Professional Documents
Culture Documents
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Qav lic
i d
ah
Sh
Transition to Oracle Solaris 11
Activity Guide
D73488GC30
Edition 3.0 | November 2014 | D89086
This document contains proprietary information and is protected by copyright and other
Technical Contributors intellectual property laws. You may copy and print this document solely for your own
and Reviewers use in an Oracle training course. The document may not be modified or altered in any
way. Except where your use constitutes "fair use" under copyright law, you may not
Juanita Heieck use, share, download, upload, copy, print, display, perform, reproduce, publish, license,
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
post, transmit, or distribute this document in whole or in part without the express
Kathy Slattery authorization of Oracle.
Alta Estad
The information contained in this document is subject to change without notice. If you
Alissa Bader Clark find any problems in the document, please report them in writing to: Oracle University,
Sharon Veach 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Maheshwari Krishnamurthy If this documentation is delivered to the United States Government or anyone using the
documentation on behalf of the United States Government, the following notice is
ble
applicable:
e r a
nsf
Editors
Aju Kumar U.S. GOVERNMENT RIGHTS
-tr a
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or
Anwesha Ray o n
disclose these training materials are restricted by the terms of the applicable Oracle
n
Raj Kumar
s a
license agreement and/or the applicable U.S. Government contract.
a
h eฺ
Trademark Notice
)
Publishers e
tฺa Guid
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names
n e
Sumesh Koshy
t e sฺ ent may be trademarks of their respective owners.
Syed Ali
m ira Stud
Srividya Rameshkumar
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh
Table of Contents
Practices for Lesson 1: Course Introduction.................................................................................................1-1
Practices for Lesson 1: Overview ...................................................................................................................1-2
Practice 1-1: Getting Familiar with Your Practice Environment ......................................................................1-3
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements .................2-1
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
bl
Practice 3-5: Managing the Boot Environments .............................................................................................3-25 e
r a
Practice 3-6: Testing Your Skills and Knowledge ...........................................................................................3-30
fe
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System ...............................................4-1 n s
n - tra
Practices for Lesson 4: Overview ...................................................................................................................4-2
no
Practice 4-1: Installing the Oracle Solaris 11 OS by Using the Text Installer .................................................4-3
a
h s
Practice 4-2: Installing the Oracle Solaris 11 OS by Using the Live Media Installer .......................................4-6
a.......................................4-10
Practice 4-3: Installing the Oracle Solaris 11 OS by Using the Automated Installer
a e ) d e ฺ
ฺ
et t Gu i
Practice 4-4: Configuring Oracle Solaris 11 Instances ...................................................................................4-19
ฺ n
Practice 4-5: Customizing the Automated Installation ....................................................................................4-26
s Unified eArchive n Through Automated Installer 4-35
Practice 4-6: Deploying a System by Using an Oracle Solaris
a t e d
Practice 4-7: Testing Your Skills and Knowledge ir Stu
m...........................................................................................4-44
Practices for Lesson 5: Oracle Solarisi11 @ e h is
Network tAdministration Enhancements ..................................5-1
a v e
Practice 5-1: Managing h dฺqNetwork
Practices for Lesson 5: Overview
i
Reactive t o us
...................................................................................................................5-2
Configuration ...............................................................................5-3
( s hathe Capabilities
Practice 5-2: Exploring
n se of the ipadm Utility ...........................................................................5-12
a i
v Configuring
Practice 5-3: l e
icNetwork Virtualization Features .............................................................................5-16
i d Q
Practice 5-4: Configuring Elastic Virtual Switch (EVS) ...................................................................................5-31
a h Practice 5-5: Configuring Link Aggregation ....................................................................................................5-32
Sh Practice 5-6: Configuring IPMP ......................................................................................................................5-34
Practice 5-7: Configuring a Network Bridge ...................................................................................................5-49
Practice 5-8: Monitoring the Network .............................................................................................................5-52
Practice 5-9: Test Your Skills and Knowledge ...............................................................................................5-60
Practices for Lesson 6: Administering Oracle Solaris 11 Zones .................................................................6-1
Practices for Lesson 6: Overview ...................................................................................................................6-2
Practice 6-1: Migrating an Oracle Solaris 10 Zone to Oracle Solaris 11 ........................................................6-3
Practice 6-2: Migrating an Oracle Solaris 10 Global Zone to Oracle Solaris 11 .............................................6-10
Practice 6-3: Configuring a Kernel Zone (demonstration) ..............................................................................6-16
Practice 6-4: Cloning and Deploying a Kernel Zone by Using an Unified Archive (Demonstration) ...............6-17
Practice 6-5: Monitoring Zone Resource Utilization .......................................................................................6-18
Practices for Lesson 7: Oracle Solaris 11 ZFS Enhancements....................................................................7-1
Practices for Lesson 7: Overview ...................................................................................................................7-2
Practice 7-1: Migrating a ZFS File System .....................................................................................................7-3
Practice 7-2: Splitting a Mirrored ZFS Storage Pool.......................................................................................7-8
Practice 7-3: Identifying ZFS Snapshot Differences .......................................................................................7-11
Practice 7-4: Configuring ZFS Deduplication .................................................................................................7-12
Copyright © 2014. Oracle and/or its affiliates. All rights reserved.
bl e
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 1:
Course ฺ a i d
et Introduction
u
ฺ n
s 1 en t G
t e
m ir Stud
aChapter
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Practices Infrastructure
This section presents the architectural overview of the infrastructure required for the practices.
Your practice environment is based on the Oracle VM VirtualBox virtualization software. The
environment consists of multiple virtual machines (VMs), which are configured on a private
internal network (192.168.0). Each VM can communicate with other VMs on the same private
network, as shown in the following diagram.
Note: Internet access is not configured for these VMs.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a
h eฺ s
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
a h
VirtualBoxv i
environment nse of the following VMs:
(sh iceconsists
Q a of the VMl
h i d Name Description
a
Sh This VM is installed with Oracle Solaris 11.2 Text Install for x86.
This VM provides NFS and DNS services. You can perform the
following tasks by using this VM:
S11-Server1 • Configure IPS and AI services.
• Use S11-Server1 as target for migrating a zone.
• Perform network, ZFS, and security enhancements
practices.
This VM is installed with Oracle Solaris 11.2 Live Media for x86 and
used as the IPS client machine. You will use this VM to verify
S11-Desktop
network configurations and configure this system as an iSCSI
initiator.
This VM is installed with Oracle Solaris 10 Update 11 for x86. It is
S10-Server1
used as a source for zone’s migration practice.
This VM is used to install Oracle Solaris 11.2 Text Install OS for
Text Install
x86.
dฺq to us
folder.
a h i But, after reimporting, you will have
sh ens e to redo previous practices to bring
i (
Q av lic the VM to the required start state of
the practice where the VM got
h i d corrupted.
a
Sh ISO files /opt/ora/iso Contains the S11.2 GA ISO files
required to perform practices
The details of the shared directories can be verified in the respective VM settings. Each VM has
an entry in the /etc/vfstab file, which stores information about the mount points and related
directories on the system.
User Credentials
VMs Credentials
• Username: oracle
• Password: oracle1
S11-Server1 Note: As the oracle user, use su to switch to the primary
administrator (root) role. The password is oracle1. The
root is configured as a role by default in Oracle Solaris 11.
The first username created on the system during the
• Username: root
S10-Server1
• Password: cangetin
Tasks
Perform the following steps to get familiar with your practice environment:
1. On your host system, start the Oracle VM VirtualBox Manager by double-clicking its icon on
your desktop.
ble
e r a
tra nsf
n -
2. In the Oracle VM VirtualBox Manager window, double-click the S11-Server1
a no VM to start it.
h a s button on the menu
Alternatively, you can select the S11-Server1 VM and click the Start
bar.
a e ) deฺ
e t ฺ u i
n
sฺ ent G
t e
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a
h eฺ s
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
ha nsVMe by double-clicking it in the VirtualBox Manager.
5. Open the S11-Desktop
( s
v
6. After the
a l i ce VM is powered ON, log in with the user ID oracle and password
i S11-Desktop
i d Q
oracle1. The GUI-based desktop is displayed.
h ah
S
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
7. Close the S11-Desktop VM.
t e sฺ ent
ira by S
8. Verify that no VMs are running at this time,
m t ud the status of the VMs in Oracle VM
viewing
VirtualBox Manager window.
@ e his
9. Do not open other VMs atathis i t
v pointsinetime.
q
idฺ to u
Best Practiceshah
( e n se steps in the practices with care and attention for a smooth
sthe instructional
•
v i
Follow
aexperience. lic
Q
id • Ensure that no more than three VMs are running at a time, while performing the
a h
Sh practices.
• Shut down the VMs when not required for a specific practice, to release system
resources for the primary VM in use.
• Halt the zones when not required to release system resources.
• When launching a VM for the first time, if you see the Select start-up disk appear,
click the Cancel button to continue.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 2:
Introducing ฺ a
et t Gthe i d
u Oracle
s ฺ n n New Features and
aSolaris
t e d 11
e
e mir Enhancements
i s S tu
v i @ e thChapter
ฺ q a us 2
a h id to
sh ens e
i (
Q av lic
i d
ah
Sh
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements
Chapter 2 - Page 1
Practices for Lesson 2
Practices Overview
There is no practice for Lesson 2.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements
Chapter 2 - Page 2
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 3:
Managing ฺ a
et tSoftware
u i d Packages
ฺ n
sOracle G
nSolaris 11
ain
t e d e
e mir Chapter
s S tu3
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
operating system.
The key areas explored in the practices are:
• Configuring a local IPS package repository
• Configuring a network client to access the IPS server
• Updating Oracle Solaris 11 to Oracle Solaris 11.2 OS (demonstration)
• Managing software packages
• Managing the boot environments ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
package name and description. When you install or upgrade to the Oracle Solaris 11 release,
the system initially has one publisher configured: the solaris publisher. The default publisher has
the http://pkg.oracle.com/solaris/release/ repository origin.
You can create your own local package repository. Having a local package repository is
necessary when your network clients do not have access to the web-based default repository.
Other reasons you might want to have a local copy of a package repository include:
• Performance: Having a local package repository allows clients to access packages at
local network speeds.
ble
• Security: You might not want your client systems to have access to the Internet. e r a
• Replication: You want to ensure that an installation that you perform next year is a nsf
exactly the same as the installation you perform today.
o n -tr
In your practice environment, your virtual machine client cannot access the default publisher for
a n
a s
software update services. So, your first task will be to create your own local package repository
h eฺ
)
and make it the default publisher so that the network client can be serviced by IPS.
e
n e tฺa Guid
Task
t e sฺto configure
e n t
Perform the following steps on the S11-Server1
i r a tud
VM a local IPS package repository:
1. Verify that no VMs are running at e mpointiofs time.
this S
2. Start the S11-Server1 VM and @ h
vi log sinewitht the user ID oracle and password oracle1.
q a
3. Run the su command
h i dฺto assume
t o uprimary administrator privileges.
( s ha nse su -
oracle@s11-server1:~$
a v i
Password:
l i ce
i d Q Oracle Corporation SunOS 5.11 11.2 June 2014
h ah root@s11-server1:~#
S 4. Determine the host name of this server.
root@s11-server1:~# hostname
s11-server1
5. Verify that this server can access DNS services.
root@s11-server1:~# nslookup s11-server1
Server: 192.168.0.112
Address: 192.168.0.112#53
Name: s11-server1.mydomain.com
Address: 192.168.0.112
6. Download the following repository files available at the Oracle Solaris download site to a
ZFS file system, such as rpool/export/repodir:
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html
Note: Do not run these commands in this lab. For this training purpose, these steps
have already been performed for you.
# ls
install-repo.ksh sol-11_2-repo-3of4.zip
README-zipped-repo.txt sol-11_2-repo-4of4.zip
sol-11_2-repo-1of4.zip sol-11_2-repo-md5sums.txt
sol-11_2-repo-2of4.zip
7. Make the repository assembly script executable.
Note: Do not run this command in this practice. For training purpose, this step has
already been performed for you.
ble
# chmod +x install-repo.ksh
e r a
8. Create a ZFS file system for the local IPS repository with compression enabled.
a nsf
Note: Do not run this command in this practice. For training purpose, this step has
o n -tr
already been performed for you.
a n
a
h eฺ s
# zfs create -o compression=on –o atime=off rpool/export/IPSpkgrepos
e )
tฺa withGthe idZFS file system for the
# zfs create rpool/export/IPSpkgrepos/Solaris
Uncompressing sol-11_2-repo-1of4.zip...done.
Uncompressing sol-11_2-repo-2of4.zip...done.
Uncompressing sol-11_2-repo-3of4.zip...done.
Uncompressing sol-11_2-repo-4of4.zip...done.
Repository can be found in /export/IPSpkgrepos/Solaris.
Initiating repository verification.
...
Building ISO image...done.
ISO image and instructions for using the ISO image are at:
/export/repodir/sol-11_2-repo.iso
/export/repodir/README-repo-iso.txt
-tra
root@s11-server1:~# svcprop -p pkg/inst_root application/pkg/server
/var/pkgrepo n o n
s a
Note: This system is not currently configured as an IPS server (the service is disabled).
) a
h eฺ
The default location of the IPS repository is determined by the pkg/inst_root property.
e
tฺa Guid
The /var/pkgrepo directory is not the correct location of your local repository.
n e
t e sฺ ent
12. Determine whether the IPS service is currently available.
ra Stud
root@s11-server1:~# pkg search ientire
m
e hrespond
pkg: Some repositories failed
@
to
i s appropriately:
solaris:
q a vi package
s e t
Encountered h
i
Unable to contact
dฺ to uerror(s):
valid repository
e )
root@s11-server1:~# pkg publisher
n e tฺa Guid
PUBLISHER TYPE
t e sฺ PeLOCATION
STATUS n t
solaris ira online
origin
m S t udF http://s11-server1.mydomain.com/
21. Test IPS on the local server by @ e hforisthe entire package.
searching
root@s11-server1:~#apkg
i
v search e t
q
dฺACTIONtoVALUE
u s entire
INDEX
h i
( s ha nse PACKAGE
v i
apkg.descriptione
lic setincluding
Provides for power management support of the entire
a h reach both minimum and full capacity, and whether or not to permit system
Sh
suspend and resume if the platform supports it.
pkg:/system/kernel/power@0.5.11-0.175.2.0.0.42.2
pkg.description set Provides support for suspend and resume of the entire
operating system. When the system is suspended, the entire system state is
preserved either in RAM or non-volatile storage until a resume operation is
conducted. The ability to suspend and resume is device dependent and not all
systems support the capability. pkg:/system/kernel/suspend-resume@0.5.11-
0.175.2.0.0.42.2
pkg.description set pixz compresses and decompresses files using multiple
processors. If the input looks like a tar(1) archive, it also creates an index
of all the files in the archive. This allows the extraction of only a small
segment of the tarball, without needing to decompress the entire archive.
pkg:/compress/pixz@1.0-0.175.2.0.0.42.1
pkg.fmri set solaris/entire
pkg:/entire@0.5.11-0.175.2.0.0.42.0
22. Display the status of the IPS repository.
root@s11-server1:~# pkgrepo info -s /export/IPSpkgrepos/Solaris
PUBLISHER PACKAGES STATUS UPDATED
solaris 4870 online 2014-06-25T03:55:23.627994Z
Task
Perform the following steps on the S11-Desktop machine to configure a network client to access
the IPS server:
1. Verify whether S11-Server1 is running. Keep it minimized for the time being.
2. Start the S11-Desktop VM and log in with the user ID oracle and password oracle1.
ble
3. In the S11-Desktop VM, right-click the desktop background and open a terminal window.
e r a
4. In the terminal window, run the su command to assume primary administrator privileges.
a nsf
oracle@s11-desktop:~$ su -
o n -tr
Password:
a n
a s
Oracle Corporation SunOS 5.11
h eฺ
11.2 June 2014
root@s11-desktop:~#
e ) d
e ฺa byuiresolving
5. Verify whether S11-Desktop (client) can access DNStservices the IPS server
host name. n
sฺ ent G
t e
ira Stud
root@s11-desktop:~# nslookup s11-server1
m
Server:
e his
192.168.0.112
@
Address: i
v se t
192.168.0.112#53
a
i q
dฺ to u
h
Name: s11-server1.mydomain.com
i ( s a ense
Address:h192.168.0.112
6. Verify
Q lic can ping the IPS server.
avthat this client
a h id root@s11-desktop:~# ping s11-server1
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
12. Close the Firefox browser.
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh
Assumptions
Adobe Flash Player is already installed on the host machine before executing the
demonstration.
ble
e r a
Special note for playing the demo in the virtual machine:
a nsf
• To be able to view demo controls in the browser, it is recommended to switch to full
screen. o n -tr
a n
• s
To switch to full-screen mode in the browser window, go to View > Full Screen.
a
h eฺ
e )
Task
n e tฺa Guid
e ฺ which
For this practice, you are provided with a demonstration,
sOS n twill help you to understand how
to update a machine running the Oracle Solaris
i r t
a tud
11 to e
Oracle Solaris 11.2 OS.
@ em window.
1. On your host machine, open a terminal
h i s S
2. Change to the /opt/ora/demo/
q a vi directory.
s e t
i dฺ to u
# cd /opt/ora/demo/Updating_a_System_to_S11.2
h
sha ense OS_Update_Demo.swf standard.js
# ls
i (
lic System Software Using IPS.htm file in a web browser.
OS_Update_Demo.htm
Q
3. Open avthe Upgrading
a h id # firefox OS_Update_Demo.htm &
Sh 4. A browser window with the Flash demo is displayed.
5. Close the terminal window.
6. Close the web browser after you complete viewing the flash demo.
perform common software update tasks such as adding, removing, and searching for packages.
You also learn how to perform a “dry run” on package installations, which enables you to see
the changes that will occur on the system when a package is installed, without actually installing
the package. To demonstrate the IPS capabilities, you manage the apptrace software
package.
t e sฺ ent
apptrace software packages are currently installed.
ra Stud
i'apptrace'
root@s11-desktop:~# pkg list apptrace
m
e his installed
pkg list: No packages matching
@
2. Search the IPS package a
q vi sfore the
repository t apptrace software package.
h i dฺ pkgtosearch
root@s11-desktop:~# u apptrace
INDEX ha se VALUE
i ( s e n
ACTION
Q apkg.description
h i d shared objects pkg:/developer/apptrace@0.5.11-0.175.2.0.0.42.2
a
Sh
pkg.summary set Apptrace Utility
pkg:/developer/apptrace@0.5.11-0.175.2.0.0.42.2
basename file usr/bin/apptrace
pkg:/developer/apptrace@0.5.11-0.175.2.0.0.42.2
pkg.fmri set solaris/developer/apptrace
pkg:/developer/apptrace@0.5.11-0.175.2.0.0.42.2
ahi
81.7k/s
Sh PHASE ITEMS
Installing new actions 29/29
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
Now, you will manage the apptrace package by using the graphical Package Manager
utility.
9. On the desktop background, double-click the Add More Software icon to display the
Package Manager GUI. Select the solaris publisher. ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
Note: When a publisher
i q
dฺoriginally.
is sticky,uthe client source updates from the same publisher that
a h
provided the package e to
i ( sh ens
Q av lic
ah id
Sh
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
q
idฺ thattotheuapptrace package is not currently installed on this
h
The status iconaindicates
system. (sh
e n se
av i lic
id Q
h ah
S
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q
21. Close
lic Manager window.
avthe Package
a h id
Sh
environment.
During this practice, you will create a new full boot environment based on the current BE. The
current BE does not have the diffstat package installed. You make the new BE the active
boot environment and you update it with the diffstat package. You reboot to the original boot
environment to prove that the two BEs are now logically separated.
You also mount and update an inactive BE. You also create a clone and a snapshot of the
current BE.
bl e
Start State for the Practice
fe r a
Verify whether S11-Server1 VM is running. If not, start it now and run the su command to n s
assume primary administrator privileges.
n - tra
Refer to Practice 1 for the procedure to start the VMs.
a no
Task ) h as ฺ
Perform the following steps to manage boot environment:tฺa
e ide
ฺ n e G u
tes uBEs.
1. In the S11-Server1 virtual machine, list the current
en t
root@s11-server1:~# beadm list ira
t d
e m Policy s S
hi -------
BE Active Mountpoint Space Created
v i @-----
e t
--
/ฺq
a u3.42G
------ ---------- ------
s static 2014-07-07 01:05
solaris NR
h i d t o
i (
reboot (R). shaindicates
The Active field
e n sewhether the boot environment is active now (N) and active on
Q
2. Cloneavthe currentlicactive BE. Name the clone solaris-1.
a hid root@s11-server1:~# beadm create solaris-1
Sh 3. List the current BEs.
root@s11-server1:~# beadm list
BE Active Mountpoint Space Policy Created
-- ------ ---------- ----- ------ -------
solaris NR / 3.42G static 2014-07-07 01:05
solaris-1 - - 145.0K static 2014-07-09 03:52
4. Activate the solaris-1 BE. Display the list of BEs. Note that solaris-1 is pending
activation on reboot.
root@s11-server1:~# beadm activate solaris-1
Notice that solaris-1 is now the default boot entry in the GRUB menu.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
6. After S11-Server1 has rebooted, log inias
m S t ud user and use su to root.
rathe oracle
e BEs.his
7. In a terminal window, list the current
@
i
v list
root@s11-server1:~#abeadm e t
q
dฺ Mountpoint s
u Space Policy Created
BE
h i
Active
t o
--
i ( sha------
- en/
e
s---------- ----- ------ -------
a v
solaris
l ic - 43.0K static 2014-07-07 01:05
PHASE ITEMS
Installing new actions 28/28
Updating package state database Done
Updating package cache 0/0
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
10. Activate the solaris BE. Display the list of BEs. Note that solaris is pending activation
on reboot.
root@s11-server1:~# beadm activate solaris
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
m ira static
solaris-1 -
S t u2014-07-09
- 94.03M
03:52
@ e hi s
v i e t
ฺqa matching
root@s11-server1:~# pkg list diffstat
i d
pkg list: No packages
t o us 'diffstat' installed
h
ha BE.nse
13. Mount the inactive
( s
a v i l ice beadm mount solaris-1 /solaris-1
root@s11-server1:~#
i d Q
h ah root@s11-server1:~# beadm list
S BE
--
Active Mountpoint Space Policy Created
------ ---------- ----- ------ -------
solaris NR / 3.47G static 2014-07-07 01:05
solaris-1 - /solaris-1 94.02M static 2014-07-09 03:52
14. Verify that the diffstat package is installed in the inactive package.
root@s11-server1:~# pkg -R /solaris-1 verify -v diffstat
PACKAGE STATUS
pkg://solaris/text/diffstat OK
15. Remove the diffstat package from the mounted inactive BE.
root@s11-server1:~# pkg -R /solaris-1 uninstall diffstat
Packages to remove: 1
PHASE ITEMS
Removing old actions 23/23
Updating package state database Done
Updating package cache 1/1
Updating image state Done
17. Create a snapshot of the solaris BE. Name the snapshot backup.
root@s11-server1:~# beadm create solaris@backup
18. Display the list of snapshots associated with the solaris BE.
root@s11-server1:~# beadm list -a solaris
BE/Dataset/Snapshot Active Mountpoint Space Policy
Created
ble
------------------- ------ ---------- -----
r
------
e a
nsf
-------
solaris
-tr a static
rpool/ROOT/solaris
2014-07-07 01:05
NR /
n o n
2.88G
s a
rpool/ROOT/solaris/var
2014-07-07 01:05
) a
h eฺ
- /var 323.72M static
rpool/ROOT/solaris/var@2014-07-09-03:52:28
t - e
ฺa u- id 748.5K static
2014-07-09 03:52 e
ฺn -nt G -
e s
at tude
rpool/ROOT/solaris/var@backup 21.0K static
2014-07-09 04:34
i r
m is S
e
rpool/ROOT/solaris/var@install - - 205.91M static
2014-07-07 01:13
a v i@ e th
ฺ q u s
rpool/ROOT/solaris@2014-07-09-03:52:28 - - 16.19M static
id
2014-07-09 03:52
a h to
s h n s e
rpool/ROOT/solaris@backup - - 0 static
(
avi lice
2014-07-09 04:34
rpool/ROOT/solaris@install - - 55.14M static
Create a new boot environment from the solaris@backup snapshot. Name this BE as
Sh solaris-2.
root@s11-server1:~# beadm create -e solaris@backup solaris-2
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Hint: Use all the available resources, such as man pages, student guide, activity guide, and
your instructor, to successfully complete each task.
Note: This practice is optional. Check with your instructor to determine if you have enough
time available to complete this practice. If you begin this practice and run out of time, set
this practice aside and return to it if time permits.
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 4:
Installing ฺ a
et the i d
uOracle Solaris
ฺ n
sOperating t G
n System
a11
t e d e
e mir Chapter
s S tu4
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
-tra
n o n
s a
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html.
The Text installation download is in an ISO image format that can be burned to a CD/DVD or
used directly within Oracle VM Server or other virtualization software.
Note: For training purposes, the Text installer ISO has already been downloaded for you. The
ISO image file can be found in the /opt/ora/iso directory of the VirtualBox host machine.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
av lic
Q After you click Start, a Select start-up disk dialog box might appear for you to select
i d Note:
ah a virtual optical disk. You may click Cancel to proceed.
Sh 2. During the OS installation process, use the following configuration data to complete the
Text installation.
Note: The Text installer program may direct you to press F2 or ESC+2 to move to the next
step in the installation process. If pressing F2 does not work, try pressing ESC+2 keys.
• Keyboard layout: Use your local keyboard layout
• Language: Use your local language
• Installation menu: Install Oracle Solaris
• Discovery Selection: Local Disks
• Disk Selection: Default option
• GPT Partitions: Use the entire disk
• Computer Name: solaris-text
• Network configuration: Manually
− Network Interface: net0
− IP Address: 192.168.0.141
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html.
The Live Media installation download is in an ISO image format that can be burned to a
CD/DVD or used directly within Oracle VM Server or other virtualization software.
Note: For training purposes, the Live Media installer ISO has already been downloaded for
you. The ISO image file can be found in the /opt/ora/iso directory of the VirtualBox
host machine.
Note: After you click Start, a Select start-up disk dialog box might appear for you to select
a virtual optical disk. You may click Cancel to proceed.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a
h eฺ s
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
3. During the Live Media desktop
a i
v onsyour t you are asked to select the keyboard layout
initialization,
e
and language. Set these
i d ฺ q based u local environment.
h t o
s
username(andhapassword
Note: When booting
n s eas jack
the Live Media image, the solaris console login, by default, accepts the
and displays the Live Media desktop. This is useful when
you a
are
e Media as a troubleshooting
viusing thelicLive tool. If you do log in with the username
Q
id and password as jack, the default root password is solaris.
a h
Sh
ble
e r a
a nsf
o n -tr
a n
a
h eฺ s
e )
n e tฺa Guid
t e sฺ ent
5. During the OS installation process, use rthe
Media installation: m S t udconfiguration data to complete the Live
i a following
Note: Press Back or Next v @e e through
toinavigate t his the screens.
• Disk Discovery:
i d qa Disksus
ฺLocal
a h e o
toption
•
i ( sh eUse
Disk Selection: s
Default
n
•
a v
Disk li
Partition: c the whole disk
i Q
d • Time Zone, Date and Time: Click the city closest to your install location
h
a • User account:
Sh − Your real name: oracle
− Log-in name: oracle
− User password: oracle1
• Computer name: solaris-live
• Support registration: Default options
• Support: Network Configuration: Default (no proxy)
6. After the Live Media installation has completed, press Reboot.
7. After the system has successfully rebooted, log in to the system with the username oracle
and password oracle1. Verify that the configuration setup mentioned in step 5 is
operational.
8. Shut down (power off) the LiveCD-Install virtual machine.
i ( sha ense
root@s11-server1:~#
TaskQ
v ic
1:aVerifying lthe System AI Requirements
a h id the following steps to verify the system requirements for the AI OS installation:
Perform
Sh 1. Determine the build number of the installed operating system.
root@s11-server1:~# cat /etc/release
Oracle Solaris 11.2 X86
Copyright (c) 1983, 2014, Oracle and/or its affiliates. All rights reserved.
Assembled 23 June 2014
2. Verify that the networking service is online and the operating system is configured with a
static IP address.
root@s11-server1:~# svcs network/physical:default
STATE STIME FMRI
online 5:37:12 svc:/network/physical:default
Name: s11-server1.mydomain.com
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Address: 192.168.0.112
) h as ฺ
ฺae uide
root@s11-server1:~# svcs | grep dns
online
e t
5:37:22 svc:/network/dns/client:default
online
s ฺn nt G
5:37:48 svc:/network/dns/server:default
e
online
r at tude
2:05:45 svc:/network/dns/multicast:default
i
2. em his S
Create a directory for your AI server.
@
a
root@s11-server1:~# mkdir
q vi –pse/export/ai/basic_ai
t
3. Update the netmasks
h i dฺ file. to u
i ( sha ensevi /etc/netmasks
root@s11-server1:~#
v ic 255.255.255.0
Qa192.168.0.0l
...
d
h ahi
S root@s11-server1:~# getent netmasks 192.168.0.0
192.168.0.0 255.255.255.0
Note: DHCP requires that the network mask for the local subnet be configured in the
/etc/netmasks file.
4. Set the DHCP server to be managed by AI server with the following values:
• DHCP base IP address: 192.168.0.121
• DHCP IP address range: 20
root@s11-server1:~# installadm set-server –i 192.168.0.121 –c 20 –m
Creating DHCP server configuration file
Adding DHCP IP range: 192.168.0.121 [20]
Unable to determine a route for network 192.168.0.0. Setting the route
temporarily to 0.0.0.0; this should be changed to an appropriate value in the
DHCP configuration file. Please see dhcpd(8) for further information.
Warning: AI server will now manage DHCP
Changed Server
Enabling SMF service svc:/network/dhcp/server:ipv4
following information:
• Service name: basic_ai
• AI ISO image location: /opt/ora/iso/sol-11_2-ai-x86.iso
• Target directory: /export/ai/basic_ai
root@s11-server1:~# installadm create-service -n basic_ai \
-s /opt/ora/iso/sol-11_2-ai-x86.iso -d /export/ai/basic_ai
0% : Creating service from: /opt/ora/iso/sol-11_2-ai-x86.iso
ble
33% : Transferring contents
e r a
nsf
33% : Creating i386 service: basic_ai
33% : Image path: /export/ai/basic_ai
-tr a
33% : Setting "solaris" publisher URL in default manifest to:
n o n
33% : http://s11-server1.mydomain.com/
s a
) a
33% : SMF Service ‘svc:/system/install/server:default’ will be enabled
h eฺ
e
33% : SMF Service ‘svc:/network/tftp/udp6:default’ will be enabled
tฺa Guid
33% : Creating default-i386 alias
n e
t e sฺ ent
33% : Setting "solaris" publisher URL in default manifest to:
33% :
ira Stud
http://s11-server1.mydomain.com/
m
e his
33% : Setting the default PXE bootfile(s) in the local DHCP configuration to:
@
33% : i
v se t
bios clients (arch 00:00): default-i386/boot/grub/pxegrub2
a
33% : q
dฺ to u
uefi clients (arch 00:07): default-i386/boot/grub/grub2netx64.efi
i
33% :
h
( sha ense
33% : SMF Service ‘svc:/system/install/server:default’ will be enabled
i
Q av lic
33% : SMF Service ‘svc:/network/tftp/udp6:default’ will be enabled
Note: You can remove an AI service and associated clients by using the installadm
delete-service -r svcname command.
6. Use the installadm list command to verify that your AI service is installed.
root@s11-server1:~# installadm list
Service Name Status Arch Type Secure Alias Aliases Clients Profiles Manifests
------------ ------ ---- ---- ------ ----- ------- ------- -------- ---------
basic_ai on i386 iso no no 1 0 0 1
default-i386 on i386 iso no yes 0 0 0 1
11. Modify the /var/tmp/manifests/basic_ai.xml file XML tag elements by using the
following:
• Change
<ai_instance name="default">
to
<ai_instance name="basic_ai" auto_reboot="true" >
• Change
<origin name="http://pkg.oracle.com/solaris/release"/>
<name>pkg:/group/system/solaris-small-server</name>
12. Use the diff command to view the differences between the basic_ai.xml file and the
default.xml file.
root@s11-server1:~# diff /var/tmp/manifests/basic_ai.xml \
/export/ai/basic_ai/auto_install/manifest/default.xml
9c9
< <ai_instance name="basic_ai" auto_reboot="true">
---
ble
> <ai_instance name="default">
e r a
nsf
72c72
< <origin name="http://s11-server1.mydomain.com"/>
-tra
---
n o n
>
a
<origin name="http://pkg.oracle.com/solaris/release"/>
s
90c90
) a
h eฺ
< e
tฺa Guid
<name>pkg:/group/system/solaris-small-server</name>
---
n e
>
e sฺ ent
<name>pkg:/group/system/solaris-large-server</name>
t
ira Snamed
13. Create a MAC address–based criteria manifest
m t ud criteria_basic_ai.xml in the
/var/tmp/manifests directory.eUse theis
Client1 and S11-Client2 in v i
the @
same e t h MACorder
sequential
addresses of the network clients S11-
to avoid any error.
q a s
i dฺ vito/var/tmp/manifests/criteria_basic_ai.xml
root@s11-server1:~#
h
u
i ( sha ename="mac">
n se
<ai_criteria_manifest>
av <range>lic
<ai_criteria
id Q
a h 08:00:27:85:C7:D1
Sh 08:00:27:85:C7:D3
</range>
</ai_criteria>
</ai_criteria_manifest>
Note: If the AI client does not match the criteria for a service (in this case, a specific MAC
address), the AI service will use the default manifest when installing the OS.
14. Add the manifest_demo manifest and criteria manifest to the basic_ai service.
root@s11-server1:~# installadm create-manifest -n basic_ai \
-f /var/tmp/manifests/basic_ai.xml \
-C /var/tmp/manifests/criteria_basic_ai.xml
Created Manifest: 'basic_ai'
When a custom AI manifest (basic_ai.xml in this example) is defined for this install
service and the client matches the criteria that have been specified (in the
criteria_basic_ai.xml file) for the custom AI manifest, the client will use that
manifest. In a case where the client characteristics match multiple AI manifests, the client
characteristics are evaluated in the order of mac, ipv4, platform, arch, cpu, and mem.
t e sฺ ent
After you click the Start button, a Select start-up disk dialog box might appear for you to
select a virtual optical disk. You may click the Cancel button to proceed.
m ira Stud
Note: If the S11-Client1 virtual machine fails to boot with a “No bootable medium found”
@ e his
a i
error, change the virtual machine adapter. To change the adapter type, open the Oracle VM
v se t
VirtualBox Manager, select the S11-Client1 virtual machine, and click Settings. In the
i q
dฺ to u
Settings dialog box, select Network and click Advanced under Adapter 1. Select another
h
i ( sha ense
from the Adapter Type menu. Restart the S11-Client1 virtual machine.
av lic
3. When the S11-Client1 system starts the GNU GRUB menu, select the Oracle Solaris
Q
11.2 Text Installer and command line boot option.
i d
ah
Sh
Text installation.
Note: The Text installer program directs you to press F2 or ESC+2 to move to the next step
in the installation process. If pressing ESC + 2 does not work, try pressing F2.
• Installation menu: Install Oracle Solaris
• Discovery Selection: Local Disks
• Disks: Default option
• GPT Partitions: Use the entire disk
ble
• Computer name: s11-client1 e r a
• Network configuration: Automatically a nsf
• Time zone: Use your local region o n -tr
• Language: Use your local language a n
a s
h eฺ
• )
Date and time: Set to current date and time
•
e
tฺa Guid
Keyboard: Use your local keyboard
n e
• Root password: oracle1
t e sฺ ent
• User account:
m ira Stud
− Your real name: oracle @ e his
a i
v se t
− Username: oracle
i q
dฺ to u
h
sha ehas
− Password: e
oracle1
(
5. After thei installation n scompleted, reboot (by pressing F8) the S11-Client1 virtual
a v
machine. l ic
i d Q
h ah7. VerifyS11-Client1
6. After completes the initial boot, log in as the oracle user and su to root.
S that the S11-Client1 virtual machine network configuration is set up correctly.
root@s11-client1:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 dhcp ok 192.168.0.121/24
net1/v4 dhcp ok 192.168.0.122/24
net2/v4 dhcp ok 192.168.56.105/24
lo0/v6 static ok ::1/128
net2/v6 addrconf ok fe80::a00:27ff:fe87:a490/10
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
Note:
a i
v se t
• When you choose
i q
dฺOS installation.
this u the interactive system configuration is not available
boot option,
a
to you duringh this e t o IPS is used during the OS installation.
h
(s installation s
n will take a while to complete.
• Thei OS
v l i c e
•Qa The message traffic indicates that the IPS server is providing the installation packages.
i d
h ah 13. Note the disk activity icon in the IPS server (S11-Server1) virtual machine window.
S
− Username: oracle
− Password: oracle1
• Support registration: Default options
• Support: Network Configuration: Default (no proxy)
16. After S11-Client2 completes the initial boot, log in as the oracle user and use su to root.
17. Verify that the S11-Client2 virtual machine network configuration is set up correctly.
root@s11-client2:~# ipadm show-addr
ble
e r a
nsf
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
-tra
net0/v4
net1/v4
dhcp
dhcp
ok
ok
192.168.0.124/24
192.168.0.123/24 n o n
s a
lo0/v6
net0/v6
static
) a
ok
h eฺ
addrconf ok
::1/128
fe80::a00:27ff:fe85:c7d3/10
net1/v6 e
tฺa Guid
addrconf ok fe80::a00:27ff:fe85:c7d4/10
n e
t e sฺ ent
ira Stud
root@s11-client2:~# ping 192.168.0.112
192.168.0.112 is alive
m
e virtual is machine.
i @
18. Shut down (power off) the S11-Client2 t h
ฺ q av use
a h id to
sh ens e
i (
Q av lic
a h id
Sh
a v i
lo0/v4
net0/v4 l i c e static
dhcp
ok
ok
127.0.0.1/8
192.168.0.121/24
n e
sฺ ent
net0/v4 dhcp disabled ?
net1/v4
t e dhcp disabled ?
6. Determine if the default user account m oracle ud
ira stillSexists.
t
root@unknown:~# logins @
e his
a i
v se t
| grep oracle
root@unknown:~#
i q
dฺ a pristine usystem. The next time the system is booted, the System
At this point, youhhave
a will be t o
Configuration
( shTool e n serun. System Configuration Tool helps you establish a new system
v i
configuration.
a lic
Q
7. d Reboot the system.
h a i
h root@unknown:~# init 6
S ...
...
8. When the System Configuration Tool is available, use the following properties to configure
the system:
Note: The System Configuration Tool may direct you to press F2 or ESC + 2 to move to the
next step in the installation process. If pressing F2 does not work, try pressing ESC + 2.
• Host name: s11-client1
• Network configuration: Manually
− Network Interface: net0 (e1000g0)
− IP Address: 192.168.0.142
− Configure DNS: Yes
− DNS Server IP address: 192.168.0.112
− Search domain: mydomain.com
− Alternate Name Service: None
v i ( c e n static ok 127.0.0.1/8
h i d net0/v6
lo0/v6 static ok ::1/128
h a addrconf ok fe80::a00:27ff:fe85:c7d1/10
S
Task 2: Configure the Oracle Solaris 11 Image Using a System Configuration
Profile
The sysconfig utility can be used to generate a system configuration (SC) profile using the
create-profile subcommand. The resulting XML profile can later be used with the
sysconfig configure command to configure systems non-interactively. Valid SC profile
names must include a .xml extension.
Perform the following steps to configure the Oracle Solaris 11 image using an SC profile:
1. On the S11-Client1 virtual machine, create an SC profile.
root@s11-client1:~# sysconfig create-profile -o /var/tmp/iloves11_profile
Use the following system configuration attributes while creating the SC profile:
• Host name: iloves11
• Network configuration: Manually
− Network Interface: net0 (e1000g0)
− IP Address: 192.168.0.143
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ SCtoprofile.
u
h
sha ensecd /var/tmp
2. Explore the newly created
i (
lic
root@s11-client1:~#
Q av
a h id root@s11-client1:/var/tmp# more iloves11_profile/sc_profile.xml
Sh <?xml version='1.0' encoding='US-ASCII'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!-- Auto-generated by sysconfig -->
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/identity">
<instance enabled="true" name="node">
<property_group type="application" name="config">
<propval type="astring" name="nodename" value="iloves11"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="network/install">
<instance enabled="true" name="default">
root@s11-client1:/var/tmp#
bl e
Task 3: Set the Host Name, Time Zone, and Naming Service
fe r a
The primary repository for all naming services configuration is the SMF repository. You cann suse
n - tra
the SMF utilities such as svccfg, svcprop, and svcadm to set and modify any configuration
parameter for the host name and a naming service.
n o
Perform the following steps to reconfigure the host name, time zone, and a
s naming service:
h a
1. On the S11-Client1 virtual machine, change the host name )to client6. ฺ
ฺ a e i d e
ฺ n et t Gusetprop
root@iloves11:~# svccfg -s svc:/system/identity:node
config/nodename=client6
t e s e n
a
iridentity:node d
root@iloves11:~# svcadm refresh svc:/system/identity:node
tu
root@iloves11:~# svcadm restart
e m s S
...
Hostname: client6 av
i@ e thi
i q
dฺiloves11
t o us rpcbind terminating on signal.
h
Jul 10 23:51:10 rpcbind:
...
i ( sha ense
avPress Enter
Note:
Q licif the prompt does not return.
a h id root@iloves11:~# exit
Sh logout
oracle@iloves11:~$ exit
logout
root@client6:~# date
Fri Jul 11 01:53:51 CDT 2014
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
i ( e n
lic
Server:
v
aAddress:
i d Q 192.168.0.112#53
ah
Sh Name: s11-server1.mydomain.com
Address: 192.168.0.112
root@client6:~#
4. Power off the S11-Client1 virtual machine.
fe r a
Service Name Status Arch Type Secure
s
Alias Aliases Clients Profiles Manifests
n
tr2a
------------ ------ ---- ---- ------
----- ------- ------- -------- ---------
basic_ai on i386 iso no no 1 2 0
n -
0 no
default-i386 on i386 iso no yes 0 0
a 1
) h as ฺ
ฺae uide
root@s11-server1:~# installadm set-service –D –n basic_ai
Changed Server Status Service: 'basic_ai'
e t
s ฺn nt G
Refreshing SMF service svc:/system/install/server:default
e
i r at tude
em his Alias
root@s11-server1:~# installadm
@
list S Aliases Clients Profiles Manifests
vi ----
Service Name Status Arch
------------ ------a----
q s e t
Type Secure
sh ens
default-i386 on ei386 iso no yes 0 0 0 1
i (
2.
Qa
Remove lic AI service and show the results.
v the basic_ai
d
ahi
root@s11-server1:~# installadm delete-service -r basic_ai
t
33% :
e sฺ ent
uefi clients (arch 00:07): default-i386/boot/grub/grub2netx64.efi
m ira Stud
33% :
@ e his
100% : Created Service: 'custom_ai'
a i
v se t 100% : Refreshing SMF service svc:/system/install/server:default
i q
dฺ to u 100% : Restarting SMF service svc:/network/dhcp/server:ipv4
h
sha ense
100% : Service 'custom_ai' has been added to the mDNS registry
5. Use
Q lic list command to verify that your AI service is installed.
athev installadm
a h id root@s11-server1:~# installadm list
Sh Service Name Status Arch Type Secure Alias Aliases Clients Profiles Manifests
------------ ------ ---- ---- ------ ----- ------- ------- -------- ---------
custom_ai on i386 iso no no 1 0 0 1
default-i386 on i386 iso no yes 0 0 0 1
6. Use the installadm create-client command to add the MAC address of S11-Client3
VM to the custom_ai service.
root@s11-server1:~# installadm create-client -e 08:00:27:85:C7:D5 -n custom_ai
Adding host entry for 08:00:27:85:C7:D5 to local DHCP configuration.
Created Client: '08:00:27:85:C7:D5'
Restarting SMF service svc:/network/dhcp/server:ipv4
7. Use the installadm list –c command to verify that the client was added to AI server
custom_ai.
root@s11-server1:~# installadm list -c
Service Name Client Address Arch Secure Custom Args Custom Grub
------------ -------------- ---- ------ ----------- -----------
custom_ai 08:00:27:85:C7:D5 i386 no no no
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i ฺ
dtheq u
a
14. View the contentshof t o
S11-Client3
e profile.
h s
(s icen more /var/tmp/manifests/client3_profile/sc_profile.xml
v i
root@s11-server1:~#
l
a<?xml version='1.0'
i d Q encoding='UTF-8'?>
</service>
<service version="1" type="service" name="network/physical">
<instance enabled="true" name="default">
<property_group type="application" name="netcfg">
<propval type="astring" name="active_ncp" value="DefaultFixed"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/name-service/switch">
ble
<property_group type="application" name="config">
e r a
<propval type="astring" name="default" value="files"/>
a nsf
<propval type="astring" name="host" value="files dns"/>
o n -tr
</property_group>
a n
<instance enabled="true" name="default"/>
a s
h eฺ
</service>
e )
n e tฺa Guid
<service version="1" type="service" name="network/dns/client">
sฺ ent
<property_group type="application" name="config">
t e
<property type="net_address" name="nameserver">
m
<net_address_list> ira Stud
@ e his
<value_node value="192.168.0.112"/>
a i
v se t
</net_address_list>
i q
dฺ to u
</property>
h
sha ense
<property type="astring" name="search">
i (
lic
<astring_list>
Q av <value_node value="mydomain.com"/>
i d
ah
</astring_list>
Sh </property>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/keymap">
<instance enabled="true" name="default">
<property_group type="application" name="keymap">
<propval type="astring" name="layout" value="US-English"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/environment">
<instance enabled="true" name="init">
<property_group type="application" name="environment">
<propval type="astring" name="LANG" value="en_US.UTF-8"/>
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
) a
h eฺ
<propval type="astring" name="roles" value="root"/>
e
tฺa Guid
<propval type="astring" name="shell" value="/usr/bin/bash"/>
n e
sฺ ent
<propval type="astring" name="login" value="oracle"/>
t e
<propval type="astring" name="password"
ira Stud
value="$5$8Opso2ip$dLraJuYovRCoST
m
e his
w43169/Pguv.GmxqdUfuSMcCpAfi9"/>
@
a i
v se t
<propval type="astring" name="type" value="normal"/>
q
dฺ to u
<propval type="astring" name="sudoers" value="ALL=(ALL) ALL"/>
i
h
sha ense
<propval type="count" name="gid" value="10"/>
Q av lic
<propval type="astring" name="profiles" value="System Administrator"/>
i d </property_group>
ah
Sh
</instance>
</service>
<service version="1" type="service" name="system/fm/asr-notify">
<instance enabled="true" name="default">
<property_group type="application" name="autoreg">
<propval type="astring" name="user" value="anonymous@oracle.com"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/ocm">
<instance enabled="true" name="default">
<property_group type="application" name="reg">
<propval type="astring" name="user" value="anonymous@oracle.com"/>
</property_group>
</instance>
</service>
</service_bundle>
t e sฺ ent
2. In the VirtualBox Manager, start the S11-Client3 VM. If the AI server is configured correctly,
you should see the OS installation begin in the VM.
m ira Stud
After you click Start, a Select start-up disk dialog box might appear for you to select a
@ e his
a i
virtual optical disk. You may click Cancel to proceed.
v se t
Note: Perform the next step as soon as possible.
i q
dฺ to u
h
3. When the S11-Client3 system starts the GNU GRUB menu, select the Oracle Solaris
i ( sha ense
11.2 Automated Install boot option.
av
Note:
Q lic
i d • When you choose this boot option, the interactive system configuration is not available
ah
Sh •
to you during this OS installation. IPS is used during the OS installation.
The message traffic indicates that the IPS server is providing the installation package.
When the AI installation completes, you should see messages similar to these.
• The installation takes some time to complete.
4. After the OS installation is complete, reboot from the hard disk and log in as oracle.
Check the system configuration to verify that the OS is configured according to the profile.
5. Shut down and power off the S11-Client3 virtual machine.
Archives. Once an archive is created, you can store the archive as a file until it is needed.
Deployment scenarios include system recovery and system migration, as well as system
cloning.
Note:
• For this training, a Solaris Unified Archive is already been created for you. The
archive file can be found in the /opt/ora/labs directory of the S11-Server1 virtual
machine.
• Ensure that you successfully complete Practice 4-5: Customizing the Automated e
Installation before proceeding with the current practice.
r a bl
e
Task 1: Creating an Oracle Solaris Unified Archive File
t ra nsf
n -
server’s web directory for universal access: a no to the AI
In this task, you create a recovery archive of a source host and copy the archive
h
1. Create a recovery archive of a source host by using the archiveadm
) as ฺcommand:
Note: Do not run this command in the lab. For thisttraining
e u ide the step of creating
ฺae purpose,
s ฺn nfor
the archive on a test system has already been performed t Gyou.
e
Initializing Unified Archivem irat -rS
root@test-system:# archiveadm create
ude
/opt/ora/labs/ra-allzones.uar
t
@ e /opt/ora/labs/ra-allzones.uar
creation
h is
resources...
i
Unified Archive initialized:
av use t
ฺ q
Logging to: /system/volatile/archive_log.12516
Deployable Systems
'global'
OS Version: 0.5.11
OS Branch: 0.175.2.0.0.37.0
Active BE: be-wireshark
Brand: solaris
Zones: zone11,zone12
Size Needed: 13.3GB
Unique ID: b7c504b3-7a7a-679c-a113-cc377cec2d59
ble
e r a
nsf
AI Media: 0.175.2_ai_i386.iso
Root-only: Yes
-tr a
n o n
In the preceding output, observe that the ra-allzones.uar archive contains a global
a
zone and two nonglobal zones. a s
h eฺ
3. e )
Copy the ra-allzones.uar recovery archive file to the AI server, such that it could be
e tฺa Guid
accessed from the target host during automated installation process:
n
t e sฺ ent
root@s11-server1:# mkdir -p /var/ai/image-server/images/archives
m ira Stud
@ e install/server:default
root@s11-server1:# svccfg -s
h is = archives \
i
av use t
setprop all_services/webserver_files_dir
ฺ q
id svcadm
a h
root@s11-server1:#
e to refresh install/server:default
i ( sh ens
v lic
aroot@s11-server1:# cp /opt/ora/labs/ra-allzones.uar \
ah4. id Q /var/ai/image-server/images/archives/
Verify the access to the recovery archive from a browser on the S11-Desktop VM by using
Sh the following URL:
http://192.168.0.112:5555/archives/
3. Use the installadm list –c command to verify that the client was added to AI server
custom_ai.
root@s11-server1:~# installadm list -c
Service Name Client Address Arch Secure Custom Args Custom Grub
------------ -------------- ---- ------ ----------- -----------
custom_ai 08:00:27:85:C7:D5 i386 no no no
08:00:27:85:C7:D7 i386 no no no
a
/var/tmp/manifests/archive_ai.xml
s
5. a
Modify the /var/tmp/manifests/archive_ai.xml file XML tag elements such that it
) h eฺ
e
reflects the following details:
tฺa Guid
n e
• AI instance name (ai_instance name): custom_ai
t e sฺ ent
m
allzones.uar, where 192.168.0.112 t udIP address of the AI server.
• Archive File URI (file uri): http://192.168.0.112:5554/archives/ra-
ira isSthe
@ e his
a v i e t
6. View the contents of the /var/tmp/manifests/archive_ai.xml manifest file:
i
<?xml version="1.0"
t o us
dฺq encoding="UTF-8"?>
h
sha ense
<!--
ira Stud
<file uri="http://someserver/dir/myarchive.uar"/>
<credentials> e
m
<file uri="https://someserver/dir/myarchive.uar">
is
<key a
i
v se@ t h
i d ฺ q src="http://someserver/creds/mykey.pem"/>
u
h <cert
t o
src="http://someserver/creds/mycert.pem"/>
i ( sha </credentials>
e n se src="http://someserver/creds/myca_cert.pem"/>
<ca_cert
Q av lic
</file>
i d
ah
Sh The default setting supports archive deployment via recovery media.
Bootable recovery media is pre-configured to include the archive
at file:///.cdrom/archive.uar and to install the archived system
from that archive.
-->
<!--
<file uri="file:///.cdrom/archive.uar"/>
-->
<file uri="http://192.168.0.112:5555/archives/ra-allzones.uar"/>
</source>
<software_data action="install">
<!--
Specify the name of the system from within the archive by its
zonename. The '*' is used as shorthand for "all systems" with
recovery archives as well as single-system clone archives.
-->
<name>*</name>
</software_data>
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
7. Use the diff command to view the differences between the archive_ai.xml file and
the default_archive.xml file.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
q
idฺ toprofile
u
h h
11. Add the systemaconfiguration
e manifest to custom_ai service and show the results.
( s n s
a i ice installadm create-profile –n custom_ai
-fv /var/tmp/manifests/client4_profile/sc_profile.xml
root@s11-server1:~#
l
\
Q
id Created Profile: 'client4_profile'
–p client4_profile -C /var/tmp/manifests/criteria_archive_ai.xml
\
a h
Sh
root@s11-server1:~# installadm list -p -n custom_ai
Service Name Profile Name Criteria
------------ ------------ --------
custom_ai client3_profile mac = 08:00:27:85:C7:D5
client4_profile mac = 08:00:27:85:C7:D7
12. Validate the system configuration profile.
root@s11-server1:~# installadm validate -n custom_ai -p client4_profile
Validating static profile client4_profile...
Passed
root@s11-server1:~#
Note: If you are working inside an Oracle VM VirtualBox environment, after the system
reboots completely, you will need to uninstall and then reinstall the Oracle Solaris Guest
Additions software to get rid of all the warning and error messages that are shown in the
s11-client4 console.
5. Log in as oracle user and switch to the root role. The password for both is oracle1.
6. Check the system configuration to verify that the various OS configurations, such as
hostname, IP addresses of the host and zones are same as the source system that you
used to create the recovery archive.
7. Shut down and power off the S11-Client4 virtual machine.
Hint: Use all the available resources, such as man pages, student guide, activity guide, and
your instructor, to successfully complete each task.
Note: This practice is optional. Check with your instructor to determine if you have enough
time available to complete this practice. If you begin this practice and run out of time, set
this practice aside and return to it if time permits.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 5:
Oracle ฺ a
etSolaris i d
u11 Network
s ฺ n n t G
aAdministration
t e d e
e mir Enhancements
i s S tu
v i @ e thChapter
ฺ q a us 5
a h id to
sh ens e
i (
Q av lic
i d
ah
Sh
of your currently active network connection from the desktop. Reactive or automatic network
configuration also simplifies some of the more complex networking tasks, such as the creation
and management of system-wide network profiles, for example, the configuration of naming
services, IP Filter, and IP Security (IPsec), all of which are features of Oracle Solaris. The key
components of reactive network are the Network Profiles, which allow you to specify various
network configurations to be created depending on the current network conditions.
In this practice, you perform the following tasks:
• Assess the current reactive network configuration.
ble
• Create and deploy a profile. e r a
tra nsf
-
Task 1: Assess the Current Reactive Network Configuration Profile
n
Note: For Reactive Network to configure the host’s network interface automatically,
a no DHCP
h a s 11 OS by Using the
service must be available. In the practice titled “Installing the Oracle Solaris
Automated Installer” (Practice 4-3), you configured DHCP by using
e ) the ฺ
installadm
e utility.
Perform the following steps to configure a Reactive Network
e tฺaprofile: u id
1. Verify that the S11-Server1 is running. If the VM n n G
sฺis noterunning,
t start it at this time.
t e
2. Start the S11-Desktop VM and log in with
m irathe user
S t uIDdoracle and password oracle1.
3. Minimize the S11-Server1 VM andeperformis the remaining steps in S11-Desktop VM.
i @ t h
ฺ q av use
a h id to
sh ens e
i (
Q av lic
a h id
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
ha nNetwork
5. Click OK tosclose the
( e se Preferences window.
i c and su to root.
ava terminalliwindow
6 OpenQ
7.id Display the current network configuration for this system.
h
a
Sh root@s11-desktop:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok 192.168.0.111/24
lo0/v6 static ok ::1/128
15. Use the netcfg export command to create backups of the start_state and aces
profiles.
root@s11-desktop:~# netcfg export -f start_state_ncp_backup ncp start_state
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
root@s11-desktop:~# ls *backup
aces_loc_backup start_state_ncp_backup
16. Use the netcfg utility to select the start_state profile and list its NCUs.
root@s11-desktop:~# netcfg
netcfg> select ncp start_state
netcfg:ncp:start_state> list ble
e r a
nsf
ncp:start_state
management-type reactive
-tra
NCUs:
n o n
phys net0
s a
ip net0
) a
h eฺ
17. Select the phys NCU and display its properties. e
tฺa Guid
netcfg:ncp:start_state:ncu:net0> list sฺ
netcfg:ncp:start_state> select ncu phys net0
n e t
t e e n
ncu:net0
m ira Stud
type
@ e his
link
class
a i phys
t
v "start_state"
e
parent
q
dฺ to utrue s
h i
activation-mode manual
sha ense
enabled
i (
netcfg:ncp:start_state:ncu:net0>
c
end
avthe ip NCU
18. Select
Q li and display its properties.
a h id netcfg:ncp:start_state> select ncu ip net0
Sh netcfg:ncp:start_state:ncu:net0> list
ncu:net0
type interface
class ip
parent "start_state"
enabled true
ip-version ipv4
ipv4-addrsrc static
ipv4-addr "192.168.0.111/24"
netcfg:ncp:start_state:ncu:net0> end
netcfg:ncp:start_state> end
netcfg>
nameservices dns
nameservices-config-file "/etc/nsswitch.dns"
dns-nameservice-configsrc manual
dns-nameservice-domain "mydomain.com"
dns-nameservice-servers "192.168.0.112"
netcfg:loc:aces> end
netcfg> exit
root@s11-desktop:~#
ble
e r a
nsf
Task 2: Create and Deploy a Network Profile
Perform the following steps to configure a network profile:
-tra
1. Create an NCP named oracle_profile.
n o n
s a
root@s11-desktop:~# netcfg
) a
h eฺ
netcfg> create ncp oracle_profile
avi use t
mac-address> <Press Return>
autopush> <Pressฺq
mtu> <Press h
a id Return>
to
sh ens
Return>
e
v i (
netcfg:ncp:oracle_profile:ncu:net1>
c
list
Q ancu:net1 li
h i d type link
h a class phys
S parent "oracle_profile"
activation-mode manual
enabled true
netcfg:ncp:oracle_profile:ncu:net1> end
Committed changes
netcfg:ncp:oracle_profile> list
ncp:oracle_profile
management-type reactive
NCUs:
phys net1
i ( sha ense
ipv4-addrsrc static
Q av lic
ipv4-addr "192.168.0.111"
i d netcfg:ncp:oracle_profile> end
ah netcfg>
Sh 4. Create a location (loc) NCP named classroom.
netcfg> create loc classroom
Created loc 'classroom'. Walking properties ...
activation-mode (manual) [manual|conditional-any|conditional-all]>
conditional-all
conditions> "system-domain is mydomain.com"
nameservices (dns) [dns|files|nis|ldap]> dns
nameservices-config-file ("/etc/nsswitch.dns")> <Press Return>
dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual
dns-nameservice-domain> "mydomain.com"
dns-nameservice-servers> "192.168.0.112"
dns-nameservice-search> <Press Return>
dns-nameservice-sortlist> <Press Return>
dns-nameservice-options> <Press Return>
nfsv4-domain> <Press Return>
ipfilter-config-file> <Press Return>
ipfilter-v6-config-file> <Press Return>
loc:classroom
activation-mode conditional-all
conditions "system-domain is mydomain.com"
enabled false
nameservices dns
nameservices-config-file "/etc/nsswitch.dns"
dns-nameservice-configsrc manual
dns-nameservice-domain "mydomain.com"
dns-nameservice-servers "192.168.0.112"
ble
e r a
nsf
netcfg:loc:classroom> verify
All properties verified
-tra
netcfg:loc:classroom> commit
Committed changes n o n
s a
netcfg:loc:classroom> end
netcfg> exit ) a
h eฺ
e
tฺathat exist iatdthe current scope.
5. Use the netcfg list command to display all profiles
n e G u
root@s11-desktop:~# netcfg list
t e sฺ ent
NCPs:
m ira Stud
Automatic
@ e his
DefaultFixed i
av use t
start_stateฺq
a h id to
oracle_profile
sh ens e
i (
Locations:
Q lic
av Automatic
h i d NoNet
h a User
S DefaultFixed
aces
classroom
6. Use the netcfg export command to create backups of your oracle_profile and
classroom profiles.
root@s11-desktop:~# netcfg export -f oracle_ncp_backup ncp oracle_profile
DefaultFixed
start_state
oracle_profile
Locations:
Automatic
NoNet
User
DefaultFixed
ble
aces
e r a
8. Recover the classroom profile from your backup and show the results.
a nsf
root@s11-desktop:~# netcfg -f classroom_loc_backup
o n -tr
Configuration read.
a n
a s
h eฺ
root@s11-desktop:~# netcfg list
e )
NCPs:
n e tฺa Guid
sฺ ent
Automatic
DefaultFixed
t e
start_state
m ira Stud
oracle_profile
@ e his
Locations:
a i
v se t
i
Automaticq
dฺ to u
h
sha ense
NoNet
i (
lic
User
Q av DefaultFixed
i d
ah
aces
Sh 9.
classroom
10. Reboot the system to verify that oracle_profile and classroom are the default
profiles.
root@s11-desktop:~# init 6
11. After the system reboots, log in as oracle and use su to root.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
ha interface
Note: The(snetwork e n se net1 is now connected to the network.
i lic to verify communication with a remote host.
athev ping command
13. Use
Q
a h id root@s11-desktop:~# ping s11-server1
Sh s11-server1 is alive
14. Shut down (power off) the S11-Desktop VM.
Overview
The ipadm command provides a set of subcommands that you use to manage network
interfaces, IP addresses, and TCP/IP protocol properties. The ipadm utility replaces some of
the ifconfig command functionality for IP interface-related tasks.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Task
Perform the following steps in S11-Server1 VM to explore the capabilities of the ipadm utility:
1. Verify whether S11-Desktop VM is powered off.
2. Verify that S11-Server1 VM is running. If not, start the VM at this time with the user ID
oracle and password oracle1. su to root.
3. In the S11-Server1 system, run the dladm show-phys command to determine the state of
ble
the physical network interfaces currently configured in the system.
e r a
root@s11-server1:~# dladm show-phys
transf
LINK MEDIA STATE SPEED DUPLEX
n -DEVICE
net1 Ethernet
a
unknown 1000
no e1000g1
full
net2 Ethernet
a s
h eฺ
e1000g2 unknown 1000 full
net0 Ethernet
e ) e1000g0 up 1000 full
net3
e t ฺa uid
Ethernet e1000g3 unknown 1000 full
Q av
net3
li phys 1500 unknown --
5.id Run the ipadm show-if command to show network interface configuration information.
a h
Sh root@s11-server1:~# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
net0 ip ok yes --
6. Rename link net1 to training1 and show the results.
root@s11-server1:~# dladm rename-link net1 training1
7. Run the ipadm command to create an IP interface for link training1 and show the
results.
root@s11-server1:~# ipadm create-ip training1
root@s11-server1:~# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
net0 ip ok yes --
training1 ip down no --
ble
8. Run the ipadm command to create the static IPv4 address 192.168.0.150/24 on the
e r a
interface training1 and show the results.
a nsf
root@s11-server1:~# ipadm create-addr -T static –a \
o n -tr
192.168.0.150/24 training1/v4
a n
a s
root@s11-server1:~# ipadm show-addr
ADDR ฺae
) h deฺ
ADDROBJ TYPE STATE
e t u i
lo0/v4 static ok n127.0.0.1/8
n G
sฺ 192.168.0.112/24
t
t e e
ud
a t192.168.0.150/24
net0/v4 static ok
ok ir
training1/v4 static
static e
m S
is ::1/128
lo0/v6
i @ ok
t h
net0/v6
ฺ q av uok
addrconf
s e fe80::a00:27ff:fe9c:83e1/10
h
9. Run the ipadm command
a id totshow o the current and persistent values of the IP address
shinterface
properties for
n s e
v i ( c e
training1.
Q li
aroot@s11-server1:~# ipadm show-addrprop training1/v4
h a r- 192.168.0.255 -- 192.168.0.255 --
S training1/v4 deprecated rw off -- off on,off
training1/v4 prefixlen rw 24 24 24 1-30,32
training1/v4 private rw off -- off on,off
training1/v4 reqhost r- -- -- -- --
training1/v4 transmit rw on -- on on,off
training1/v4 zone rw global -- global --
10. Run the ipadm command to show the interface properties for interface training1.
root@s11-server1:~# ipadm show-ifprop training1
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
training1 arp ipv4 rw on -- on on,off
training1 forwarding ipv4 rw off -- off on,off
training1 metric ipv4 rw 0 -- 0 --
training1 mtu ipv4 rw 1500 -- 1500 68-1500
training1 exchange_routes ipv4 rw on -- on on,off
training1 usesrc ipv4 rw none -- none --
training1 forwarding ipv6 rw off -- off on,off
training1 metric ipv6 rw 0 -- 0 --
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
11. Run the ipadm command to show the TCP protocol properties.
root@s11-server1:~# ipadm show-prop tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
tcp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
tcp ecn rw passive -- passive never,passive,
ble
e r a
nsf
active
tcp
tcp
extra_priv_ports
largest_anon_port
rw
rw
2049,4045
65535
--
--
2049,4045
65535
1-65535
-tr a
32768-65535
tcp max_buf rw 1048576 -- 1048576
n o n 128000-
1073741824
s a
tcp recv_buf
) a
h eฺ rw 128000 -- 128000 2048-1048576
tcp sack
e
tฺa Guid
rw active -- active never,passive,
n e active
tcp
t e sฺ ent
send_buf rw 49152 -- 49152 4096-1048576
ira Stud
tcp smallest_anon_port rw 32768 -- 32768 1024-65535
tcp
m smallest_nonpriv_port rw
e ipv4hforwarding
is
1024 -- 1024 1024-32768
v @
12. Run the ipadm command to ienable
e t and show the results.
root@s11-server1:~#
i d ฺqaipadm
o u s
set-prop -p forwarding=on ipv4
a h e t
( s h
root@s11-server1:~#
n s ipadm show-prop ip
Sh ipv6
ipv6
forwarding
hoplimit
rw
rw
off
255
--
--
off
255
on,off
1-255
ipv6 hostmodel rw weak -- weak strong,
src-priority,
weak
ipv4 hostmodel rw weak -- weak strong,
src-priority,
weak
ip icmp_accept_clear rw on -- on on,off
ip igmp_accept_clear rw on -- on on,off
ip pim_accept_clear rw on -- on on,off
ip persock_require_priv rw on -- on on,off
ipv4 send_redirects rw on -- on on,off
ipv6 send_redirects rw on -- on on,off
ip ndp_unsolicit_count rw 3 -- 3 1-20
ip ndp_unsolicit_interval rw 2000 -- 2000 1000-20000
ip arp_publish_count rw 5 -- 5 1-20
ip arp_publish_interval rw 2000 -- 2000 1000-20000
14. Run the ipadm command to disable the training1 network interface and show the
results.
root@s11-server1:~# ipadm disable-if -t training1
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
n
sฺ ent
16. Delete the training1 network interface and show the G
t e
m ira Stud
root@s11-server1:~# ipadm delete-ip training1
@ e
show-ifhis
i
root@s11-server1:~# ipadm
v seACTIVE
CLASS aSTATE
t OVER
IFNAME
i q
dฺ okto u yes --
lo0
h
loopback
net0
i ( shaip enseok yes --
17. Rename
Q lic
av the training1 data link to net1 and show the results.
resources. The end product of network virtualization is the virtual network. An internal virtual
network consists of one system using Solaris zones that are configured over at least one
pseudo-network interface. These containers can communicate with each other as though on the
same local network, providing a virtual network on a single host. The building blocks of the
virtual network are virtual network interface cards or virtual NICs (VNICs) and virtual switches
(etherstubs). Oracle Solaris network virtualization provides the internal virtual network solution.
In this practice, you explore Oracle Solaris 11 network virtualization. To do this, you perform the
following key tasks:
ble
• Configure two zones on a private virtual network.
e r a
• Configure the virtual network for public access.
a nsf
• Secure the virtual network behind a firewall.
o n -tr
• Control network traffic flow. a n
a s
h eฺ
Note: You will learn more about Oracle Solaris Zones in the lesson 6 titled Administering
e )
Oracle Solaris 11 Zones.
e ฺa uid
tNetwork
Task 1: Configure Two Zones on a Private Virtual
s ฺ n n t G
The following illustration shows the topology of
r e
atthe virtual e that you create in this task:
dnetwork
i t u
@ em his S
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh
3. Create the rpool/zones ZFS file system with the mount point as /zones.
ble
root@s11-server1:~# zfs create -o mountpoint=/zones rpool/zones
e r a
ansf
-tr
root@s11-server1:~# zfs list rpool/zones
NAME USED AVAIL REFER MOUNTPOINT
n o n
rpool/zones 31K 27.1G
a
31K /zones
s
4. a
Run the dladm utility to create an etherstub named stub0 and show the results.
h eฺ
root@s11-server1:~# dladm create-etherstub stub0e)
n e tฺa Guid
t e
root@s11-server1:~# dladm show-etherstub sฺ ent
LINK
m ira Stud
stub0
@ e his
a i
v vnic0,
5. Use the dladm utility to create e t
vnic1, and vnic2 VNICs. Attach these VNICs to
etherstub stub0. idฺ
q u s
h t o
( s ha nsedladm create-vnic -l stub0 vnic0
root@s11-server1:~#
zonepath: /zones/zone1
brand: solaris
autoboot: true
autoshutdown: shutdown
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ble
e r a
nsf
ip-type: exclusive
hostid:
-tra
tenant:
fs-allowed: n o n
s a
net:
address not specified ) a
h eฺ
allowed-address not specified e
tฺa Guid
n e
t e sฺ ent
configure-allowed-address: true
ira Stud
physical: vnic1
m
defrouter not specified
e his
anet:
i @
v se t
q a
linkname: net0
h i dฺ to u
lower-link: auto
i ( sha ense
allowed-address not specified
Q av lic
configure-allowed-address: true
defrouter not specified
i d
ah allowed-dhcp-cids not specified
Sh link-protection: mac-nospoof
mac-address: auto
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
pkey not specified
linkmode not specified
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
zonecfg:zone2> create
create: Using system default template 'SYSdefault'
zonecfg:zone2> set zonepath=/zones/zone2
zonecfg:zone2> set autoboot=true
zonecfg:zone2> set ip-type=exclusive
zonecfg:zone2> add net
zonecfg:zone2:net> set physical=vnic2
zonecfg:zone2:net> end
zonecfg:zone2> verify
ble
zonecfg:zone2> commit
e r a
zonecfg:zone2> exit
a nsf
o n -tr
root@s11-server1:~# zonecfg -z zone2 info | more
a n
zonename: zone2
zonepath: /zones/zone2 a s
h eฺ
e )
tฺa Guid
brand: solaris
autoboot: true
n e
autoshutdown: shutdown
t e sฺ ent
bootargs:
m ira Stud
file-mac-profile:
@ e his
pool:
a i
v se t
limitpriv:
i q
dฺ to u
h
sha ense
scheduling-class:
i (
ip-type: exclusive
Q av
hostid: lic
i d tenant:
ah
Sh
fs-allowed:
net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic2
defrouter not specified
anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: auto
mac-prefix not specified
mac-slot not specified
9. Install zone1.
-tra
root@s11-server1:~# zoneadm -z zone1 install
n o n
The following ZFS file system(s) have been created:
s a
rpool/zones/zone1
) a
h eฺ
e
tฺa Guid
Progress being logged to /var/log/zones/zoneadm.20140713T123933Z.zone1.install
n
Image: Preparing at /zones/zone1/root.e
t e sฺ ent
ira Stud
Install Log: /system/volatile/install.3989/install_log
m
e his
AI Manifest: /tmp/manifest.xml.qbaiXh
@
a i
v se t
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
i ฺ q
dStarting
Zonename: zone1 u
h t o
sha ense
Installation: ...
i (
av Creating
Q ... lic IPS image
i d
ah
Sh
Startup linked: 1/1 done
Installing packages from:
solaris
origin: http://s11-server1.mydomain.com/
DOWNLOAD PKGS FILES XFER (MB)
SPEED
Completed 282/282 53274/53274 351.9/351.9
323k/s
PHASE ITEMS
Installing new actions 71043/71043
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
...
Installation: Succeeded
done.
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
n
11. Log in to zone1 and complete the system configuration.e
root@s11-server1:~# zlogin -C zone1 te
sฺ ent
m ira Stud
e his
[Connected to zone 'zone1' console]
@
…
i
av use t
q
Use this configurationฺparameter:
id zone1to
• Computeraname:h e
• i (
Ethernetshnetwork e n sconfiguration: Manually
a v l i c
•Q Network Interface: vnic1
i d
h ah • IP Address: 192.168.1.170
S • DNS Name Service: Do not configure DNS.
• Alternate Name Service: None
• Time zone: Use your local region.
• Language: Use your local language.
• Territory: Use your local territory.
• Root password: oracle1
• User account:
• Your real name: oracle
• Username: oracle
• Password: oracle1
Note: Wait for a few minutes before the sysconfig utility tool is displayed, and if the tool
is not displayed automatically, press Enter. When the tool is displayed, if the F2 and F3
keys are not working, press ESC+2 to navigate through the screens and ESC + 3 to go
back. If up and down arrow keys on the keyboard do not work, then use the TAB key.
n e tฺa Guid
sฺ ent
Installing packages from:
solaris
t e
ira Stud
origin: http://s11-server1.mydomain.com/
m
DOWNLOAD
@ e his PKGS FILES XFER (MB)
SPEED i
av use t
Completed
i d ฺ q 282/282 53274/53274 351.9/351.9
746k/s
h t o
( s ha nse
v i
aPHASE l i ce ITEMS
done.
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Perform the following steps to configure the virtual network for public access:
1. Use the dladm command to determine the VNICs that are currently configured in the
system.
root@s11-server1:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VIDS
vnic0 stub0 40000 2:8:20:61:47:f6 random 0
vnic1 stub0 40000 2:8:20:81:e5:95 random 0
zone1/vnic1 stub0 40000 2:8:20:81:e5:95 random 0
vnic2 stub0 40000 2:8:20:e9:10:18 random 0
zone2/vnic2 stub0 40000 2:8:20:e9:10:18 random 0
zone1/net0 net0 1000 2:8:20:8b:ba:ee random 0
zone2/net0 net0 1000 2:8:20:2c:24:7 random 0
net0 ip ok yes --
vnic0 ip down no --
3. Run the ipadm command to create the static IPv4 address 192.168.1.148/24 on the
interface vnic0 and show the results.
root@s11-server1:~# ipadm create-addr -T static –a \
192.168.1.148/24 vnic0/v4
( s h
ipv6 forwarding
n s rw off -- off on,off
i
v hoplimit
aipv6 lic e rw 255 -- 255 1-255
h ah src-priority,
S ipv4 hostmodel rw weak -- weak
weak
strong,
src-priority,
weak
ip icmp_accept_clear rw on -- on on,off
ip igmp_accept_clear rw on -- on on,off
ip pim_accept_clear rw on -- on on,off
ip persock_require_priv rw on -- on on,off
ipv4 send_redirects rw on -- on on,off
ipv6 send_redirects rw on -- on on,off
ip ndp_unsolicit_count rw 3 -- 3 1-20
ip ndp_unsolicit_interval rw 2000 -- 2000 1000-20000
ip arp_publish_count rw 5 -- 5 1-20
ip arp_publish_interval rw 2000 -- 2000 1000-20000
a no
) h as ฺ
e t ฺae uide
e s ฺn nt G
i r at tude
@ em his S
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
block out on net0 all
pass out quick on net0 proto icmp from any to any keep state
block in on net0 all
2. Enable IP filtering.
ble
e r a
nsf
root@s11-server1:~# ipf -E
3. Import the IP filter configuration from the IP filter configuration file.
-tra
root@s11-server1:~# ipf -f /etc/ipf/ipf.conf
n o n
4. Verify the IP filter configuration. s a
root@s11-server1:~# ipfstat -io
) a
h eฺ
block out on net0 all e
tฺa Guistate d
n e
sฺ ent
pass out quick on net0 proto icmp from any to any keep
t e
iracommand udto verify that the virtual network is
block in on net0 all
(
6. Log in to zone1 e n se network and verify that the zone can access a remote system.
virtual
v i lic
aroot@s11-server1:~#
d Q zlogin zone1
ahi
...
q a vi command
-a transport=tcp,local_port=80
s e t
in the system. ahi
dฺ to u
3. Use the flowadm show-flow to display the flow controls currently configured
i ( sh enseflowadm show-flow
root@s11-server1:~#
Q
v
aFLOW licLINK PROTO LADDR LPORT RADDR RPORT DSFLD
Now, network interface vnic3 can be used to enforce the HTTP policy.
ble
root@s11-server1:~# zoneadm list –cv
IP e
r a
nsf
ID NAME STATUS PATH BRAND
0 global running /
t
solaris
- r ashared
- zone1 installed /zones/zone1
n on excl
solaris
- zone2 installed a/zones/zone2 solaris excl
@
avi us-ze zone2
root@s11-server1:~# zoneadm
Are you sure youฺq
t uninstall
h i d o
want to uninstall
t
zone zone2 (y/[n])? y
ha logged
Progress being
( s n s e to
i zone1 iceand zone2.
/var/log/zones/zoneadm.20140713T145947Z.zone2.uninstall
a
4. Deletevzones l
i d Q root@s11-server1:~# zonecfg -z zone1 delete
h ah
S Are you sure you want to delete zone zone1 (y/[n])? y
6. Remove the IP interface from data link vnic0 and show the results.
root@s11-server1:~# ipadm delete-ip vnic0
root@s11-server1:~# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
net0 ip ok yes --
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
In this demonstration, you will learn to set up two elastic virtual switches between two compute
nodes. The two compute nodes consists of two zones each and are configured to form two sets
of Layer 2 (L2) segments, such that only zones in a particular segment can communicate with
each other over a Virtual Local Area Network (VLAN).
Following are the tasks performed in this demonstration:
a. Install the mandatory EVS packages
b. Set up the SSH authentication
ble
c. Configure the EVS controller
e r a
d. Configure the EVS across compute nodes
a nsf
e. Configure compute nodes to use the EVS settings
o n -tr
f. Verify the EVS configuration
a n
a
h eฺs
Assumptions )
e
tฺabefore id the
Adobe Flash Player is already installed on the host machine
n e G u
executing
demonstration.
t e sฺ ent
Special note for playing the demo m ra virtual
in ithe t d
umachine:
• To be able to view demoi@ controls in h
S
e theisbrowser, it is recommended to switch to full
screen.
q a v se t
• To switch to h i dฺ mode
full-screen t o uin the browser window, select View > Full Screen.
( s ha nse
Task
a v i l ice
i d Q the following steps to run through the demonstration:
Perform
h ah1. On your host machine, open a terminal window.
S 2. Change to the /opt/ora/demo/Configuring_EVS directory.
# cd /opt/ora/demo/Configuring_EVS
# ls
Configuring_EVS_Demo.htm Configuring_EVS_Demo.swf standard.js
3. Open the Upgrading System Software Using IPS.htm file in a web browser.
# firefox Configuring_EVS_Demo.htm &
4. A browser window with the Flash demo is displayed.
5. Close the web browser after you complete viewing the flash demo.
6. Close the terminal window.
aggregate multiple network interfaces, you create a new network interface on top of the
aggregated physical interfaces combined in the link layer.
Link aggregation requires at least two network interfaces. The network interfaces must be
unplumbed before they can be aggregated. In this practice, you aggregate four network
interfaces on the S11-Server1 system as the persistent network interface.
Note: Link aggregation is not a new technology in Oracle Solaris 11. This practice was added
so that in the “Monitoring the Network” practice (Practice 5-7) you have more robust examples
to work with when using the dlstat command.
ble
e r a
Task
a nsf
Perform the following steps to configure a link aggregation:
o n -tr
1. Delete the IP interface for data link net0.
a n
a s
root@s11-server1:~# ipadm delete-ip net0
h eฺ
2. List the network links currently configured in the system. e)
n e tฺa Guid
sฺ eOVER t
root@s11-server1:~# dladm show-link
LINK CLASS MTU eSTATE
t n
net1 phys
m 1500
S t ud --
ira unknown
phys e 1500 is unknown --
i@ e1500
net2
net0
a v
phys th unknown --
net3
i dฺq phys
t o us 1500 unknown --
a h
3. Create a linkh aggregation
(snet3, e n senamed speedway0 consisting of network interfaces net0, net1,
a i
net2,vand
l ic
and show the results.
speedway0 ip down no --
5. Run the ipadm command to create the static IPv4 address for system S11-Server1 on the
interface speedway0, and show the results.
root@s11-server1:~# ipadm create-addr -T static \
-a 192.168.0.112/24 speedway0/v4
6. Move to the S11-Desktop system and use the ping command to verify n connectivity to the
a
S11-Server1 system.
) h as ฺ
ฺae uide
root@s11-desktop:~# ping s11-server1
s11-server1 is alive
e t
n moving G on to the next practice.
Note: Remove the speedway0 link aggregation
e s ฺbefore n t
i r
root@s11-server:~# dladm delete-aggr t u de
at speedway0
@ em his S
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh
An IPMP configuration typically consists of two or more physical interfaces on the same system
that are attached to the same LAN. These interfaces can belong to an IPMP group in either of
the following configurations:
• Active-active configuration: In this configuration, all underlying interfaces are active.
An active interface is an IP interface that is currently available for use by the IPMP
group. By default, an underlying interface becomes active when you configure the
interface to become part of an IPMP group.
• Active-standby configuration: In this configuration, at least one interface is ble
administratively configured as a reserve. The reserve interface is called the standby e r a
interface. Although idle, the standby IP interface is monitored by the multipathing
a nsf
daemon to track the interface’s availability, depending on how the interface is
o n -tr
configured. If link-failure notification is supported by the interface, link-based failure
a n
a s
detection is used. If the interface is configured with a test address, probe-based failure
h eฺ
detection is also used. If an active interface fails, the standby interface is automatically
e )
IPMP group. n e tฺa Guid
deployed as needed. You can configure as many standby interfaces as you want for an
t e sฺ ent
In this practice, you configure both active-active and active-standby configurations.
m ira Stud
Task 1: Create an Active-Active @ e Configuration
IPMP h is
In this task, you configure an
i t
v seIPMP group consisting of two network interfaces
aactive-active
i d ฺ q u
(net0 and net1).
h t o
sha steps
Perform the following
i ( e n stoeconfigure IPMP:
1. Verify
Q lic VM is running. Log in with the user ID oracle and password
avthat S11-Server1
h i d oracle1 and use su to root.
a Use the ipadm command to display the IP network interfaces currently configured in the
Sh 2. system.
root@s11-server1:~# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
speedway0 ip ok yes --
5. Create IP interfaces for data links link0_ipmp0 and link1_ipmp0. Show the results.
root@s11-server1:~# ipadm create-ip link0_ipmp0
ble
e r a
root@s11-server1:~# ipadm create-ip link1_ipmp0
a nsf
o n -tr
root@s11-server1:~# ipadm show-if
a n
IFNAME CLASS STATE
a
h eฺsACTIVE OVER
lo0 loopback ok
e ) yes --
link0_ipmp0 ip
n e tฺa Guid
down no --
sฺ ent
link1_ipmp0 ip down no --
a vi l ice ipmpstat –g
i d Q GROUP
root@s11-server1:~#
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
ansf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺvirtualtmachine.
u
h o
shamachine
4. Start the S11-Server1 e
(
5. Log in toi virtual e n sS11-Server1 as user oracle and su to root.
a v l i c
6. Use
i d Q the ipmpstat command to display IPMP group information.
h ah root@s11-server1:~# ipmpstat -g
S GROUP
ipmp0
GROUPNAME
ipmp0
STATE FDT
degraded 10.00s
INTERFACES
link0_ipmp0 [link1_ipmp0]
Note: The link1_ipmp0 has been boxed ([link1_ipmp0]) to indicate that it has failed.
7. Use the ipmpstat command to display IP interface information.
root@s11-server1:~# ipmpstat -i
INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE
link1_ipmp0 no ipmp0 ------- up failed failed
link0_ipmp0 yes ipmp0 --mbM-- up ok ok
Note: The link0_ipmp0 is failing probe tests. The values vary from system to system.
ble
9. Move to S11-Desktop virtual machine and ping the IPMP data IP addresses.
e r a
root@s11-desktop:~# ping 192.168.0.112
a nsf
192.168.0.112 is alive
o n -tr
a n
a
h eฺ s
root@s11-desktop:~# ping 192.168.0.149
192.168.0.149 is alive
e )
10. Power off the S11-Server1 virtual machine.
n etฺa utility
11. Open the VirtualBox Manager GUI and click theฺSettings G uidthe S11-Server1 virtual
machine. t e s e n t for
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺvirtualtmachine.
u
h o
shamachine e
13. Start the S11-Server1
(
14. Log in toi virtual e n sS11-Server1 as user oracle and su to root.
a v l i c
i d Q the ipmpstat command to verify that the IPMP group ipmp0 STATE is ok.
15. Use
h ah root@s11-server1:~# ipmpstat –g
S GROUP GROUPNAME STATE FDT INTERFACES
ipmp0 ipmp0 ok 10.00s link1_ipmp0 link0_ipmp0
3. Create IP interfaces for data links link2_ipmp0 and show the results.
root@s11-server1:~# ipadm create-ip link2_ipmp0
d ฺq to IPMP
5. Assign a static IP address
i t o ussubinterface link2_ipmp0 to be used for link testing
h
sha enseipadm create-addr –T static \
and show the results.
i (
lic
a–av 192.168.0.152/24
root@s11-server1:~#
Q link2_ipmp0/test
id root@s11-server1:~# ipadm show-addr
a h
Sh ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
ipmp0/v4add1 static ok 192.168.0.112/24
ipmp0/v4add2 static ok 192.168.0.149/24
link0_ipmp0/test static ok 192.168.0.150/24
link1_ipmp0/test static ok 192.168.0.151/24
link2_ipmp0/test static ok 192.168.0.152/24
lo0/v6 static ok ::1/128
6. Show the current setting of the standby property for the link2_ipmp0 interface.
root@s11-server1:~# ipadm show-ifprop –p standby link2_ipmp0
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
link2_ipmp0 standby ip rw off -- off on,off
Note: The standby is currently turned OFF.
Note: The interface link2_ipmp0 is enclosed in parenthesis. This indicates that the
interface is set to standby.
9. Use the ipmpstat command to display IPMP address information.
ble
root@s11-server1:~# ipmpstat -an
e r a
ADDRESS STATE GROUP INBOUND OUTBOUND
a nsf
:: down ipmp0 -- --
o n -tr
192.168.0.149 up ipmp0
a
link1_ipmp0
n
link1_ipmp0 link0_ipmp0
192.168.0.112 up ipmp0
a s
h eand
link0_ipmp0 link1_ipmp0 link0_ipmp0
i d t o u --mbM-- up ok ok
h h
Note: The flagsafor interface
e link2_ipmp0 indicate that the interface is inactive and set to
standby.i (s n s
a v l ice
i
Taskd Q4: Test the Active-Standby IPMP Configuration
h ahIn this task, you test the active-standby IPMP configuration by causing one of the subinterfaces
S to fail. Then you verify that the system is still accessible by using the remaining interface.
Perform the following steps to test the IPMP configuration:
1. Power off the S11-Server1 virtual machine.
2. Open the VirtualBox Manager GUI. Select the S11-Server1 VM and click the Settings utility
in the menu bar.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺVM. Log u
h t o
( s ha nse
4. Start the S11-Server1 in with the user ID oracle and password oracle1. su to
S GROUP
ipmp0
GROUPNAME
ipmp0
STATE FDT
degraded 10.00s
INTERFACES
link2_ipmp0 link0_ipmp0 [link1_ipmp0]
Note: The link1_ipmp0 has been boxed to indicate that it has failed.
6. Use the ipmpstat command to display IP interface information.
root@s11-server1:~# ipmpstat -i
INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE
link2_ipmp0 yes ipmp0 -s----- up ok ok
link1_ipmp0 no ipmp0 ------- up failed failed
link0_ipmp0 yes ipmp0 --mbM-- up ok ok
Note: Interface link1_ipmp0 is no longer active but link2_ipmp0 is now active.
Note: The interface link2_ipmp0 is being used for INBOUND and OUTBOUND traffic.
8. Use the ipmpstat command to display current probe information.
root@s11-server1:~# ipmpstat -pn
TIME INTERFACE PROBE NETRTT RTT RTTAVG TARGET
-1.12s link1_ipmp0 i185 -- -- -- 192.168.0.111
0.88s link0_ipmp0 i186 2.95ms 12.96ms 6.06ms 192.168.0.111
1.52s link2_ipmp0 i186 1.84ms 1.91ms 4.77ms 192.168.0.111
1.94s link0_ipmp0 i187 2.50ms 11.54ms 6.75ms 192.168.0.111
ble
1.51s link1_ipmp0 i187 -- -- -- 192.168.0.111
e r a
0.38s link1_ipmp0 i186 -- -- -- 192.168.0.111
a nsf
3.16s
3.30s
link2_ipmp0 i187
link0_ipmp0 i188
1.81ms
2.61ms
7.40ms
10.90ms
4.06ms
7.27ms o n -tr
192.168.0.111
192.168.0.111
4.10s link2_ipmp0 i188 1.33ms a 1.74ms 4.39ms n
192.168.0.111
4.71s link0_ipmp0 i189 a
2.12mss
h eฺ 2.20ms 6.63ms 192.168.0.111
e )
tฺa Guid
4.18s link1_ipmp0 i189 -- -- -- 192.168.0.111
3.12s link1_ipmp0 i188
n e -- -- -- 192.168.0.111
6.48s link2_ipmp0 i189
t e sฺ ent 0.96ms 25.18ms 6.70ms 192.168.0.111
6.51s link0_ipmp0 i190
m ira Stud 2.67ms 38.58ms 10.63ms 192.168.0.111
7.10s
@ e his
link2_ipmp0 i190 1.08ms 1.84ms 4.07ms 192.168.0.111
7.63s
a i
v se t
link0_ipmp0 i191 2.11ms 9.30ms 10.46ms 192.168.0.111
7.17s
i q
dฺ to u
link1_ipmp0 i191 -- -- -- 192.168.0.111
6.51s
hlink1_ipmp0 i190 -- -- -- 192.168.0.111
8.75s
i ( sha ense
link2_ipmp0 i191 0.29ms 0.97ms 5.99ms 192.168.0.111
Q av
9.45s
9.81s lic
link0_ipmp0 i192
link2_ipmp0 i192
2.02ms
2.38ms
2.11ms
9.32ms
9.42ms
4.73ms
192.168.0.111
192.168.0.111
i d
ah ^C
Sh Note: The interface link2_ipmp0 is actively probing targets. The values vary from system
to system.
9. Move to S11-Desktop virtual machine and ping the IPMP data IP addresses.
root@s11-desktop:~# ping 192.168.0.112
192.168.0.112 is alive
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺvirtualtmachine.
u
h o
shamachine e
13. Start the S11-Server1
(
14. Log in toi virtual e n sS11-Server1 as user oracle and su to root.
a v l i c
i d Q the ipmpstat command to display IPMP group information.
15. Use
h ah root@s11-server1:~# ipmpstat -g
S GROUP GROUPNAME STATE FDT INTERFACES
ipmp0 ipmp0 ok 10.00s link1_ipmp0 link0_ipmp0 (link2_ipmp0)
Note: The interface link2_ipmp0 has been placed back up in to standby and is inactive.
This indicates that the failed interface has been repaired.
16. Use the ipmpstat command to display IPMP interface information.
root@s11-server1:~# ipmpstat -i
INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE
link2_ipmp0 no ipmp0 is----- up ok ok
link1_ipmp0 yes ipmp0 ------- up ok ok
link0_ipmp0 yes ipmp0 --mbM-- up ok ok
root@s11-server1:~# ipmpstat -g
GROUP GROUPNAME STATE FDT INTERFACES
ipmp0 ipmp0 failed -- --
t e e
link1_ipmp0/test staticn ok
m ud
ira St192.168.0.152/24
link2_ipmp0/test static ok
@ e his ::1/128
lo0/v6 static ok
a
4. Delete the IP addresses and
i t
v showsthee results.
i q
dฺ ipadm udelete-addr link0_ipmp0/test
h
root@s11-server1:~# t o
( s ha nseipadm delete-addr link1_ipmp0/test
root@s11-server1:~#
i d Q
h ah root@s11-server1:~# ipadm show-addr
S ADDROBJ
lo0/v4
TYPE
static
STATE
ok
ADDR
127.0.0.1/8
lo0/v6 static ok ::1/128
5. Delete IP interfaces link0_ipmp0, link1_ipmp0, and link2_ipmp0. Show the results.
root@s11-server1:~# ipadm delete-ip link0_ipmp0
root@s11-server1:~# ipadm delete-ip link1_ipmp0
root@s11-server1:~# ipadm delete-ip link2_ipmp0
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Task
Perform the following steps in S11-Server1 VM to configure a network bridge:
1. Display the bridges currently configured in the system.
root@s11-server1:~# dladm show-bridge
ble
root@s11-server1:~#
e r a
No bridging devices are currently configured in the system.
a nsf
2. List the network interfaces currently configured in the system.
o n -tr
root@s11-server1:~# dladm show-phys
a n
LINK MEDIA
a s DUPLEX
h full
STATE SPEED DEVICE
net1 Ethernet
a e ) d e ฺ unknown 1000 e1000g1
net2 Ethernetฺ
et t Gu full i full unknown 1000 e1000g2
net0
s ฺ n
Ethernet
n unknown 1000 e1000g0
net3
r a t e d
Ethernet e unknown unknown 0 e1000g3
i t u
3. List the network interfaces currently
@ em configuredS
h i s in the system.
avi show-if
root@s11-server1:~# ipadm
et
CLASSฺq STATE us ACTIVE OVER
IFNAME
a h id okto yes --
se
lo0 loopback
v i ( ic e
anet3
l 32768/8:0:27:9c:83:e1
Q interface net3 from the bridge tonowhere and show the results.
9. d Remove
ah i
Sh root@s11-server1:~# dladm remove-bridge -l net3 tonowhere
11. Remove interface net0 from the bridge tonowhere and show the results.
root@s11-server1:~# dladm remove-bridge -l net0 tonowhere
root@s11-server1:~# dladm show-bridge -l tonowhere
root@s11-server1:~#
net0 ip ok yes --
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
network. dlstat lets you generate reports containing runtime statistics about data links.
In this practice, you are presented with two tasks. In the first task you install and explore the
wireshark utility. In the second task, you explore the dlstat utility.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t
Following is the home page of the Wiresharke sฺ eAnalyzer
Network n t utility:
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
ah id
Sh
6. Select the interface net1 check box and click the Options button. Under Capture File(s), in
the File field, type /var/tmp/192.168.0.112.cap and click Start.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
9. Click the Close This Capture File ( ) button to close and save your capture.
10. From the Files menu in the Wireshark main screen, select Open and browse to the
/var/tmp directory. Select the 192.168.0.112.cap file and click Open.
11. Take a few minutes and read through the packet trace.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
15. Close the Protocol Hierarchy Statistics dialog box. a n
a s
h eฺ
16. Click Statistics in the Wireshark utility menu bar and select Endpoint.
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
19. Click Close to close the IO Graphs
@ e window. h is
i
av bar,usclick t
e Close This Capture File ( ) button to close
id
20. On the Wireshark utility ฺ qmenu
and save your a h
capture. e to
i ( sh utility
21. On the Wireshark e n smenu bar, click File and then select Quit to close the Wireshark
av
utility. li c
id Q
a h
Sh Perform2: these
Task Monitor the Network by Using dlstat
steps on S11-Server1 VM to monitor the network by using the dlstat
command:
1. Move back to the S11-Server1 VM.
2. Display statistics for all network links.
root@s11-server1:~# dlstat
LINK IPKTS RBYTES OPKTS OBYTES
net1 0 0 0 0
net2 0 0 0 0
net0 0 0 9.42K 1.01M
net3 0 0 140K 15.52K
Note: The values may differ on your system.
Hint: Use all the available resources, such as man pages, student guide, activity guide, and
your instructor, to successfully complete each task.
Note: This practice is optional. Check with your instructor to determine if you have enough time
available to complete this practice. If you begin this practice and run out of time, set this practice
aside and return to it if time permits.
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 6:
ฺ a i d
et t GuOracle Solaris
Administering
ฺ n
sZones n
a11
t e d e
e mir Chapter
s S tu6
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
within these Oracle Solaris 10 zones can take advantage of the enhancements made to the
Oracle Solaris kernel and utilize some of the innovative technologies available only on the
Oracle Solaris 11 release.
In this practice, you explore the virtual-to-virtual (V2V) process for migrating an Oracle Solaris
10 native zone to an Oracle Solaris 11 environment. To do this, you perform four key tasks:
• Assess the source Oracle Solaris 10 Zone.
• Prepare the source system for migration.
• Prepare the target system for migration. ble
e r a
• Migrate from the Oracle Solaris 10 zone.
a nsf
Task 1: Assess the Source Oracle Solaris 10 Zone o n -tr
a
Perform the following steps in S10-Server1 VM to assess the source Oracle Solaris 10 zone:
n
a s
h eฺ
1. Verify that the S11-Server1 VM is running and kept minimized.
e )
n e tฺa Guid
Note: Shut down the S11-Desktop VM before proceeding to the next step.
t e sฺ ent
2. Start the S10-Server1 VM from the VirtualBox Manager and log in with the user ID root
and password cangetin.
m t ud to determine the state of the
iralistScommand
3. In the terminal window, run the zoneadme his
zones currently configured v oni@ t
the system.
q a s e
ID NAME ah
idฺ STATUS
# zoneadm list -cv
t o u
s h
0 (global n s erunning PATH BRAND IP
a v i l i c e / native shared
a h
Sh # zonecfg –z zone1 info
zonename: zone1
zonepath: /export/zones/1
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid: 34dcc30c
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
# zlogin zone1
[Connected to zone 'zone1' pts/4]
Oracle Corporation SunOS 5.10 Generic Patch January 2005
#
6. Determine the zone’s host name.
# hostname
zone1
7. Determine the zone’s network interface and IP configuration. ble
e r a
# ifconfig -a
ansf
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
o n -tr
a
inet 127.0.0.1 netmask ff000000 n
a
h eฺ s
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
e )
inet 192.168.0.177 netmask ffffff00 broadcast 192.168.0.255
e
8. Determine the zone’s host ID. Make a note of the valuetฺaas you u id
will use this value in the next
n
sฺ ent G
task.
t e
# hostid
m ira Stud
34dcc40c
@ e his
9. Determine the zone’s disk a i
v se t
usage.
i q
dฺ to u
# df -kh
h
ha nse size used avail capacity Mounted on
( s
Filesystem
a v i l
rpool/export i ce 24G 70M 24G 1% /
When it is in the ready state, the zone is established. The kernel creates a zsched
ble
process, the network interface is ready, file systems are mounted, and devices are
e r a
configured. The zone has unique ID. However, processes are not started. The zone must
a nsf
3.
be in the ready state for the migration to succeed.
Run the showmount –e command to determine whether the source system is configured o n -tr
as an NFS server. a n
a
h eฺs
# showmount –e
e )
export list for s10-server1:
n e tฺa Guid
/export/share (everyone)
t e sฺ 1.cpio.gz
e n t
named zone1 on the target system.m
ir Stud
4. Create a gzip compressed cpio archiveanamed for zone1, which will still be
@ e his
i
v The gzip
Note: Do not run these commands
a eintthis practice as it could take about 30 minutes
q
dฺ fortyou
to create the cpio archive. s
u compressed cpio archive named 1.cpio.gz for
zone1 is already
a h i
created o and is available in the /opt/ora/labs directory. Ensure
h s e
v i (s theic/opt/ora/labs/1.cpio.gz
that you copy
e n file to the /export/share directory
Q a
before l
proceeding to the next task.
h i d # cd /export/zones/1
a
Sh # find . -print | cpio -oP@ | gzip > /export/share/1.cpio.gz
5444292 blocks
4. Check to see whether your IPS server is currently running. If not, start it now. Make sure
the IPS server is started before performing the next step.
root@s11-server1:~# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F http://s11-server1.mydomain.com/
5. Create an Oracle Solaris 10 Zone suitable for the migration.
root@s11-server1:~# zonecfg -z zone1
Use 'create' to begin configuring a new zone.
ble
zonecfg:zone1> create -t SYSsolaris10
e r a
zonecfg:zone1> set zonepath=/zones/zone1
a nsf
zonecfg:zone1> set autoboot=true
o n -tr
zonecfg:zone1> set hostid=34dcc30c
a n
a
h eฺs
zonecfg:zone1> set ip-type=shared
)
zonecfg:zone1> remove anet
e
n e tฺa Guid
zonecfg:zone1> add net
sฺ ent
zonecfg:zone1:net> set physical=net0
t e
zonecfg:zone1:net> set address=192.168.0.172/24
ira Stud
zonecfg:zone1:net> end
m
@ e his
zonecfg:zone1> verify
a i
v se tzonecfg:zone1> commit
i q
dฺ to u zonecfg:zone1> exit
h
a configuration
6. Verify that the
( shzone1e n se meets the Oracle Solaris 10 Zone migration
i
requirements.
v lic
aroot@s11-server1:~#
i d Q zonecfg -z zone1 info
h ah zonename: zone1
S zonepath: /zones/zone1
brand: solaris10
autoboot: true
autoshutdown: shutdown
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid: 34dcc30c
fs-allowed:
net:
address: 192.168.0.172/24
allowed-address not specified
configure-allowed-address: true
physical: net0
defrouter not specified
1.cpio.gz
flags=100001100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4,PHYSRUNNING> mtu
1500 index 2
inet 192.168.0.172 netmask ffffff00 broadcast 192.168.0.255
lo0:2: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252
index 1
inet6 ::1/128
7. Use the ping command to verify if you can communicate with global zone and other VMs.
# ping 192.168.0.112
192.168.0.112 is alive
ble
e r a
nsf
# ping 192.168.0.113
192.168.0.113 is alive
-tra
# ping 192.168.0.172
192.168.0.172 is alive
n o n
8. Exit the zone and return to the global zone. s a
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
@ emAssembled S
h i s 17 January 2013
3. Determine the global zone’s
a i name.
vhost e t
q
dฺ to u s
# hostname
h i
( s ha nse
s10-server1
i
v the global
4. Determine
a l ice zone’s host ID.
i d Q # hostid
h ah 0bfd544f
S 5. Determine the zone’s network interface and IP configuration.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone zone1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.0.113 netmask ffffff00 broadcast 192.168.0.255
ether 8:0:27:88:64:a1
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone zone1
inet 192.168.0.177 netmask ffffff00 broadcast 192.168.0.255
#
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 920M 372K 920M 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
sharefs 0K 0K 0K 0% /etc/dfs/sharetab
/usr/lib/libc/libc_hwcap1.so.1
26G 3.3G 23G 13% /lib/libc.so.1
ble
fd 0K 0K 0K 0% /dev/fd
e r a
nsf
swap 920M 72K 920M 1% /tmp
swap 920M 28K 920M 1% /var/run
-tra
ora 426G 265G 161G 63% /opt/ora
n o n
rpool/export 29G 740M
s a 23G 4% /export
rpool/export/home 29G
) a
h eฺ31K 23G 1% /export/home
rpool
e
29G
tฺa Guid
42K 23G 1% /rpool
ora
n e 426G 265G 161G 63% /mnt/sf_ora
o n -tr
Running pre-exit scripts...
a n
Pre-exit scripts done.
a s
Task 3: Prepare the Target System for Migration ฺae
) h deฺ
e t the targetu i
Perform the following steps in S11-Server1 VM to prepare
s ฺ n n t G system for migration:
e
at tude
Note: Ensure that you copy the /opt/ora/labs/s10-server1.flar
r file to the
i
@ em his S
/export/share directory before proceeding to the next step.
1. Verify that the S10-Server1vNFS
a i share
e t
directory is mounted on the S11-Server1 machine.
| sgrep /export/share
i
root@s11-server1:~#
h donฺqs10-server1:/export/share
mount u
t o
a
/export/share
sh2014 se
i ( c e n
remote/read/write/setuid/devices/rstchown/xattr/dev=8d00001 on Mon Jul 14
Q
2. d List
athev contentsliof the /export/share directory.
04:03:41
4. Verify that the zone2 configuration meets the Solaris 10 global zone migration
requirements.
root@s11-server1:~# zonecfg -z zone2 info
zonename: zone2
zonepath: /zones/zone2
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
brand: solaris10
autoboot: true
autoshutdown: shutdown
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
ble
hostid: 0bfd544f
e r a
fs-allowed:
a nsf
net:
address: 192.168.0.173/24 o n -tr
allowed-address not specified a n
a
h eฺ
configure-allowed-address: true s
e )
tฺa Guid
physical: net0
n e
defrouter not specified
t e sฺ ent
Task 4: Migrate from the Oracle Solaris
m ira10 Global
S t udZone
Now that the target system is prepared,
@ e it is time
h isto migrate from the Oracle Solaris 10 global
zone. i
v se
aS11-Server1 t
i d
Perform the following steps ฺ q
in u VM to migrate the Oracle Solaris 10 global zone:
h t o
1. After the global
( s hazone nflar
se image has completed building (in Task 2), use the zoneadm
i
v subcommand
install e
lic to zoneadm
aroot@s11-server1:~# install the flar image in zone2.
i Q
d /export/share/s10-server1.flar -z zone2 install -a \
a h -uv
Sh The following ZFS file system(s) have been created:
rpool/zones/zone2
==== Starting: /usr/lib/brand/solaris10/image_install zone2 /zones/zone2 -
a/export/share/s10-server1.flar -u -v ====
Progress being logged to /var/log/zones/zoneadm.20140714T064424Z.zone2.attach
Starting pre-installation tasks.
Pinning datasets under rpool/zones/zone2
Pinning rpool/zones/zone2
Installation started for zone "zone2"
flash archive
Installing: This may take several minutes...
| install_flar
Creating active_ds rpool/zones/zone2/rpool/ROOT/zbe-0
Creating child dataset: var
Mounting boot environment in rpool/zones/zone2/rpool/ROOT/zbe-0 at
/zones/zone2/root (including child datasets)
Preparing to mount rpool/zones/zone2/rpool/ROOT/zbe-0 at /zones/zone2/root
#
6. Determine the zone’s network interface and IP configuration.
# ifconfig –a
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
net0:2:
flags=100001100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4,PHYSRUNNING> mtu
ble
1500 index 4
e r a
nsf
inet 192.168.0.173 netmask ffffff00 broadcast 192.168.0.255
lo0:2: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252
-tra
index 1
inet6 ::1/128 n o n
s a
7. a
Use ping command to verify if you can communicate with global zone and other VMs.
) h eฺ
# ping 192.168.0.112 e
tฺa Guid
192.168.0.112 is alive
n e
# ping 192.168.0.113
t e sฺ ent
192.168.0.113 is alive
m ira Stud
# ping 192.168.0.172
192.168.0.172 is alivei@
e his
q a v se t
h i dฺ zone.
8. Move back into the global
t o u
# exit
i ( sha ense
Q
v console
azone2 lic login: ~.
a h id [Connection to zone ‘zone2’ console closed]
Sh root@s11-server1:~#
9. Power off the S10-Server1 virtual machine.
zone.
In this demonstration, you will observe how to:
• Configure and install a kernel zone
• Clone a kernel zone
• Warm migrate a kernel zone
Assumptions
ble
Adobe Flash Player is already installed on the host machine before executing the
e r a
demonstration.
a nsf
Special note for playing the demo: o n -tr
• a
To be able to view demo controls in the browser, it is recommended to switch to full n
screen. a s
h eฺ
• e )
To switch to full-screen mode in the browser window, select View Full Screen.
n e tฺa Guid
Task
t e sฺ ent
ira Stud
Perform the following steps on your host machine:
m
1. Open a terminal window.
@ e his
a i
v se t
2. Change to the /opt/ora/demo/Configuring_KZ_on_SPARC directory.
i d ฺ q u
ah se t o
# cd /opt/ora/demo/Configuring_KZ_on_SPARC
# ls sh
v i ( icen
Q l
aConfiguring_Kernel_Zones_on_SPARC.swf
Configuring_Kernel_Zones_on_SPARC.htm
a h id standard.js
Sh 3. Open the Configuring_Kernel_Zones_on_SPARC.htm file in a web browser.
# firefox Configuring_Kernel_Zones_on_SPARC.htm &
A browser window with the Flash demo is displayed for you to walkthrough.
4. Close the web browser after you complete viewing the flash demo.
5. Close the terminal window.
Archives may contain one or more archived instances of Oracle Solaris OS from a single host.
An OS instance may be a global zone, a non-global zone, or a kernel zone. These individual
systems may be archived independently or bundled together. They may also be selectively
archived, so that an archive may contain only one zone or a selection of zones.
In this demonstration, you will observe how to deploy a kernel zone with the help of a clone
archive of a kernel zone.
Assumptions ble
e r a
nsf
Adobe Flash Player is already installed on the host machine before executing the
demonstration.
-tra
n o n
Special note for playing the demo:
s a
• a
h eฺ
To be able to view demo controls in the browser, it is recommended to switch to full
)
screen. e
tฺa Guid
n e
•
sฺ ent
To switch to full-screen mode in the browser window, select View Full Screen.
t e
m ira Stud
Tasks
@ e his
i
Perform the following steps on your
a host t
v semachine:
1. Open a terminal window.
i q
dฺ to u
h
ha/opt/ora/demo/
2. Change to the
( s e n se Using_UA_to_Deploy_KZ directory.
i
a## vcd lic
/opt/ora/demo/Using_UA_to_Deploy_KZ
Q
id standard.js
ls
a h
Sh Using_UA_to_Deploy_KZ.htm
Using_UA_to_Deploy_KZ.swf
) a
h eฺ
ZONE USED %USED CAP %CAP
Q
v
Interval:
lic
aPROCESSOR_SET 0:00:03
TYPE ONLINE/CPUS MIN/MAX
i d
h ah pset_default default-pset 1/1 1/1
-tr a
Report: High Usage
n o n
a
Start: Monday, July 14, 2014 08:06:10 AM UTC
s
a
h eฺ
End: Monday, July 14, 2014 08:07:10 AM UTC
)
e
tฺa Guid
Intervals: 6, Duration: 0:01:00
SUMMARY
n e Cpus/Online: 1/1 PhysMem: 3583M VirtMem: 4607M
m ira Stud ZONE USED %PART USED %USED USED %USED PBYTE %PUSE
@ e his [total] 0.16 16.9% 2228M 62.1% 2650M 57.5% 1909 0.00%
a i
v se t [system] 0.03 3.87% 1638M 45.7% 1904M 41.3% - -
i q
dฺ to u global 0.07 7.09% 285M 7.97% 360M 7.81% 541 0.00%
h
sha ense
zone2 0.01 1.87% 146M 4.08% 188M 4.08% 0 0.00%
4. Halta
Q the lic and zone2 to release the system resources.
v zones zone1
a h id root@s11-server1:~# zoneadm –z zone1 halt
Sh root@s11-server1:~# zoneadm –z zone2 halt
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 7:
Oracle ฺ a
etSolaris i d
u11 ZFS
s ฺ n n t G
aEnhancements
t e d e
e mir Chapter
s S tu7
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
storage. Thousands of file systems can draw from a common storage pool, each one
consuming only as much space as it actually needs. All operations are copy-on-write
transactions ensuring that the on-disk state is always valid. Additionally, blocks are
checksummed to prevent silent data corruption, allowing data to self-heal itself in replicated
(mirrored or RAIDZ) configurations. If one copy is damaged, ZFS detects it and uses another
copy to repair it. ZFS is also at the heart of Oracle Solaris 11 software installation and
management with the IPS packaging system, greatly reducing planned and unplanned down
time with safe system upgrade capability. UFS is no longer supported as a root file system.
ble
Common Multiprotocol SCSI Target (COMSTAR) is a software framework that enables you to
e r a
turn any Oracle Solaris 11 host into a SCSI target that can be accessed over the network by
a nsf
initiator hosts. COMSTAR breaks down the huge task of handling a SCSI target subsystem into
independent functional modules. These modules are then glued together by the SCSI Target o n -tr
Mode Framework (STMF). a n
a s
h eฺ
These practices provide a guided, hands-on experience in working with the new ZFS
enhancements and with COMSTAR. e )
The key areas explored in these practices are:n e tฺa Guid
• t e sฺ ent
Migrating UFS and ZFS file systems
• m ira Stud
Splitting a mirrored ZFS storage pool
@ e his
• i
v se t
Identifying ZFS snapshot differences
a
• q
dฺ to u
Configuring ZFS deduplication
i
h
•
sha ense
Configuring an iSCSI target and an iSCSI initiator
i (
Q av lic
i d
ah
Sh
systems as follows:
• Migrate a local or remote ZFS file system to a target ZFS file system
• Migrate a local or remote UFS file system to a target ZFS file system
m
0. c1t0d0 <ATA-VBOX HARDDISK-1.0-45.00GB>
e his
i @ t
/pci@0,0/pci8086,2829@d/disk@0,0
v HARDDISK-1.0
e
q a
1. c1t2d0 <ATA-VBOX
ฺ u s cyl 1022 alt 2 hd 64 sec 32>
format> fdisk
No fdisk table exists. The default partition for the disk is:
Type "y" to accept the default partition, otherwise type "n" to edit the
partition table.
y
ble
format> partition
e r a
nsf
...
partition> modify
-tra
Select partitioning base:
n o n
0. Current partition table (default)
s a
1. All Free Hog
) a
h eฺ
Choose base (enter number) [0]? 1
e
tฺa Guid
...
n e
t e sฺ ent
Do you wish to continue creating a new partition
ira Stud
table based on above table[yes]? <Press Return>
m
e his
Free Hog partition[6]? <Press Return>
@
i
v se t
Enter size of partition '0' [0b, 0c, 0.00mb, 0.00gb]: 0
a
q
dฺ to u
Enter size of partition '1' [0b, 0c, 0.00mb, 0.00gb]: 0
i
h
Enter size of partition '3' [0b, 0c, 0.00mb, 0.00gb]: 0
( sha ense
Enter size of partition '4' [0b, 0c, 0.00mb, 0.00gb]: 0
i
Q av lic
Enter size of partition '5' [0b, 0c, 0.00mb, 0.00gb]: 0
Enter size of partition '7' [0b, 0c, 0.00mb, 0.00gb]: 0
i d
ah ...
Sh Okay to make this the current partition table[yes]? <Press Return>
Enter table name (remember quotes): "shadow"
Note: The UFS file system contains a lost+found directory. This directory has no
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
meaning for ZFS and shadow migration might have problems with it. You can temporarily
remove this directory and re-create it later with fsck.
root@s11-server1:~# rm -r /export/UFS_data/lost+found
6. Create a ZFS file system.
root@s11-server1:~# zfs create rpool/export/ZFS_data
7. Share the UFS and ZFS file systems as read-only and show the results.
root@s11-server1:~# share –F nfs –o ro /export/UFS_data
root@s11-server1:~# share –F nfs –o ro /export/ZFS_data
ble
e r a
root@s11-server1:~# showmount –e
a nsf
export list for s11-server1:
o n -tr
/export/UFS_data (everyone)
a n
/export/UFS_data (everyone)
a
h eฺ s
8. Store some data in the UFS and ZFS file systems. e )
e tฺa Guid/export/UFS_data
root@s11-server1:~# cp /opt/ora/iso/sol-11_2-ai-x86.iso
n
e sฺ ent
root@s11-server1:~# cp /opt/ora/iso/sol-11_2-text-x86.iso
t /export/ZFS_data
Name: s11-server1.mydomain.com
Address: 192.168.0.112
setting
the shadow property on the destination ZFS dataset using the
zfs(1M) command.
Category: System/File System
State: Not installed
Publisher: solaris
Version: 0.5.11
Build Release: 5.11
Branch: 0.175.2.0.0.42.2
ble
e r a
nsf
Packaging Date: June 24, 2014 06:52:20 PM
Size: 510.76 kB
-tra
FMRI: pkg://solaris/system/file-system/shadow-migration@0.5.11,5.11-
0.175.2.0.0.42.2:20140624T185220Z
n o n
5. Install the shadow-migration package and show the results. s a
a
h eฺ
root@s11-desktop:~# pkg install shadow-migratione)
Creating Plan ...
n e tฺa Guid
Packages to install: 1
Services to change: ra 1t
esฺ dent
e
Create boot environment: mi No is Stu
v i@ e tNoh
Create backup boot environment:
a
DOWNLOAD
d ฺ q u s PKGS FILES XFER (MB) SPEED
Completed h
a i t o
h s e 1/1 14/14 0.2/0.2 997k/s
v i (s icen
a
PHASE l
Q Installing new actions
ITEMS
i d 39/39
ah Updating package state database Done
Sh Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
8. Display statistics on in-progress shadow migrations until the migrations have completed.
root@s11-desktop:~# shadowstat
EST
BYTES BYTES ELAPSED
DATASET XFRD LEFT ERRORS TIME
rpool/export/shadow_ZFS_data - - - 00:00:12
rpool/export/shadow_UFS_data - - - 00:00:30
rpool/export/shadow_ZFS_data - - - 00:00:22
ble
rpool/export/shadow_UFS_data - - - 00:00:40
e r a
nsf
rpool/export/shadow_ZFS_data - - - 00:00:32
rpool/export/shadow_UFS_data - - - 00:00:50
-tra
rpool/export/shadow_ZFS_data - - - 00:00:42
n o n
rpool/export/shadow_UFS_data -
s a - - 00:01:00
rpool/export/shadow_ZFS_data
) a
-
h eฺ - - 00:00:52
rpool/export/shadow_UFS_data
e
tฺa Guid
- - - 00:01:10
...
n e
rpool/export/shadow_ZFS_data -
s-ฺ e--nt 00:07:56
-ate -
i
rpool/export/shadow_ZFS_data
r t u d 00:08:07
e m is S
rpool/export/shadow_ZFS_data - - - 00:08:17
a v i@ e t--h --
rpool/export/shadow_ZFS_data - 00:08:27
i d ฺq o us -
rpool/export/shadow_ZFS_data - 00:08:37
a h e t
rpool/export/shadow_ZFS_data - - 00:08:47
i ( sh ens
rpool/export/shadow_ZFS_data - - - 00:08:57
Q av lic
rpool/export/shadow_ZFS_data - - - 00:09:07
i d rpool/export/shadow_ZFS_data - - - 00:09:17
ah rpool/export/shadow_ZFS_data - - - 00:09:27
Sh No migrations in progress
root@s11-desktop:~#
9. After the shadow migrations have completed, list the contents of the shadow migration
directories.
root@s11-desktop:~# ls –lh /export/shadow_UFS_data
total 871293
-rwxr-xr-x 1 root root 430M Jul 15 02:37 sol-11_2-ai-x86.iso
Task
Perform the following steps in S11-Server1 VM to split a mirrored ZFS storage pool:
1. Run the zpool list command to display the ZFS pools currently configured in the
system.
root@s11-server1:~# zpool list
NAME SIZE ALLOC FREE CAP DEDUP
bl
HEALTH ALTROOT
e
rpool 44.5G 25.9G 18.6G 58% 1.00x
r a ONLINE -
2. Run the zpool status command to determine which disks are currently configured s infe
the
a n
ZFS rpool.
o n -tr
root@s11-server1:~# zpool status rpool
a n
as ฺ
pool: rpool
state: ONLINE
) h
scan: none requested
e t ฺae uide
config:
e s ฺn nt G
i r t CKSUM
aWRITE t u de
NAME STATE
ONLINE e
m 0 is 0S 0
READ
rpool
v i @ e 0t
h 0 0
a
ฺq o us
c1t0d0 ONLINE
h i d
errors: Noaknown data terrors
h s e
3. Run thev i (s iccommand
e n to identify any additional disks configured in the system.
Q
format
l
aroot@s11-server1:~# format
d
h ahi Searching for disks...done
S
AVAILABLE DISK SELECTIONS:
0. c1t0d0 <ATA-VBOX HARDDISK-1.0-45.00GB>
/pci@0,0/pci8086,2829@d/disk@0,0
1. c1t2d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@2,0
2. c1t3d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@3,0
3. c1t4d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@4,0
4. c1t5d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@5,0
5. c1t6d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@6,0
6. c1t7d0 <ATA-VBOX HARDDISK-1.0 cyl 1021 alt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@7,0
7. c1t8d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
4. Create a mirrored ZFS pool named newpool consisting of disks c1t2d0 and c1t3d0.
Show the results.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
n e
mirror-0 ONLINE 0 0 0
t e sฺ ent
c1t2d0 ONLINE 0 0 0
6. Perform
Q lic on splitting the newpool pool into newpool and newpool1.
av a “dry run”
h i d root@s11-server1:~# zpool split -n newpool newpool1
a
Sh
would create 'newpool1' with the following layout:
newpool1
c1t3d0
7. Split the newpool pool in to newpool and newpool1 and show the results.
root@s11-server1:~# zpool split newpool newpool1
root@s11-server1:~# zpool status newpool
pool: newpool
state: ONLINE
scan: none requested
config:
Task
Perform the steps on S11-Server1 VM to identify ZFS snapshot differences:
1. Take a snapshot named before of the newpool/mydata file system.
root@s11-server1:~# zfs snapshot newpool/mydata@before
3. Take another snapshot named after of the newpool/mydata file system: ble
e r a
root@s11-server1:~# zfs snapshot newpool/mydata@after
tra nsf
4. List the ZFS snapshots by name and creation date.
n -
root@s11-server1:~# zfs list -r -t snapshot -o name,creation no
s a
NAME
newpool/mydata@before
CREATION
)
Tue Jul
a
h15 4:53ฺ 2014
newpool/mydata@after e e
ฺa Jul 15uid4:54 2014
tTue
n e
ฺ WednJul t G 7 1:13 2014
rpool/ROOT/solaris@install
e s Mon
e
rpool/ROOT/solaris@2014-07-09-03:52:28
rpool/ROOT/solaris/var@install ir
at tudMon Jul 9 3:52 2014
vi thesebefore
t
rpool/ROOT/solaris/var@2014-07-09-03:52:28
components are shared between files. In this practice, you configure and test ZFS
deduplication.
Task
Perform the steps on S11-Server1 VM to configure ZFS deduplication:
1. List all the ZFS pools currently configured in the system.
root@s11-server1:~# zpool list
NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT
ble
e r a
nsf
newpool 1008M 166K 1008M 0% 1.00x ONLINE -
newpool1 1008M 129K 1008M 0% 1.00x ONLINE -
-tra
rpool 44.5G 25.9G 18.6G 58% 1.00x ONLINE -
n o n
2. Determine the current deduplication settings for the newpool pool.
a
a
h eฺs
root@s11-server1:~# zpool get all newpool | grep dedup
e )
tฺa Guid
newpool dedupditto 0 default
n
newpool dedupratioe 1.00x -
t e sฺ ent
root@s11-server1:~#
ira forSthe
3. Determine the current deduplication settings
m t udnewpool/mydata file system.
root@s11-server1:~# zfs@ eall newpool/mydata
h is
v
a usi get
e t | grep dedup
ฺ q
newpool/mydata dedup
idon the tnewpool/mydata
off default
a h
4. Enable deduplication
e o file system and show the results.
h s
(s icen zfs set dedup=on newpool/mydata
a v i
root@s11-server1:~#
l
i d Q root@s11-server1:~# zfs get all newpool/mydata | grep dedup
a h
Sh 5. Create directories dir1, dir2, and dir3 in the newpool/mydata file system.
newpool/mydata dedup on local
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
t e sฺ ent
server@0.1-0.133
ira Stud
pkg.fmri set solaris/storage/storage-server pkg:/storage/storage-
m
server@0.1-0.173.0.0.0.1.0
e hS11-Server1.
is
3. Install the storage-serveri@ package on
t
q v install
apkg s e pkg://solaris/storage/storage-server
root@s11-server1:~#
id ฺ u
...
a h e to
(
Creating
i shPlan e...
n s
av c
li Servicestotoinstall:
Packages 30
i d Q change: 1
a h
Sh
Create boot environment: No
Create backup boot environment: Yes
DOWNLOAD PKGS FILES XFER (MB)
SPEED
Completed 30/30 4811/4811 117.5/117.5
1.1M/s
PHASE ITEMS
Installing new actions 6246/6246
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
...
root@s11-server1:~#
i r at tude
5. c1t6d0 <ATA-VBOX HARDDISK-1.0 cyl 1022
em his S
/pci@0,0/pci8086,2829@d/disk@6,0
i @
6. c1t7d0 <ATA-VBOX HARDDISK-1.0 cyl 1021
t
alt 2 hd 64 sec 32>
ฺ q av use
/pci@0,0/pci8086,2829@d/disk@7,0
i d o
7. c1t8d0 <ATA-VBOX HARDDISK-1.0 cyl 1022
h t alt 2 hd 64 sec 32>
sha ense
/pci@0,0/pci8086,2829@d/disk@8,0
v i ( c
8. c1t9d0 <ATA-VBOX HARDDISK-1.0 cyl 1022
i
alt 2 hd 64 sec 32>
Q a l/pci@0,0/pci8086,2829@d/disk@9,0
i d
ah
Specify disk (enter its number): ^D
Sh 6.
root@s11-server1:~#
Create a ZFS pool named iscsipool using disk c1t4d0 and show the results.
root@s11-server1:~# zpool create iscsipool c1t4d0
7. Create a 500 MB ZFS volume named targetvol in the iscsipool zpool and show the
results.
root@s11-server1:~# zfs create -V 500m iscsipool/targetvol
Note: Your LUN will be different from the one shown in this example.
9. Allow all systems to access the LUN by making it viewable. Show the results.
root@s11-server1:~# stmfadm add-view 600144F0FF980700000053C4B7580001
ฺ n et t Gu
root@s11-server1:~# svcs iscsi/target
t e s e n
a d
STATE
online
STIME FMRI
e mir is Stu
5:10:47 svc:/network/iscsi/target:default
a
2. Create the iSCSI target and v i@ eresults.
show the th
dฺq itadm s
ucreate-target
h i
root@s11-server1:~#
t o
sha created
n se
Target iqn.1986-03.com.sun:02:eb850f6d-7d19-c05f-954b-b2c8fb4215bd
i ( e
av lic
successfully
Q
d root@s11-server1:~# itadm list-target -v
ahi
Sh TARGET NAME
iqn.1986-03.com.sun:02:eb850f6d-7d19-c05f-954b-b2c8fb4215bd
STATE
online
SESSIONS
0
alias: -
auth: none (defaults)
targetchapuser: -
targetchapsecret: unset
tpg-tags: default
Note: The output varies from system to system.
3. Open a second terminal window and use ssh to log in to the S11-Server1 machine and su
to root role.
root@s11-desktop:~# ssh oracle@192.168.0.112
Password: oracle1
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
...
oracle@s11-server1:~$ su –
Password: oracle1
...
8. Run the devfsadm command to reconfigure the /dev namespace to recognize the iSCSI
disk.
root@s11-desktop:~# devfsadm -i iscsi
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
10. Create a new ZFS pool named testpool by using the iSCSI disk and show the results.
ble
root@s11-desktop:~# zpool create testpool \
e r a
nsf
c0t600144F0FF980700000053C4B7580001d0
-tra
root@s11-desktop:~# zpool status testpool
n o n
pool: testpool
s a
state: ONLINE
) a
h eฺ
e
tฺa Guid
scan: none requested
config:
n e
t e sฺ ent
NAME
i r a tud STATE READ WRITE CKSUM
testpool
@ em his S ONLINE 0 0 0
a v i e t
c0t600144F0FF980700000053C4B7580001d0 ONLINE 0 0 0
i o us
dฺqdata terrors
a h
senamed storage by using the testpool zpool and show the
errors: No known
( shZFS
11. Create ai new e n
volume
av
results.
Q lic
a h id root@s11-desktop:~# zfs create testpool/storage
Sh root@s11-desktop:~# zfs list
NAME USED AVAIL REFER MOUNTPOINT
...
testpool 124K 452M 32K /testpool
testpool/storage 31K 452M 31K /testpool/storage
Hint: Use all the available resources, such as man pages, student guide, activity guide, and
your instructor, to successfully complete each task.
Note: This practice is optional. Check with your instructor to determine if you have enough time
available to complete this practice. If you begin this practice and run out of time, set this practice
aside and return to it if time permits.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 8:
Oracle ฺ a
etSolaris i d
u11 Security
s ฺ n n t G
aEnhancements
t e d e
e mir Chapter
s S tu8
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
manage the certificates and keys on multiple keystores including PKCS#11 tokens, Netscape
Security Services (NSS) tokens, and standard file-based keystores for OpenSSL.
Task
Perform the following steps to manage encryption keys:
1. Power off the S11-Desktop VM.
2. Verify S11-Server1 VM is running.
If the virtual machine is not running, start it at this time. Log in to virtual machine S11- ble
e r a
nsf
Server1 as the user oracle and su to root role.
3. Take a few minutes and familiarize yourself with the pktool man page.
-tra
root@s11-server1:~# man pktool
n o n
...
s a
) a
h youeฺ(the user) to the
4. Change the default passphrase (changeme) used to authenticate
PKCS#11 token.
e
tฺa Guid
n e
Enter token passphrase: changeme ate
root@s11-server1:~# pktool setpin sฺ ent
m ir Stud
e
Create new passphrase: oracle1
@oracle1thi
s
i
av use
Re-enter new passphrase:
ฺ q
Passphrase changed.
d symmetric
iAES
h
5. Generate a 256abit e to key labeled myaeskey and show the results.
i ( sh ens pktool genkey label=myaeskey keytype=aes keylen=256
v PIN forlic Sun Software PKCS#11 softtoken: oracle1
root@s11-server1:~#
Q aEnter
a h id
Sh root@s11-server1:~# pktool list objtype=key
Enter PIN for Sun Software PKCS#11 softtoken: oracle1
No. Key Type Key Len. Key Label
----------------------------------------------------
Symmetric keys:
1) AES 256 myaeskey
-o /newpool/mydata/newfile
Enter PIN for Sun Software PKCS#11 softtoken : oracle1
Note: If you observe that no output is displayed for the cat command, add another line of
text in step 6, and repeat the remaining steps.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Task
Perform the following steps to configure a ZFS-encrypted storage pool:
1. Run the format command to identify any additional disks configured in the system.
root@s11-server1:~# format
Searching for disks...done
ble
AVAILABLE DISK SELECTIONS:
e r a
nsf
0. c1t0d0 <ATA-VBOX HARDDISK-1.0-45.00GB>
/pci@0,0/pci8086,2829@d/disk@0,0
-tr a
1. c1t2d0 <ATA-VBOX HARDDISK-1.0-1.00GB>
n o n
/pci@0,0/pci8086,2829@d/disk@2,0
s a
2. c1t3d0 <ATA-VBOX HARDDISK-1.0-1.00GB>
) a
h eฺ
/pci@0,0/pci8086,2829@d/disk@3,0
e
tฺa Guid
e
3. c1t4d0 <ATA-VBOX HARDDISK-1.0-1.00GB>
n
t e sฺ entalt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@4,0
ira Stud
4. c1t5d0 <ATA-VBOX HARDDISK-1.0 cyl 1022
m
e his
/pci@0,0/pci8086,2829@d/disk@5,0
i @ t
5. c1t6d0 <ATA-VBOX HARDDISK-1.0 cyl 1022
v e
alt 2 hd 64 sec 32>
i d ฺqa o us
/pci@0,0/pci8086,2829@d/disk@6,0
a h e t
6. c1t7d0 <ATA-VBOX HARDDISK-1.0 cyl 1021
alt 2 hd 64 sec 32>
i ( sh ens
/pci@0,0/pci8086,2829@d/disk@7,0
Q av lic
7. c1t8d0 <ATA-VBOX HARDDISK-1.0 cyl 1022
/pci@0,0/pci8086,2829@d/disk@8,0
alt 2 hd 64 sec 32>
i d
ah 8. c1t9d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
Sh /pci@0,0/pci8086,2829@d/disk@9,0
Specify disk (enter its number): ^D
root@s11-server1:~#
2. Run the zpool status command to determine which disks are currently configured in the
ZFS pools.
root@s11-server1:~# zpool status
pool: iscsipool
state: ONLINE
scan: none requested
config:
newpool ONLINE 0 0 0
c1t2d0 ONLINE 0 0 0
pool: newpool1
state: ONLINE
scan: none requested
config:
ble
e r a
NAME STATE READ WRITE CKSUM
a nsf
newpool1 ONLINE 0 0 0
o n -tr
c1t3d0 ONLINE 0 0
a 0 n
a s
h eฺ
errors: No known data errors
e )
n e tฺa Guid
pool: rpool
t e sฺ ent
ira Stud
state: ONLINE
scan: none requested
m
e his
config:
i @
v se t
q a
NAME idฺ STATEo u READ WRITE CKSUM
a h ONLINEe t
( h
s c1t0d0
rpool
n s 0 0 0
av i lic e ONLINE 0 0 0
Observe that you are prompted for passphrase. Enter the passphrase as oracle123.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Task
Perform the following steps to configure a ZFS-encrypted file system:
1. Generate a 256-bit AES raw key in a keystore file named /myzfskey.
root@s11-server1:~# pktool genkey keystore=file outkey=/myzfskey \
keytype=aes keylen=256
) a
h eฺ
newpool/mysecretdata encryption aes-256-ccm local
e
tฺa Guidfile system.
4. Display the keysource property of the newpool/mysecretdata
root@s11-server1:~# zfs get keysource s ฺ n e t
t e
a tud e n
newpool/mysecretdata
NAME PROPERTY
i r VALUE SOURCE
em hraw,file:///myzfskey
newpool/mysecretdata keysource
@ i s S local
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh
Task
Perform the following steps to create and test a read-only nonglobal zone:
1. On the S11-Server1 VM, display the current data links.
root@s11-server1:~# dladm show-link
LINK CLASS MTU STATE OVER
net1 phys 1500 unknown --
net2 phys 1500 unknown --
ble
net3 phys 1500 unknown --
e r a
nsf
net0 phys 1500 up --
2. Create a virtual NIC over data link speedway0 and show the results.
-tra
root@s11-server1:~# dladm create-vnic -l net0 vnic0
n o n
s a
root@s11-server1:~#
) a
h eฺ
dladm show-link
LINK
unknowntฺa
STATE e
OVER
id
CLASS MTU
net1
n e --
G uphys 1500
net2
net3
t e sฺ e--nt
unknown
unknown
-- phys
phys
1500
1500
m ira up
net0
S t ud -- phys 1500
e vnic0
i s up net0 vnic 1500
v
3. Create a read-only nonglobal
a i@ th virtual NIC vnic0. Set the file-mac-
zone by using
e
profile property to
i ฺq o us
dfixed-configuration.
a h e t
h s
root@s11-server1:~# zonecfg -z zone5
(s ictoenbegin configuring a new zone
Usei 'create'
v l create
azonecfg:zone5>
Q
id create:
a h Using system default template ‘SYSdefault’
Sh
zonecfg:zone5> set brand=solaris
zonecfg:zone5> set zonepath=/zones/zone5
zonecfg:zone5> set autoboot=true
zonecfg:zone5> set file-mac-profile=fixed-configuration
zonecfg:zone5> set ip-type=exclusive
zonecfg:zone5> add net
zonecfg:zone5:net> set physical=vnic0
zonecfg:zone5:net> end
zonecfg:zone5> verify
zonecfg:zone5> commit
zonecfg:zone5> exit
root@s11-server1:~#
Note: The fixed-configuration value permits updates to /var/* directories, with the
exception of directories that contain system configuration components.
IPS packages, including new packages, cannot be installed.
Persistently enabled SMF services are fixed.
SMF manifests cannot be added from the default locations.
i d
ah
Sh
ble
e r a
a nsf
o n -tr
a n
h eฺa s
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i
5. Install zone5 by using q
dฺ the profileucreated in the previous step.
h t o
( sha ensezoneadm -z zone5 install
root@s11-server1:~#
-c i/var/tmp/zone5_cfg/sc_profile.xml
\
Q av lic
a h id The following ZFS file system(s) have been created:
Sh rpool/zones/zone5
Progress being logged to /var/log/zones/zoneadm.20140715T062830Z.zone5.install
Image: Preparing at /zones/zone5/root.
PHASE ITEMS
Installing new actions 71043/71043
Updating package state database Done
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
done.
ble
e r a
Done: Installation completed in 1205.552 seconds.
a nsf
o n -tr
a n
a
h eฺs
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
e )
n e tฺa Guid
to complete the configuration process.
Q
v lic fixed-configuration
afile-mac-profile:
8.id Log in to zone5 and wait until the zone configuration completes.
h
a
Sh root@s11-server1:~# zlogin –C zone5
...
Note: Ignore the sendmail service related messages displayed on the zone console.
9. Verify that the zone5 IPpkg publisher is configured correctly.
root@zone5:~# pkg publisher
PUBLISHER TYPE STATUS P URI
solaris (syspub) origin online T <system-repository>
10. Verify that the apptrace package is not currently installed in the zone.
root@zone5:~# pkg list apptrace
pkg list: no packages matching 'apptrace' installed
root@zone5:~# exit
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Task
Perform the following steps to configure the BART:
1. Change directory to /var/tmp and create a BART rules file named bartrules that
contains these rules:
IGNORE all
/export/home/oracle
ble
CHECK all
e r a
root@s11-server1:~# cd /var/tmp
a nsf
root@s11-server1:/var/tmp# vi bartrules
o n -tr
IGNORE all
a n
/export/home/oracle
a
h eฺs
CHECK all
e )
ฺa inutheidprevious step and
2. Create a BART report by using the rules file that you tcreated
e
display the results.
s ฺ n n t G
r e de
at -rtubartrules
i
root@s11-server1:/var/tmp# bart create > \
em his S
bart-`hostname`-`date '+%d%m%Y-%H:%M:%S'`
@
q a vi ls
root@s11-server1:/var/tmp#
s e t
bart*
h i dฺ to u
bart-s11-server1-15072014-07:35:24 bartrules
a
sh ofethe e
sBART report.
3. View the contents
v i ( c n
Q li
aroot@s11-server1:/var/tmp# more bart-s11-server1-15072014-07\:35\:24
a h id ! Hash SHA256
! Version 1.1
root@s11-server1:/var/tmp# ls bart*
bart-s11-server1-15072014-07:35:24 bartrules
bart-s11-server1-15072014-07:36:38
6. Compare the two BART reports.
root@s11-server1:/var/tmp# bart compare -r bartrules \
bart-s11-server1-15072014-07\:35\:24 \
bart-s11-server1-15072014-07\:36\:38
/export/home/oracle:
ble
size control:5 test:6
e r a
dirmtime control:53ba0c5a test:53c4d9f5
a nsf
/export/home/oracle/newfile:
o n -tr
add
a n
7. s
Edit the /export/home/oracle/newfile file by adding a simple message.
a
h eฺ
e )
root@s11-server1:/var/tmp# vi /export/home/oracle/newfile
This is a test.
n e tฺa Guid
8.
e ฺ and display
Create another BART report by using the rulessfile n t the results.
t d e
a -rtubartrules
root@s11-server1:/var/tmp# bartircreate > \
m
e his
bart-`hostname`-`date '+%d%m%Y-%H:%M:%S'`S
i @
v ls e t
q a s
h i dฺ to u
root@s11-server1:/var/tmp# bart*
s h a s e
bart-s11-server1-15072014-07:35:24 bart-s11-server1-15072014-07:39:25
v i ( c e n
bart-s11-server1-15072014-07:36:38 bartrules
9.
Qa the second
Compare li and third BART reports.
d
ahi
root@s11-server1:/var/tmp# bart compare -r bartrules \
Sh bart-s11-server1-15072014-07:36:38
bart-s11-server1-15072014-07:39:25
\
/export/home/oracle/newfile:
size control:0 test:16
mtime control:53c4d9f5 test:53c4daa2
contents
control:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
test:11586d2eb43b73e539caa3d158c883336c0e2c904b309c0c5ffe2c9b83d562a1
10. Close the terminal window and shut down the VM.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh