is a result of the service instance being marked as disabled in the configuration data or explicitly disabled by the administrator. The first instance of a service is normally tagged the default instance.The Service Management Facility A service provides a known list of capabilities. While the service may be startable. The maintenance state can be reached either by explicit administrative request or through an internal action by SMF in response to a non-transient error of the service or the state machine. Degraded – The degraded state is when the service instance still meets most of its criteria for execution but has some limited set of failures which identify it as degraded. svc:/network/rpc/bind:default identifies the default instance of the /network/rpc/bind service. Online – The online state describes a running service with all dependencies met. Enterprise Services. ● ● ● ● ● 1-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The Service Management Facility Services transition from one state to another either due to explicit administrative action or by SMF in response to dependency changes or error conditions. Revision A 1-9 . Service put in maintenance state Service disabled UNINITALIZED Can’t read config Administrator intervention Re-read config data Dependency not met or start failed MAINTENANCE OFFLINE Unresolvable error or thresholds reached Service shutdown. restart or disable Unresolvable error or thresholds reached Dependency met and service enabled ONLINE Service shutdown. restart or disable Start service Re-read config data Service marked disabled Service enabled by admin DISABLED Unresolvable error or thresholds reached Refresh Partial failure of service or dependency Dependencies staisfied and service is healthy DEGRADED No improveme in service Figure 1-2 SMF Service States Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Inc. Enterprise Services. Figure 1-2 shows the SMF service states. All Rights Reserved. dtd.xml <?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle. Enterprise Services.xml' /> <!-svc. A profile is used to set general settings for a system as to what services need to run.org/2003/XInclude' > <!-Include name service profile. or to have configuration parameters in a separate file. It is possible to specify configuration parameters for the service in the manifest as properties or property groups. The manifest files are in the /var/svc/manifest directory tree and the profiles are in the /var/svc/profile tree. for example: ● ● ● ● A mechanism to start and stop the service A mechanism to monitor and restart services A location for configuration data (properties) A location for error messages SMF organizes services using profiles and manifests. A manifest is used to describe a single service or set of related services.1'> . This is particularly important when looking at manifest files. Do not get too detailed about the contents of this file.w3. Most of the class should be familiar with HTML. <service_bundle type='profile' name='generic_open' xmlns:xi='http://www. Emphasize instances.. Revision A . The following is an example of the generic_open profile: sys-01# cd /var/svc/profile sys-01# more generic_open. All Rights Reserved.startd(1M) services --> <service name='system/coreadm' version='1' type='service'> <instance name='default' enabled='true'/> </service> 1-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. --> <xi:include href='file:/var/svc/profile/name_service.. as set by system id tools. Both profiles and manifests are xml type files. Inc. As necessary describe how tags match their beginning and ending.The Service Management Facility Service Components Services are composed of several components. The profile files are usually found in the /var/svc/profile directory. ) Each section lists the services that should be enabled and their instance name. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. the method to start and stop the service. Enterprise Services. All Rights Reserved.. <!-Include inetd(1M) services profile. Inc.xml' /> </service_bundle> The generic_open profile contains several sections. This profile is always read when svc. All manifests live in the /var/svc/manifest directory tree. as indicated by the comments. Revision A 1-11 . The list contains the name of the service. (Sometimes a set of services from a separate file is included with the XML xi:include directive.. and many other things.startd(1M) starts. --> <xi:include href='file:/var/svc/profile/inetd_services. This directory contains subdirectories that logically group services. A manifest is a list of things pertaining to each service.The Service Management Facility <service name='system/cron' version='1' type='service'> <instance name='default' enabled='true'/> </service> <service name='system/cryptosvc' version='1' type='service'> <instance name='default' enabled='true'/> </service> . The current directories found in the /var/svc/manifest directory are as follows: ● ● ● ● ● ● ● application device milestone network platform site system The following is a copy of the system/coreadm. Inc. All Rights Reserved. . Emphasize dependencies and properties. the system console is found under /var/svc/manifest/system/console-login. <service_bundle type=’manifest’ name=’SUNWcsr:coreadm’> <service name=’system/coreadm’ type=’service’ version=’1’> <create_default_instance enabled=’false’ /> <single_instance /> <dependency name=’usr’ type=’service’ grouping=’require_all’ restart_on=’none’> <service_fmri value=’svc:/system/filesystem/minimal’ /> </dependency> <exec_method type=’method’ name=’start’ exec=’/usr/bin/coreadm -u’ timeout_seconds=’60’ /> 1-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.xml.xml manifest: Do not get too detailed about the contents of this file. Enterprise Services.xml and telnet is found under /var/svc/manifest/network/telnet... Revision A .The Service Management Facility For example. xml file). service – Tag to specify services available in this manifest. There may be multiple dependency tags. This tag occurs only once in most manifests but may appear more than once (see the /var/svc/manifest/system/device/devices-local. All Rights Reserved.The Service Management Facility <exec_method type=’method’ name=’stop’ exec=’:true’ timeout_seconds=’60’ /> <property_group name=’startd’ type=’framework’> <propval name=’duration’ type=’astring’ value=’transient’ /> </property_group> <stability value=’Unstable’ /> <template> <common_name> <loctext xml:lang=’C’> System-wide core file configuration service </loctext> </common_name> <documentation> <manpage title=’coreadm’ section=’1M’ manpath=’/usr/share/man’ /> </documentation> </template> </service> </service_bundle> The use of the tags is as follows: ● service_bundle – Tag used to open and close the body of the manifest. Inc. Revision A 1-13 . The first portion of the name component specifies the package from which this service comes. Enterprise Services. dependency – Tag used to specify services on which this service is dependent. ● ● Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. The Service Management Facility ● exec_method – Tag used to specify a method. and include: ● ● application – higher level applications such as Apache milestone – collections of other services such as name services 1-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. SMF keeps snapshots of configuration changes so that a change can be backed out using the svccfg(1M) command if it does not work. A method defines what is used to execute the start and stop of a service. Writing a Service Manifest In order to compose your own manifest. the initial repository is kept in the /lib/svc/seed/global. The disk copy of the configuration information is kept in the /etc/svc/repository. This repository is accessed using the svc. Inc. This file can be accessed by booting with the boot -m seed command (see kernel(1M)). Properties are grouped to make it easier to specify only the properties appropriate to the service being defined. Revision A . Enterprise Services. All Rights Reserved. they are imported into the repository. They help the administrator in identifying the general use of the service. These categories are shown in /var/svc/manifest.startd as it starts. Configuration information for services is maintained in the repository. please refer to the following sections for some guidelines. ● All manifests in the /var/svc/manifest directory tree are read by svc. Name Your Service General service categories for naming of services are provided.configd daemon or through the use of the API interface. As a last resort backup. but these categories aren’t used by the system. This directory contains a file for each service instance which has created log entries.db file. If new services are found. The recommended location of a method is /lib/svc/method/svc-name for integrated products and /basedir/method/svc-name for added applications. Error logs are found in the /var/svc/log directory.db file. Perhaps the easiest way to search for problems is to search for the words ERROR and WARNING in these log files. property_group – Tag used to specify values for property groups. Enterprise Services. Services such as web servers or databases which could run multiple configurations simultaneously (such as use a different database source or run on a different port) should not be specified as single_instance. Inc. Service names should usefully identify the service being provided by the administrator. This tag tells the restarter to not start up multiple service instances simultaneously. The instance name describes any specific features about the instance. Most configuration and system services require single_instance tags. define it as a single_instance service. Some services such as Oracle may want to create instances based on administrative configuration choices. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. All Rights Reserved. the cron service specifies as its prelude: <service name=’system/cron’ type=’service’ version=’1’> Identify Multiple Instances If multiple binaries of your service running simultaneously on the system will cause an error. Revision A 1-15 . Services that are shipped as part of a product or generally extend beyond a site-specific definition should include either the stock symbol or Javastyle reversed domain prefix followed by a comma as part of the category or service name for uniqueness. regardless of administrative configuration. As an example of the naming conventions above. Most services deliver a default instance.The Service Management Facility ● platform – platform-specific services such as Dynamic Reconfiguration daemons system – Solaris system services such as coreadm device – device-specific services network – network/internet services such as protocols site – site specific descriptions ● ● ● ● The service name describes what is being provided and includes both any category identifier and the actual service name. separated by forward slashes (/). Different restarters may require different methods. Existing init scripts can easily serve as the basis for service methods.startd restarter provides three distinct models for service processes: ● Transient services – These are often configuration services which require no long-time running processes in order to provide service.startd: 1-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Death of any processes in a contract service is considered a service error. All Rights Reserved. Contract services – These are the standard system daemons. include after the service block: <single_instance /> Identify Your Service Model In order to provide restart capabilities for services with different run-time characteristics. but may be modified by specifying the following in your service manifest for a transient service: <property_group name=’startd’ type=’framework’> <propval name=’duration’ type=’astring’ value=’transient’ /> </property_group> Identify Start and Stop Methods SMF interacts with services primarily by its methods. Common transient services take care of boot-time cleanup or load of configuration properties into the kernel. and are restarted when that process exits. SMF provides a variety of models for services. Transient services are also sometimes used to overcome difficulties in conforming to the method requirements for contract or wait services. The stop and start methods must be provided for services managed by svc. which will cause the service to restart. these models are provided by the svc. or a script which invokes a more complex setup.startd-managed services. This is not recommended and should be considered a stop gap measure. Currently. ● ● The default service model is contract.The Service Management Facility To specify a single instance service. Inc.startd. Enterprise Services. The following rules and guidance for the methods supported by svc. Wait services – These run for the lifetime of the child process. The refresh method is optional for svc. Revision A . The service can either directly invoke a service binary. Additional models may be provided in the future by either these restarters or by additional restarters. The svc.startd and inetd restarters. They require processes that run forever once started in order to provide service. The following keywords available for all method definitions: ● ● ● ● ● :true – simply returns success to the restarter. If the method could potentially take an unbounded amount of time.startd to the service log file so the administrator can determine cause for failure. The timeout should be defined to be the maximal amount of time in seconds that your method might take to run on a slow system or under heavy load. ● Timeouts must be provided for all methods. Enterprise Services. Start Methods ● ● A start method is required for all svc. :kill – kills all processes started by your service’s start method. start methods should exit with SMF_EXIT_ERR_CONFIG if the service cannot come online due to any configuration error. All Rights Reserved. Additional information (for example.startd-managed services. Start methods run only when the service is enabled and dependencies are met. All non-0 values are considered errors. A method which exceeds its timeout will be killed.sh to gain access to convenience functions and return value definitions. The list of all processes is determined by the service’s contract. Failures must cause explicit error returns. Inc. They will be logged by svc. the start method must leave your daemon running if returning success because exit of all processes will cause the service to be restarted. such as a large filesystem fsck. to avoid restart due to configuration errors) may be provided to the restarter with the SMF_EXIT_* definitions. Methods should emit log messages on failure. ● Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. If your service is of type contract.The Service Management Facility All Methods ● Shell scripts should include /lib/svc/share/smf_include. Therefore. Revision A 1-17 . an infinite timeout may be specified as 0. Now that dependent services are started precisely. ● Stop Methods ● ● A stop method is required for all svc. 1-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Scripts which do so will not work without modification. If no other options are available. A set of method tokens are available for use in method specification for commonly used property values. insert an appropriate long sleep() before successful return. This is because stop methods may be called in error scenarios. even if the service was not running when the execution started. Expecting user interaction (such as console input) is strongly discouraged as part of the service methods. and often immediately after your service returns successfully from its start method. counting on the fact that the serial boot took some time to start dependent services. ● Refresh Methods ● ● Refresh methods are optional for all svc. Daemons should not fork() then exit() from their initial process. A comprehensive list is available in smf_method(5). Enterprise Services. Many init scripts previously started up the daemon and return immediately. It must not cause exit of the existing processes for contract or wait services. it must reload appropriate configuration parameters from the repository or other configuration source without interrupting service.startd-managed services. a positive test for service is required before returning success.The Service Management Facility ● For contract and transient services. Stop methods run in a number of different scenarios including when a dependency goes offline. and when an administrator requests to disable or restart the service. All Rights Reserved. Revision A . imprecise semantics are not acceptable. Thus. If code changes to the daemon/service can not be made. Note that this is true for daemons as well.startd-managed services. they should wait to return until startup errors have been accumulated and can be reported. stop methods should return success if the service is no longer running after execution is complete. Any defined refresh method has very precise semantics. when a service fails. Inc. the start method should not return success until the service is being provided. The following is an example of a start method: <exec_method type=’method’ name=’start’ exec=’/lib/svc/method/svc-cron’ timeout_seconds=’60’> <method_context> <method_credential user=’root’ group=’root’ /> </method_context> </exec_method> Determine Faults to be Ignored If your service is poorly behaved or it might spawn poorly behaved sub processes. does your service require the network to be plumbed.signal’ /> </property_group> Identify Dependencies This is the most difficult part of service conversion. specify the fault propagation model: Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. you can specify that core dumps from sub processes should not be considered errors or that external kill signals are not errors: <property_group name=’startd’ type=’framework’> <propval name=’ignore_error’ type=’astring’ value=’core. when possible. First. The SMF_ variables defined in smf_method(5) are provided to all methods including. It is recommend that long-running services are started with reduced privileges and safe uids and gids. Enterprise Services. as most dependencies are not explicitly stated. each method may specify a method context to define system and security attributes used during method execution.The Service Management Facility The default method environment is inherited from init(1M) with the PATH set to /usr/sbin:/usr/bin. For example. There are two different types of dependencies. Inc. Revision A 1-19 . SMF_FMRI. All Rights Reserved. or name services to be available? Once you’ve decided what your service is dependent on. SMF_METHOD. Variables beginning with SMF_ are reserved for framework use. local devices to be configured. file and service dependencies. and SMF_RESTARTER. inform the restarter that certain errors are expected and do not constitute service faults. identify what other services are required for your service to start. Finally. For instance. All Rights Reserved. so it should be a restart_on=none dependency. so should the service. able to run and not in maintenance. they must be online or degraded before the dependency is started exclude_all – If the service is enabled and online or degraded. --> <dependency name=’nameservice’ type=’service’ grouping=’require_all’ restart_on=’none’> <service_fmri value=’svc:/milestone/name-services’ /> <dependency> 1-20 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. or encourage your vendor to convert. Revision A . fault – Restart if the dependency has a fault such as core dump or a system fault. the legacy script to an SMF service. ● ● ● The following values correspond to the ability to handle restart of the specified dependency utilizing the restart_on property. Inc. restart – If the dependency is restarted. require_any – Any one of the services in the group must be online or degraded before the dependency is started.The Service Management Facility ● none – The dependency is required only for startup. No fault or administrative action requires restart. Otherwise. ● ● ● If your service is dependent on a legacy script. This will never propagate errors from the legacy service. the service should be restarted. the dependency should not be started. refresh – If the dependency is refreshed because its configuration is changed.Must be able to resolve hostnames. Don’t forget to write a comment about the dependencies to help future maintainers: <!-. it is recommended to either convert. optional_all – If the services are enabled. specify that the service has a dependency on the script in the milestone. Enterprise Services. Dependencies may be specified in groupings such as: ● require_all – All in the group must be online or degraded before the dependency is started. prefacing your dependent name with the name of your service. For example.d directory and other services depend on it. create a milestone corresponding to your previous delivery location as a dependent. configure a default instance for your service. All Rights Reserved. Inc. this clause will make sure that run level 2 is not considered complete until your service has started: <dependent name=’mysvc_multi-user’ grouping=’require_all’ restart_on=’none’> <service_fmri value=’svc:/milestone/multi-user’ /> <dependent> Create Default Instance If your service does not require additional administrative intervention for configuration before it starts the first time. this can easily be done: <create_default_instance enabled=’false’ /> Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Revision A 1-21 . use the following: <dependent name=’mysvc_syslog’ grouping=’optional_all’ restart_on=’none’> <service_fmri value=’svc:/system/system-log’ /> <dependent> Insert Your Service Into a Milestone If your service was previously delivered into an rc*. For example. if you’re delivering a service (mysvc) that must start before syslog.The Service Management Facility Identify Dependents If you wish to deliver a service which is a dependency of another service that you do not supply. however there is no way to specify a dependent on a legacy script so all dependents need to be converted to SMF. Enterprise Services. if your service was previously started at run level 2. To avoid naming conflicts. If the instance has no configuration differences from the service. Specifying dependents are an easy way to have your service run before a service delivered by Sun. specify that information in your manifest so that you do not have to modify a manifest you do not own. The following information is presented by various forms of svcs(1) to provide the administrator with concise detail about your service and where to get more technical information.instance-specific properties. All Rights Reserved. avoid punctuation and capital letters aside from trademarks like Solaris. <template> <common_name> <loctext xml:lang=’C’> Solaris fault manager <loctext> <common_name> <documentation> <manpage title=’fmd’ section=’1M’ manpath=’/usr/share/man’ /> <documentation> </template> 1-22 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Common names may be localized. Create Template Information Document at least a common name in the C locale and a man page reference. Inc. Enterprise Services. Revision A . methods.go here. --> </instance> It is recommend that all instances be delivered as disabled unless they are critical to boot the system. you can explicitly define the instance: <instance name=’default’ enabled=’false’> <!-. Do distinguish between client and server services.The Service Management Facility Alternatively. The common name should be short (40 characters or less). and do not use the word service. create the script and place it in a local directory such as /usr/local/svc/method. Enterprise Services. you could create a script to start the database server automatically after the appropriate network services have started. All Rights Reserved. You could then create another script to terminate this service and shut down the database server before the network services are stopped. This file describes the service and any dependency relationships. This procedure can be quite complex.The Service Management Facility Example New Service Script You can create new scripts to start and stop additional processes or services to customize a system. If a script is required to start and stop the process. Service manifests are pulled into the repository either by using the svccfg command or at boot time. Create a service manifest file for your service. The correct procedure is to incorporate the new service into the SMF. For example. Incorporate the script into the SMF using the svccfg utility. Revision A 1-23 . Identify any dependency relationships between this service and any other services. ● ● ● ● ● Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Inc. Establish a name for the service. to eliminate the requirement for a manual start of a database server. The general steps required are detailed in the following list: ● ● Determine the process for starting and stopping your service. and the category this service falls into. Determine whether your service runs multiple instances. 2 04/09/13 SMI" 1-24 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. # Use is subject to license terms. All rights reserved.xml 1. Revision A .. All Rights Reserved.xml <?xml version="1. esac exit 0 # chmod 544 /usr/local/svc/method/newservice # cd /var/svc/manifest/site # vi newservice.1"> <!-Copyright 2004 Sun Microsystems. Enterprise Services..The Service Management Facility The following displays an example: # vi /usr/local/svc/method/newservice #!/sbin/sh # # Copyright 2004 Sun Microsystems. Use is subject to license terms.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle. ident --> <service_bundle type=’manifest’ name=’OPTnew:newservice’> <service name=’site/newservice’ type=’service’ version=’1’> <single_instance/> "@(#)newservice. *) echo "Usage: $0 { start | stop }" . # # ident "@(#)newservice 1. Inc. Inc.dtd. Inc..14 04/08/30 SMI" case "$1" in ’start’) /usr/bin/newservice & . All rights reserved. ’stop’) /usr/bin/pkill -x -u 0 newservice . The Service Management Facility <dependency name=’usr’ type=’service’ grouping=’require_all’ restart_on=’none’> <service_fmri value=’svc:/system/filesystem/local’ /> </dependency> <dependent name=’newservice’ grouping=’require_all’ restart_on=’none’> <service_fmri value=’svc:/milestone/multi-user’ /> </dependent> <exec_method type=’method’ name=’start’ exec=’/lib/svc/method/newservice start’ timeout_seconds=’30’ /> <exec_method type=’method’ name=’stop’ exec=’/lib/svc/method/newservice stop’ timeout_seconds=’30’ /> <property_group name=’startd’ type=’framework’> <propval name=’duration’ type=’astring’ value=’transient’ /> </property_group> <instance name=’default’ enabled=’true’ /> <stability value=’Unstable’ /> <template> <common_name> <loctext xml:lang=’C’> New service </loctext> </common_name> </template> </service> Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. All Rights Reserved. Inc. Revision A 1-25 . Enterprise Services. The entry shows that the service will be started by svc. <single_instance/> ● <property_group name=’startd’ type=’framework’> <propval name=’duration’ type=’astring’ value=’transient’ /> </property_group> ● How the service is started and stopped. <service_bundle type=’manifest’ name=’OPTnew:newservice’> ● <service name=’site/newservice’ type=’service’ version=’1’> ● Whether multiple instances of the service will run. The service model to use. Enterprise Services. Service category. type=’method’ name=’start’ exec=’/lib/svc/method/newservice start’ <exec_method 1-26 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The type (manifest) indicates a simple service rather than a milestone. Inc.The Service Management Facility </service_bundle> The following describes the entries in the file: ● Standard header. <!-Copyright 2004 Sun Microsystems. and version. name. and the service name. All Rights Reserved. <?xml version="1. Inc. type.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle. Revision A .2 04/09/13 SMI" The name of the service. Use is subject to license terms.1"> ● Comment section. All rights reserved.startd.xml 1. Transient services are started once and not restarted. ident --> ● "@(#)newservice. the package providing the service.dtd. All Rights Reserved. Revision A 1-27 . Inc. <dependency name=’usr’ type=’service’ grouping=’require_all’ restart_on=’none’> <service_fmri value=’svc:/system/filesystem/local’ /> </dependency> ● The second entry makes sure that your service is associated with the multi-user milestone and that the multi-user milestone requires this service. The first entry states that the newservice requires the filesystem/local service. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. <instance name=’default’ enabled=’true’ /> <stability value=’Unstable’ /> ● Creating information to describe the service. <template> <common_name> <loctext xml:lang=’C’> New service </loctext> </common_name> </template> The new service (newservice) now needs to be imported into SMF.The Service Management Facility timeout_seconds=’30’ /> <exec_method type=’method’ name=’stop’ exec=’/lib/svc/method/newservice stop’ timeout_seconds=’30’ /> ● Define any dependencies for this service. Enterprise Services. <dependent name=’newservice’ grouping=’require_all’ restart_on=’none’> <service_fmri value=’svc:/milestone/multi-user’ /> </dependent> ● Creating the instance. you can observe that the multiuser milestone requires the newservice in order to complete its requirements. Revision A . # svcs newservice STATE STIME FMRI online 9:11:54 svc:/site/newservice:default # Finally. # svcs newservice STATE STIME FMRI online 8:43:45 svc:/site/newservice:default # It should also be possible to manipulate the service using svcadm. # svcadm -v disable site/newservice site/newservice disabled. Inc. All Rights Reserved.xml After the service has been imported into SMF it should be visible using the svcs command. Enterprise Services. # svcs -d milestone/multi-user:default STATE STIME FMRI disabled 8:43:16 svc:/platform/sun4u/sf880drd:default online 8:43:16 svc:/milestone/name-services:default online 8:43:33 svc:/system/rmtmpfiles:default online 8:43:42 svc:/network/rpc/bind:default online 8:43:46 svc:/milestone/single-user:default online 8:43:46 svc:/system/utmp:default online 8:43:47 svc:/system/system-log:default online 8:43:47 svc:/system/system-log:default online 8:43:49 svc:/system/filesystem/local:default online 8:44:01 svc:/system/mdmonitor:default online 9:11:54 svc:/site/newservice:default # 1-28 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. # svcs newservice STATE STIME FMRI disabled 9:11:38 svc:/site/newservice:default # svcadm -v enable site/newservice site/newservice enabled.The Service Management Facility This is done by running the svccfg utility: # svccfg import /var/svc/manifest/site/newservice. One of the more significant benefits of SMF is visibility into services and their dependencies.dtd File The /usr/share/lib/xml/dtd/service_bundle. Consult this file for additional information when writing services. Point out that the filename may actually have a . All Rights Reserved. This file has many comments that explain the use of the elements and attributes used in the *.startd(1M) – Responsible for starting and stopping services as requested svc.2 appended to it which is the naming convention being use for revision marking.) Use the grep command to find the strings ELEMENT and ATTRIBUTE where the main data models are defined. Inc.xml files.dtd file is a DTD (Document Type Definition) file that defines the structure the *. There are mechanisms to accomplish the following: ● ● ● ● Enable or disable service startup View and modify a service’s dependencies View the current state of all services View and modify service startup configuration data The tools responsible for running services and accessing the repository are as follows: ● svc.configd(1M) – Responsible for accessing the configuration repository inetd(1M) – Delegated restarter ● ● Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Instruct students that they may want to use this technique during the lab exercise which has them write a simple service. Enterprise Services.1 or . Students will have varying backgrounds on XML files and the syntax used in DTDs. Engage the students and keep the training interactive by having them execute appropriate ones on a lab system in a shared window for all to see. (For example.The Service Management Facility The /usr/share/lib/xml/dtd/service_bundle. Managing Services This section contains a number of command examples and output. Elements their attributes are the building blocks of the data structures or models used for defining services and manifests. Share a session and walk students through what is in this somewhat self documenting DTD file. Revision A 1-29 .xml files used in SMF. explain notation like the asterisk symbol which specifies that that element can appear zero or more times in a parent structure. their current state. All Rights Reserved. 1-30 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. To enable or disable inetd refer to svcadm(1M) on how to enable "svc:/network/inetd:default". inetd is the restarter for the network facilities that it has managed in the past. The inetd daemon does not read the inetd. but is implemented significantly different from. In the current Solaris release. In turn. use the inetconv(1M) command.The Service Management Facility The tools available for observing and managing services are as follows: ● ● ● ● ● svcs(1) – Show services. For further information on inetd see inetd(1M). Revision A . the inetd instance. The following is an example of trying to run inetd from the command line: # inetd inetd is now an smf(5) managed service and can no longer be run from the command line. Enterprise Services. the daemon of the same name in Solaris 9 and prior Solaris operating system releases.conf file for configuration information. and modify it according to the syntax: "/usr/lib/inet/inetd [alt_config_file] %m". The network/inetd:default service instance is run by the SMF restarter (svc. The traditional inetd command line option mappings are: -d : there is no supported debug output -s : inetd is only runnable from within the SMF -t : See inetadm(1M) on how to enable TCP tracing -r : See inetadm(1M) on how to set a failure rate To specify an alternative configuration file see svccfg(1M) for how to modify the "start/exec" string type property of the inetd instance. Inc. export and modify service configurations inetadm(1M) – Observe or configure inetd. If there is information in that file that needs to be converted for SMF. and their dependencies svcprop(1) – Show property values for services svcadm(1M) – Manipulate service instances svccfg(1M) – Import.startd). inetd is part of SMF and runs only within that facility.controlled services Changes to the inetd Daemon The inetd daemon performs the same function as. disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 disabled Aug_31 . . online Aug_31 online 17:03:46 offline Aug_31 FMRI lrc:/etc/rcS_d/S10pfil lrc:/etc/rcS_d/S29wrsmcfg lrc:/etc/rcS_d/S35cacheos_sh lrc:/etc/rcS_d/S41cachefs_root lrc:/etc/rcS_d/S55fdevattach lrc:/etc/rc2_d/S10lu lrc:/etc/rc2_d/S20sysetup svc:/platform/sun4u/mpxio-upgrade:default svc:/network/dns/client:default svc:/network/ldap/client:default svc:/network/nis/client:default svc:/network/nis/server:default svc:/network/rpc/nisplus:default svc:/network/dns/server:default svc:/network/inetd-upgrade:default svc:/platform/sun4u/sf880drd:default svc:/system/consadm:default svc:/application/print/cleanup:default svc:/application/print/server:default svc:/system/svc/restarter:default svc:/milestone/name-services:default svc:/network/loopback:default svc:/network/initial:default svc:/network/physical:default svc:/network/service:default svc:/network/ssh:default svc:/milestone/devices:default svc:/system/device/local:default svc:/system/filesystem/minimal:default svc:/network/rpc/bind:default svc:/network/telnet:default svc:/network/smtp:sendmail svc:/application/print/ipp-listener:default Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. .The Service Management Facility The svcs Command The svcs command displays the current state of system services. Enterprise Services. Using the svcs command with the -a option shows all services. . sys-01# svcs -a STATE STIME legacy_run Aug_31 legacy_run Aug_31 legacy_run Aug_31 legacy_run Aug_31 legacy_run Aug_31 legacy_run Aug_31 legacy_run Aug_31 . Inc. All Rights Reserved. online Aug_31 online Aug_31 online Aug_31 online Aug_31 online Aug_31 online Aug_31 online Aug_31 online Aug_31 online Aug_31 online Aug_31 online Aug_31 . Without the -a the svcs command shows only services which are running or available to run. Revision A 1-31 . . . . Enterprise Services. sys-01# svcs -p "*nfs*" disabled Feb_18 disabled Feb_18 disabled Feb_18 online Feb_18 Feb_18 online Feb_18 Feb_18 online Feb_18 online Feb_18 svc:/network/nfs/cbd:default svc:/network/nfs/mapid:default svc:/network/nfs/server:default svc:/network/nfs/status:default 191 statd svc:/network/nfs/nlockmgr:default 200 lockd svc:/network/nfs/rquota:default svc:/network/nfs/client:default SMF also makes it easier to view the dependencies among various services. The svcs command has a -p option that allows you to see the processes that are associated with a service. The following example shows the service or service instances which /system/filesystem/minimal:default service instance depends on. # svcs -D filesystem/minimal STATE STIME FMRI online Aug_31 svc:/system/device/local:default online Aug_31 svc:/system/filesystem/usr:default 1-32 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. and the time it was started. SMF requires each service to describe its dependencies on other services. All Rights Reserved. The -D option lists the service instances which depend on the given service or service instances. The following example uses a pattern match to specify the services to display. explicitly using service identifier strings. Inc. Notice that only services started within the past 24 hours show the actual time stamp.The Service Management Facility To produce its output. The -d option of the svcs command lists the service or service instance upon which the given service instance depends. the svcs command queries the configuration repository and retrieves the name and current state of each service. Revision A . In earlier versions of Solaris. this was basically impossible without access to the service source code and a significant amount of time. sys-01# svcprop svc:/system/system-log:default general/package astring SUNWcsr general/enabled boolean true restarter/contract count 41 restarter/start_pid count 593 restarter/auxiliary_state astring none restarter/next_state astring none restarter/state astring online restarter/state_timestamp time 1093965480.562821000 restarter_actions/refresh integer Specifying the service instead of the instance shows additional properties associated with the service. use the -l option of the svcs command. The following example shows the properties for the syslog default instance.The Service Management Facility The following example shows the service instances which depend on the service instance /system/filesystem/minimal:default. sys-01# svcprop system/system-log milestone/entities fmri svc:/milestone/single-user Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. # svcs -d filesystem/minimal STATE STIME FMRI online Aug_31 svc:/system/cryptosvc:default online Aug_31 svc:/system/sysidtool:net online Aug_31 svc:/system/sysidtool:system Being able to list dependencies of a service is very useful in troubleshooting service failures as well as helping to understand the consequences of taking a service down. sys-01# svcs fmri enabled state next_state restarter dependency dependency -l filesystem/minimal svc:/system/filesystem/minimal:default true online none svc:/system/svc/restarter:default require_all/none svc:/system/device/local (online) require_all/none svc:/system/filesystem/usr (online) The svcprop Command The svcprop command allows you to see the properties associated with a service instance. All Rights Reserved. Inc. To see all configuration information about a service instance. Enterprise Services. Revision A 1-33 . The subcommands of the svcadm command are: ● ● ● ● enable – Enable the specified service instance disable – Disable the specified service instance restart – Stop and then start the specified service instance refresh – Have the specified service instance re-read its configuration information mark – Assign the specified service instance to the specified state (degraded or maintenance) ● 1-34 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. The following example shows the general properties for the spray service. All Rights Reserved. than the default milestone is all.The Service Management Facility milestone/grouping astring require_all milestone/restart_on astring none milestone/type astring service dependents/system-log_single-user astring svc:/milestone/multi-user general/entity_stability astring Unstable general/single_instance boolean true stop/exec astring :kill stop/timeout_seconds count 3 stop/type astring method start/exec astring /lib/svc/method/system-log start/timeout_seconds count 3 start/type astring method tm_man_syslogd/manpath astring /usr/share/man tm_man_syslogd/section astring 1M tm_man_syslogd/title astring syslogd tm_common_name/C ustring system log The svcprop command allows you to look at certain groups of properties by the use of the -p option. Revision A . type the following command: # svcprop restarter:default | grep milestone If nothing returns. sys-01# svcprop -p general network/rpc/spray general/entity_stability astring Unstable general/restarter fmri svc:/network/inetd:default To find out the default milestone. The svcadm Command The svcadm command is used to manipulate the state of services and to specify the milestone to which the machine should be brought. Enterprise Services. examine the service with the svcs command. The svcs -D command can be used to see the impact of disabling a service. # svcadm milestone all After the above command is running. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. This is basically the replacement for the init n command. Enterprise Services. # svcadm disable apache2 The disable setting not only persists across reboots. Revision A 1-35 . Use the -r option to enable a service and all of its dependencies. but also across software upgrades and patch installation. Inc. all dependent services are also disabled.The Service Management Facility ● clear – Restore a service instance from its previous degraded or maintenance state delegate – Assign a new restarter for the specified service instance milestone – Restrict the set of services to those between the beginning of the graph and the specified milestone ● ● When a service is disabled. Use this command to disable any Solaris service. type the following command: # svcadm enable sar To verify that the service is in fact running. # svcs -l sar fmri svc:/system/sar:default enabled true state online next_state none restarter svc:/system/svc/restarter:default dependency require_all/none svc:/system/filesystem/minimal (online) The milestone subcommand is used to specify the milestone to which the system will change. A service is enabled using the svcadm enable command. To enable sar performance recording. All Rights Reserved. the svcs command can be used to follow the progress of services being brought online. Inc. All Rights Reserved.The Service Management Facility The svccfg Command The svccfg(1M) command can be used to either browse the SMF repository interactively or run a set of commands from a command file. An example of running the svccfg command interactively follows. Enterprise Services. Revision A . 1-36 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The Service Management Facility After starting the svccfg utility, the list subcommand prints a list of the service identifiers for all services installed on the system: example% svccfg svc:> list system/console-login milestone/devices system/device/local system/identity system/filesystem/local system/manifest-import system/filesystem/minimal milestone/multi-user-server milestone/multi-user milestone/name-services network/initial network/loopback network/physical system/svc/restarter system/filesystem/root milestone/single-user system/filesystem/usr network/rpc/bind network/inetd-upgrade system/utmp system/metainit system/mdmonitor smf/manifest ... The select command identifies a service on which future svccfg commands should operate, similar to the concept of a shell's current working directory. SMF also supports multiple active instances of the same service on a single system, so you can use svccfg on service instance identifiers as well. The following examples use services that have only a single instance named default. Type the following commands to select the name service cache and list its instances. svc:> select name-service-cache svc:/system/name-service-cache> list :properties default Notice the list contains not only the default instance but also the :properties value. The presence of this string in the list output identifies that there are properties related to the currently selected FMRI. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 1-37 The Service Management Facility Type the listprop command to list the SMF properties associated with the name service cache: svc:/system/name-service-cache> listprop usr dependency usr/entities fmri svc:/system/filesystem/usr usr/grouping astring require_all usr/restart_on astring none usr/type astring service config_data dependency config_data/entities fmri file://localhost/etc/nscd.conf file://localhost/etc/nsswitch.conf config_data/grouping astring require_all config_data/restart_on astring restart config_data/type astring path general framework general/entity_stability astring Unstable general/single_instance boolean true stop method stop/exec astring :kill stop/timeout_seconds count 3 stop/type astring method start method start/exec astring /lib/svc/method/svc-nscd start/timeout_seconds count 30 start/type astring method tm_man_nscd template tm_man_nscd/manpath astring /usr/man tm_man_nscd/section astring 1M tm_man_nscd/title astring nscd tm_common_name template tm_common_name/C ustring "Name service cache daemon" general framework general/package astring SUNWcsr general/enabled boolean true restarter framework NONPERSISTENT restarter/contract count 180 restarter/start_pid count 2430 restarter/auxiliary_state astring none restarter/next_state astring none restarter/state astring online restarter/state_timestamp time 1094137041.968560000 restarter_actions framework NONPERSISTENT restarter_actions/refresh integer 1-38 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A The Service Management Facility You can modify a single property using the setprop command. For example, to set the start method timeout to 15 seconds, type: svc:/system/name-service-cache> setprop start/timeout_seconds = 15 The property names, values, and meanings are explained in further detail in the SMF System Administration Guide documentation. You can also use the editprop command to edit groups of properties in your preferred text editor. SMF automatically stores a persistent snapshot of the changes made to the current configuration to serve as backup copy of your changes and to permit administrators to undo any configuration mistakes. The listsnap subcommand can be used to list configuration snapshots associated with the service instance: svc:/system/name-service-cache> select default svc:/system/name-service-cache:default> listsnap initial running start The snapshot of the current configuration used by the active service instance is shown in the list and is named running. The snapshot named initial is the initial system state immediately after install. To undo configuration changes, you can use the revert command to restore an earlier snapshot. When you execute an undo operation with the revert command, SMF automatically restores your configuration settings and then starts, restarts, and stops services based on the new settings immediately and automatically. The inetadm Command The inetadm(1M) command allows observation and configuration of inetd-controlled services (services with inetd as the restarter). The capabilities of inetadm are a combination of the svcs command, the svcadm command, and the svccfg command. The inetadm command with no arguments lists all the services under the control of the inetd daemon. # inetadm ENABLED disabled disabled enabled STATE disabled disabled online FMRI svc:/network/rpc/ocfserv:default svc:/network/lp:default svc:/network/rpc/mdcomm:tcp Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 1-39 The Service Management Facility disabled enabled disabled enabled disabled enabled disabled disabled enabled enabled enabled enabled disabled disabled disabled disabled disabled disabled . . . disabled online disabled online disabled online disabled disabled online online online online disabled disabled disabled disabled disabled disabled svc:/network/rpc/mdcomm:tcp6 svc:/network/rpc/meta:tcp svc:/network/rpc/meta:tcp6 svc:/network/rpc/metamed:tcp svc:/network/rpc/metamed:tcp6 svc:/network/rpc/metamh:tcp svc:/network/rpc/metamh:tcp6 svc:/network/tname:default svc:/network/security/ktkt_warn:ticotsord svc:/network/telnet:default svc:/network/rpc/smserver:default svc:/network/rpc/gss:ticotsord svc:/network/rpc/rex:tcp svc:/network/uucp:default svc:/network/chargen:dgram svc:/network/chargen:stream svc:/network/daytime:dgram svc:/network/daytime:stream The -l option of the inetadm command allows you to see all the properties for a particular service. Those values preceded by default are values inherited from the inetd service. # inetadm -l network/telnet:default SCOPE NAME=VALUE name="telnet" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.telnetd" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 default failrate_interval=60 default inherit_env=TRUE default tcp_trace=FALSE default tcp_wrappers=FALSE 1-40 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A The Service Management Facility Services can be enabled and disabled with the -e and -d options of the inetadm command respectively. The following is an example of enabling the services to allow the rdate command to work. # rdate localhost rdate: connect: Connection refused # inetadm -e network/time:dgram # inetadm -e network/time:stream # rdate localhost Thu Sep 2 16:18:59 2004 The -p option of the inetadm command shows the service property values provided by the inetd service. # inetadm -p NAME=VALUE bind_addr="" bind_fail_max=-1 bind_fail_interval=-1 max_con_rate=-1 max_copies=-1 con_rate_offline=-1 failrate_cnt=40 failrate_interval=60 inherit_env=TRUE tcp_trace=FALSE tcp_wrappers=FALSE It is also possible to modify the properties of the inetd service and any service that is inetd-controlled. Following are command examples for modifying the properties of an inetd-controlled service. First find the service of interest and verify that its restarter is inetd: # svcs ftp STATE STIME FMRI online 12:49:06 svc:/network/ftp:default # svcs -l ftp fmri svc:/network/ftp:default name FTBR server enabled true state online next_state none state_time Thu Apr 21 12:49:06 2005 restarter svc:/network/inetd:default contract_id Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 1-41 The Service Management Facility Verified as an inet-controller service, use the inetadm command to list this service’s properties and property values: # inetadm -l ftp SCOPE NAME=VALUE name="ftp" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.ftpd -a" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 default failrate_interval=60 default inherit_env=TRUE default tcp_trace=FALSE default tcp_wrappers=FALSE The above output shows that tcp_wrappers is currently set to FALSE. Enable (and verify) this property for the service by using the following command: # inetadm -m ftp tcp_trace=true # inetadm -l ftp SCOPE NAME=VALUE name="ftp" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.ftpd -a" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 1-42 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A The Service Management Facility default failrate_interval=60 default inherit_env=TRUE tcp_trace=TRUE default tcp_wrappers=FALSE Either of the following commands will disable this property for the ftp service: # inetadm -m ftp tcp_wrappers= # inetadm -m ftp tcp_wrappers=false Troubleshooting A common problem experienced by users new to SMF is the diagnosis of failure of a service to start either automatically at boot time or manually. Debugging a Hang on Boot To debug a system hang on boot, use the -m option of the boot command. For this type of problem specify milestone=none as the -m option (see kernel(1M)). {1} ok boot -m milestone=none Resetting ... screen not found. Can’t open input device. Keyboard not present. Using ttya for input and output. Sun Enterprise 420R (3 X UltraSPARC-II 450MHz), No Keyboard OpenBoot 3.29, 1024 MB memory installed, Serial #16241000. Ethernet address 8:0:20:f7:d1:68, Host ID: 80f7d168. Rebooting with command: boot -m milestone=none Boot device: /pci@1f,4000/scsi@3/disk@0,0:a File and args: -m milestone=none SunOS Release 5.10 Version s10_64 64-bit Copyright 1983-2004 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Requesting System Maintenance Mode Type control-d to proceed with normal startup, (or give root password for system maintenance): Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 1-43 The Service Management Facility After you receive the sulogin prompt, log in with the root password. This brings the system to a console prompt with no services running. single-user privilege assigned to /dev/console. Entering System Maintenance Mode Jul 28 11:53:07 su: ’su Sun Microsystems Inc. # svcs -a STATE STIME disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 disabled 12:18:28 . . . root’ succeeded for root on /dev/console SunOS 5.10 s10_64 May 2004 FMRI svc:/milestone/single-user:default svc:/network/initial:default svc:/network/loopback:default svc:/network/physical:default svc:/network/rpc/bind:default svc:/system/device/local:default svc:/system/filesystem/local:default svc:/system/filesystem/minimal:default svc:/system/filesystem/root:default svc:/system/filesystem/usr:default svc:/system/identity:domain Next, you use the svcadm command with the all option to specify that all services should be started. The all milestone is a special one meaning all services possible. # svcadm milestone all # Configuring devices. Progress of the service startup can be watched with the svcs command. # svcs STATE online online online online online online online online online online online online STIME 11:52:41 11:54:05 11:54:05 11:54:07 11:54:16 11:54:17 11:54:19 11:54:19 11:54:23 11:54:23 11:54:23 11:54:23 FMRI svc:/system/svc/restarter:default svc:/network/loopback:default svc:/system/filesystem/root:default svc:/system/filesystem/usr:default svc:/network/physical:default svc:/system/identity:node svc:/network/initial:default svc:/network/service:default svc:/milestone/devices:default svc:/system/device/local:default svc:/system/filesystem/minimal:default svc:/system/sysevent:default 1-44 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A The Service Management Facility online online online online online offline offline offline . . . 11:54:24 11:54:24 11:54:24 11:54:24 11:54:24 11:54:04 11:54:04 11:54:04 svc:/milestone/name-services:default svc:/network/dns/client:default svc:/network/ntp:default svc:/system/manifest-import:default svc:/system/rmtmpfiles:default svc:/milestone/multi-user:default svc:/milestone/single-user:default svc:/network/rpc/bind:default Notice that the milestone/multi-user service is offline. To determine why, look at the dependencies for this service. # svcs -l svc:/milestone/single-user:default fmri svc:/milestone/single-user:default enabled true state offline next_state none restarter svc:/system/svc/restarter:default dependency require_all/none svc:/system/sysidtool:net (offline) svc:/system/sysidtool:system (offline) dependency optional_all/none svc:/network/physical (online) dependency require_any/none svc:/network/loopback (online) dependency require_all/none svc:/system/manifest-import (online) dependency require_all/none svc:/system/filesystem/minimal (online) dependency require_all/none svc:/system/identity:node (online) dependency require_all/none svc:/system/sysevent (online) dependency optional_all/none svc:/system/metainit (offline) The above output shows that all dependencies are met. The next step is to look for errors in the error logs in the /var/svc/log directory. If students ask about the output showing sysidtool being offline you can refer them to the explanation which is a comment in the /var/svc/manifest/milestone/single-user.xml file. For convenience, here is that information: Single-user's dependency on sysidtool is obsolete, but instead of removing it from this manifest, retain it here with its delete attribute set to true. This is to try and prevent a dependency cycle with the new sysidtool which declares a dependency on single-user. This will force the deletion of single-user's sysidtool dependency as soon as this manifest is imported (instead of waiting for upgrade to delete it). Note that this does not guarantee the prevention of a dependency cycle (if the new sysidtool manifest is imported before single-user's) - if this does occur, the code in upgrade will Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 1-45 The Service Management Facility catch it - it deletes single-user's dependency and "svcadm clear"s sysidtool. Using Debug Mode SMF can be put in a debug mode by using the boot -m debug command. This causes SMF to start all services serially and display messages on the console for all services. Executing last command: boot -m debug Boot device: /pci@1f,0/pci@1/scsi@8/disk@0,0:a File and args: -m debug SunOS Release 5.10 Version s10_66 64-bit Copyright 1983-2004 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. INIT: Executing svc.startd Sep 3 08:04:00/1: Initialized restarter protocol Sep 3 08:04:00/1: Initialized restarter Sep 3 08:04:00/1: Initialized graph Sep 3 08:04:00/6: Graph adding svc:/system/console-login:default. Sep 3 08:04:00/6: Graph engine: Refreshing svc:/system/consolelogin:default. Sep 3 08:04:00/6: Graph adding svc:/system/sysidtool:net. Sep 3 08:04:00/6: Graph engine: Refreshing svc:/system/sysidtool:net. Sep 3 08:04:00/6: Graph adding svc:/system/identity:node. Sep 3 08:04:00/6: Graph engine: Refreshing svc:/system/identity:node. Sep 3 08:04:00/3: svc:/system/console-login:default is a wait-style service Sep 3 08:04:00/3: svc:/system/console-login:default: inserted instance into restarter list Sep 3 08:04:00/3: svc:/system/sysidtool:net is a transient-style service Sep 3 08:04:00/3: svc:/system/sysidtool:net: inserted instance into restarter list Sep 3 08:04:00/3: svc:/system/identity:node is a transient-style service Sep 3 08:04:00/3: svc:/system/identity:node: inserted instance into restarter list Sep 3 08:04:00/6: Graph adding svc:/network/physical:default. Sep 3 08:04:00/6: Graph engine: Refreshing svc:/network/physical:default. Sep 3 08:04:00/6: Enabling svc:/network/physical:default. Sep 3 08:04:00/6: Graph adding svc:/network/loopback:default. Sep 3 08:04:00/6: Graph engine: Refreshing svc:/network/loopback:default. Sep 3 08:04:00/6: Enabling svc:/network/loopback:default. Sep 3 08:04:00/6: Enabling svc:/system/identity:node. Sep 3 08:04:00/6: Graph adding svc:/system/identity:domain. 1-46 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A If this is done on a problem system. Debugging a Service The following is an example of troubleshooting the lpsched service when it is failing to start with the command: sys-02# svcadm enable /application/print/server After running the previous command. 0) Sep 3 08:07:39/9: Graph noting svc:/network/rpc/smserver:default online -> online. . Enterprise Services. errors will display.d scripts. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Sep 3 08:08:27 sys-01 login: ROOT LOGIN /dev/pts/1 FROM gateway This approach is similar to putting sh -x in all of the rc*. All Rights Reserved. Sep 3 08:07:37/9: Propagating start of svc:/system/zones:default. . 0) Sep 3 08:08:21/9: Graph noting svc:/network/telnet:default online -> online.startd not starting the service. The console shows all the processing done by SMF. . you can revert to the last good known running state. the service still shows as disabled. Sep 3 08:04:00/6: Graph adding svc:/system/filesystem/minimal:default. Sep 3 08:07:37/3: svc:/system/zones:default: trying to start instance Sep 3 08:07:37/3: svc:/system/zones:default: start_instance -> is already started Sep 3 08:07:39/54: svc:/network/inetd:default: state updates for svc:/network/rpc/smserver:default (5. there is no need to check for services running that the print server service might require. use the following command: sys-02# svcs -d print/server STATE STIME FMRI sys-02 Because the command returned no dependencies. To do this. If errors were made to /application/print/server. Inc. Revision A 1-47 .The Service Management Facility Sep 3 08:04:00/6: Graph engine: Refreshing svc:/system/identity:domain. Sep 3 08:08:21/54: svc:/network/inetd:default: state updates for svc:/network/telnet:default (5. This also means that the root of the problem lies with svc. sys-02# svcs print/server STATE STIME FMRI disabled 11:14:24 svc:/application/print/server:default The first step would be to determine if all the dependencies are met. Any error or complaints from svc. Enterprise Services. svc:/application/print/server:default> revert initial svc:/application/print/server:default> listsnap initial running previous svc:/application/print/server:default> Now try to start the service. Revision A . sys-02# You can also use the following command to check for additional errors. The -l option to svcs lists the status of the FMRI. All Rights Reserved. sys-02# svcadm -v enable print/server /application/print/server enabled.The Service Management Facility sys-02# svccfg svc:> select print/server:default svc:/application/print/server:default> listsnap initial running svc:/application/print/server:default> This shows that you could revert to the initial configuration for this service. the error logs should be searched for problems. Inc. If the print server still had not started.log Aug 25 11:43:50 Executing start method ("/lib/svc/method/print-server start") Print services started. The problem is fixed. sys-02# svcs print/server STATE STIME FMRI online 11:43:50 svc:/application/print/server:default sys-02# The svcs command now shows that the service is running. sys-02# svcs fmri enabled state next_state restarter -l print/server:default svc:/application/print/server:default true online none svc:/system/svc/restarter:default 1-48 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. sys-02# more /var/svc/log/application-print-server:default.startd is reported here. Either the svc. Revision A 1-49 .db exist. or it can be inaccessible. If there are any problems which need human intervention.The Service Management Facility contract_id sys-02# 122 Repository Problems There are two types of problems that can occur with the repository. All Rights Reserved.configd daemon. Inc. from oldest to newest: boot-20050126_115535 manifest_import-20050126_115846 boot-20050126_124919 boot-20050203_082002 manifest_import-20050203_082451 Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. As root. The repository server is the svc. which will interrupt any active services. Note that upon full completion of this script. run the command: # /lib/svc/bin/restore_repository Repository Restore utility See http://sun.com/msg/SMF-8000-MY for more information on the use of this script to restore backup copies of the smf(5) repository. the system will be rebooted using reboot(1M). or you can copy in the initial seed repository and reboot. Enterprise Services. There is a script that walks you through the procedure. The repository can be corrupted. this script will give instructions and then exit back to your shell. The following backups of /etc/svc/repository. Look at the state of the system/svc/restarter:default service and the error logs for this service. The following is an example of an inaccessible repository: # svccfg svc:> select network/nfs/client svccfg: Could not connect to repository server: repository server unavailable.configd daemon is not running or the svc.startd daemon is not running. If the repository becomes unusable. you can restore the repository from backup data. 3) a specific backup repository from the above list 4) -seed-. All Rights Reserved.renamed --> /etc/svc/repository.) 5) -quit-. /etc/svc/repository. Inc.renamed --> /etc/svc/repository.db -. the following steps will be taken: svc.configd(1M) will be quiesced. for the most recent post-boot backup 2) manifest_import.db -.copied --> /etc/svc/repository. Proceed [yes/no]? y Quiescing svc.db and the system will be rebooted with reboot(1M). The time of backup is given in YYYYMMDD_HHMMSS format.copied --> /etc/svc/repository. (All customizations will be lost.configd(1M): done. Enter response [boot]: manifest_import After confirmation.db_old_20050222_150658 /etc/svc/repository-manifest_import -. the initial starting repository. if running.startd(1M) and svc. Please enter one of: 1) boot. /etc/svc/repository. for the most recent manifest_import backup. Backups beginning with "manifest_import" are made after svc:/system/manifest-import:default finishes its processing.The Service Management Facility The backups are named based on their type and the time what they were taken. Backups beginning with "boot" are made before the first change is made to the repository after system boot.db 1-50 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . to cancel. Enterprise Services.startd(1M) and svc.db_old_20050222_150658 /etc/svc/repository-manifest_import -. xml file then points to the desired script or service to start.1 05/02/02 13:47:45 --> <service_bundle type=’manifest’ name=’test’> <service name=’site/test’ type=’service’ version=’1’> <create_default_instance enabled=’true’ /> <single_instance/> Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems.script.xml 1. Inc.1"> <!-Copyright 2004 Sun Microsystems. Inc. @(#)test.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle. sys-01# cat run. Enterprise Services. 2. Use is subject to license terms.boot. Create an . Create an executable script called /opt/ses/labs/smf/run. Rebooting in 5 seconds. you must create an XML file to import into the repository database.script #!/bin/sh echo "Hello World" > /opt/ses/labs/smf/test Note – When this script is run. it writes “Hello World” to /opt/ses/labs/smf/test.dtd. All rights reserved.xml: sys-01#cat test.The Service Management Facility The backup repository has been successfully restored. Example of Adding a Service to startd To register a service or script to start at boot time using svc. All Rights Reserved. Here is an example script called run.xml <?xml version="1.boot. This . Revision A 1-51 .boot.startd.script: 1.xml file in /var/svc/manifest/site called test. Inc.boot. type the following command: # svcadm disable test:default 1-52 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. use the svcs command: 8:48:17 svc:/site/test:default To enable the service.xml file with the repository: # svccfg -v import /var/svc/manifest/site/test. use the svcadm command: To verify it has started running. svccfg: Refreshed site/test:default. Revision A . # svcs test disabled 5. Enterprise Services. svccfg: Taking "last-import" snapshot for svc:/site/test:default. Register the .script’ timeout_seconds=’60’ /> <exec_method type=’method’ name=’stop’ exec=’:true’ timeout_seconds=’60’ /> <property_group name=’startd’ type=’framework’> <propval name=’duration’ type=’astring’ value=’transient’ /> </property_group> <stability value=’Unstable’ /> </service> </service_bundle> 3. svccfg: Successful import.The Service Management Facility <exec_method type=’method’ name=’start’ exec=’/opt/ses/labs/smf/run. 6.xml svccfg: Taking "initial" snapshot for svc:/site/test:default. 4. All Rights Reserved. use the svcs command again: # svcadm enable /site/test 11:15:22 svc:/site/test:default 7. # svcs test online To verify it has been added. Verify that your script ran properly: # cd /tmp # more test This is only a test If you want to disable the script. a browser-based administration tool that listens to port 901. c. restarter. b. d.The Service Management Facility To verify that it has been disabled. endpoint_type. Create the XML file. xml version. exec_method – The type is method to indicate that this is a command to run.xml file does not come online and the status is listed as maintenance. but instead should add the service to the repository database under the control of inetd.conf file into a legacy. To add a new service under the control of inetd. Inc. In this example.xml file and register it with SMF by adding it to the repository data base. because it will be the FMRI. All Rights Reserved. try running this command: # svcs -x test:default This command gives you more verbose information and also supplies you with an error code and a web site on www. service – The name is critical.com to help troubleshoot the problem. you add swat. isrpc. type the following command: # svcs test disabled 11:28:19 svc:/site/test:default Note – Troubleshooting tip: If your . The procedure is to simply create a . f. Enterprise Services. 1. See the xmllint(1) man page for details. property_group name – Properties are name.sun.conf file. The name is inetd_start to indicate that it is under the control of inetd. wait. Another tip: xmllint is helpful in finding XML syntax errors. The file consists of the following: a. proto. you can no longer simply edit the /etc/inetd. Revision A 1-53 . Example of Adding a Service to inetd The new Service Management Facility has made the /etc/inetd. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. and the name of the SUNW package where the command lives. service_bundle type – This contains information about whether it is under manifest or profile. e. The exec points to the command. dtd.xml <?xml version="1.The Service Management Facility g. template – This is not mandatory and can be used as a comment string.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle. # cat /var/svc/manifest/network/swat. --> <service_bundle type=’manifest’ name=’SUNWsmbau:swat’> <service name=’network/swat’ type=’service’ version=’1’> <create_default_instance enabled=’false’ /> <restarter> <service_fmri value=’svc:/network/inetd:default’ /> </restarter> <exec_method type=’method’ name=’inetd_start’ exec=’/usr/sfw/sbin/swat’ timeout_seconds=’0’> <method_context> <method_credential user=’root’ group=’root’ /> </method_context> </exec_method> <exec_method type=’method’ name=’inetd_disable’ exec=’:kill’ timeout_seconds=’0’> </exec_method> <property_group name=’inetd’ type=’framework’> <stability value=’Evolving’ /> <propval name=’name’ type=’astring’ value=’swat’ /> <propval name=’endpoint_type’ type=’astring’ value=’stream’ /> <propval name=’proto’ type=’astring’ value=’tcp’ /> <propval name=’wait’ type=’boolean’ value=’false’ /> <propval name=’isrpc’ type=’boolean’ value=’false’ /> </property_group> <stability value=’Unstable’ /> <template> 1-54 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. Inc.1"> <!-Service manifest for the swat service. Revision A . All Rights Reserved. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. swat Add port 901 to the /etc/services file. svc:/network/swat:default sys-01# inetadm -e /network/swat sys-01# svcs swat online 9:54:20 swat is now ready to be accessed through http://hostname:901 in any browser. b. 901/tcp # Samba Web Administration Tool 3. </loctext> </description> </template> </service> </service_bundle> 2. To verify it has started. a. Enable the service. All Rights Reserved. d.The Service Management Facility <common_name> <loctext xml:lang=’C’> swat </loctext> </common_name> <description> <loctext xml:lang=’C’> Swat supports a browser interface for Samba. Now register the XML file with the repository. Inc. Revision A 1-55 .xml sys-01# svcs swat offline 9:53:18 c. use the svcs command. Enterprise Services. Run the following command: To verify it has been added. use the svcs command. svc:/network/swat:default sys-01# svccfg import /var/svc/manifest/network/swat. 7. 2. Determine service states. 4. ________________________________________________________ Enable TCP tracing for this service. and Disabling Services In this exercise. ________________________________________________________ What is the restarter for these instances? ________________________________________________________ Display the current settings for the default instance. ________________________________________________________ Execute the spray command to send packets to your host (localhost). Enterprise Services. Inc. and Disabling Services Exercise: Listing. Revision A . 6. Enabling. Enabling. 9. ________________________________________________________ How many legacy services are running on your system? ________________________________________________________ How many SMF-controlled services are running on your system? ________________________________________________________ List the service status for network/shell instances. 8. you complete the following: ● ● ● ● List various categories of services on the system. Task 1. ________________________________________________________ List the state and dependencies for all network/shell instances. All Rights Reserved.Exercise: Listing. Determine and change service properties. 5. 3. Enable and disable services. statuses and dependencies. List all the services available on your system. What happens? Why? ________________________________________________________ 1-56 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Preparation None. All Rights Reserved. Disable the cron service. Enabling. Enterprise Services. What does SMF show now for cron processes? ________________________________________________________ 14. Change your system so that spray works. Does spray still work? Why? ________________________________________________________ 12.Exercise: Listing. ________________________________________________________ 11. What processes are associated with the cron service? ________________________________________________________ 13. Kill the cron service. and Disabling Services 10. Revision A 1-57 . Inc. Reboot your machine. What does SMF show now for cron processes? ________________________________________________________ Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Enterprise Services. Revision A .log for the service in the /var/svc/log directory. Import a service into the database. Preparation The lab exercises reference the location for the files you need as $LABFILES. Create a service configuration file for starting a service. Create an empty log file called site-samba:default. Task 1. ________________________________________________________ ________________________________________________________ 4. Create a manifest entry for a service. ________________________________________________________ ________________________________________________________ ________________________________________________________ ________________________________________________________ 2. Ask your instructor where your lab files directory is located.xml file in your $LABFILES/smf directory to the /var/smv/manifest/site directory. Create the manifest for the script by copying samba. Create a log file file for a service. All Rights Reserved. ________________________________________________________ ________________________________________________________ 3.Exercise: Implementing an SMF Service Exercise: Implementing an SMF Service In this exercise. you complete the following: ● ● ● ● ● Implement a service method script. Use the chmod command to make the method executable (755).conf file to allow the service to start automatically by executing the following commands: 1-58 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. Create a script for a service in the /opt/svc/method directory by copying the method called samba in your $LABFILES/smf directory to the /opt/svc/method directory. Create an smb. Check that the new service is online by executing the following svcs command: # svcs samba Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems.d/s90samba 5. Enterprise Services. Revision A 1-59 . 6.xml svccfg: Taking "initial" snapshot for svc:/site/samba:default.conf # mv /etc/rc3. Import the service into the database by executing the following svccfg command: # svccfg -v import /var/svc/manifest/site/samba. Inc.Exercise: Implementing an SMF Service # cd /etc/sfw # cp smb.conf-example smb. svccfg: Refreshed svc:/site/samba:default. All Rights Reserved. svccfg: Successful import. svccfg: Taking "last-import" snapshot for svc:/site/samba:default.d/S90samba /etc/rc3. ________________________________________________________ ________________________________________________________ 5. Task 1. Now register the XML file with the repository by executing the following command: # svccfg import /var/svc/manifest/network/swat.xml 7. 6. Edit the swat.xml file and change the name of the service from network/swat/tcp6 to network/swat. # svcs swat online 8. swat 2. Inc. Verify that the service has started by executing the following svcs command: 9:54:20 svc:/network/swat:default # /usr/sbin/inetconv -n 4. Enterprise Services. Revision A .Exercise: Implementing an SMF inetd Service Exercise: Implementing an SMF inetd Service In this exercise. The swat application is now ready to be accessed through the following URL: 1-60 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.conf file and add the following line: Convert the existing swat run control script by executing the following command: Rename the swat-tcp6. Edit the /etc/services file and add and following line: 901/tcp stream tcp6 nowait # Samba Web Administration Tool root /usr/sfw/sbin/swat swat Edit the /etc/inetd. All Rights Reserved. swat 3. you complete the following: ● Use the inetconv command to create the xml file needed for implementing an SMF servicef or the swat application. ● Preparation None.xml.xml file reported as the converted script by inetconv to swat. Configure the inetd SMF rstarter service to run the swat application. Revision A 1-61 . (The root username and password is used for swat authentication.) Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Enterprise Services.Exercise: Implementing an SMF inetd Service http://hostname:901 in any browser. All Rights Reserved. Start a browser and verify that it is accessible. Inc. Task 1. All Rights Reserved. Validate and import your service. 3. but you should make modifications to this file for your service consulting the “Writing a Service” section in the Student Guide. the output will be slightly different as it updates the snapshot. check to make sure there are no typographical errors in the path name. Revision A . 4. If the same service has been imported more than once. Preparation None. Make sure execute permissions are set on the script. you complete the following: ● ● ● ● Create a service manifest file from a template.xml 1-62 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.script that writes “Hello World” to /opt/ses/labs/smf/test. Inc. ________________________________________________________ If there is an error that it cannot parse the document.xml file with the svccfg command. ________________________________________________________ If errors are returned. Create a script called /opt/ses/labs/smf/run. # svccfg export system/utmp > /var/svc/manifest/site/test.boot. Import the manifest into the repository.Exercise: Creating Your Own Services Exercise: Creating Your Own Services In this exercise. There is more than one solution. fix the errors before proceeding. ________________________________________________________ 2. but one is provided in the solution section.xml in the directory /var/svc/manifest/site by executing the following command: This will provide a template. Disable and delete your service. Enable and test your service. Enterprise Services. Validate the test. Create a manifest for the service named test. ________________________________________________________ Verify the service has started running. ________________________________________________________ A service may first appear in maintenance mode if the process described in the manifest exits ungracefully. When this happens. Inc. the repository tags the service for maintenance.Exercise: Creating Your Own Services 5. ________________________________________________________ If the service is already online. Enter the command again to disable it. Verify the service has been added. 8. a default instance was created by a line in the XML file: <create_default_instance enabled=’true’/> 6. ________________________________________________________ Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. ________________________________________________________ Verify that your script ran properly. ________________________________________________________ 10. All Rights Reserved. 7. Enable the service. Revision A 1-63 . Delete the service. Verify that the service has been disabled. Enterprise Services. 11. ________________________________________________________ Disable the service. 9. ● Interpretations Ask students to interpret what they observed during any aspect of this exercise. ● Experiences Ask students what their overall experiences with this exercise have been. All Rights Reserved. ! ? Manage the discussion based on the time allowed for this module. ● Applications Explore with students how they might apply what they learned in this exercise to situations at their workplace. then just highlight the key concepts students should have learned from the lab exercise. issues. 1-64 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. ● Conclusions Have students articulate any conclusions they reached as a result of this exercise experience. Enterprise Services. If you do not have time to spend on discussion. Inc. Revision A . which was provided in the “About This Course” module.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. or discoveries you had during the lab exercises. Go over any trouble spots or especially confusing areas at this time. Enterprise Services. and Disabling Services Exercise Solutions: Listing. and Disabling Services This section contains solutions to the exercise. Enabling. How many SMF-controlled services are running on your system? # svcs | grep online | wc -l 67 This number will vary depending on the number of services that have been modified. Revision A 1-65 . 2. # svcs network/shell STATE STIME FMRI disabled Jun_20 svc:/network/shell:kshell online Jun_20 svc:/network/shell:default # svcs shell STATE STIME FMRI disabled Jun_20 svc:/network/shell:kshell online Jun_20 svc:/network/shell:default # svcs svc:/network/shell Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. . 3. List all the services available on your system. # svcs -a STATE legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run legacy_run . . Enabling. Inc. Task 1. 4. All Rights Reserved. List the service status for network/shell instances.Exercise Solutions: Listing. STIME Jun_07 Jun_07 Jun_07 Jun_07 Jun_07 Jun_07 Jun_07 Jun_07 Jun_07 FMRI lrc:/etc/rcS_d/S29wrsmcfg lrc:/etc/rc2_d/S10lu lrc:/etc/rc2_d/S20sysetup lrc:/etc/rc2_d/S40llc2 lrc:/etc/rc2_d/S42ncakmod lrc:/etc/rc2_d/S47pppd lrc:/etc/rc2_d/S70sckm lrc:/etc/rc2_d/S70uucp lrc:/etc/rc2_d/S72autoinstall How many legacy services are running on your system? # svcs | grep legacy | wc -l 41 This number will vary depending on the version of the Solaris 10 OS you are running. tcp" isrpc=FALSE wait=FALSE exec="/usr/sbin/in. # inetadm -l svc:/network/shell:default SCOPE NAME=VALUE name="shell" endpoint_type="stream" proto="tcp6only. What is the restarter for these instances? The inetd command. Inc.rshd" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 1-66 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. 5. List the state and dependencies for all network/shell instances. All Rights Reserved.This means that inetadm is used to change settings. Revision A . # svcs -l ’network/shell*’ fmri svc:/network/shell:kshell name rsh enabled false state disabled next_state none state_time Fri Jun 20 10:50:36 2005 restarter svc:/network/inetd:default dependency require_any/error svc:/network/loopback (online) dependency optional_all/error svc:/milestone/network (online) fmri name enabled state next_state state_time restarter contract_id dependency dependency svc:/network/shell:default rsh true online none Fri Jun 20 10:50:41 2005 svc:/network/inetd:default require_any/error svc:/network/loopback (online) optional_all/error svc:/milestone/network (online) 6.Exercise Solutions: Listing. Enterprise Services. and Disabling Services STATE disabled online STIME Jun_20 Jun_20 FMRI svc:/network/shell:kshell svc:/network/shell:default Notice that you can specify different parts of the FMRI on the command line and get the same results. Enabling. 7. Display the current settings for the default instance. Look at the spray service instances to see if they are enabled. # svcs -l ’*spray*’ fmri svc:/network/rpc/spray:default name RPC spray enabled false state disabled Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. All Rights Reserved. Execute the spray command to send packets to your host (localhost). Enable TCP tracing for this service. Enabling. Inc.tcp" isrpc=FALSE wait=FALSE exec="/usr/sbin/in. Enterprise Services.Exercise Solutions: Listing. and Disabling Services default default default default default default default max_copies=-1 con_rate_offline=-1 failrate_cnt=40 failrate_interval=60 inherit_env=TRUE tcp_trace=FALSE tcp_wrappers=FALSE 8. # inetadm -l svc:/network/shell:default SCOPE NAME=VALUE name="shell" endpoint_type="stream" proto="tcp6only. Verify that it has been changed. Revision A 1-67 . What happens? Why? # inetadm -m shell:default tcp_trace=true # spray localhost spray: cannot clnt_create localhost:netpath: RPC: Program not registered The spray command does not work.rshd" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 default failrate_interval=60 default inherit_env=TRUE default tcp_trace=TRUE default tcp_wrappers=FALSE 9. The -m option enables TCP tracing for this service while the -M option enables TCP tracing for all inetd services. What processes are associated with the cron service? # svcs -p ’*cron*’ STATE STIME online Jun_07 Jun_07 FMRI svc:/system/cron:default 556 cron 13.. Kill the cron service. All Rights Reserved. Enterprise Services. 5702 bytes/sec The spray command still works because a change using the svcadm command is persistent across reboots. # svcadm enable svc:/network/rpc/spray:default There are no errors. # spray localhost sending 1162 packets of length 86 to localhost .028%) dropped by localhost 66 packets/sec. What does SMF show now for cron processes? # svcadm disable svc:/system/cron:default # svcs -p ’*cron*’ STATE STIME FMRI disabled 11:53:58 svc:/system/cron:default 1-68 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. # spray localhost sending 1162 packets of length 86 to localhost . 163 packets (14.. 5702 bytes/sec 11.. 12. Reboot your machine. 10. Does spray still work? Why? # /etc/reboot .Exercise Solutions: Listing.. Revision A . Enabling. What does SMF show now for cron processes? # pkill cron # svcs -p ’*cron*’ STATE STIME FMRI online 11:52:24 svc:/system/cron:default 11:52:24 1766 cron The service is still there but the process number for cron has changed.. 163 packets (14. Inc.. Disable the cron service. It is automatically restarted by SMF. and Disabling Services next_state state_time restarter dependency none Tue Jun 07 10:50:33 2005 svc:/network/inetd:default require_all/restart svc:/network/rpc/bind (online) All instances of the spray service are disabled. 14. Change your system so that spray works. so try the spray command again.028%) dropped by localhost 66 packets/sec. xml . Inc. # cd /var/svc/manifest/site # cp $LABFILES/smf/samba. chmod 755 samba Create the manifest for the script by copying samba.log for the service in the /var/svc/log directory.conf # mv /etc/rc3. svccfg: Taking "last-import" snapshot for svc:/site/samba:default. # # # # 2. 3.Exercise Solutions: Implementing an SMF Service Exercise Solutions: Implementing an SMF Service This section contains solutions to the exercise.log 4.d/s90samba 5.xml file in your $LABFILES/smf directory to the /var/smv/manifest/site directory. 6. Import the service into the database by executing the following svccfg command: # svccfg -v import /var/svc/manifest/site/samba. Task 1. svccfg: Refreshed svc:/site/samba:default. Create an empty log file called site-samba:default.d/S90samba /etc/rc3. svccfg: Successful import. Enterprise Services. mkdir -p /opt/svc/method cd /opt/svc/method cp $LABFILES/smf/samba . Create a script for a service in the /opt/svc/method directory by copying the method called samba in your $LABFILES/smf directory to the /opt/svc/method directory. # cd /var/svc/log # touch site-samba:default. Create an smb.conf-example smb. Revision A 1-69 .conf file to allow the service to start automatically by executing the following commands: # cd /etc/sfw # cp smb. All Rights Reserved.xml svccfg: Taking "initial" snapshot for svc:/site/samba:default. Use the chmod command to make the method executable (755). Check that the new service is online by executing the following svcs command: # svcs samba online 15:53:31 svc:/site/samba:default Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. xml. Task 1.xml. swat 2.xml 5. Inc. Verify that the service has started by executing the following svcs command: 9:54:20 svc:/network/swat:default The swat application is now ready to be accessed through the following URL: http://hostname:901 in any browser. All Rights Reserved. skipped inetconv: Notice: Service manifest for 100083/1 already generated as /var/svc/manifest/network/rpc/100083_1-rpc_tcp. Now register the XML file with the repository by executing the following command: # svccfg import /var/svc/manifest/network/swat. Rename the swat-tcp6. # cd /var/svc/manifest/network # mv swat-tcp6.xml swat.conf file and add the following line: Convert the existing swat run control script by executing the following command: # /usr/sbin/inetconv -n inetconv: Notice: Service manifest for 100235/1 already generated as /var/svc/manifest/network/rpc/100235_1-rpc_ticotsord. Revision A .xml 7. skipped swat -> /var/svc/manifest/network/swat-tcp6.xml. Edit the swat. Edit the /etc/services file and add and following line: 901/tcp stream tcp6 nowait # Samba Web Administration Tool root /usr/sfw/sbin/swat swat Edit the /etc/inetd.Exercise Solutions: Implementing an SMF inetd Service Exercise Solutions: Implementing an SMF inetd Service This section contains solutions to the exercise. skipped inetconv: Notice: Service manifest for 100068/2-5 already generated as /var/svc/manifest/network/rpc/100068_2-5-rpc_udp.xml file and change the name of the service from network/swat/tcp6 to network/swat.xml file reported as the converted script by inetconv to swat.xml. swat 3. 1-70 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. 6. Enterprise Services. # svcs swat online 8.xml 4. Enterprise Services. All Rights Reserved.) Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. (The root username and password is used for swat authentication.Exercise Solutions: Implementing an SMF inetd Service Start a browser and verify that it is accessible. Revision A 1-71 . Inc. dtd. Revision A . # cd /opt/ses/labs/smf # cat run.Exercise Solutions: Creating Your Own Services Exercise Solutions: Creating Your Own Services This section contains solutions to the exercise. Create a script called /opt/ses/labs/smf/run.script #!/bin/sh echo "Hello World" > /opt/ses/labs/smf/test # chmod 744 run.xml in the directory /var/svc/manifest/site by executing the following command: This will provide a template. Task 1.1’> <service_bundle type=’manifest’ name=’test’> <service name=’site/test’ type=’service’ version=’1’> <create_default_instance enabled=’false’/> <single_instance/> <exec_method type=’method’ name=’start’ exec=’/opt/ses/labs/smf/run. # cd /var/svc/manifest/site/ # cat test. Create a manifest for the service named test. Inc. but you should make modifications to this file for your service consulting the “Writing a Service” section in the Student Guide.script that writes “Hello World” to /opt/ses/labs/smf/test.script 2.boot.xml 1-72 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.boot. Make sure execute permissions are set on the script.xml <?xml version=’1.script’ timeout_seconds=’60’> </exec_method> <exec_method # svccfg export system/utmp > /var/svc/manifest/site/test.boot. but one is provided in the solution section. All Rights Reserved.0’ encoding=’UTF-8’?> <!DOCTYPE service_bundle SYSTEM ’/usr/share/lib/xml/dtd/service_bundle. Enterprise Services.boot. There is more than one solution. Revision A 1-73 .xml 4. Verify the service has been added. svccfg: Refreshed svc:/site/test:default. # svcs test disabled 16:55:02 svc:/site/test:default If the service is already online. If there is an error that it cannot parse the document. Verify the service has started running. # svccfg -v import /var/svc/manifest/site/test. Validate the test. # svcadm enable test # more /opt/ses/labs/smf/test Hello World 9.xml svccfg: Taking "initial" snapshot for svc:/site/test:default. If errors are returned. 17:01:22 svc:/site/test:default Verify that your script ran properly. Disable the service. If the same service has been imported more than once.xml file with the svccfg command. svccfg: Taking "last-import" snapshot for svc:/site/test:default. # svcs test online 8. Import the manifest into the repository. # svccfg validate /var/svc/manifest/site/test. check to make sure there are no typographical errors in the path name. 5. fix the errors before proceeding. All Rights Reserved. a default instance was created by a line in the XML file: <create_default_instance enabled=’true’/> 6. 7. the output will be slightly different as it updates the snapshot. Enable the service. Inc. Managing Services With the Service Management Facility (SMF) Copyright 2006 Sun Microsystems. Enterprise Services. svccfg: Successful import.Exercise Solutions: Creating Your Own Services type=’method’ name=’stop’ exec=’:kill’ timeout_seconds=’60’> </exec_method> <property_group name=’startd’ type=’framework’> <propval name=’duration’ type=’astring’ value=’transient’/> </property_group> </service> </service_bundle> 3. Revision A . Enterprise Services. All Rights Reserved. 11. Enter the command again to disable it.Exercise Solutions: Creating Your Own Services # svcadm disable test 10. # svcs test disabled 17:08:19 svc:/site/test:default A service may first appear in maintenance mode if the process described in the manifest exits ungracefully. Delete the service. # svccfg delete test # svcs test svcs: Pattern ’svc:/site/test’ doesn’t match any instances STATE STIME FMRI 1-74 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. the repository tags the service for maintenance. Verify that the service has been disabled. When this happens. Revision A . All Rights Reserved. Enterprise Services. Inc. 2-1 Copyright 2006 Sun Microsystems. you should be able to identify System Directory Changes.Module 2 Introducing the Solaris OS Directory Hierarchy Objectives Upon completion of this module. the answers should be of interest to them and inspire them to learn the material presented in this module. All Rights Reserved. Revision A . While they are not expected to know the answers to these questions. Enterprise Services. Inc.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. ! ? Discussion – The following questions are relevant to understanding directory changes in the Solaris 10 OS ● ● Which disk based directories are now in-memory? What are new directories (and removed directories) in the Solaris 10 OS? Which directories have been renamed or relocated in the Solaris 10 OS? ● 2-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. PN 817-0403 Introducing the Solaris OS Directory Hierarchy Copyright 2006 Sun Microsystems. Revision A 2-3 . All Rights Reserved. Inc. PN 817-1985 System Administration Guide: Advanced Administration.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● System Administration Guide: Basic Administration. that contains details of current file system mounts. so that a failure in a part of a multi-process service can be identified as a failure of that service. The primary directory for physical device names. The directory that stores current process-related information.. in its own file system. The directory that contains log files and reference files relating to the current state of system services. /devices /etc/mnttab /etc/svc/volatile (new in Solaris 10 OS) /proc /system/contract (new in Solaris 10 OS) 2-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. A contract enhances the relationship between a process and the system resources it depends on by providing richer error reporting and (optionally) a means of delaying the removal of a resource. All Rights Reserved. Inc. controlling. A memory-based file. Enterprise Services. The contract file system supports all the SMF services. Table 2-1 In-Memory System Directories /dev/fd The directory that contains special files relating to current file-descriptors in use by the system. and observing contracts. Every process has its own set of subdirectories below the /proc directory. Revision A . CTFS (the contract file system) is the interface for creating. The service management facility (SMF) uses process contracts to track the processes which compose a service.System Directory Changes System Directory Changes In-Memory versus On-disk System Directories The following table shows the directories that used to reside on disk prior to the Solaris 10 OS but now reside in memory. The directory that contains lock files. and reference files for a variety of system processes and services. alter. Table 2-2 Directory Name Changes and New Directories /etc/svc (new in Solaris 10 OS) /var/svc (new in Solaris 10 OS) /etc/zones (new in Solaris 10 OS) /usr/jdk (name changed in Solaris 10 OS) /etc/openwin (removed in Solaris 10 OS) The Service Management Facility database and log files The Service Management Facility manifest and profiles Initialization and reference files for the Solaris 10 OS Zones facility Directories that contain Java™ technology programs and libraries Directory that contains CDE (Common Desktop Environment) profiles Introducing the Solaris OS Directory Hierarchy Copyright 2006 Sun Microsystems. Inc. or remove files from these directories. Enterprise Services. This file system is used by debuggers to access information about kernel symbols without having to access the kernel directly. The directory for temporary files. /tmp /var/run The system/contact file system keeps track of processes including those resulting from zones. Directory Name Changes and New/Old Directories The following table lists some new directories and directory name changes of interest in the Solaris 10 OS. Users should never attempt to manually create.. In the case of those resulting from zones the command ctstat shows that processes are owned based on a zone id #.System Directory Changes Table 2-1 In-Memory System Directories (Continued) /system/object (new in Solaris 10 OS) The OBJFS (object) file system describes the state of all modules currently loaded by the kernel. Note – These in-memory directories are maintained by the kernel and system services. special files.. All Rights Reserved. Revision A 2-5 . It is used primarily for DTrace activity. . All Rights Reserved. Enterprise Services.Module 3 Managing Local Disk Devices Objectives Upon completion of this module. Inc. you should be able to: ● ● ● Identify changes to the format command Implement EFI disk labels Identify changs to the behavior of the devfsadm command 3-1 Copyright 2006 Sun Microsystems. Revision A . the answers should be of interest to them and inspire them to learn the material presented in this module. Inc. Revision A . ! ? Discussion – The following questions are relevant to understanding new device features in the Solaris 10 OS? ● ● How has the format command changed in the Solaris 10 OS? How has the behavior of the devfsadm command changed in the Solaris 10 OS? 3-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. While they are not expected to know the answers to these questions. Enterprise Services. All Rights Reserved.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Enterprise Services.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● ● System Administration Guide: Basic Administration. All Rights Reserved.htm Managing Local Disk Devices Copyright 2006 Sun Microsystems. Revision A 3-3 .com/technology/efi/main_specification.intel. PN 817-1985 System Administration Guide: Advanced Administration. PN 817-6960 The EFI specification at: http://www. Inc. PN 817System Administration Guide: Devices and File Systems. Array Tags in format Output In the Solaris 10 OS one of the tag names shown in the output of the format command changed to Sun StorEdgeTM Volume Manager (from Veritas Volume Manager). then return quit format> The cache and scsi submenus will display only for supported SCSI devices (and only if you use the -e option with the format command).describe the current disk format . All Rights Reserved.set 8-character volume name !<cmd> . Inc.surface analysis defect . 3-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A .defect list management backup .Listing a System’s Devices Listing a System’s Devices The format Command Engage the students and keep the training interactive by having one of them execute the format command on a lab system in a shared window for all to see.select a disk type .repair a defective sector label .search for backup labels verify . product and revision scsi .format and analyze the disk repair . When invoked with this option the following format menu output shows (in bold) new submenu entries after you select a disk to work with. disable or query SCSI disk cache volname .save new disk/partition definitions inquiry .show vendor.select (define) a partition table current .select (define) a disk type partition . FORMAT MENU: disk .write label to the disk analyze .read and display labels save . This reflects the use of the newer storage product.independent SCSI mode selects cache .execute <cmd>. format Command Menus The format command now supports the -e option which is the scsi expert option. Enterprise Services.enable. Enterprise Services.display a mode sense page . then return apply cancel display all default p<n> default all format inquiry list !<cmd> quit scsi> Be sure students see the warning associated with this expert menu. It is recommended that you do not use this menu for normal disk configuration and formatting. Following are the choices in the cache submenu: format> cache CACHE MENU: Managing Local Disk Devices Copyright 2006 Sun Microsystems. or two hexadecimal digits.Listing a System’s Devices Following are the choices in the scsi submenu: format> scsi Warning: these functions are intended for expert use only. All Rights Reserved. [~] complements the specified value apply mode select list cancel mode select list display mode select list display all supported mode sense pages mode select page <n> to default values mode select all pages to default values format without standard mode selects display device's inquiry response list common SCSI-2 mode pages execute <cmd> . in the form 0x<xx>.change a byte and issue mode select . Inc. or know exactly what you are doing. for debugging disk devices and for unusual configuration settings. SCSI MENU: p<n> p<n> b<n> <op> [~]<n> b<n> <op> [~]<n> . unless you have explicit instructions.add an operation to the mode select list for the current page where: p<n> specifies the page with page code <n> b<n> specifies byte <n> of the page <op> can be one of the following operators: = (set specified value) |= (bitwise OR with current value) &= (bitwise AND with current value) <n> can be a decimal value in the range 0-255. Revision A 3-5 . display or modify read cache settings !<cmd> . in the Solaris 8 OS. For example..00mb.. 0. Revision A . Enterprise Services..93mb.00gb]: By comparision.Listing a System’s Devices write_cache .. this is an expert menu. 8.display or modify write cache settings read_cache . partition> 3 Part Tag 3 unassigned 17784684 Enter Enter Enter Enter Flag wm Cylinders 12312 . Format Sizing Specifications After the release of the Solaris 8 OS and before the first release of the Solaris 9 OS. 0.. the prompt for entering a partition size is is shown below (bolded): . the format command supported specifiying the ending cylinder size as an alternative way to size a partition.48gb]: 3-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. 8683.48GB Blocks (6156/0/0) partition id tag[unassigned]: partition permission flags[wm]: new starting cyl[12312]: partition size[17784684b. Inc. 18467e. partition> 3 Part Tag 3 unassigned 0 Enter Enter Enter Enter Flag wm Cylinders 0 Size 0 Blocks (0/0/0) partition id tag[unassigned]: partition permission flags[wm]: new starting cyl[0]: 52 partition size[0b. then return quit cache> Again. 6156c.18467 Size 8. 0c.execute <cmd>. the partition size prompt in the Solaris 9 and 10 Operating Systems now has an ending cylinder specification option (bolded) as follows: . The Extensible Firmware Interface (EFI) label provides support for physical disks and virtual disk volumes. are provided. If you use the format utility to change partition sizes. and you can create a UFS file system that is greater than 1 Tbyte. No cylinder. head. or slices. the unassigned partition tag is assigned to partitions with sizes equal to zero. Enterprise Services. This feature means that no partition can start at sector zero (0). The UFS file system is compatible with the EFI disk label. the format utility assigns the usr partition tag to any partition with a size greater than zero. so partitions start at sector 34. nor with any other partitions. The Solaris 9 4/03 release provides support for disks that are larger than 1 terabyte (Tbyte) on systems that run a 64-bit Solaris kernel. Managing Local Disk Devices Copyright 2006 Sun Microsystems. ssd. The size of the EFI label is usually 34 sectors. Sizes are reported in blocks. If you need greater disk capacity than 2 terabytes. This feature is new in the Solaris 9 4/03 release. Inc. Revision A 3-7 . Slices 0-6. ● ● ● Keep the following restrictions in mind when determining whether to use disks greater than 1 terabyte is appropriate for your environment: ● The SCSI driver. You can use the partition change menu to reassign partition tags after the partitions are changed. cannot overlap with the primary or backup label. Partitions. However. The EFI disk label differs from the VTOC disk label in the following ways: ● ● ● Support for disks that are greater than 1 Tbyte in size is provided. This release also includes updated disk utilities for managing disks that are greater than 1 Tbyte. you cannot change a partition with a non-zero size to the unassigned partition tag. use a volume management product like Solaris Volume Manager to create a larger device. currently only supports up to 2 terabytes. the last two cylinders of the disk.Listing a System’s Devices Multiterabyte Volume Support With EFI Disk Labels This multiterabyte disk support is available only for systems that run a 64-bit kernel. or sector information is stored in the label. Information that was stored in the alternate cylinders area. where slice 2 is just another slice. By default. is now stored in slice 8. All Rights Reserved. All Rights Reserved.isp@2. c1t9d0 <SUNW18g cyl 7506 alt 2 hd /sbus@2. Revision A .0/QLGC.0/QLGC. The EFI specification prohibits overlapping slices.0 3.10000/sd@0. The whole disk is represented by cxtydz..done AVAILABLE DISK SELECTIONS: 1. Then. you can use the Solaris Management Console's Enhanced Storage Tool to manage volumes and disksets with EFI-labeled disks. but not in cylinders and heads.dat file.10000/[email protected] a System’s Devices ● Layered software products intended for systems with EFI-labeled disks might be incapable of accessing a disk with an EFI disk [email protected]@2. Information about disk or partition sizes is given in sectors and blocks.0 4.isp@2. Enterprise Services. A disk with an EFI disk label is not recognized on systems running previous Solaris releases. c1t1d0 <SUNW18g cyl 7506 alt 2 hd /sbus@2. ● EFI Labels and the format Command The format command has been enhanced to support EFI labelling. You cannot use the Solaris Management Console's Disk Manager Tool to manage disks with EFI labels.0/QLGC. Following is an example of labeling choices for disks that support EFI labelling: # format -e Searching for disks. Use the format utility to partition disks with EFI labels.0 2. The EFI disk label is not supported on IDE disks. c1t8d0 <SUNW18g cyl 7506 alt 2 hd /[email protected]/QLGC..10000/sd@8. c1t0d0 <SUNW18g cyl 7506 alt 2 hd /[email protected] Specify disk (enter its number): 4 selecting c1t9d0 [disk formatted] 19 sec 248> 19 sec 248> 19 sec 248> 19 sec 248> 3-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.10000/sd@9. The following format options are either not supported or are not applicable on disks with EFI labels: ● ● ● ● ● ● ● The save option is not supported because disks with EFI labels do not need an entry in the format. Inc. The backup option is not applicable because the disk driver finds the primary label and writes it back to the disk. Listing a System’s Devices format> label [0] SMI Label [1] EFI Label Specify Label type[0]: 1 Ready to label disk. All Rights Reserved. # * * * * * * * * * * * prtvtoc /dev/rdsk/c3t1d0s0 /dev/rdsk/c3t1d0s0 partition map Dimensions: 512 bytes/sector 2479267840 sectors 2479267773 accessible sectors Flags: 1: unmountable 10: read-only Managing Local Disk Devices Copyright 2006 Sun Microsystems. Inc. Enterprise Services. continue? yes format> quit The following example shows the disk label information for disk with a VTOC label. # * * * * * * * * * * * * * * * * prtvtoc /dev/rdsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 partition map Dimensions: 512 bytes/sector 63 sectors/track 15 tracks/cylinder 945 sectors/cylinder 8894 cylinders 8892 accessible cylinders Flags: 1: unmountable 10: read-only First Sector 1048950 0 0 4430160 Sector Count 3381210 1048950 8402940 3972780 Last Sector 4430159 1048949 8402939 8402939 Partition 0 1 2 7 Tag 2 3 5 8 Flags 00 01 00 00 Mount Directory / /export/home The following example shows the disk label information for disk with an EFI label. Revision A 3-9 . The workaround is to quit the format command and re-invoke it (with the -e option). All Rights Reserved. Inc. the partition table looks similar to the following: Current partition table (original): Total disk sectors available: 2576924638 + 16384 (reserved sectors) Part Tag 0 root 2576924636 1 unassigned 2 unassigned 3 unassigned 4 unassigned 5 unassigned 6 unassigned 8 reserved 2576941021 Flag wm wm wm wm wm wm wm wm First Sector 34 0 0 0 0 0 0 2576924638 Size 1. In a shared web browser. Revision A .Listing a System’s Devices * * Partition Directory 0 1 6 8 First Sector Sector Count 262144 262144 2478727100 16384 Last Sector 262177 524321 2479251421 2479267805 Tag 2 3 4 11 Flags 00 01 00 00 Mount 34 262178 524322 2479251422 After the Solaris release is installed on a system with an EFI-labeled disk.20TB 0 0 0 0 0 0 8.sun.00MB Last Sector 0 0 0 0 0 0 There is bug logged which discusses an issue where if an EFI label is written to a disk that has an SMI label the slice 7 still shows (it shouldn’t). Enterprise Services.22?q=EFI+labels (The Solaris 9 9/04 System Administrator Collection.com/app/docs/coll/47.) 3-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. show students where much more of this information is available: http://docs. The CR is 6290529: format displays slice 7 after converting disk to EFI label. 23 Feb 32.. 0 32.. 1 32.1/scsi@2 # ls -l total 4 drwxr-xr-x brw-r----crw-r----brw-r----crw-r----. 17 Jan 31 17:18 sd@0. brw-r----crw-r----. 32.raw 1 root 1 root 7 Feb 7 Feb Managing Local Disk Devices Copyright 2006 Sun Microsystems.raw 3 09:54 [email protected]:h..raw Feb 3 09:39 sd@0. The first example shows 2 disk devices on a system before a new disk device is added: # cd /devices/[email protected]:b.0:h 3 09:54 [email protected]/[email protected]:h. Enterprise Services. All Rights Reserved.0:a Feb 3 09:54 [email protected]:h 3 09:54 sd@0. 16 32.0:b. 17 32.0:a..0:b Feb 3 09:54 [email protected] Feb 3 09:54 [email protected] 1 root 1 root 2 1 1 1 1 root root root root root 32. The devfsadm command attempts to load every driver in the system and attach all possible device instances.0:a. Jan 31 17:18 sd@1. In addition to managing these directories.. 16 32. 0 32.Reconfiguring Devices Reconfiguring Devices /devices and /dev Directory Link Changes The behavior of the devfsadm command in the Solaris 10 OS has changed with respect to the /devices directory and the links in the /dev directory. 1 32.0 Jan 31 17:18 sd@0. Inc.. Following is captured interaction on a sytem where the device configuration was changed and the devfsadm command used to implement the new configuration.0:b Feb 3 09:54 sd@1. brw-r----crw-r----# 2 1 1 1 1 root root root root root sys sys sys sys sys sys sys sys sys sys sys sys sys sys 512 32. drwxr-xr-x brw-r----crw-r----brw-r----crw-r----.0:a Feb 3 09:54 sd@0. 23 Feb 512 32. It then creates symbolic links in the /devices directory and the logical links in the /dev directory to the kernel maintained device files.0 Feb 3 09:54 sd@1. Revision A 3-11 .raw 3 09:54 sd@0. the devfsadm command also maintains the /etc/path_to_inst file. ./.1/scsi@2/[email protected]/pci@1./devices/[email protected]/scsi@2/sd@0./devices/pci@1f./.0:b ./devices/pci@1f./devices/pci@1f../devices/[email protected]/scsi@2/[email protected]/scsi@2/[email protected]/scsi@2/[email protected]/[email protected]/[email protected] Devices The next example shows the links in support of the current configuration and above output: # cd /dev/dsk # ls -l total 48 . All Rights Reserved..0:a lrwxrwxrwx 1 root root 46 Jan 31 .0/pci@1../devices/[email protected]/[email protected]:a devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s1 . Following is the execution of the devfsadm command to implement the new device configuration: # devfsadm -v devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s0 ..1/scsi@2/sd@1./devices/[email protected]/[email protected]/pci@1. Inc. Enterprise Services./../.1/scsi@2/[email protected]:a lrwxrwxrwx 1 root root 46 Jan 31 .0:d devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s4 ././.1/scsi@2/[email protected]/pci@1../devices/pci@1f../devices/[email protected]:b devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s2 ..0" 0 "sd" Another disk device was added at address 3 and turned on.1/scsi@2/[email protected]:e -> -> -> -> -> 3-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.1/scsi@2/sd@1.. lrwxrwxrwx 1 root root 46 Jan 31 ..0/[email protected]/scsi@2/sd@0./.0/[email protected]/scsi@2/[email protected]:h ./devices/[email protected]/scsi@2/sd@3./devices/[email protected]:c devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s3 .0/pci@1. lrwxrwxrwx 1 root root 46 Jan 31 . Revision A . lrwxrwxrwx 1 root root 46 Jan 31 ../../...0/[email protected]" 2 "sd" "/[email protected]:b ..0/pci@1.../.. lrwxrwxrwx 1 root root 46 Jan 31 .0:h 17:17 c0t0d0s0 -> 17:17 c0t0d0s1 -> 17:17 c0t0d0s7 -> 17:17 c0t1d0s0 -> 17:17 c0t1d0s1 -> 17:17 c0t1d0s7 -> The following example shows the corresponding existing entries in the /etc/path_to_inst file: # more /etc/path_to_inst .../. "/pci@1f. 1/scsi@2/[email protected]/[email protected]:d..0/[email protected]/scsi@2/sd@3./devices/[email protected]:h 10:17 c0t3d0s0 -> 10:17 c0t3d0s1 -> 10:17 c0t3d0s2 -> 10:17 c0t3d0s3 -> 10:17 c0t3d0s4 -> 10:17 c0t3d0s5 -> 10:17 c0t3d0s6 -> 10:17 c0t3d0s7 -> Managing Local Disk Devices Copyright 2006 Sun Microsystems.1/scsi@2/sd@3./devices/[email protected]/scsi@2/sd@3./devices/pci@1f./devices/[email protected]/pci@1./.0:g./..1/scsi@2/[email protected]/pci@1./.0:h...raw devfsadm[1678]: verbose: symlink /dev/rdsk/c0t3d0s7 -> .1/scsi@2/[email protected]:f.raw devfsadm[1678]: verbose: symlink /dev/rdsk/c0t3d0s3 -> .0/pci@1... All Rights Reserved./devices/pci@1f./.0:b lrwxrwxrwx 1 root other 46 Feb 3 .0/[email protected]/[email protected]/pci@1.././../...0/[email protected]/pci@1./.0:h devfsadm[1678]: verbose: symlink /dev/rdsk/c0t3d0s0 -> ..raw devfsadm[1678]: verbose: symlink /dev/rdsk/c0t3d0s2 -> ././devices/pci@1f./devices/[email protected] devfsadm[1678]: verbose: symlink /dev/rdsk/c0t3d0s1 -> .0:a lrwxrwxrwx 1 root other 46 Feb 3 .1/scsi@2/[email protected]:c.1/scsi@2/sd@3../.1/scsi@2/sd@3./. Inc.Reconfiguring Devices devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s5 -> .1/scsi@2/sd@3././../devices/pci@1f.../devices/[email protected]:c lrwxrwxrwx 1 root other 46 Feb 3 .0:e lrwxrwxrwx 1 root other 46 Feb 3 .raw The next example displays the new links to the devices under the /dev/dsk directory: # cd /dev/dsk # ls -l total 64 ...0/[email protected]/[email protected] devfsadm[1678]: verbose: symlink /dev/rdsk/c0t3d0s6 -> .1/scsi@2/sd@3./..1/scsi@2/sd@3./devices/pci@1f./devices/[email protected]:b.0:e.0:a.0:g lrwxrwxrwx 1 root other 46 Feb 3 ..raw devfsadm[1678]: verbose: symlink /dev/rdsk/c0t3d0s5 -> .1/scsi@2/sd@3. Revision A 3-13 .0/pci@1...../..raw devfsadm[1678]: verbose: symlink /dev/rdsk/c0t3d0s4 -> .0/pci@1././devices/[email protected]/pci@1./.1/scsi@2/[email protected]/scsi@2/sd@3./.. Enterprise Services.0:d lrwxrwxrwx 1 root other 46 Feb 3 ..1/scsi@2/sd@3./devices/[email protected]/scsi@2/[email protected]/scsi@2/[email protected]/scsi@2/sd@3../devices/pci@1f./devices/[email protected]/[email protected]:f devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s6 -> ../devices/[email protected]:g devfsadm[1678]: verbose: symlink /dev/dsk/c0t3d0s7 -> . lrwxrwxrwx 1 root other 46 Feb 3 ./devices/pci@1f././devices/[email protected]/[email protected]:f lrwxrwxrwx 1 root other 46 Feb 3 .0/[email protected]/pci@1./devices/pci@1f.. Inc.Reconfiguring Devices The final example shows the new entry made to the path_to_inst file for the disk device at address 3: # cat /etc/path_to_inst "/[email protected]" 3 "sd" 3-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . Enterprise Services.0/[email protected]/scsi@2/sd@3. All Rights Reserved. you should be able to: ● ● ● ● Identify changes related to pseudo file systems Describe features of the Multiterabyte UFS Describe changes related to logging in UFS Describe the default behaviour and output of the mount command with respect to logging in the UFS Describe the meaning of the devices flag of the mount command ● 4-1 Copyright 2006 Sun Microsystems. Revision A . Enterprise Services.Module 4 Managing the Solaris OS File System Objectives Upon completion of this module. Inc. All Rights Reserved. Inc. Enterprise Services. the answers should be of interest to them and inspire them to learn the material presented in this module. All Rights Reserved. While they are not expected to know the answers to these questions. ! ? Discussion – The following questions are relevant to understanding file system changes in the Solaris 10 OS: ● What are the new pseudo file systems implemented in the Solaris 10 OS? How has the size of the UFS file system changed in the Solaris 10 OS? What is the default setting for logging in the UFS? How can you tell if logging is enabled for mounted UFS file systems? ● ● ● 4-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A .Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. All Rights Reserved.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration. Revision A 4-3 . PN 817-0403 System Administration Guide: Devices and File Systems. Enterprise Services. PN 817-6960 Managing the Solaris OS File System Copyright 2006 Sun Microsystems. PN 817-1985 System Administration Guide: Advanced Administration. Inc. in addition to providing access to kernel information and facilities. # cat /etc/vfstab #device #to mount # fd /proc /dev/dsk/c0t0d0s1 /dev/dsk/c0t0d0s0 /dev/dsk/c0t0d0s6 /dev/dsk/c0t0d0s3 /dev/dsk/c0t0d0s7 /devices ctfs objfs swap # device to fsck /dev/rdsk/c0t0d0s0 /dev/rdsk/c0t0d0s6 /dev/rdsk/c0t0d0s3 /dev/rdsk/c0t0d0s7 mount point /dev/fd /proc / /usr /var /export/home /devices /system/contract /system/object /tmp FS type fd proc swap ufs ufs ufs ufs devfs ctfs objfs tmpfs fsck pass 1 1 1 2 mount mount at boot options no no no no no no yes no no no yes - 4-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Pseudo File Systems Pseudo File Systems Pseudo file systems are memory based. devfs – The device file system is used to manage the namespace of all devices on the system. have the students issue the mount -p command. so that a failure in a part of a multi-process service can be identified as a failure of that service. Engage the students and keep the training interactive by having them execute them on a lab system in a shared window for all to see. ● ● To see the file system types currently in use. This file system is used by the kernel to store details relating to the modules currently loaded by the kernel. Pseudo File Systems in the /etc/vfstab File This section contains a number of command examples and output. This file system is used for the /devices directory. ctfs – The contract file system is associated with the /system/contract directory. This is used by the Service Management Facility to track the processes which compose a service. Revision A . The object file system is used for the /system/object directory. All Rights Reserved. Inc. Enterprise Services. The /etc/vfstab file in the Solaris 10 OS shows the directives and specifications for the mounting of these new files systems (bolded). These file systems provide for better system performance. Pseudo file systems new in the Solaris 10 OS include: ● objfs – The kernel object file system. Support for a multiterabyte UFS file system assumes the availability of multiterabyte LUNs. Previously. Multiterabyte file systems also benefit from the availability of logging because the fsck command might not have to be run when logging is enabled. These LUNS are provided as Solaris Volume Manager or Veritas VxVM volumes. This limitation means that you cannot put a root (/) file system on a multiterabyte file system. ● Managing the Solaris OS File System Copyright 2006 Sun Microsystems. You can specify that the file system can eventually be grown to a multiterabyte file system by using the newfs -T command. This feature is new in the Solaris 9 8/03 release. or as physical disks that are greater than one Tbyte. All Rights Reserved. which can later be increased in size to a maximum of 16 Tbytes. The Solaris 9 8/03 release provides support for multiterabyte UFS file systems on systems that run a 64-bit Solaris kernel. All UFS file system commands and utilities have been updated to support multiterabyte UFS You can initially create a UFS file system that is less than one Tbyte. Solaris Volume Managerís logical volumes. You cannot boot from a file system that is greater than 1 Tbyte. This command sets the inode and fragment density to scale appropriately for a multiterabyte file system. Inc. You can create a file system that is less than 16 Tbytes. UFS logging is enabled by default. ● ● Limitations of multiterabyte UFS file systems include the following: ● You cannot mount a file system that is greater than 1 Tbyte on a system that runs a 32-bit Solaris kernel. Multiterabyte file systems can be created on physical disks. UFS file systems were limited to approximately 1 terabyte (Tbyte) on both 64-bit systems and 32-bit systems. Multiterabyte file systems benefit from the performance improvements of having UFS logging enabled.Multiterabyte UFS File Systems Multiterabyte UFS File Systems Multiterabyte UFS file system support is available only for systems that run a 64-bit kernel. and Veritas’s VxVM logical volumes. Revision A 4-5 . Enterprise Services. Features of multiterabyte UFS file systems include the following: ● ● You can create a UFS file system to a maximum of 16 Tbytes in size. and then applied to the actual UFS file systemís metadata. Logging is now enabled by default for all UFS file systems except under the following conditions: ● ● When logging is explicitly disabled If insufficient file system space exists for the log In Solaris releases prior to Solaris 9 9/04. This limit is intended to reduce the time it takes to check the file system with the fsck command. Inc. The maximum quota that you can set on a multiterabyte UFS file system is 2 Tbytes of 1024 byte blocks. Enterprise Services. you might not have to run the fsck command after a system crash or an unclean shutdown. All Rights Reserved. The maximum number of files per terabyte of UFS file system is 1 million. This improvement can occur because a file system with logging enabled converts multiple updates to the same data into single updates. Using the fssnap command to create a snapshot of a multiterabyte UFS file system is not currently supported. ● 4-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. UFS logging provides two advantages: ● If the file system is already consistent because of the transaction log. Starting in the Solaris 9 12/02 release.Multiterabyte UFS File Systems ● ● There is no support for individual files greater than 1 Tbyte. you had to enable UFS logging explicitly. Sets of transactions are recorded in an on-disk log. UFS logging packages into a transaction the multiple metadata changes that compose a complete UFS operation. the performance of UFS logging improves or exceeds the level of performance of nonlogging file systems. ● ● UFS Logging Enabled by Default This feature was introducted in the Solaris 9 9/04 release. Revision A . This capability reduces the number of overhead disk operations that are required. Multiterabyte UFS File Systems Logging and the /etc/vfstab File In the Solaris 9 OS... device to fsck mount point FS type fsck pass mount mount at boot options /dev/rdsk/c1t0d0s7 /database ufs 1 yes logging In the Solaris 10 OS. because logging is enabled by default for UFS file systems. Enterprise Services. The nologging mount command option still is supported.. you use the logging directive in the mount options column of the /etc/vfstab file if a file system was to be mounted with logging enabled. For example: # cat /etc/vfstab #device #to mount # .. Inc. Managing the Solaris OS File System Copyright 2006 Sun Microsystems. the directive is no longer needed. Revision A 4-7 . All Rights Reserved. /dev/dsk/c1t0d0s7 . Revision A . The following mount command output shows these flags bolded: # mount / on /dev/dsk/c0t0d0s0 read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=22000 08 on Sun Oct 24 08:57:24 2004 /devices on /devices read/write/setuid/devices/dev=4a80000 on Sun Oct 24 08:57:00 2004 /system/contract on ctfs read/write/setuid/devices/dev=4ac0001 on Sun Oct 24 08:57:00 2004 /proc on proc read/write/setuid/devices/dev=4b00000 on Sun Oct 24 08:57:00 2004 /etc/mnttab on mnttab read/write/setuid/devices/dev=4b40001 on Sun Oct 24 08:57:00 2004 /etc/svc/volatile on swap read/write/setuid/devices/xattr/dev=4b80001 on Sun Oct 24 08:57:00 2004 /system/object on objfs read/write/setuid/devices/dev=4bc0001 on Sun Oct 24 08:57:00 2004 /usr on /dev/dsk/c0t0d0s6 read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=22000 0e on Sun Oct 24 08:57:25 2004 /dev/fd on fd read/write/setuid/devices/dev=4d40001 on Sun Oct 24 08:57:25 2004 /var on /dev/dsk/c0t0d0s3 read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=22000 0b on Sun Oct 24 08:57:27 2004 /var/run on swap read/write/setuid/devices/xattr/dev=4b80002 on Sun Oct 24 08:57:27 2004 /tmp on swap read/write/setuid/devices/xattr/dev=4b80003 on Sun Oct 24 08:57:27 2004 4-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. All Rights Reserved. logging is enabled by default for all UFS file systems. the nologging flag appears. The mount command output shows the logging flag as the default. new flags now appear in the output of the mount command. The devices flag indicates that the opening of device-special files is allowed.New mount Command Flags New mount Command Flags Since the Solaris 9 9/04 release. Inc. If logging is disabled. logging flag Since the Solaris 9 9/04 release. devices flag Also introducted at that time was the devices flag which is the default value (as opposed to nodevices). Enterprise Services. Inc.New mount Command Flags /export/home on /dev/dsk/c0t0d0s7 read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=22000 0f on Sun Oct 24 08:57:41 2004 There exists a bug with the umountall command (#4687955) which concerns a number of options to the umountall command not working. Managing the Solaris OS File System Copyright 2006 Sun Microsystems. As of the writing of this course. this fix has been delivered and scheduled to release with build 22 of the Solaris 10 OS. All Rights Reserved. Revision A 4-9 . . All Rights Reserved. you should be able to: ● ● ● Describe the installation methods available for the Solaris 10 OS State the installation requirements for the Solaris 10 OS Describe additional software groups introduced in the Solaris 10 OS 5-1 Copyright 2006 Sun Microsystems.Module 5 Installing the Solaris OS Objectives Upon completion of this module. Revision A . Enterprise Services. Inc. Revision A . Enterprise Services. ! ? Discussion – The following questions are relevant to understanding how installation works in the new Solaris 10 OS: ● What are the various installation methods available for installing the Solaris 10 OS.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. How differently does the Solaris 10 OS install than prior releases? ● 5-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. the answers should be of interest to them and inspire them to learn the material presented in this module. All Rights Reserved. While they are not expected to know the answers to these questions. Revision A 5-3 . Enterprise Services.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration.com: (http://www. Inc. All Rights Reserved.jsp#ho wto) Installing the Solaris OS Copyright 2006 Sun Microsystems. PN 817-1985 System Administration Guide: Advanced Administration. PN 817-0403 The How To Guides at www.com/software/solaris/reference_resources.sun.sun. Solaris 10 OS Installation and Upgrade Options There are a number of different ways the installation can take place: ● ● ● ● ● ● Solaris installation Graphical User Interface (GUI) Solaris installation Command Line Interpreter (CLI) Solaris Custom JumpStart™ software (JumpStart) installation Solaris Flash Archives Solaris WAN boot installation Solaris Upgrade method Note – The Solaris 10 OS contains a new GUI interface for installation.Installation Methods Installation Methods There are two ways to install the Solaris 10 OS on your system. ● ● 64-127 Mbytes starts with nowin 128-383 Mbytes starts a GUI window with a text-based install running in it 384-511 Mbytes starts up the GUI interface 512 Mbytes and higher starts the installation kiosk ● ● 5-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Solaris Installation Command Line Interpreter (CLI) Hosts which do not have a graphical screen cannot run the GUI installation. suninstall and Flash installation. Options are provided in menu format with the spacebar being used to select options and F2. the Webstart method used for Solaris 8 OS installations is no longer used. Neither is the Tab Window Manager (TWM) based GUI used in the Solaris 9 OS. All Rights Reserved. The older OpenWindows based GUI of Solaris 8 releases is no longer used. being used to accept selected options. Revision A . Starting the installation with the nowin argument allows all the questions and answers to be completed in a text-only environment. Also. Enterprise Services. (or the equivalent escape key sequence). Inc. To protect the integrity of the installation. you can use private keys to authenticate and encrypt data. Inc. Wan Boot is covered in more detail (along with a lab exercise) at the end of the course. You can also transmit your installation data and files over a secure HTTPS connection by configuring your systems to use digital certificates. The WAN boot programs then install the client system by performing a custom JumpStart installation.Installation Methods Solaris WAN Boot The WAN boot installation method enables you to boot and install software over a wide area network (WAN) by using HTTP/HTTPS. Installing the Solaris OS Copyright 2006 Sun Microsystems. Enterprise Services. The WAN boot installation method enables you to transmit an encrypted Solaris Flash archive over a public network to a remote SPARC®-based client. All Rights Reserved. Revision A 5-5 . you install through the Solaris installation program's text installer. not through the GUI. You might need to customize the swap space. All Rights Reserved. Solaris 10 OS Hardware Requirements for Installation A Solaris 10 OS installation requires the following: ● ● ● 256 Mbytes of memory (512 Mbytes recommended) At least 5 Gbytes of disk space Access to a CD-ROM/DVD drive or an installation server Table 5-1 and Table 5-2 on page 5-7 show additional details about memory. 200–MHz or faster processor is required. Enterprise Services. and Processor Recommendations Size Memory to install or upgrade 256 MB is the recommended size.Installation Requirements for the Solaris 10 OS Installation Requirements for the Solaris 10 OS This section covers hardware and software requirements for Solaris 10 OS installation. Swap space is based on the size of the system's hard disk. Some optional installation features are enabled only when sufficient memory is present. if you install from a DVD with insufficient memory. Swap. Swap area 512 MB is the default size. swap. Revision A . Inc. For example. Table 5-1 SPARC: Memory. and processor requirements for the Solaris 10 OS installation. 128 MB is the minimum size. Processor requirements 5-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A 5-7 . 256 MB is the recommended size. the GUI is displayed by default. you install through the Solaris installation program's text installer. Memory Requirements for Display Options During Installation You can choose to install the software with a GUI or with or without a windowing environment. You might need to customize the swap space.Installation Requirements for the Solaris 10 OS Table 5-2 x86: Memory. You can override defaults with the nowin or text boot options. If there is sufficient memory. and Processor Recommendations Size Memory to install or upgrade Starting with the Solaris 10 1/06 release. Also if the Solaris installation program does not detect a video adapter. 512 MB is the recommended size. Other environments are displayed by default if memory is insufficient for the GUI. Installing the Solaris OS Copyright 2006 Sun Microsystems. Enterprise Services. Processor requirements 120–MHz or faster processor is recommended. Swap. 256 MB is the minimum size. Some optional installation features are enabled only when sufficient memory is present. But. Swap space is based on the size of the system's hard disk. you are limited by the amount of memory in your system or by installing remotely. Hardware floating-point support is required. it automatically displays in a console-based environment. if you install from a DVD with insufficient memory. All Rights Reserved. For example. For the Solaris 10 3/05 release. Inc.The amount of memory in the system determines the display options during installation. Swap area 512 MB is the default size. 128 MB is the minimum size. not through the GUI. 384 MB or greater GUI-based Provides windows. and iconic images. buttons. If you install by using the text boot option and the system has enough memory. you are installing in a windowing environment. If you are installing remotely through a tip line or using the nowin boot option. chapter 1 5-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. you are limited to the console-based installation. If you are installing remotely through a tip line or using the nowin boot option. you are limited to the console-based installation. scrollbars. pull-down menus. Enterprise Services. buttons. All Rights Reserved. Table 5-3 SPARC: Memory Requirements for Display Options Size 128–383 MB Text-based Contains no graphics. Revision A . scrollbars. Table 5-4 x86: Memory Requirements for Display Options Size Starting with the Solaris 10 1/06 release: 256–511 MB For the Solaris 10 3/05 release: 128–383 MB Text-based Contains no graphics. If you install by using the text boot option and the system has enough memory. but provides a window and the ability to open other windows. pull-down menus.com/app/docs/doc/817-0544. but provides a window and the ability to open other windows. Starting with the Solaris 10 1/06 release: 512 MB For the Solaris 10 3/05 release: 384 MB LVC Ref: http://docs. you are installing in a windowing environment. Inc. GUI-based Provides windows.sun.Installation Requirements for the Solaris 10 OS Table 5-3 and Table 5-4 describe SPARC and x86 platform memory requirements for display options. and iconic images. you can access both the Solaris OS installation graphical user interface (GUI) and the console-based installation.This CD contains Solaris OS packages which the software prompts you to install if necessary. From this CD. Installing the Solaris OS Copyright 2006 Sun Microsystems. ● ● ● ● Solaris OS Software Groups Software groups are collections of Solaris OS software packages. Each software group includes support for different functions and hardware drivers. Solaris 10 OS Software 4 .Installation Requirements for the Solaris 10 OS Installation Media The Solaris 10 OS is available on a set of CD-ROMs or all on a single DVD-ROM.This CD contains Solaris OS packages which the software prompts you to install if necessary and ExtraValue software.This CD contains translated message files and other software in languages other than English. Revision A 5-9 . The Solaris 10 OS is made up of seven software groups: ● ● Minimal Core Metacluster (new in the Solaris 10 OS) Reduced Networking Support software group (new in the Solaris 10 OS) Core System Support software group End User Solaris software group Developer Solaris software group Entire Solaris software group Entire Solaris software group plus Original Equipment Manufacturers (OEM) support ● ● ● ● ● Minimal Core Metacluster (SUNWCmreq) This is a new metacluster. Enterprise Services. Inc.This CD contains Solaris OS packages which the software prompts you to install if necessary. Solaris 10 OS Software 3 . All Rights Reserved. Solaris 10 OS Languages CD . Following are the contents of the CD-ROM set. It allows you to create a minimal core metacluster by deselecting packages from the core metacluster. ● Solaris 10 OS Software 1 – This CD is the only bootable CD. Solaris 10 OS Software 2 . The metacluster SUNWCmreq is a hidden metacluster. The Set the Default Route window now appears. Specific Configuration Changes During Text-Based Solaris Installation Following are new prompts encountered during the CLI installation of the Solaris 10 OS. you are prompted to select each network interface that you want to configure. but does not activate network services. Enterprise Services. A choice of which locale to use is presented. you can let the operating system try to find a default route. be used as a thin-client host in a network. This group contains the minimum software that is required to boot and run a Solaris system with limited network service support. The derived domain name is sufficient for most configurations. In a few cases. Inc.Installation Requirements for the Solaris 10 OS Reduced Network Support Software Group (SUNWCrnet) This is a new metacluster. Do you need to override the system’s default NFS version 4 domain name (yes/no) ? [no] : 5-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. mounts that cross different domains might cause files to be owned by "nobody" due to the lack of a common domain name. This software group also enables the system to recognize network interfaces. you can specify one or you can select none. which uses a domain name that is automatically derived from the system’s name services. The following description displays concerning NFS version 4: ● ● ● ● ● This system is configured with NFS version 4. The Reduced Networking software group provides a multiuser text-based console and system administration utilities. There might be extra products on the installation media that you have an opportunity to select for installation. and select which network interface you want to be your primary interface. ● If your system has more than one network interface. All Rights Reserved. In this window. Revision A . for example. A system installed with the Reduced Networking software group could. A license agreement window now displays that must be scrolled through and explicitly accepted. Revision A 5-11 . The default is to use NFSv4 software when sharing a directory or accessing a shared file. 3. All Rights Reserved. Version-related checks are applied whenever a client host attempts to access a server’s file share. by default. Inc. use the NFSv4 protocols. in the Solaris 10 OS. Installing the Solaris OS Copyright 2006 Sun Microsystems. x86 still supports 32 bit Solaris for platforms that are only 32 bit capable. If all hosts in the network are installed with Solaris 10 OS.Installation Requirements for the Solaris 10 OS The Solaris 10 OS supports versions 2. and 4 NFS simultaneously. the installation methods create only the root file sysem. ● You no longer get prompted to install the Solaris 64-bit packages because only 64 bit is supported for Sparc based systems. then all hosts should. Enterprise Services. Partitioning and File Systems Be default. the /export/home file system and a swap partition. Deploying Solaris via the network is simplied. GNU GRUB version 0. Solaris can coexist with other operating systems on the same machine.) The Solaris kernel is fully compliant with Multiboot Specification 2 and therefore can be booted with GRUB which implements this specification. By adopting a boot loader developed by the open source community. v60x and v65x) | | +---------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. 5-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Press enter to boot the selected OS.95. Revision A . or 'c' for a command-line.95 (631K lower / 2095488K upper memory) +---------------------------------------------------------------------+ | Solaris | Solaris Serial Console ttya | Solaris Serial Console ttyb (for lx50. Benefits of using GRUB include: ● ● Booting and installing from USB DVD drives is now supported. 'e' to edit the commands before booting. All Rights Reserved. which were part of the old Solaris boot loader. Independent Hardware Vendors (IHVs) can deliver drivers at install times via CD/DVD. particularly in the area of DHCP server setup. ● ● ● ● Editting the GRUB Menu to Modify Boot Behavior The GRUB menu displays after the system boots and the memory test and hardware detection phase is completed. Enterprise Services.Solaris x86/x64 Installation and GRUB Solaris x86/x64 Installation and GRUB Solaris 10 Update 1 introduces the use of the GRand Unified Bootloader (GRUB) open source bootloader version . (The Device Conguration Assistant and associated interactive shell are no longer present. existing experience can be leveraged. Inc. Developers no longer need to deal with realmode drivers. After modifying the entry. GRUB loads the boot archive into system memory. The module command entry references the boot archive. 'd' to remove the selected line. it mounts the root filesystem on the real root device as specified by the bootpath property. The kernel can now initialize itself from data and text in the boot archive without performing I/O to the root device. Inc. The system may manually update the boot archive prior to system shutdown by running the bootadm(1M) command. Enterprise Services. Use the up and down arrow keys to select a line for editting and type the e command again to start editting that entry. 'o' to open a new line after ('O' for before) the selected line. Revision A 5-13 . At boot time.ramdisk file. Once the kernel gains sufficient I/O capability.95 (631K lower / 2095488K upper memory) +---------------------------------------------------------------------+ | root (hd0.2. type Enter to save your changes and return to the GRUB menu or enter ESC to return to the main GRUB boot selection menu without saving your changes. Press 'b' to boot. The boot archive is a collection of core kernel modules and configuration files packed in either ufs or isofs format. Installing the Solaris OS Copyright 2006 Sun Microsystems. When the system shuts down it checks for updates to the root filesystem and updates the boot archive when necessary. 'e' to edit the selected command in the boot sequence. or escape to go back to the main menu. 'c' for a command-line. the boot archive loaded by GRUB is discarded from memory. All Rights Reserved. A list of entries that can be editting displays. GNU GRUB version 0. The contents of the boot archive are specified in the /boot/solaris/filelist.Solaris x86/x64 Installation and GRUB Typing the e command interrupts the boot procedure and initiates a GRUB edit session.a) | kernel /platform/i86pc/multiboot | module /platform/i86pc/boot_archive | | +---------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. At this point. n.1. Various options can be used with the kernel command. it should be quoted as the following console high speed example shows: grub edit> kernel /platform/i86pc/multiboot / -B console=ttya. Enterprise Services. When you use GRUB to edit this line changes are made to the contents of this file.-" The following kernel command line will boot a 64-bit capable x86 system with a 32-bit kernel with the kernel debugger enabled: grub edit> kernel /platform/i86pc/multiboot kernel/unix -k 5-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Solaris x86/x64 Installation and GRUB Using the kernel Command The kernel command (kernel(1M)) entry boots the Solaris kernel. The following kernel command line will boot a 64-bit capable x86 system with a 32-bit kernel: grub edit> kernel /platform/i86pc/multiboot kernel/unix The following kernel command line will boot a 64-bit capable x86 system with a 32-bit kernel in single user mode: grub edit> kernel /platform/i86pc/multiboot kernel/unix -s The following kernel command line will set the console property to ttya: grub edit> kernel /platform/i86pc/multiboot -B console=ttya If the property value contains commas. At installation time default boot parameters are store in the /boot/solaris/bootenv.8. Revision A .rc file.ttya-mode="115200. Inc. All Rights Reserved. Revision A 5-15 .miniroot-safe Note – The device/partition/slice specifications need to match your particular system.2.1. After upgrading.lst file but it is not recommended. Edit the GRUB menu outside of that altered by the bootadm command so that it looks like the following: #---------.lst file directly to add entries for booting other operating systems that are installed on the system.lst File When you edit the GRUB menu during a GRUB edit session the /boot/grub/menu. You can manually modify this file to effect the GRUB menu.a) Installing the Solaris OS Copyright 2006 Sun Microsystems.a) kernel /platform/i86pc/multiboot -B console=ttya -s module /boot/x86.lst file is changed.2.DO NOT EDIT ---------title Solaris 10 Update 1 root (hd0. Inc. assume the following operating systems are installed in the following locations: fdisk fdisk fdisk slice slice partition partition partition 0 Solaris 3 Solaris 0: Windows 1: Linux 2: 9 10 Update 1 Tell the students that GRUB starts counting partitions (not fdisk) at 0 and that GRUB sees the first disk a hd0 regardless of type. the changes would need to be reapplied.lst file: title Solaris fail-safe single user root (hd0. Enterprise Services. For examples. Changes would not be preserved during a system upgrade. Edit the /boot/grub/menu. Caution – It is possible to influence a system’s boot behavior by directly editing the menu. All Rights Reserved.Solaris x86/x64 Installation and GRUB Editing the menu.d) kernel /platform/i86pc/multiboot module /platform/i86pc/boot_archive #---------------------END BOOTADM-------------------title Solaris 9 root (hd0. For example to enable a fail-safe boot of Solaris add the following lines to the /boot/grub/menu.ADDED BY BOOTADM . All Rights Reserved.0) chainloader +1 Note – Note that the Solaris fdisk partition must be the active partition..1) kernel <from Linux's GRUB menu.. you will not be able to get to Solaris even if you make Solaris the active partition. In this case. engage a student by having them do the above.> title Windows root (hd0. Do not put use the makeactive directive under the Windows menu otherwise the system will always boot Windows.sun..sun.com: http://www. Revision A .jsp If you are teaching this class as an LVC.. Inc. you can chainload from the Linux GRUB by modifying the menu on Linux. 5-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Solaris x86/x64 Installation and GRUB chainloader +1 makeactive title Linux root (hd0. share a browser session for all to see and examine the how to guild at www. If students want to see a more complete writeup on the full x86/x64 installation. Enterprise Services. If Linux installed GRUB on the master boot block.> initrd <from Linux's GRUB menu.com/software/solaris/howtoguides/installationhowto. Inc. Revision A 5-17 . These values. which are the equivalent to the SPARC OpenBoot PROM NVRAM variables.lst file It is possible to influence a system’s boot behavior by editing the menu.rc file. All Rights Reserved.1.1. The following eeprom command displays the current values stored: # eeprom kbd-type=US-English ata-dma-enabled=1 atapi-cd-dma-enabled=0 ttyb-rts-dtr-off=false ttyb-ignore-cd=true ttya-rts-dtr-off=false ttya-ignore-cd=true ttyb-mode=9600.lst file but it is not recommended because changes would not be preserved during a system upgrade. ● Direct editing of the menu. ● Using the kernel command This method overrides any changes made by the eeprom command method but only for the current boot session.lba-access-ok=1 Installing the Solaris OS Copyright 2006 Sun Microsystems.Solaris x86/x64 Installation and GRUB Influencing Boot Behavior The boot behavior in the Solaris 10 Update 1 OS can be influenced or changed in the following ways: ● Using the eeprom command This method is recommended because changes made persist across boot sessions and are preserved during a system upgrade. the changes would need to be reapplied. Changes that are made to the Solaris boot behavior by using the eeprom command persist over each system reboot.ttya-mode=9600. Changes made using the kernel command do not persist across system boots. After upgrading. are stored in the /boot/solaris/bootenv.8.n. Enterprise Services.8. The kernel command is used while in the edit mode of an interrupted GRUB boot.n. Using the eeprom Command The eeprom command is used to assign a different value to a standard set of properties. rc 1. # Use is subject to license terms. Inc. reserved.rc # # Copyright 2005 Sun Microsystems. All Rights Reserved.0/pciide@1f. # All rights #ident "@(#)bootenv.rc -.rc file.1/ide@0/cmdk@0. # cat /boot/solaris/bootenv. Enterprise Services.-' setprop ttya-mode '9600. Inc.-' setprop lba-access-ok '1' setprop prealloc-chunk-size '0x2000' setprop bootpath '/[email protected]:a console=ttya The following eeprom commands change the number of megabytes to test during power on self test from the current value to 5 and then back again: # prtconf | grep Memory Memory size: 1024 Megabytes # eeprom selftest-#megs=5 # eeprom selftest-#megs selftest-#megs=5 # eeprom selftest-#megs=1024 # eeprom selftest-#megs selftest-#megs=1024 Values are kept in the /boot/solaris/bootenv.0/[email protected]:a' 5-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Solaris x86/x64 Installation and GRUB prealloc-chunk-size=0x2000 bootpath=/[email protected] 05/09/01 SMI" # # bootenv.n.1/ide@0/cmdk@0. Revision A .boot "environment variables" # setprop kbd-type 'US-English' setprop ata-dma-enabled '1' setprop atapi-cd-dma-enabled '0' setprop ttyb-rts-dtr-off 'false' setprop ttyb-ignore-cd 'true' setprop ttya-rts-dtr-off 'false' setprop ttya-ignore-cd 'true' setprop ttyb-mode '9600.8. Enterprise Services. Inc. Revision A 5-19 .Solaris x86/x64 Installation and GRUB setprop console 'ttya' setprop selftest-#megs '1024' Note – See the eeprom(1M) man page for more information. Installing the Solaris OS Copyright 2006 Sun Microsystems. All Rights Reserved. . the smpatch command line. and the Sun Update Connection hosted Web application 6-1 Copyright 2006 Sun Microsystems. Throughout this module the terms are used interchangably. Enterprise Services. Upon completion of this module. Revision A .Module 6 Introducing the Fundamentals of Package and Patch Administration Objectives The new terminology for patches is updates. Inc. All Rights Reserved. you should be able to: ● ● Describe how signed packages and patches are implemented Implement patch management using the Sun™ Update Connection Services including the Sun™ Update Manager application. While they are not expected to know the answers to these questions. ! ? Discussion – The following questions are relevant to understanding patch or update management and package administration: ● What technology is available for securing the transfer of patches and packages obtained from Sun? What solutions exist for managing many patches and updates for hundreds of Sun systems? ● 6-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Revision A . Inc. All Rights Reserved. the answers should be of interest to them and inspire them to learn the material presented in this module. Enterprise Services. Inc. PN 817-0403 Application Packaging Developer’s Guide (Solaris 9 Update 5) Adding and Removing Signed Packages (Task Map) in the System Administration Guide: Basic Administration. November 2005 ● ● ● The Administration Guides and White Paper are in the /opt/ses/docs directory on each system if the student bundle for this course was installed. PN 817-1985 System Administration Guide: Advanced Administration. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. PN 835-0616 Sun Update Manager 1.0 Administration Guide. All Rights Reserved.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● ● System Administration Guide: Basic Administration.0 Administration Guide. Enterprise Services. PN 817-1985 Sun Update Connection 1. Revision A 6-3 . PN 835-0615 White Paper: Patch Management Solutions for the Solaris 10 Operating System Sun Update Connection. Enterprise Services. See the pkgmk(1) and pkgadd(1M) man pages. Revision A . All Rights Reserved.Longer Package Names Longer Package Names This feature was introduced in the Solaris 9 9/02 release. 6-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The pkgmk utility was enhanced to create packages with names up to 32 characters in length. Inc. Additional software management features introduced include the following: ● You can add a digital signature to a package with the updated pkgtrans command.Signed Packages and Patches Signed Packages and Patches This feature was introduced in the Solaris 9 12/03 release. queried. Before you can add a package or patch with digital signatures to your system. A signed package is also binary-compatible with an unsigned package. In the Solaris 8 release. or removed with existing Solaris packaging tools. This feature enables you to securely download Solaris packages and patches that include a digital signature by using the updated pkgadd and patchadd commands. you must set up a keystore with trusted certificates that are used to identify that the digital signature on the package or patch is valid. Inc. Note – For information about creating a signed package consult the documentation listed in the Additional Resources section at the beginning of this module. Since Solaris 9 12/03 release. it can be used for both unsigned and signed patches. ● You can download a package or patch from an HTTP or an HTTPS server. A signed package is identical to an unsigned package except for the signature. you could only add signed patches to your system if you used the Solaris patch management tools with PatchPro 2. The package can be installed.1. Revision A 6-5 . Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Implementing signed patches requires that the keystore is set up properly. the patchadd command could be used only for unsigned patches. All Rights Reserved. A package or a patch with a valid digital signature ensures that the package or patch has not been modified after the signature was applied to the package or patch. In previous Solaris releases. Enterprise Services. Signed Packages and Patches Note – For information about setting up the package keystore and adding signed packages or patches to your system. Enterprise Services. the use of pkgadd or the Application Packaging Developer’s Guide for information about creating signed packages.sun. When the search results display. Revision A . 15. Select Overview of Software Packages Signed Packages. Navigate from there and discuss areas of interest about the keystore. see the Adding and Removing Signed Packages (Task Map) in the System Administration Guide: Basic Administration. 6-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Take this opportunity to engage the students by selecting someone to browse to docs. Inc. At http://docs. All Rights Reserved. Following is a suggested navigation to the start of the detailed information: 12. and Updates 16.com for additional information about signed patches and packages.sun. Select Chapter 16 (Managing Software (overview). Project the navigation session so all students can watch.com/ search book titles only for Basic Administration 13. Select the Solaris 10 version of the book 14. the CLI task map. Patches. A Sun Online Account is required for any patches obtained using the Sun Update Connection. Revision A 6-7 . All Rights Reserved. Inc. require a service plan. Following is a list of key points regarding the new Solaris 10 OS patch access policy: ● A service plan is not required for security. SunSolve access to other updates requires a service plan and a Sun Online Account. including patch clusters.html Go over the details of the table. The Solaris 10 Patch Manager and SunSolve still support anonymous access but only for security and hardware driver updates. stressing the key points made in the bullet list that follows.sun. ● ● Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Other patches. Enterprise Services.Solaris 10 OS Patch Access Policy Solaris 10 OS Patch Access Policy Display a browser for all to see and go to the more complete policy table at: http://www. select a student to display the table cited above for all to see while you go over the key points. If you are teaching an LVC.com/service/sunconnection/solaris10patches. data integrity or hardware driver updates. pdf Copies of these resources are also in the /opt/ses/docs directory.com/app/docs?q=update+connection&p=coll%2F1320. Sun Update Connection makes it easy for you to stay up-to-date and secure with the latest software updates from Sun.sun. Check that it has been installed and configured when the classroom was installed. It builds on previous patch management tools from Sun and provides an easy to use Graphical User Interface (GUI) as well as a Command Line Interface (CLI).sun.Introducing the Sun Update Connection Introducing the Sun Update Connection Much of the information that follows was taken from the very informative white paper: Patch Management Solutions for the Solaris 10 Operating System Sun Update Connection. November 2005. You will need the flash pluggin for your Mozilla browser. Enterprise Services.com/service/sunupdate/ and start the 4 minute overview demo of Sun Update Connection linked on that page.0 Administration Guide: http://docs.sun.com/service/sunupdate/patchmgtsolaris10. 6-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Sun Update Connection is an automated and proactive approach to patch management needed to deliver the right content to the right systems in a quicker.0 Administration Guide: http://docs. White Paper: Patch Management Solutions for the Solaris 10 Operating System Sun Update Connection. November 2005: http://www. Go to: http://www. All Rights Reserved.sun.com/app/docs?q=update+manager&s=t Sun Update Connection 1. Revision A . The web URLs for the resources listed in the Additional Resources section of this module are: Sun Update Manager 1. and more accurate way. All aspects of patch management are integrated into a seamless architecture that provides: ● Notifications to let administrators know when new updates become available for their systems Automated procedures that greatly simplify the task of keeping systems current Fast intelligent software dependency checks so that updates are automatically deployed along with all dependent updates that are prerequisites Optional local caching of updates to help minimize network traffic and enhance security for the update process A Web hosted service that provides a centralized view of connected systems and enables consistency in applying updates across multiple systems ● ● ● ● Project a browser session for the entire class to view.2&s=t. This demo will introduce the students at a high level to this new service. less expensive. Inc. the smpatch CLI and the patchpro analysis engine. This set of tools and framework is collectively called the Sun Update Connection.0 to perform update-management tasks on your Solaris 8 and Solaris 9 systems. Revision A 6-9 . Continue to use Sun Patch Manager 2. Sun Update Connection 1. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Administering Patches A new set of tools and framework for administering patches (now called software updates) was introduced in the Solaris 10 OS.Introducing the Sun Update Connection The product referenced as Sun UC Client (SunUC Client) includes the Sun Update Manager GUI. The Sun Update Connection tools include the following: ● ● ● Sun Update Manager graphical user interface (GUI) Sun Update Connection Web application Sun Update Manager command-line interface (smpatch) This new set of tools must be added to a system installed with Solaris 10 FCS but now is all bundled in the Solaris 10 01/06 (update 1) release.x is designed for Solaris 10 systems. Enterprise Services. All Rights Reserved.0. Inc. text oriented commands to interact with Sun Update Connection. If you either don't run a graphical environment on your system or just prefer using command line tools. Revision A .Introducing the Sun Update Connection Sun Update Connection Modes The following section provides detail about the two different modes in which you can interact with Sun Update Connection. these modes are: ● Local management of individual systems using the Sun Update Manager or the smpatch CLI Remote and centralized management of multiple systems using the Sun Update Connection Web application ● Locally Managing Updates for Individual Systems You can maintain your own updates to the Solaris 10 OS by establishing a connection to Sun Update Connection and then downloading and installing the appropriate updates based on the analysis of your system. Clicking on the desktop icon will launch the Sun Update Manager application. enabling access to the Sun Update Connection servers hosted at Sun. 6-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. Inc. Sun Update Connection client software can be installed on the Solaris host system. Briefly. you can also implement your own custom scripts to manage updates for multiple systems using Sun Update Connection technology. All Rights Reserved. You will then be automatically notified via a Java Desktop notification icon whenever relevant updates are available. When using the smpatch command interface. a graphical environment for managing patches on the local system. the smpatch command provides the same patch management capabilities using fully scriptable. Enterprise Services.Introducing the Sun Update Connection Figure Figure 6-1 shows that this local update approach enables each system to interact with Sun Update Connection independently of other systems. Revision A 6-11 . It incorporates an updated version of the PatchPro analysis engine and a new user interface that enables users to perform the following primary tasks with point and click menus to: ● ● Analyze system to check for available updates View a list of updates currently available and applicable for the system View details about a specific update Install selected updates ● ● Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Inc. Customer Business Applications and Infrastructure Customer Firewall Sun Update Manager Client or smpatch CLI System A Sun Update Connection Sun Update Manager Client or smpatch CLI System B Sun Update Manager Client or smpatch CLI System C Figure 6-1 Sun Update Manager or the smpatch CLI Sun Update Manager Sun Update Manager is a successor to the Solaris Patch Manager application which was first introduced for the Solaris 8 OS and is now integrated into the Solaris 10 OS distribution. Multiple systems can simultaneously interact with Sun Update Connection. All Rights Reserved. the patch release date. Enterprise Services. and the Check for Updates button clicked. a synopsis. These steps would need to be done first. These details for registering a system will be presented later in the module. the Sun Update Manager will present a list of all current patches available from Sun that are applicable to that particular Solaris 10 system. The Installed Updates tab shows what updates have been installed. Revision A . Not shown here is the process for obtaining a Sun Online Account and the procedure for registering the system. before you would see the updates listed as in Figure 6-2. All Rights Reserved.Introducing the Sun Update Connection As Figure 6-2 shows. The Available Updates tab provides important information about each patch including patch id. Use the following command to start the Sun Update Manager: # /usr/bin/updatemanager Note – You can also start the Sun Update Manager by clicking the desktop notification icon on your Java Desktop. Inc. and notice of any special handling requirements. download size. Figure 6-2 Sun Update Manager Showing Available Updates 6-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. smpatch Command Line Interface The smpatch command line interface (CLI) for Sun Update Connection is built into the Solaris 10 OS and is an updated version of the smpatch CLI that has been available in earlier distributions of the Solaris OS. this smpatch command would download only the most current revision of the patch. Inc. After dependencies are approved. All Rights Reserved. For updates that require a system restart.0.Introducing the Sun Update Connection When you elect to install updates.0. Note – See the sconadm(1M) man page for details. installation is deferred until the system is restarted by the user. The smpatch CLI provides much the same functionality as the Sun Update Manager GUI including the ability to: ● Analyze and produce a list of recommended patches for a system using the smpatch update command Download one or more patches to a system using the smpatch download command ● Before the 1.4 release. even back or obsolete revisions. Enterprise Services. Starting with the 1. If you are familiar with the Solaris smpatch command you can immediately be productive using Sun Update Connection. Revision A 6-13 . ● ● Add one or more patches to a system using smpatch add command Back out unwanted patches using smpatch remove command Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems.4 release. Sun Update Manager also includes a complete history of updates installed on the system and provides an efficient method for uninstalling updates should that be necessary. you are asked to approve any dependencies so that all required patches are installed together in the proper order. or which must be applied while the system is in single user mode. is is possible to download any revision. that the Solaris 10 OS must be registered with the Sun Update Connection before the smpatch command will be allowed to connect. all updates except those which require special handling are automatically applied in real time.) Registration of systems can be accomplished using the Sun Update Manager or by using the sconadm command line registration utility. (Note however. These deferred updates are then automatically applied during the next system restart. Inc. it is necessary to restart the Sun Update Manager application. All Rights Reserved. All network traffic between Sun Update Connection and internal systems then passes through the Sun Update Connection Proxy to help protect internal systems from outside security threats and to aggregate requests from clients to the Sun Update Connection. If you do not want to connect your systems directly to Sun Update Connection over the Internet. While it is safe to use both interfaces at different times. Sun Update Connection offers a local proxy server that can be installed and configured within the your secure environment. 6-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. Note – Good update management practices dictate that you should not attempt to use both Sun Update Manager GUI and the smpatch CLI at the same time. It is not the second mode. Revision A . Sun Update Connection Proxy acts as a gateway between locally managed systems and the Sun Update Connection. If this situation does occur. Caching Patches With Sun Update Connection Proxy Using a proxy is a variation of the first mode being discussed now.Introducing the Sun Update Connection Commands from the smpatch CLI can also be embedded in shell scripts that address multiple different system in order to increase efficiency by executing a series of system updates in serial fashion. This approach can dramatically reduce the amount of data traffic between the customer site and the Sun Update Connection. using them together can result in synchronization issues wherein data for Sun Update Manager data can become stale. Client systems can be configured to use the Proxy as their patch source so that all of their requests for patches and patch metadata are directed to the Sun Update Connection Proxy. All Rights Reserved. Sun Update Manager can be redirected to look for updates on the proxy server rather than looking to Sun Update Connection as the source for updates. This not only helps to reduce outside network traffic. Once a patch or the current patch metadata is present in the proxy cache. it does so. Customer Business Applications and Infrastructure Customer Firewall Sun Update Manager Client or smpatch CLI System A Sun Update Connection Sun Update Connection Proxy Sun Update Manager Client or smpatch CLI System B Sun Update Manager Client or smpatch CLI System C Figure 6-3 Sun Update Connection Proxy The Sun Update Connection Proxy is a caching proxy server that acts as an intermediary between Sun Update Connection client systems and the Sun Update Connection servers. The Sun Update Connection Proxy software itself is available as a Solaris 10 patch and can be downloaded from Sun Update Connection or from SunSolve. If the proxy can satisfy a request from data stored in its local cache. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Inc. and then responds to the original client request. this data can be accessed by many local clients. but can also help reduce the average time required to apply patches. stores it in its cache for future references. Revision A 6-15 . it retrieves the requested patch.Introducing the Sun Update Connection Figure 6-3 shows a Sun Update Connection proxy in use. If it doesn't have the requested patch in its cache. Enterprise Services. After installing the Sun Update Connection Proxy. metadata.sun. Revision A .Managing Remotely with Sun Update Connection Hosted Web Application If you need to manage software updates across several systems in a workgroup environment.Introducing the Sun Update Connection When using Sun Update Connection Proxy. and analysis modules. Enterprise Services.com/ to manage patches for all registered systems. Sun Update Manager operates the same way that was discussed earlier except that it now uses a different location as the source for retrieving patches. The metadata stored on the Sun Update Connection Proxy is synchronized with Sun Update Connection so that host systems are always accessing an up-to-date copy of the metadata. the Sun Update Connection offers a Sun-hosted web-based update management service. All Rights Reserved. Mode 2 . 6-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. You can register one or more of your Solaris 10 systems with this hosted service. and then simply point your Web browser to http://updates. Inc. This metadata is transferred to local systems whenever Sun Update Manager is used to perform an analysis on the host system. The Hosted Web application enables a system administrator to remotely manage updates for a number of systems under his or her control. It is a bit involved to cover here in this overview section. What is covered by a service plan and what is available without a plan is discussed later in the module.Introducing the Sun Update Connection Figure 6-4 shows placement and use of the Hosted Web application. Enterprise Services. The same client software that powers the Sun Update Manager and the smpatch command is also at the core of this hosted service. Customer Business Applications and Infrastructure Customer Firewall Sun Update Connection Web Browser IT Manager/Sysadmin Hosted Web Application System A System B System C Figure 6-4 The Sun Update Connection Web Hosted Application The Sun Update Connection Hosted Web application includes all the features of Sun Update Manager plus the ability to manage many systems using commands that address multiple systems in a single operation. All Rights Reserved. Revision A 6-17 . Inc. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. The Sun Update Connection Hosted web application is available to all Solaris 10 systems covered under a service plan. but also can simplify change management by helping to maintain consistent OS and patch levels across a group of related systems. you can drill down to see which updates are needed for a specific system. pending tasks.sun. you can simply select several systems as targets for the same update. or the update history for specific systems. In the systemcentric view. Enterprise Services. The Sun Update Connection hosted web application also allows you to manage with a system-centric view or a patch-centric view. Use the following URL in a browser to connect with the Sun Update Manager Host Web application: http://updates. you can select a patch and see which of the systems being managed have a need for that particular patch. In the patch-centric view. The hosted web application monitors and evaluates all registered systems for necessary updates. Then. Inc. Revision A . with a single click. All Rights Reserved. It performs the analysis work in the background so that you can focus on other tasks. the patch can be deployed to all affected systems. Rather than analyzing and updating each system individually. When it’s time to take action.com/ 6-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Introducing the Sun Update Connection The hosted web application provides greater efficiency by allowing you to view update status across many systems and apply updates to multiple machines with a single command. or to review detailed information about the available updates. This not only saves time. you can then use the Web-based portal to apply specific updates. Revision A 6-19 . All Rights Reserved. Figure 6-5 Sun Update Connection Hosted Web Application Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Inc.Introducing the Sun Update Connection Figure 6-5 shows an example screen of the hosted web application. Enterprise Services. be sure to cover the same points that this paper tour discusses. If you are teaching an LVC. Establishing a Sun Online Account A Sun Online Account is required for using the Sun Update Connection services regardless of the mode of connection you choose.sun. All Rights Reserved. Online Support Center (OSC).com/ and click on the My Sun link. Revision A . If you decide to do this. you may want to engage a student by selecting one to drive the demo with your direction. Inc.Using Sun Update Manager Using Sun Update Manager This section presents a simple tour of using the Sun Update Manager. or SunStore. 6-20 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Without one you will get security and hardware driver updates only. SunSolve. Obtain a subscription key associated with that plan for use later when you install and register systems for Sun Update Connection functionality. This section presents a simple tour through some of the screens and tasks you perform using the Sun Update Manager. Obtain a Sun Service Plan (Optional) A Sun Service Plan is optional. Start at: http://www. If your environment permits you may choose to do a live demonstration of the tool on your own. There is no charge for establishing such an account. Note – You might already have a Sun Online Account if you registered for an account with programs such as Java Developer Connection. MySun. From there you can create a new account. If you want all the other updates available contact your Sun Service Representative and subscribe to an appropriate service plan. Enterprise Services. the Sun Update Connection client software will be an integral component of the Solaris distribution and will not need to be installed separately.0. For a system installed with the Solaris 10 OS.The Sun Update Connection client software distribution comes bundled with an installer program that can then be used to the install the client software.4 and that any patches that these depend on will also be applied. click on the Java Desktop notification icon or use the following command to start it: # /usr/bin/updatemanager Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. SunSolve as a patch. Revision A 6-21 . Inc.Using Sun Update Manager Downloading and Installing the Sun Update Connection Client Software If you are running a version of the Solaris OS that precedes the Solaris 10 1/06 release. you will most likely need to download and install the Sun Update Connection client software. you can get the client from: ● The Sun Download Center . Alternatively. All Rights Reserved.0.4) software for SPARC systems can be downloaded and installed as follows: # smpatch update -i 121118-05 Use the following command for x86 based systems: # smpatch update -i 12119-05 Remind students that these patch numbers will change for clients later than 1. Enterprise Services. ● Starting Sun Update Manager For the First Time Once the Sun Update Manager client is installed on the system to be managed. Beginning with the Solaris 10 1/06 Release. the Sun Update Connection client (1. Using Sun Update Manager After a few moments. 6-22 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. Enterprise Services. All Rights Reserved. while the client loads system information. Revision A . Figure 6-6 Sun Update Manager’s Welcome Registering Systems Only systems that have been registered with Sun Update Manager can be managed remotely by the Sun Update Connection services. the Registration Wizard’s welcome screen displays as shown in Figure 6-6. All Rights Reserved. Figure 6-7 Sun Update Manager’s Step 1 of 3 Screen From this Step 1 screen you can do any of the following tasks: ● Configure the system to retrieve updates from a local source. Inc. ● Configure network proxy settings If you are connecting this system directly to the Sun Update Connection servers without using an in-house proxy. you may need to configure this Sun Update Manager client to use a proxy to access the Internet. Enterprise Services. This option is used to connect this system to a Sun Update Connection proxy as shown in Figure 6-3. Revision A 6-23 . Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems.Using Sun Update Manager After you click the Register to Manage Updates button you will see the first screen which is shown in Figure 6-7. You should have that proxy server installed and configured before exercising this option for a connection. All Rights Reserved. The screen show in Figure 6-8 will display. Inc. for example. fill in the username and password and click Next. Revision A . this option can be done to connect to Sun for setting up this free account. Enterprise Services. Assuming you have already established a Sun Online Account. The Sun Update Connection Manager has the same requirement as a browser accessing the Internet through a company firewall. ● Create a Sun Online Account If you have already done so. Figure 6-8 Sun Update Manager’s Step 2 of 3 6-24 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Using Sun Update Manager Explain that this proxy setting is different than the one discussed in the prior bullet. This one is more analogous to how you set a proxy in a browser. Revision A 6-25 .) If you click the links for either of the demonstrations your browser will be sent to the main Sun Microsystems web site for animations. After reading and accepting the service level agreement. You can also purchase one from this screen or do this later. click Next. The screen shown in Figure 6-9 will display. Inc. (You can also override this filled in value to register an alias name for your system. Sun Update Connection Services will then know your system by that alias. Its name is filled in by default. All Rights Reserved. chose to procede without one. Enterprise Services. Figure 6-9 Sun Update Manager’s Step 3 of 3 This step 3 of 3 screen is where you register your local system.Using Sun Update Manager Entering a Sun Subscription Key On the Registration Wizard’s screen 2 of 3 you either enter your Sun Subscription Key or. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. 6-26 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . Enterprise Services. The screen shown in Figure 6-10 might display. Inc. You can click the link to configure a proxy or decide that you will use the services of an internal installed Sun Update Connection Proxy and therefore not need a proxy setting for the Sun Update Manager client. it didn’t have the necessary proxy information to pass through a corporate firewall. Figure 6-10 Sun Update Manager Showing Internet Connection Failure Configure a Network Proxy This failure message displays in this case because when the Sun Update Manager client attempted to send system information out to the Internet to the Sun Update Connection services web site. All Rights Reserved.Using Sun Update Manager Select the option to manage your local system using remote Sun Update Connection services and click the Finish button. Using Sun Update Manager For this example. All Rights Reserved. we will need to configure a proxy for the local Sun Update Manager client to use for access to the Internet. the screeen shown in Figure 6-11 displays. If proxy authentication is needed. click the Finish button. fill in the proxy hostname or IP address and the port. After that link is clicked. Revision A 6-27 . Figure 6-11 Sun Update Manager .Configuring a Network Proxy Place a checkmark at Enable Network Proxy. fill in that information and then click OK. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Again. Enterprise Services. You will be returned to the previous screen 3 of 3 (Figure 6-9). Inc. 6-28 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. you will see the screen shown in Figure 6-12. Enterprise Services. All Rights Reserved. Revision A . Inc.Using Sun Update Manager After a storing system information progress bar finishes. Figure 6-12 Sun Update Manager .Registration Complete After registration of your local system completes you can either close the window and start management of your system using the Sun Update Manager or use the link to launch Sun Update Services which would launch a browser and direct you to the Sun Update Connection Hosted Web application for management of all your registered systems. Enterprise Services.Using Sun Update Manager In this example scenario you close the registration complete window and use the Sun Update Manager client application for update management. All Rights Reserved. Inc. That interface looks like that shown in Figure 6-13. You can use this GUI to perform the following tasks: ● ● ● ● Analyze your system Apply updates you select Remove updates Configure your update management environment Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Revision A 6-29 . Figure 6-13 Sun Update Manager Showing Available Updates This is the main window from which you manage updates for your local system. an icon will alert you when new updates are available. When you single click an update entry the bottom panel displays typical information about that update including ID. Figure 6-14 Sun Update Manager’s Available Updates Listing You can always use the Check for Updates button to check for available updates at anytime. For such updates you need to read the update’s readme file for instructions required for a manual installation. size.Installing Updates With the Sun Update Manager Installing Updates With the Sun Update Manager Updates for the registered system on which the Sun Update Manager is launched will appear on the Available Updates tab and is shown in Figure 6-14. Revision A . If you are using the Java Desktop environment. Inc. the x86 version patch number. Updates in this state (after download but before install) will appear in the Updates Available tab of the Sun Update Manager with a dash (-) in the first column. Updates marked with the Restart Required icon will also not install after pressing the Install Item button. and so on. patches obsoleted or in conflict with the update. They will download but will be installed only on the next system restart. Entries marked with the Download Only icon will not automatically install after you click the Install Item Now Button. All Rights Reserved. Enterprise Services. a list of files in the update. the bugs addressed. 6-30 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. the update(s) downloaded and. Inc. those able to be installed will be installed.Installing Updates With the Sun Update Manager After you click checkmarks next to the updates of interest. they also will be downloaded and installed.Installed Updates From this screen you can select an updates that you want to uninstall. The screen in Figure 6-15 shows the Installed Updates tab of the Sun Update Manager. Revision A 6-31 . An analysis of your system will be performed. the Uninstall Selected Update button becomes available for use. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Figure 6-15 Sun Update Manager . click the Install Item Now to download and install. If an update has dependencies on other updates. A notice will display with the status of the operation when it completes. Once you do so. Enterprise Services. Directory where updates will be downloaded. IP address and authentication details. (Default is /var/sadm/spool. All Rights Reserved. The Sun Update Manager Client’s network proxy hostname. Inc.) Backout data directory setting (used during update backouts). like a CD or a local Sun Update Manager Proxy you have established). patches beyond security and hardware driver updates.) Enabling daily automatic update analysis (as a background task).) From the file menu you can also launch a browser for update management using the Sun Update Connection web application. Enabling the new update available notification icon for your Java Desktop. The following preferences and configurations can be accomplished in these Preferences dialogues: ● Update the source of your updates (either from a Sun Source or from a local source. 6-32 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services.Setting Sun Update Manager Client Preferences Setting Sun Update Manager Client Preferences A Preferences submenu is available from the File menu. (Not available for CDE. (You use your Sun Online Account credentials to do this. The next section looks at setting up a Sun Update Manager Proxy for more efficient management of a number of systems. This is recommended. ● ● ● ● ● From the file menu you can also purchase a subscription and receive a Subscription Key for access to. So far we have been managing updates to a local system using a locally installed Sun Update Manager client. Revision A . and management of. the client system must be registered. for example). Enterprise Services.0 software installed. Inc.sun. By using a Sun Update Connection Proxy on your intranet. Installing and Initially Configuring the Sun Update Connection Proxy The Sun Update Connection Proxy is an optional feature that you can obtain at no charge if you have a Sun Service Plan. you can serve updates to your local systems and minimize the Internet traffic between your systems and the Sun update server.0 software and the Sun Patch Manager 2. Note – The system that you choose to act as the Sun Update Connection Proxy must be running at least Solaris 10 and have at least the Developer Solaris Software Group installed. This type of proxy caches any updates that are downloaded from its update source. All Rights Reserved. This system must also have the Sun Update Manager 1. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. If. You must register the system that acts as the proxy. go to Solaris Operating System Software Support at http://www. Obtaining.0 software.Sun Update Connection Proxy Sun Update Connection Proxy The Sun Update Connection Proxy was previously called local patch server. you do not need to register the client system.com/service/support/software/solaris/ and select the appropriate level of service. Revision A 6-33 . This proxy supports client systems that use the Sun Update Connection 1. You do not need to stock your proxy with updates before you use it. For information about obtaining a Sun Service Plan. your client system is also remotely managed directly by the Sun Update Connection services (in the context of the web application or its own local Sun Update Manager client software. however. Registration If you locally manage a system that is a client of a Sun Update Connection Proxy on your intranet. The Sun Update Connection Proxy obtains updates from its source of updates on a per-request basis. type the following command.sun. specifying the server name and port (3816) of the upstream proxy: # patchsvr setup -p http://server-name:port/solaris/ To specify the Sun update server. which is the default. 6-34 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. you can use this manager to obtain and install the update which is the Sun Update Connection Proxy. type the following command: # patchsvr setup -p https://getupdates. only the most upstream one typically needs to have its network proxy configured since it is the only one that would need access to the Internet to reach the Sun update server. add them before continuing. You can change it to another source if your update strategy requires it. Setting a Network Proxy (Optional) Set the network proxy for the Sun Update Connection Proxy by typing the following command with your specific network proxy and port information: # patchsvr setup -x network_proxy:port Setting a Source of Updates By default the update source for the Sun Update Connection Proxy is the Sun update server. To specify the next update server in a chain of Sun Update Connection Proxies. you can implement a chain of proxies.Sun Update Connection Proxy If you already have a service plan and the Sun Update Manager client installed.com/solaris/ Remind students that in an implementation of chained proxies. Inc. Enterprise Services. Use the following command to verify that required packages are on your system: # pkginfo | grep SUNWpsvr system SUNWpsvrr system SUNWpsvru Patch Server Deployment (Root) Patch Server Deployment (Usr) If these packages are not installed. each one using another earlier in the chain as its source. All Rights Reserved. Revision A . For example. Enterprise Services. All Rights Reserved. Revision A 6-35 .Sun Update Connection Proxy Starting the Proxy Service The following command will start the proxy server: # patchsvr start The following command will configure the proxy server to start on subsequent system boots: # patchsvr enable Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Inc. Configuring Clients to Use the Sun Update Connection Proxy Configuring Clients to Use the Sun Update Connection Proxy Client systems that connect to a Sun Update Connection Proxy run the Sun Update Manager client software configured to receive updates from the proxy. All Rights Reserved. using the updates stored on the proxy. Enterprise Services. Client systems only need to be registered with the Sun Update Connection Services if they will also be managed by those services using the Sun Update Connection web applications or a locally installed Sun Update Manager client. This will be the case for the short scenario which follows. registered and configured to reach the Sun update server (via a network proxy setting) on another system and it already has retrieve a store of update information. they do not need to be registered. If they will only be managed locally. Inc. click the link labelled. Provide this context for the students. The assumption is that the Sun Update Connection Proxy has already be setup up. 6-36 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Refer students to Figure 6-3 and Figure 6-4 to help explain this. click the Apply Updates Manually button (Figure 6-6). The Registration Wizard screen 1 of 3 will display (Figure 6-7). Install and start the Sun Update Manager on the client by typing the following command: # /usr/bin/updatemanager When the Registration Wizard Welcome screen displays. Revision A . Set up the Sun Update Manager Service. On the Apply Updates Manually screen. ” The screen shown in Figure 6-16 will display prompting you for the URL of that update source. proxy-hostname. Management of the client can begin at that point. Revision A 6-37 . The Sun Update Manager will then automatically analyze the client system. Inc. Figure 6-16 Sun Update Manager . contact the proxy. “Configure the system to retrieve updates from a local source. All Rights Reserved.Use a Local Source for Updates Supply a URL like the following using your specific proxy host name: http://proxy-hostname:3816/solaris/ Tell students that they just supply the shown should be used. and retrieve a list of the available updates appropriate for the client. Enterprise Services. No different than what was discussed earlier in the module.Configuring Clients to Use the Sun Update Connection Proxy On the Registration Wizard screen 1 of 3. click the link labelled. The port number and solaris directory name Click the Finish button at the bottom of the screen. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. or security updates that have been bundled into a single archive for easy downloading and installation. It is possible to use one tool for some tasks. maintenance updates were also available. This collection replaces existing files and directories that prevent proper execution of the software.Patch Admininstration From the Command Line (CLI) Patch Admininstration From the Command Line (CLI) The new terminology for patches is updates. Throughout this module the terms are used interchangably. It is the simultaneous use and latency in each tool’s updated knowledge of system state that can be problematic. recommended. changes made by smpatch and patchadd might not be reflected correctly in Update Manager.com/software/solaris/solaris-express/ 6-38 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. A Solaris OS update types include: ● Standard updates – Updates that fix specific problems with the Solaris OS and other Sun hardware and software products. See the following URL for details about the Solaris Express program: http://www. All Rights Reserved. Recommended patches – Solaris OS updates that fix problems that might occur on a large percentage of systems. Some updates contain product enhancements. and then startup another to do other tasks. These were sets of patches that had been tested together and packaged for one-step installation. Maintenance updates were available to service contract customers. and the patchadd command simultaneously to manage updates on your system. Such updates to the Solaris OS are free for download and are available on a monthly schedule. the smpatch command. Enterprise Services. Update clusters – A group of standard. Note – Do not use the Sun Update Manager GUI. While the Update Manager GUI is running. Revision A . Maintainance updates are now replaced by the Solaris OS distributions of the Solaris Express Program.sun. ● ● Note – In previous versions of the Solaris OS. finish with that tool. An update (previously known as a patch) contains a collection of files and directories. Inc. Note – Not all updates available from Sun Microsystems must be installed. for example. Prior to the Solaris 9 OS updates were in zip format. 10505001. The number assigned to an update includes the update base code first.zip. All Rights Reserved. indicates that 105050 is the base code and 01 is the revision number. Enterprise Services. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. a hyphen. and those required to fix problems specific to your site. Now they are in jar format. security updates. and a number that represents the update revision number. an update directory named 105050-01.jar. For example. 105050-01. for example. Inc.Patch Admininstration From the Command Line (CLI) An update is distributed as a directory that is identified by a unique number. Only install the recommended updates. Revision A 6-39 . still work (and is actually called by smpatch) but have students get into the habit of using the smpatch command. Enterprise Services. 3. Starting with the Solaris 9 OS. analyzing your system downloading the necesssary updates applying the updates You can exercise as much control of the phases as need: ● The smpatch update command will perform all three functions using one command. Tell students that the remote mode. smpatch runs in local mode. Other older commands. 6-40 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. remote mode is used. like patchadd. They should use local mode only moving forward. ● Remote mode can be used to perform tasks on remote systems. Inc. Typically the -n system_name option is added to smpatch commands to run them on remote systems By default. This mode can be run while the system is in single-user or multiuser mode. Revision A . Phases for Applying Updates The full sequence for applying an update involves these phases or steps: 1. In Solaris 8 only local mode smpatch is available. while supported in S9 and the original S10 Patch Manager is not supported with Sun Update Connection services.local mode and remote mode: ● Local mode can only be run on the local system. 2. the smpatch command was available in two modes .Using the smpatch Command Using the smpatch Command The smpatch command (and its subcommands) are the preferred commands to use now for update/patch management using the CLI. If you specify any of the remote or authentication options (except for -L). The S9 and original S10 version of Patch Manager optionally operated in remote mode using the CIM/WBEM service but the Update Connection client does not support this mode of operation. In local mode none of the authentication options or options that refer to remote systems are available. (It will not download or apply them. Inc. The smpatch analyze command requires multiuser mode. Enterprise Services. You can then look in the plist file for updates involving devfsadm. Revision A 6-41 . The smpatch add command will not consult the update policy. first use the smpatch analyze command followed by the smpatch update command.Using the smpatch Command This command requires multiuser mode and will not apply an update that has the interactive property set. Example Commands Applying an Update In Three Steps Using the three commands allows greater control and flexibility when applying a patch.10: sysidtool Patch 119252-09 SunOS 5. ● The smpatch analyze and smpatch update commands will perform all three fuctions using two commands. Properties and update policy will be discussed later. available updates for it. The application of updates will be governed by the update policy. ● The smpatch analyze. If you want to first analyze your system and then download and apply them in a single subsequent step.10: System Administration Applications Patch Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. The smpatch update command will also download any prerequisite patches. The smpatch add command can be used in single user mode or multiuser mode. # smpatch analyze > plist # vi plist 120199-04 SunOS 5. first use the smpatch analyze command followed by the smpatch download command followed by the smpatch add command.) The command will write the list to the file plist. download the updates and add them to your system in three separate steps. All Rights Reserved. and smpatch add commands will perform all three fuctions using three commands. smpatch download. 1. Assume that you want to have the latest update(s) for the devfsadm command. If you want to analyze your system. The following command will analyze your local system and determine the appropriate. Enterprise Services. All Rights Reserved.Using the smpatch Command . Revision A . 6-42 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.10: devfsadm patch 119685-05 SunOS 5. Inc. 119984-03 SunOS 5..10: svc...10: wanboot patch 121268-01 SunOS 5.10: tmpfs patch .startd patch 119681-06 SunOS 5.. sun. By default. The update has been downloaded to the downloaded area and validated. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. The following commands show the update has been downloaded as the *.Percentage@57ae58 119984-03 has been validated. 2.util.. they also would have been downloaded. All Rights Reserved. The following command will download (but not apply) the new update for the devfsadm command: # smpatch download -i 119984-03 com. ls 119984-03.Using the smpatch Command The patchadd -p command shows what updates have been applied to the system. Inc. Revision A 6-43 .jar ..download. Use it to verify that the devfsadm update you found in the plist file isn’t already on the system: # patchadd -p | grep 119984 Patch: 119984-01 Obsoletes: Requires: Incompatibles: Packages: SUNWcsu There is an ealier version of this update on the system but not the newly available -03 version. The following example shows that the default is still in effect. If it had been changed from the default. it would have appeared in the second column of the output shown above where a hyphen now appears. this directory is /var/sadm/spool. # smpatch get | grep download patchpro. Apply or install this update using the following smpatch add command: # smpatch add -i 119984-03 add patch 119984-03 Validating patches. Note – You can still use the showrev -p command to accomplish the same thing and it executes more quickly.jar file: # cd /var/sadm/spool .patchpro.. Just point out that if the default location had been changed..directory /var/sadm/spool The will a more complete treatment of properties later in the module. Remind students that if this update had an prerequisite updates. Enterprise Services. you could query the system with the smpatch get command to learn the new value. 3. The following command does this for the update just applied: # smpatch remove -i 119984-03 remove patch 119984-03 Transition old-style patching. Done! Loading patches requested to install.Using the smpatch Command Loading patches installed on the system. Revision A . Done! Approved patches will be installed in this order: 119984-03 Patch 119984-03 has been successfully installed.. Patch 119984-03 has been backed out. Verify that the patch is installed on your system using this command: # patchadd -p | grep 119984-03 Patch: 119984-03 Obsoletes: Requires: Incompatibles: Packages: SUNWcsu A subsequent analysis of this system will no longer show this update as appropriate: # smpatch analyze | grep 119984-03 # An update is easily removed (backed out).. All Rights Reserved. For example this FMA (Fault Management Architecture) recommended update can be applied to the system with this command: 6-44 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. An analysis now shows that this update is once again appropriate and available for this system: # smpatch analyze | grep 119984-03 119984-03 SunOS 5. Done! Checking patches that you specified for installation. Enterprise Services.10: devfsadm patch Applying an Update In One Step Use the smpatch update to analyze your system. The former does not consult the update policy This will be examined more thoroughly later in the module. Tell students that after the installation and after the remove the patch itself remains in the spool area. download and apply the update in one step. Remind the students that smpatch add behaves differently than the smpatch update command. Percentage@775121 119578-15 has been validated..util. Enterprise Services. Installing patches from /var/sadm/spool. Inc.txt Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems.02.. /var/sadm/spool/patchpro_dnld_2006.14@13:48:56:MST.patchpro. Revision A 6-45 .sun. All Rights Reserved.02. 119578-15 has been applied.Using the smpatch Command # smpatch update -i 119578-15 com.txt has been moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2006.14@13:48:56:MST. smpatch unset enables the default values for environment parameters ● ● Use the following command to display the current environment parameter values: # smpatch get patchpro.com/solaris/ patchpro.directory /var/sadm/spool patchpro.sun.backout.Configuring the Patch Management Environment Configuring the Patch Management Environment The smpatch get.com:3816/solaris/ # smpatch get patchpro. On this particular system (and earlier in the module).apex.1:3816/solaris/ https://getupdates. (This is typically what you would do to direct your local client to a new update proxy server. All Rights Reserved.source http://192.proxy. Explain that the first column is the environment parameter or property.source=http://newproxy.backout. The new values are not validated in anyway so verify the intended changes. The following smpatch set and get commands will set a new value for the update source.user "" Note – The smpatch(1M) man page contains a detailed description of the environment parameters.passwd **** **** patchpro. smpatch set and smpatch unset commands are used to configure the patch management environment: ● smpatch get displays the current settings for environment parameters smpatch set changes values for environment parameters.patch.patch.proxy.directory "" 6-46 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services.host "" patchpro. the second column contains values changed by the smpatch set command and the third column is the default value for that parameter.patchset current patchpro. In the above output the patchpro.com/solaris/.168.directory "" patchpro. If you are teaching an LVC.) Display a system for all students to see and display the smpatch man page for a description of the environment parameters.) # smpatch set patchpro.sun. Revision A .proxy.download.source parameter has been changed from its default of https://getupdates.port 8080 patchpro.201. the Sun Update Manager was used to set this value to a Sun Update Manager Proxy.install.patch. engage a student to do this same thing as you discuss the parameters.types rebootafter:reconfigafter:standard patchpro.proxy. Inc. All Rights Reserved.patch.apex.download.install.Configuring the Patch Management Environment patchpro. Enterprise Services. Revision A 6-47 .source # smpatch get patchpro.patchset current patchpro.com/solaris/ patchpro.proxy.patchset=recommended # smpatch analyze Using the Update Policy for Applying Updates The patchpro.patch.passwd **** **** patchpro.download.proxy.directory /var/sadm/spool patchpro.port 8080 patchpro.com/solaris/ patchpro.proxy.proxy.proxy.user "" You can also set the source of updates to a local or remote directory as the following examples illustrate: # smpatch set patchpro.patch.types rebootafter:reconfigafter:standard patchpro. When you apply patches using the smpatch update command the update policy is consulted before an update is actually applied.patch.port 8080 patchpro. For example.passwd **** **** patchpro. the following commands will result in an analysis only on recommended updates: # smpatch set patchpro.sun.directory "" patchpro.user "" You can configure an update set which defines a subset of updates that commands will work with.com:3816/solaris/ https://getupdates.source=file:/cdrom/cdrom0 The following command sets the patchpro.proxy.host "" patchpro.proxy.source parameter back to the default value: # smpatch unset patchpro.source=file:/net/sys-04/export/updates # smpatch set patchpro.directory /var/sadm/spool patchpro.source=file:/local/updates # smpatch set patchpro.proxy. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems.patchset current patchpro.install.types rebootafter:reconfigafter:standard patchpro. Inc.types property defines the update policy in effect for the update management environment.sun.patch.backout.patch.source http://newproxy.install.host "" patchpro.source https://getupdates.patch. A default.Configuring the Patch Management Environment The following are the types of updates that are applied to the system: ● Standard updates that are applied immediately and require no system restart Updates that require a system restart Updates that must be manually applied ● ● If you use the smpatch update command to update your system. types value standard Sun Update Manager GUI Icon Standard Description A default. System becomes unstable (unpredictable behavior or possible data loss) until system reconfiguration reboot (boot -r).install. Table 6-1 Install Type Parameter Values and Sun Update Manager GUI Icons patchpro. install.install. All Rights Reserved. the effects of the update are visible after the affected application is restarted. A default. Revision A . you can customize the policy for applying updates using the patchpro. Can be applied in multiuser mode and visible immediately unless the application being updated is running while the update is applied. Inc. See the boot(1M) man page. rebootafter reconfigafter rebootimmediate reconfigimmediate Restart Required Restart Required Restart Required Restart Required 6-48 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. However. Effects not visible until system reboot. Effects not visible until a reconfiguration reboot (boot -r).types parameter. you get the benefit of the guidelines established by update/patch developers in how best to apply the update. It also describes the value and if it is part of the default update policy. Table 6-1 shows the correspondence between the patchpro. In this case. Enterprise Services.types parameter values and the Sun Update Manager icons shown on the Available Updates tab in the GUI. Be sure students understand the ramifications and responsibilities associated with customizing the default policy. System becomes unstable (unpredictable behavior or possible data loss) until system reboot. Enterprise Services. All Rights Reserved.Configuring the Patch Management Environment Table 6-1 Install Type Parameter Values and Sun Update Manager GUI Icons patchpro. Inc. interactive Download Only Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. install. Only downloaded to your system and must be applied manually according to the instructions in the update’s README file. types value singleuser Sun Update Manager GUI Icon Restart Required Description Do not apply this update in multiuser mode. Revision A 6-49 . You must apply this update on a quiet system with no network traffic and with extremely restricted I/O activity. install.0" PATCHID=119578-15 PATCH_CORRECTS='BaseOS.install. The PATCH_PROPERTIES values are the install types for the update.10' PATCH_ARCH='sparc' PATCH_OS='SunOS' PATCH_OSRELEASE='5. Revision A .Configuring the Patch Management Environment The default value for this parameter is shown with this smpatch get command: # smpatch get patchpro. Inc.SolarisFaultMgmt-5. the smpatch add command will be used to see the potential danger of not consulting the policy.types rebootafter:reconfigafter:standard Per Update Policy Value Each update has properties associated with it. which consults the update policy. The update policy permitted this update to be applied at that time. You can learn these values with the following command sequence if the update is downloaded in the spool area of your system: # cd /var/sadm/spool # jar xvf 119578-15. otherwise you might miss an important patch property such as immediate reboot or a prerequisite patch. Example of Using the Update Policy It is good practice to always use the Update Policy when adding patches. 6-50 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.jar 119578-15/patchinfo inflated: 119578-15/patchinfo # cat 119578-15/patchinfo PATCHINFOVERSION="1.10 BaseOS.10' PATCH_PROPERTIES='rebootafter clientroot clientusr' PATCH_OBSOLETES="119330-01 119331-01 119559-01 119576-01 120635-02" Remind students that the above example was for the FMA patch applied with the smpatch update command earlier in the module. Will the effects of this update be visible immediately? The patchinfo file is included in the collection of files in an update. All Rights Reserved. Explain to the students that before using the smpatch update command. Enterprise Services.types patchpro. It contains more metadata than just the PATCH_PROPERTIES value.SolarisCore-5. Done! Loading patches requested to install. Apply the patch using the smpatch add command: # smpatch add -i 119681-06 add patch 119681-06 . Done! Checking patches that you specified for installation. Loading patches installed on the system.. Validating patches. Enterprise Services. Be sure to point out that this update has been applied. the newer wanboot update: # smpatch download -i 119681-06 119681-06 has been validated.10: wanboot patch Determine if any prior versions of the wanboot update are already on the system: # patchadd -p | grep 119681 Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr Only the earlier 05 version of this update is already installed. it has been installed.Configuring the Patch Management Environment Not Using the smpatch update command Analyze your system and learn if any updates involving wanboot are appropriate and available: # smpatch analyze | grep wanboot 119681-06 SunOS 5. Verify that the patch is installed on your system: # patchadd -p | grep 119681 Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr Patch: 119681-06 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr Yes. Revision A 6-51 .. Done! Approved patches will be installed in this order: 119681-06 Patch 119681-06 has been successfully installed... Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. All Rights Reserved. Download. but do not apply. Inc... All Rights Reserved. In this case the warning to immediately reboot implies that the PATCH_PROPERTIES value for install type is either reconfigimmediate or rebootimmediate.txt # cat *. When a requested patch has prerequisite patches. It is no longer listed as available/appropriate since it is already installed on the system.txt and other readme files often contain important information. 6-52 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. To properly patch your system. Inc.txt This patch bundle was generated by PatchPro.Configuring the Patch Management Environment A subsequent analysis of this system will no longer show this update as appropriate: # smpatch analyze | grep 11968-06 # Makes sense. the following patches should be installed in the listed order: 1) 119681-06 !!! IMMEDIATE REBOOT !!! The *.02.jar 119681-06/patchinfo inflated: 119681-06/patchinfo # grep PROP 119681-06/patchinfo PATCH_PROPERTIES='reconfigimmediate clientroot' Impress upon the students that using the smpatch add command implies the responsibility of reading the information that is included with the update. ls 119681-06. Please refer to the README file within each patch for installation instructions.jar cache patchpro_dnld_2006. The following commmand sequence will display the install type value for this update: # cd /var/sadm/spool # jar xvf 119681-06. the order for applying them is also in this file. A reconfiguration reboot (boot -r) should be done on this system to render it stable again. Go to the download spool area and see what information there is about this update: # cd /var/sadm/spool . Enterprise Services. Revision A .13@10:10:29:MST. Especially when you use the smpatch add command it is always a good practice to read information about the update. txt in the download spool area.patchpro.sun. you must use one of the following commands: o Power down the system . /var/sadm/spool/patchpro_dnld_2006.Configuring the Patch Management Environment Note – The /var/adm/messages file identifies problems that are found when applying a patch to a system. Inc. Installing patches from /var/sadm/spool.15@06:02:43:MST.15@06:02:43:MST.init 6 or shutdown -i 6 Recall that smpatch add command informs you about the required reboot in the *.txt has been moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2006.02. on the other hand. creates a disallowed_patch_list and gave instructions about the reboot.15@06:09:14:MST. NOTICE: Patch 119681-06 cannot be installed until the next system shutdown.02. displayed this to standard out.init 0 or shutdown -i 0 o Drop to the firmware prompt . Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems.02.util. download the update and apply it in one step. # smpatch update -i 119681-06 com. smpatch update.txt ID's of the updates that are disallowed by installation policy have been written to file /var/sadm/spool/disallowed_patch_list One or more updates that you installed requires a system shutdown to activate it. To initiate the system shutdown.init 5 or shutdown -i 5 o Restart the system . All Rights Reserved. Typically you attend to updates listed in this file manually. Updates that cannot be applied for some reason are listed in the disallowed_patch_list. It also provides safeguards that are not available with smpatch add because it consults the update policy. # cat /var/sadm/spool/disallowed_patch_list 119681-06 Part of the smpatch update command applies the updates..txt has been moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2006. The smpatch update command also is knowledgable about update dependencies and applies any dependencies for the updates you specify.02.txt /var/sadm/spool/patchpro_dnld_2006.Percentage@96ad7c 119681-06 has been validated.. Revision A 6-53 . Enterprise Services. Using the smpatch update Command The smpatch update command will analyze your system.15@06:09:14:MST. 10: wanboot patch Manually add the patch: # smpatch add -i 119681-06 Validating patches.us in patch 119681-06 differs from the package installed on the system. Verify that it is installed: # patchadd -p | grep 119681 Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr Patch: 119681-06 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr Analyze the system to show that it is no longer appropriate and available:: # smpatch analyze | grep wanboot # Since this update is marked as reconfigimmediate. # smpatch analyze | grep wanboot 119681-06 SunOS 5.. Loading patches installed on the system.v in patch 119681-06 differs from the package installed on the system.... reboot the system with the -r option: ok boot -r . Inc...Configuring the Patch Management Environment Verify that the only version of this update installed on the system is the prior version (05): # patchadd -p | grep 119681 Patch: 119681-05 Obsoletes: Requires: Incompatibles: Packages: SUNWcakr A subsequent analysis of the system still shows that this patch is available and still appropriate for this system. Done! Approved patches will be installed in this order: 119681-06 Patch 119681-06 has been successfully installed. It is in the spooled area awaiting installation and a system reboot. Done! Checking patches that you specified for installation. Architecture for package SUNWcakr from directory SUNWcakr. Done! Loading patches requested to install. All Rights Reserved. Enterprise Services. 6-54 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . Architecture for package SUNWcakr from directory SUNWcakr. Inc.Configuring the Patch Management Environment Remove this update’s entry in the disallowed_patch_list file so you know you are finished administering this update: # cat /var/sadm/spool/disallowed_patch_list # Be sure students understand the advantages of using smpatch update over the add commands: consultation of update policy and accommodation of update dependencies. All Rights Reserved. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Enterprise Services. Revision A 6-55 . list Edit my. Enterprise Services... Generate the full list of updates available and appropriate for your system: # smpatch analyze > my.list Apply the updates: # smpatch update -x -dlist=/tmp/justdothese.list . engage a student to display this page for the class.0 Administration Guide and go to page 15 (Update List Operations). Discuss these examples with the class. the list is augmented with patches on which they depend before the update occurs. If you are teaching an LVC. It also resolves the dependencies for the updates you want to apply. Analyze just the ones that are left and resolve dependencies: # smpatch analyze -x idlist=my. The following example shows how to create a list of patches that you actually want to apply from the larger list available and appropriate.list > /tmp/justdothese. Open the Sun Update Manager 1.list and remove the ones you are not interested in: # vi my.txt Display Acrobat Reader for all to see. Following are some examples: Multiple instances of the -i option are permitted if you just have a few updates to apply: # smpatch update -i 118927-02 -i 118822-15 -i 119681-06 A list of update IDs can be listing in a file. 6-56 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. one per line.Configuring the Patch Management Environment Working With Multiple Updates Many of the smpatch subcommands can be appied to multiple updates. and referenced using the -x idlist= option: # smpatch update -x idlist=/var/sadm/spool/disallowed_patch_list Note – If you specify particular patches by using the -i or -x idlist= options. Revision A . All Rights Reserved. Configuring the Patch Management Environment Working With Multiple Systems The -n and -x mlist= options can be used with the smpatch subcommands to extend functionality to managing updates on remote systems.txt file contains a list of systems. Note – Update sets or collections can also be established and the management environment configured to use them. The following command performs an analysis of a remote system called sys-02: sys-01> smpatch analyze -n sys-02 > sys-02.patchmgr. Enterprise Services. You can designate non root users for these tasks by having them assume a role that includes the Software Installation profile or the solaris.analysis. All Rights Reserved. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems.txt The following command can be used to add a couple of updates to sys02 and sys-03: sys-01> smpatch add -i 121693-02 -i 118822-25 -n sys-02 -n sys-03 If there are number of remote systems the -x mlist= option would be a more convenient way to add updates: sys-01> smpatch add -i 121693-02 -i 118822-25 -x mlist=/syslist.admin. Revision A 6-57 . See the smpatch(1M) man page for details. Authorization and Authentication The root user certainly can manage updates. one per line.* authorization. The following command shows a smpatch get command on the remote system sys-04 requiring assumption of the role (-r) called patchman: sys-01> smpatch get -r patchman -n sys-04 Note – This delegation feature is not possible with the Sun Update Manager GUI client application.txt The syslist. Inc. sun. Revision A . Enterprise Services.passwd Sun User Password: password Management commands then would require use of the -u (username) and -p (password) option.sun.Configuring the Patch Management Environment You can also require authentication for management tasks by establishing a username and password: # smpatch set patchpro. All Rights Reserved.) 6-58 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.user=user-name # smpatch set patchpro. Inc. (A prompt for a password would be invoked if the -p option were not on the command line. These files will contain important installation considerations. Decide on which method to use to install the cluster—the recommended default save option or the -nosave option. Often each package or patch included in the cluster has its own README file. Patch clusters are usually a set of recommended or security updates. You can remove individual patches that were installed by the patch cluster by using the patchrm command.Installing Patch Clusters Installing Patch Clusters A patch or update cluster provides a selected set of updates for a designated Solaris OS level and is conveniently wrapped for one-step installation. Change to the directory that contains the patch cluster (this is typically the top level directory extracted from the achive file). Revision A 6-59 . 3. Prior to installing the patches. All Rights Reserved. By default. Inc. You should not install cluster patches on systems with limited disk space. the cluster installation procedure saves the base objects being patched. Consult the cluster README file for details on this and other important requirements like if installation should be done in single-user mode. You can override the save feature by using the -nosave option when you are executing the cluster installation script. perform the following steps: 1. you will not be able to back out individual patches if the need arises. which contains information about the bundled set of patches. the cluster installation script first determines if enough system disk space is available to save the base packages and terminates if not enough space is available. The README file is located in the specific patch directory under the /var/sadm/spool directory after the patch has been installed. 2. To install a patch cluster. Enterprise Services. Read the CLUSTER_README file. If you use the -nosave option. Be sure the patch cluster has been unzipped and extracted. including: ● ● ● ● ● ● Cluster description Patches included Important notes and warnings Save and backout options Special install instructions Special patch circumstances Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Are you ready to continue with install? [y/n]: y Determining if sufficient save space exists... or /opt partitions where patches are typically installed. /var.. 118822-27.. Running out of disk space during installation may result in only partially loaded patches. Inc. each of which have their own README files. and 119578-16. # cd /var/sadm/spool/clusters/J2SE_Solaris_10_Recommended # ls 117461-08 119578-16 copyright patch_order 118822-27 CLUSTER_README install_cluster # ls -l 117461-08/*READ* 118822-27/*READ* 119578-16/*READ* -rw-r--r-1 root root 9333 Dec 8 10:31 117461-08/README. software packages already installed. All Rights Reserved. Check and be sure adequate disk space is available before continuing. The README file recommends running the script in singleuser mode.118822-27 -rw-r--r-1 root root 9730 Feb 13 12:51 119578-16/README. Run the install_cluster script. the J2SE_Solaris_10_Recommended cluster contains three update/patch components: 117461-08. # init S . The exact amount of space will depend on the machine's architecture. /usr. the patch installation process will still require some amount of disk space for installation and administrative tasks in the /. To be safe. continuing. it is not recommended that a patch cluster be installed on a system with less than 4 MBytes of available space in each of these partitions.119578-16 Tell students that in this example.117461-08 -rw-r--r-1 root root 85142 Feb 6 11:34 118822-27/README. 4.Installing Patch Clusters ● Any notices and other recommendations Also examine any individual README files that might have been included below the cluster update component packages. Installing patches located in patch_order file in /var/sadm/spool/clusters/J2SE_Solaris_10_Recommended 6-60 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services.. Sufficient save space exists./install_cluster Patch cluster install script for J2SE Solaris 10 Recommended Patch Cluster *WARNING* SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES: With or without using the save option.. and the difference in the patched objects size.. Revision A . # . 119331-01. 119576-01 . Enterprise Services... Installing 117461-08. 119719-01... Inc. 119559-01. Return code 0.. Revision A 6-61 . .. Installation of 119578-16 succeeded. Installing 118822-27. All Rights Reserved. Installation of 118822-27 succeeded. Return code 1... # more /var/sadm/install_data/J2SE_Solaris_10_Recommended_Patch_Cluster_log *** Install J2SE Solaris 10 Recommended Patch Cluster begins *** *** Thu Feb 16 09:10:49 MST 2006 *** *** PATCHDIR = /var/sadm/spool/clusters/J2SE_Solaris_10_Recommended *** Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. Refer to individual patch README files for more patch detail. 118550-04... # showrev -p | grep 118822-27 Patch: 118822-27 Obsoletes: 118548-01. Return code 0. As suggested by the install_cluster script output.Installing Patch Clusters Using /var/sadm/spool/clusters/J2SE_Solaris_10_Recommended/patch_order file for patch installation sequence Installing 119578-16. Installation of 117461-08 failed.... Reviewing the log provides information about why the updates listed above were not able to be installed. # showrev -p | grep 117461-08 Patch: 117461-08 Obsoletes: Requires: Incompatibles: Packages: . The showrev -p command shows that 117461-08 is installed but the the output from the install_cluster script said it didn’t install it. 5. Rebooting the system is usually necessary after installation. verify what installed: # showrev -p | grep 119578-16 Patch: 119578-16 Obsoletes: 119330-01. The following patches were able to be installed: 119578-16 118822-27 ERROR: The following patches were not able to be installed: 117461-08 For more installation messages refer to the installation logfile: /var/sadm/install_data/J2SE_Solaris_10_Recommended_Patch_Cluster_log Use '/usr/bin/showrev -p' to verify installed patch-ids. . Inc.Installing Patch Clusters Installing 119578-16... Revision A ... Installing patch packages....... Patch packages installed: FJSVhea FJSVpiclu ..... . Verifying sufficient filesystem capacity (dry run method). 6-62 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems..... Installing 117461-08... Re-enabling fmd(1M) Patch packages installed: FJSVfmd SUNWckr ... Executing prepatch script. Installing patch packages. Installing 118822-27.... Approved patches will be installed in this order: 119578-16 Checking installed patches. Approved patches will be installed in this order: 118822-27 Checking installed patches. Validating patches. Validating patches... Patch 118822-27 has been successfully installed. All Rights Reserved. See /var/sadm/patch/118822-27/log for details Executing postpatch script. Temporarily disabling fmd(1M) Verifying sufficient filesystem capacity (dry run method).. Patch 119578-16 has been successfully installed...... See /var/sadm/patch/119578-16/log for details Executing postpatch script. .. Enterprise Services.... Executing prepatch script. Installing Patch Clusters Validating patches... ... The following requested patches are already installed on the system Requested to install patch 117461-08 is already installed on the system. No patches to check dependency. Point out (bolded) that the log file tells us the reason why the install script did not install 117461-08 and the showrev -p command showed that it was installed. 6. 7. Revisit each individual update README file to determine if any additional steps are required to fully install any individual update. Reboot the system for all patches to take effect. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 6-63 Further Information Further Information Many other tasks can be learned by consulting docs.sun.com. Table 6-2 is brief listing of other tasks and their URLs on docs.sun.com. As time and interest permit, display a browser for all to see and visit some of these resources. If you are teaching an LVC, engage a student by selecting someone to do this. Table 6-2 Further Resources For Management Tasks Task How to download and apply an upddate manually How to Change the Policy for Applying Patches (Command Line) How to Import a Trusted Certificate to Your Package Keystore Patch Manager Troubleshooting URL http://docs.sun.com/app/docs/doc/8171985/6mhm8o620?a=view http://docs.sun.com/app/docs/doc/8171985/6mhm8o61k?a=view http://docs.sun.com/app/docs/doc/8171985/6mhm8o61u?a=view http://docs.sun.com/app/docs/doc/8171985/6mhm8o61o?a=view Also, if of interest, page 13 of 88 in the Sun Update Manager 1.0 Admin Guide contains a table comparing the Sun Update Manager and the smpatch commands. This and other documents are in the /opt/ses/docs directory, installed from the student bundle. 6-64 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Introducing the Sun Update Connection Hosted Web Application Introducing the Sun Update Connection Hosted Web Application The Sun Update Connection Hosted Web application is one way of implementing update management offered by the Sun Update Connections Services. Figure 6-4 shows placement and use of the Hosted Web application. Customer Business Applications and Infrastructure Customer Firewall Sun Update Connection Web Browser IT Manager/Sysadmin Hosted Web Application System A System B System C Figure 6-17 The Sun Update Connection Web Hosted Application Before you can manage your systems with the Sun Update Connection services, you must register them using the Sun Update Manager registration wizard. This includes specifying your intention to remotely manage updates. The Sun Update Connection services enable you to remotely manage updates on all of the registered Solaris 10 systems at one time from one common web interface. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 6-65 Introducing the Sun Update Connection Hosted Web Application The Sun Update Connection services use the system information you provided at system registration time to determine which updates are appropriate for each of your Solaris 10 systems. Each of your registered systems check in to the Sun Update Connection web site or to your Sun Update Connection Proxy at specified intervals. When the system checks in, any queued jobs for that system are run. A job is an update-management activity that runs on one or more managed systems. Note – Do not use the Sun Update Manager GUI, the Sun Update Connection Hosted Web application, the smpatch command, and the patchadd command simultaneously to manage updates on your system. You can use all these methods, but not simultaneously. 6-66 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Using the Sun Update Connection Hosted Web Application Using the Sun Update Connection Hosted Web Application After establishing a Sun Online account and registering your system(s), you log into the Sun Update Connection web site and see the initial Summary page shown in Figure 6-18. Figure 6-18 Sun Update Connection Web Application Summary Page The same registration process, including the required Sun Online account and submission of a subscription key, discussed from Figure 6-6 to Figure 6-12 applies here before you are able to log in and start management of registered systems. (However, if this procedure was done during installation of a Sun Update Manager client, then it would not be required again during initial contact using the web hosted application; only the very first contact with the Sun Update Connection Services invokes the registration screens. The four tabs (Summary, Systems, Updates, and Jobs) are the main categories of management tasks available with this interface. A quick glance at this Summary screen alerts you to ● The security and recommended updates available Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 6-67 Using the Sun Update Connection Hosted Web Application ● The number of your systems that are registered and the number that have not cheched in with the Sun update server The status of update jobs including the number that failed and succeeded ● Clicking the System tab brings up the level of detail shown in Figure 6-19. Figure 6-19 Sun Update Connection Web Application Systems Page From this Systems page you can see: ● ● ● ● The last check in time, per system The available updates, per system The job status, per system A tally of the jobs added in this connection session (shown as 0 in this example) The same all system job status available on the Summary screen ● 6-68 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Using the Sun Update Connection Hosted Web Application You can select a system in the left column and then click View Available Updates to find details on the updates relevant for that system. Figure 6-20 shows this detail. Figure 6-20 Sun Update Connection Showing Available Updates for a Selected System The Dependencies column quickly tells you the number of dependencies for the updates selected. In this example, three more updates (dependencies) would need to be processed for a total of six. You can click the Type heading (column 2) and order the rows on those values. This will bring all the security updates to the top of the list followed by the recommended patches. The non-critical updates would be at the bottom. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 6-69 Using the Sun Update Connection Hosted Web Application Each Update ID value and each Synopsis string is a link. Clicking one brings up the detail for that update as shown in Figure 6-21. Figure 6-21 Sun Update Connection Showing Details for a Selected Update This detail is the information typically found in an update README file. From the Available Updates screen (Figure 6-20) you start the update process by selecting the updates you want to apply. Once the updates are selected, click the Apply Updates to schedule the work. Scheduled work is a job. 6-70 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Using the Sun Update Connection Hosted Web Application Figure 6-22 shows details related to the jobs. Figure 6-22 Sun Update Connection Required Dependency Details The required dependencies screen gives you a look at what other updates are required to support those you explicitly selected. You can cancel if you need to, otherwise click the Install button to submit the jobs. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 6-71 Using the Sun Update Connection Hosted Web Application Figure 6-23 shows the confirmation screen that displays next. Figure 6-23 Sun Update Connection Job Confirmation This confirmation page can be printed for your records. Notice also that the six jobs show now as Pending in the All Jobs table. Students may ask about why there are 12 in the figure. This is because there were 6 earlier jobs on this system before this scenario began. 6-72 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A In progress means that the managed system has received the job but has not responded back with a success for failed completion status message. You can cancel pending jobs.Using the Sun Update Connection Hosted Web Application Clicking the Jobs tab presents details about the jobs for this and other sessions as shown in Figure 6-24. Enterprise Services. Revision A 6-73 . The time column in the case of Pending jobs is that of the UTC time for the job submission. Figure 6-24 Sun Update Connection Job Screen Showing Jobs Pending Before an update job competes the job status is recorded as pending or in progress. If you leave the session open. The default check in interval is set to 2 hours. Inc. you will be disconnected. Pending means that the job has been submitted but is waiting in a queue for the managed system to retrieve it. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. All Rights Reserved. The Systems Affected column in the case of this example is 1 (pod04) but you can easily apply updates to multiple systems. This can be changed but 2 hours is the minimum possible. The number shown for Added this Session restarts at 0 when you log out and log back in. The UTC time shown for Jobs with this status is the time the job completed. Notice the update of the Job Summary table. Revision A . Overtime. All Rights Reserved. You may see what is shown in Figure 6-25 Figure 6-25 Sun Update Connection Job Screen Showing Job Success After logging in and checking the Jobs tab. we see that the six jobs have succeed. Enterprise Services.Using the Sun Update Connection Hosted Web Application Log back in to Sun Update Connection Services to check the status of the jobs. You can archive the older ones by clicking the icon next to the Succeeded status of each job. Alternatively. Inc. you can use the checkbox in column one to selecte multiple jobs and click the Archive Jobs button. 6-74 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. your Jobs tab screen will included many rows of information. Figure 6-26 Sun Update Connection Updates Sorted Each of the selected recommended patches has two dependencies. click the View Systems Affected button.Using the Sun Update Connection Hosted Web Application Leveraging the Systems Affected Function A typical update scenario involves learning that some recommended updates have been made available that you want to install on the appropriate subset of your registered systems. Figure 6-26 shows the Update tab with updates sorted. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems. If you want to know which systems these patches apply to. This groups the Security updates together followed by the Recommendate updates. Revision A 6-75 . Inc. Enterprise Services. A couple of the recommended updates have been selected with marks in their checkboxes. All Rights Reserved. Inc. Revision A . Figure 6-27 Sun Update Connection Showing Systems Affected The Systems Affected screen lists all the registered systems to which these updates apply. 6-76 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Following are details to note about the information displayed on this screen: ● By default. All Rights Reserved. Remind students how beneficial this would be when managing hundreds of systems.Using the Sun Update Connection Hosted Web Application Figure 6-27 shows the screen that displays. Enterprise Services. all the left column checkboxes are filled in but you can deselect full system or any update or any system The last column shows any previous versions of the selected updates that are already installed on any of the systems The small triangular twistee next to the update name collapses nested information ● ● Obviously having a course development environment with only two registered systems does not make a big impression about this Systems Affected functionality. Figure 6-28 Sun Update Connection Showing System Dependencies This dependency screen is similar to the one shown earlier except that the information is displayed for all systems to be updated. click the Apply Updates button to create jobs for the updates. Figure 6-28 shows the next screen you can expect to see. Click on the Install button on the bottom of this screen (not shown) to schedule the jobs. Inc. Introducing the Fundamentals of Package and Patch Administration Copyright 2006 Sun Microsystems.Using the Sun Update Connection Hosted Web Application After selecting the systems and updates to apply. All Rights Reserved. Revision A 6-77 . Enterprise Services. Revision A . Figure 6-29 Sun Update Connection Job Confirmation The confirmation page shows the number of jobs pending in the all jobs summary box and also announces the time the jobs are scheduled to execute so you can log back in at a known time to check that status of the work. Inc. Enterprise Services. 6-78 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved.Using the Sun Update Connection Hosted Web Application Figure 6-29 shows the confirmation page that displays. Inc.Module 7 Performing User Administration Objectives Upon completion of this module. and Deletions with new tools and commands ● 7-1 Copyright 2006 Sun Microsystems. Revision A . you should be able to: ● Describe the Changes in User Administration between Solaris 8. All Rights Reserved. 9. and 10 Perform user Installations. Modifications. Enterprise Services. All Rights Reserved. the answers should be of interest to them and inspire them to learn the material presented in this module. While they are not expected to know the answers to these questions.Relevance Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Inc. Revision A . ! ? Discussion – The following questions are relevant to understanding what User Administration is all about: ● ● What are the changes in commands for user administration? What are the changes in GUI tools for user administration? 7-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. Revision A 7-3 . PN 817-1985 System Administration Guide: Advanced Administration. Enterprise Services. Inc.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration. PN 817-0403 System Administration Guide: Security Services. All Rights Reserved. PN 816-4557 Performing User Administration Copyright 2006 Sun Microsystems. a password was a combination of 6 to 8 letters. Following is the format of an entry: loginID:password:lastchg:min:max:warn:inactive:expire:flag Prior to Solaris 10. numbers. Enterprise Services. numbers. All Rights Reserved. or special characters. “Performing System Security”. a home directory. and a login shell. Solaris 10 introduced better security measures which increased the password to a combination of up to 256 letters. The remainder is reserved for future use. The count is in low order four bits.Performing User Administration Performing User Administration An important system administration task is setting up user accounts for each user who requires system access. the last field (flag) was not used. a user identification (UID) number. 7-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Each user needs a unique account name. Revision A . set to zero. Managing User Accounts In the Solaris 8 and 9 Operating Systems. You also have to determine which groups a user may access. Inc. This is discussed in greater detail in the next module. it is used to track failed logins. The /etc/shadow File Each entry in the /etc/shadow file contains nine fields. The complexity of passwords can also be configured now. In Solaris 10. A colon separates each field. or special characters. Solaris 9 introduced a default failback shell for root if the administrator changes the root shell in the /etc/passwd file to a non-existent shell. A locked account is no longer considered a valid user account. Revision A 7-5 . Inc. You can gain access to the failback shell via single-user mode or by a command line login. The default failback shell is /sbin/sh. The dtlogin program does not implement the failback shell for root although you can log in as a normal user and su to root. All Rights Reserved.Performing User Administration Miscellaneous Items The cron daemon will no longer run cron jobs associated with locked user accounts. Enterprise Services. Performing User Administration Copyright 2006 Sun Microsystems. Changes in Command-Line Tools Changes in Command-Line Tools The Solaris OS provides these command-line tools. and are better suited for remote management. The smuser command enables you to manage one or more users on the system with the following set of subcommands: ● ● ● ● add – Adds a new user account modify – Modifies a user’s account delete – Deletes a user’s account list – Lists one or more user entries The smuser and smgroup commands interact with naming services. All Rights Reserved. Revision A . Therefore. This module describes only the basic commands. can use autohome functionality. the Solaris 9 and 10 OS has a set of command-line tools that accomplish the same tasks. They are the smuser and smgroup commands. Inc. Note – The smuser and smgroup commands are the command-line interface equivalent to the Solaris Management Console range of operation. the smuser and smgroup commands have numerous subcommands and options designed to function across domains and multiple systems. defined as follows: ● ● ● ● ● ● useradd – Adds a new user account on the local system usermod – Modifies a user’s account on the local system userdel – Deletes a user’s account from the local system groupadd – Adds a new group entry to the system groupmod – Modifies a group entry on the system groupdel – Deletes a group entry from the system In addition to these standard command-line tools. and allow you to perform Solaris Management Console actions in scripts. The smgroup command enables you to manage one or more groups on the system with the following set of subcommands: ● ● ● add – Adds a new group entry modify – Modifies a group entry delete – Deletes a group entry 7-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. modify. The subcommand arguments are quite numerous. the system might prompt you for additional information.option must be entered even if an authorization argument is not specified because it must precede the subcommand arguments. All Rights Reserved. Revision A 7-7 . such as a password for authentication purposes. typically the user’s name.Changes in Command-Line Tools ● list – Lists one or more group entries Any subcommand to add. Table 7-1 Subcommand Arguments for the smuser add Command Subcommand Argument -c comment Definition A short description of the login.[subcommand_args] Table 7-1 shows some of the most common subcommand arguments for the smuser add command. Enterprise Services. the following is the command format for the smuser command: /usr/sadm/bin/smuser subcommand [auth_args] -. However. Using the smuser Command The smuser add Command Format and Options The following is the command format for the smuser add command: smuser add [auth_args] -.option separates the subcommand-specific options from the authorization arguments. or delete users with the smuser and smgroup commands requires authentication with the Solaris Management Console server and requires the initialization of the Solaris Management Console. It is important to note that descriptions and other arguments that contain white space must be enclosed in double quotation marks. This string can be up to 256 characters. list. Performing User Administration Copyright 2006 Sun Microsystems. The -.[subcommand_args] The authorization arguments are all optional. Inc. refer to the smuser man page. if you do not specify the authorization argument. The -. For a complete listing of the subcommands. For example. # /usr/sadm/bin/smuser add -.UserMgrCli from sys-02 was successful.sun.sun. Specifies the full path name of the user’s login shell. All Rights Reserved. Specifies the user ID of the user you want to add. Revision A . assigns the UID number 500. -x autohome=Y|N The following example uses the smuser add command to create an account for a user named newuser2.user.cli. and sets /bin/ksh as the login shell for the user account. Enterprise Services. creates a home directory in the /export/home directory. adds the user to the group other.admin. Specifies the new user’s primary group membership.admin. Inc. If you do not specify this option. It designates the login name as newuser2.-n newuser2 -u 500 -g other -d /export/home/newuser2 -c "Regular User Account 2" -s /bin/ksh -x autohome=N Authenticating as user: root Type /? for help. Specifies the user’s secondary group membership.usermgr.user.Changes in Command-Line Tools Table 7-1 Subcommand Arguments for the smuser add Command (Continued) -d directory -g group -G group -n login -s shell -u uid Specifies the home directory of the new user and is limited to 1024 characters.usermgr. 7-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. See the man page for automount for more information. the system assigns the next available unique UID greater than 100. Download of com. pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: Enter_The_root_Password Loading Tool: com.UserMgrCli from sys-02 Login to sys-02 as user root was successful. Specifies the user’s login name. Note – The -x autohome=N option to the smuser command adds the user without automounting the user’s home directory. Sets the home directory to automount if set to Y.cli. Table 7-2 Options for the smuser modify Command Option -n login -N login Definition Specifies the user’s login name Specifies the user’s new login name The following example changes the login name and home directory for newuser2 to userb. the options for the smuser modify command function the same as for the smuser add command. # passwd newuser2 New Password: 123pass Re-enter new Password: 123pass passwd: password successfully changed for newuser2 Confirm that the password change has been applied by viewing the entry for that user in the /etc/shadow file: # grep ’newuser2’ /etc/shadow newuser2:FSMOsxncoc6yI:12708:::::: The smuser modify Command Format and Options The following is the command format for the smuser modify command: smuser modify [auth_args] -. Enterprise Services.[subcommand_args] In general. # /usr/sadm/bin/smuser modify -. This can be verified by viewing the appropriate entry in the /etc/shadow file: # grep ’newuser2’ /etc/shadow newuser2::12708:::::: Use the passwd command to create a new password for the user.Changes in Command-Line Tools Users are added without a password by default with the smuser command. Revision A 7-9 . All Rights Reserved. Table 7-2 shows the options for the smuser modify command. Refer to the smuser(1M) man page for additional options.-n newuser2 -N userb -d /export/home/userb Authenticating as user: root Performing User Administration Copyright 2006 Sun Microsystems. Inc. All Rights Reserved. pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: Enter_The_root_Password Loading Tool: com.user.[subcommand_args] The following example removes the userb account from the system: # /usr/sadm/bin/smuser delete -.admin.UserMgrCli from sys-02 was successful. Download of com. Inc.cli.cli.user. 7-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Download of com.UserMgrCli from sys-02 Login to sys-02 as user root was successful.sun.admin.admin. the smuser delete command has no -r equivalent option for deleting the home directory.cli. Revision A .usermgr.-n userb Authenticating as user: root Type /? for help.usermgr.usermgr.usermgr.UserMgrCli from sys-02 was successful. pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: Enter_The_root_Password Loading Tool: com.sun. Enterprise Services. The user’s home directory must be deleted manually.sun.cli.Changes in Command-Line Tools Type /? for help. Note – Unlike the userdel command.admin.sun.user.UserMgrCli from sys-02 Login to sys-02 as user root was successful.user. The smuser delete Command Format and Options The following is the command format for the smuser delete command: smuser delete [auth_args] -. Inc. The smgroup modify Command Format and Options The following is the command format for the smgroup modify command: /usr/sadm/bin/smgroup subcommand [auth_args] -.usermgr. Table 7-4 Option Options for the smgroup modify Command Description Performing User Administration Copyright 2006 Sun Microsystems. All Rights Reserved.admin. pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: Enter_The_root_Password Loading Tool: com. Revision A 7-11 .group.UserMgrGroupCli from sys-02 Login to sys-02 as user root was successful.usermgr.-n workgroup -g 123 -m usera Authenticating as user: root Type /? for help.sun.cli. Download of com.admin.UserMgrGroupCli from sys-02 was successful. Table 7-3 Option -g gid -m group_member -n group_name Options for the smgroup add Command Description Specifies the GID number for the new group Specifies the new members to add to the group Specifies the name of the new group The following example uses the smgroup add command to create a new group called workgroup with a GID of 123. and to add usera to the group: # /usr/sadm/bin/smgroup add -. Enterprise Services.[subcommand_args] Table 7-4 shows the options for the smgroup modify command.cli.Changes in Command-Line Tools Using the smgroup Command The smgroup add Command Format and Options The following is the command format for the smgroup add command: /usr/sadm/bin/smgroup subcommand [auth_args] -.sun.[subcommand_args] Table 7-3 shows the options for the smgroup add command.group. -n schoolgroup Loading Tool: com.-n workgroup -N schoolgroup Authenticating as user: root Type /? for help.usermgr.group.cli.usermgr. All Rights Reserved.UserMgrGroupCli from sys-02 was successful.sun.cli. Revision A . pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: Enter_The_root_Password Loading Tool: com. Enterprise Services.admin.usermgr.UserMgrGroupCli from sys-02 Login to sys-02 as user root was successful.Changes in Command-Line Tools Table 7-4 -n name -m new_member -N new_group Options for the smgroup modify Command Specifies the name of the group you want to modify Specifies the new members to add to the group Specifies the new group name The following example changes the group workgroup to schoolgroup: # /usr/sadm/bin/smgroup modify -. Inc.UserMgrGroupCli from sys-02 was successful.group.sun. Download of com.group.usermgr. Download of com.sun.cli.admin.admin.cli.[subcommand_args] You can use the -n group_name option with the smgroup delete command to specify the name of the group you want to delete. The following example deletes the group entry schoolgroup from the local system: # /usr/sadm/bin/smgroup delete -.group.sun.admin. 7-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The smgroup delete Command Format and Options The following is the command format for the smgroup delete command: /usr/sadm/bin/smgroup subcommand [auth_args] -.UserMgrGroupCli from sys-02 Login to sys-02 as user root was successful. When the system is first booted the Java based SMC server program is not started. Performing User Administration Copyright 2006 Sun Microsystems. Log in to your system as root. but some tools and applications are not available to you. the 3 smcboot programs are replaced by the Java based SMC server program.policy=/usr/sadm/lib/smc/policy/smcconsole. In the transition from Solaris 8 to Solaris 10. Introducing the Solaris Management Console The Solaris Management Console is a Java technology-based tool for the administration of systems. If SMC is run. Inc. In its place are 3 programs called smcboot. It provides a central integration point for the configuration and administration of important applications and services. When you initiate the Solaris Management Console for the first time. Revision A 7-13 . Enterprise Services. The program can be found by running ps -ef | grep smc. The Solaris Management Console can be started from the command line or from within the Application Manager by clicking the Solaris Management Console icon.Changes in GUI Tools Changes in GUI Tools Solaris 8 managed user accounts with the administration utility admintool.security. All Rights Reserved.path=/var/run/smc898/boot. it can take a few minutes to launch. The SMC server is the program known as: java -Dviper. Executing the pfiles command on the first instance of smcboot will show that it is listening at port 898 for any incoming SMC server requests. You can start the Solaris Management Console as a normal user. You will also note that the SMC console program is now running and is: java Djava.fifo. admintool has become EOL’d and the replacement tool is called Solaris Management Console (SMC).fifo. and type smc& in a terminal window. Computers and Networks. Processes. and Performance.d/init. Inc.1. Disks.0 running on port 898. Revision A .” 7-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. This category includes Mounts and Shares. and Enhanced Storage. a response similar to the following returns: “Solaris Management Console server version 2. This category includes Users. Log Viewer. Restarting the Solaris Management Console If you have trouble accessing Solaris Management Console. When you access the Solaris Management Console.Changes in GUI Tools Using the Solaris Management Console Tools The default toolbox for a Solaris Management Console server includes the following folders and tools: System Status System Configuration Services Storage Devices and Hardware This category includes System Information. To determine if the Solaris Management Console server is running. the reason might be that the Solaris Management Console server is not running or is in a problem state. and Patches. perform the command: # /etc/init. Enterprise Services. This category includes Scheduled Jobs. Point and click with the mouse to invoke an application remotely on a selected Solaris Management Console server and view the application’s GUI on the local display. This category includes Serial Ports. The Solaris Management Console enables local users and administrators to register remote Solaris Management Console servers and applications on the network they want to administer. Projects.wbem status If the Solaris Management Console server is running. it dynamically configures tree views of those registered hosts and services. ” To start the Solaris Management Console server. as the root user.Changes in GUI Tools Note – If this is the first time SMC has been run after a reboot.wbem stop The following response returns: “SMC stopped.wbem start After a short time. All Rights Reserved.” Identifying the Functional Areas of the Solaris Management Console The Solaris Management Console and the Solaris Management Console Toolbox Editor windows are divided into functional areas as follows: ● ● ● ● ● Navigation pane View pane Information pane Location bar Status bar Performing User Administration Copyright 2006 Sun Microsystems. Inc. as the root user. perform the command: # /etc/init. Revision A 7-15 . this command may show an error. To stop the Solaris Management Console server. Enterprise Services.d/init. perform the command: # /etc/init.d/init. the following response returns: “SMC server started. The contents could be a folder or a tool. select the Show option. The Navigation pane is displayed or not displayed. Click View on the Menu bar. All Rights Reserved. Revision A . View Pane The View pane displays the contents of the node selected in the Navigation pane.Changes in GUI Tools Figure 7-1 shows these divisions. and select the Location option to display the Location bar. Inc. Enterprise Services. 7-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Navigation Pane The Navigation pane works like a frame in a web page. Clicking an item in the Navigation pane determines what appears in the View pane. and select or deselect the Navigation option. Click View on the Menu bar. The turner icon is displayed to the left of items that represent a group of items. select the Show option. Menu bar Location bar Navigation pane View pane Information pane Context Help and Console Events tabs Status bar Figure 7-1 Solaris Management Console Overview Note – The Location bar does not appear by default when you first launch the Solaris Management Console. depending on the Show setting in the View menu. Click the icon or the item to expand or collapse the group. beneath the tool bar in the Solaris Management Console window. the View pane displays the contents of that folder. Location Bar The Location bar. Select a toolbox from the pull-down menu to open that toolbox. Select one of the additional tools. select the Show option. such as the Process tool. If the node selected is a complex tool. Click the button to the right of the Toolbox field to display a pull-down menu of recent toolboxes visited. The Toolbox field indicates the current toolbox and the item currently selected in the toolbox. Information Pane The Information pane at the bottom of the Solaris Management Console window displays either context help for the object selected in the Navigation pane or a list of events and alarms for all Solaris Management Console events. If the node selected is a simple tool. such as User Manager. depending on the Show setting in the View menu. the View pane displays additional tools. depending on the Show setting in the View menu. Revision A 7-17 . Click the Home Toolbox icon to open the home toolbox. The Context Help tab and Console Events tab determine what is shown in the Information pane. All Rights Reserved. displays a Home Toolbox icon and a Toolbox field. and select or deselect the Information option. such as the tools for user accounts and email accounts. Performing User Administration Copyright 2006 Sun Microsystems. The Information pane is displayed or not displayed. and select or deselect the Location option. Click View on the Menu bar. Click View on the Menu bar. Click the Console Events tab to display a list of events and alarms for all Console events. Inc. Enterprise Services. and the View pane displays the contents of the tool.Changes in GUI Tools If the node selected in the Navigation pane is a folder. such as the user accounts node. The Location bar is displayed or not displayed. Click the Context Help tab to display context help for the object selected. the View pane displays a list of current processes. select the Show option. All Rights Reserved. 5.Changes in GUI Tools Status Bar The Status bar. and select or deselect the Status bar option. 2. 3. located across the bottom of the Solaris Management Console window. Revision A . The left pane of the Status bar indicates the number of nodes directly subordinate to the node selected in the Navigation pane. Double-click User Templates to access the tool to create and manage user templates. 4. From the Menu Bar. Enterprise Services. 7-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. To add a user account. Click This Computer in the Navigation pane to display the system management tools. Adding a User Account The default method of adding a user account through Solaris Management Console is to add the user account with the user’s home directory automounted. The following steps demonstrate how to build a user template that adds the user account with the user’s directory under the /export/home directory. Click System Configuration to display the tool for setting up a new user account. The right pane of the Status bar provides progress information during some Console tasks. The center pane of the Status bar indicates Console activity. Click View on the Menu bar. perform the following steps: 1. Inc. depending on the Show setting in the View menu. A moving bar inside the center pane functions as an activity indicator when Console activity occurs. Click Users and enter the user name and password to be used for authentication if prompted to do so by Solaris Management Console. displays three panes. select the Show option. The Status Bar is displayed or not displayed. select Add User Template from the Action list. Figure 7-2 6. You can provide an optional description if you would like. Enterprise Services. Revision A 7-19 .Changes in GUI Tools Figure 7-2 shows the Add User Template window. All Rights Reserved. Add User Template Window Type SA200user in the User Template Name field. Inc. Performing User Administration Copyright 2006 Sun Microsystems. Figure 7-3 Add User Template Window (Home Directory Tab) 7-20 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Type your system name in the Home Directory Server field.Changes in GUI Tools 7. Click the Home Directory tab. All Rights Reserved. Revision A . Uncheck the check box labelled Automatically Mount Home Directory. Inc. Figure 7-3 shows the Add User Template window with the Home Directory Information completed. Enterprise Services. Click OK. Enterprise Services. Revision A 7-21 .Changes in GUI Tools 8. as shown in Figure 7-4. All Rights Reserved. reappears with the SA200user template in the View pane. and the Solaris Management Console (User Templates) window. Figure 7-4 Management Tools: Solaris Management Console Window – User Templates Performing User Administration Copyright 2006 Sun Microsystems. Inc. Figure 7-5 Management Tools: Solaris Management Console Window – User Accounts 7-22 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. and a list of user accounts on the system appears in the View pane. Click User Accounts from the Navigation pane.Changes in GUI Tools 9. All Rights Reserved. Revision A . See Figure 7-5. Inc. 12. Then select Add User. Figure 7-6 Add User From Template Window Because you only have one template created. Enterprise Services. Click OK and the Solaris Management Console (User Accounts) window reappears with the user account you just created in the View pane. In the field beside User Name. From the Menu Bar. Revision A 7-23 . it is the default template available from the User Template pull-down list. select Action. enter the login ID of the user you want to create. Click the button User Must Use and fill in the password and confirmation fields with the password 123pass. All Rights Reserved. Performing User Administration Copyright 2006 Sun Microsystems. A full name and description are optional.Changes in GUI Tools 10. Inc. See Figure 7-6. 13. and then select From Template. 11. The Add User From Template window appears. Double-click the user account you just created. You can view and modify the properties of that user account. The User Properties window appears. Inc. Figure 7-7 User Properties Window 15. Click the Group tab. 7-24 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. Enterprise Services. as shown in Figure 7-7. Revision A .Changes in GUI Tools 14. All Rights Reserved. Enterprise Services.Changes in GUI Tools The screen changes to reveal a list of groups. Revision A 7-25 . Inc. You can click a group listed under Available Groups. Figure 7-8 User Properties Window – Adding Groups 16. Add the groups to which you want the user to belong. then click Add. Figure 7-8 shows the information under the Group tab. and the group moves into the Member Of column. Performing User Administration Copyright 2006 Sun Microsystems. and then click OK. including the primary group to which the user belongs and a list of available groups. 17. . Enterprise Services. 8-1 Copyright 2006 Sun Microsystems. Revision A . 9. Inc. you should be able to describe the Changes in Basic Security Administration between Solaris 8.Module 8 Performing System Security Objectives Upon completion of this module. and 10. All Rights Reserved. All Rights Reserved. Inc. Revision A . ! ? Discussion – The following questions are relevant to understanding what system security is all about: ● How has basic security improved from Solaris 8 through Solaris 10? 8-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. the answers should be of interest to them and inspire them to learn the material presented in this module. While they are not expected to know the answers to these questions.Relevance Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Enterprise Services. conf(4). ipsecconf(1M). policy.conf(4). auditconfig(1M). audit_control(4). ipfilter(5).Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● ● System Administration Guide: Basic Administration. Enterprise Services. PN 816-4557 See the man pages on: passwd(1). All Rights Reserved. Inc. cryptoadm(1M). Revision A 8-3 . crypt. PN 817-0403 System Administration Guide: Security Services. and routeadm(1M) Performing System Security Copyright 2006 Sun Microsystems. audit_user(4). PN 817-1985 System Administration Guide: Advanced Administration. ifconfig(1M). Enterprise Security Assessment and Best Practices SC345. The default security policy is to disallow remote logins for the root user. it rejects the login session and sends the Login failed error message. 8-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Controlling System Access Controlling System Access The more access that is available over the network. the more beneficial it is for remote system users.ftpd reads the /etc/ftpd/ftpusers file when an FTP session is invoked. Solaris(TM) Operating Environment Network Intrusion Detection SC360. Computer Security Forensics and System Recovery File Transfer Protocol (FTP) Access Solaris 9 introduced a new ftp server based on wu-ftpd. wu-ftpd is widely used for distribution of bulk data over the Internet and is the preferred standard for large FTP sites. Security topics that are discussed in this module are limited to the topics that are covered in the System Administration I and II courses. There is far more information on security available in the following courses: ● ● ● ● ● SC-300. If the login name of the user matches one of the listed entries. refer to the materials that are incorporated at: /var/sadm/pkg/SUNWftpu/install/copyright. unrestricted access and sharing of data and resources can create security problems. Administering Security on the Solaris Operating System SC340. Enterprise Security Using Kerberos and LDAP SC410. Revision A . The /etc/ftpd/ftpusers file lists the names of users who are prohibited from connecting to the system through the FTP protocol. However. Originally developed by Washington University in Saint Louis. The root entry is included in the ftpusers file as a security measure. Enterprise Services. All Rights Reserved.ftp This new server provides a directory structure under /etc/ftpd. For information on the licensing terms. for example: root daemon bin sys user1 The FTP server daemon in. Inc. To allow for the default Solaris behavior when connecting to non-Solaris FTP servers. return messages to the FTP client related to specific events. the FTP_LS_SENDS_NLST environment variable can be set to yes. The ftp command has been changed. Use a set of configuration files for each virtual host in a separate directory. Revision A 8-5 . File ftpaccess Description The configuration file used to control the overall operation of the Server. All Rights Reserved. The default mode for transfer of files has been changed from ascii to binary. the /etc/default/ftp file can be edited appropriately on each Solaris client. Inc. ftpwho and ftp commands. ftpconversions ftpgroups ftphosts ftpservers Create or edit /etc/ftpd/ Welcome The Solaris 10 release includes several changes to the FTP service. Used to send messages to users of the ftp service. and changes to the ftpcount. Enterprise Services. Used to configure virtual hosting. directories may not be listed. specify classes of users who are allowed to execute certain commands or to download and upload files. Conversion database for changing formats and handling different compression formats. Other changes include enhancements to the FTP server. a Solaris FTP client connected to a Solaris FTP server lists both directories as well as plain files when the ls command is issued to the client. To make the change for individual users. If the FTP server is not running in the Solaris OS. For more information see the ftp(4) man page. By default. Used to allow or deny access to accounts from specific hosts. New capabilities supported in the ftpaccess file are: Performing System Security Copyright 2006 Sun Microsystems.Controlling System Access Other files located under the /etc/ftpd structure are described in the following table. Contains enhanced group access information. Revision A . All Rights Reserved. 8-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The addition of the wuftpd version of FTP resulted in better control in restricting FTP access than was available with the /etc/shells file.Controlling System Access ● flush-wait controls the behavior at the end of a download or directory listing ipcos sets the IP Class of Service for either the control or data connection Passive ports can be configured so that the kernel selects the TCP port to listen on quota-info enables retrieval of quota information recvbuf sets the receive (upload) buffer size used for binary transfers rhostlookup allows or disallows the lookup of the remote hosts name sendbuf sets the send (download) buffer size used for binary transfers xferlog format customizes the format of the transfer log entry ● ● ● ● ● ● ● The /etc/shells File The /etc/shells file was removed in Solaris 9. Inc. Enterprise Services. System Files That Store User Account Information The Solaris OS stores user account and group entry information in the following system files: ● ● ● /etc/passwd /etc/shadow /etc/group Solaris 9 introduced a new account to the system files: User name smmsp User ID 25 Description The sendmail message submission deamon account. and md5 are explained in crypt. The passwd command has two new options. The LOCK_AFTER_RETRIES=YES|NO parameter specifies whether a local account is locked after the number of failed login attempts for a user is equal to. or special characters that a user enters with the login name to gain access to a system. -N and -u. To enable 256 character passwords. The Solaris 10 OS has new security enhancements.Controlling System Access Solaris 10 introduced two new accounts to the system files. The passwd -N username command sets the password field in /etc/shadow to NP which is an unmatchable password.conf. or exceeds the allowed number of retries. see the passwd(1) man page.conf needs to be changed to either md5 or blowfish. 2a. numbers. The pam_unix_auth module implements account locking for local users. The line that reads: CRYPT_DEFAULT=_unix_ needs to be changed to CRYPT_DEFAULT=2a (blowfish). The values 1. All Rights Reserved. The number of retries is defined by RETRIES in /etc/default/login. This option is useful for accounts that should not be logged in to. The -N option creates a password entry for a non-login account. Revision A 8-7 . Password Management Solaris 10 introduced a much more robust password policy. Enterprise Services. The -u option unlocks a previously locked account. but must run cron jobs. A password can now be a combination of up to 256 letters. For more information. User name gdm webservd User ID 50 80 Description Gnome Display Manager daemon. the encryption policy in /etc/security/policy. Inc. Account reserved for WebServer access. Performing System Security Copyright 2006 Sun Microsystems.conf and the lock_after-retries key in /etc/user_attr. This effectively disables the account from logging in. Account locking is enabled by the LOCK_AFTER_RETRIES tunable parameter in /etc/security/policy. # telnet localhost Trying 127. # vi /etc/default/passwd (output edited for brevity) # HISTORY sets the number of prior password changes to keep and # check for a user when changing passwords.Controlling System Access The following example shows how to prevent a user from reusing too many previous passwords. using different passwords and then one of the previous passwords. so the line shows as HISTORY=3. # #HISTORY=0 # Locate the line called #HISTORY=0.. All Rights Reserved. # The maximum value of HISTORY is 26.0. # # This flag is only enforced for user accounts defined in the # local passwd(4)/shadow(4) files. Write and quit the file. Please try again New Password: newpas1 Re-enter new Password: newpas1 passwd: password successfully changed for testuser $ 8-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . Modify the number to 3. Escape character is ’^]’.1. and remove the comment from the beginning of the line. Inc. log in and attempt to change your password a number of times.0. login: testuser Password: 123pass $ passwd passwd: Changing password for testuser Enter existing login password: 123pass New Password: pass123 Re-enter new Password: pass123 passwd: password successfully changed for testuser $ passwd passwd: Changing password for testuser Enter existing login password: pass123 New Password: 123pass passwd: Password in history list. Enterprise Services. As a regular user. Connected to localhost.. These controls are configured by setting values in the /etc/default/passwd file. If set in the /etc/shadow file. DICTIONLIST= – Causes the passwd program to perform dictionary word lookups from comma-separated dictionary files. MINWEEKS – Sets the minimum time period before the password can be changed. This prevents the user from reusing the same password for 26 changes. These controls are commented out by default. Revision A 8-9 . and WARNWEEKS are default values. ● NAMECHECK=NO – Sets the password controls to verify that the user is not using the login name as a component of the password. the parameters in that file override those in the /etc/default/passwd file for individual users. HISTORY=0 – Forces the passwd program to log up to 26 changes to the user’s password. and then set back to zero. The Solaris 10 OS release introduces a number of new controls for password management. ● ● Performing System Security Copyright 2006 Sun Microsystems. but it can be added. prior password history is checked. By changing the value to 3. If the HISTORY value is set to another number other than zero (0). Inc.Controlling System Access By uncommenting the HISTORY= line in the /etc/default/passwd file. and 8. ● ● ● Note – The WARNWEEKS value does not exist by default in the /etc/default/passwd file. it causes the password log for a user to be removed on the next password change. All Rights Reserved. the number of prior password changes to keep and check when a user changes passwords is set to three. MINWEEKS. 7. The /etc/default/passwd File Set values for the following parameters in the /etc/default/passwd file to control properties for all users’ passwords on the system: ● MAXWEEKS – Sets the maximum time period (in weeks) that the password is valid. WARNWEEKS – Sets the time period prior to a password’s expiration to warn the user that the password will expire. Valid entries are 6. The password aging parameters MAXWEEKS. Enterprise Services. PASSLENGTH – Sets the minimum number of characters for a password. Revision A . Note – By forcing greater complexity of password structure.Controlling System Access ● DICTIONDBDIR=/var/passwd – The location of the dictionary where the generated dictionary databases reside. When setting a password change policy. you must not underestimate the problems that too much complexity may cause. 8-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Complexity of the password can be controlled using the following parameters: #MINDIFF=3 #MINALPHA=2 #MINNONALPHA=1 #MINUPPER=0 #MINLOWER=0 #MAXREPEATS=0 #MINSPECIAL=0 #MINDIGIT=0 #WHITESPACE=YES By default. Inc. you may inadvertently cause the users to write down their passwords as they may be too difficult for the user to remember. Enterprise Services. This directory must be created manually. All Rights Reserved. refer to the man page for mkpwdict(1M). all of the above parameters are commented out. Note – To pre-build the dictionary database. Inc. Revision A . you should be able to: ● ● Identify network printing fundamental changes Configure and administer printer services 9-1 Copyright 2006 Sun Microsystems.Module 9 Configuring and Using Printer Services Objectives Upon completion of this module. All Rights Reserved. Enterprise Services. Revision A . ! ? Discussion – The following questions are relevant to understanding what changes were made to printing: ● ● How do I launch the print admin GUI? What printers are available for selection? 9-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. Inc.Relevance Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. While they are not expected to know the answers to these questions. Enterprise Services. the answers should be of interest to them and inspire them to learn the material presented in this module. Configuring and Using Printer Services Copyright 2006 Sun Microsystems. PN 817-0403 See the man pages for lpadmin(1M). Revision A 9-3 . All Rights Reserved.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration. Enterprise Services. Inc. PN 817-1985 System Administration Guide: Advanced Administration. Solaris 8. Raster Image Processor (RIP) The RIP enables you to print to printers that do not have resident PostScript processing capabilities. by using either Solaris Print Manager or a new option to the lpadmin command. Now. and PostScript Printer Description (PPD) files. queuing. 9-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. to use the appropriate driver. 9. The database of printer description files is called the foomatic database. In previous releases. however the tools to configure printers and the range of available printers has changed.Network Printing Fundamentals Network Printing Fundamentals The Solaris OS LP print service provides a complete printing environment that allows the sharing of printers across systems and a set of software utilities that enable users to print files while they continue to work on other tasks. Inc. utilizing a combination of systems that can be configured as print servers or print clients. Revision A . The RIP occurs behind the scenes. or plain ASCII text. it was only possible to print to printers that understood PostScriptTM natively. tracking. Enterprise Services. and filtering has remained the same. you can print to a wider range of printers. Printer Filters In Solaris 10. modifications have been made to incorporate support for a wide array of printers. and 10 have always implemented a client-server model for printing. fault notification. All Rights Reserved. This functionality differs greatly from previous Solaris software releases. The Solaris printing software now provides the print server RIP and supporting technologies. and information about whether these printer types accepted PostScript or ASCII text. was limited. However. raster image processor (RIP). through the use of additional transformation software. you need to configure each printer. The list of supported printer types. The basic functionality of initialization. Inc. Enterprise Services.Network Printing Fundamentals PostScript Printer Description (PPD) PostScript is a language developed by Adobe® to describe a print document. a PostScript Printer Description (PPD) file describes the device dependent features. Configuring and Using Printer Services Copyright 2006 Sun Microsystems. An application which created PostScript output could print to any PostScript-capable printer. It was also created by Adobe to allow printer manufacturers to implement their own special features into PostScript. All Rights Reserved. Revision A 9-5 . This language removed the need for application developers to write support for many different makes and models of printers into their applications. When a printer vendor creates a printer which has features not referenced by PostScript. 9. Solaris 10 has removed the old admintool GUI from the Operating System. In previous releases. This option ensures that banner pages are never printed for the specified print queue. the Solaris Print Manager GUI is started with the following command: # /usr/sbin/printmgr Through Solaris 9 and now with Solaris 10. GUI Tools In Solaris 8. you only had two choices for printing banner pages in Solaris Print Manager: ● You could enable the -always print banner. the Solaris Print Manager has been expanded to include an additional -Never Print Banner.option. was limited. In Solaris 8 and 9. the Solaris Print Manager has been modified with some cosmetic changes to make it easier to use. Inc. and information about whether the printer accepted PostScript or ASCII text. In Solaris 10 01/06. Enterprise Services. Solaris 8 also retained the print functionality through the old admintool GUI which could setup and manage local printers only. the Solaris Print Manager GUI was started with the following command: # /usr/sadm/admin/bin/printmgr With Solaris 10. model. Revision A . This new feature differs greatly from previous Solaris software releases. the screens have been updated to enable you to choose a PPD file for the print queue through the selection of make.option in Solaris Print Manager 9-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. and driver. the Solaris Print Manager GUI was introduced as the tool to setup and manage both local and remote printers. Previously. More importantly. the provided list of printer types. and 10 versions of the Operating System.Printer Tools Printer Tools Printing tools have changed across the Solaris 8. All Rights Reserved. Yes. Yes Printer Server Description Printer Port Printer Type File Content Type Yes Printer Make No Yes. by default. This is the name entered on the command line with a print command. Inc. The Print Manager GUI has undergone a number of updates in the information that requires and that you can configure in it. by default. for example. All Rights Reserved. The name can contain a maximum of 14 alphanumeric characters. by deselecting the Use PPD files options in Not. Available in releases prior to Solaris 10 Available in releases Solaris 10 and later Required Field Printer Name A unique name for the printer. Yes PPD is enabled by default in the Print Manager. including dashes and underscores. This system is the print server for this network printer. Revision A 9-7 . Enterprise Services. available in the Solaris 9 OS /04 release only Configuring and Using Printer Services Copyright 2006 Sun Microsystems. A printer’s description commonly contains information to help users identify the printer. Not.Printer Tools ● You could select the banner on or off option when you submitted a print job. for the the Print Manager Solaris 9 OS /04 release drop-down menu. for the This allows you to choose Solaris 9 OS /04 release a printer from the range of supported printers in /usr/lib/lp/model/p pd/system/foomatic. This field is optional. Only required for attached printers. This option was on by default. The following table contains the information you would use to configure a new local or network printer. Defaults to the name of the system on which you are currently running the Solaris OS Print Manager. physical location or printer type. It becomes part of the printer configuration database and is associated with the network printer’s IP address. by default. Mail to Superuser.Printer Tools Available in releases prior to Solaris 10 No Available in releases Solaris 10 and later Yes. The network printer’s unique access name. Revision A . which. Identifies two options. The Destination access name can be either the name of the printer or its IP address as defined in the /etc/inet/hosts file or in a name service database. available in the Solaris 9 OS /04 release Fault Notification The list of choices for how the superuser is notified of printer errors. The corresponding PPD files are in: /usr/lib/lp/model/p pd/system/foomatic/ make Defaults to the foomatic PostScript printer driver. are disabled. The choices are Berkeley BSD Printer Protocol and raw Transmission Control Protocol (TCP). A list of supported printer models for the selected printer make. Destination Protocol Options 9-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. To enable an option. Inc. Enterprise Services. In general. or None. All Rights Reserved. the TCP protocol is more generic across printers. For a network printer: The Internet protocol that is used to communicate with the printer for file transfer. The printer vendor documentation supplies the information about the protocol to select. the Default Printer option and the Always Print Banner option. Required Field Printer Model Printer Driver No Yes. The Destination access name is used only by the print subsystem when it is making the network connection to the physical printer or the printer-host device. click in the appropriate box (a check mark appears). These include: Write to Superuser. Allows this printer to become the system default that is used by all users who have not set their own.Printer Tools Available in releases prior to Solaris 10 Available in releases Solaris 10 and later Required Field User Access List Specifies print clients that can print to this printer. By default. Revision A 9-9 . default printer. Sets whether or not a banner page is printed for each print job request. Inc. Configuring and Using Printer Services Copyright 2006 Sun Microsystems. Default Printer Always Print Banner Command Line Tools The existing Solaris command line printing tools have been modified to include a new -n option to the lpadmin command. All Rights Reserved. preferred. With this option. Enterprise Services. the word all allows every print client access to this printer. you can designate a PPD file to use when creating a new print queue or when modifying an existing print queue. and support the new RIP and PPD functionality. and logs. Inc. The following section describes some of the key changes to this structure. Directory and File Locations The Solaris OS LP print service includes a directory structure. 9-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. and the netstandard_foomatic scripts. The standard_foomatic. and netstandard_foomatic scripts are new in Solaris 10. The /usr/lib/lp/model Directory This directory contains four default printer interface programs or shell scripts. netstandard. and also through the addition of the Service Management Facility (SMF). All Rights Reserved. called the standard. standard_foomatic. files. To view the contents of the foomatic directory. Enterprise Services.Other Changes in Functionality Other Changes in Functionality Changes have been made in directory and file structures. Revision A . type the following command: # ls /usr/lib/lp/model/ppd/system/foomatic Alps Citizen HP Lexmark Anitech Compaq Heidelberg Minolta Apollo DEC Hitachi Mitsubishi Apple Dell IBM NEC Avery Dymo Imagen Oce Brother Epson Infotec Okidata CItoh Fujitsu Kodak Olivetti Canon Generic Kyocera PCPI Panasonic Pentax QMS Raven Ricoh Samsung Seiko Sharp Sony Star Tally Tektronix Xerox The foomatic directory contains many subdirectories that are named with a manufacturer. start up the in.Other Changes in Functionality Print Requests From the Network The /usr/sbin/inetd Internet Service Daemon The Internet services daemon. To check the status of the print service. It is usually started up by SMF at system boot time. Inc. inetd. The inetd service listens for requests for network services which are currently enabled. Revision A 9-11 . use the svcs -a command: # svcs -a |grep ’print’ disabled 16:59:17 online 16:59:49 offline 16:59:35 offline 17:00:43 svc:/application/print/server:default svc:/application/print/cleanup:default svc:/application/print/ipp-listener:default svc:/application/print/rfc1179:default Use the svcadm command to enable or disable the service. Changes made to the state of the service persist across reboots: # svcadm enable svc:/application/print/server:default # svcs -a | grep ’print/server’ online 19:01:09 svc:/application/print/server:default When a request arrives.lpd daemon. Print servers listen for print requests with the inetd daemon. Enterprise Services. All Rights Reserved. the inetd daemon executes the server program that is associated with the service. and upon hearing a request. is a Service Management Facility (SMF) restarter process for many network services. Configuring and Using Printer Services Copyright 2006 Sun Microsystems. The service which handles incoming print requests from the network is svc:/application/print/server:default. on a Microsoft Windows system.Other Changes in Functionality Internet Printing Protocol (IPP) Listener The IPP listener for the Solaris OS listens for Hypertext Transfer Protocol (HTTP) requests on port 631. All Rights Reserved. the IPP listening service automatically starts: # svcs ipp-listener online 19:01:11 svc:/application/print/ipp-listener:default A print client needs to know the print server name and the name of a printer to print to. 9-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. For example. a network printer can be configured with the network path: http://server-name:631/printers/printer-name. The listener receives print client requests and communicates those requests to the printing system. Inc. Revision A . Enterprise Services. After the print server has been configured. Revision A . All Rights Reserved. Enterprise Services. you should be able to: ● ● Describe Network Interface Configuration Changes Describe Changes to the Client-Service Model 10-1 Copyright 2006 Sun Microsystems.Module 10 Describing Network Basics Objectives Upon completion of this module. Inc. Revision A . While they are not expected to know the answers to these questions. ! ? Discussion – The following questions are relevant to understanding what Network Basics have changed: ● ● What is different in changing a systems hostname? How do I start server processes now? 10-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. the answers should be of interest to them and inspire them to learn the material presented in this module.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. All Rights Reserved. Inc. All Rights Reserved. PN 817-0403 System Administration Guide: IP Services. PN 816-4554-11 Describing Network Basics Copyright 2006 Sun Microsystems. Inc. Revision A 10-3 . PN 817-1985 System Administration Guide: Advanced Administration.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration. Enterprise Services. When adding a network interface to a system.le0 file is no longer used since that architecture was EOL’d with Solaris 10.d/S30network. Revision A . Solaris 8 and 9 used the following files for configuration and startup: ● ● ● ● The /etc/rcS. With Solaris 10.sh file The /etc/hostname. you must configure specific files to establish a relationship between the hardware and the software addresses.sh file has been replaced by the SMF framework. the function of the /etc/rcS. Inc. the services and files are the following: ● ● ● ● The svc:/network/physical:default service The /etc/hostname. All Rights Reserved. Interface Files You can get a basic understanding of network interfaces by learning the function of a few files and services. 10-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.xxn file The /etc/inet/hosts file The /etc/inet/ipnodes file Note – The /etc/hostname.Interface Configuration Interface Configuration The network interfaces that a system uses to communicate with other systems on the network use both hardware and software configuration components.d/S30network. Enterprise Services. and the /etc/inet/ipnodes file now contains entries for IPV4 also.xxn file The /etc/inet/hosts file The /etc/inet/ipnodes file for IPv6 only With Solaris 10. 1. The script then configures the named interface using other options to the ifconfig command.255. Describing Network Basics Copyright 2006 Sun Microsystems. including the Domain Name System (DNS).xxn file can now be used to configure logical interfaces without having to consult the /etc/networks file. and LDAP.255.255. This script uses the ifconfig utility to configure each interface with an IP address and other required network information. The svc:/network/physical:default Service The svc:/network/physical:default service calls the /lib/svc/method/net-physical method script.1.1.1 # cat /etc/hostname. other ipnodes databases.0 255.0 Now. The /etc/hostname. The script searches for files called hostname.hme0 10.xxn.0.hme0 10.xxn in the /etc directory.Interface Configuration The /etc/hostname. Inc. the script uses the ifconfig command with the plumb option to make the kernel ready to talk to this type of interface. Revision A 10-5 . the entire configuration can be accomplished with editing the single configuration file.1. It is one of the startup scripts that runs each time you boot the system. where xx is an interface type and n is the instance of the interface. For example.0 broadcast + up addif 10.2 netmask 255.hme0 file is an example of an interface configuration file. the NIS ipnodes map. or instead of.0 broadcast + up The /etc/netmasks file does not need to be configured. All Rights Reserved. The /etc/inet/ipnodes file The ipnodes file is a local database that associates the names of nodes with their Internet Protocol (IP) addresses.hme0:1 10. The ipnodes file has one entry for each IP address of each node.255. and can contain either IPv4 or an IPv6 addresses. the old method would be the following configuration: # cat /etc/hostname.255.255.1.0.1 netmask 255. for example: # cat /etc/hostname.1. For every file named /etc/hostname.1.2 # cat /etc/netmasks 10. Enterprise Services. The ipnodes file can be used in conjunction with.1. Items are separated by any number of spaces or tab characters.168. on consecutive lines. The ipnodes file will be searched first. then the hosts file. or nicknames. 10-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.68 sys68 loghost IP addresses can be defined in the ipnodes file or in the hosts file. The second entry is the host’s official name..Interface Configuration If a node has more than one IP address. it will have one entry for each. Subsequent entries on the same line are alternative names for the same machine. The first item on a line is the host’s IP address.1 localhost 192.0.. Revision A . The format of each line is: IP-address official-node-name nicknames. Inc. Nicknames are optional.0.30. All Rights Reserved. # cat /etc/inet/ipnodes # # Internet host table # ::1 localhost 127. Enterprise Services. the system comes up with the old IP address. All Rights Reserved. ticots. Note – The /etc/inet/ipnodes file contains IPV4 addresses.xxn file The /etc/inet/hosts file The /etc/inet/ipnodes file Note – If crash dump is enabled on the system. Reviewing these files in Solaris 10 shows they no longer have any entries. Solaris 8 and 9 also had the hostname in files located under /etc/net in the directories ticlts. Revision A 10-7 . and perform a reboot. and contain a message that states they may be removed from a future release of Solaris. ready to be reconfigured again. You must modify all of these files.Interface Configuration Changing the System Host Name The host name of a system is contained in four files on the system. The files that contain the host name of a system are: ● ● ● ● The /etc/nodename file The /etc/hostname. Solaris 10 added functionality to the sys-unconfig command by regenerating keys for the Secure Shell Daemon (sshd). and ticotsord which each contained a hosts file. Describing Network Basics Copyright 2006 Sun Microsystems. Inc. Enterprise Services. the system name needs to be changed under /var/crash. to successfully change a system’s host name. The sys-unconfig Command You can use the /usr/sbin/sys-unconfig command to undo a system’s configuration and restore it to an unconfigured state. If you edit the hosts file by hand and forget to edit the ipnodes file. and is consulted before the /etc/inet/hosts file on startup. Prior to Solaris 10. You must also know how to manually start the services.(output truncated) # Echo.conf . Inc. the model is more widely used across a network. use the inetadm command to alter the characteristics of an inet service. . The client-server model provides a way to distribute services efficiently across multiple locations on a network. # echo stream tcp6 nowait root internal echo dgram udp6 wait root internal discard stream tcp6 nowait root internal discard dgram udp6 wait root internal daytime stream tcp6 nowait root internal daytime dgram udp6 wait root internal chargen stream tcp6 nowait root internal chargen dgram udp6 wait root internal # 10-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. To start services for server processes.conf file contained many entries. /etc/inet/inetd. The Internet Service Daemon (inetd) The inetd daemon is a special network process that runs on each system and starts server processes that do not automatically start at boot time.conf file has been converted. such as the spray service. The client system makes a service request to the server system. discard. Enterprise Services. daytime. then the server system fulfills the request. The inetd daemon starts at boot time by svc. the /etc/inet/inetd. and chargen are used primarily for testing. you must know which files to use for automatic service configuration.Interface Configuration Describing the Client-Server Model The client-server model describes the communication process between two computers or programs. for example: # cat /etc/inet/inetd. There is a legacy configuration file for inetd.conf. Once the inetd. The inetd daemon is the server process for both the standard Internet services and Sun Remote Procedure Call (Sun RPC) services. Although programs can use the client-server model internally in a single computer. Some services will allow you to change them with inetadm or svcadm.startd. Services listed in this file are imported into the Service Management Facility (SMF) by the inetconv command. All Rights Reserved. Revision A . The previous example shows three examples of remote services.(output truncated) When the inetd daemon received a network request.conf # .fingerd # RSTATD . and contains very few entries: # cat /etc/inet/inetd.rexecd in.fingerd in. the /etc/inet/inetd.metad # METAMHD . Now with Solaris 10.metamhd rpc.cmsd is a data base daemon which manages calendar data backed # by files in /var/spool/calendar 100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd rpc.ttdbserverd # rpc.(output truncated) # 100235/1 tli rpc/ticotsord wait root /usr/lib/fs/cachefs/cachefsd cachefsd" # TFTPD .rstatd . Revision A 10-9 .Interface Configuration Solstice system and network administration class agent server 100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind # METAD . Enterprise Services.SLVM HA Daemon 100230/1 tli rpc/tcp wait root /usr/sbin/rpc.SLVM metadb Daemon 100229/1 tli rpc/tcp wait root /usr/sbin/rpc.conf file.rexecd # FINGERD . it ran the associated command in the inetd.rstat daemon rstatd/2-4 tli rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.metamhd # RLOGIND .tftpd -s /tftpboot # Sun ToolTalk Database Server 100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.rstatd rpc.finger daemon finger stream tcp6 nowait nobody /usr/sbin/in.rexecd in.rlogin daemon (BSD protocols) login stream tcp6 nowait root /usr/sbin/in.conf file is considered legacy.rexecd exec stream tcp6 nowait root /usr/sbin/in.cmsd Describing Network Basics Copyright 2006 Sun Microsystems.rlogind in. All Rights Reserved.tftp server (primarily used for booting) #tftp dgram udp6 wait root /usr/sbin/in.metad rpc. Inc.rexec daemon (BSD protocols) exec stream tcp nowait root /usr/sbin/in.ttdbserverd rpc.tftpd in.rlogind # REXECD . The values can then be stored in the appropriate SMF reference files for each service. Inc. Changes can be maintained across system reboots. For example. All Rights Reserved.Interface Configuration The Impact of SMF on Network Services The SMF has a major impact on network services in that each service can be independently enabled or disabled using the inetadm command. Revision A . use the following command: # inetadm | grep telnet enabled online svc:/network/telnet:default To disable the telnet facility: # inetadm -d telnet # inetadm | grep telnet disabled disabled svc:/network/telnet:default To enable the telnet facility: # inetadm -e telnet # inetadm | grep telnet enabled online svc:/network/telnet:default 10-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. consider the telnet facility: # inetadm -l telnet SCOPE NAME=VALUE name="telnet" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.telnetd" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 (output omitted) The various parameters and values can be set using the inetadm command. To see whether or not the telnet facility is enabled. Enterprise Services. any related services are also affected. Revision A 10-11 . All Rights Reserved. By disabling one service. a number of other services may become unavailable.Interface Configuration To list the current state of all network facilities: # inetadm ENABLED STATE enabled online enabled online enabled online enabled online enabled online disabled disabled enabled online enabled online disabled disabled disabled disabled enabled online disabled disabled enabled online enabled online disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled enabled online disabled disabled enabled online disabled disabled disabled disabled enabled online disabled disabled enabled online disabled disabled disabled disabled (output omitted) FMRI svc:/network/rpc/gss:default svc:/network/rpc/mdcomm:default svc:/network/rpc/meta:default svc:/network/rpc/metamed:default svc:/network/rpc/metamh:default svc:/network/rpc/rex:default svc:/network/rpc/rstat:default svc:/network/rpc/rusers:default svc:/network/rpc/spray:default svc:/network/rpc/wall:default svc:/network/security/ktkt_warn:default svc:/network/tname:default svc:/network/telnet:default svc:/network/nfs/rquota:default svc:/network/chargen:dgram svc:/network/chargen:stream svc:/network/daytime:dgram svc:/network/daytime:stream svc:/network/discard:dgram svc:/network/discard:stream svc:/network/echo:dgram svc:/network/echo:stream svc:/network/time:dgram svc:/network/time:stream svc:/network/ftp:default svc:/network/comsat:default svc:/network/finger:default svc:/network/login:eklogin svc:/network/login:klogin svc:/network/login:rlogin svc:/network/rexec:default svc:/network/shell:default svc:/network/shell:kshell svc:/network/talk:default Note – When a network service is affected. Enterprise Services. Inc. Describing Network Basics Copyright 2006 Sun Microsystems. . Enterprise Services.Module 11 Managing Crash Dumps. Core Files and Paging Objectives Upon completion of this module. All Rights Reserved. Inc. you should be able to: ● Describe the differences in the coreadm command from Solaris 9 to Solaris 10 Describe MPSS ● 11-1 Copyright 2006 Sun Microsystems. Revision A . with Solaris 10. In actuality. the answers should be of interest to them and inspire them to learn the material presented in this module.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Enterprise Services. While they are not expected to know the answers to these questions. a system can run just fine without any swap configured. All Rights Reserved. Inc. 11-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . ! ? Discussion – The following questions are relevant to understanding core files: ● ● What changes have been made to core file generation? How much swap should be configured on a system? This discussion question is added here to get the students to think about all of the recommendations and best practices they have learned in the past about swap size. Solaris 10 added new options to the coreadm command for global core file content. Enterprise Services.1(1). PN 817-1985 System Administration Guide: Advanced Administration. it typically produces a core file. ppgsz(1). Revision A 11-3 . mmap(2) and getpagesizes(3C). All Rights Reserved. PN 817-0403 See the man pages for pagesize(1). The coreadm CommandWhen a process terminates abnormally. Core Files and Paging Copyright 2006 Sun Microsystems.so. The following example shows the default output from a system running Solaris 9: # coreadm 1 global core file pattern: 2 global core file content: default 3 global core dumps: disabled 4 per-process core dumps: enabled 5 global setid core dumps: disabled 6 per-process setid core dumps: disabled 7 global core dump logging: disabled The following example shows the default output from a system running Solaris 10: # coreadm 1 global core file pattern: 2 global core file content: default 3 init core file pattern: core 4 init core file content: default 5 global core dumps: disabled 6 per-process core dumps: enabled 7 global setid core dumps: disabled 8 per-process setid core dumps: disabled 9 global core dump logging: disabled Managing Crash Dumps. Inc. mpss. You use the coreadm command without arguments to display the current configuration.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration. You can use the coreadm command to specify the name or location of core files produced by abnormally terminating processes. memcntl(2). meaning it is inherited by all other processes on the system. All Rights Reserved. by default. Line 2 of the output identifies that the content of core files is the default setting. The files might contain sensitive information in its address space to which the current non-privileged owner of the process should not have access. Caution – A process that has a setuid mode presents security issues with respect to dumping core files. Line 8 indicates that generation of per process core files with setuid or setgid permissions are disabled. 11-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Line 9 identifies whether global core dump logging is enabled. Line 5 indicates that global core files are disabled. This name is set for the init process.Additional Resources The description of the Solaris 10 output follows: Note – The line numbers in the example are not part of the configuration. Line 1 of the output identifies the name to use for core files placed in a global directory. Enterprise Services. setuid core files are not generated because of this security issue. Inc. Line 6 indicates that core file generation in the current working directory of a process is enabled. Line 3 of the output identifies the default name that per-process core files must use. They are part of the example only to assist with the following description of the file. Therefore. Line 4 of the output indicates that the init core file content is the default content structure. Revision A . The resultant core file contains all the process information pertinent to debugging. Line 7 indicates that generation of global core files with setuid or setgid permissions are disabled. # cat /etc/coreadm. All Rights Reserved.conf # # Parameters for system core file configuration. Core Files and Paging Copyright 2006 Sun Microsystems. # COREADM_GLOB_PATTERN= COREADM_GLOB_CONTENT=default COREADM_INIT_PATTERN=core COREADM_INIT_CONTENT=default COREADM_GLOB_ENABLED=no COREADM_PROC_ENABLED=yes COREADM_GLOB_SETID_ENABLED=no COREADM_PROC_SETID_ENABLED=no COREADM_GLOB_LOG_ENABLED=no Managing Crash Dumps. Revision A 11-5 . Inc.use coreadm(1) instead. Enterprise Services.conf file. # Do NOT edit this file by hand -. you can verify the same configuration parameters that were displayed with the coreadm command.conf # # coreadm.Additional Resources By viewing the /etc/coreadm. Only the root user can run the following coreadm command options to configure system-wide core file options. Revision A . separately. then each process that terminates abnormally produces two core files: one in the current working directory. ] [-e option . for example.. Note – If the directory defined in the global core file path does not exist. This flexibility also makes it easy to locate and remove core files on a system. If a global core file path is enabled and set to /corefiles/core. Note – You should make all modifications to the coreadm configuration at the command line by using the coreadm command instead of editing the /etc/coreadm. ] ‘‘The coreadm Command Options’’ on page 11-7 describes the core file options. You can enable or disable two configurable core file paths. you can use the coreadm command to configure a system so that all process core files are placed in a single system directory. and one in the /corefiles/core directory.. coreadm [-g pattern] [-i pattern] [-d option . 11-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The flexibility of this configuration makes it easier to track problems by examining the core files in a specific directory whenever a process or daemon terminates abnormally. per-process and global. Users can run the coreadm command with the -p option to specify the file name pattern for the operating system to use when generating a per-process core file. For example.Additional Resources Changing the Core File Configuration The coreadm command allows you to control core file generation behavior.. Inc.. Enterprise Services.conf file.. you must create it. All Rights Reserved.. coreadm [-p pattern] [pid]. Updates system-wide core file options from the contents of the configuration file /etc/coreadm.Additional Resources The coreadm Command Options The following are some options to the coreadm command. except that the setting is persistent after a reboot. Revision A 11-7 . You can specify multiple -e and -d options by using the command line. Inc.conf. Following the update. This option is the same as the coreadm -p pattern 1 command. Note – A regular user can only use the -p option. Sets the global core file name pattern to pattern. -i pattern Sets the per-process core file name pattern from init to pattern. proc-setid – Enables setid core dumps by using the per-process core pattern. -u -g pattern Managing Crash Dumps. ● ● ● ● -d option Disables the specified core file option. log – Generates a syslog (3) message when a user attempts to generate a global core file. and can contain any of the special embedded variables described in Table 11-1 on page Module 11-8. where option is: ● -e option global – Enables core dumps by using the global core pattern. All Rights Reserved. see the -e option for descriptions of possible options. Enables the specified core file option. If the configuration file is missing or contains invalid values. process – Enables core dumps by using the per-process core pattern. the superuser can use all options. the configuration file is resynchronized with the system core file configuration. default values are substituted. global-setid – Enables setid core dumps by using the global core pattern. Enterprise Services. The pattern must start with a forward slash (/). Core Files and Paging Copyright 2006 Sun Microsystems. (new is Solaris 10) A core file named pattern is a file system path name with embedded variables. The superuser can apply the -p option to any process. Revision A . The possible variables are listed in Table 11-2. Table 11-1 Pattern Options for the coreadm Command Option %p %u %g %f %n %m %t %d %z %% Meaning PID Effective user ID (EUID) Effective group ID (EGID) Executable file name System node name (uname -n) Machine hardware name (uname -m) The time in seconds since midnight January 1. Inc. A non-privileged user can only apply the -p option to processes owned by that user. 1970 Executable file directory/name (new is Solaris 10) Zonename (new is Solaris 10) Literal % 11-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The pattern can contain any of the special embedded variables described in Table 11-1 and does not have to begin with a forward slash (/). The operating system expands these variables from values in effect when the operating system generates a core file. Enterprise Services. All Rights Reserved. it is evaluated relative to the current directory in effect when the process generates a core file. If pattern does not begin with “/”. The embedded variables are specified with a leading percent (%) character. -G content Set the global core file content.Additional Resources -p pattern Sets the per-process core file name pattern to pattern for each of the specified process IDs (PIDs). You specify content by using pattern options listed in Table 11-1. Core Files and Paging Copyright 2006 Sun Microsystems. All Rights Reserved. Inc.Additional Resources Table 11-2 shows the pattern options for the global core file content. Table 11-2 Pattern Options for the Global Core File Content Option anon ctf data dism heap ism rodata shanon shfile shm stack symtab text Meaning Anonymous private mappings. including thread stacks that are not main thread stacks CTF type information sections for loaded object files Writable private file mappings DISM mappings Process heap ISM mappings Read-only private file mappings Anonymous shared mappings Shared mappings that are backed by files System V shared memory Process stack Symbol table sections for loaded object Readable and executable private file mappings Managing Crash Dumps. Revision A 11-9 . Enterprise Services. %p $$ Note – The $$ variable is the PID of the currently running shell. This example is useful for users who use many different systems.xyz. but share a single home directory across multiple systems. $ coreadm -p $HOME/corefiles/%n. the corefiles file and the core directory must be created manually.%p $$ Example 3 – Enabling and Setting the Core File Global Name Pattern The following is an example of setting system-wide parameters that add the executable file name and PID to the name of any core file that is created: # coreadm -g /var/core/core.%f.%f. the core file name pattern /var/core/core.%f. Note – In the above coreadm examples. Revision A .profile or $HOME/.1234. the following entry sets the core file name pattern for all processes run during the login session: coreadm -p core.Additional Resources Examples of the coreadm Command Example 1 – Setting the Core File Name Pattern as a Regular User When executed from a user’s $HOME/. The coreadm command does not create them automatically.%p causes the xyz program with PID 1234 to generate the core file /var/core/core. Enterprise Services.%f. 11-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved.login file. differentiated by the system node name. Example 2 – Dumping a User’s Core Files Into a Subdirectory The following command places all of the user’s core files into the corefiles subdirectory of the user’s home directory. The per-process core file name pattern is inherited by all child processes.%p -e global For example. Inc. %p default Only the owner of a process or the superuser can query a process by using the coreadm command with a list of PIDs. Enterprise Services. Core Files and Paging Copyright 2006 Sun Microsystems. examples of the core file content include: anon = anonymous private maps data = writable private file mapping stack = process stack symtab = symbol table sections for loaded object files Managing Crash Dumps. Revision A 11-11 .%p default core default enabled enabled disabled disabled disabled Example 4 – Checking the Core File Configuration for Specific PIDs Running the coreadm command with a list of PIDs reports each process’s per-process core file name pattern. Inc. All Rights Reserved.Additional Resources To verify that this parameter is now part of the core file configuration.%f. for example: # coreadm 228 507 228: core default 507: /usr/local/swap/corefiles/%n. run the coreadm command again: # coreadm global global init init core file pattern: core file content: core file pattern: core file content: global core dumps: per-process core dumps: global setid core dumps: per-process setid core dumps: global core dump logging: /var/core/core.%f. Example 5 – Setting up the System to Produce Core Files in the Global Repository only if the executables were run from /usr/bin or /usr/sbin # mkdir -p /var/core/usr/bin # mkdir -p /var/core/usr/sbin # coreadm -G all -g /var/core/%d/%f %p %n When using the all option in the previous command. It allows the programmer to select the size of virtual memory pages to be paged in and out. Inc. heap or mmap’d anonymous memory. which allows a program to use any hardware supported page size to access portions of virtual memory. Moving these pages back into RAM might require more paging (page outs) of other process’s pages to make room. physical RAM is made available for other processes to use.Paging Paging Paging is the transfer of selected memory pages between RAM and the swap areas. Revision A . When you page private data to swap spaces. The amount of available swap space must satisfy two criteria: ● It must be sufficient to supplement physical RAM to meet the needs of concurrently running processes It must be sufficient to hold a crash dump (in a single slice) ● 11-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Multiple Page Size Support (MPSS) Solaris 9 introduced MPSS. The required amount of swap space varies from system to system. between RAM and a disk. Previously only 8K pages were available for a program’s stack. you can retrieve them (page them in) from swap and map them back into physical memory. # pagesize 8192 Use the pagesize command to display all supported page sizes. # pagesize -a 8192 65536 524288 4194304 Swapping does not typically occur in the Solaris OS. which can effect the performance of some applications. Swapping is the movement of all modified data memory pages associated with a process. All Rights Reserved. Use the pagesize command to display the size of a memory page in bytes. paging in more than 8K at a time might make an application a faster performer. This is of use by application developers more than by system administrators. Enterprise Services. In some cases. The default page size for the Solaris 10 OS is 8192 bytes. If you need the pages that were paged out. and 10 Describe the enhancements to Network File System version 4 (NFS version 4) ● 12-1 Copyright 2006 Sun Microsystems. Enterprise Services. Inc. you should be able to: ● Describe the differences in the Network File System in Solaris 8. 9. All Rights Reserved.Module 12 Configuring NFS Objectives Upon completion of this module. Revision A . All Rights Reserved. ! ? Discussion – The following questions are relevant to understanding the changes in NFS ● ● What are the differences between NFSv3 and NFSv4? What are the configuration changes and implications for NFS? 12-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. the answers should be of interest to them and inspire them to learn the material presented in this module. Inc.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. While they are not expected to know the answers to these questions. Revision A . umich. PN 817-0403 System Administration Guide: Network Services Center for Information Technology Integration http://www.edu/projects/nfsv4/ http://www. Revision A 12-3 . All Rights Reserved. Inc. PN 817-1985 System Administration Guide: Advanced Administration.nfsv4.org/ ● Configuring NFS Copyright 2006 Sun Microsystems.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● ● System Administration Guide: Basic Administration.citi. Enterprise Services. and version 3. The Solaris 10 OS supports versions 2. It is the server that decides whether or not to apply delegation. STATD. and 4 NFS simultaneously. In addition. ● Improved Firewall Support. and internationalization have been added and NFS version 4 operates well in an Internet environment. then all hosts should. These features include the following: ● Stateful connections. and single protocol. and there are OPEN and CLOSE operations to obtain file data access. NFSv4 includes features that were not in the previous versions of NFS. Functions previously handled by separate protocols (for example. by default. use the NFSv4 protocols. MOUNTD. compound operations. Extended attributes. If all hosts in the network are installed with Solaris 10 OS. Strong security. the NFS server can hand over delegation of management of a shared file to the client requesting that file. This removes the need for a separate mountd daemon on the server. The default is to use NFSv4 software when sharing a directory or accessing a shared file. the NFS version 4 protocol supports traditional file access while integrating support for the mount protocol. Pseudo file systems which ensure the NFS client has seamless access to all exported objects on the server and that portions of a server file system that are not explicitly exported are not visible to the client. support for strong security (and its negotiation).NFSv4 (New With Solaris 10) NFSv4 (New With Solaris 10) NFS version 4 is a distributed file access protocol which owes its heritage to NFS protocol version 2. NFS version 4 handles file handle-to-path name mapping. client caching. Revision A . All Rights Reserved. 3. NFS version 4 is stateful. In the Solaris 10 NFSv4 release. Version-related checks are applied whenever a client host attempts to access a server’s file share. therefore reducing server-side support daemons and easing serverside implementation. NFSv4 uses the well-known port number 2049. Enterprise Services. Request For Comment (RFC) 1094. Inc. RFC 1813. Unlike earlier versions. Delegation. By delegating read or write management control to ● ● ● ● 12-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. LOCKD) are incorporated into one protocol. reducing the number of service-side daemons. this can greatly reduce the amount of network traffic that would otherwise be caused by clients making requests of the server for the current state of a shared file. Before NFS version 4. NFS version 4 uses the well-known port 2049. the pseudo-file system did not exist. The pseudo-file system provides paths that bridge non-exported portions of the real file system. NFS version 4 servers create and maintain a pseudo-file system. Implementation of NFS version 4 must support Transmission Control Protocol/Internet Protocol (TCP/IP) to provide congestion control. This made NFS hard to use through a firewall. thus improving firewall support. which does not use assigned ports.NFSv4 (New With Solaris 10) the client. which the mountd protocol did in previous versions of NFS. which provides clients with seamless access to all exported objects on the server. All Rights Reserved. Pseudo-File System Previous versions of NFS required use of the mount protocol. NFS version 4 maps file handles to path names. In NFS version 4. Revision A 12-5 . Inc. The server attaches multiple file systems with a pseudo-file system. the server provides a root file handle that represents the top of the file system that the server exported. Enterprise Services. Configuring NFS Copyright 2006 Sun Microsystems. Clients had to mount each shared server file system for access. NFSv4 (New With Solaris 10) Figure 12-1 shows an example of server and client file systems: Server exports: /export_fs/local /export_fs/projects/nfs4 Server file systems: / /export_fs Exported directories Server file systems: Client view of server’s export_fs dir: export_fs export_fs local projects payroll local projects nfs4x nfs4 Figure 12-1 Views of the Server File System and Client File System nfs4 In Figure 12-1 the client cannot see the payroll directory and the nfs4x directory because these directories are not exported and do not lead to exported directories. Thus. Revision A . Inc. The projects directory is visible to the client because the projects directory leads to the exported directory. Enterprise Services. Thus. A pseudo-file system is a structure that contains only directories and is created by the server. the client can see the local directory because local is an exported directory. However. The pseudo-file system permits a client to browse the hierarchy of exported file systems. All Rights Reserved. portions of the server namespace that are not explicitly exported are bridged with a pseudo-file system that views only the exported directories and those directories that lead to server exports. nfs4. 12-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. the client's view of the pseudo-file system is limited to paths that lead to exported file systems. An additional security method of RPCSEC_GSS is introduced that uses the functionality of Generic Security Services Application Programming Interface (GSSAPI). This provides mechanisms for authentication. ● NFS version 4 is the default NFS version on Solaris 10 OS. This allows the RPC layer to use various security mechanisms without the additional implementation overhead of adding RPC security methods. 3. The RPCSEC_GSS framework delivers Sun Enterprise Authentication Mechanism™ (SEAM) software authentication. Strong Security NFS version 4 uses the remote procedure call (RPC) implementation of the General Security Service (GSS) framework to extend the basic security of RPC. Configuring NFS Copyright 2006 Sun Microsystems. such as AUTH_NONE. the server namespace does the following: ● Restricts the client's file-system view to directories that lead to server exports. Traditional RPC implementations included AUTH_NONE. However. The client negotiates with the server to determine the security mechanism that meets the requirements for the server and client. Enterprise Services. However. You can mix the security mechanisms on a single server.NFSv4 (New With Solaris 10) Previous versions of NFS did not permit a client to traverse server file systems without mounting each file system. Revision A 12-7 . AUTH_DH. In addition. different operating systems (OSs) might require the client to mount each server file system. All Rights Reserved. the mount command (mount_nfs (1M)) can use the vers=version_number option to mount a file system using only the version specified. in NFS version 4. Inc. AUTH_SYS. The nfs(4) file in the /etc/default directory configures the client or server to use NFS versions 2. Other flavors. Provides clients with seamless access to server exports without requiring that the client mount each underlying file system. the RPCSEC_GSS security method must be used to enable the mandatory security mechanism. which allows security to be applied on a per-share basis. integrity. and AUTH_KRB4 as security flavors. AUTH_SYS. and AUTH_DH may be implemented as well. For NFS version 4. See the previous example in Figure 12-1. and privacy between the client and server. or 4. NFSv4 (New With Solaris 10) To configure a Solaris 10 OS NFS version 4 server to use the RPCSEC_GSS security flavor with SEAM software. and READ operations in a single request.OK ->LOOKUP "testdata" <. the NFS version 4 client combines multiple RPC request calls into a single compound procedure. The server breaks the request into a list of separate requests. When reading the /export/testdata file. Revision A .OK (sends data) NFS version 4 ->OPEN "export/testdata" READ <. The following is an example: # share -F nfs -o sec=krb5 /export/home Compound Procedures To improve performance and Internet access. By using compound procedures. The server iterates through the list and performs each operation in the list until it reaches the end of the list or fails. Enterprise Services. clients can combine LOOKUP. 12-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. OPEN.OPEN OK READ OK (sends data) Fewer RPC calls result in faster NFS response. This allows the client to tailor its request to appropriately match the operating environment of the client. All Rights Reserved. the administrator first edits the /etc/nfssec. thus enhancing cross-platform interoperability. The following is a simplified example of compound procedures.OK -> READ "testdata" <.conf file using the nfssec security modes described in the nfssec(5) man page to enable the necessary security mode needed and then shares the file system with the sec=mode option.OK -> ACCESS "testdata" <. The server then returns the results of the operations to the client. Inc. NFS versions 3 and 4 generate the following RPC calls: NFS version 3 -> LOOKUP "export" <. Not all clients or servers have to support the recommended attributes. the server returned persistent file handles. If the file handle does change. To resolve this problem. The following is an example: ● If a file was deleted and replaced with a file of the same name. Inc. This method of identifying files and directories for NFS operations was fine for most UNIX-based servers. NFS version 4 introduces three categories of attributes: mandatory. The client determines how to proceed if the server does not support a particular recommended attribute. This meant the client could guarantee that the server would generate a file handle that always referred to the same file. but could not be implemented on servers that relied on other methods of identification such as a file's path name. the server would return an error that the file handle was stale. making implementation on a non-UNIX system difficult. File handles are created on the server and contain information that uniquely identifies files and directories. This allows the client to associate data with a specific file or file system. If a file was renamed. and named. the file handles would remain the same. the file handle would remain the same. Revision A 12-9 . In NFS versions 2 and 3. All Rights Reserved. ● ● When the server received a request from a client that included a file handle. the resolution was straightforward. If the client used the old file handle. the server would generate a new file handle for the new file. Enterprise Services. All NFS version 4 clients and servers supported the mandatory attributes to ensure a minimum level of interoperability. A non-UNIX-like server or client had to simulate those attributes. recommended.NFSv4 (New With Solaris 10) Extended Attributes Earlier NFS versions used a fixed set of file and file system attributes that were modeled on the UNIX® type files and file systems. This allows a server to support the attributes that apply to its operating environment. The named attribute is in the form of a byte stream that is associated with a file or file system and is referred to by a string name. Configuring NFS Copyright 2006 Sun Microsystems. a file handle could change. the NFS version 4 protocol permits a server to declare that its file handles are volatile. the client must find the new file handle. If you had to reboot the server. and the file handle always referred to the correct file. Thus. This allows the client and the server to be unaware of each other's localization and supports internationalization. Specifically. For example. When these attributes are transferred between the client and server. The string representation is used by the NFS version 4 protocol to represent owner or owner_group. the client does the following: ● ● ● Flushes the cached information that refers to that file handle Searches for that file's new file handle Retries the operation UTF-8 File and directory names are UTF-8 encoded.anydomain. The client uses the volatile file handle until it expires. to the NFS server. Inc. 12-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. to the unique UID 123456. that is operating on a client that is named system. known_user@anydomain. would be mapped to known_user@anydomain. known_user. Upon expiration. this allows translation to a common syntax that both can interpret. when the server tells the client that the file handle is volatile. For a client and server that do not use the same local representation. the client must cache the mapping between path name and file handle. In NFS version 4. the UID 123456 for the user.com.com. However. the Solaris OS NFS version 4 server always provides persistent file handles. A UTF-8 string represents the owner and owner_group attributes (and also users and groups within the ACL attribute).NFSv4 (New With Solaris 10) Like NFS versions 2 and 3. Solaris OS NFS version 4 clients that access non-Solaris OS NFS version 4 servers must support volatile file handles if the server uses them. This avoids presentation that is tied to a particular underlying implementation at the client or server. The client and server have their own local representation of owner and owner_group that is used for local storage or presentation to the end user.com. The NFS server maps the string representation. The NFS client sends the string representation. the nfsmapid(1M) daemon provides a mapping from a numeric user identification (UID) or a numeric group identification (GID) to a string representation. as well as the reverse. known_user@anydomain. All Rights Reserved. the local representation is translated to a syntax of the form user@dns_domain. Revision A . This encoding includes 16 or 32 bit characters and allows one superset to handle all character sets. Enterprise Services.com. For example. While holding a write delegation. If several clients recently accessed a file in write mode. the user is unable to perform any operations on the client or on the server. Under these circumstances. Similarly. because a write delegation conflicts with any file accessed by any other client. This behavior enables the client to perform many operations on both the client and the server. A write delegation can be to only one client. but the domain names are mismatched. However. the server cannot map the user or group to its integer ID. The server alone decides whether to grant a delegation. if the user exists on both the client and the server. the NFS client maps the string to nobody. While nfsmapid has no external customer-accessible interfaces. Inc.NFSv4 (New With Solaris 10) Note – If the server does not recognize the given user name or group name (even if the domain is correct). the server might not grant a delegation because this access pattern indicates the potential for future conflicts. Revision A 12-11 . the server rejects only a subset of the RPC. Enterprise Services. Delegation is a technique by which the server delegates the management of a file to a client. the server maps unrecognized id from the client to nobody. More specifically. even though the server is mapping the user to nobody. All Rights Reserved. Delegation NFS version 4 provides both client support and server support for delegation. Administrators should avoid making special accounts that exist only on a client. the server rejects the remote procedure call (RPC). the client would not send various operations to the server because the client is guaranteed exclusive access to a file. If the NFS client does not recognize the string. The server decides based on the access patterns for the file. You can grant read delegations to multiple clients at the same time. If the user does not exist on the server. because these read delegations do not conflict with each other. the client would not send various operations to the server while holding a read delegation because the server guarantees that no client can open the file in write mode. Configuring NFS Copyright 2006 Sun Microsystems. the server could grant either a read delegation or a write delegation to a client. A client does not request a delegation. the domain used can be configured by using the NFSMAPID_DOMAIN parameter in the nfs(4) configuration file. The server and the client respond differently to unrecognized strings. Although the server and the client perform both integer-to-string conversions and string-to-integer conversions. a difference exists. if a client holds a write delegation on a file and a second client opens that file for read or write access. the second client is not granted a delegation because a conflict now exists. the server uses a callback mechanism to contact the client that currently holds the delegation. or lock a file. which causes the client to wait and then retry. The following are sample responses: ● For NFS version 3. Upon receiving this callback. write. 12-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The client prints the message: File unavailable. an NFS server resolves only conflicts for files that it stores. One server does not resolve access conflicts for a file that is stored on another server. the server makes no response. the file must be closed and then reopened. which causes the client to halt the access request and retry later. and the client reports the requested operations as failures. the conflict is detected only after the client attempts to read. Note that in both situations. For example. if a client holds a read delegation and another client opens the same file for writing. Generally. the client sends the file's updated state to the server and returns the delegation. an NFS server can initiate only recalls to the client that is running NFS version 4. server delegation is enabled when NFS version 4 is started. because an equivalent of the JUKEBOX error does not exist. because version 2 and version 3 do not have an open procedure. Enterprise Services. The client prints the message NFS server not responding. in response to conflicts that are caused by clients that are running various versions of NFS. For example. To recover from these errors. When a conflict occurs. For NFS version 2. The server's response to these conflicts varies also. The process for detecting conflicts varies. ● Note – By default. Similarly. the server revokes the delegation. All Rights Reserved. the server returns the JUKEBOX error. these failures are reported to the application as input/output (I/O) errors. Thus. Furthermore. Revision A . the server recalls the read delegation. Inc. An NFS server cannot initiate recalls for clients that are running earlier versions of NFS. Note that these conditions clear when the delegation conflict is resolved.NFSv4 (New With Solaris 10) A conflict occurs when a client accesses a file in a manner that is inconsistent with the delegations that are currently granted for that file. the server recalls the first client's write delegation. unlike NFS version 4. If the client fails to respond to the recall. the server rejects all operations from the client for this file. In such instances. then the callback daemon accepts IPv6 connections. which is the only externally visible behavior. Revision A 12-13 . This daemon is started automatically whenever a mount for NFS version 4 is enabled. provides the callback service on the client. the client provides the necessary callback information to the server for all Internet transports that are listed in the /etc/netconfig system file. This information is provided to the server. the callback daemon uses a dynamic port number. Enterprise Services. the server does not grant delegations.NFSv4 (New With Solaris 10) The NFS version 4 callback daemon. Because callback information is embedded within an NFS version 4 request. Inc. If the callback path fails. By default. the server does not grant delegations. nfs4cbd (1M). In such situations. All Rights Reserved. the server might not be able to traverse a firewall. and the server tests the callback path before granting any delegations. Also. the server cannot contact the client through a device that uses Network Address Translation (NAT). Therefore. The callback daemon uses a transient program number and a dynamically assigned port number. Configuring NFS Copyright 2006 Sun Microsystems. even if that firewall enables normal NFS traffic on port 2049. If the client is enabled for Internet Protocol version 6 (IPv6) and if the IPv6 address for the client's name can be determined. Edit the /etc/default/nfs file. make the following entry: NFS_SERVER_DELEGATION=off By default. This domain is used for identifying user and group attribute strings in the NFS version 4 protocol. Server Configuration You must log in as superuser or assume an equivalent role to edit the file. 4. NFS_SERVER_VERSMIN=num NFS_SERVER_VERSMAX=num The NFS server uses only NFS versions in the range these variables specify. If required. The user can turn off delegations for all exported file systems by setting this variable to off (case sensitive).NFSv4 (New With Solaris 10) The /etc/default/nfs file When configuring NFS. the nfsmapid daemon uses the Domain Name Service (DNS) domain of the system. 2. Inc. this variable is commented out and the NFS server does provide delegations to clients. Valid values or versions are: 2. All Rights Reserved. 3. This file allows NFS to be configured without making changes to the service management facility scripts. 1.comany. See the nfs(4) man page for a complete list of possible parameters. 12-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The default maximum is Version 4. This setting overrides the default.com By default. and 4. By default these variables are unspecified (commented out) and the client's default minimum is Version 2. Revision A . only those used to configure the NFS version 4 server are considered here. make the following entry: NFSMAPID_DOMAIN=my. Enterprise Services. Make the following entries to configure an NFS version 4 only server: NFS_SERVER_VERSMAX=4 NFS_SERVER_VERSMIN=4 While numerous parameters are supported. Clients and servers must match with this domain for operation to proceed normally. 3. If required. This variable applies only to NFS version 4. the first step is to add the appropriate entries in the /etc/default/nfs file. This variable applies only to NFS version 4. 3. All Rights Reserved. The default maximum is Version 4. Revision A 12-15 . Valid values or versions are: 2. ● ● Mount a file system. Insert the following lines to configure a NFS version 4 only client: NFS_CLIENT_VERSMAX=4 NFS_CLIENT_VERSMIN=4 While numerous parameters are supported. Enterprise Services. Inc. Edit the /etc/default/nfs file. # mount server_name:share_point local_dir server_name – Provides the name of the server share_point – Provides the path of the remote directory to be shared local_dir – Provides the path of the local mount point ● Configuring NFS Copyright 2006 Sun Microsystems. The NFS client only uses NFS versions in the range specified by these variables.NFSv4 (New With Solaris 10) Client Configuration You must login as superuser or assume an equivalent role to edit the file. By default these variables are unspecified (commented out) and the client's default minimum is Version 2. 1. See the nfs(4) man page for a complete list of possible parameters. 2. 3. and 4. only those used to configure the NFS version 4 client are considered here. with it’s commented message about starting processes highlighted. The following example shows the Solaris 10 version of the dfstab file. Inc. The contents of the /etc/dfs/dfstab file are read when: ● ● ● The system enters the multi-user-server milestone. Each line of the dfstab file consists of a share command. 12-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . control has been switched from rc scripts to SMF. # # Issue the command ’svcadm enable network/nfs/server’ to # run the NFS daemon processes and the share commands.e. # cat /etc/dfs/dfstab # Place share(1M) commands here for automatic execution # on entering init state 3. # # share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource] # .NFSv4 (New With Solaris 10) SMF Effects on NFS As with other processes. after adding # the very first entry to this file. Enterprise Services. All Rights Reserved. The superuser runs the shareall command. it does not start the NFS server daemons. # share -F nfs -o rw=engineering -d "home dirs" /export/home2 share -F nfs -o ro share -F nfs -o rw. The /etc/dfs/dfstab File The /etc/dfs/dfstab file contains the commands that share local directories. The superuser enables the svc:/network/nfs/server service.root=sys-01 -d "Shared data files" -d "Database files" /usr/local/data /rdbms_files Note – If the svc:/network/nfs/server service does not find any share commands in the /etc/dfs/dfstab file.g. You can start both of these daemons using the svcadm command. # svcadm -v enable nfs/status svc:/network/nfs/status:default enabled. clients can quickly reestablish connections with files they were using. Inc. All Rights Reserved. # svcadm -v enable nfs/nlockmgr svc:/network/nfs/nlockmgr:default enabled. Configuring NFS Copyright 2006 Sun Microsystems. Therefore. Enterprise Services. run both on the NFS servers and the NFS clients.NFSv4 (New With Solaris 10) Managing the NFS Daemons Two NFS daemons. The lockd daemon is started by the SMF service nfs/nlockmgr. the server has a record of the clients that were using its NFS resources. Revision A 12-17 . the statd daemon and the lockd daemon. # svcs -D milestone/network STATE STIME FMRI disabled 15:34:35 svc:/network/dns/client:default disabled 15:34:37 svc:/network/nfs/cbd:default disabled 15:34:38 svc:/network/rpc/bootparams:default disabled 15:34:39 svc:/network/rarp:default disabled 15:34:51 svc:/network/dns/server:default disabled 15:34:52 svc:/network/slp:default disabled 15:35:20 svc:/network/shell:kshell online 15:35:03 svc:/milestone/single-user:default online 15:35:04 svc:/network/initial:default online 15:35:13 svc:/network/inetd:default online 15:35:24 svc:/network/nfs/client:default online 15:35:26 svc:/network/shell:default online 15:35:30 svc:/network/nfs/server:default online 15:35:31 svc:/network/nfs/mapid:default online 16:31:18 svc:/network/nfs/nlockmgr:default online 16:33:12 svc:/network/nfs/status:default Both the statd and lockd daemons provide crash recovery and locking services for NFS version 2 and 3. The statd daemon is started by the SMF service nfs/status. If a server crashes. Neither daemon requires administrative intervention. which helps to provide continuous operation. These daemons start automatically when a system enters the network milestone. This can be seen by examining the dependencies for the network milestone. It contacts each client for information about which files were in use. # svcadm -v restart nfs/nlockmgr Action restart set for svc:/network/nfs/nlockmgr:default. # 12-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. To manually restart these daemons. Revision A . and shuts down NFS client daemons when the system enters the single-user milestone.NFSv4 (New With Solaris 10) Restarting the NFS Client Daemons The service management facility automatically starts the NFS client daemons when the system enters the network milestone. perform the command: # svcadm -v restart nfs/status Action restart set for svc:/network/nfs/status:default. Inc. All Rights Reserved. NFS user and group ID mapping daemon (new in S10) Table 12-2 lists the NFS client daemons.NFSv4 (New With Solaris 10) NFS Server and Client Daemon Recap Table 12-1 lists the NFS server daemons. Table 12-1 NFS Server Daemons Daemon mountd nfsd statd lockd nfslogd nfsmapid Description Handles file system mount requests from remote systems. and provides access control. Inc. Enterprise Services. Provides operational logging for NFSv2 and 3. Revision A 12-19 . NFSv4 No Yes No No No Yes Table 12-2 NFS Client Daemons Daemon statd lockd nfs4cbd Description Works with the lockd daemon to provide crash recovery functions for the lock manager Supports record-locking operations on NFS files NFSv4 callback daemon. Handles client file system requests. (new in S10) Configuring NFS Copyright 2006 Sun Microsystems. All Rights Reserved. Supports record locking operations on NFS files. Works with the lockd daemon to provide crash recovery functions for the lock manager. NFSv4 (New With Solaris 10) Displaying NFS Mounted Resources The dfmounts command displays remotely mounted NFS resource information. All Rights Reserved. Revision A . Inc. # dfmounts RESOURCE SERVER PATHNAME sys-02 /usr/local/data CLIENTS sys-03 Note – Since the dfmounts command uses the mountd daemon to display currently shared NFS resources. when used without arguments. The nfslogd daemon provides operational logging. 12-20 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. dfmounts [ -F nfs ] [ server ] The dfmounts command. displays a list of directories on the local server that are currently mounted and also displays a list of the client systems that currently have the shared resource mounted. Note – Server logging is not supported in NFS version 4. it will not display NFS version 4 shares. NFS Server Logging The NFS server logging feature records NFS transactions on the file system. Enterprise Services. you should be able to describe new map entries with AutoFS.Module 13 Configuring AutoFS Objectives Upon completion of this module. All Rights Reserved. Revision A . Inc. 13-1 Copyright 2006 Sun Microsystems. Enterprise Services. Discussion – The following questions are relevant to discussing AutoFS: ! ? ● What changes have been made to AutoFS maps? 13-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Revision A . While they are not expected to know the answers to these questions. Inc. All Rights Reserved. the answers should be of interest to them and inspire them to learn the material presented in this module. PN 817-0403 System Administration Guide: Network Services Configuring AutoFS Copyright 2006 Sun Microsystems.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration. Inc. PN 817-1985 System Administration Guide: Advanced Administration. All Rights Reserved. Revision A 13-3 . Enterprise Services. All Rights Reserved. # Use is subject to license terms. Revision A .nobrowse /home auto_home -nobrowse From a Solaris 9 system: # cat /etc/auto_master # Master map for automounter # +auto_master /net -hosts /home auto_home /xfn -xfn -nosuid.nobrowse -nobrowse 13-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Special Mountings Special Mountings The /etc/auto_master file contains mount points for special maps. Enterprise Services. Examples of the /etc/auto_master files from both releases are shown below: From a Solaris 10 system: # cat /etc/auto_master # # Copyright 2003 Sun Microsystems. Support for FNS was dropped in Solaris 10. Inc. Inc. the xfn map provided access to resources available through the Federated Naming Service (FNS).8 03/04/28 SMI" # # Master map for automounter # +auto_master /net -hosts -nosuid. All rights reserved. # # ident "@(#)auto_master 1. Resources associated with FNS were mounted below the /xfn directory. In Solaris 9. for all autofs mount points. you no longer are required to update critical startup files to ensure that the existing behavior of your autofs environment is preserved. Additionally. Revision A 13-5 . the same specifications that you would make on the command line can be made in this new configuration file. even during upgrades to your operating system. this file preserves your specifications.Special Mountings New AutoFS Configuration File The Solaris 10 3/05 release introduced a new configuration file. refer to the automount(1M) and the automountd(1M) man pages. This keyword is the equivalent of the -D argument for automountd. which provides an additional way to configure your autofs commands and autofs daemons. /etc/default/autofs. This keyword is the equivalent of the -t argument for the automount command. You can make your specifications by using the following keywords: AUTOMOUNTD_ENV permits you to assign different values to different environments. and other nonessential events. Enterprise Services. AUTOMOUNTD_VERBOSE logs status messages to the console and is the equivalent of the -v argument for the automountd daemon. Now. This keyword is the equivalent of the -v argument for automount. For more information. However. This command is the equivalent of the -n argument for automountd. AUTOMOUNT_TIMEOUT sets the duration for a file system to remain idle before the file system is unmounted. All Rights Reserved. AUTOMOUNTD_NOBROWSE turns browsing on. AUTOMOUNTD_TRACE expands each remote procedure call (RPC) and displays the expanded RPC on standard output. AUTOMOUNT_VERBOSE provides notification of autofs mounts. Inc. This keyword is the equivalent of the -T argument for automountd. or turns browsing off. Configuring AutoFS Copyright 2006 Sun Microsystems. unlike the specifications you would make on the command line. unmounts. . Revision A . you should be able to: ● ● ● Describe Solaris Volume Manager software concepts Build a RAID-0 (concatenated) volume Build a RAID-1 (mirror) volume for the root (/) file system 14-1 Copyright 2006 Sun Microsystems. Inc.Module 14 Configuring Solaris Volume Manager Software Objectives The Solaris Volume Manager software provides commands and a graphical user interface (GUI) tool to configure physical slices of disks into logical volumes. Enterprise Services. All Rights Reserved. Upon completion of this module. Revision A . the answers should be of interest to them and inspire them to learn the material presented in this module. Inc. Enterprise Services.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. While they are not expected to know the answers to these questions. All Rights Reserved. ! ? Discussion – The following questions are relevant to understanding Solaris Volume Manager in the Solaris 10 OS: ● ● What are the key features of SVM? How does SVM compare to VxVM? 14-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. PN 817-1985 System Administration Guide: Advanced Administration. Inc. PN 816-4520 Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. PN 817-0403 Solaris Volume Manager Administration ES-222 Revision: B Solaris Volume Manager Administration Guide. Revision A 14-3 .Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● ● System Administration Guide: Basic Administration. All Rights Reserved. and RAID 5. 14-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. the Solstice Disksuite product was used. The Solaris Volume Manager software is used to implement RAID 0. Soft partitioning was introduced in a patch to Solaris 8. Using soft partitions directly is simple. RAID 1+0. You can create multiple soft partitions on a single hard partition and use them directly to create small file systems.Solaris Volume Manager Concepts Solaris Volume Manager Concepts The Solaris Volume Manager software in the Solaris 9 and 10 Operating System replaces the Solstice DiskSuite software used in releases of the Solaris OS prior to Solaris 9 OS. The soft partition feature of the Solaris Volume Manager software enables administrators to divide a large partition or an existing volume into smaller areas or extents. but does not provide data protection. Enterprise Services. The SVM GUI is launched from the SMC Console via the Enhanced Storage tool. All Rights Reserved. Solaris 9 introduced the Solaris Volume Manager software. Prior to soft partitioning using standard partition based sds/svm you were limited to only being able to logically divide a disk/lun into 7 partitions/slices. with an emphasis placed on the metatool (GUI) interface. With soft partitioning you can have an unlimited amount of them from your available space. Revision A . which was essentially the next generation of the Solstice Disksuite. This was always perceived as a limiting factor compared to vxvm. and is Sun’s answer to vxvm’s public region. RAID 1. This module covers the configuration of the following: ● ● RAID 0: Non-redundant disk array (concatenation and striping) RAID 1: Mirrored disk array in Solaris 8. Inc. Revision A 14-5 . Caution – If you upgrade from Solstice DiskSuite to Solaris Volume Manager software and have state database replicas at the beginning of slices (as opposed to on separate slices). at least two of the three replicas must be available. All Rights Reserved. Causes the system to panic if fewer than half of the state database replicas are available. provide redundancy and protect against data loss if a copy of the database is corrupted due to the system crashing or other failure. The state database replicas should be distributed across multiple disks so that failure of a single disk only causes the loss of a single state database replica. while the default size in Solstice DiskSuite was 1034 blocks. and add a new Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. If the system loses a state database replica. ● ● If insufficient state database replicas are available. If you delete a default-size state database replica from Solstice DiskSuite. State database replicas are stored in their own disk slices. The algorithm requires that a majority (half +1) of the state database replicas are available before any of them are considered valid. you must boot into single-user mode and delete enough of the corrupt replicas to achieve a majority consensus. Solaris Volume Manager software uses a majority consensus algorithm to determine which state database replicas still contain valid data.The State Database Replicas The State Database Replicas The state database stores information on disk about the state of your Solaris Volume Manager software configuration. To reach a consensus. Enterprise Services. The default Solaris Volume Manager software state database replica size is 8192 blocks. Multiple copies of the database. The majority consensus algorithm: ● Makes sure that the system stays running if at least half of the state database replicas are available. Inc. do not delete existing replicas and replace them with new ones in the same location. called replicas. Prevents the system from starting the Solaris Volume Manager software unless a majority of the total number of state database replicas are available. The majority consensus algorithm requires that you create at least three state database replicas before you build or commit any metadevices. Specifies the name of the disk_slice that will hold the replica. Creating the State Database You can create state database replicas by using: ● ● The metadb -a command The Solaris Volume Manager software GUI Creating the State Database Using the Command Line To create state database replicas using the command line. Use this flag to force the creation of the initial replicas. which destroys the data. 14-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. you will overwrite the first 7158 blocks of any file system occupying the rest of the shared slice. use the metadb command. All Rights Reserved.The State Database Replicas default-size replica with the Solaris Volume Manager software. Note – The metadb command without options reports the status of all replicas. Specifies the size of the new replicas. Revision A . even if no replicas exist. Enterprise Services. Specifies the number of replicas to add to the slice. in blocks. The syntax of the command is: metadb -a [-f] [-c n] [-l nnnn] disk_slice where: -a -f -c n -l nnnn disk_slice Adds a state database replica. Forces the operation. The flags indicate that the replica is active and up to date. Inc. This is an appropriate fault tolerant configuration for a production environment. All Rights Reserved. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Revision A 14-7 . Each replica begins at block 16 of the assigned disk slice. Enterprise Services. or 4 Mbytes in size. it is an indication that the replica is corrupt. If there are capital letters in the flags field. Each replica is 8192 blocks. Note – The previous example places the state database replicas on disks on different controllers.The State Database Replicas The following example shows the creation of state database replicas: # metadb -a -f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1 # metadb flags first blk block count a u 16 8192 a u 16 8192 a u 16 8192 a u 16 8192 /dev/dsk/c0t0d0s4 /dev/dsk/c0t0d0s5 /dev/dsk/c1t0d0s0 /dev/dsk/c1t0d0s1 This example lists the four replicas that were just created. Revision A .The State Database Replicas Creating the State Database Using the Solaris Management Console The Enhanced Storage Tool within the Solaris Management Console provides a GUI that guides you through Solaris Volume Manager tasks. Use the Navigation pane to traverse the Solaris Management Console structure until you reach the Enhanced Storage Tool. Enterprise Services. as shown in Figure 14-1. To start the Solaris Management Console. Click This Computer. perform the command: Figure 14-1 Solaris Management Console Welcome Screen 2. # smc & The Solaris Management Console appears. 3. Inc. 14-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Select Storage. 4. Complete the following steps to create the state database replicas: 1. All Rights Reserved. The State Database Replicas 5. to display the contents of the Enhanced Storage Tool. Click the State Database Replica icon. you must log in after you open the first tool. Enterprise Services. Figure 14-2 Solaris Management Console: Storage Tool Note – After you start the Solaris Management Console. Click Enhanced Storage. 6. All Rights Reserved. Revision A 14-9 . Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Inc. as shown in Figure 14-2. The State Database Replicas If the state database currently contains replicas, these replicas appear in the View pane. If no state database replicas exist, the View pane is empty, as shown in Figure 14-3. Figure 14-3 Solaris Management Console: View Pane 14-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A The State Database Replicas 7. To create a replica, select Create Replicas from the Action menu, as shown in Figure 14-4, and follow the instructions. Figure 14-4 Solaris Management Console Window – Action Menu A series of windows guide you through the creation of the state database. 8. Select alternate disk sets when additional disk sets are available, as shown in Figure 14-5. In this configuration, no additional disk sets have been configured, so choose the default selection of <none>. Figure 14-5 Create Replicas: Select Disk Sets Window Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 14-11 The State Database Replicas Note – A disk set is a set of shared disk drives that contain logical Volume Manager objects that can be shared exclusively but not concurrently by one or two hosts. Disk sets are enablers for host fail-over scenarios. 9. Click Next to continue. Note – Disk sets are described in ES-222: Solaris Volume Manager Administration. 14-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A The State Database Replicas When you choose disk slices on which to store the state database replicas, select at least three slices. Figure 14-6 shows that you can choose to configure as many slices as are required by the size of your system’s disk configuration. The size of these disk slices are pre-set using the partitioning mechanism of the format utility. Figure 14-6 Create Replicas: Select Components Window 10. Select a slice. 11. Click Add. 12. Continue adding slices until all the necessary slices are selected. Note – Alternatively, to select multiple slices, hold down the Control key while you make your selections. 13. Click Next to continue. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 14-13 The State Database Replicas The default size of each replica is 8192 blocks or 4 Mbytes. The window, as shown in Figure 14-7, enables you to increase the size of the replicas and the number of replicas per slice. Figure 14-7 Create Replicas: Set Length and Count Window 14. Unless equipment limitations force you to assign multiple replicas to a device, accept the default replica count of 1. 15. Click Next to continue. 14-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A The State Database Replicas Figure 14-8 shows the selections you have chosen for your state database replicas. Additionally, this window shows the commands that the Storage Volume Manager uses to build your selected configuration. Figure 14-8 Create Replicas: Review Window Showing the commands is a nice feature of SVM, and one that you may want to point out to students so they may capture command output, then use for future CLI or scripting efforts. 16. Double-check your selections to ensure that they meet the criteria of your state database replicas. Note – Before you click Finish, click Show Commands to view and, optionally, log the commands used to accomplish the specified Enhanced Storage Tool operations. 17. Click Finish to complete the operation. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 14-15 The State Database Replicas Figure 14-9 shows that the newly configured state database replicas appear in the View pane of the Solaris Management Console. Figure 14-9 Solaris Management Console: New State Database Replicas Window If at least three replicas are configured on separate disks, the system tolerates a single disk failure and still maintains the majority consensus algorithm. The majority consensus algorithm is necessary for the system to remain running or for it to reboot to multiuser mode when required. Note – The configuration represented in this example does not follow Sun Microsystems best practices. State database replicas should be distributed across multiple devices and disk controllers wherever possible. 14-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Configuring RAID-0 Configuring RAID-0 RAID-0 volumes allow you to expand disk storage capacity efficiently. These volumes do not provide data redundancy but can be used to expand disk storage capacity. If a single slice fails on a RAID-0 volume, there is a loss of data. RAID-0 comes in two forms, stripes and concatenations. ● Concatenated volumes (or concatenations) A concatenated volume writes data to the first available slice. When the first slice is full, the volume writes data to the next available slice. ● Striped volumes (or stripes) A stripe distributes data equally across all slices in the stripe. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 14-17 RAID-0 Striped Volumes RAID-0 Striped Volumes Figure 14-10 shows the arrangement of a RAID-0 volume configured as a stripe. A RAID-0 volume configured as a stripe arranges data across two or more slices. Striping alternates equally-sized segments of data across two or more slices, forming one logical storage unit. These segments are interleaved round-robin, so that the combined space is created alternately from each slice. Physical Slice A Interlace 1 Interlace 4 Physical Slice B Interlace 2 Interlace 5 Physical Slice C Interlace 3 Interlace 6 Solaris Volume Manager Interlace 1 Interlace 4 Interlace 2 Interlace 5 Interlace 3 Interlace 6 RAID 0 (Stripe) Logical Volume Figure 14-10 RAID-0 Stripe Striping enables parallel data access because multiple controllers can access the data at the same time. Parallel access increases Input/Output (I/O) performance because multiple disks in the volume can service I/O requests simultaneously. 14-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A RAID-0 Striped Volumes You cannot convert an existing file system directly to a striped volume. You must first back up the file system, create the striped volume, and then restore the file system to the striped volume. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 14-19 RAID-0 Striped Volumes Creating a RAID-0 Volume Using the Command Line In this example. and /usr file systems. The metainit command creates the metadevices. concat/stripe numstripes 14-20 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Specifies the number of individual stripes in the metadevice. where: -f Forces the metainit command to continue. The syntax of the metainit command is: metainit -f concat/stripe numstripes width component. the slice being used for the /export/home file system is almost at capacity. For a concatenation. All Rights Reserved. A new slice from another disk is concatenated to it. Inc. # metadb -a -f -c 2 c3t2d0s7 c3t3d0s7 # metadb flags first blk a u 16 a u 8208 a u 16 a u 8208 block count 8192 8192 8192 8192 /dev/dsk/c3t2d0s7 /dev/dsk/c3t2d0s7 /dev/dsk/c3t3d0s7 /dev/dsk/c3t3d0s7 The concatenated volume must be referenced by a metadevice name. This option is useful when configuring mirrors or concatenations on root (/)... they need to be configured before creating any metadevices. numstripes is always 1. even if one of the slices contains a mounted file system or is being used as swap space. Revision A . For a simple stripe. numstripes is equal to the number of slices. making a RAID-0 concatenated volume. Specifies the volume name of the concatenation or stripe being defined. swap. Enterprise Services. The existing slice is shown: # df -h /export/home Filesystem /dev/dsk/c0t0d0s7 size 470M used 395M avail capacity 28M 94% Mounted on /export/home If the metadatabases are not already configured. 5 GB) Stripe 0: Device Start Block Dbase c0t0d0s7 0 No Stripe 1: Device Start Block Dbase c3t2d0s0 2160 No Reloc Yes Reloc Yes Device Relocation Information: Device Reloc Device ID c0t0d0 Yes id1. such as /dev/dsk/c0t0d0s1. the number of stripes is equal to the number of slices being added. as one of the slices being included in the concatenated volume is mounted. Revision A 14-21 .2G00F50615____ The d0 metadevice is shown.RAID-0 Striped Volumes width Specifies the number of slices that make up a stripe. with the two stripes which make up the concatenation. Specifies the logical name for the physical slice (partition) on a disk drive.sd@SFUJITSU_MAB3045S_SUN4. The new device is represented with block and character special device files: # ls -lL /dev/md/dsk total 0 brw-r----1 root sys 85. so the number 1 appears before each slice: # metainit -f d0 2 1 c0t0d0s7 1 c3t2d0s0 d0: Concat/Stripe is setup Note – The metastat command does not show information about soft partitioning. 0 Oct 25 12:35 d0 Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. The metastat command is used to check the configuration: # metastat d0: Concat/Stripe Size: 3118752 blocks (1. component Metadevices are referenced by the letter d followed by a number.dad@AST38420A=7AZ0VMFG c3t2d0 Yes id1. in this case 2. the slices are striped. The new metadevice will be called d0. Enterprise Services. The number of slices in each stripe is one. All Rights Reserved. The -f option is required. When the width is greater than 1. Inc. As this is a concatenation. 2968096. 3032864. Enterprise Services. The existing file system needs to be grown into the new space. 145760. 0 Oct 25 12:35 d0 The new metadevice (d0) has been created but is not being used yet. 3776 i/g) super-block backups (for fsck -F ufs -o b=#) at: 32. This is done with the growfs command. Locate the entry in the /etc/vfstab file which mounts the file system at boot time: /dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/home ufs 2 yes Change the device files to the metadevice files: /dev/md/dsk/d0/dev/md/rdsk/d0 /export/home ufs 2 yes - Then un-mount and re-mount the file system using the new device files: # umount /export/home # mount /export/home # df -h /export/home Filesystem /dev/md/dsk/d0 size 470M used 395M avail capacity 28M 94% Mounted on /export/home The file system is now mounted using the metadevice device file. and the capacity is still at 94%. 63 sectors 1522. Notice that the file system does not appear to be any bigger. 3049056. 2984288. 3096608. 48608. Use the option -M to specify a mount point: # growfs -M /export/home /dev/md/rdsk/d0 /dev/md/rdsk/d0: 3118752 sectors in 3094 cylinders of 16 tracks. 113376. 32416. All Rights Reserved. 14-22 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. 80992. 3016672. 97184.RAID-0 Striped Volumes # ls -lL /dev/md/rdsk total 0 crw-r----1 root sys 85.8MB in 194 cyl groups (16 c/g. The /export/home file system is still mounted as a regular disk slice: # df -h /export/home Filesystem /dev/dsk/c0t0d0s7 size 470M used 395M avail capacity 28M 94% Mounted on /export/home It needs to be remounted using the new metadevice device files. 3000480. 129568. 64800. 3065248.88MB/g. 3081440. 7. 3112800. Revision A . 16224. 4G used 395M avail capacity 988M 29% Mounted on /export/home Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems.RAID-0 Striped Volumes The file system now occupies all the space in the d0 metadevice: # df -h /export/home Filesystem /dev/md/dsk/d0 size 1. Inc. Revision A 14-23 . All Rights Reserved. Enterprise Services. Enterprise Services. When SMC performs the metainit command at the end of the slice selections. When creating RAID-0 volumes. 1. unmount the /export/home file system. # smc & 2. start the Solaris Management Console: Figure 14-11 Select Create Volume Every time you create a new volume. as shown in Figure 14-11. Inc. it is usually unnecessary to create additional state database replicas. To check this. 14-24 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. you can create additional state database replicas.RAID-0 Striped Volumes Using Solaris Management Console (SMC) It is not possible to perform the same configuration using only Solaris Management Console (SMC). Select the Volumes tool and Create Volume from the Action menu. it doesn’t use the -f to force the addition of a mounted file system to a metadevice. Revision A . To configure the concatenated volume in SMC. # umount /export/home The same slices and file systems are used in this example as was used in the previous command line example. It assumes the metastate databases are already configured. All Rights Reserved. as shown in Figure 14-12. Select Don’t Create State Database Replicas in the Create Volume window. All Rights Reserved. Inc. Figure 14-12 Create Volume Window 4. Revision A 14-25 . Enterprise Services.RAID-0 Striped Volumes 3. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Click Next to continue. Revision A . 14-26 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved.RAID-0 Striped Volumes Every time you create a new volume. as shown in Figure 14-13. you can relocate it on alternate disk sets. Figure 14-13 Create Volume: Select Disk Set Window 5. Select the default of <none> and click Next to continue. Enterprise Services. Inc. Enterprise Services. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Revision A 14-27 . Select Concatenation (RAID 0) and click Next to continue. All Rights Reserved. Inc.RAID-0 Striped Volumes Figure 14-14 shows a selection of volume configurations that you can create. Figure 14-14 Create Volume: Select Volume Type Window 6. RAID-0 Striped Volumes You can name the volume. In this example d0 is being used: Figure 14-15 Create Volume: Name Volume Window 7. as shown in Figure 14-15. Name the volume d0 and click Next to continue. All Rights Reserved. Inc. Revision A . Enterprise Services. 14-28 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. as shown in Figure 14-16. Revision A 14-29 . 10. Enterprise Services. Figure 14-16 Create Volume: Select Components Window 8. Select an unused slice and click Add to move it to the Selected list. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. 9. All Rights Reserved. Select the existing slice and click Add to move it to the Selected list. Click Next to continue. Inc.RAID-0 Striped Volumes Select the slice already being used and an unused slice. as shown in Figure 14-17. To allow continued data accesses to a failed volume until you can replace a failed slice. Power user – A hot spare pool is a set of slices you can use to improve the fault tolerance of the system. the hot spare is automatically swapped back onto the replacement slice. Click Next to continue. as shown in Figure 14-18. Inc. Enterprise Services. Figure 14-17 Create Volume: Select Components Window 11. 14-30 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. hot spares are automatically swapped in to replace the failed slice. All Rights Reserved. Revision A . After replacing the failed slice.RAID-0 Striped Volumes You can select the order of presentation of the slices within the volume. The Hot Spare Pool window is shown in Figure 14-18. Revision A 14-31 . Inc.RAID-0 Striped Volumes RAID-0 does not have any data redundancy features and no hot spare pools have been created. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. All Rights Reserved. Enterprise Services. Figure 14-18 Create Volume: Use Hot Spare Pool Window 12. Select No Hot Spare Pool and click Next to continue. All Rights Reserved. Inc. Revision A .RAID-0 Striped Volumes The Create Volume window provides a confirmation of your selections. Enterprise Services. Click Finish. It also provides a summary of the commands necessary to accomplish the identical task from the command line. Figure 14-19 Create Volume: Review Window 13. 14-32 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. as shown in Figure 14-19. 3081440. change the standard device files to the metadevice files: /dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/home ufs 2 yes /dev/md/dsk/d0 /dev/md/rdsk/d0 /export/home ufs 2 yes - # mount /export/home # growfs -M /export/home /dev/md/rdsk/d0 /dev/md/rdsk/d0: 3118752 sectors in 3094 cylinders of 16 tracks. 2984288. First. 3065248. All Rights Reserved.RAID-0 Striped Volumes Figure 14-20 shows the metadevice for the newly created RAID-0 volume. Enterprise Services. 113376.4G 395M 988M 29% /export/home Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. 2968096. Inc. 145760.8MB in 194 cyl groups (16 c/g. 3096608. 16224. 3776 i/g) super-block backups (for fsck -F ufs -o b=#) at: 32. 63 sectors 1522. Revision A 14-33 . 64800. 32416. 3032864. 3049056. 3016672. 48608. 97184. the file system remounted and grown before the extra space is available. 7. 3000480. # df -h /export/home Filesystem size used avail capacity Mounted on /dev/md/dsk/d0 1. The /etc/vfstab file needs to be changed. 80992. 129568. Figure 14-20 Solaris Management Console: Volumes Window This procedure has created the d0 concatenated metadevice.88MB/g. 3112800. Typical reasons for taking the submirror offline include backups. 14-34 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. and correctly configured read and write policies. When the submirror is brought back online. Usually. after which you can attach additional submirrors. When a submirror is offline. With multiple copies of data available. You need at least twice as much disk space as the amount of data to be mirrored. The mirrored RAID-0 volumes are called submirrors. Inc. including existing file systems. All Rights Reserved. data access time is reduced. the data is written to two disk slices of the same size. A read-write mirror uses what is called a Dirty Region Log (DRL) and these DRLs are located in the State DBs. it is in a read-only mode. Enterprise Services. you can use it as if it were a physical slice. entries in the DRL significantly reduce the time needed to syncronize the sub-mirror data again. If the system panics before some sub-mirrors get updated. though at least one submirror must remain attached to the mirror at all times. troubleshooting and repair. Using Multiple Submirrors A mirror is made of two or more RAID-0 volumes. Rather than copying all of the mirrors data to a sub-mirror being attached. A third submirror lets you maintain redundancy with one of the other two submirrors offline. the other will have an up-to-date copy of the data. In a two-way mirror.Configuring RAID-1 Configuring RAID-1 RAID-1 volumes are also known as mirrors and provide data redundancy. The Solaris Volume Manager software tracks all the changes written to the online submirror. The DRL is used to record all changes made to the mirror volume. the DRL can be used to indicate the changes that have occured and avoid copying data that is already on the sub-mirror. Their is a fairly subtle consideration related to the State DBs when they support a mirror volume. while a mirror consisting of three submirrors is known as a three-way mirror. Creating a two-way mirror is usually sufficient for data redundancy. A RAID-1 volume maintains identical copies of the data in several RAID-0 volumes. You can attach or detach a submirror from a mirror at any time. If one disk fails. you begin the creation of a mirror with only a single submirror. only the newly written portions are resynchronized. or a sub-mirror was offline for some reason. Mirroring requires more disks. Revision A . A mirror consisting of two submirrors is known as a two-way mirror. After configuring a mirror. You can mirror any file system. Table 14-1 describes the configurable mirror read policies. Enterprise Services. Revision A 14-35 . the submirror that had the failure is put into maintenance state (errored state). Inc. If a failure occurs during this write. Table 14-2 Mirror Write Policies Write Policy Parallel (Default) Description Replicates a write to a mirror. You can define mirror options when you initially create the mirror or after you set up the mirror.Configuring RAID-1 Mirror Options Mirror performance can be modified by using the following options: ● ● Mirror read policy Mirror write policy Note – The mirror options listed here are representative of the options presented when configuring RAID-1 mirrors using the Solaris Volume Manager software. Table 14-2 describes the configurable mirror write policies. All Rights Reserved. and dispatches the write to all of the submirrors simultaneously Specifies that writes to one submirror must complete before initiating writes to the next submirror Serial Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Table 14-1 Mirror Read Policies Read Policy Round Robin (default) Geometric Description Balances the load across the submirrors Enables the system to divide reads among submirrors on the basis of a logical disk block address Directs all reads to the first submirror First You can improve write performance by replicating all submirrors simultaneously. You can distribute the load across the submirrors to improve read performance. Inc. Enterprise Services. When the submirror is brought back online. those regions must be updated or resynchronized. All Rights Reserved. 14-36 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Configuring RAID-1 When a submirror is offline. Revision A . any writes to the mirror are tracked in a dirty region log. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. All Rights Reserved. Revision A 14-37 . As seen during RAID-0 configuration. SMC is not able to force the creation of a metadevice from a mounted file system. Note – Remove the volume d0 created in the previous example to avoid confusion during this procedure. which cannot be unmounted. 3. do the following: 1. To create a mirror. Use the metaroot command to update the system’s configuration. 4. Create a RAID-0 volume for the file system you want to mirror. Enterprise Services. This section describes how to create a RAID-1 volume for the root (/) file system. Attach the second submirror to the file system mirror. as this is a mirror of the root (/) file system. Reboot your system. as this is a root (/) mirror.Building a Mirror of the Root (/) File System Building a Mirror of the Root (/) File System The procedure for building a mirror of the root (/) file system can be accomplished using the command line exclusively but it is not possible to use the Solaris Management Console (SMC) exclusively. Record the alternate boot path that is used in the event of a failure of the primary submirror. as this is a root (/) mirror. Create a one-way mirror using the RAID-0 volume that contains the file system to be mirrored. Create a second RAID-0 volume to contain the second submirror of the RAID-1 volume. 5. 7. 6. Inc. 2. 1. Enterprise Services. 3. Inc. RAID 1 Volume @ @ RAID 0 Volume @ RAID 0 Volume Figure 14-21 Mirror of Root (/) Partition Creating The RAID-0 Volumes The first step when building a mirror of the root (/) file system is to create RAID-0 volumes.Building a Mirror of the Root (/) File System The Scenario The scenario assumes the root (/) file system is on disk slice c0t0d0s0. A RAID-1 volume is created and named d10 using the RAID-0 volumes named d11 and d12. A second RAID-0 volume is created as metadevice d12 from a spare disk slice at c3t3d0s1. which cannot be unmounted. The force (-f) option must be used because this is the root (/) file system. 2. as shown in Figure 14-21. Each RAID-0 volume becomes a submirror to the mirror. Revision A . Use the metainit command to force the creation of the RAID-0 volume. All Rights Reserved. The following example shows how to use the metainit command to create a RAID-0 volume: # /usr/sbin/metainit -f d11 1 1 c0t0d0s0 d11: Concat/Stripe is setup 14-38 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. A RAID-0 volume called d11 is created from slice c0t0d0s0. which you later combine to form the mirror. one slice wide. Because the root (/) file system is stored at that location. Inc. Click the Volumes icon. both the numstripes and width arguments must be 1. use the metainit command again: # metainit d12 1 1 c3t3d0s1 d12: Concat/Stripe is setup To create the same metadevice from the GUI. Revision A 14-39 . To create additional volumes from the command line. for the secondary submirror of the root file system. the root (/) file system is stored on the disk slice /dev/dsk/c0t0d0s0. The command line forces the creation of volume d11. or the data is lost. Enterprise Services. All Rights Reserved. To create an additional RAID-0 volume. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Note – In this example.Building a Mirror of the Root (/) File System Caution – If converting an existing file system to a RAID-0 volume. and it is stored on the /dev/dsk/c0t0d0s0 disk slice. complete the following steps: 1. Volume d11 creates a concatenation composed of a single stripe. you must use of the -f option to force the creation of a volume on the mounted partition. use the Enhanced Storage Tool within the Solaris Management Console. Inc. Enterprise Services. as shown in Figure 14-22.Building a Mirror of the Root (/) File System Any configured metadevice volumes appear on the View pane. Figure 14-22 Volumes Icon 14-40 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . the View pane remains empty. If there are no metadevice volumes currently configured. All Rights Reserved. Select Create Volume from the Action menu. Answer the prompts in the Create Volume Wizard window. All Rights Reserved. as shown in Figure 14-23. Enterprise Services. Inc. Figure 14-23 Solaris Management Console: Action Menu 3. Revision A 14-41 .Building a Mirror of the Root (/) File System 2. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Select Don’t Create State Database Replicas in the Create Volume window. 14-42 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. 4. Revision A . Enterprise Services. you can create additional state database replicas.Building a Mirror of the Root (/) File System Every time you create a new volume. it is usually unnecessary to create additional state database replicas. All Rights Reserved. Inc. as shown in Figure 14-24. When creating RAID-0 volumes. Figure 14-24 Create Volume Window 5. Click Next to continue. Inc. Click Next to continue. as shown in Figure 14-25. select the default of <none>. you can relocate it on alternate disk sets. 7. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Enterprise Services. All Rights Reserved. Figure 14-25 Create Volume: Select Disk Set Window 6. If only one disk set exists on the system. Revision A 14-43 .Building a Mirror of the Root (/) File System Every time you create a new volume. 9. 14-44 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. All Rights Reserved. Revision A . Figure 14-26 Create Volume: Select Volume Type Window 8. Enterprise Services. Click Next to continue.Building a Mirror of the Root (/) File System Figure 14-26 shows a selection of volume configurations that you can create. Select Concatenation (RAID 0). Name the volume d12. so this one is volume d12. build a mirror named d10. All Rights Reserved. Click Next to continue. The two submirrors that comprise the mirror are d11 (for the first submirror) and d12 (for the second submirror). Revision A 14-45 . 11. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Enterprise Services. Figure 14-27 Create Volume: Name Volume Window 10. as shown in Figure 14-27.Building a Mirror of the Root (/) File System You can name the volume. You have already created volume d11 from the slice that contains the root (/) file system. which contains the mirror of the root (/) file system. Inc. In this procedure. 13. 14-46 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. 14.Building a Mirror of the Root (/) File System You can also select a slice that the new volume occupies. Figure 14-28 Create Volume: Select Components Window 12. Revision A . Select a slice equal to or greater than the size of the primary submirror RAID-0 volume. Enterprise Services. All Rights Reserved. therefore the size of this slice must be equal to or greater than the size of the primary submirror of the mirror. This volume is the secondary submirror of a mirror. as shown in Figure 14-28. Click Add to move it to the Selected list. Click Next to continue. you cannot span multiple slices. as shown in Figure 14-29. 15. Figure 14-29 Create Volume: Select Components Window Note – When mirroring root (/). Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems.Building a Mirror of the Root (/) File System You can select the order of presentation of the slices within the stripe group. Inc. Click Next to continue. this window serves no function in this procedure. where a single slice is involved. if you are mirroring a file system that can span multiple slices. All Rights Reserved. Because this is a mirror of root. This window is used when building multiple slices into a single volume. Enterprise Services. Revision A 14-47 . Click Next to continue. Inc.Building a Mirror of the Root (/) File System A hot spare pool is a set of slices you can use to improve the fault tolerance of the system. All Rights Reserved. the hot spare is automatically swapped back onto the replacement slice. select No Hot Spare Pool. Enterprise Services. Figure 14-30 Create Volume: Use Hot Spare Pool Window 17. as shown in Figure 14-30. hot spares are automatically swapped in to replace the failed slice. Revision A . To allow continued data accesses to a failed volume until you can replace a failed slice. 16. Because no hot spare pools have been created. 14-48 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. After replacing the failed slice. Building a Mirror of the Root (/) File System The Create Volume: Review window provides a confirmation of your selections. Enterprise Services. All Rights Reserved. Inc. Click Finish. Figure 14-31 Create Volume: Review Window 18. as shown in Figure 14-31. Revision A 14-49 . It also provides a summary of the commands necessary to accomplish the identical task from the command line. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. and the d12 volume contains space for a copy of the root (/) file system. Enterprise Services. d11 and d12. The d11 volume contains the slice where the root (/) file system is stored. Creating The RAID-1 Volume You can create the RAID-1 volume using: ● ● The metainit command The Enhanced Storage Tool within the Solaris Management Console 14-50 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Building a Mirror of the Root (/) File System Figure 14-32 shows the metadevice for the newly created RAID-0 volume. Inc. you created two RAID-0 volumes. Figure 14-32 Solaris Management Console: Volumes Window In this procedure. All Rights Reserved. Revision A . or as swap space. read_options Note – If neither the -g nor -r options are specified. The default setting for this option is parallel write. You cannot use the -r option with the -g option. • -r – Directs all reads to the first submirror.Building a Mirror of the Root (/) File System The metainit Command The syntax for creating a RAID-1 volume by using the metainit command is: metainit mirror -m submirror [read_options] [write_options] [pass_num] where: mirror -m submirror Specifies the volume name of the mirror. Revision A 14-51 . Smaller pass numbers are resynchronized first. The default is 1. All Rights Reserved. reads are made in a round-robin order from all submirrors in the mirror. pass_num A number (0–9) at the end of an entry defining a mirror that determines the order in which that mirror is resynchronized during a reboot. the resynchronization is skipped. This process enables load balancing across the submirrors. Use the -r option only when the devices that comprise the first submirror are substantially faster than those of the second mirror. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Equal pass numbers are run concurrently. write_options The following write option is available: S – Performs serial writes to mirrors. If 0 is used. Submirror is a volume (stripe or concatenation) that makes up the initial one-way mirror. The following read options for mirrors are available: • -g – Enables the geometric read option. Enterprise Services. Inc. Use 0 only for mirrors mounted as read-only. which results in faster performance on sequential reads. The -m indicates that the configuration is a mirror. Figure 14-33 Solaris Management Console: Volume 14-52 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. as shown in Figure 14-33. Enterprise Services. Volume d11 is a submirror of the mirror named d10. Revision A . Inc. The previously configured RAID-0 volumes are displayed. and attaches a one-way mirror using volume d11. If these volumes are not displayed. Click the Volumes icon. # /usr/sbin/metainit d10 -m d11 d10: Mirror is setup The Enhanced Storage Tool You can also create the mirror by using the Enhanced Storage Tool within the Solaris Volume Manager software. All Rights Reserved.Building a Mirror of the Root (/) File System The following command-line example creates a mirrored volume named d10. you must first configure the RAID-0 volumes before you can use them as submirrors of the RAID-1 volume. To create a mirror: 1. Revision A 14-53 . All Rights Reserved. Inc.Building a Mirror of the Root (/) File System 2. Enterprise Services. as shown in Figure 14-34. Select Create Volume from the Action menu. Figure 14-34 Solaris Management Console: Action Menu Window Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. All Rights Reserved. Inc. Figure 14-35 Create Volume: Create State Database Replicas Window 4. you can add additional state database replicas. select Don’t Create State Database Replicas. Due to equipment limitations in the classroom. Enterprise Services. as shown in Figure 14-35. 3. when you create RAID-1 volumes.Building a Mirror of the Root (/) File System Because the dirty region logs that are used to track which data blocks in the submirrors have been modified are recorded within the state database replicas. 14-54 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . Click Next to continue. but mirror performance might suffer if you do not. You do not have to create additional replicas when creating RAID-1 volumes. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems.Building a Mirror of the Root (/) File System You can relocate the mirror to alternate disk sets. 5. If only one disk set exists on the system. Revision A 14-55 . as shown in Figure 14-36. Figure 14-36 Create Volume: Select Disk Set Window 6. you must use the local disk set. All Rights Reserved. select the default of <none>. Note – When you are mirroring root. Enterprise Services. Click Next to continue. Inc. Enterprise Services. Revision A . All Rights Reserved.Building a Mirror of the Root (/) File System The Create Volume: Select Volume Type Windowwindow displays which volume configurations you can create. 8. as shown in Figure 14-37. Figure 14-37 Create Volume: Select Volume Type Window 7. Inc. Click Next to continue. Choose Mirror (RAID 1). 14-56 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. as shown in Figure 14-38. 10. Inc. All Rights Reserved.Building a Mirror of the Root (/) File System In the Create Volume: Name Volume window. Enter 10 as the volume name d field. Click Next to continue. Then you can number the submirrors or RAID-0 volumes as d11 for the first submirror and d12 for the second submirror. Choose a pattern that is easy to remember so that it is easy to identify the volume types. For example. such as d10. Figure 14-38 Create Volume: Name Volume Window 9. you can enter a volume name. Revision A 14-57 . you could name the RAID-1 volumes with names ending in zero. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Enterprise Services. 14-58 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. Revision A . All Rights Reserved. Figure 14-39 Create Volume: Select Primary Submirror Window 12. Enterprise Services. Click Next to continue.Building a Mirror of the Root (/) File System 11. as shown in Figure 14-39. Select metadevice d11 for use as the primary submirror. because you are mirroring the root partition. the procedure requires a few additional steps prior to attaching the secondary submirror. Bypass the Create Volume: Select Remaining Submirrors Window window shown in Figure 14-40. you can select the secondary submirror. Click Next to continue. as shown in Figure 14-40. ● When mirroring the root (/) partition. Inc. ● Figure 14-40 Create Volume: Select Remaining Submirrors Window 14. Revision A 14-59 . When building a mirror that does not already contain data. which means that you must attach the secondary submirror by using the command line. All Rights Reserved.Building a Mirror of the Root (/) File System 13. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Enterprise Services. All Rights Reserved. click Next to continue. Revision A . Inc. 14-60 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. These parameters were described in the metainit command example that was used to configure a RAID-1 volume. as shown in Figure 14-41. To accept the defaults. Enterprise Services. Figure 14-41 Create Volume: Set Mirror Parameters Window 15.Building a Mirror of the Root (/) File System The Create Volume: Set Mirror Parameters window lets you set the mirror parameters. Enterprise Services. Inc. Revision A 14-61 . It also provides a summary of the commands necessary to accomplish the identical task from the command line. as shown in Figure 14-42. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems.Building a Mirror of the Root (/) File System Review your selections in the Create Volume: Review window. Click Finish. This window provides a confirmation of your selections. Figure 14-42 Create Volume: Review Window 16. All Rights Reserved. All Rights Reserved. and use the metaroot command to complete building the mirror of the root (/) file system. Enterprise Services. Figure 14-43 Solaris Management Console: Volumes You can click on the d10 volume to highlight it. 14-62 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The primary submirror (d11) is attached to the mirror (d10). you can select Properties to view the configuration and verify the sub-mirrors included. 17. and the display is updated. as described in ‘‘Executing the metaroot Command’’ on page 14-63. Inc. Revision A . Go to the command line. as shown in Figure 14-43. and then use the right mouse button to display a menu. From this menu. but the process of creating the mirrored partition is not complete.Building a Mirror of the Root (/) File System The RAID-1 volume named d10 is created. use the metaroot command to modify the /etc/vfstab and /etc/system files. Enterprise Services.blk You must reboot the system before attaching the secondary submirror. to a volume. Inc. you must update the /etc/vfstab file to change the mount point from a slice.10.Building a Mirror of the Root (/) File System Executing the metaroot Command When creating mirrors of mounted file systems. When the system boots. as follows: metaroot device where device specifies either the metadevice or the conventional disk device (slice) used for the root (/) file system. # metaroot d10 # grep md /etc/vfstab /dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no - In addition to modifying the /etc/vfstab file to update the root (/) file system pointer. the root file system is mounted through the d10 metadevice: # df -h / Filesystem /dev/md/dsk/d10 size 141M used 111M avail capacity 15M 88% Mounted on / Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. such as /dev/dsk/c#t#d#s#. Revision A 14-63 . The following example shows that the /etc/vfstab file has been updated by the metaroot command to point to the RAID-1 mirrored metadevice. you can use the vi editor to update the /etc/vfstab file. When mirroring the root (/) file system. Enter the init command to reboot the system: # init 6 After the reboot is complete. it mounts the root file system using the metadevice device file. the metaroot command updates the /etc/system file to support the logical volumes. All Rights Reserved. For example: # tail /etc/system rootdev:/pseudo/md@0:0. When mirroring any mounted file system other than root (/). such as /dev/md/dsk/d##. Building a Mirror of the Root (/) File System The metastat command shows the state of the metadevices. Revision A . and then attach the additional submirrors with the metattach command. Inc. Notice here that only one submirror is in the d10 metadevice: # metastat d10: Mirror Submirror 0: d11 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 307440 blocks (150 MB) d11: Submirror of d10 State: Okay Size: 307440 blocks (150 MB) Stripe 0: Device Start Block Dbase c0t0d0s0 0 No (output omitted) State Reloc Hot Spare Okay Yes Attach the secondary submirror by using the metattach command: # metattach d10 d12 d10: submirror d12 is attached Caution – Create a one-way mirror with the metainit command. If the metattach command is not used. # metastat d10 d10: Mirror Submirror 0: d11 State: Okay Submirror 1: d12 State: Resyncing Resync in progress: 83 % done Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 307440 blocks (150 MB) 14-64 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. As a result. All Rights Reserved. The metastat command shows the mirror synchronization taking place. Enterprise Services. no resynchronization operations occur. data could become corrupted as the Solaris Volume Manager software assumes that both sides of the mirror are identical and can be used interchangeably. isptwo@4/[email protected]/pci@1/scsi@4. yet the show-disks command from the OpenBoot PROM returned: /pci@1f. you determine the path to the alternate boot device by using the ls -l command on the slice that is being attached as the secondary submirror to the root (/) mirror./. # ls -l /dev/dsk/c3t3d0s1 lrwxrwxrwx 1 root root 57 Oct 25 11:22 /dev/dsk/c3t3d0s1 > . Enterprise Services.0/pci@1/pci@1/SUNW.isptwo@4/sd@3./devices/pci@1f.. follow the entries in the OpenBoot PROM.0:b Record the path that follows the /devices directory: /pci@1f. Revision A 14-65 .Building a Mirror of the Root (/) File System d11: Submirror of d10 State: Okay Size: 307440 blocks (150 MB) Stripe 0: Device Start Block Dbase c0t0d0s0 0 No d12: Submirror of d10 State: Resyncing Size: 2097360 blocks (1.0/pci@1/pci@1/SUNW. All Rights Reserved.0/pci@1/scsi@4. the PCI-SCSI controller returns: /[email protected]:b from the /devices directory. In these instances. the alternate boot path must be: Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. on one Ultra™ 5 workstation. If. In the following example. for example. the path to the device varies between the entries in the /devices directory and the entries in the OpenBoot programmable read-only memory (PROM).0 GB) Stripe 0: Device Start Block Dbase c3t3d0s1 0 No State Reloc Hot Spare Okay Yes State Reloc Hot Spare Okay Yes Updating the boot-device PROM Variable If you mirror your root (/) file system.. Inc.1/sd@2. record the alternate boot path contained in the boot-device PROM variable.1/disk then.0:b Caution – When using some disk controllers. boot the system manually. complete the following steps: 1.0:b 2. the system automatically boots from the secondary submirror. All Rights Reserved. in the order in which you want to access them. Inc.1/disk@2. For example: Redefine the boot-device variable to reference both the primary and secondary submirrors.0:b If you do not adapt to the change when attempting to boot from the alternate boot device. Use the OpenBoot nvalias command to define a backup_root device alias for the secondary root mirror. Revision A .0/pci@1/scsi@4. For example: ok nvalias backup_root /pci@1f. To test the secondary submirror.Building a Mirror of the Root (/) File System /pci@1f. you get an error stating: can’t open boot device To get the system to boot automatically from the alternate boot device in the event of a primary root submirror failure. Enterprise Services. as follows: ok boot backup_root 14-66 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.0/pci@1/pci@1/SUNW.isptwo@4/sd@3. ok printenv boot-device boot-device= disk net ok setenv boot-device disk backup_root net boot-device= disk backup_root net In the event of primary root disk failure. Revision A 14-67 .sd@SFUJITSU_MAB3045S_SUN4. Enterprise Services. To unmirror the root (/) file system. This procedure assumes that the root (/) file system is mirrored on a Solaris Volume Manager software volume named d10. and the secondary submirror is d12. All Rights Reserved. Run the metastat command on the mirror to verify that submirror 0 is in the Okay state. # metastat d10 d10: Mirror Submirror 0: d11 State: Okay Submirror 1: d12 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 307440 blocks (150 MB) d11: Submirror of d10 State: Okay Size: 307440 blocks (150 MB) Stripe 0: Device Start Block Dbase c0t0d0s0 0 No State Reloc Hot Spare Okay Yes d12: Submirror of d10 State: Okay Size: 2097360 blocks (1.dad@AST38420A=7AZ0VMFG c3t3d0 Yes id1. complete the following steps: 1. Inc. and that the mirror consists of two submirrors. The primary submirror is d11.0 GB) Stripe 0: Device Start Block Dbase c3t3d0s1 0 No State Reloc Hot Spare Okay Yes Device Relocation Information: Device Reloc Device ID c0t0d0 Yes id1.2G00F52267____ Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems.Building a Mirror of the Root (/) File System Unmirroring the Root (/) File System Follow this procedure to unmirror the root (/) file system. Run the metaclear command to clear the mirror and submirrors. # metaclear -r d10 d10: Mirror is cleared d11: Concat/Stripe is cleared # metaclear d12 d12: Concat/Stripe is cleared 6. # metadetach d10 d12 d10: submirror d12 is detached 3. Revision A . run the metaroot command to update the /etc/vfstab and etc/system files. If you changed your boot-device variable to an alternate boot path. associated with the targeted metadevices specified in the metaclear command. # init 6 5. Inc. # metaroot /dev/dsk/c0t0d0s0 # grep c0t0d0s0 /etc/vfstab /dev/dsk/c0t0d0s0/dev/rdsk/c0t0d0s0/ufs1no4. Because this is a root (/) file system mirror. Run the metadetach command on the mirror to make a one-way mirror. 14-68 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Building a Mirror of the Root (/) File System 2. return it to it’s original setting. Enterprise Services. All Rights Reserved. Reboot the system. The -r option recursively deletes specified metadevices and hot spare pools. For example. using available storage existing in the storagepool disk set. You can specify the following quality of service characteristics: ● ● ● ● size redundancy (number of copies of data) data paths fault recovery (whether the volume should be associated with a hot spare pool) volume types (for example. and similar characteristics) ● ● ● ● ● Use the command line to specify the quality of service attributes you require. RAID 0 (concatenation) or RAID 0 (stripe)) components to use in specific volumes components that are available or unavailable for use number of components to use details specific to the type of volume being created (including interlace value for stripes. you can issue a single command to create a volume. creating RAID 0 volumes (as submirrors). Revision A 14-69 . Enterprise Services. A simple example would be: # metassist create -s storagepool -S 10Gb This command would create a stripe volume of 10Gb in size in the storagepool disk set. With the metassist command. read policy for mirrors. Inc. with the metassist command. you can specify volume characteristics in terms of quality of service. and finally creating a mirror. and allow the metassist command to create the necessary volumes for you.Building a Mirror of the Root (/) File System The metassist Command Solaris 9 9/04 introduced the metassist command which allows you to create top level Solaris Volume Manager volume configurations with a single command. and Solaris Volume Manager will do the rest for you. All Rights Reserved. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. creating hot spare pools and hot spares. rather than manually working through the process of partitioning disks. metad rpc. At a minimum. Revision A .metamedd Understanding Which Disks Are Available The metassist command checks disks to see which disks appear to be unused. Checks include: ● ● ● Disks used in other disk sets Mounted slices Slices with a file system superblock. Enterprise Services. and attempts to conservatively determine which disks are available. see the following resource: Solaris Volume Manager Administration Guide.metamhd rpc. All Rights Reserved. Any disk or slice that is determined to be in use is considered unavailable for use by the metassist command. part number 816-4520 14-70 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Building a Mirror of the Root (/) File System Creating volumes and volume configurations automatically with the metassist command requires that you have a functional Solaris Volume Manager configuration before you begin. distributed appropriately for your system available disks to use for the volumes you will create The following disk set RPC daemons running: ● ● ● rpc. you should have the following: ● ● ● ● root access or have assumed an equivalent role state database replicas. indicating a mountable file system Slices used in other Solaris Volume Manager volumes ● For more information about the metassist command. Inc. Exercise: Mirroring the Root (/) File System Exercise: Mirroring the Root (/) File System In this exercise. All Rights Reserved. This exercise is performed on each individual system. so there is no need to work with a partner. Use the tools within the Enhanced Storage Tool to view objects that you create using command line commands. The Enhanced Storage Tool within the Solaris Management Console is used to monitor the progress of the exercise. This exercise requires a second disk that is not in use. Start the Solaris Management Console and complete the following steps: a. This exercise requires an understanding of how to use the format utility to partition disks. Revision A 14-71 . Task Complete the following steps: 1. b. Open the Enhanced Storage Tool within the Solaris Management Console. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. and at least two partitions to be used for state database replicas. Most steps in these procedures are executed using the command line. Enterprise Services. and leave it open throughout this exercise to use it as a monitoring tool. Steps in this exercise direct you to partition the second disk so that it has one partition equal to the root (/) partition on the boot disk. you complete the following: ● Configure the Solaris Volume Manager software to create state database replicas Mirror the root (/) file system Update the default boot device Unmirror the root (/) file system ● ● ● Preparation This exercise mirrors the root (/) file system of your system’s boot disk. Inc. This slice is a candidate to become the secondary submirror. 0 or 1. 14-72 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. others where it does not. Enterprise Services. This will become the primary submirror: _______________________________________________ Does the slice used for the root (/) file system start on cylinder 0 of the boot disk? _______________________________________________ Disk slice for state database replica 1: _______________________ Disk slice for state database replica 2: _______________________ ● ● ● 3. some where slice 0 of the boot disk starts on cylinder 0. ● ● ● Both slice 0 and slice 1 were set to match the boot disk root slice size to provide a choice of two slices to use for the secondary submirror. Different training centers may have built the student systems differently. explain that it is not a general SVM requirement to define partitions exactly as they are here in the exercise. Set the size of slice 6 to be at least 4 Mbytes. This slice will be used for state database replica 4. You should record the following information: ● Disk slice used for the root (/) file system. Set the size of slice 7 to be at least 4 Mbytes. This slice will be used for state database replica 3. and its size in megabytes. Use the df command to list file systems in use and the format utility to display the partition table for your system’s boot disk. Inc. Revision A . Set the size of slice 1 to be equal to or greater than the disk slice used for the root (/) file system. All Rights Reserved. Explain the need to choose the slice on the second disk. that correlates to how the root slice is defined on the boot disk. Use the format utility to partition your spare disk so that it includes the partitions listed: ● Set the size of slice 0 to be equal to or greater than the disk slice used for the root (/) file system. Also. Explain to students that you cannot mirror a slice that contains a disk label to one that does not. This slice is a candidate to become the secondary submirror.Exercise: Mirroring the Root (/) File System 2. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Create a RAID 0 volume on the secondary drive to use as the root (/) file system’s secondary submirror. Open the Enhanced Storage Tool within the Solaris Management Console. If the root slice on your boot disk does not start on cylinder 0. Create a sufficient number of state database replicas to support the majority consensus algorithm used in the Solaris Volume Manager software. use slice 0 on the second disk as the secondary submirror. 8. 7. 11. Create a RAID-1 volume as a one-way mirror using the root (/) file system primary submirror as the source of the mirror’s data. and then log in as root. Revision A 14-73 .Exercise: Mirroring the Root (/) File System 4. b. Enterprise Services. For example: What is the minimum number of state database replicas necessary to support the majority consensus algorithm? _______________________________________________ 6. Determine the names of Solaris Volume Manager objects to use for this exercise: ● Volume to map to the root (/) file system primary submirror: _______________________________________________ Volume to map to the root (/) file system secondary submirror: _______________________________________________ Volume to map to the root (/) file system mirror: _______________________________________________ ● ● 5. a. Use the metaroot command to update these two files to use the RAID-1 volume as the mount point for the root (/) file system. Inc. All Rights Reserved. Reboot the system. use slice 1 on the second disk as the secondary submirror. Observe the changes to the /etc/vfstab and the /etc/system files. Review the /etc/vfstab and the /etc/system files. If the root slice on your boot disk starts on cylinder 0. Start the Solaris Management Console and complete the following steps: a. Create a RAID-0 volume to use as the root (/) file system’s primary submirror. 10. 9. You should refer to step 2 to determine which of the following conditions is true. Use the tools within the Enhanced Storage Tool to view objects that you create using command line commands. Add the backup_root device alias to the boot-device variable. Attach the RAID-0 volume used as the root (/) file system’s secondary submirror to the RAID-1 volume and allow the mirror synchronization to complete before continuing. 23. 12. Inc. Define a backup root (/) device alias. 19. complete the following steps: a. What is the primary reason for using the command line to attach a secondary submirror to a mirror? _______________________________________________ _______________________________________________ Note – To view the status of the resynchronization process. and the /etc/system file to remove the forceload statements. 14-74 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A . Remove all state database replicas. Reset it to its default setting. 24. and then the show-disks command to determine the path to the alternate root (/) device (as reported by the OpenBoot PROM). Shut down the system to the OBP level. 18. Use the init 0 command to enter the OpenBoot PROM. All Rights Reserved. Detach one submirror to make the root (/) mirror a one-way mirror. 15. Test the ability to boot the secondary root (/) submirror and log in as root when the boot process completes. 20. 13.Exercise: Mirroring the Root (/) File System b. You should retain the alias for the primary boot disk. Update the /etc/vfstab file to redefine the root (/) mount point using the original disk slice. 14. 17. 21. Boot the system to the multi-user milestone. If you changed your boot-device variable to an alternate boot path. Enterprise Services. b. Determine the physical device path to the alternate root (/) device you selected in step 7 (as reported by the Solaris 10 OS). 16. use the /usr/sbin/metastat | grep Resync command. Clear the mirror and submirrors. 22. Verify the status of the root (/) submirrors. Enterprise Services.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. ● Experiences Ask students what their overall experiences with this exercise have been. If you do not have time to spend on discussion. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Revision A 14-75 . which was provided in the “About This Course” module. All Rights Reserved. ! ? Manage the discussion based on the time allowed for this module. ● Interpretations Ask students to interpret what they observed during any aspect of this exercise. Go over any trouble spots or especially confusing areas at this time. ● Applications Explore with students how they might apply what they learned in this exercise to situations at their workplace. Inc. or discoveries you had during the lab exercises. issues. ● Conclusions Have students articulate any conclusions they reached as a result of this exercise experience. then just highlight the key concepts students should have learned from the lab exercise. Exercise: Mirroring the Root (/) File System The solutions to the task are as follows. 14-76 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. b. # smc & Note – The task solutions are presented using the command-line equivalents because every task step can be performed by using the command line. Revision A . Task Review the following solutions: 1. and leave it open throughout this exercise to use it as a monitoring tool. Use the tools within the Enhanced Storage Tool to view objects that you create using command line commands. All Rights Reserved. Enterprise Services. Start the Solaris Management Console and complete the following steps: a. Open the Enhanced Storage Tool within the Solaris Management Console. Inc.Exercise Solutions Exercise Solutions This section contains solutions to the exercise. 9G 1.06MB 512. in this example. ● Disk slice for state database replica 1: As pre-defined for your lab system.2056 0 .3093 Size 500. Enterprise Services. Use the df command to list file systems in use. This will become the primary submirror: As pre-defined for your lab system.) Disk slice for state database replica 2: As pre-defined for your lab system. (No. Record the following information: ● Disk slice used for the root (/) file system.37MB 8.49GB 510.1M 2. Inc. in this example. (Slice 4. in this example.) ● # df -h /dev/dsk/c0t0d0s0 470M 194M 229M 46% /devices 0K 0K 0K 0% ctfs 0K 0K 0K 0% proc 0K 0K 0K 0% mnttab 0K 0K 0K 0% swap 854M 880K 853M 1% objfs 0K 0K 0K 0% /dev/dsk/c0t0d0s6 4. for the purpose of this exercise.1G 2.0G 1% # format (output omitted) format> partition (output omitted) partition> print Current partition table (original): Total disk cylinders available: 17660 + 2 (reserved Part 0 1 2 3 Tag root swap backup var Flag wm wu wm wm Cylinders 1041 . and its size in megabytes.40MB / /devices /system/contract /proc /etc/mnttab /etc/svc/volatile /system/object /usr /dev/fd /var /tmp /var/run /export cylinders) Blocks (1016/0/0) 1024128 (1041/0/0) 1049328 (17660/0/0) 17801280 (1037/0/0) 1045296 Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. (Slice 5. All Rights Reserved. and the format utility to display the partition table for your system’s boot disk. (Slice 0 and 500 Mbytes.) This information is required to determine what slice on the second disk to use as the secondary submirror. in this example.17659 2057 .Exercise Solutions 2.8G 2. Revision A 14-77 .) ● Does the slice used for the root (/) file system start on cylinder 0 of the boot disk? As pre-defined for your lab system.1040 0 .9G 61% fd 0K 0K 0K 0% /dev/dsk/c0t0d0s3 479M 57M 375M 14% swap 853M 0K 853M 0% swap 853M 40K 853M 1% /dev/dsk/c0t0d0s7 2. 4917 4918 .43GB 0 0 7.11GB (9/0/0) 9072 (9/0/0) 9072 (10159/0/0) 10240272 (4389/0/0) 4424112 3.4923 0 0 572 .285 286 .43MB 4.13270 .Exercise Solutions 4 unassigned 5 unassigned 6 usr 7 home partition> q (output omitted) format> q # wm wm wm wm 3094 3103 3112 13271 .571 0 . some where slice 0 of the boot disk starts on cylinder 0. Set the size of slice 6 to be at least 4 Mbytes.44GB 5.3111 .48MB 501.88GB 2.4920 Size 501. Use the format utility to partition your spare disk so that it includes the partitions listed: ● Set the size of slice 0 to be equal to or greater than the disk slice used for the root (/) file system. This slice is a candidate to become the secondary submirror. 0 or 1. This slice will be used for state database replica 3.17659 4. Inc. Revision A . Different training centers may have built the student systems differently. Set the size of slice 1 to be equal to or greater than the disk slice used for the root (/) file system.48MB 8. Enterprise Services. All Rights Reserved. Also.26MB Blocks (286/0/0) 1027026 (286/0/0) 1027026 (4924/0/0) 17682084 (0/0/0) 0 (0/0/0) 0 (4346/0/0) 15606486 (3/0/0) 10773 14-78 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. that correlates to how the root slice is defined on the boot disk. # format (output omitted) partition> print Volume: test Current partition table (test): Total disk cylinders available: 4924 + 2 (reserved cylinders) Part Tag 0 root 1 swap 2 backup 3 var 4 unassigned 5 unassigned 6 usr Flag wm wu wm wm wm wm wm Cylinders 0 . This slice is a candidate to become the secondary submirror. explain that it is not a general SVM requirement to define partitions exactly as they are here in the exercise. Explain the need to choose the slice on the second disk. Set the size of slice 7 to be at least 4 Mbytes.43MB 4. ● ● ● Both slice 0 and slice 1 were set to match the boot disk root slice size to provide a choice of two slices to use for the secondary submirror.3102 . Explain to students that you cannot mirror a slice that contains a disk label to one that does not. others where it does not. This slice will be used for state database replica 4. All Rights Reserved. # /usr/sbin/metainit -f d11 1 1 c0t0d0s0 d11: Concat/Stripe is setup (The variable points to the root (/) slice.) Volume to map to the root (/) file system secondary submirror: As defined for your lab system. (The examples use d12.) ● ● 5.4923 5. use slice 1 on the second disk as the secondary submirror. Create a RAID-0 volume to use as the root (/) file system’s primary submirror. Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. (The examples use d10. For example: -a -a -a -a -f c0t0d0s4 c0t0d0s5 c1t5d0s6 c1t5d0s7 # # # # # /usr/sbin/metadb /usr/sbin/metadb /usr/sbin/metadb /usr/sbin/metadb What is the minimum number of state database replicas necessary to support the majority consensus algorithm? As a best practice. (The examples use d11. use slice 0 on the second disk as the secondary submirror.Exercise Solutions 7 unassigned partition> wm 4921 . Create a sufficient number of state database replicas to support the majority consensus algorithm used in the Solaris Volume Manager software. Revision A 14-79 . Enterprise Services. If the root slice on your boot disk starts on cylinder 0. a. If the root slice on your boot disk does not start on cylinder 0. Create a RAID 0 volume on the secondary drive to use as the root (/) file system’s secondary submirror. 6.26MB (3/0/0) 10773 4. You should refer to step 2 to determine which of the following conditions is true.) 7. you should use three state database replicas as the minimum to support the majority consensus algorithm. # /usr/sbin/metainit d12 1 1 c1t5d0s0 d12: Concat/Stripe is setup b. Determine the names of Solaris Volume Manager objects to use for this exercise: ● Volume to map to the root (/) file system primary submirror: As defined for your lab system.) Volume to map to the root (/) file system mirror: As defined for your lab system. Inc. Reboot the system. Inc. Review the /etc/vfstab and the /etc/system files. Create a RAID-1 volume as a one-way mirror using the root (/) file system primary submirror as the source of the mirror’s data. Open the Enhanced Storage Tool within the Solaris Management Console. 14-80 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. and then log in as root. 12. # /usr/sbin/metattach d10 d12 d10: submirror d12 is attached # What is the primary reason for using the command line to attach a secondary submirror to a mirror? The primary reason for using the command line to attach a secondary submirror to a mirror is to force a resynchronization of the data between the primary and secondary submirror. Start the Solaris Management Console and complete the following steps: a. Enterprise Services. b. # cat /etc/vfstab (output omitted) # cat /etc/system (output omitted) # /usr/sbin/metaroot d10 # cat /etc/vfstab (output omitted) # cat /etc/system (output omitted) 10. # init 6 11. Use the tools within the Enhanced Storage Tool to view objects that you create using command line commands.Exercise Solutions # /usr/sbin/metainit d12 1 1 c1t5d0s1 d12: Concat/Stripe is setup 8. All Rights Reserved. Attach the RAID-0 volume used as the root (/) file system’s secondary submirror to the RAID-1 volume and allow the mirror synchronization to complete before continuing. # /usr/sbin/metainit d10 -m d11 d10: Mirror is setup 9. Observe the changes to the /etc/vfstab and the /etc/system files. Revision A . Use the metaroot command to update these two files to use the RAID-1 volume as the mount point for the root (/) file system. Use the ls -l command. Define a backup root (/) device alias. ok nvalias backup_root device_path 16.. This varies by system. # /usr/sbin/metastat d10 d10: Mirror Submirror 0: d11 State: Okay Submirror 1: d12 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems.0/pci@1/pci@1/SUNW. This varies by system. Inc. Use a combination of the printenv and setenv commands. Add the backup_root device alias to the boot-device variable.0:b 14. Use the init 0 command to enter the OpenBoot PROM. Revision A 14-81 .. Enterprise Services. ok boot backup_root 18. All Rights Reserved. Determine the physical device path to the alternate root (/) device you selected in step 7 (as reported by the Solaris 10 OS).isptwo@4/sd@5. You should retain the alias for the primary boot disk./.Exercise Solutions Note – To view the status of the resynchronization process. # ls -l /dev/dsk/c1t5d0s1 lrwxrwxrwx 1 root root 57 May 24 12:47 /dev/dsk/c1t5d0s1 > . 13. and then the show-disks command to determine the path to the alternate root (/) device (as reported by the OpenBoot PROM). use the /usr/sbin/metastat | grep Resync command. Use the nvalias command. This varies by system. ok show-disks 15./devices/pci@1f. Test the ability to boot the secondary root (/) submirror and log in as root when the boot process completes. Verify the status of the root (/) submirrors. This varies by system. ok printenv boot-device boot-device = disk net ok setenv boot-device disk backup_root boot-device = disk backup_root 17. Shut down the system to the OBP level. All Rights Reserved. Enterprise Services. # /usr/sbin/metaroot /dev/dsk/c0t0d0s0 21. Inc. Detach one submirror to make the root (/) mirror a one-way mirror. # init 0 14-82 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Exercise Solutions Size: 1024128 blocks (500 MB) d11: Submirror of d10 State: Okay Size: 1024128 blocks (500 MB) Stripe 0: Device Start Block Dbase c0t0d0s0 0 No State Reloc Hot Spare Okay Yes d12: Submirror of d10 State: Okay Size: 1027026 blocks (501 MB) Stripe 0: Device Start Block Dbase c1t5d0s1 0 No State Reloc Hot Spare Okay Yes Device Relocation Information: Device Reloc Device ID c0t0d0 Yes id1. and the /etc/system file to remove the forceload statements.dad@AST39140A=AY907169 c1t5d0 Yes id1. Update the /etc/vfstab file to redefine the root (/) mount point using the original disk slice.sd@SFUJITSU_MAB3091S_SUN9. Revision A .0G00D84225____ 19. # /usr/sbin/metadetach d10 d12 20. If you changed your boot-device variable to an alternate boot path. Clear the mirror and submirrors.Exercise Solutions 22. Inc. complete the following steps: a. Enterprise Services. Reset it to its default setting. Revision A 14-83 . Boot the system to the multi-user milestone. # # # # /usr/sbin/metadb /usr/sbin/metadb /usr/sbin/metadb /usr/sbin/metadb -d -d -d -d c0t0d0s4 c0t0d0s5 c1t5d0s6 -f c1t5d0s7 Configuring Solaris Volume Manager Software Copyright 2006 Sun Microsystems. Remove all state database replicas. All Rights Reserved. ok set-default boot-device ok boot 23. # /usr/sbin/metaclear -r d10 # /usr/sbin/metaclear d12 24. b. . Revision A . Inc.Module 15 Controlling Access and Configuring System Messaging Objectives Upon completion of this module. All Rights Reserved. you should be able to: ● Describe the effect of the /etc/inet/ipnodes file on the loghost variable Describe generic log rotation ● 15-1 Copyright 2006 Sun Microsystems. Enterprise Services. ! ? Discussion – The following questions are relevant to understanding System messaging changes in the Solaris 10 OS ● ● What are the contents of the ipnodes file? How can I control the size of different log files? 15-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. While they are not expected to know the answers to these questions. Revision A . the answers should be of interest to them and inspire them to learn the material presented in this module. Enterprise Services. All Rights Reserved.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Enterprise Services.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● System Administration Guide: Basic Administration. Inc. PN 817-1985 System Administration Guide: Advanced Administration. All Rights Reserved. Revision A 15-3 . PN 817-0403 Controlling Access and Configuring System Messaging Copyright 2006 Sun Microsystems. a change to how the loghost variable is determined in Solaris 10 needs explanation.200. and input from the /etc/syslog. Enterprise Services.9. and 10. the syslogd daemon evaluates the /etc/hosts file.9.9. and checks the Internet Protocol (IP) address associated with the hostname as compared to the IP address associated with loghost. 9.200. 15-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved.2 host2 Example B /etc/inet/hosts: 192. Example A /etc/inet/hosts: 192.200. The loghost Setting These /etc/inet/hosts file examples show that the loghost variable can be assigned to either system. the syslogd daemon.conf file work together to facilitate system messaging for the Solaris 10 OS. While the file names and functionality has remained much the same through Solaris 8. Inc.1 host1 loghost 192. Revision A .9.Configuring System Messaging Configuring System Messaging The syslog function.2 host2 loghost When the syslogd daemon starts at system boot.200.1 host1 192. the /etc/inet/ipnodes file was only populated with IPv6 addresses. Now.1 localhost 192. but there has been a change in Solaris 10 that affects the loghost setting.1 host1 loghost 192.0. This is the most important item to discuss. then the hosts file.200. The ipnodes file will be searched first. both of these files will contain the same information so that there would not be any inconsistency between loghost variables. Previous to Solaris 10. Inc.2 host2 IP addresses can be defined in the /etc/inet/ipnodes file or in the /etc/inet/hosts file.200. All Rights Reserved. the order of search. Revision A 15-5 .Configuring System Messaging This functionality has not changed through the Solaris releases mentioned in this course.0. as shown in the following example: cat /etc/inet/ipnodes # # Internet host table # ::1 localhost 127. Enterprise Services. the /etc/inet/ipnodes can contain either IPv4 or an IPv6 addresses.9. Controlling Access and Configuring System Messaging Copyright 2006 Sun Microsystems. Ideally.9. conf File Solaris 9 introduced a generic log rotation facility. The logadm command reads the /etc/logadm.1. # more /etc/logadm.$nfile’ -N -s 2m smf_logs -C 8 -s 1m /var/svc/log/*.conf file and checks for the presence of those named log files to see if they should be rotated. The logadm command is a general log rotation tool that is can be run from cron.Configuring System Messaging The /etc/syslog.pid‘’ /var/cron/log -c -s 512k -t /var/cron/olog /var/lp/logs/lpsched -C 2 -N -t ’$file.conf file from a system running Solaris 10 01/06. By default. Enterprise Services. etc. All Rights Reserved. Revision A . System administrators can use this facility to maintain and rotate system and application log files. Inc. This file has been edited for readability. The following example is an /etc/logadm. # /var/log/pool/poold -N -a ’pkill -HUP poold. ten versions of the logfile are kept.conf # /var/log/syslog -C 8 -P ’Fri Jan 20 10:10:00 2006’ -a ’kill -HUP ‘cat /var/run/syslog.$N’ /var/fm/fmd/errlog -M ’/usr/sbin/fmadm -q rotate errlog && mv /var/fm/fmd/errlog.0.pid‘’ /var/adm/messages -C 4 -P ’Fri Jan 20 10:10:00 2006’ -a ’kill -HUP ‘cat /var/run/syslog. true’ -s 512k 15-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.0.log # # The entry below is used by turnacct(1M) # /var/adm/pacct -C 0 -N -a ’/usr/lib/acct/accton pacct’ -g adm -m 664 -o adm -p never # # The entry below manages the Dynamic Resource Pools daemon (poold(1M)) logfile. The corresponding log file gets renamed by adding a number suffix such as logfile. logfile. # inetadm -p NAME=VALUE bind_addr="" bind_fail_max=-1 bind_fail_interval=-1 max_con_rate=-1 max_copies=-1 con_rate_offline=-1 failrate_cnt=40 failrate_interval=60 inherit_env=TRUE tcp_trace=TRUE tcp_wrappers=FALSE The same change in procedures applies when stopping and starting the syslog process.Configuring System Messaging Solaris 10 has changed the way many services are handles with the release of the SMF.d/inetsvc stop # /etc/init. enabling and logging inetd trace messages would have been accomplished by performing the following procedure: 1. and change the default value of the tcp_trace option to TRUE: # inetadm -M tcp_trace=TRUE 2. Enterprise Services. Verify that the inetd daemon is running with the tracing option enabled.d/syslog stop/start With Solaris 10. Inc. in Solaris 9. Edit the /etc/inet/inetsvc file and changing the line that read: /usr/sbin/inetd -s to /usr/sbin/inetd -s -t Edit the /etc/default/inetd file and setting the following field: ENABLE_CONNECTION_LOGGING=YES Stopping and starting the inetd process: # /etc/init. the same procedure is accomplished by performing the following steps: 1. All Rights Reserved. For example.d/inetsvc start With Solaris 10. 2. With Solaris 9. 3. the procedure would be: # /etc/init. Modify the inetd service. the procedure is: # svcadm refresh system-log Controlling Access and Configuring System Messaging Copyright 2006 Sun Microsystems. Revision A 15-7 . . Enterprise Services. Inc. you should be able to descibe the differences in: ● ● The name service switch file The LDAP name service 16-1 Copyright 2006 Sun Microsystems. Revision A .Module 16 Naming Services Objectives Upon completion of this module. All Rights Reserved. While they are not expected to know the answers to these questions. Inc.conf file been changed? How has the /var/yp/Makefile file been changed? ● ● 16-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. the answers should be of interest to them and inspire them to learn the material presented in this module. and LDAP? How has the /etc/nsswitch. DNS. and 10: ● What are the changes that have been made to naming services. All Rights Reserved. Enterprise Services. ! ? Discussion – The following questions are relevant to understanding what the changes are between Solaris 8. such as NIS. Revision A . 9.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Revision A 16-3 . All Rights Reserved. PN 817-0403 http://docs.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration.com: System Administration Guide: Naming and Directory Services (DNS. PN 817-1985 System Administration Guide: Advanced Administration.sun.sun. and LDAP) http://www. Inc.com/bigadmin/content/n2l: User Guide for NIS to LDAP Transition Tool ● Naming Services Copyright 2006 Sun Microsystems. NIS. Enterprise Services. The Sun Java System Directory Server must be set up and then configured to support Solaris LDAP clients. the term Directory Server is synonymous with LDAP Server. However. calendar servers. Enterprise Services. It is a vendor independent protocol and can be used on common TCP/IP networks. LDAP Directory Server A directory server is not necessarily an LDAP server.1. and messaging servers. Solaris 10 comes with an LDAP client and LDAP server. The Sun Java System Directory Server is now bundled with the Java Enterprise Server CDs. All Rights Reserved. The LDAP Directory Server is called the Sun Java™ System Directory Server. as well as other LDAP directory servers.Lightweight Directory Access Protocol (LDAP) Lightweight Directory Access Protocol (LDAP) LDAP is the protocol clients use to communicate with a directory server. Installation of the following packages at a minimum results in a working LDAP directory Server: IPLTadcon IPLTadmin IPLTcons IPLTdscon IPLTdsr IPLTdsu IPLTjss IPLTnls IPLTnspr IPLTnss IPLTpldap 16-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. in the context of this module. Inc. Solaris 9 supported Lightweight Directory Access Protocol (LDAP) with the iPlanet" Directory Server 5. The Sun Java System Directory Server is no longer bundled with Solaris 10. Services supported by LDAP include application servers. Revision A . conf File The default /etc/nsswitch. /etc/resolv.<name_service> file from Solaris 8 through Solaris 10. The output of each diff command has been edited to increase readability.Changes in the /etc/nsswitch File Changes in the /etc/nsswitch File Name resolution using the Internet domain name system begins with the client-side resolver. Enterprise Services. using the diff command to examine each name service version within each different release. The /etc/nsswitch. The resolver is a set of routines that are built into the resolver library. #ipnodes: files dns > # Note that IPv4 addresses are searched for in all of the ipnodes databases before searching the hosts databases.dns file is the same in Solaris 8 and 9. Before turning this option on. however.conf is the other.dns S10nsswitch. Inc. consult # the Network Administration Guide for more details on using IPv6. The /etc/nsswitch.conf file in each release has no differences. > ipnodes: files dns > < sendmailvars: files Naming Services Copyright 2006 Sun Microsystems.conf file is one of two files used for name resolution. The /etc/nsswitch. Revision A 16-5 .dns > # DNS service expects that an instance of svc:/network/dns/client be > # enabled and online. This module describes differences in the /etc/nsswitch. < < < < < < < ipnodes: files # Uncomment the following line and comment out the above to resolve # both IPv4 and IPv6 addresses from the ipnodes databases. Note that # IPv4 addresses are searched in all of the ipnodes databases before # searching the hosts databases. there are changes between Solaris 9 and Solaris 10: # diff S9nsswitch.dns File The default /etc/nsswitch. All Rights Reserved. Changes in the /etc/nsswitch File Notice in the example that the first line has a note explaining that the appropriate SMF service must be enabled and online. The second note pertains to the difference in the /etc/inet/ipnodes file between Solaris 9 and Solaris 10. which has been removed in Solaris 10. This note is prevelant through all examples of the Solaris 10 configuration files. and is consulted before the /etc/inet/hosts file. and is a result of the introduction of the Service Management Facility. All Rights Reserved. Enterprise Services. Revision A . 16-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The third item shown is the database sendmailvars. The /etc/inet/ipnodes file in Solaris 10 can have IPv4 addresses in it. Inc. Note that # IPv4 addresses are searched in all of the ipnodes databases before # searching the hosts databases. followed by the exec_attr.ldap S9nsswitch. Changes between the Solaris 9 and the Solaris 10 versions are: # diff S9nsswitch. user_attr. Enterprise Services.Changes in the /etc/nsswitch File The /etc/nsswitch. Naming Services Copyright 2006 Sun Microsystems. Revision A 16-7 . Inc.ldap < # role-based access control > printers: user files ldap < exec_attr: files ldap < user_attr: files ldap < # audit < audit_user: files ldap Notice in the example that the first comment. < < < < < < < ipnodes: files # Uncomment the following line and comment out the above to resolve # both IPv4 and IPv6 addresses from the ipnodes databases. consult # the Network Administration Guide for more details on using IPv6. The printers database provides centralized printer configuration information to print clients on the network. and audit_user databases show that RBAC functionality was introduced in Solaris 9.ldap > # LDAP service requires that svc:/network/ldap/client:default be enabled and online. > ipnodes: ldap [NOTFOUND=return] files < sendmailvars: files These differences have already been discussed in this module. The second line shown illistrates the printers database is now supported. #ipnodes: ldap [NOTFOUND=return] files > # Note that IPv4 addresses are searched for in all of the ipnodes databases before searching the hosts databases. Before turning this option on. This is new functionality in Solaris 9. All Rights Reserved.ldap File Changes between the Solaris 8 and the Solaris 9 versions are: # diff S8nsswitch.ldap S10nsswitch. 16-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Changes in the /etc/nsswitch File The /etc/nsswitch. Enterprise Services. Revision A .nis > # NIS service requires that svc:/network/nis/client:default be enabled > # and online. Inc. All Rights Reserved. consult # the Network Administration Guide for more details on using IPv6. #ipnodes: nis [NOTFOUND=return] files > # Note that IPv4 addresses are searched for in all of the ipnodes databases before searching the hosts databases. > ipnodes: nis [NOTFOUND=return] files < sendmailvars: files These differences have already been discussed in this module. Note that # IPv4 addresses are searched in all of the ipnodes databases before # searching the hosts databases. Before turning this option on.nis File There are no differences between the Solaris 8 and Solaris 9 versions of the file.nis S10nsswitch. Changes between the Solaris 9 and the Solaris 10 versions are: # diff S9nsswitch. < < < < < < < ipnodes: files # Uncomment the following line and comment out the above to resolve # both IPv4 and IPv6 addresses from the ipnodes databases. The /var/yp/Makefile file contains new variable in the Solaris 10 OS. To locate the source files in another directory. The /var/yp/Makefile File The ypinit command reads the /var/yp/Makefile file for source file locations. as highlighted below: #B=-b B= DIR =/etc INETDIR=/etc/inet RBACDIR=/etc/security PWDIR =/etc DOM = ‘domainname‘ NOPUSH = "" ALIASES = /etc/mail/aliases YPDIR=/usr/lib/netsvc/yp SBINDIR=/usr/sbin YPDBDIR=/var/yp YPPUSH=$(YPDIR)/yppush MAKEDBM=$(SBINDIR)/makedbm MULTI=$(YPDIR)/multi REVNETGROUP=$(SBINDIR)/revnetgroup STDETHERS=$(YPDIR)/stdethers STDHOSTS=$(YPDIR)/stdhosts MKNETID=$(SBINDIR)/mknetid MKALIAS=$(YPDIR)/mkalias New ipnodes maps (ipnodes.byname mapping contains information used by yppasswdd to read and write password aging information to the DIT. The two new variables are INETDIR. Inc. Enterprise Services. NIS clients and servers can communicate using either IPv4 or IPv6 RPC transports.byaddr and ipnodes. All Rights Reserved. Naming Services Copyright 2006 Sun Microsystems. The ageing. The maps store both IPv4 and IPv6 addresses. and RBACDIR and are found in the first section of the /var/yp/Makefile file. If password aging is not being used. Revision A 16-9 . modify the /var/yp/Makefile file. you need the source files. You can find source files in the /etc directory on the master server. See the ipnodes(4) man page for more information.byname) have been added to NIS.Configuring the NIS Domain Configuring the NIS Domain To generate NIS maps. and converts ASCII source files into NIS maps. then it can be commented out of the mapping file. you may also want to have one of the students bring up http://www. The primary role of N2L is to support the following tasks: ● ● Importing NIS maps into the LDAP Directory Information Tree (DIT) Client access to that information in the DIT.Configuring the NIS Domain NIS to LDAP Transition Tool Between Solaris 9 and Solaris 10.com/bigadmin/content/n2l/NIS2LDAP. Revision A .auto maps easy to set Custom maps can be done based on templates set up for standard maps. Scripts make standard + . 16-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. ● ● Details about N2L can be found on docs. in the "Naming and Directory Services (DNS. see the man pages for ypserv(4) and NISLDAPmapping(4) If you are teaching an LVC. N2L is a replacement for the existing NIS server side product which provides a migration path from NIS to LDAP. a new transition tool for migrating NIS to LDAP was introduced.sun.com.pdf in a shared window to keep the students interest. Also. NIS. It enables NIS maps to be synchronized with NIS like information in the directory and accessed with NIS like speed and extensibility. All Rights Reserved. Enterprise Services. Inc. with NIS-like speed and extensibility Other key points of N2L are: ● LDAP server may be on same machine as NIS server (recommended) or a different machine. and LDAP)" of the System Administration Guide. TheNIS to LDAP transition tool is commonly refered to as N2L.sun. All Rights Reserved. Enterprise Services. Revision A . you should be able to describe the differences in: ● ● ● ● Boot Services Identification Services Configuration Services Installation Services 17-1 Copyright 2006 Sun Microsystems. Inc.Module 17 Configuring the Custom JumpStart Procedure Objectives Upon completion of this module. and 10: ● ● What are the new keywords in Solaris 9 and 10? What is the effect of SMF on Jumpstart? 17-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. While they are not expected to know the answers to these questions. the answers should be of interest to them and inspire them to learn the material presented in this module.Relevance Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. 9. ! ? Discussion – The following questions are relevant to understanding what the changes are between Solaris 8. All Rights Reserved. Inc. Enterprise Services. Revision A . Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration. Inc. All Rights Reserved. PN 817-0403 System Administration Guide: IP Services. PN 817-1985 System Administration Guide: Advanced Administration. PN 816-4554-11 Configuring the Custom JumpStart Procedure Copyright 2006 Sun Microsystems. Revision A 17-3 . Enterprise Services. FMRI svc:/network/nfs/mapid:default svc:/network/nfs/cbd:default svc:/network/nfs/server:default svc:/network/nfs/status:default svc:/network/nfs/nlockmgr:default svc:/network/nfs/client:default svc:/network/nfs/rquota:ticlts svc:/network/nfs/rquota:udp # svcs -a |grep nfs STATE STIME disabled 14:56:34 disabled 14:56:34 disabled 14:56:36 online 14:56:56 online 14:56:57 online 14:57:13 online 14:57:13 online 14:57:13 2. Use the svcadm command to enable the NFS services if required: # svcadm enable network/nfs/server:default 3. # svcs -a |grep nfs STATE STIME disabled 14:56:34 online 14:57:13 online 16:01:13 online 16:01:13 online 16:01:14 online 16:01:14 online 16:01:15 FMRI svc:/network/nfs/cbd:default svc:/network/nfs/client:default svc:/network/nfs/status:default svc:/network/nfs/nlockmgr:default svc:/network/nfs/mapid:default svc:/network/nfs/rquota:ticlts svc:/network/nfs/server:default 17-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. which changed the way processes are started and stopped. there were no changes between these two versions of the Operating System. Enterprise Services.Introducing JumpStart Differences Introducing JumpStart Differences JumpStart is an automatic installation process available in the Solaris OS. and if necessary. start them: 1. Revision A . Check that the NFS service is online. All Rights Reserved. After the /etc/dfs/dfstab file has been edited. depending on the characteristics of client systems. Run the svcs command to check that NFS services are enabled. you must verify that NFS services are running. JumpStart enables you to install the Solaris OS automatically and configure it differently. Solaris 10 introduced SMF. Boot Services Solaris 8 and 9 used the same boot services. Inc. Installation Services JumpStart clients require support from a server to find an image of the Solaris OS to install. the default router configuration became required. Inc. Revision A 17-5 . Identification items are configurable through the sysidcfg file and through a Name Service. In Solaris 9. or local disk. A system that provides this service is called an install server. Configuration Services JumpStart clients require support from a server to obtain answers for system configuration questions that they issue. # share - Verify that the /export/config and /export/install directories are currently shared. Sources of the Operating System Image An install server provides the Solaris Operating System image by sharing one of the following: Configuring the Custom JumpStart Procedure Copyright 2006 Sun Microsystems. Solaris 10 introduced the ability to configure multiple network interfaces. Enterprise Services. All Rights Reserved.Introducing JumpStart Differences online # 16:01:15 svc:/network/nfs/rquota:udp 4. /export/install /export/config ro. An install server shares a Solaris OS image from a CD-ROM.anon=0 ro "" "" Identification Services JumpStart clients require support from a server to automatically get the answers to system identification questions that the client systems issue. Solaris 10 introduced the ability to add or delete software packages and patches that were not part of the installation media. JumpStart clients use the NFS service to mount the installation image during the installation process. DVD. and 4. A Flash Install Image The Flash Archive and Flash Installation functionality was introduced in Solaris 9. The modify_install_server script was available in Solaris 8 and 9. 17-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. the Solaris Media Kit has been available on either CD-ROM or DVD media. All Rights Reserved. Flash installation is significantly faster than the current JumpStart installation or a network installation method.Introducing JumpStart Differences ● ● ● The Solaris OS Software 1 CD-ROM The Solaris OS Software DVD A spooled image of the Solaris Operating System obtained from either the CD-ROM or DVD media Flash Installation. which was introduced with Solaris 9 ● Beginning with the Solaris 8 2/02 release. Revision A . and removed in Solaris 10. When you spool the Solaris Operating System image from CD-ROM or DVD. The setup_install_server script enables you to spool the boot and installation images from the Solaris OS 1 CD-ROM or from the DVD. Enterprise Services. 3. hardware configuration. The Spooled Image An install server can provide installation services by sharing a spooled image on a local disk. Inc. The add_to_install_server script enables you to spool additional installation image data from CD-ROMs 2. and third-party software packages prior to creation of the clones Examples of the sysidcfg File The Solaris OS JumpStart clients require a sysidcfg file to answer identification questions that cannot be provided by default from a name service. Flash allows detailed customization of the Solaris Operating System. the result is a directory that contains the boot image and the installation image. It enabled an interactive Solaris Web Start style of installation on the client. 10.255.168. The capability to configure multiple network interfaces in the sysidcfg file was introduced in Solaris 9 (9/04).0 default_route=192.10. Revision A 17-7 .2.1} network_interface=qfe0 { network_interface=qfe1 { network_interface=qfe2 { dhcp protocol_ipv6=no } network_interface=qfe3 { ip_address=192.255.101 protocol_ipv6=no netmask=255.2. network_interface=hme0 { primary hostname=sys01 ip_address=192.255.2.255.10.1 root_password=Hx23475vABDDM Configuring the Custom JumpStart Procedure Copyright 2006 Sun Microsystems.168.10. All Rights Reserved.2.168.1} hostname=sys02 ip_address=192.255.255.1} security_policy=none name_service=none timezone=US/Mountain system_locale=en_US timeserver=192.10 protocol_ipv6=no netmask=255.2.100 root_password=Hx23475vABDDM The following example shows a sysidcfg file which is used to configure multiple network interfaces.10.2.0 default_route=192.2. Inc.168.10.168.100} security_policy=none name_service=none timezone=US/Mountain system_locale=en_US timeserver=192.0 default_route=192.168.10.121 protocol_ipv6=no netmask=255.255.0 default_route=192.255. Enterprise Services.111 protocol_ipv6=no netmask=255.168.255.1} hostname=sys01 ip_address=192.0 default_route=192.10.255.Introducing JumpStart Differences The following is an example of a basic sysidcfg file. with the default router addition from Solaris 9 highlighted: network_interface=hme0 {primary protocol_ipv6=no netmask=255. ok file that allows the JumpStart client to select a profile file. The rules file enables groups of clients with the same characteristics to be grouped together as a class. Enterprise Services. they must be in Data Stream format. Consequently the profile file is frequently referred to as the class file. The keyword has been enhanced to allow package installations that are not part of the installation media. Packages to be installed can be obtained from the following sources: ● ● ● ● NFS server HTTP server Local device Local file If adding packages to a system through http(s). the JumpStart server provides a rules. particularly with Solaris 8. they must be in jar format.Introducing JumpStart Differences Changes to the Profile File In order to provide configuration services. Revision A . Previously this was only possible by using a finish script. In Solaris 10. Inc. All Rights Reserved. 17-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. If adding patches to a system through http(s). the following profile keywords were added or enhanced: patch filesys mirror metadb package package_name patch_id_list | patch_file patch_location device size file_system optional_parameters slice [size in blocks] [number] add | delete The package and patch keywords The package keyword prior to Solaris 10 was only used to add or delete packages from the installation that were part of the installation media. 122223-01 nfs sys01:/solaris_10/patches Configuring the Custom JumpStart Procedure Copyright 2006 Sun Microsystems. Revision A 17-9 . Previously patches had to be installed either manually or with a finish script.Introducing JumpStart Differences The syntax for the entry in the profile varies depending on the location selected. Patches can be obtained from the following sources: ● ● ● ● NFS server HTTP server Local device Local file Table 17-2 Patch keyword syntax Source NFS Syntax Example patch list_file nfs://sys01/solaris_10/patches patch 112345-06. Inc. Enterprise Services. All Rights Reserved. Table 17-1 Package Syntax Package Source NFS Syntax example package SUNWnew add nfs sys01:/var/spool/pkg/Solaris_10 or package SUNWnew add nfs://sys01/var/spool/pkg/Solaris_10 package SUNWnew add http://sys01/solaris10 or package SUNWnew add http://sys01/solaris10 proxy sys02:8080 package SUNWnew add local_device c0t6d0s0 /solaris10/pkg ufs package SUNWnew add local_file /solaris10/pkg HTTP local_device local_file Adding Patches Using the patch Keyword (New in Solaris 10) The patch keyword has been introduced in Solaris 10 to allow patches to be installed during the JumpStart process. Table 17-2 shows patch keyword syntax. as shown in Table 17-1. All Rights Reserved.223344-04 local_device c0t6d0s0 /solaris10/Patches patch list_file local_device c0t6d0s0 /solaris10/Patches patch 112233-01. Inc.223344-04 local_file /solaris10/Patches patch list_file local_file /solaris10/Patches The cluster keyword requires a parameter that lists name of the configuration cluster you want to install. Revision A .223344-04 http://sys01/solaris10/patches patch list_file http://sys01/solaris10/patches patch 112233-01.Introducing JumpStart Differences Table 17-2 Patch keyword syntax Source HTTP Syntax Example patch 112233-01. Table 17-3 Possible Entries for the cluster Keyword Interactive Installation Name Minimal Core Metacluster (new in Solaris 9) Reduced Network (new in Solaris 10) Core End User Developer Entire Distribution Entire Distribution Plus OEM Support Configuration Cluster Name SUNWCmreq SUNWCrnet SUNWCreq SUNWCuser SUNWCprog SUNWCall SUNWCXall local_device local_file See the Solaris™ 10 System Release and Installation Collection for a description of the clusters and packages available on the Solaris 10 Software Distribution CD-ROMs. 17-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Table 17-3 defines configuration cluster names according to the common names used for them during the interactive installation routine. Enterprise Services. All Rights Reserved. /usr. Inc. except that the swap partition size set to 128 Mbytes.soft SUNWCprog SUNWman delete SUNWypr add SUNWypu add The following example describes a profile file that installs the Entire Distribution configuration cluster (SUNWCall). The syntax of the profile filesys keyword is: filesys [mirror[:name] slice slice size file_system [mount_options] Configuring the Custom JumpStart Procedure Copyright 2006 Sun Microsystems./usr/share/man ro. install_type system_type partitioning filesys filesys filesys filesys filesys cluster package initial_install standalone explicit c0t0d0s0 150 / c0t0d0s1 128 swap c0t0d0s6 800 /usr c0t0d0s7 free /var c0t1d0s7 all /opt SUNWCall SUNWman delete Creating RAID-1 Volumes using the Profile File The filesys keyword can be used in the profile file to create RAID-1 volumes on the client system. SUNWypr and SUNWypu. and /opt file systems. The example uses explicit partitioning and declares the slices and sizes assigned to the root (/). /var. The manual pages from this cluster (SUNWman) are deleted because the client mounts them from the server named server1. swap. install_type system_type partitioning filesys filesys cluster package package package initial_install standalone default any 128 swap # specify size of swap server1:/usr/share/man . Revision A 17-11 . The client installs the developer configuration cluster (SUNWCprog) and adds the NIS packages. Enterprise Services. and removes the SUNWman package.Introducing JumpStart Differences Examples of Profile Files The following example describes a profile file that uses default partitioning. The root (/) file system is created and mirrored on the slices c0t0d0s0 c1t3d0s0 and is 850 Mbytes in size. Inc. The swap slice is created on c0t0d0s3 and is 512 Mbytes in size. The /var file system is created and mirrored on the slices c0t0d0s1 and c1t3d0s1. one is automatically provided. Note – If you mirror a slice that contains a Volume Table of Contents (VTOC). 2. The administrator may choose to create additional metastate databases. 6. The size of the mirror is 850 Mbytes and is used as the mount point for the root file system. The installation type is an initial installation. 17-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. 5. Slice c1t3d0s3 is 512MB in size but is not allocated to any file system. The resulting RAID volumes are automatically assigned names as none is specified. /usr. The RAID-1 volume is called d10. The Entire Distribution Plus OEM software cluster is to be installed. Enterprise Services. Revision A . slice c0t0d0s0 and c1t3d0s0. 4. and /var file systems: install_type cluster filesys filesys filesys filesys metadb metadb filesys filesys filesys initial_install SUNWCXall mirror c0t0d0s0 mirror:d10 c0t0d0s1 c0t0d0s3 c1t3d0s3 c0t0d0s4 c1t3d0s4 mirror c0t0d0s6 c0t0d0s7 c1t3d0s7 c1t3d0s0 c1t3d0s1 850 1000 512 512 / /var swap count 4 count 4 c1t3d0s6 5000 /usr free /export/home free The following list describes this example: 1. 3. All Rights Reserved.Introducing JumpStart Differences The following example creates a mirror called d12 consisting of two components. The mirror keyword causes one state database replica to be put on each slice in the mirror automatically. you must mirror it to a slice that also contains a VTOC. The following profile example creates RAID-1 volumes (mirrors) for the root (/). filesys mirror:d12 c0t0d0s0 c1t3d0s0 850 / If a name is not provided for the mirror. All Rights Reserved. Inc. 8. Slice c1t3d0s7 is created on the remaining free space on c1t3d0 but is not allocated to any file system. 10.Introducing JumpStart Differences 7. The /usr filesystem is created and mirrored on slices c0t0d0s6 and c1t3d0s6. Revision A 17-13 . The name of the RAID-1 volume is automatically assigned. 9. The /export/home file system is created on the remaining free space on disk c0t0d0. Configuring the Custom JumpStart Procedure Copyright 2006 Sun Microsystems. Four state database replicas are created on slice c0t0d0s4 and slice c1t3d0s4. Enterprise Services. sh script call it. Finish Scripts Finish scripts are Bourne scripts that JumpStart clients run after installing the Solaris Operating System but before they reboot. or a file that is available on local media. and have the sysidcfg finish. you can initiate the installation process on the JumpStart client. Inc. so you can shorten the installation time by using the nowin option. As of Solaris 8 7/01 new options have been added for use with the boot command when you perform a custom JumpStart installation: With the boot command. The nowin option enables you to specify that the custom JumpStart program not begin the X program. All Rights Reserved. an NFS server. Revision A . This finish script allows the user to specify the NFS4 domain. you can require that the installation program prompt you for the path after the machine boots and connects to the network. within the script. You can specify a path to an HTTP server. 17-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. you can specify the location of the configuration files to use to perform the installation. Finish scripts allow you to perform a variety of post-installation tasks on the JumpStart client. If you do not know the path to the files.Introducing JumpStart Differences Booting the JumpStart Client After the JumpStart server has been configured to provide all of the required services. Enterprise Services. including: ● ● ● ● Setting the power-management configuration Retrieving backed-up data from a server on the network Copying selected files from a JumpStart server to the client Specify the NFS4 domain The NFSv4 Finish Script (New in Solaris 10) A sample script is delivered as part of the JumpStart sample files in the CD’s s0/Solaris_10/Misc/jumpstart_sample directory. You do not need to use the X program to perform a custom JumpStart installation. ...NFS4inst_state. Inc.*\$/${VAR}=${VALUE}/" ${FILE} > ${TFILE} mv ${TFILE} ${FILE} . sysidnfs4 is executed by sysidconfig as explained above.. Revision A 17-15 . FILE=/a/etc/default/nfs STATE=/a/etc/. TFILE=${FILE}. # echo "setting NFSv4 domain" . echo $f4)‘ chmod ${PERM} ${FILE} touch ${STATE} exit 0 Configuring the Custom JumpStart Procedure Copyright 2006 Sun Microsystems. All Rights Reserved.Introducing JumpStart Differences The provided script sets the NFSMAPID_DOMAIN setting in /etc/default/nfs and create the /etc/.. Upon first system boot.. IFILE=‘echo ${FILE} | sed -e "s|^/a||g"‘ PERM=‘grep "^${IFILE} e" /a/var/sadm/install/contents | (read f1 f2 f3 f4 f5 .domain state file.. Enterprise Services. but the existence of the state file prevents any further prompts for the name of the NFSv4 domain.. NFS4_DOMAIN=foo.NFS4inst_state..1 04/11/08 SMI # .domain VAR=NFSMAPID_DOMAIN VALUE=${NFS4_DOMAIN} . The NFSv4 finish script (edited for brevity) is shown below: # cat /cdrom/cdrom0/s0/Solaris_10/Misc/jumpstart_sample/set_nfs4_domain #!/bin/sh # # @(#)set_nfs4_domain 1.$$ sed -e "s/^#[ ]*${VAR}=.bar .. . Revision A . Inc. Enterprise Services. you should be able to describe the differences in: ● ● ● Describe the Flash installation feature Manipulate a Flash archive Use a Flash archive for installation 18-1 Copyright 2006 Sun Microsystems.Module 18 Performing a Flash Installation Objectives Upon completion of this module. All Rights Reserved. Inc. All Rights Reserved. the answers should be of interest to them and inspire them to learn the material presented in this module. While they are not expected to know the answers to these questions.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. 9. and 10: ● ● What are the requirements and limitations for using Flash Archives? How do I use a Flash Archive in an installation? 18-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. ! ? Discussion – The following questions are relevant to understanding what the changes are between Solaris 8. Revision A . PN 817-0403 System Administration Guide: IP Services. All Rights Reserved. Inc. PN 817-1985 System Administration Guide: Advanced Administration. Revision A 18-3 . Enterprise Services. PN 816-4554-11 Solaris 10 Installation Guide: Solaris Flash Archives (Creation and Installation) PN 817-5668 Performing a Flash Installation Copyright 2006 Sun Microsystems.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● ● System Administration Guide: Basic Administration. Hardware Requirements The recommended system specifications for a Flash installation are: ● A SPARC system for the clone and a SPARC system for the master (or an UltraSPARC® system for the clone and an UltraSPARC system for the master). and peripheral device package that you want on the clone. you must include the necessary Solaris OS software support in the archive. to create a clone that uses an Elite3D framebuffer. Revision A .Introducing Flash Archives and Installations Introducing Flash Archives and Installations The Flash installation feature lets you create a single reference installation of the Solaris OS on a master system. Further customization can be done when creating the archive. Before you create the archive. and by enabling or disabling SMF managed services. and modifying configuration files. Inc. Customization can include adding or removing software packages. For example. hardware. such as sun4u. ● ● 18-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The master and the clone must have the same kernel architecture. Flash installation is a three-stage process involving: ● ● ● Installing and customizing the master system Creating a Flash archive on the master system Deploying the Flash archive to the clone system Installing the Master The Flash installation feature uses one or more archives created from a master system that acts as a reference configuration. All Rights Reserved. adding third-party or unbundled software products. you must install and configure the master with the exact software. Flash Archives were introduced in an Update to Solaris 8. such as the SMF method scripts and run control script. and then replicate the installation on other systems known as clones. The master system is an installed system that has been customized as required. (even if the master does not use the Elite3D card). Enterprise Services. or being booted from the Solaris 10 OS 1 CDROM. Options during installation are: ● ● ● ● ● ● Network file system (NFS) server Hypertext Transfer Protocol (HTTP) server File Transfer Protocol (FTP) server Local or remote tape Compact Disc Read-Only Memory (CD-ROM) Local drive of clone machine The Flash installation process involves creation of the Flash archive prior to the deployment of the Flash archive to the clones. The Entire Distribution + OEM software group is recommended for you to be able to include all files and driver support when creating the Flash archive. Revision A 18-5 . or DVD. Creating and Manipulating Flash Archives The Flash archive is derived from the current installation on the master system. You can easily transfer the archive as a large file from server to server to deploy it to the clone systems.Introducing Flash Archives and Installations Software Requirements The recommended software specifications for a Flash installation is: The Flash utility is installed as part of the Solaris OS. You can create the archive when the system is running in single-user mode. multiuser mode. Enterprise Services. You can only create the archive from material available on the master system. the configuration of the Solaris Volume Manager software and the current versions of the Solaris OS: ● ● Flash does not support metadevices or non-UFS file systems. Inc. including. All Rights Reserved. Performing a Flash Installation Copyright 2006 Sun Microsystems. Limitations of the Flash Utility There are certain limitations to the Flash utility. During installation you must specify a directory and a location where the Flash archive resides. but not limited to. The syntax for the flar create command is: flar create -n name [-R root] [-A old_root] [-t [-p posn] [-b blocksize]] [-i date] [-u section [-d path ]] [-U key=value] [-m master] [-H] [-S] [-c] [-M] [-I] [-f [ list_file | .Introducing Flash Archives and Installations Note – Ensure that the master is running as stable as possible during archive creation. The Flash installation utility comprises two commands: ● You can use the /usr/sbin/flar create command set to create an archive on the master. Used when creating differential archives. Compress the archive using the compress command. ● Creating a Flash Archive Options to the flar create command which are new in Solaris 10 are noted in the table below by the comment "New in S10"...] [-z filter_list_file] archive where: -n -R -A -i -S -c -t Specify the name of the archive. (New in S10) Set alternative creation date. Location of source master image. (New in S10) Do not include sizing information in the archive. Revision A . Inc. Enterprise Services. to split an archive.] [-X list_file] [[-y include_dir/file [-y include_dir/file].] [-F]] [-a author] [-e descr | -E descr_file] [-T type] [[-x exclude_dir/file][-x exclude_dir/file].. Specify the root of the Flash archive in the currently running system is not to be used.. 18-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. or to combine archives. You can use the /usr/sbin/flar administration command to extract information from an archive. Create an archive on a tape device. Determining the size of the archive. 2034098 blocks Archive creation complete... Examples The following example shows the creation of a Flash archive used to install other systems. Enterprise Services.. Do not create a manifest. In the example : -n flash_root is the name of the Flash archive -c causes the archive to be compressed -R / creates the archive rooted at the root (/) directory -e root_archive is the description of the archive -x /export/flash excludes this directory from the archive Performing a Flash Installation Copyright 2006 Sun Microsystems. Used when creating differential archives. Revision A 18-7 .98MB.Introducing Flash Archives and Installations -m -M -a -e -x -X -y -z archive Specify the name of the master on which you created the archive.. Creating the archive. (New in S10) Specify the author of the archive. All Rights Reserved. The master should be as quiescent as possible: ● ● ● Run the system in single-user mode Shut down any applications you want to archive Shut down any applications that use extensive system resources # flar create -n flash_root_archive -c -R / -e root_archive \ -x /export/flash -a admin_operator -S /export/flash/flash_archive1 Determining which filesystems will be included in the archive. The archive will be approximately 517.. (New in S10) Specify the path to the Flash archive. Specify the description of the archive. Exclude the named files in the file list.. (New in S10) Include the named directory or file (New in S10) Include files prefixed with a plus sign and exclude files prefixed with a minus sign in the file list. Exclude the named directory or file from the archive. Inc. You can split an archive into sections. add new sections. The syntax for the flar command is: flar info archive flar combine archive flar split archive where: info Retrieves information about archives that have been created 18-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. Revision A . Administering a Flash Archive You use the /usr/sbin/flar command to perform archive administration. which enables you to modify some sections.Introducing Flash Archives and Installations -a admin_operator is the author of the archive -S do not include sizing information Note – Be sure that you have enough disk space to contain the Flash archives that you build. Do not modify the Archive Files section or you compromise the integrity of the archive. After you have modified the sections. The following example creates a Flash archive and customizes the files to be included in the archive: # flar create -n local_apps -x /usr/local/ -y /usr/local/custom_scripts local_archive -n local_apps is the name of the archive -x /usr/local is excluded from the archive -y /usr/local/custom_scripts is included on the archive The archive is created from the root (/) directory as -R has not been specified. you might want to add a User-Defined section or modify the Archive Identification section. For example. Inc. or delete sections. All Rights Reserved. the /export/flash directory is large enough to contain the 518 Mbyte archive. you need to merge the sections to create an new archive. In the above example. All Rights Reserved. Revision A 18-9 . Enterprise Services.UltraSPARC-IIi-cEngine creation_processor=sparc creation_release=5.10 creation_os_name=SunOS creation_os_version=s10_68 files_compressed_method=compress content_architectures=sun4u type=FULL The header of the archive file contains the following identification parameters for the archive: ● content_name – The name of the archive (in this case. To list the header data that is created with the archive. Performing a Flash Installation Copyright 2006 Sun Microsystems. use the flar info command: # flar info flash_archive1 archive_id=f67e46f0096ab9ac580cea5ba3ffeb72 files_archived_method=cpio creation_date=20041005160703 creation_master=sys65 content_name=build68 creation_node=sys65 creation_hardware_class=sun4u creation_platform=SUNW. flash_directoryname_archive) creation_date – The date that the archive is created (from the master) creation_master – The name of the master (in this case. sys65) Other information about the archive ● ● ● You can also use additional keywords for administering the archive. Inc.Introducing Flash Archives and Installations combine split Combines the individual sections that make up an existing archive into a new archive Splits an archive into one file for each section of the archive Keywords exclusive to Flash and identification of the archive can be viewed from the online manual pages. This process can create multiple clones of the master. depending on how you set up your installation server. You can use any of the Solaris OS installation methods to install Flash archives. 18-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. or completely hands-off. All Rights Reserved. Inc.Introducing Flash Archives and Installations Using a Flash Archive for Installation The third and final stage of the Flash installation is the deployment of the archive onto the clone. Enterprise Services. Revision A . for example: ● ● ● ● Install Flash archives with the Solaris Web Start program Install Flash archives with the Solaris OS suninstall program Install Flash archives with a JumpStart installation The WAN Boot procedure The initial steps for using a Flash archive for installation are the same as setting up for a JumpStart installation. Using a Flash archive can be interactive during the installation. Selecting "Standard" allows you to choose between initial install and upgrade. Performing a Flash Installation Copyright 2006 Sun Microsystems. The installation proceeds the same as a standard installation until you reach the Solaris Interactive Installation screen. Depending on your installation method. you press the appropriate function key or it’s Escape key equivalent.Introducing Flash Archives and Installations Flash Installation Demonstration 1. a summary of your selections (called a profile) will be displayed. Solaris Interactive Installation On the following screens. a series of character-based curses screens appear. you can accept the defaults or you can customize how Solaris software will be installed by: Selecting the type of Solaris software to install Selecting disks to hold software you’ve selected Selecting unbundled products to be installed with Solaris Specifying how file systems are laid out on the disks ok boot cdrom -nowin After completing these tasks. Inc. . Enterprise Services. or DVD."Flash" installs your system from one or more Flash Archives. Note – The text screens shown in this installation sequence have been edited for brevity and readability. All Rights Reserved. 2. Revision A 18-11 . Read the curses-based content. F2_Standard F4_Flash F5_Exit F6_Help You can select either a standard installation or a Flash installation. and use the function or escape key sequences to progress to the next prompt. if your system is upgradable. Boot the Flash clone system from the Boot PROM prompt as follows: After the pre-installation phase completes. Insert the Solaris 10 OS 1 CD-ROM. answer any relevant prompts. There are two ways to install your Solaris software: ."Standard" installs your system from a standard Solaris Distribution. When you select a retrieval method. All Rights Reserved.30:/export/install/flash_archive1 F2_Continue F5_Cancel F6_Help 18-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Flash Archive Addition Please specify the path to the network file system where the Flash archive is located. Inc. and press F2 to continue. select "Local Tape". Revision A . 4. The retrieval method depends on where the archive is stored.flar ========================================================================= NFS Location: 192. Follow the prompts that follow and answer the relevant questions until you come to the Flash Archive Retrieval Method window. Press F4 to select a Flash installation. For example. Available Retrieval Methods ======================================== [ ] HTTP[S] [ ] FTP [X] NFS [ ] Local File [ ] Local Tape [ ] Local Device F2_Continue F5_Cancel F6_Help When performing Flash archive installations. One commonly used version is to retrieve the archive from the master as NFS-shared files. In the NFS retrieval method. you can select any one of six retrieval methods. Select NFS.30.168.Introducing Flash Archives and Installations 3. the next screen prompts you for the server and location. Flash Archive Retrieval Method On this screen you must select a method to retrieve the Flash archive. if the archive is stored on a tape. Remember to use the IP address of the server instead of the server name. Enterprise Services. you must select a specific location. For example: NFS Location: syrinx:/export/archive. If you want to add another archive to install select "New". you are prompted for additional Flash archive names. and if you can locate the Flash archive within the file system. Performing a Flash Installation Copyright 2006 Sun Microsystems. The first Flash archive you install must also contain a bootable Solaris OS image. If the NFS file system is mounted and shared. A Solaris OS image must exist on a clone system before you can install additional Flash archives.Introducing Flash Archives and Installations 5. ========================================================================= [X] ** c0t0d0 19457 MB (F4 to edit) [ ] c1t0d0 8633 MB Total Selected: Suggested Minimum: F2_Continue F3_Go Back F4_Edit F5_Exit 19457 MB 2171 MB F6_Help The Select Disks window identifies where you want to install the Flash archive. Retrieval Method Name ==================================================================== NFS build74L2 F2_Continue 6. you add a Flash archive. Keep selecting disks until the Total Selected value exceeds the Suggested Minimum value. Press F2 to continue. This disk is now the boot disk for the clone system. Enterprise Services. Inc. NOTE: ** denotes current boot disk Disk Device Available Space F3_Go Back F4_Edit F5_New F6_Help Press F2 to continue. Revision A 18-13 . Flash Archive Selection You selected the following Flash archives to use to install this system. Next. Select Disks On this screen you must select the disks for installing Solaris software. All Rights Reserved. this value is the approximate space needed to install the software you’ve selected. Start by looking at the Suggested Minimum field. Press F2 to continue.Introducing Flash Archives and Installations 7. and how changing them may affect the operation of the system. The existing specification brings up the next screen where you are prompted to customize the existing partitions. Revision A . File System and Disk Layout The summary below is your current file system and disk layout. Press F2 to continue. Enterprise Services. while existing partitioning specifies that you should leave the disk as currently configured. 8. NOTE: If you choose to customize. The system is queried and you are given the opportunity to preserve any existing data on the target disk. All Rights Reserved. their intended purpose on the disk. Inc. you should understand file systems. File sys/Mnt point Disk/Slice Size ======================================================================== / c0t0d0s0 5000 MB swap c0t0d0s1 512 MB overlap c0t0d0s2 19457 MB /export/home c0t0d0s7 13945 MB F2_Continue F3_Go Back F4_Customize F5_Exit F6_Help The File System and Disk Layout window appears. This screen varies according to your disk partition specification in the preconfigured profile files. Explicit partitioning configures the disk as specified in the profile file. 18-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. If you decide to preserve data you then select the file systems to preserve. based on the information you’ve supplied. -Profile The information shown below is your profile for installing Solaris software. Press F2 to continue. Enterprise Services. It reflects the choices you’ve made on previous screens. All Rights Reserved. you see the volume table of contents (VTOC) information. Performing a Flash Installation Copyright 2006 Sun Microsystems. provides a progress slide bar and numerical indication of how far the installation has progressed. Inc. The Mount Remote File Systems window appears. ======================================================================== Installation Option: Flash Boot Device: c0t0d0 Client Services: None Software: 1 Flash Archive NFS: build74L2 File System and Disk Layout: / swap /export/home Esc-2_Begin Installation F4_Change F5_Exit c0t0d0s0 3227 MB c0t0d0s1 512 MB c0t0d0s7 15718 MB F6_Help The profiling phase of the Flash installation is now complete. If you are satisfied with the selections. Review your selections and make changes.Introducing Flash Archives and Installations 9. The Solaris Flash Install install window. press F2 to continue. if necessary. If your Flash archives are stored on the master Flash archive server. press F2 to begin the installation. When you start the installation. Revision A 18-15 . 10. After you install the Flash archive. All Rights Reserved.log’ is located in /var/sadm/system/logs after reboot. [c] 18-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems./a/var/sadm/system/logs/install_log (before reboot) .. The begin script log ’begin. Revision A .Network host addresses (/etc/hosts) Cleaning devices Customizing system devices .Introducing Flash Archives and Installations The next screen shows the steps involved in completing the Flash installation. Enter ’p’ to pause.Unselected disk mount points (/var/sadm/system/data/vfstab./var/sadm/system/logs/install_log (after reboot) Flash installation complete Executing JumpStart postinstall phase.. The wizard will continue to the next step unless you select "Pause". depending on your earlier configuration. Pausing for 90 seconds at the "Reboot" screen.Installing boot blocks (c0t0d0s0) Installation log location . Inc.Physical devices (/devices) .Logical devices (/dev) Installing boot information . the cleanup scripts complete the installation housekeeping tasks. Customizing system files . Enterprise Services.Mount points table (/etc/vfstab) . Enter ’c’ to continue.unselected) . and the system either reboots or prompts you to reboot. It is usual to encounter errors on the first reboot after a Flash install. Use is subject to license terms. Inc. because the actual device configuration might differ between master and clone systems. Creating new rsa public/private host key pair Creating new dsa public/private host key pair sys41 console login: Performing a Flash Installation Copyright 2006 Sun Microsystems. The first reboot reconfigures the devices.0:a File and args: SunOS Release 5.10 Version s10 64-bit Copyright 1983-2005 Sun Microsystems.eri0 : 100 Mbps half duplex link up Configuring devices. All rights reserved. Reboot the system to complete the installation operation. Hostname: sys41 Loading smf(5) service descriptions: 118/118 checking ufs filesystems /dev/rdsk/c0t0d0s7: is logging. All Rights Reserved. Enterprise Services. Notice that the device configuration might not correspond to the devices on the system.0/ide@d/disk@0. Inc. SUNW. Revision A 18-17 . Rebooting with command: boot Boot device: /[email protected] Flash Archives and Installations 11. All Rights Reserved. A source master image. 18-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. The differential archive only overwrites files specified in the archive. and an updated master image. Enterprise Services. NFS. unchanged_master_image_dir is a directory where the unchanged master system image is stored or mounted through UFS. called a manifest. The differential archive is made up of just the differences between the two images. or lumount. A differential archive fails if the clone has been manually updated after it was Flash installed from the master source. If the master has been updated. rather than the entire installation on the clone. A list of new. The unchanged master image can be: ● ● ● A live upgrade boot environment mounted onto a directory An unchanged clone system mounted onto a directory using NFS An expanded flash archive on the local system Creating a Differential Flash Archive You use the flar create command to create a Differential Flash Archive. Options for creating a Differential Archive are: Option -A unchanged_master _image_dir Description Creates a differential archive by comparing a new system image with the image that is specified by the unchanged_master_image_dir argument. or packages have been added or removed. A differential archive requires two images to compare. By default this updated master image is the updated image. by applying patches. these changes can be applied as a differential archive. Revision A . it is now possible to update that system with changes by using a differential archive. changed or deleted files is generated.Differential Flash Archives Differential Flash Archives If you have previously installed a clone using a Flash archive. such as the original master flash configuration that has been left untouched. for example. Inc. but it can be an image stored elsewhere. All Rights Reserved. This list is stored in the manifest section of the archive. When creating a differential archive. Use of this option avoids such a check and saves the space that is used by the manifest section in a differential archive. and are to be deleted from the archive. are changed. When the differential archive is deployed. When you use this option. ensuring the integrity of the clone system. the software uses this list to perform a file-by-file check. flar create creates a long list of the files in the system that are unchanged. JumpStart Keywords for Solaris Flash Archives The only keywords that are valid when you install a Solaris Flash archive are the following: Initial Installation X X X X X X X X X X X X X Differential Archive X X Keyword archive_location (required) fdisk (x86 only) filesys forced_deployment install_type (required) local_customization no_content_check no_master_check package root_device Performing a Flash Installation Copyright 2006 Sun Microsystems. Revision A 18-19 . Enterprise Services.Differential Flash Archives Option -M Description Excludes the manifest file. no validation occurs on the differential archive. Inc. This second image is to be used to compare the two system images. ● ● ● 2. Mount the directory of a copy of the saved-unchanged master image. you can use Solaris Live Upgrade to install the differential archive on an inactive boot environment. Access the image by the following methods.Differential Flash Archives The steps to create Differential Flash Archive are as follows: 1. (Optional) Prepare customization scripts to reconfigure or customize the clone system before or after installation. the master system should be running a duplicate of the original archive. 18-20 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. 3. Install the Differential Archive on clone systems with custom JumpStart. Before changes are made. Inc. Enterprise Services. 5. Create the differential archive with the -A option of the flar create command. Revision A . Mounted from a Solaris Live Upgrade boot environment Mounted from a clone system over NFS Restored from backup by using the ufsrestore comman 4. All Rights Reserved. Or. Prepare the master system with changes. skip the disk space check and ignore the integrity check. you will create a Flash archive of specific directory contents. include /usr/bin/cat command. Inc.Exercise: Creating a Flash Archive Exercise: Creating a Flash Archive In this lab. Use the plus (+) and minus (-) signs when creating the file. Create a Flash archive that excludes all of the following directories: ● ● ● ● ● ● ● ● ● ● /usr/bin/ /usr/share/ /var/apache/htdocs/flashdir/ /var/sadm/pkgs/ /usr/sfw/ /usr/openwin/ /usr/perl5/ /usr/dt/ /usr/apache2/ /usr/staroffice7/ In addition. Preparation The following tasks require a system that is running the Solaris 10 Update 1 OS. Performing a Flash Installation Copyright 2006 Sun Microsystems. Task This task has you use the flarcreate command along with some additional options as a means of giving you practice with customizing a Flash archive. Remove this flar file after you complete this task. Create a file that lists the directories and files to exclude and include. All Rights Reserved. Revision A 18-21 . Enterprise Services. Exercise: Creating a Flash Archive Note – Do not use this flar for any other purpose in this course. Enterprise Services. All Rights Reserved. Revision A . Inc. 18-22 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services. All Rights Reserved. ● Applications Explore with students how they might apply what they learned in this exercise to situations at their workplace. ● Conclusions Have students articulate any conclusions they reached as a result of this exercise experience. ● Interpretations Ask students to interpret what they observed during any aspect of this exercise. issues. ● Experiences Ask students what their overall experiences with this exercise have been. If you do not have time to spend on discussion. Performing a Flash Installation Copyright 2006 Sun Microsystems. Go over any trouble spots or especially confusing areas at this time. or discoveries you had during the lab exercise. highlight just the key concepts students should have learned from the lab exercise. Inc. ! ? Manage the discussion based on the time allowed for this module. Revision A 18-23 .Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. Use the plus (+) and minus (-) signs when creating the file. include /usr/bin/cat command. Enterprise Services. Inc. skip the disk space check and ignore the integrity check. vi filelist /usr/bin/ /usr/share/ /var/apache/htdocs/flashdir/ /usr/bin/cat /var/sadm/pkgs/ /usr/sfw/ /usr/openwin/ /usr/perl5/ /usr/dt/ 18-24 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Exercise Solutions Exercise Solutions This section provides the answers to the exercise tasks. Steps to create a custom Flash archive: 1. Create a Flash archive that excludes all of the following directories: ● ● ● ● ● ● ● ● ● ● /usr/bin/ /usr/share/ /var/apache/htdocs/flashdir/ /var/sadm/pkgs/ /usr/sfw/ /usr/openwin/ /usr/perl5/ /usr/dt/ /usr/apache2/ /usr/staroffice7/ In addition. All Rights Reserved. Creating a Flash Archive This task has you use the flarcreate command along with some additional options as a means of giving you practice with customizing a Flash archive. # + Create a file that lists the directories and files to exclude and include. Revision A . flar |grep -i bin/cat usr/bin/catman usr/apache/tomcat/bin/catalina. Inc. Performing a Flash Installation Copyright 2006 Sun Microsystems. If the primary disk does not have enough free space.flar Verify the command worked by listing all of the files within the Flash archive that contain the string bin/cat./usr/apache2/ .73 Gbytes of free space in some filesystems. Note – Do not use this flar for any other purpose in this course.Exercise Solutions .7G avail capacity 21G 19% Mounted on /a # df -h /a Filesystem /dev/dsk/c1t1d0s7 3. size 26G used 4. Check the disk size of the drives./usr/staroffice7/ 2. All Rights Reserved. Revision A 18-25 . Create the Flash archive after arranging for the destination file system to use to hold it. # rm /a/test. create and mount a suitable filesystem on the second disk. # flarcreate -n solaris10 -S -I -z filelist /a/test.flar Remove the flar file. # flar info -l /a/test.sh usr/bin/cat usr/bin/cat 4. Enterprise Services. The Flash archive you create requires 1. . Revision A . Enterprise Services. you should be able to: ● ● Create an alternate boot environment cloned from a running system Create a differential flash archive in a Live Upgrade boot environment Create an empty alternative boot environment and understand when this is necessary Extend a base boot environment with a differential flash archive ● ● 19-1 Copyright 2006 Sun Microsystems. All Rights Reserved. Inc.Module 19 Using Live Upgrade Objectives Upon completion of this module. Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Enterprise Services. All Rights Reserved. the answers should be of interest to them and inspire them to learn the material presented in this module. While they are not expected to know the answers to these questions. Revision A . Inc. ! ? Discussion – The following questions are relevant to understanding how to leverage the Live Upgrade feature of the Solaris 10 OS: ● How can I upgrade my system with the minimum amount of downtime and the maximum amount of safety? How can I upgrade my system using Live Upgrade technology and differential flash archives? ● 19-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. All Rights Reserved. PN 817-1985 System Administration Guide: Advanced Administration.sun. PN 817-0403 Solaris 10 Installation Guide: Solaris Live Upgrade and Upgrade Planning Guide at docs.com: http://docs. Enterprise Services. Revision A 19-3 . Inc.com/app/docs/doc/817-5505/6mkv5m1kg?a=view Using Live Upgrade Copyright 2006 Sun Microsystems.sun.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● ● System Administration Guide: Basic Administration. 19-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.com. Solaris Live Upgrade enables you to duplicate a boot environment without affecting the currently running system. Revision A .sun. Alternatively. you can quickly revert to the original boot environment with a simple reboot. Change the current boot environment's disk configuration to different file system types. You can then do the following: ● ● Upgrade a system. you can create one boot environment that contains current patches and create another boot environment that contains an Update release. you can activate the new boot environment by rebooting the system. ● Take a moment and share a browser session for all to see and point out key documentation on Live Update at docs. While your current boot environment is running. For example. then upgrade the duplicate.com/app/docs/doc/817-5505?q=Live+Update If you are teaching this class as an LVC. engage a student by having them do the above. When you are ready. This switch eliminates the normal downtime of the test and evaluation process. Inc. you can install a Solaris Flash archive on a boot environment. Maintain numerous boot environments with different images. sizes. All Rights Reserved. and layouts on the new boot environment.Additional Resources Introducing Solaris Live Upgrade Solaris Live Upgrade provides a method of upgrading a system while the system continues to operate. If a failure occurs.sun. rather than upgrading. Search for Solaris 10 Installation Guide: Solaris Live Upgrade and Upgrade Planning which is located at: http://docs. you can duplicate the boot environment. Enterprise Services. The original system configuration remains fully functional and unaffected by the upgrade or installation of an archive. Enterprise Services. Multiple Release Compatibilty The release of the Solaris Live Upgrade packages must match the release of the OS you are upgrading to. if your current OS is the Solaris 9 release and you want to upgrade to the Solaris 10 release.com/app/docs/doc/8175505/6mkv5m1kk?q=Live+Update&a=view Using Live Upgrade Copyright 2006 Sun Microsystems. All Rights Reserved.sun. Inc. The source for this cloning could also be a flash archive.Additional Resources Solaris Live Upgrade Process The process of using Live Upgrade to upgrade a Solaris system includes the following general phases: ● Creating an alternate boot environment (ABE) by cloning a current Solaris OS instance. Revision A 19-5 . For example. Changing the state of the system in the ABE for reasons including the following: ● ● Upgrading to another OS release Explain how this could be part of the strategy to adopt and incorporate monthly Solaris Express upgrades. ● ● ● Updating a release with patches or updates Activating the new boot environment (BE) Optionally falling back to the original BE. Note – See the following for more information about the Live Upgrade packages and required patches: http://docs. you need to install the Solaris Live Upgrade packages from the Solaris 10 release. Mount/unmount file systems of a specified boot environment. Rename a boot environment. Revision A . or installing OS patches. For every boot environment. All Rights Reserved. in the midst of a copy operation. Delete a boot environment. Designate the specified boot environment as the one to boot from in subsequent boots. active upon the next boot. Cancel a scheduled Live Upgrade operation. Inc. Re-create a boot environment based on the current boot environment.Additional Resources Live Upgrade Commands The following Table 19-1 briefly describes the commands used with Live Upgrade. Table 19-1 Live Upgrade Commands LU Command lu luactivate lucancel lucompare lucreate lucurr ludelete lufslist lumake lumount/ luumount lurename lustatus Description A deprecated curses-based menuing interface for creating and administering boot environments. Modify a boot environment by installing flash archives. Enterprise Services. List the file systems of a specified boot environment. installing and/or deleting OS and application packages. installing a complete OS. Create a boot environment. list whether a boot environment is active. and if a copy operation is scheduled for it. Display the name of the currently booted boot environment. luupgrade 19-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Compare the contents of two boot environments. This module is not intended to be exhaustive. The approach taken in this module is to use this example to cover the basic operations and functions of Live Upgrade and not examine all the permutations possible.flar This flash archive will not be used until later in this procedure.option) in preparation for using the luupgrade command to clone using a base master flash archive Using the luupgrade command to extend the base ABE with a differential flash archive ● Creating a Master Flash Archive Application of a differential flash archive involves first applying a base master flash archive and then applying a differential archive. # mkdir /xxx . # flar info master_sys_env_1. Explain all the options used. Revision A 19-7 . -c is to compress the archive. Live Upgrade is an involved techology that can be applied to many varying configurations. Inc. 1. Make a full flash archive of the currently running system for use as the base master flash archive. more involved topics and variations and references into the online documentation. This particular procedure will illustrate: ● ● ● ● Creating a base master flash archive Creating an ABE cloned from a running system Creating a differential flash archive in a Live Upgrade BE Creating an empty ABE (-s . It will be used to initially install a client system after which a differential flash archive will be installed on that client to extend its installed state.Additional Resources Example Procedure: Live Upgrade and Differential Flash Archives Set a context for the students about this module. 2. The following example procedure illustrates many of the commands of Live Upgrade. cd /xxx # flarcreate -S -c -n master_sys_env_1 master_sys_env_1. Check the administrative information stored in the flash archive. Enterprise Services.flar archive_id=bce4466c276e17fde18d0ebaccd44615 files_archived_method=cpio creation_date=20060225212333 creation_master=sys-01 content_name=master_sys_env_1 Using Live Upgrade Copyright 2006 Sun Microsystems. All Rights Reserved. The end of the module contains a list of other. -S dispenses with the time consuming size calculation that gets written into the flash archive header. By first examining the partitioning of disk 1. Enterprise Services..UltraAX-i2 creation_processor=sparc . 19-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.Additional Resources creation_node=sys-01 creation_hardware_class=sun4u creation_platform=SUNW. where the current boot environment is installed: # prtvtoc /dev/rdsk/c1t0d0s2 * /dev/rdsk/c1t0d0s2 partition map .. The swap and /export/home partitions will be part of each boot environment. Revision A . The single root file system will be copied over.. Inc. files_compressed_method=compress content_architectures=sun4u type=FULL Point out that the type is FULL. sys_env_1 c1t0d0 0 1 3 4 5 6 7 /export/home root (/) /swap Copy sys_env_2 c1t1d0 root (/) 0 1 3 4 5 6 7 Inactive release X Critical file systems root(/) Shared file systems Current release X Critical file system root (/) Active Figure 19-1 Cloning a New Boot Environment From a Running System 3. All Rights Reserved. Cloning an Alternate Boot Environment From a Running System In this part of the procedure a new boot environment (sys_env_2) will be cloned from the currently running boot environment (sys_env_1). Prepare disk space for an alternate boot environment.. Refer to Figure 19-1. # mount . * * Partition 0 1 2 4 5 7 First Sector Flags Sector Count 00 2097414 67963725 01 0 2097414 00 0 71127180 00 70061139 8667 00 70069806 8667 00 70078473 1048707 Last Sector 70061138 2097413 71127179 70069805 70078472 71127179 Tag 2 3 5 0 0 8 7. / on /dev/dsk/c1t0d0s0 ... # prtvtoc /dev/rdsk/c1t1d0s2 * /dev/rdsk/c1t1d0s2 partition map * .. Enterprise Services. . All Rights Reserved.Additional Resources * * Partition 0 1 2 4 5 7 First Sector Flags Sector Count 00 2097414 67963725 01 0 2097414 00 0 71127180 00 70061139 8667 00 70069806 8667 00 70078473 1048707 Last Sector 70061138 2097413 71127179 70069805 70078472 71127179 Tag 2 3 5 0 0 8 4... Revision A 19-9 . if the original system has separate partitions and file systems for /. Mount Directory Create the alternative boot environment with these specifications: Using Live Upgrade Copyright 2006 Sun Microsystems. 5. Check that the partitioning on the second disk matches that of the first disk. 6... Live Upgrade can be used to implement partitioning changes.. the new enviroment can merge all of them into one partition and one file system. For example. Inc.. Partition the second disk to be identical to the first so that it can be used for the ABE. Note – Having partitioning the same on both disks is a requirement for this example only. /export/home on /dev/dsk/c1t0d0s7 .. # /usr/sbin/prtvtoc /dev/rdsk/c1t0d0s2 | /usr/sbin/fmthard -s . /usr and /var.\ /dev/rdsk/c1t1d0s2 fmthard: New volume table of contents now in place. Mount Directory / /export/home Examine the mounting of the current boot environment. No name for current boot environment. The device </dev/dsk/c1t1d0s0> is not a root device for any boot environment. Creating configuration for boot environment <sys_env_2>. Creating initial configuration for primary boot environment <sys_env_1>. Enterprise Services. Inc. Creating file systems on boot environment <sys_env_2>. Checking selection integrity. Creating <ufs> file system for </> on </dev/dsk/c1t1d0s0>. All Rights Reserved. Source boot environment is <sys_env_1>. Revision A . Populating file systems on boot environment <sys_env_2>. Updating boot environment description database on all BEs. Mounting file systems for boot environment <sys_env_2>. PBE configuration successful: PBE name <sys_env_1> PBE Boot Device </dev/dsk/c1t0d0s0>. Searching /dev for possible boot environment filesystem devices Updating system configuration files. Creating boot environment <sys_env_2>. 19-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Current boot environment is named <sys_env_1>.partition assignments for both environments -m /:/dev/dsk/c1t1d0s0:ufs -n "sys_env_2" ● # lucreate -c "sys_env_1" Discovering physical storage devices Discovering logical storage devices Cross referencing storage devices with boot environment configurations Determining types of file systems supported Validating file system requests Preparing logical storage devices Preparing physical storage devices Configuring physical storage devices Configuring logical storage devices Analyzing system configuration. Comparing source boot environment <sys_env_1> file systems with the file system(s) you specified for the new boot environment. The device </dev/dsk/c1t0d0s0> is not a root device for any boot environment. Determining which file systems should be in the new boot environment. Calculating required sizes of file systems for boot environment <sys_env_2>.Additional Resources ● ● ● Name the current boot environment sys_env_1 Name the new boot environment sys_env_2 Arrange that /export/home will be shared between the environments Match the file system . Using Live Upgrade Copyright 2006 Sun Microsystems. Updating compare databases on boot environment <sys_env_2>. Revision A 19-11 . Population of boot environment <sys_env_2> successful. Creating compare databases for boot environment <sys_env_2>. Explain that the absence of a -m option instance for the /export/home file system is what configures it to be shared in both BEs. Enterprise Services. Creating shared file system mount points. Making boot environment <sys_env_2> bootable.Additional Resources Integrity check OK. Populating contents of mount point </>. Creation of boot environment <sys_env_2> successful. Inc. Creating compare database for file system </>. Copying. Explain the command line options as necessary. The -c option is used only once. to name the first environment. All Rights Reserved. /export/home still shows on the first disk. This boot environment will be active on next system boot. Inc. (When the source of the cloning contains separate file systems for /. /var. Filesystem fstype device size Mounted on Mount Options ----------------------------------------------------------------------/dev/dsk/c1t0d0s1 swap 1073875968 /dev/dsk/c1t0d0s0 ufs 34797427200 / /dev/dsk/c1t0d0s7 ufs 536937984 /export/home - # lufslist sys_env_2 boot environment name: sys_env_2 Filesystem fstype device size Mounted on Mount Options ------------------------------------------------------------------------/dev/dsk/c1t0d0s1 swap 1073875968 /dev/dsk/c1t1d0s0 ufs 34797427200 / /dev/dsk/c1t0d0s7 ufs 536937984 /export/home Note that in the sys_env_2 environment listing. Revision A . Enterprise Services. All Rights Reserved. they were not cloned to the new BE. This is also true for swap. # lufslist sys_env_1 boot environment name: sys_env_1 This boot environment is currently active. Examine both boot environments with the lufslist command. This is because both swap and /export/home are being shared between the two environments. Only the root file system shows on the second disk.) 19-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. these critical file systems are required for the new boot environment and therefore will be copied. /usr.Additional Resources 8. or /opt. c1t1d0s0. c1t0d0. The sys_env_2 BE has been cloned and therefore complete but not now active. It will be used when you reboot. You MUST USE either the init or the shutdown command when you reboot. This step is just to make students aware that a comparison of environments is maintained. or uadmin commands. Revision A 19-13 . NOTE: You MUST NOT USE the reboot. View the contents of the compare file created in /etc/lu/compare.. Enterprise Services. Note that sys_env_1 is currently active and will be in effect on next system boot. Inc. All Rights Reserved.Additional Resources 9. halt. # lufsstatus Boot Environment Name -------------------------sys_env_1 sys_env_2 Is Complete -------yes yes Active Now -----yes no Active On Reboot --------yes no Can Delete -----no yes Copy Status ---------Use the lustatus command to check the status of the boot environments. Activate the sys_env_2 environment with the luactivate command. 10. ********************************************************************** Using Live Upgrade Copyright 2006 Sun Microsystems. # cd /etc/lu/compare # ls sys_env_1:sys_env_2 # more sys_env_1:sys_env_2 /:root:root:22:40755:DIR: /lost+found:root:root:2:40700:DIR: /export:root:sys:3:40755:DIR: /var:28385:100:44:40775:DIR: /var/sadm:root:other:13:40755:DIR: /var/sadm/install:root:bin:4:40555:DIR: /var/sadm/install/admin:root:bin:2:40555:DIR: . 11.. the system will not boot using the target BE. If you do not use either init or shutdown. # luactivate sys_env_2 ********************************************************************** The target boot environment has been activated. 0:a 3.Additional Resources In case of a failure while booting to the target BE. Stress the importance of this information that indicates the original boot device. Revision A . If the need would arise. Make note of the procedure for booting the original environment as output in the lucreate command in case the new environment doesn't boot properly. It will become active on the next boot. 2. Use the init 6 command to finish making sys_env_2 the currently running environment. Enter the PROM monitor (ok prompt). Enterprise Services. # lustatus Boot Environment Is Active Active Can Copy 19-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. # lustatus Boot Environment Name -------------------------sys_env_1 sys_env_2 Is Complete -------yes yes Active Now -----yes no Active On Reboot --------no yes Can Delete -----no no Copy Status ---------- Note that the sys_env_2 environment is not yet active. 12) Use the lustatus command to see the change in status. When the system comes back up. because the boot-device OBP variable has been configured for the new environment. All Rights Reserved. the following process needs to be followed to fallback to the currently working boot environment: 1. 12. Boot to the original boot environment by typing: boot ********************************************************************** Activation of boot environment <sys_env_2> successful. Change the boot device back to the original boot environment by typing: setenv boot-device /[email protected]/pci@1/scsi@8/disk@0. Inc. login and verify that the sys_env_2 environment is active with the lustatus command. you may have to set the OBP boot-device variable to get the original environment to boot. # init 6 13. however. When a differential archive is created later in this procedure. sys_env_1 c1t0d0 0 1 3 4 5 6 7 /export/home Modified root (/) /swap sys_env_2 c1t1d0 root (/) 0 1 3 4 5 6 7 Inactive release X Critical file systems root(/) Shared file systems Current release X Critical file system root (/) Figure 19-2 Modified Boot Environment 14. All Rights Reserved. # cd /var/spool/pkgs # pkgadd -d .5. Inc. Modify the system state of the sys_env_2 environment by adding the SMCtop package to the system. It could be to implement the next Solaris Express release or applying a set of updates/patches.Additional Resources Name -------------------------sys_env_1 sys_env_2 Complete -------yes yes Now -----no yes On Reboot --------no yes Delete -----yes no Status ---------- Modifying the State of the New Boot Environment As explained in the Live Upgrade process summary earlier in the module. Revision A 19-15 . The following packages are available: 1 SMCtop top (sparc) 3. a simple modification will be made for instructional purposes. Enterprise Services.1 Using Live Upgrade Copyright 2006 Sun Microsystems. A simple package will be added. the difference captured in that archive will be the inclusion of this package. the state of the system can be changed in many ways depending on your reasons for implementing Live Upgrade. In this example and referring to Figure 19-2. # pkginfo -l SMCtop PKGINST: SMCtop . Inc. 17...??. Verify that the new package as been added. 15. Comparing / .. 16. 19-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.lockfile:root:root:1:100600:REGFIL:128:582217747: Sizes differ 01 < /var/sadm/pkg/SUNWcsu/pkginfo:root:root:1:100644:REGFIL:7214: 02 > /var/sadm/pkg/SUNWcsu/pkginfo:root:root:1:100644:REGFIL:5897: . Use the lucompare command to compare the two boot environments.. This step is optional and time consuming.Additional Resources Select package(s) you wish to process (or 'all' to process all packages). # more environ_compare_2_to_1 < sys_env_2 > sys_env_1 Sizes differ 01 < /var/sadm/install/contents:root:root:1:100644:REGFIL:22638869: 02 > /var/sadm/install/contents:root:root:1:100644:REGFIL:22637090: Checksums differ 01 < /var/sadm/install/./environ_compare_2_to_1 sys_env_1 Determining the configuration of "sys_env_1". (default: all) [?. Enterprise Services. Revision A ... Examine the first few lines of the compare file to see the type of information it contains. # lucompare -t -o ...lockfile:root:root:1:100600:REGFIL:128:1845941275: 02 > /var/sadm/install/. All Rights Reserved...q]: 1 . /a on /dev/dsk/c1t0d0s0 . . Revision A 19-17 .Additional Resources Creating a Differential Archive Using Live Upgrade Boot Environments In this section of the procedure a differential flash archive is created capturing the changes between the original system and the evolved system as illustrated in Figure 19-3. Prepare to create a differential flash archive be mounting the inactive environment (sys_env_1) on /a in the active environment with the lumount command.. sys_env_1 c1t0d0 /a Mount 0 Create Differential Flash Archive 1 3 5 4 6 5 6 7 /export/home 7 Shared file systems Inactive release X Critical file systems root(/) root (/) /swap sys_env_2 c1t1d0 root (/) 0 1 3 4 Current release X Critical file system root (/) Figure 19-3 Creating a Differential Flash Archive in the Live Upgrade Environment 18... All Rights Reserved.... Inc. # mkdir /a # lumount sys_env_1 /a /a 19. Enterprise Services. # mount . Use the mount command to see the original environment mounted. Using Live Upgrade Copyright 2006 Sun Microsystems. UltraAX-i2 creation_processor=sparc creation_release=5. Use the flar info command to see the administrative information stored with the archive..flar Differential Flash Checking integrity. Pre-exit scripts done.. 19-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Running precreation scripts. # flar info differ_flar_on_sys_env_1_new_pkg.... Postcreation scripts done... 21. Call the new differential archive differ_flar_on_sys_env_1_new_pkg.10 creation_os_name=SunOS creation_os_version=Generic_118822-25 files_compressed_method=compress content_architectures=sun4u type=DIFFERENTIAL Point out that this time the type for the archive is DIFFERENTIAL. 437639 blocks Archive creation complete.flar archive_id=c04e27bfc16c1c32cfa04cfa359217d6 files_archived_method=cpio creation_date=20060226011846 creation_master=sys-01 content_name=differential_flash creation_node=sys-01 creation_hardware_class=sun4u creation_platform=SUNW.flar and store it in the /a/xxx directory. All Rights Reserved. Precreation scripts done... # flarcreate -n differential_flash -S -c -A /a -x /a/xxx \ /a/xxx/differ_flar_on_sys_env_1_new_pkg. Enterprise Services. Revision A .Additional Resources 20. Dispense with the size check (-S) and compress the archive (-c). Inc. Exclude the flash archive (-x /a/xxx) that was created in the beginning of this procedure which now resides in the /a/xxx/ directory. Running postcreation scripts. Creating the archive. Create a differential archive which captures the difference between the current active environment and the inactive sys_env_1 environment mounted on /a. Integrity OK. Running pre-exit scripts.. Figure 19-4 illustrates the boot environments involved. In this example however.option) which will be upgraded to the an initial installed state using the master flash archive and then extended using the differential flash archive. # /usr/sbin/prtvtoc /dev/rdsk/c1t1d0s2 | /usr/sbin/fmthard -s . Enterprise Services. sys_env_1 c1t0d0 0 1 3 4 5 6 7 /export/home root (/) /swap sys_env_2 c1t1d0 root (/) 0 1 3 Install Master and Differential 5 Flash Archives 4 6 7 sys_env_3 c2t0d0 Empty 0 1 3 4 5 6 7 Current release X Critical file system root (/) Inactive release X Critical file systems root(/) Shared file systems Figure 19-4 Applying Flash Archives to a Boot Environment 22. Using Live Upgrade Copyright 2006 Sun Microsystems.\ /dev/rdsk/c2t0d0s2 fmthard: New volume table of contents now in place. Inc. Live Upgrade will be used on the same system to make a blank or empty third boot environment (-s . Prepare a third disk by partitioning it like the others.Additional Resources Applying a Differential Flash Archive Using Live Upgrade BEs The next section of this procedure demonstrates one way of applying a differential archive. Typically this will involve installing a client with the original flash archive made at the beginning of the procedure and then extending that client's installed state by applying the differential archive. During this development of the course it was learned that the disks have to be the same size otherwise you get an fmthard error duing the luupgrade step shown later. Revision A 19-19 . All Rights Reserved. with the F2. for the above menu interaction. Before making the new boot environment. Revision A .None Mount Point Device FS Type Size (MB) % Used ------------------------------------------------------------------------New boot environment . c2t0d0s0 was specified for the / device and c2t0d0s1 was specified for the swap device.option to make it empty name the new boot environment sys_env_3 ● When prompted for the / and swap devices via the menu. unmount /a with the luumount command. Updating system configuration files. # lucreate -n "sys_env_3" -s .Additional Resources 23. select those devices appropriate for the new boot environment that is being created. The F2 key is used to display a drop down menu from which to select the devices (using the ENTER key). # luumount /a 24. Since lucreate cannot determine the new / device on its own. ENTER and F3 keys. Enterprise Services. the F3 key is used to save the configuration and then the menu exits and output continues.. 19-20 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. the /ans swap devices: Active boot environment . . Inc. When finished... All Rights Reserved.sys_env_3 Recommended Mount Point Size(MB) / Esc F2 F3 HELP CHOICE SAVE F4 SLICE Device FS Type ufs swap Size (MB) Min 0 0 F5 PRINT F6 F7 F8 CANCEL SCHEDULE SPLIT F9 MERGE ^D ^X CLR OTHR In this example. Use the -s . Create a new boot environment with the following specifications: ● ● use c2t0d0 do not clone a boot environemnt. the menu appears and you need to specify.. Make an install image accessible.201. /net2 on 192.. Creating <ufs> file system for </> on </dev/dsk/c2t0d0s2>.168. . # # # # mount /dev/dsk/c1t0d0s0 /a cd /a/xxx cp master* diff */ umount /a 27. All Rights Reserved. It is empty or blank. Inc. Make the master archive and differential archive images available on the local file system.1:/export/install.... Using Live Upgrade Copyright 2006 Sun Microsystems.201. Use the lustatus command to see all statuses for the boot environments. The menu would not have appeared if this command were used instead: # lucreate -n "sys_env_3" -s . # lustatus Boot Environment Name -------------------------sys_env_1 sys_env_2 sys_env_3 Is Complete -------yes yes no Active Now -----no yes no Active On Reboot --------no yes no Can Delete -----yes no yes Copy Status ---------- Note how sys_env_3 is not complete. Note – The menu appeared because the root file system location was not specified on the lucreate command line.. At the time of development of this course.1:/export/install /net2 # mount .Additional Resources The device </dev/dsk/c2t0d0s2> is not a root device for any boot environment.168. 26. At the time this was because the Solaris 10 FCS install image was missing a merge script needed by the luupgrade command executed in the next step. Revision A 19-21 .-m /:/dev/dsk/c2t0d0s0:ufs 25. Creation of boot environment <sys_env_3> successful. (The archive was saved in the sys_env_1 BE and needs to be copied to the current sys_env_2 BE).. it was necessary to be sure that the install image referenced matched was Solaris 10 U1 (not FCS). Enterprise Services. # mkdir /net2 # mount 192. Run the luupgrade command again but this time without the dry run option.55 megabytes) The operating system flash install completed. Checking for existence of previously scheduled Live Upgrade requests. First use dry run method (-N). The media is a standard Solaris media. Checking for existence of previously scheduled Live Upgrade requests. 19-22 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Performing the operating system flash of the BE <sys_env_3>. .translist. The media is a standard Solaris media. Validating the contents of the miniroot </net2/SunOS5. Locating the flash install program. Enterprise Services.24446>. Creating flash profile for BE <sys_env_3>. Validating the contents of the miniroot </net2/SunOS5.Additional Resources 28. Inc. Constructing flash profile to use. Revision A ..profile. Performing the operating system flash install of the BE <sys_env_3>.flar -l /errorlog Validating the contents of the media </net2/SunOS5.10_0106_sun4>. Locating the flash install program..luupgrade. Constructing flash profile to use.flar -N -l /errorlog Validating the contents of the media </net2/SunOS5. Execute Command: </net2/SunOS5.24446 -o /net2/SunOS5.10_0106_sun4/Solaris_10/Tools/Boot>.tmp.10_0106_sun4>.10_0106_sun4 -a \ /master_sys_env_1. Extracting Flash Archive: 100% completed (of 4640.10_0106_sun4/Solaris_10/Tools/Boot /tmp/. Creating flash profile for BE <sys_env_3>.10_0106_sun4/Solaris_10/Tools/Boot>.d/pfins tall -L /a -p / -t /tmp/. 29.10_0106_sun4/Solaris_10/Tools/Boot/usr/sbin/install. # luupgrade -f -n sys_env_3 -s /net2/SunOS5.luupgrade.flash. The Live Flash Install of the boot environment <sys_env_3> is complete. All Rights Reserved. CAUTION: Interrupting this process may leave the boot environment unstable or unbootable.10_0106_sun4 -a \ /master_sys_env_1. Use the luupgrade command to populate the new sys_env_3 BE with the master full flash archive. # luupgrade -f -n sys_env_3 -s /net2/SunOS5. 10_0106_sun4 -j /profile \ -l /errorlog Validating the contents of the media </net2/SunOS5.10_0106_sun4>. All Rights Reserved. Use the luupgrade command to apply the differential flash archive to the new sys_env_3 BE. Extracting Flash Archive: 100% completed (of 162. Checking for existence of previously scheduled Live Upgrade requests. # lustatus Boot Environment Name -------------------------sys_env_1 sys_env_2 sys_env_3 Is Complete -------yes yes yes Active Now -----no yes no Active On Reboot --------no yes no Can Delete -----yes no yes Copy Status ---------- Note that now sys_env_3 shows being complete. # lustatus Boot Environment Name Is Active Active Can Copy Complete Now On Reboot Delete Status Using Live Upgrade Copyright 2006 Sun Microsystems. Enterprise Services. Locating the flash install program. Check the status of the BE. Revision A 19-23 . CAUTION: Interrupting this process may leave the boot environment unstable or unbootable. 31.flar no_content_check no_master_check Go over the contents of the profile file as needed. Validating the contents of the miniroot </net2/SunOS5. # luupgrade -f -n sys_env_3 -s /net2/SunOS5. 33. The media is a standard Solaris media. The no_content_check and no_master_check keywords are helpful when you are sure of the origin of the master archive previously applied and want to dispense with minor comparison errors that may prevent a successful application of the differential archive.01 megabytes) The operating system flash update completed.Additional Resources 30.10_0106_sun4/Solaris_10/Tools/Boot>. Create a profile file to reference in for applying the differential archive. # cat /profile install_type flash_update archive_location local_file /differ_flar_on_sys_env_1_new_pkg. Constructing flash profile to use. but still not active. Inc. 32. Use the lustatus command to check the status of the new environment. Reference the profile just created. Performing the operating system flash update of the BE <sys_env_3>. The Live Flash Update of the boot environment <sys_env_3> is complete. 2. All Rights Reserved. Inc. # lustatus Boot Environment Name Is Active Active Can Copy Complete Now On Reboot Delete Status 19-24 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. It will be used when you reboot. halt. Make sys_env_3 active. Revision A . the system will not boot using the target BE. Change the boot device back to the original boot environment by typing: setenv boot-device /pci@1f. ********************************************************************** In case of a failure while booting to the target BE. Check the status now. 35. or uadmin commands. Enter the PROM monitor (ok prompt).0/pci@1/scsi@8/disk@1. Enterprise Services.Additional Resources -------------------------sys_env_1 sys_env_2 sys_env_3 -------yes yes yes -----no yes no --------no yes no -----yes no yes ---------- 34. Boot to the original boot environment by typing: boot ********************************************************************** Activation of boot environment <sys_env_3> successful. You MUST USE either the init or the shutdown command when you reboot. NOTE: You MUST NOT USE the reboot. # luactivate sys_env_3 ********************************************************************** The target boot environment has been activated. If you do not use either init or shutdown. the following process needs to be followed to fallback to the currently working boot environment: 1.0:a 3. # luactivate sys_env_1 # init 6 40. use the lustatus command to verify that the sys_env_3 BE is now active. Enterprise Services. Since the lustatus command reports that the next system reboot will activate the sys_env_3 BE. Then. # init 6 37. Use the lustatus command to verify that sys_env_1 is again active and currently running. When the system comes back up. Make sys_env_1 the active and currently running environment again. # lustatus Boot Environment Name -------------------------sys_env_1 sys_env_2 sys_env_3 Is Complete -------yes yes yes Active Now -----no no yes Active On Reboot --------no no yes Can Delete -----yes yes no Copy Status ---------- 38. Revision A 19-25 .. note the procedure to fall back to the current boot environment. Reverting to a previous BE 39. All Rights Reserved. Inc. reboot the system with the init 6 command. # pkginfo -l SMCtop PKGINST: SMCtop .. # lustatus Boot Environment Name -------------------------sys_env_1 sys_env_2 sys_env_3 Is Complete -------yes yes yes Active Now -----yes no no Active On Reboot --------yes no no Can Delete -----no yes yes Copy Status ---------- Using Live Upgrade Copyright 2006 Sun Microsystems. at the system console. Verify that the differential archive has been applied by verifying that the SMCtop package is included in the system.Additional Resources -------------------------sys_env_1 sys_env_2 sys_env_3 -------yes yes yes -----no yes no --------no no yes -----yes no no ---------- 36. All Rights Reserved. 19-26 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. It must first be made inactive.Additional Resources Note – The ludelete be_name command will delete a boot environment. Revision A . Inc. Enterprise Services. com/app/docs/doc/8175505/6mkv5m1kj?a=view#luoverview-7 ● Creating a Boot Environment and Merging File Systems http://docs.com/app/docs/doc/8175505/6mkv5m1mp?a=view Using Live Upgrade Copyright 2006 Sun Microsystems.com/app/docs/doc/8175505/6mkv5m1lk?a=view ● Synchronizing Files Between Boot Environments http://docs.sun. All Rights Reserved.sun.com/app/docs/doc/8175505/6mkv5m1lj?a=view ● Creating a Boot Environment and Splitting File Systems http://docs.com/app/docs/doc/8175505/6mkv5m1ll?a=view ● x86: Activating a Boot Environment With the GRUB Menu http://docs. Revision A 19-27 .sun.sun.sun. Inc.Live Upgrade and Other Configurations Live Upgrade and Other Configurations Follow is a list of other features and capabilities of Live Upgrade and references for further information: ● Creating a Boot Environment With RAID-1 Volume File Systems http://docs. Enterprise Services.sun.com/app/docs/doc/8175505/6mkv5m1kk?q=Live+Update&a=view ● Creating a Boot Environment and Reconfiguring Swap http://docs. . Revision A .Module 20 Introducing WANBoot Objectives The WAN Boot procedure is an automatic installation process much like the JumpStart installation process. Upon completion of this module. It provides a mechanism for automatically installing the Solaris 10 OS on multiple systems simultaneously across a wide area network. All Rights Reserved. 20-1 Copyright 2006 Sun Microsystems. Enterprise Services. you should be able to describe the differences in WANboot Flash installation. Inc. ! ? Discussion – The following question is relevant to understanding how to use the WANBoot feature of the Solaris 10 OS: ● How can I use a install systems across a number of networks from a single web server? 20-2 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Inc. the answers should be of interest to them and inspire them to learn the material presented in this module. All Rights Reserved. Enterprise Services.Objectives Relevance Present the following questions to stimulate the students and get them thinking about the issues and topics presented in this module. Revision A . While they are not expected to know the answers to these questions. PN 817-1985 System Administration Guide: Advanced Administration. Enterprise Services. Inc. PN 817-0403 Introducing WANBoot Copyright 2006 Sun Microsystems. All Rights Reserved.Additional Resources Additional Resources Additional resources – The following references provide additional information on the topics described in this module: ● ● System Administration Guide: Basic Administration. Revision A 20-3 . Advantages provided by WAN Boot include the following: ● Simplifies installations by avoiding the lengthy question-and-answer session that is part of the interactive installation process. Faster than interactive installations – It lets system administrators install different types of systems simultaneously. scalable process for the automated installation of systems anywhere the client and server can connect to the Internet or other WANs. WAN Boot client and server can authenticate using SHA hash algorithms. Advantages of the WAN Boot Procedure System administrators who need to install multiple systems connected by a wide area network such as the Internet can use the WAN Boot procedure to automate the installation process. The advantages of using the WAN Boot procedure include some of the same advantages as using a traditional JumpStart for installations. Enterprise Services. ● ● The specific advantages of WAN Boot include: ● JumpStart boot services are not required to be on the same subnet as the installation client.Introducing the Basics of WANboot (New in Solaris 9 Updates) Introducing the Basics of WANboot (New in Solaris 9 Updates) The WAN Boot procedure uses some of the existing JumpStart framework but contains enhancements to security and scalability that traditional JumpStart protocols. WAN Boot supports SPARC® platform or x86 platform servers and SPARC clients. The WAN Boot process eliminates both the need for operator intervention during the installation process and the need for a JumpStart server on the same local network as the client. Revision A . Client download of the Solaris 10 OS can be performed using HTTPS. ● ● 20-4 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. WAN Boot provides a secure. It allows automatic installation of the Solaris 10 OS and unbundled software. could not provide. such as NFS. The x86 clients are not supported. Inc. All Rights Reserved. Due to the nature of HTTP/HTTPS requests. New features specific to the client for WAN Boot are key management.14 to support new requirements on the client. The new firmware supports TCP/HTTP connections. SHA-1 signatures. These new features allow the client to contact the WAN Boot server and request the download of the new boot binary wanboot. TFTP. SSL v3 certificates. SHA-1 authentication. Traditional JumpStart images which performed a pkgadd style install over an NFS connection do not work over WAN Boot – Flash archives are the only format supported. WAN Boot Changes Previously JumpStart functioned with RARP. These protocols also do not have the ability to secure the installation process. WAN Boot may be performed with a CDROM-based installation. NFS is not used. All Rights Reserved. The wanboot download can be authenticated with an SHA-1 signature verification and encrypted with either 3DES or AES encryption. which do not scale for WAN use. If a minimum of OpenBoot PROM revision 4. WAN Boot utilizes advanced OBP or CDROM capabilities to scale and secure the installation process. signature verification. and NFS protocols. Introducing WANBoot Copyright 2006 Sun Microsystems. WAN Boot requires a web server to respond to WAN Boot client requests. 3DES or AES encryption. and new OBP arguments. By using HTTP/HTTPS protocols. New DHCP options provide support for WAN Boot clients.14 or later is not available. and several new values and command-line arguments to support these new features. This information may include certificates and private keys for secure HTTP connections.Introducing the Basics of WANboot (New in Solaris 9 Updates) Features WAN Boot is part of the Solaris 10 OS but works with a minimum of OpenBoot programmable read-only memory (PROM) firmware version 4. Enterprise Services. and 3DES or AES encryption to scale and secure the installation process in all scales of network environments including the Internet. Flash archives must be available to the web server. Revision A 20-5 . In addition. The wanboot program contains the information necessary to download the root file system. All WAN Boot communication occurs with HTTP or HTTPS. WAN boot uses standard HTTP or HTTPS protocols. Inc. subnet-mask. Client WAN Web server LAN Install server 1. OBP downloads and executes the wanboot program. Inc. All Rights Reserved. wanboot program requests download of WANboot miniroot. The arguments are specified on the command line or listed in the network-boot-arguments NVRAM variable. 3. OBP uses configuration information to request download of wanboot program. 9. 10. Installation program installs Solaris Flash archive. router-ip. hostname. 4. Authentication and configuration information downloaded to wanboot program. WANboot miniroot downloaded to wanboot program. wanboot program requests download of authentication and configuration information. Figure 20-1 illustrates the WAN Boot sequence and the actions taken in each step. client-id. Kernel mounts authentication and configuration information. host-ip. httpproxy. tftpretries. 5. wanboot program loads and executes kernel. 6. Boot the client 2. Installation program requests download of installation files. 7. archive Figure 20-1 The WAN Boot Sequence 20-6 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. and dhcp-retries. Revision A . 8. wanboot Boot file system miniroot JumpStart Files. 11.Introducing the Basics of WANboot (New in Solaris 9 Updates) The new client-side obp-tftp package arguments are file. Enterprise Services. type=3des 07df5e1907ef8a49a2b3c2cb9149fd62fb0b4cb3f440ba68 The keys exist somewhere under the /etc/netboot directory. The client's Internet protocol (IP) address and client ID are included with the request to facilitate possible client-specific downloads.0.156. network.156.c. Any network-specific data resides in /etc/netboot/a.d and is shared with all WAN Boot clients on the a.0. Inc.Introducing the Basics of WANboot (New in Solaris 9 Updates) The WAN Boot Process 1. Boot the client. Secure Hash Algorithm 1 (SHA-1) signature keys and Triple Data Encryption Standard (3DES) or Advanced Encryption Standard (AES) encryption keys may be created and stored on the WAN Boot server for use with the client. The following syntax generates the keys: # wanbootutil keygen -m The master HMAC/SHA1 key has been generated # wanbootutil keygen -c -o net=129. or client-specific directories under /etc/netboot.156.198.type=sha1 A new client HMAC/SHA1 key has been generated # wanbootutil keygen -c -o net=129.d subnet.198.cid=010003BA152A42. Enterprise Services.type=3des A new client 3DES key has been generated The following syntax displays the keys: #wanbootutil keygen -d -c -o net=129. The global configuration data resides in /etc/netboot and is shared with all WAN Boot clients. Any client-specific information or security keys are obtained from the appropriate global.install OBP uses configuration information to request download of wanboot program.0.b.0.cid=010003BA152A42. Introducing WANBoot Copyright 2006 Sun Microsystems. type=sha1 7fb0895141ecfdff4b7425d0c9f9cf9626b395c8 # wanbootutil keygen -d -c -o net=129. All Rights Reserved. ok boot net . 2. The /etc/netboot directory is hierarchical.b.cid=010003BA152A42. The client ID is computed from the client's Media Access Control (MAC) address and is configurable.c. Revision A 20-7 .156.198.cid=010003BA152A42. The download of wanboot may be accompanied by a Hashed Message Authentication Code (HMAC) SHA-1 signature for wanboot and Secure Sockets Layer (SSL) certificates for HTTP over SSL (HTTPS).198. 255. Inc. The following syntax shows setting the network parameters in the OBP: ok setenv network-boot-arguments host-ip=129.0.0 /etc/netboot/129.b.c.198.198.b.156.Introducing the Basics of WANboot (New in Solaris 9 Updates) Any client-specific data resides in /etc/netboot/a. Enterprise Services.198. hostname=WANBootclient1.d subnet.156.d/ clientid and only applies to the client with the clientid on the a. Arguments specified on the command line take precedence over the OBP variable. Dynamic Host Configuration Protocol (DHCP). A URL value in the file argument means OBP should execute WAN Boot.156. The wanboot binary must exist in a location under the web server's documents directory.198. The following syntax installs the keys on the client’s OBP: ok set-security-key wanboot-hmac-sha1 7fb0895141ecfdff4b7425d0c9f9cf9626b395c8 ok set-security-key wanboot-3des 07df5e1907ef8a49a2b3c2cb9149fd62fb0b4cb3f440ba68 The client is booted from the network with interface settings obtained from the OBP. or the CDROM.router-ip=129. The client contacts the wanboot-cgi program on the WAN Boot server to download the wide area network boot program. wanboot.0/010003BA152A42/keystore These keys may then be stored in the client's OpenBoot PROM (OBP) or entered on the OBP command line.subnet-mask=255.2/cgi-bin/wanboot-cgi 3.198.0/keystore /etc/netboot/129.198. the command line.156. All Rights Reserved.c. For example: /var/apache/htdocs/wanboot10/wanboot 20-8 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A .file=http://145. The wanboot program is the boot file system.25. OBP downloads and executes the wanboot program. The following syntax shows an example of what might be found in the /etc/netboot directory: # find /etc/netboot -print /etc/netboot /etc/netboot/keystore /etc/netboot/129. from the server using Hyper Text Transfer Protocol (HTTP).156.1.255.0/010003BA152A42 /etc/netboot/129.156. Client-specific files take precedence over networkspecific files which take precedence over global files.168.198. Introducing the Basics of WANboot (New in Solaris 9 Updates) The client creates a virtual disk in random access memory (RAM) and writes wanboot to the ramdisk as it is received. If an SHA-1 signature is used, the hash is computed as data is received and if encryption is used, the client decrypts the data and rewrites it to the ramdisk. When the download is complete, the client reads the trailing hash signature and compares it to the computed hash. The signature is all zeros if no hash has been created for wanboot. If the downloaded hash and the computed hash are the same, the download is assumed to be uncompromised and the wanboot process continues. The client then mounts the boot file system. 4. The wanboot program requests download of authentication and configuration information. The wanboot binary then parses the wanboot.conf file in the correct location under /etc/netboot to retrieve the rootserver and rootpath values. The wanboot program uses these values to create the HTTP/HTTPS URL for requesting the root file system called miniroot. The wanboot program uses the URL to request the client's root file system metadata from the wanboot-cgi program on the WAN Boot server. 5. Authentication and configuration information is downloaded to the wanboot program. The metadata consists of the miniroot size and hash signature. The download may be HMAC SHA-1 signed and 3DES or AES encrypted. 6. The wanboot program requests download of the WANBoot miniroot. The wanboot program uses the URL to request the client's root file system from the wanboot-cgi program on the WAN Boot server. 7. WANBoot miniroot is downloaded to the wanboot program. The wanboot process downloads miniroot from the WAN Boot server and writes it to a ramdisk. If an SHA-1 signature is used, the hash is computed as data is received. If encryption is used, the client decrypts the data and rewrites it to the ramdisk. When the download is complete, the client reads the trailing hash signature and compares it to the computed hash. The signature is all zeros if no hash has been created for the root file system. If the downloaded hash and the computed hash are the same, the download is assumed to be uncompromised and the wanboot process continues. Introducing WANBoot Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 20-9 Introducing the Basics of WANboot (New in Solaris 9 Updates) 8. The wanboot program loads and executes the kernel. The wanboot unmounts the boot file system and mounts the miniroot file system. The kernel from miniroot is then loaded into RAM and executed. 9. The installation program requests download of the installation files. The system.conf file in the appropriate location under /etc/netboot is included with the miniroot and has the locations of the JumpStart configuration files. The following example shows the entries in system.conf: SsysidCF=https://WANBootserv/bootfiles/config SjumpsCF=https://WANBootserv/bootfiles/config The JumpStart profile file specifies where to get the Flash archive to install on the client. The following syntax shows part of the contents of the JumpStart profile file: archive_location https://WANBootserv/flashdir/solaris.flar 10. The installation program installs the Solaris Flash archive. The Flash archive is downloaded and installed on the client. 20-10 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Introducing the Basics of WANboot (New in Solaris 9 Updates) WAN Boot Server Configuration Use Figure 20-2 as a reference to help understand where the various files are located when configuring a WANBoot server. root (/) etc apache httpd.conf netboot wanboot.conf system.conf var apache htdocs wanboot miniroot wanboot install Solaris_10 Two The client downloads the wanboot program (approx 1 MB) Four The wanboot program on client requests download of miniroot (approx 200 MB) Apache will start at boot if this file exists and has the correct configuration Three The client parses the information to find boot root_server and root_file values Five The client requests location of configuration information ... flash Seven The client extracts the flash archive solaris.flar index.html config check rules profile sysidcfg cgi-bin wanboot-cgi bootlog-cgi The client uses this cgi program to send back log messages The default file a web browser gets from this server Six The client gets identity info and installation profile One The client asks the wanboot-cgi program for the location of the wanboot file Figure 20-2 WANBoot Server Configuration File Locations Introducing WANBoot Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 20-11 Introducing the Basics of WANboot (New in Solaris 9 Updates) Configuring a WAN Boot server involves the following three components: ● ● ● Configuring the web server Configuring the optional DHCP server Configuring the JumpStart server WAN Boot requires a Solaris 10 SPARC or x86 server platform with a web server supporting at least HTTP 1.1 and also supporting HTTPS if digital certificates are used. Apache and iPlanet servers have been tested. If HTTPS is used, the SSL must be configured. WAN Boot requires access to wanboot, miniroot, custom JumpStart files, and the Flash archive(s). These are typically stored in the web servers document root directory. It also requires access to wanboot-cgi and bootlog-cgi programs to serve CGI requests from WAN boot clients. These are typically stored in the web server’s cgi-bin directory. Configuring these components involves two significant problems that are beyond Sun's control and outside the scope of this module. The first problem is that even in an all-Sun installation, the administrative tools used to configure the various parts of the WAN Boot server do not communicate with each other. For example, add_install_client does not add macro definitions for a given client to the dhcp_inittab(4) file but instead creates information that the administrator must manually incorporate. A second and more difficult problem to control is the fact that heterogeneous customer environments (wherein the three services might be supplied by three or more different vendors) are very common. Thus one finds administrative scripts that, when used, ask the administrator to perform a second action on a (possibly) different machine. Although the steps to configure a WAN Boot server are different than setting up a JumpStart server, anyone who has configured a JumpStart server should be able to configure a WAN boot server. Reference the following URL: http://docs.sun.com/db/doc/817-5504 To configure the WAN Boot server: 1. Set up the WAN Boot server as a web server with HTTP 1.1 support. Use the following URLs for information: ● Sun Java™ System web server information: 20-12 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Introducing the Basics of WANboot (New in Solaris 9 Updates) http://docs.sun.com http://docs.sun.com/source/816-5683-10/contents.htm ● Apache web server configuration information: http://httpd.apache.org/docs-project/ 2. Optionally, configure the WAN Boot server as a DHCP server. Two new vendor options support WAN Boot: ● SbootURI Symbol Vendor=SUNW.Sun-Blade-100 <other architectures>,16,ASCII,1,0 SHTTPproxy Symbol Vendor=SUNW.Sun-Blade-100 <other architectures>,17,ASCII,1,0 ● WAN Boot install clients are named using a network number-client ID combination that is designed to be unique (client IDs are required to be unique per network). DHCP originally used this naming scheme and it works well with the framework of WAN Boot. 3. Configure the WAN Boot server as a JumpStart server. Use the following URL: http://docs.sun.com/db/doc/817-5506 The wanboot program must be copied from install media to a location under the web server's documents directory: # cp /cdrom/cdrom0/s0/Solaris_10/Tools/Boot/platform/sun4u/wanboot \ /var/apache/htdocs/wanboot10/wanboot The WAN Boot miniroot file system must be created in a location under the web server's documents directory: # /cdrom/cdrom0/s0/Solaris_10/Tools/setup_install_server -w `pwd`/wpath \ `pwd`/ipath; cp `pwd`/wpath/miniroot /var/apache/htdocs/wanboot10/miniroot The URL paths to the sysidcfg file, rules.ok file, profile file, and begin and finish scripts are specified by the SsysidCF and SjumpsCF parameters in the system.conf file on the miniroot: SsysidCF=https://WANBootserv/bootfiles/config SjumpsCF=https://WANBootserv/bootfiles/config Introducing WANBoot Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 20-13 Introducing the Basics of WANboot (New in Solaris 9 Updates) Alternatively, you can use DHCP with the new vendor options SbootURL and SHTTPproxy. Use the SbootURL option to specify the location of the wanboot-cgi script. This option is preferable to using the standard BootFile option. Use the SHTTPproxy option to define the HTTP or HTTPS proxy if one is to be used. The wanboot and miniroot file systems must each be small enough to fit into the client's RAM. WAN Boot requires the same JumpStart files needed for an NFS install, including a Solaris Flash archive, a sysidcfg file, a rules.ok file, and a profile file. The JumpStart files (Solaris Flash archive, sysidcfg, rules.ok, and profile) must be accessible to the web server. Copy these files to a location under the web server's documents directory: # cp /export/config /var/apache/htdocs/wanboot10/config The archive_location keyword in the profile should contain the URL to the Flash archive: archive_location https://WANBootserv/flashdir/solaris.flar The wanboot.conf file must be created and put in the appropriate subdirectory under /etc/netboot: ● ● The file /etc/netboot/wanboot.conf is global. The subdirectory /etc/netboot/a.b.c.d/wanboot.conf is network specific. The subdirectory /etc/netboot/a.b.c.d/clientid/wanboot.conf is client specific. The file /etc/inet/wanboot.conf.sample is an example file. The binary /usr/sbin/bootconfchk is used to check the integrity of the wanboot.conf file. ● ● ● The /etc/netboot directory contains configuration information, keys, certificates, wanboot.conf, and system.conf which is used by wanbootcgi to create the boot file system. The /etc/netboot directory must be created and populated by the system administrator and needs to be owned or at least readable by the web server user. The /etc/netboot directory is hierarchical. The global configuration data resides in /etc/netboot and is shared with all WAN Boot clients. Network-specific data resides in /etc/netboot/ a.b.c.d and is shared with all WAN Boot clients on the a.b.c.d subnet. Client-specific data resides in /etc/netboot/a.b.c.d/clientid and only applies to the client with the clientid on the a.b.c.d subnet. 20-14 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Introducing the Basics of WANboot (New in Solaris 9 Updates) All of the directories can contain the following files: ● wanboot.conf – the client configuration file for WAN Boot installation system.conf – the configuration file specifying the location of the client's sysidcfg file and custom JumpStart files keystore – the file containing client SHA-1 hashing key, 3DES or AES-128 encryption key, and an optional SSL private key truststore – the file containing the digital certificates of certificate signing authorities that the client can trust certstore – the file containing the client's digital certificate ● ● ● ● Client-specific files take precedence over network-specific files which take precedence over global files. An example directory structure would look like the following: /etc/netboot /etc/netboot/129.156.198.0 /etc/netboot/129.156.198.0/010003BA152A42 /etc/netboot/129.156.198.0/010003BA152A42/keystore /etc/netboot/129.156.198.0/010003BA152A42/truststore /etc/netboot/129.156.198.0/010003BA152A42/certstore /etc/netboot/129.156.198.0/010003BA152A42/system.conf /etc/netboot/129.156.198.0/010003BA152A42/wanboot.conf /etc/netboot/keystore /etc/netboot/truststore /etc/netboot/system.conf /etc/netboot/wanboot.conf The wanboot.conf file contains information used to drive the WAN Boot process. The CGI program wanboot-cgi uses information contained in these files to determine file paths, encryption, signing policies, and other characteristics of the operating environment. The following is a sample available at /etc/inet/wanboot.conf.sample: # # Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident"@(#)wanboot.conf.sample1.204/01/30 SMI" #################################################################### # wanboot.conf(4): boot configuration file. # # Please consult wanboot.conf(4) for further information. Note that Introducing WANBoot Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 20-15 Introducing the Basics of WANboot (New in Solaris 9 Updates) # this interface is "Evolving" as defined by attributes(5). # # Anything after a '#' is comment. Values may be quoted # (for example,"val"). # # <empty> means there is no value, that is, null. The absence of any # parameter implies that it takes a default value (<empty> unless # otherwise specified). # # <url> is of the form http://... or https://... #################################################################### # The path of the bootstrap file (within htdocs) which is served up # by wanboot-cgi(bootfile). # boot_file=/bootfiles/wanboot# <absolute pathname> # These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine # whether boot_file or the bootfs is to be sent encrypted/signed, or # root_file is to be sent signed; the client must be setup with the # corresponding encryption/signature key(s) (which cannot be auto# matically verified). # # If an encryption_type is specified then a signature_type must also # be specified. # encryption_type=3des# 3des | aes | <empty> signature_type=sha1# sha1 | <empty> # This is used by wanboot-cgi(bootfs) and wanboot to determine whether # server authentication should be requested during SSL connection # setup. # server_authentication=yes# yes | no # This is used by wanboot-cgi(bootfs) and wanboot to determine whether # client authentication should be requested during SSL connection # setup. If client_authentication is "yes", then server_authentication # must also be "yes". # client_authentication=yes# yes | no # wanboot-cgi(bootfs) will construct a hosts file which resolves any # hostnames specified in any of the URLs in the wanboot.conf file, # plus those found in certificates, etc. The following parameter # may be used to add additional mappings to the hosts file. # resolve_hosts=# <hostname>[,<hostname>*] | <empty> # This is used to specify the URL of wanboot-cgi on the server on which # the root_file exists, and used by wanboot to obtain the root server's # URL; wanboot substitutes root_file for the pathname part of the URL. 20-16 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A Introducing the Basics of WANboot (New in Solaris 9 Updates) # If the schema is http://... then the root_file will be signed if there # is a non-empty signature_type. If server_authentication is "yes", the # schema must be https://...; otherwise it must be http://... # root_server=https://host:port/cgi-bin/wanboot-cgi# <url> | <empty> # This is used by wanboot-cgi(rootfs) to locate the path of the # rootfs image (within htdocs) on the root_server. # root_file=/rootimages/miniroot# <absolute pathname> | <empty> # This is used by wanboot to determine the URL of the bootserver # (and whether bootlog traffic should be sent using http or https), # or whether it should simply be sent to the console. # boot_logger=# <url> | <empty> # This is used by the system startup scripts. If set, it should # point to a file that contains name value pairs to be used at # start up time. For example, this file may be used to provide # install the values for sysidcfg and jumpscfg. # system_conf=system.conf Introducing WANBoot Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A 20-17 Introducing the Basics of WANboot (New in Solaris 9 Updates) The following keywords are supported in wanboot.conf: ● boot_file – specifies the relative web server path to the wanboot binary. root_server – specifies the location of the CGI program that will serve up the information about the root file system to be transmitted to the client. root_file – specifies the relative web server path to the WAN Boot miniroot. signature_type – specifies the signing algorithm to be used if a signature is used when transmitting components to the client. WAN Boot currently only supports SHA-1 hash signatures. encryption_type – specifies the algorithm to use when encrypting components to be transmitted to the client. WAN Boot currently only supports 3DES and AES encryption. server_authentication – specifies whether server authentication should be requested during the SSL connection setup. If server_authentication=yes, then a truststore must exist. client_authentication – specifies whether client authentication should be requested during the SSL connection setup. If client_authentication=yes, then a certstore must exist. boot_logger – specifies the URL (if any) of a system to which logging messages are sent. system_conf – specifies the name of a file in the /etc/netboot hierarchy that will be incorporated into the boot file system and which is intended for use by the system startup scripts. This file may be used to provide the install values for sysidcfg and jumpscfg. ● ● ● ● ● ● ● ● To verify the integrity of wanboot.conf, use the /usr/sbin/ bootconfchk command: # bootconfchk /etc/netboot/129.156.198.0/010003BA152A42/wanboot.conf The CGI program /usr/lib/inet/wanboot/wanboot-cgi fulfills client download requests for wanboot and the root file system. The wanbootcgi file must be copied to the web server cgi-bin directory. The CGI program /usr/lib/inet/wanboot/bootlog-cgi fulfills client requests for logging WAN Boot messages. It must be copied to the web server cgi-bin directory. 20-18 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services, Revision A The extracted client key must be inserted into a keystore using keymgmt. All Rights Reserved. certstore. The wanbootcgi program uses the /usr/lib/inet/wanboot/hmac program to generate HMAC SHA-1 hash signatures of components transmitted to the client. wanboot_keymgmt(1M). It is executed by the web server "owner. Inc. and wanboot_p12split(1M).boot file system before sending it to the client. and client private keys in the /etc/netboot hierarchy. and AES keytypes. The -d option displays a key." The wanbootutil utility uses /usr/lib/inet/wanboot/keygen as a keyword to create and display encryption and hashing keys anywhere in the /etc/netboot hierarchy. The /usr/lib/inet/wanboot/keymgmt keyword is used by the wanbootutil to insert and extract raw keys directly into and from a specific keystore.Introducing the Basics of WANboot (New in Solaris 9 Updates) The driver /usr/sbin/wanbootutil serves as driver for wanboot_ keygen(1M). The -m option creates a master key. It creates truststore. Signature verification uses a HMAC SHA-1 keyed hash with matching keys on the server and client. The -s option specifies a repository in which a key will be inserted or from which a key will be extracted. The -i option works with the -k option to insert a key into a keystore and the -x option removes it. 3DES. Introducing WANBoot Copyright 2006 Sun Microsystems. The wanbootcgi program uses the /usr/lib/inet/wanboot/encr program to encrypt the . Enterprise Services. The keyword wanboot_keygen is a better choice for SHA-1. Its main purpose is to insert a client's private key into a client's keystore when client authentication is configured. WAN Boot aborts if there is a signature mismatch. The wanbootutil utility uses /usr/lib/inet/wanboot/p12split to split PKCS #12 files into separate key and certificate entries. The signature is generated if there is a nonempty value for wanboot-hmac-sha1. Revision A 20-19 . It is only needed if the keywords encryption_type or signature_type are set to a non-NULL value in wanboot. The -c option creates and stores a per-client key. The supported keynames for WAN Boot are wanboot-hmac-sha1 and wanboot-3des or wanboot-aes.conf. 156.0/010003BA152A42/certstore -k pkey # chmod 600 /etc/netboot/129.198.156.156.0 /etc/netboot/129. type=3des 07df5e1907ef8a49a2b3c2cb9149fd62fb0b4cb3f440ba68 # wanbootutil keymgmt -i -k keystore -s \ /etc/netboot/129.156.198.198.198.156.156.0/010003BA152A42/keystore -o type=rsa # wanbootutil p12split -i p12file -t \ /etc/netboot/129.0/010003BA152A42/truststore # wanbootutil p12split -i p12file -c \ /etc/netboot/129.0.156.156. type=sha1 7fb0895141ecfdff4b7425d0c9f9cf9626b395c8 # wanbootutil keygen -d -c -o net=129.198.0.0/010003BA152A42 /etc/netboot/129.198.0.0/010003BA152A42/truststore # chmod 600 /etc/netboot/129.type=sha1 A new client HMAC/SHA1 key has been generated # wanbootutil keygen -c -o net=129.0/010003BA152A42/keystore # wanbootutil keygen -d -c -o net=129.156.0/010003BA152A42/keystore -o type=rsa The client's RSA key has been set # wanbootutil keymgmt -x -f rsafile -s \ etc/netboot/129.cid=010003BA152A42.198.198.156.0/010003BA152A42/keystore -o type=rsa 20-20 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Revision A .0/010003BA152A42/certstore # wanbootutil keymgmt -i -k keystore -s \ /etc/netboot/129.156.198.198. All Rights Reserved.cid=010003BA152A42.198.198.cid=010003BA152A42.Introducing the Basics of WANboot (New in Solaris 9 Updates) The WAN Boot web server CGI programs must be copied to the web server cgi-bin directory: # cp /usr/lib/inet/wanboot/*-cgi /webhome/cgi-bin/*-cgi The /usr/sbin/wanbootutil binary with its specific keywords creates and maintains the SHA-1 signature and/or 3DES or AES encryption keys: # wanbootutil keygen -m The master HMAC/SHA1 key has been generated # wanbootutil keygen -c -o net=129. Enterprise Services.198.cid=010003BA152A42.0. Inc.198.156.156.156.type=3des A new client 3DES key has been generated # find /etc/netboot -print /etc/netboot /etc/netboot/keystore /etc/netboot/129. Introducing the Basics of WANboot (New in Solaris 9 Updates) The wanboot-cgi uses the encr program to encrypt the boot file system before sending it to the client: Usage: encr -o type=<3des|aes> -k key_file The wanboot-cgi uses the hmac program to generate HMAC SHA-1 hash signatures of components transmitted to the client: Usage: hmac [-i input_file] -k key_file Introducing WANBoot Copyright 2006 Sun Microsystems. All Rights Reserved. Enterprise Services. Revision A 20-21 . Inc. conf correct? Did you run bootconfchk on wanboot. All Rights Reserved.conf correct? Did you run bootconfchk on wanboot. Inc.conf? Are you picking up the correct certificate(s)? Are the host names in the certificates resolvable? ● ● ● ● ● ● 20-22 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Enterprise Services.conf? Hash mismatch reported Is the HMAC SHA-1 key installed on client? Does the client key match the client's key on the server? Boot file system (miniroot) does not execute correctly Is the encryption key installed on the client? Have you installed both 3DES and AES keys on server and client? Does the client key match the client's key on the server? Secure connection cannot be made Are the values in wanboot. Revision A .Introducing the Basics of WANboot (New in Solaris 9 Updates) WAN Boot Troubleshooting ● No OBP support for platform Is the network-boot-arguments NVRAM variable defined? OpenBoot PROM cannot download the boot program Is the boot_file value a URI to the CGI program? Did you check the web server logs? Boot program cannot create ramdisk Does the client have 256 Mbytes of RAM? Boot program cannot download component Are the values in wanboot. tar. you will configure a WAN Boot server to support one installation client. The postinstall scripts in these bundles move a small flash archive into the /var/apache/htdocs/flashdir directory. It was not a problem in Solaris 10 FCS and will not be a problem later. At the time of this writing.gz (for SA225) or SA210S10_A_timesaverflar_SunOS5. but the system fails during the search for the Jumpstart directory with the message “/usr/sbin/install. Enterprise Services. Because this course is based on Solaris 10 Update 1.10_sun4u_en-US_1_1_S.Exercise: Configuring WANboot Exercise: Configuring WANboot In this lab. All Rights Reserved. Inc. This bug was introduced in Solaris 10 Update 1. the problem will present in this lab.d/profind: bad substitution”. The CR # is 6369598.10_sun4u_en-US_1_1_S. The configuration includes the following tasks: ● ● Configure the WAN Boot server as an Apache web server Configure Solaris JumpStart™ and WAN Boot parameters on the WAN Boot server Configure the client using the WAN Boot procedure ● Preparation Instructor Preparation note: Verify the EduJump installation of the timesaver bundle SA225_B_timesaverflar_SunOS5. there is a bug that prevents WANBoot from working correctly. Revision A 20-23 .tar. in Solaris 10 Update 2 build 4 and beyond. This requirement has been specified for the RLDC systems. Introducing WANBoot Copyright 2006 Sun Microsystems. and the result of the boot is that the miniroot loads. All steps are performed on the WAN Boot server except where noted otherwise.gz (for SA210). This lab also requires that Solaris 10 Update 1 DVDs are in the DVD drives. Enterprise Services. (default: /var/apache/htdocs): ______________________________________________________________ ● Directory under the docroot that contains the Solaris 10 OS Flash archive.1.25): ______________________________________________________________ 20-24 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.168. (default: /var/apache/htdocs/config): ______________________________________________________________ ● Directory that contains the wanboot.Exercise: Configuring WANboot Complete the following worksheet before you begin the installation. and profile files. All Rights Reserved. 192. (default:/var/apache/htdocs/flashdir/): ______________________________________________________________ ● Directory under the docroot that contains the wanboot program file and miniroot filesystem. rules. Inc. ● WAN Boot server name (for example.conf and system. also known as the docroot. WANBootserv): ______________________________________________________________ ● WAN Boot server IP Address: ______________________________________________________________ ● Directory containing the web server documents. WANBootclient): ______________________________________________________________ ● WAN Boot client IP address (for example. Revision A . (default: /var/apache/htdocs/wanboot10): ______________________________________________________________ ● Directory under the docroot that contains the sysidcfg.conf files (default: /etc/netboot): ______________________________________________________________ ● WAN Boot client name (for example. Different images must be used for different architectures. spooling the entire Solaris 10 OS is not needed. install – Contains the remote root file system. Inc. wanboot – Contains the wanboot image needed to start the JumpStart over http. Since a Flash archive will be used for this exercise. miniroot – Is the ramdisk image used to start the client boot process.conf) and client configuration files (profile and sysidcfg) bootlog-cgi . 2. Ensure that the web server is bound on port 80. The -b switch installs the server only. Copy the cgi scripts needed for JumpStart to work and set their permissions to 755. 2.client file 3. Continue with the following steps in a new terminal window. Copy the architecture dependent wanboot image over to the wanboot directory.conf and system. wanboot-cgi . Update the primary Apache configuration file by setting the value of the ServerName variable to your WAN Boot server’s IP address. 4. Revision A 20-25 . Enterprise Services. Create the directories needed for the WAN Boot configuration on the Apache web server. Set up the wanboot install server. This step will take 15-20 minutes to complete. Start the web server.serves all requests including parsing of wanboot server files (wanboot. There is no need to wait until completion to continue. 4. Introducing WANBoot Copyright 2006 Sun Microsystems. All Rights Reserved. Task 2– Configuring the WAN Boot and JumpStart Files Perform the following steps to configure the WAN Boot and JumpStart server files: 1. 3.creates a log of all client activity in the /tmp/bootlog. Clear out all of the index files in the Apache document root directory.Exercise: Configuring WANboot Task 1– Configuring the Apache Web Server Perform the following steps to configure and start the Apache web server: 1. 3. and make sure the client system is starting the install over the http protocol. Check the boot log on the WAN Boot server. 12. Setup client networking parameters in the sysidcfg file.conf file. 10. Be sure that this entry exists at the top of the file.Exercise: Configuring WANboot 5. All server configuration files are placed in the /etc/netboot directory. Revision A . Inc. 9. 11. Use the banner command at the ok prompt to show your version of the PROM. 1. 6. 7. Task 3– Booting the WAN Boot Client The following steps can be used on any client system. Configure the install server wanboot parameters in the wanboot. make sure that the Install Server setup complete message has appeared on the server system. Use the templates provided on disk 1 of Solaris 10 Update 1 OS installation CDs. Setup client install parameters such as software and partitioning information in the profile file. Check the configuration of the wanboot server with the bootconfchk utility. Create the client configuration file pointer parameters in the system. Enter all of the client networking and Wan Boot server information at the interactive boot prompt. 20-26 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Instruct the wanboot server to use the profile named "profile" created in the previous steps for all clients. Configure the individual client install parameters in the /var/apache/htdocs/config directory. Absence of output indicates a successfully configured wanboot server. or observe the console messages. Run the check utility on the rules and profile files.14. Boot wanboot using the Solaris 10 Update 1 OS CD 1. but are mandatory on all systems below PROM revision 4. Note – Prior to booting the client. 2.conf file. All Rights Reserved. Enterprise Services. 8. Introducing WANBoot Copyright 2006 Sun Microsystems. All Rights Reserved. Inc.Exercise Summary Exercise Summary Discussion – Take a few minutes to discuss what experiences. Enterprise Services. ● Experiences Ask students what their overall experiences with this exercise have been. or discoveries you had during the lab exercise. Revision A 20-27 . ! ? Manage the discussion based on the time allowed for this module. ● Conclusions Have students articulate any conclusions they reached as a result of this exercise experience. Go over any trouble spots or especially confusing areas at this time. highlight just the key concepts students should have learned from the lab exercise. ● Applications Explore with students how they might apply what they learned in this exercise to situations at their workplace. issues. If you do not have time to spend on discussion. ● Interpretations Ask students to interpret what they observed during any aspect of this exercise. Exercise Solutions Exercise Solutions This section provides the answers to the exercise tasks. cd /var/apache/htdocs cp index. ksh:sys-01# /usr/apache/bin/apachectl start: httpd started 4.conf files.en index.0. Inc. starting the apache web services continues to use/etc/init. Start the Apache web server.conf-example /etc/apache/httpd.0.1 Change it to the correct server name for your environment: ServerName WANBootserv (for example: sys-01) 3.html mkdir INDEX mv index. For example. 20-28 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.html. # /etc/init. Task 1– Configuring the Apache Web Server 1.* INDEX 2. # cp /etc/apache/httpd.d. /etc/init. All Rights Reserved. and the /etc/inetd.d/apache start method. some applications have not yet been converted. but will use svcadm enable network/apache in an upcoming release. Enterprise Services. Update the primary Apache configuration file to reflect the WAN Boot server's IP address. The catch is. # # # # Clear out all of the index files in the Apache document root directory.conf # vi /etc/apache/httpd.conf Edit the line that reads: ServerName 127. Revision A .* 0 Instructor Note: SMF effects all the services that use to live in /etc/inittab. 0 49152 0 LISTEN # netstat -an | grep 80 | grep -i listen *.html.d/apache start httpd starting. Ensure that the web server is bound on port 80.80 *. Contains the wanboot image needed to start the JumpStart over http. The lab. # cd /cdrom/cdrom0/s0/Solaris_10/Tools # . install . the follow steps would be added to the procedure to do so. This command will take about 2 hours. Enterprise Services. as the student will see and do it. The patch required has been deposited on the classroom systems..Is the ramdisk image used to start the client boot process. time and disk space. The steps are not formally part of the lab because it adds about 2 more hours to the lab and requires 4 more Gbytes of disk space and the point gained is minor. At the very least. If the patch to fix the profind error were to be applied. you could share these steps with the students and get the client to successfully install. Perform the following steps to configure the WAN Boot and JumpStart server files: 1. shows the server configuration and the process for booting the client. find a large enough file system (on the second disk or elsewhere)./setup_install_server /export/home/s10u1/dvds/wanbootfix Verifying target directory. Execute a command similar to the following to install a patchable install server. via a lab bundle. If you do not have sufficient space in that file system.Contains the remote root file system. wanboot . Revision A 20-29 . The gist of the fix is to run an additional setup_install_server command to set up an install server that is writable so that the patch can be applied to it. # cd /var/apache/htdocs # mkdir wanboot install config miniroot The following information is not shown in the course either in the SG or in IG. Then a second setup_install_server command is issue to set up the wanboot server under the apache area. It is tagged so as to be hidden to all but future course developers (Conditional Comment tag) who might benefit from these notes at some time. Inc.Exercise Solutions Task 2– Configuring the WAN Boot and JumpStart Files Insert the Solaris 10 Update 1 CD 1 for the Solaris 10 Update 1 DVD. All Rights Reserved. miniroot . in the /var/sadm/spool directory so if there was interest. Calculating the required disk space for the Solaris_10 product Introducing WANBoot Copyright 2006 Sun Microsystems. Also mention that the procedure below uses a temp patch (T patch) and a regular one should be available for customers soon. discuss this issue with the students to make them aware that the problem will go away in update 2 and the procedure in this lab will produce a successfully installed client at that time.. The only thing missing is a successful client installation near the end of the procedure. 1a) This step assumes there is sufficient space (4 GB) in the /export/home file system. Discuss this patching procedure if students express an interest in how to get WANboot to work on a Solaris 10 Update 1 system. Create the directories needed for the wanboot configuration on the Apache web server. Executing prepatch script. Patch 119081-14 has been successfully installed. The -b switch installs the server only.. # cd /cdrom/cdrom0/s0/Solaris_10/Tools/Boot/platform/sun4u/ # cp wanboot /var/apache/htdocs/wanboot 20-30 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. Setup the wanboot install server. not from the unpatched area included in the visible lab.. spooling the entire Solaris 10 OS is not needed. Continue with the following steps in a new terminal window.../setup_install_server -b -w /var/apache/htdocs/wanboot \ /var/apache/htdocs/install 3.. Different images must be used for different architectures. execute the next setup_install_server command from /export/home/s10u1/dvds/wanbootfix/Solaris_10/Tools. There is no need to wait until completion to continue. 2. Inc. # cd /cdrom/cdrom0/s0/Solaris_10/Tools # . See /export/home/s10u1/dvds/wanbootfix/Solaris_10/Tools/Boot/var/sadm/patch/119081-14/log for details Patch packages installed: SUNWadmc SUNWadmlib-sysid SUNWinst SUNWsibi At this point the patched area should be used for the following step 2 (not hidden in these instructor notes).Exercise Solutions Calculating space required for the installation boot image Copying the CD image to disk. Verifying sufficient filesystem capacity (dry run method).. Copying Install Boot Image hierarchy. This step will take about 30 minutes to complete. /cdrom/cdrom0/s0/Solaris_10/Tools). Copy the architecture dependent wanboot image over to the wanboot directory. Enterprise Services. In other words. Revision A .. Installing patch packages. Install Server setup complete 1b) Execute the following command to set an environment variable to avoid deleting a symbolic link for the var directory under the miniroot during a subsequent setup_install_server command: # PKG_NONABI_SYMLINKS="true" # export PKG_NONABI_SYMLINKS 1c) Add the patch to fix the error in the profind script distributed on the Solaris 10 Update 1 DVD but now in a writable area: # cd /var/sadm/spool # patchadd -C /export/home/s10u1/dvds/wanbootfix/Solaris_10/Tools/Boot T119081-14 Checking installed patches... Since a Flash archive will be used for this exercise. All Rights Reserved.... Inc. by default under the /tmp directory.conf boot_file=/wanboot/wanboot root_server=http://<WANBooter_IP>/cgi-bin/wanboot-cgi root_file=/wanboot/miniroot signature_type= encryption_type= server_authentication=no client_authentication=no resolve_hosts= boot_logger=http://WANBooter_IP/cgi-bin/bootlog-cgi system_conf=system. 6. An alternative is to leave this option blank and watch all messages on the client console.conf file. Revision A 20-31 . the boot_logger is set to log all messages to the server. Use the templates provided on disk 1 of Solaris 10 Update 1 OS installation CDs.conf file above. All Rights Reserved. Create the client configuration file pointer parameters in the system. Configure the install server wanboot parameters in the wanboot. # vi /etc/netboot/system.conf SsysidCF=http://WANBootserv_IP/config SjumpsCF=http://WANBootserv_IP/config 7.conf file. Configure the individual client install parameters in the /var/apache/htdocs/config directory. Copy the cgi scripts needed for JumpStart to work. and set their permissions to 755. Enterprise Services.client file # # # # cp /usr/lib/inet/wanboot/wanboot-cgi /var/apache/cgi-bin/wanboot-cgi chmod 755 /var/apache/cgi-bin/wanboot-cgi cp /usr/lib/inet/wanboot/bootlog-cgi /var/apache/cgi-bin chmod 755 /var/apache/cgi-bin/bootlog-cgi 5. # mkdir /etc/netboot # vi /etc/netboot/wanboot.conf and system.Exercise Solutions 4. All server configuration files are placed in the /etc/netboot directory.conf) and client configuration files (profile and sysidcfg) bootlog-cgi – creates a log of all client activity in the /tmp/bootlog.conf Note – In the wanboot. wanboot-cgi – serves all requests including parsing of wanboot server files (wanboot. # cp -r /cdrom/cdrom0/s0/Solaris_10/Misc/jumpstart_sample/* \ /var/apache/htdocs/config Introducing WANBoot Copyright 2006 Sun Microsystems. # vi profile install_type flash_install archive_location http://WANBootserv_IP/flashdir/Flar_FileName partitioning explicit filesys c0t0d0s0 free / filesys c0t0d0s1 512 swap 10. Set up client install parameters such as software and partitioning information in the profile file. # vi sysidcfg timeserver=localhost system_locale=C network_interface=<interface_type> { default_route=none netmask=255. Revision A . The JumpStart client installation aborts if you do not run this command.ok 20-32 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems. # vi rules any .0 protocol_ipv6=no } timezone=US/Central terminal=vt100 name_service=NONE security_policy=NONE root_password=your_password Note – In the above example of the root_password. Set up client networking parameters in the sysidcfg file. Be sure that this entry exists at the top of the file. All Rights Reserved. Instruct the wanboot server to use the profile named profile created in the previous steps for all clients.255.255. # ..profile 11. Comment out that line to fix the problem and run check again.ok file to make sure the any rule in effect. Inc. Run the check utility on the rules and profile files. Enterprise Services. (You may see an error reported by the check utility related to the string set_root_pw. make sure that you cut and paste the actual root password out of the /etc/shadow file./check # more rules. Note – This is a mandatory step.Exercise Solutions # cd /var/apache/htdocs/config 8. View the rules. 9. Check the configuration of the wanboot server with the bootconfchk utility. Absence of output indicates a successfully configured wanboot server. Revision A 20-33 . All Rights Reserved.Exercise Solutions 12.conf Introducing WANBoot Copyright 2006 Sun Microsystems. Enterprise Services. Inc. # bootconfchk /etc/netboot/wanboot. make sure that the Install Server setup complete message has appeared on the server system. ok boot cdrom -o prompt -F wanboot .255. ignored boot> list host-ip: subnet-mask: router-ip: hostname: http-proxy: client-id: aes: 3des: sha1: bootserver: WanbootClient1_IP 255.255. All Rights Reserved. Revision A . but are mandatory on all systems below PROM revision 4. boot> prompt host-ip? WanBootClient1_IP subnet-mask? 255.Exercise Solutions Task 3– Booting the WAN Boot Client The following steps can be used on any client system. Enter all of the client networking and Wan Boot server information at the interactive boot prompt. Note – Prior to booting the client. Use the banner command at the ok prompt to show your version of the PROM.148.255.14. Enterprise Services. 1.192.0 UNSET WANBootclient1 UNSET UNSET *HIDDEN* *HIDDEN* *HIDDEN* http://WANBootserv-IP/cgi-bin/wanboot-cgi Boot wanboot using the Solaris 10 OS Update 1 CD 1.255.install 20-34 Make the Transition to the Solaris™ 10 Operating System Copyright 2006 Sun Microsystems.0 router-ip? hostname? WanBootClient1 http-proxy? client-id? aes? 3des? sha1? bootserver? http://WANBootserv_IP/cgi-bin/wanboot-cgi Ignore the error: Unknown variable '/129. Inc.83/cgi-bin/wanboot-cgi'. 2. d/profind: bad substitution Warning: Could not find matching rule in rules.WanBootClient1 Feb 01 10:31:43 sys-02 wanboot: [ID 848080 user..... There is a known bug with this update release that prevents the client from completely installing. Searching for JumpStart directory..progress] miniroot: Read 34712 of 247776 kB (14%) Feb 01 10:31:59 sys-02 wanboot: [ID 193690 user. All Rights Reserved.. If you configured the boot_logger to log all messages to the WANBoot server in Task 2.ok This error is fixed and will be available as a patch for Solaris 10 Update 1 installations.progress] miniroot: Read 54552 of 247776 kB (22%) . # tail -f /tmp/bootlog.. Introducing WANBoot Copyright 2006 Sun Microsystems. Step 5. Enterprise Services. Revision A 20-35 .. Inc. check the boot log and make sure the client system is starting the install over the http protocol. Download complete Note – This lab is using Solaris 10 Update 1. /usr/sbin/install. Starting Solaris installation program. The error message displayed on the client console is as follows: . The fix will be included in Solaris 10 Update 2.Exercise Solutions boot> go 3.