Professional Documents
Culture Documents
D73488GC10 Student Guide
D73488GC10 Student Guide
D73488GC10 Student Guide
''
Student Guide
D73488GC10
Edtion 1.0
September 2011
074207
ORACLe
Author Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Dave Giroux Disclaimer
1 Introduction
Overview 1-2
Course Goals 1-3
- Agenda 1-4
I....
(..)
ct:l Practices 1-5
I....
0 Introductions 1-6
Your Learning Center 1-7
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
3
Oracle User Environment Enhancements 2-15
Solaris
11 System Security Enhancements 2-16
Zones Lesson Agenda 2-18
2-9
Comparing Key Features: Then and Now 2-19
Network
Lesson Agenda 2-20
ing
Feature Transitioning Strategy 2-21
s Summary 2-22
Enhanc
ements
2-11 3 Managing Software Packages in Oracle Solaris 11
Storage Objectives 3-2
Enhanc Agenda 3-3
ements What Is IPS? 3-4
2-13
Planning for IPS 3-5
IPS Components 3-7
Agenda 3-10
Local Package Repository 3-11
Creating a Local Repository 3-12
4
Configuring the IPS Clients 3-14
Configuring a Repository Mirror 3-15
Practices 3-1 and 3-2: Overview 3-17
Agenda 3-18
..c Package Management: pkg (1) 3-19
pkg Command Examples: search and info 3-20
pkg Command Examples: install 3-21
pkg Command Examples: list, verify, and contents 3-22
pkg Command Examples: uninstall 3-23
Package Manager 3-24
Managing Packages by Using a Web Browser 3-25
Update Manager 3-26
Practices 3-3 and 3-4: Overview 3-27
Agenda 3-28
Publishing a Package in IPS 3-29
Practice 3-5: Overview 3-30
Agenda 3-31
c
0 Boot Environment (BE) 3-32
> The beadm Utility 3-33
>.
c..
0
0 c
:::J
"0
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
.a
........
Cl)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"0
0
I....
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
beadm e, and destroy 3-37 beadm
Comm Command Examples: mount and unmount 3-38
and
Examp Package Manager BE Features 3-39
les: Practice 3-6: Overview 3-40
Summary 3-41
3-35
beadm
4 Installing the Oracle Solaris 11 Operating System
Comm
and Objectives 4-2
Examp Agenda 4-3
les: Oracle Solaris 11 Installation Options 4-4
create
3-36 Oracle Solaris 11 System Requirements 4-6
beadm Agenda 4-7
Comm Oracle Solaris 11 Text Installer 4-8
and Oracle Solaris 11 Text Installation: Disks 4-11
Examp Oracle Solaris 11 Text Installation: Network 4-12
les: Oracle Solaris 11 Text Install: Users 4-13
activat Oracle Solaris 11 LiveCD 4-14
e, Oracle Solaris 11 LiveCD: Device Driver Utility 4-15
renam Oracle Solaris 11 LiveCD: Partition Editor 4-16
Oracle Solaris 11 LiveCD Installer: Disk 4-17
Oracle Solaris 11 LiveCD Installer: Time Zone 4-18
Oracle Solaris 11 LiveCD Installer: Users 4-19
Practices 4-1 and 4-2: Overview 4-20
Agenda 4-21
Oracle Solaris 11 Automated Installation 4-22
I.... How Automated Installation Works 4-24
0
"0 AI Environmental Requirements 4-25
c
ct:l IPS Case: Using Default Manifest 4-27
-
Q)
(..)
IPS Case: Using Custom Manifest 4-29
ct:l
I.... IPS Case: Using an SC Profile 4-31
IPS Case: Multiple AI Services 4-32
Configuring the AI Server 4-33
Setting Up the AI Server 4-34
0 AI Manifests 4-35
4-36
The default.xml File
4-38
The Criteria Manifest
-
Network Bridging 6-55
Configuring a Network Bridge 6-57
Practices 6-5 and 6-6: Overview 6-58
Agenda 6-59
The wireshark Utility 6-60
The dlstat Utility 6-61
dlstat: Examples 6-62
Practice 6-7: Overview 6-64
Summary 6-65
viii
Introduction
Course goaIs
Agenda
Practices
Introductions
-
I....
0
"0
Your learning center
c
ro
Q)
(..)
ro
I....
Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
Welcome to the Transition to Oracle Safaris 11 course. This is an advanced course that builds
on Oracle Solaris 10 system administration courses. It is focused on the skills and knowledge
required for transitioning from the Oracle Solaris 10 operating environment to the Oracle
Solaris 11 operating environment.
This course highlights the new features delivered with Oracle Solaris 11, including the
Automated Installer (AI), the Image Packing System (IPS), and network virtualization.
Throughout the course, you learn how to transition to the Oracle Solaris 11 operating
environment by performing a series of guided hands-on practices that walk you through the
critical tasks associated with operating system migration activities. These practices include
case studies that illustrate best practices when transitioning from Oracle Solaris 10 to Oracle
Solaris 11.
This course does not address system administration tasks currently supported in Oracle
Solaris 10 (or other) operating systems. Rather, it focuses on the new and enhanced features
found in the Oracle Solaris 11 operating system. It is assumed that you already have the skills
and knowledge necessary for administering Oracle Solaris 10.
Familiarize you with the Oracle Solaris 11 new features
and enhancements:
- Image Packaging System (IPS)
-
I....
0 - Automated Installer (AI)
"0
c (..)
ro -
ro I....
"<""""
"<""""
Q) 0 0
Transition to Oracle Solaris 11 1 -
12
Course Goals
(\J
- Oracle
The goals Solaris
of this containers
course are to:
..c
0 Network
>
c
virtualization
>.
c.. - Security
0
0
"0
Provide you with the skills necessary for a successful
..) ..
Q
transition from Oracle Solaris 10 to Oracle Solaris 11
..
..c
..c ORACLE.
0
I....
c.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
c
0
:.;:::::;
Goals
::J
..c Transitioning to a new operating system can be a very daunting task. It involves working with
...... a wide range of complex technologies and procedures, many of which are new to
rJ)
"0
the personnel participating in the project.
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
c
0
....c
..
::J
ro
c
:::
J
-
I....
Lesson 3: Managing Software Packages in Oracle Solaris 11
"
Lesson 4: Installing the Oracle Solaris 11 OS
Day 3
Lesson 5: Administering Oracle Solaris 11 Containers
Lesson 6: Oracle Solaris 11 Networking Enhancements
Day4
ORACLE.
Lesson 6: Oracle Solaris 11 Networking Enhancements
Day 5
Lesson 7: Oracle Solaris 11 Storage Enhancements
Lesson 8: Oracle Solaris 11 Security Enhancements
0
"<""""
-
"<""""
0
(\J
..c
0
> c
>.
c..
0
0
"0 Copyright 2011,
..Q...) Oracle and/or its
. affiliates. All rights
..c reserved.
..c
Practices
ORACLE.
c Starting with Lesson 3, each lesson in this course has an associated practice. Within each
0
:.;:::::; practice, you are provided with a virtual environment that contains all the resources needed to
::J
..c install the Oracle Solaris 11 operating system and configure the new features and enhancements.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
" 0
e
c..
Q)
I....
"0
Q)
N
c
0
....c.
.
::J
ro
c
:::J
Introductions
Name
Company affiliation
Title, function, and job responsibility
Experience related to topics presented in this course
-
I....
0
"0
Reasons for enrolling in this course
c
ro Expectations from this course
Q)
(..)
ro
I....
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
0 - Restrooms
"0
- Break rooms and designated smoking areas
- Local cafeterias and restaurants
Emergency evacuation procedures
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...). ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Objectives
After completing this lesson, you should be able to:
Describe the Oracle Solaris 11 operating system
List new features and enhancements of Oracle Solaris 11
Describe the new operating system installation features
Describe the new software updating features
0
e
c..
Q)
I....
"0
Q)
N
c
Transition to Oracle Solaris 11 2 - 2
Describe a strategy for transitioning from Oracle Solaris 10
to Oracle Solaris 11 -c:>. "'
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
c..
This lesson introduces you to the new features and enhancements found in the Oracle Solaris
11 operating system. The lesson begins with a description of Oracle Solaris 11 and continues
with a high-level description of each new feature and enhancement.
Next, the lesson provides a comparison of the features found in Oracle Solaris 10 with those
of Oracle Solaris 11. This is followed by a description of a strategy for transitioning from
Oracle Solaris 10 to Oracle Solaris 11.
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Oracle Solaris 11 New Features
and Enhancements
Oracle Solaris 11:
Builds on the proven technologies of Oracle Solaris 10
Provides access to the latest Oracle Solaris 11 technology
Has been tested and optimized for Oracle hardware and
-
I....
0
"0 software
c
ro
Q)
Offers state-of-the-art reliability, availability, and
(..)
ro serviceability
I....
:::J
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Is an integrated component of Oracle's Exadata and
Exalogic systems
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris is the industry-leading operating system for the enterprise. Oracle Solaris 11
raises the bar for the innovation introduced in Oracle Solaris 10 with a unique feature set that
few other operating systems can offer. Oracle Solaris 11 has been tested and optimized for
Oracle hardware and software and is an integral part of Oracle's combined hardware and
software portfolio.
Oracle Solaris 11 provides customers with the latest access to Oracle Solaris 11 technology,
allowing developers, architects, and administrators to test and deploy applications within large
data centers, which greatly simplifies their day-to-day operations. Oracle Solaris 11 is
characterized by the reliability, availability, and serviceability that you expect from a leading
enterprise operating system.
Oracle Solaris 11 provides new optimizations and features designed to deliver proven
scalability and reliability as an integrated component of Oracle's Exadata and Exalogic
systems.
Oracle Solaris 11 Features and Enhancements
-
I....
0
"0
Storage enhancements
c
ro User environment enhancements
Q)
(..)
ro
System security enhancements
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Oracle Solaris 11 expands support for Oracle Solaris 10 storage technologies. The ZFS file
system includes a number of enhancements, including ZFS as the root file system,
Ora number of installation choices. This includes a completely hands-free automated network
cle installation experience, a graphical LiveCD installer, and an interactive text-based installation
Sol for systems without a graphical display.
aris
11 Oracle Solaris 11 introduces the Image Packaging System (IPS). IPS is the next-generation
intr packaging system that provides safe system updates and upgrades.
odu
ces Oracle Solaris 11 enhances its virtualization solution with Oracle Solaris 10 zones (also
a known as solarislO branded zones). Oracle Solaris 10 zones provide a seamless method
new for migrating to Oracle Solaris 11. Additional features such as delegated zone administration,
,
mo boot environment (BE) for zones, and enhanced zone monitoring are also included.
der Oracle Solaris 11 brings significant enhancements to networking. Features such as virtual
n networks, Network Auto-Magic (NWAM), and improved IP multipathing (IPMP) provide
soft enhanced security, availability, and management.
war
e
inst
alla
tion
arc
hite
ctur
e,
offe
ring
a
deduplication, and ZFS snapshot differences. Additional enhancements include Common
Multiprotocol SCSI Target (COMSTAR) technology and Common Internet File System (CIFS)
support for seamless file sharing with Windows environments.
Oracle Solaris 11 includes GNOME 2.30, an intuitive, easy-to-use desktop environment, and
the Firefox 3.6.10 web browser, among a variety of other software included in the network
package repository. GNU (not UNIX) commands and a default bash shell environment are
also available.
Oracle Solaris 11 continues to optimize security controls. This release supplies a number of
security-related enhancements: root as a role, encrypted ZFS datasets, Trusted Platform
Module (TPM) support, and enhancements to Oracle Solaris Trusted Extensions.
"
Image Packaging System (IPS)
-
I....
0
"0
Operating system upgrades
c Removal of software packages
ro
Q)
(..) Intelligent package management
ro
I....
0
I....
c..
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 provides a completely redesigned software packaging model: the Image
Packaging System (IPS). IPS is a comprehensive delivery framework that spans the complete
software life cycle, addressing software installation, updates, operating system upgrades, and
the removal of software packages.
In contrast to the SVR4 packaging model used in earlier Oracle Solaris releases, IPS
eliminates the need for patching. Relying on the use of network repositories of software
packages, IPS dramatically changes how an administrator updates system and application
software. IPS packages can be installed into nonglobal zones in addition to the global zone.
Operating System Installation
Unattended installation
'* C Oracle Solaris 11 Automated Installer (AI)
l)
:t=
ct:l
- Network installation
1l - Installation manifest
-
I....
0 - Client profiles
"0
c
ct:l
Interactive installation
Q)
(..)
Oracle Solaris 11 LiveCD installation
ct:l
I....
- Suited for desktops and notebooks
0
-
"<"""" - GUI interface
"<""""
0
(\J Interactive text install
..c
0
>
c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
N
c c
0 0
:.;:::::;
::J ....c..
..c ::J
......
Cl)
ct:l
c
:::J
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
Ora Unattended installation:An improved "hands-off' automated installation process that
cle goes beyond Oracle Solaris JumpStart functionality in Oracle Solaris 10 and earlier
Sol
aris releases
11 Interactive installation:Interactive installation using a text-based user interface
offe (because most servers use a text-based console for installation), and interactive
rs installation for x86 desktop and notebook systems using the Oracle Solaris 11 LiveCD
a
nu forx86
mb
er
of
inst
alla
tion
opti
ons
:
New boot environment for zones
Zone resource monitoring
Delegated administration
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
utilization, utilization of resource control limits, total utilization, and per-zone utilization
breakdowns over specified time periods.
With Oracle Solaris 11, you can delegate specific zone administration tasks to different
administrators using Role-Based Access Control (RBAC). With delegated administration
standard, users are identified with the permissions to log in, manage, or clone that zone.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Networking Features and Enhancements
Network virtualization
Network Auto-Magic (NWAM)
Improved IP multipathing (IPMP)
New sockets architecture
(\
J
Load balancing
..c
0 Bridging and tunneling
>
c The ipadm command
>.
c..
0
ORACLE.
Copyright
laris 11 introduces built-in network virtualization and resource management, providing more
and/or
rights effective sharing of network resources and enhancing the ability to consolidate server
workloads.
In Oracle Solaris 11, Network Auto-Magic (NWAM) automates network configuration and
O connection. NWAM enables users to automatically discover and connect to networks
r depending on their network conditions and profiles. NWAM is the default network
a configuration behavior on all installations of Oracle Solaris 11.
c
l In Oracle Solaris 11, IP multipathing (IPMP) has been redesigned to enhance the
e administrative model and improve monitoring. An IPMP group (which has a set of associated
IP addresses that are dynamically bound to a set of underlying physical interfaces) is
S represented by an IPMP interface. AliiP administrative tasks take effect on the IPMP group
o simply by referencing the IPMP interface. The new ipmpstat utility provides visibility to the
IPMP subsystem.
'
ZFS enhancements
C Default file system
Deduplication
ZFS snapshot differences (zfs diff)
COMSTAR
CIFS support
ORACLE.
ZFS is the default root file system in Oracle Solaris 11. UFS is still available for non-root file
systems. Oracle Solaris 11 has added ZFS deduplication, which detects and removes
redundant data from ZFS file systems. If a ZFS file system has the dedup property enabled,
duplicate data blocks are removed synchronously. As a result, the file system stores only
unique data. Support for listing the differences between ZFS snapshots (zfs diff) has
been added with Oracle Solaris 11. Also, now you can use the shadow migration feature to
migrate data from an old file system to a new one while simultaneously allowing access and
modification of the new file system during the migration process.
COMSTAR (Common Multiprotocol SCSI Target) technology, introduced in Oracle Solaris 11,
allows network file sharing, similar to NFS and CIFS, but for raw block-device access via
iSCSI or SAN. This technology enables any Oracle Solaris 11 host to become a SCSI target,
allowing it to be accessed over a storage network by a variety of initiator hosts. COMSTAR
supplies a software framework that makes it possible for all SCSI device types to connect to a
transport protocol and provide network device access. In this way, virtual machines can share
image files or access to a database.
-
I....
User Environment Enhancements
Secure by default
Root treated as a role
Robust data encryption
Driver support for Trusted Platform Module (TPM)
-
I....
0
ro Oracle Solaris 11 provides a fully secure-by-default environment. With automatic secure by
default, network services are disabled by default, or set to listen for local system
communications only.
In Oracle Solaris 11, root is treated as a role rather than a user. During system installation, an
initial user is defined. After an initial user login, a user with the appropriate privileges can
subsequently assume the role of root by using su or by performing administrative tasks after
authentication using sudo or pfexec. pfexec is a new feature that allows you to directly
assign a rights profile or more roles directly to a user account.
Oracle Solaris 11 supports a robust mechanism for your data protection by implementing on
disk encryption/decryption support and key management for ZFS datasets. In the event of
theft or in the case of untrusted paths to networked storage, encrypted ZFS datasets can help
to safeguard data and prevent unauthorized access. The kernel implements raw
encryption/decryption functions that are applied to all data and file system metadata.
Oracle Solaris 11 includes driver support for Trusted Platform Module (TPM) hardware. TPM
devices are often embedded in systems to securely store certificates or encryption keys that
help to perform platform authentication and/or attestation. Attestation is a process that
determines whether a server is trustworthy and has not been breached.
Oracle Solaris 11 enhances Oracle Solaris Trusted Extensions by introducing labeled IPsec
and labeled ZFS datasets. Additionally, Trusted Extensions now enables per-label and per
user credentials, allowing administrators to require a unique password for each label. This
password is in addition to the session login password, thus allowing administrators to set a
per-zone encryption key for each label of every user's home directory
-
I....
-
...
0
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Comparing Key Features: Then and Now
Feature Oracle Solaris 10 Oracle Solaris 11
0 repositories
Building a customized Blueprints for custom Distribution Constructor to
distribution image DVDs create ISO and virtual
machine images
'
Virtual Networking N/A Network virtualization and
resource management
User environment Ksh and SVR4 commands Bash, GNU and SVR4
commands
.. O
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
This table shows the major changes made to some of the key features of Oracle Solaris 10 in
Oracle Solaris 11.
-
I....
E mPr"a.r.t...cEnvtronment
U ve
...'o. n
QonedPraduct:lon
ZFS BOOT ENVIRONMENTS
ORACLE SOLARIS
IMAGE PACKAGING SYSTEM
ORACLe
The Image Packaging System (IPS) is a framework that provides for software lifecycle
management. such as installation. upgrade. and removal of packages. IPS also allows users
to create their own software packages. create and manage package repositories. and copy
and mirror existing package repositories
With IPS. you can pertorm the following tasks
Create and manage images
Search the IPS packages on your system and in IPS repositories
Copy, mirror. create. and administer package repositories
Create and publish IPS packages to a package repository
Republish the content of an existing package in a package repository
0
-
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::; ::J " 0 c.. Q)
::J
..c I....
"0
e
......
rJ)
Q)
N
"0 c
I.... 0
0 ....c..
c
ro
::J
0
:.;:::::; c
(..) :::J
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
Transition to Oracle Solaris 11 3 - 7
....c
..
::J
ct:l
c
:::J
en
Q
..) ...
..
-
tE
ro
en
-
Package
Server
!.....
0 Payload
""0
c
ro
................................................t ....................
Q)
(...)
0 .
Client
't""""
't""""
cu- pkg (1)
0 Desktop- Package Manager
N Web Browser
@
.......
..c
0)
c
0..
0
0
""0
Q )
.. .... . ORACLE"
:0 ::::J
. ro
c
=>
.
ec
0..
c
0
:;:::;
::::J
..0
c
.......
.!:!2
""0
!.....
0
c
u
0
::::J
" e
"0
0..
""0
Q)
N
c
0
c
.... ..
.
Fault Management Resource Identifier (FMRI): The FMRI includes descriptive
information about the package, such as the package name, version information, and
Copyright
s made up of key components. Each component has a role to play. These components
and/or
rights include:
"0
e
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0
Q )
... ... .
.
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
IPS Components
date. For 01104T230706Z consists of the following information: Scheme:
example, pkg
the FMRI,
pkg://solaris Publisher: solaris
/developer/ Category:developer Package
apptrace@0 Name: apptrace Component
.5.11,5.11-
Version: 0.5.11
.151
Build Version: 5.11
.
0 Branch Version: 0.151.0.1
. Timestamp (when the package was published): 20101104T230706Z
1 Repository: A repository is a location where clients publish and retrieve packages. The
location is described by a uniform resource identifier (URI) such as
:
http://pkg.oracle.com/solaris/release. A repository is also called a depot server. A repository
2 contains packages from a single publisher (for example, Solaris). A publisher can publish to
0 multiple repositories. A repository has an origin and zero or more mirrors. The repository
1 origin is the location of a package repository that contains both package metadata (package
manifests and catalogs) and package content (package files). A mirror is a location of a
package repository that contains only package content.
Catalog:A catalog consists of all the packages in an IPS package repository. The
packages in a catalog are associated with a specific publisher.
Manifest: A manifest describes the components and attributes that make up a package.
Mirror: A mirror provides a subset of the data that origins provide. Mirrors can be used
only for downloading package files. Package metadata is downloaded from the origin.
IPS clients access the origin to obtain a publisher's catalog, even when the clients
download package content from a mirror.
Client package management utilities:
pkg (1): A command-line command that can be used to create and manage
images, search package data, and perform software installation, upgrade, and
removal
Package Manager: The Package Manager application provides a graphical user
interface (GUI) for IPS. It also provides a subset of the functionality offered by the
command-line commands provided with IPS.
Web browser: A web browser can be used to search for and install software
packages from an IPS repository.
Agenda can maintain multiple boot
installed into that image. System administrators
environments in their systems, and each boot environment can have different software
versions installed.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Boot environment (not shown): A boot environment is a boatable instance of an
Oracle Solaris 11 operating system image plus any other application software packages
:::J
Configuring a Local IPS Repository
Managing Software Packages by Using IPS
Publishing a Software Package in IPS
-
I....
0
"0 c ro Managing Boot Environments
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
-
I....
"0
0 Performance
c
ro Security
Q)
ro
(..) Replication
I....
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
0
e Performance:Having a local package repository allows clients access to packages at
c.. local network speeds.
Q)
I.... Security: You might not want your client systems to have access to the Internet.
"0
Q)
N
c
o Replication:
:::J You want to ensure that an installation that you perform next year is
-
. .
sc
ro
c
ex
actl
y
the
sa
me
as
the
inst
alla
tio
n
yo
u
per
for
m
tod
ay.
Download ISO image.
Copy from the default package repository.
2. Create a ZFS file system for the repository.
-
I....
0
"0
3. Copy the packages to the repository.
c
ro 4. Set the appropriate pkg. repotd properties.
Q)
(..)
ro
I....
5. Set the preferred publisher.
0 6. Refresh the repository catalog.
-
"<""""
"<""""
0
(\J
..c
0
>c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..Q) ...
.
..c
..c When you create a local repository, you must perform these steps:
0
I....
c..
c
0
:.;:::::; 0
::J :.;:::::;
..c (..)
......
rJ)
::J " 0 c.. Q)
"0
I....
0 "0
I.... e
Q)
c
N
1. Obtain softwareCreating
packages:When a Local
creating aRepository
local package repository, you must first
c download the Oracle Solaris 11 repository image from:
0
....c. http://www.oracle.com/technetworklserver-storage/solaris1 1/downloads/index.html
. The repository image provides you with a complete archive of software packages to
::J
ro 1.
allowObtain software
you to set up a localpackages:
network IPS repository that client systems can connect to.
c
:::J The repository image is provided in two parts that must be concatenated. You use the
following command-line instructions to successfully create a full ISO image that can be
burned to a dual-layer DVD or directly mounted using the lofiadm command. You
download parts A and B of the repository ISO by clicking these links:
Download Part A SPARC, x86 (2GB)
Download Part B SPARC, x86 (2GB)
The following commands are used to concatenate parts A and B:
$ unzip sol-11-exp-201011-repo-full-iso-a.zip
$ unzip sol-11-exp-201011-repo-full-iso-b.zip
$ cat sol-11-exp-201011-repo-full.iso-a sol-11-exp-201011-repo
full.iso-b > sol-11-exp-201011-repo-full.iso
Alternatively, you can copy the packages directory from the default image repository.
2. Create a ZFS file system for the repository: A good practice is to store the repository
in a separate ZFS file system with compression enabled.
3. Copy the packages to the repository: If you copy from an ISO image, use the rsync
command. If you copy directly from another repository, use the pkgrecv command.
- Note that when copying from another repository, you should have already obtained a
I....
0
"0 key and certificate and installed them on your system.
c
ct:l
Q)
4. Set the appropriate pkg.depotd properties: Make sure that the pkg/inst_root '3-S
(..) and pkg/readonly properties are set appropriately.
ct:l
I....
5. Set the preferred publisher: The default preferred publisher for Oracle Solaris 11
0
systems is Solaris and the default origin for that publisher is
http://pkg.oracle.com/solaris/release. If you want your clients to get packages from your
local repository, you must reset the origin for the Solaris publisher as shown in the next
slide.
6. Refresh the repository catalog:Be sure to use the pkgrepo refresh command
to update the repository catalogs and any new packages found in the repository.
Configuring the IPS Clients
-
I.... Solaris (preferred) origin online
0
http://pkg.oracle.com/solaris/release/ oracle@sllx-desktop:-# pkg set-
"0
c publisher -G \ http://pkg.oracle.com/solaris/release/ -g \
ct:l http://sllx-servl.mydomain.com/ solaris
Q)
(..)
oracle@sllx-desktop:-# pkg publisher
ct:l PUBLISHER TYPE STATUS URI
I....
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
For local IPS publisher as shown in the example in the slide.
clie
nt
sys
tem
s to
acc
ess
a
loc
al
rep
osit
ory,
you
mu
st
set
the
pref
err
ed
pub
lish
er
to
the
svc:/application/pkg/server> setprop start/exec= astring: \
"/usr/lib/pkg.depotd --mirror -p %{pkg/port} -d
ro
(..) 5. Refresh the mirror.
I....
0
"<""""
- 6. Enable the mirror.
"<""""
0
(\J 7. Mount the file system that contains your repository with the
..c
no at me attribute.
0
c
>
8. Add a mirror to the configuration.
>.
c..
0
0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
ORACLE.
"0
..) Q...
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Configuring a Repository Mirror
A mirror can speed up system updates, distribution construction, zone creation, and other
mirr packaging-intensive operations.
or
pro The following example demonstrates how to configure a repository mirror:
vid # svccfg import /var/svc/manifest/application/pkg-server.xml
es
a # mkdir /export/pkg
co # /usr/lib/pkg.depotd -d /export/pkg -p 8009
mpl
ete # svccfg -s pkg/server
cop svc:/application/pkg/server> add mirror
y of
a svc:/application/pkg/server> select mirror
rep svc:/application/pkg/server> addpg pkg application
osit
ory' svc:/application/pkg/server> addpg start method
s
cat
alo
g of
pac
kag
es.
Usi
ng
a
nea
rby
%{pkg/inst_root}\
-t %{pkg/socket_timeout} -s % {pkg/threads} --proxy- \
base=%{pkg/proxy_base} --log-access=%{pkg/log_access} -log \
errors=%{pkg/log_errors}"
svc:/application/pkg/server> setprop pkg/inst root = astring: \
"/export/pkg"
svc:/application/pkg/server> setprop pkg/threads count: 50
svc:/application/pkg/server> setprop
-
I.... exit
0
"0 # svcadm refresh pkg/server:mirror
c
ct:l # svcadm enable pkg/server:mirror
Q)
(..) :::J
ct:l
I....
"0
.. ..Q
)
.
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
.a
c
. .
...rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
e
0
c..
Q)
I....
"0
Q)
N
c
0
...c.
. ::J
ct:l
c
# # pkg set-publisher -m http://sllx-serv2.com solaris
zfs
set
ati
me=
off
fil
esy
ste
m_n
ame
In Practice 3-1, you do the following:
- Create a ZFS file system for the package repository.
Copy the package repository from an ISO image to local
storage.
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Agenda
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Package Management Task IPS Command Solaris 10 Equivalent
Install package. pkg install pkgadd -a
I....
Display the contents of a pkg contents pkgchk -l
.
0
package.
Search for a package. pkg search pkgchk -l -p
"0
ORACLE.
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c The pkg command is used to interact with the Image Packaging System. With a valid
0
:.;:::::; configuration, pkg can be invoked to create locations for packages to be installed (as what
::J
..c are called "images") and manage packages in those images.
........
rJ) The table in this slide shows which pkg commands are used to perform common package
"0
I....
management tasks. It compares these commands to equivalent commands used in Oracle
0 Solaris 10.
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
pkg Command Examples: search and info
-
I....
Name: developer/apptrace
0 summary: Apptrace Utility
"0 Description: Apptrace utility for application tracing, including
c
ct:l shared
Q) objects
(..)
ct:l Category: Development/System
I....
state: Installed
0 Publisher: solaris
Version: 0.5.11
Build Release: 5.11
Branch: 0.151.0.1
Packaging Date: November 4, 2010 11:07:06 PM
Size: 122.41 kB
FMRI: pkg://solaris/developer/apptrace@0.5.11,5.11-0.171
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
ct:l
c c
0 :::J
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
Thi information.
s
slid The -r option retrieves the information data from the repositories of the image's configured
e publishers.
sho
ws
exa
mpl
es
of
sea
rchi
ng
for
a
pac
kag
e
(ap
ptr
ac
e)
and
dis
pla
yin
g
pac
kag
e
pkg Command Examples: install
oracle@s11x-desktop:-# pkg install -nv apptrace
Packages to install: 1
Create boot environment: No
Rebuild boot archive: No
Changed fmris:
None - >
pkg://solaris/developer/apptrace@0.5.11,5.110.171:20101104T230706Z
Services:
-
I.... None
0
"0
c oracle@s11x-desktop:-# pkg install apptrace
ct:l creating plan...
Q)
Packages to install: 1
(..)
create boot environment: No
ct:l
I....
DOWNLOAD PKGS FILES XFER (MB)
0 Completed 1/1 4/4 0.1/0.1
PHASE A CTIONS
Install Phas 19/19
PHASE ITEMS
Package state Update Phase 1/1
Image State Update Phase 2/2
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 3 - 21
Thi and a real package installation.
s
slid
e
sho
ws
exa
mpl
es
of
perf
orm
ing
a
pac
kag
e
(ap
ptr
ac
e)
inst
alla
tion
dry-
run
(-
nv)
-
I.... Verifying: PACKAGE STATUS
0 pkg://solaris/developer/apptrace OK
"0
c
ct:l oracles11x-desktop:-# pkg contents apptrace
Q)
PATH
(..)
ct:l usr
I....
usr/bin
0
usr/bin/apptrace
usr/lib
usr/lib/abi
usr/lib/abi/amd64
usr/lib/abi/amd64/apptrace.so.1
usr/lib/abi/apptrace.so.1
oracles11x-desktop:-#
"0
Q
... ... ORACLE'
) Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
.a
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
Thi status, and displaying the contents of a package.
s
slid
e
sho
ws
exa
mpl
es
of
listi
ng
an
inst
alle
d
pac
kag
e
(ap
ptr
ac
e),
veri
fyin
g
pac
kag
e
pkg Command Examples: uninstall
-
I....
0 PHASE ITEMS
"0
c Package State Update Phase 1/1
ct:l
Q)
Package Cache Update Phase 1/1
(..) Image State Update Phase 2/2
ct:l
I....
"0
Q
... ... Copyright
)
.. 2011,
..c Oracle
..c and/or its
0 affiliates.
I....
c.. All rights
c reserved.
0
:.;:::::;
::J
..c
........ This slide
rJ)
"0 shows an
I....
0
example of
c uninstalling a
0 package
:.;:::::;
(..)
::J (apptrace).
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
c
. C++
.._
\: ' """'\ - l
'
Total: 211 Selected: 0
1!1/1 Terminal Tennlnal l Package Manag
l .r .....-
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c The Package Manager provides most package and publisher operations and some boot
0
:o=; environment (BE) operations. If you are new to the 0racle Solaris 11 and IPS technologies,
::J
..0 use the Package Manager to quickly download and install packages.
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
Q)
'-
Managing Packages by Using a Web Browser
fij SolllX -O,.,sktop [Running] - Or.KlVM Virtua lBox = J i...a.i
Ma(;h i ne Dev ic Help
-
Packages
I....
0
package repository
"'0
c Iili
ro About
IC-ag
Publisher s ol aris
Q) This reposito ry serves a copy of the Oracle So laris 11 E xp res s 2010.11 Pac kage rep
Packages 394-1
ository
(.)
J [ S e ar c h J Advilnna
Last Up date d 00:04:3
0 L_
Surd
Browse Packages
"r"
I
Release and Branch [ 0 _ 5 .11- 0 .151.0 .1 : [ Brows e ]
0 Se lect a re lease from th e li s t ab ove to see all o f the packages availab le for
-
........
..c
0)
c
>. '
a.. " ,c:;.o '
,,
0 /!?Qf (l) i2)RJohtCtrl
0 -
_..
"'0
Q) ORACLE"
:t:
..0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
.
ec
a..
c c
0 0
........ c
..... ...
:::J :::J ro c
:9:.
I . ::J
... .... .
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
Transition to Oracle Solaris 11 3 - 25
Update Manager
IPS browser, you can search for and install packages, and view the contents of a package
allo manifest.
ws
you
to
acc
ess
the
pac
kag
e
rep
osit
ory
by
usi
ng
a
we
b
bro
wse
r.
Wit
ha
we
b
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
-
I....
I....
0 0
"0
c
c 0
ro :.;:::::;
(..)
Q)
(..)
ro ::J " 0 c.. Q)
I....
0 I.... e
-
"<""""
"0
Q)
N
"<""""
0 c
(\J 0
....c..
ro
..c
::J
0 c
> c :::J
>.
c..
0
0
"0
..) Q...
.
..c
..c
0
I....
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Another important feature of IPS is the Update Manager. Update Manager updates all installed
packages to the newest version allowed by the constraints imposed on the system by installed
packages and publisher configuration.
The Update Manager feature can be invoked in one of the three following ways:
In the Package Manager GUI, click the Updates button or select the Package> Updates
menu option.
Use pm-launch with the packagemanager sub-command:
$ /usr/lib/pm-launch packagemanager -update -all
Use the pkg CLI command:
# pkg update
If the system created a new boot environment (BE) for the update, you edit the default BE
name. Click the Restart Now button to restart your system immediately or the Restart Later
button to restart your system at a later time. You must restart to boot into the new BE. The new
BE will become your default boot environment. Your current BE will be available as an alternate
boot choice.
-
I....
"0
0 In Practice 3-4, you manage software packages by using:
c
ro - The pkg utility
Q)
(..)
ro
The Package Manager GUI
I....
0 - A web browser
"<""""
"<""""
-
.
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Practices 3-3 and 3-4: Overview
Introducing the Image Packaging System (IPS)
Configuring a Local IPS Repository
-
I....
0
Managing Software Packages by Using IPS
Publishing a Software Package in IPS
"0 c ro Managing Boot Environments
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
"0
I....
0
c
0
:.;:::::;
(..)
"0
I.... e
Q)
N
c
0
....c..
::J
ro
c
:::J
Practice 3-5: Overview
..c
0
>
c
>.
c..
0
0 ..Q...).
"0 ORACLE.
..c Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
0
I....
c..
c You can create several different types of IPS packages. The package is then published to the
0
:.;:::::; repository by using the pkgsend command. You must perform the steps shown in the slide to
::J
..c publish a package in IPS.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Publishing a Package in IPS
-
I....
0 - Create a software package
"0
c
ro - Publish the new software package
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
ORACLE.
..c Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
0
I....
c..
c In this practice, you work with the IPS package publishing feature. During this practice, you
0
:.;:::::; create a simple software package and deploy it by using IPS.
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Boot Environment (BE)
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
A boot environment (BE) is a boatable instance of an
Oracle Solaris 11 operating system image.
Multiple boot environments can be maintained on a
system.
..c
0
>c
>.
c..
0
0 ORACLE.
"0
..Q) ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
A image plus any other application software packages installed into that image.
boo
t System administrators can maintain multiple boot environments on their systems, and each
env boot environment can have different software versions installed.
iron With multiple boot environments, the process of updating software becomes a low-risk
me
nt operation because system administrators can create backup boot environments before
(BE making any software updates to their system. If needed, they have the option of booting a
) is backup boot environment.
a
boa Upon the initial installation of Oracle Solaris 11 onto a system, a boot environment is created.
tabl Use the beadm utility or the Package Manager to administer additional boot environments on
e your system.
inst
anc
e of
an
Ora
cle
Sol
aris
11
ope
rati
ng
sys
tem
The beadm Utility
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
The beadm utility enables you to perform the following tasks:
existing
bootThe beadm utility is the primary BE management tool. The beadm utility aggregates all
environm
datasets in a boot environment and performs actions on the entire boot environment at once.
ent You no longer need to perform ZFS commands to modify each dataset individually. It
manages the dataset structures within boot environments. For example, when the beadm
Create
bootutility clones a boot environment that has shared datasets, the utility automatically recognizes
and manages those shared datasets for the new boot environment.
environm
ent The beadm utility enables you to perform administrative tasks on your boot environments.
These tasks can be performed without upgrading your system. It automatically manages and
based
a updates the GRUB menu for x86 systems, or the boot menu for SPARC systems. For
example, when you use the beadm utility to create a new boot environment, that environment
snapshot
is automatically added to the GRUB menu or boot menu.
Create a new boot environment based on the active boot environment.
Create a new boot environment based on an inactive boot environment.
Create a snapshot of an existing boot environment.
Create a new boot environment based on an existing snapshot.
Create a new boot environment and add a custom title to the x86 GRUB menu or the
SPARC boot menu.
Activate an existing, inactive boot environment.
Mount a boot environment.
-
I....
Unmount a boot environment.
0
"0
Destroy a boot environment.
c
ct:l Destroy a snapshot of a boot environment.
Q)
(.)
Rename an existing, inactive boot environment.
ct:l
I....
Display information about your boot environment snapshots and datasets.
0
0
(\J
..c
The beadm Utility
I....
0
c
0
:.;:::::;
(.)
"0
I.... e
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
BE Active Mountpoint Space Policy Created
------- -------------
solaris NR I 3.82G static 2011-03-04 22:14
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
beadm Command Examples: list
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c This slide shows examples of creating a new boot environment and a clone.
0
.....c...
:..c ::J
ct:l
c
s :::J
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
The second command creates a snapshot of the new boot environment.
The third command creates a boot environment clone from a snapshot.
The
first
co
mm
and
cre
ate
sa
new
boo
t
env
iron
me
nt.
beadm Command Examples:
activate, rename, and destroy
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c This slide shows examples of activating, renaming, and destroying boot environments.
-
0
:..cs
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 3 - 37
:::J
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c This slide shows examples of mounting and unmounting inactive boot environments.
0
:..cs
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Package Manager BE Features
Manage Boot Environments f3
Delete,rename and activate boot environments
Active on Reboot oelete I
8
solaris-1 03/18/1114:13 69.00 kB 0 0
QK
!:!
epl
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c The Package Manager is a graphical user interface that enables you to install, update, and
0
:o=; manage packages on your installed system. If you use the Package Manager to update all the
::J
..0 packages on your system, a clone of the active boot environment is created. This clone
c
1i) enables you to, if necessary, boot into the boot environment state that existed before the
"0 update process vvas started.
'-
0 You can use the Package Manager to manage your boot environments as follovvs:
c
0
:o=; You can delete old and unused boot environments to make the disk space available.
()
::J You can change the default boot environment on your system.
"0
0 You can activate a boot environment.
'-
0.
Q)
'-
-
I....
0
"0
- Select boot environments
c
ro - Remove boot environments
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Summary
......
Plan for moving to IPS
Configure a local package repository
-
I....
0
"0
c Configure network client systems to use IPS
ro
Q) Search for software packages by using IPS
Install software packages by using IPS
(..)
ro
I....
0
-
"<""""
Remove software packages by using IPS
"<""""
0
(\J Update the OS image by using IPS
Publish a software package by using IPS
..c
0
> c Manage boot environments _,
>.
c..
0
0
"0
.
Objectives
"0
c
ro Describe an Oracle Solaris 11 Automated installation
Q)
(..)
Configure an AI server
ro
0 Configure an AI client \
I....
Install Oracle Solaris 11 by using
"<""""
- Compare a JumpStart OS installation to an AI OS
"<""""
0
(\J installation
..c
0
c
>
Convert a JumpStart configuration to an AI configuration
>.
c..
0
0 Describe the distribution constructor
"0 ORACLE.
..) Q...
. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
..c
0
I....
c..
c This lesson introduces you to the new Oracle Solaris 11 operating system installation
0
:.;:::::; methods. You explore both interactive and automated installations. Next, you compare and
::J
..c convert Oracle Solaris 10 JumpStart installation to Oracle Solaris 11 installation. The lesson
......
rJ) also shows you how to configure and work with automated installation features. Finally, you
"0 are introduced to the distribution constructor.
I....
0
-
"<""""
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Oracle Solaris 11 Installation Options
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0
..)Q.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..
..c
..c
0
I....
c..
c Oracle Solaris 11 can be installed in the following three ways:
0
:.;:::::; :::J
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
The Oracle Solaris 11 ISO images can be downloaded from
http://www. oracle .com/technetwo rklse rver -storage/solaris11/downloads.
x86- or SPARC-based systems. This method is used for systems that do not have a
graphic display. It contains software packages normally found in server environments.
Ora Oracle Solaris 11 LiveCD: You use the Oracle Solaris 11 LiveCD install for x86-based
cle
Sol systems. This method is used for systems that have a graphic display. It contains
ari software packages normally found in workstations and notebooks environments.
s Oracle Solaris 11 Automated installation:The Oracle Solaris 11 Automated
11 installation provides a "hands-free" network installation for multiple client systems,
Tex allowing administrators to create and manage customized installation profiles for
t different systems.
ins
tall
ati
on:
You
use
the
Ora
cle
Sol
aris
11
Tex
t
inst
alla
tion
for
All installation downloads are in an ISO image format that can be burned to a CD or a DVD, or
used directly within Oracle VM Server or other virtualization software.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Oracle Solaris 11 System Requirements
Hardware Requirement
Disk space Disk space: Recommended size is 7
GB. A minimum of 3GB is required.
Memory The minimum requirement is 512MB.
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
c This slide shows the hardware requirements needed for installing Oracle Solaris 11.
0
:..cs
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
Agenda
ro
(..)
Working with the Distribution Constructor
I....
0
"0
ORACLE.
..Q...).
K
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
"0
Q ORACLE.
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c When starting the Oracle Solaris 11 Text installer, you are provided with a menu of keyboard
2::J layouts as shown in this slide. The default is US English.
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
Q)
'-
Oracle Solaris 11 Text Installer
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE'
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c This screen provides language options. The default is English.
0
:..c
s
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Oracle Solaris 11 Text Installer
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE'
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
Transition to Oracle Solaris 11 4 - 10
Oracle Solaris 11 Text Installation: Disks
The and changing the terminal type. The default is "Install Oracle Solaris" (option 1).
inst
alla
tion
me
nu
pro
vid
es
you
with
opti
ons
suc
h
as
inst
allin
g
add
itio
nal
dev
ice
driv
ers
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c During the Oracle Solaris 11 Text installation, you must choose the disk on which to install the
0
:o=; OS.
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
Q)
'-
Oracle Solaris 11 Text Install: Users
Network
connection
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c You are required to assign a name to the install system. This is the netvvork hostname. Also,
0
:o=; you must decide how the installation system network is to be configured:
::J
..0
c Automatically: This option uses the Network Auto-Magic (NWAM) feature. NWAM is a
1i) daemon that takes care of the connection to the netvvork. As the name suggests, the
"0 netvvork connection should work auto-magically, which means that most of the time, you
'-
0 do not need to care about your connection.
c
0
:o=;
None: This option disables NWAM. When selecting this option, you must configure the
()
::J network manually.
"0
0
'-
0.
Q)
'-
Users
Define a root password for the s stem and user account for ourself.
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
Q)
c '-
0
:o=;
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
(/)
Q)
........
ro
tE
ro
(/)
:t:
-
I....
0
"'0
c
ro
Q)
(.)
0
"r"
-
"r"
0
N
@
........
..c
0)
c
>.
a..
0
0
"'0 ORACLE"
Q)
:t: Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..0
.
.
ec
a..
c c
..... ...
0 :::J ro c
........ ::J
:::J
:9:.
I .
.. .... .
.
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
Oracle Solaris 11 LiveCD: Device Driver Utility
The through the process of configuring the system for the OS installation. The LiveCD then installs
Ora a software payload that includes a full desktop operating environment. The LiveCD also
cle
Sol provides additional utilities, such as the Device Driver Utility and partition editor, to help
aris ensure successful installations.
11
Liv
eC
D
for
x86
pro
vid
es
a
GUI
-
bas
ed
inte
ract
ive
inst
alla
tion
that
ste
ps
:t:
-
I....
0
AppleCompulerlnc. Keylargo/lntrepidUSB
"'0
c lnteiCorporation82801FB/FBM/FIIJI'Wfl'RW(ICH6Family)U582EHCIContrc ehci
Q) StandardLPTprinterport
MkrosoftPS/2-styleMouse
(.)
0
"r"
"r"
=----- Q oco.w.. J
0
N
@
........
..c
0)
c
>.
a..
0
0
"'0 ORACLE"
Q)
:t: Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..0
.
.
ec
a..
c The Device Driver Utility helps you to detect whether Oracle Solaris 11 can be installed on
0
........ your x86 system. When started, it runs a quick device compatibility check on your system. If a
:::J
:9:. device driver problem is detected, it provides the tools for installing the appropriate device
I .
... .... .
.
driver packages from a file, web, or IPS repository.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
c
..... .
..
:::J
ro
c
::J
(/)
Q)
........
ro
tE
ro
(/)
:t:
-
I....
0
"'0
c
ro
Q)
(.)
0
"r"
-
"r"
0
N
@
........
..c
0)
c
>.
a..
0
0
"'0 ORACLE"
Q)
:t: Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..0
.
.
ec
a..
c c
..... ...
0 :::J ro c
........ ::J
:::J
:9:.
I .
.. .... .
.
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
The begin the OS installation. Note that GParted is usually used only if you are attempting to set
GP up a disk to boot multiple operating systems.
arte
d
Par
titio
n
Edit
or
allo
ws
you
to
cus
tom
ize
the
inst
alla
tion
disk
lay
out
bef
ore
you
Oracle Solaris 11 LiveCD Installer: Disk
a ...J Oracle Solarts Installer raem
ORACl..E
SOlAAI$
L J
Welcome Where should Oracle Solaris be Installed?
Disk
T1me Zone
locale
-
I.... Finish
outition the disk
0 ! The followlf'IQ partitiOn is proposed The emt1ng partitiOn table camotread.
"0 There must be one Solaris pattition. It wil be the target for tt'Ms installation.
c Partition l'IPe Size (GB) Avail
ct:l [Solaris2 16.0 [!) 16.0
Q)
Ur...: 0.0
(..)
ct:l 'u"""'
- J 0.0 0.0
I.... Unus< 0.0 0.0
0
"
8:)1!
e.(\ -
I QUI ]I l!elp
I \d\c;"(\'(\v:.., I! u I
"'
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates_ All rights reserved. ORACLE .
)
..
..c
..c
0
I....
c..
c An Oracle Solaris 11 LiveCD installer helps you choose the target installation disk or partition.
-
0
:;:::::;
::J
.a
........
rJ)
"0
I....
0
c
0
:;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Oracle Solaris 11 LiveCD Installer: Time Zone
ORACLE"
SOLARIS
oracle solarls Installer 913
Welcome
tE
Users
ro Installation
(/) Finish
:t:
-
I....
0
"'0
c
ro
Q)
(.)
0
"r"
Qate:
"r"
0 Iime: 1 24 Hou r ':J
N
@
........
..c r.fext
0)
c
>.
a..
0
0
"'0 ORACLE"
Q)
:t: Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..0
.
.
ec
a..
c 0
c
0 ..... ...
........ :::J ro c
:::J
::J
:9:.
I .
.. .... .
.
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
Transition to Oracle Solaris 11 4 - 18
The interface. Simply click the city nearest to your installation location.
Ora
cle
Sol
aris
11
Liv
eC
D
inst
alle
r
pro
vid
es
a
poi
nt-
and
-
clic
k
tim
e
zon
e
con
figu
rati
on
tE
.Your real name: Ecle
J
ro Users
J..og-in name: cle
J
(/)
:t: Inst allat ion yser password:
l!! J
l!!
-
0
I.... Fi n i s h Confirm password: j Re-enter to check for t yping errors.
Q)
(.) J
0
"r"
"r"
0
N
,('\(}''
@
........
..c
0) c
c ..... ...
>. :::J ro c
a.. ::J
0
0
"'0
Q)
:t:
..0
.
.
e
c
a..
c
0
........
:::J
:9:.
I .
... .... .
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
IQuit Copyright 2011, Oracle and/or its affiliates. All rights reserved.
II
I As we saw with the Text installer, in Oracle Solaris 11 root is configured by default as a role
I+ rather than a user. As with the Text installer, during system installation, the LiveCD installer
helps you set up the root password and initial user account. You use the initial user account to
log in to the system. After initial user login, a user with the appropriate privileges can
O
subsequently assume the role of root using su or perform administrative tasks after
R
A authentication using sudo or pfexec. Note that the root password will be the same as the
C user account password entered here.
L In addition to the initial user configuration, the Users dialog box allows you to set the
E hostname for your system. The network configuration method is automatically set to NWAM.
"
Practices 4-1 and 4-2: Overview
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Transition to Oracle Solaris 11 4 - 20
In system. _
the
se
pra
ctic
es,
you
perf
orm
inte
ract
ive
inst
alla
tion
s
of
the
Ora
cle
Sol
aris
11
ope
rati
ng
0
-
"<""""
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Oracle Solaris 11 Automated Installation
AI Server
Install Service
(/)
Q)
........
ro Manifests
tE
ro
(/)
:t:
00...0
- ( Boot Image )
I....
0
"'0
c
ro DHCP IPS
Q)
Server [ Install Service Repository
(.)
0
"r"
-
"r"
0
N
@
........
..c
0)
c
>.
a..
0
0 Automated Installations Over the Network
"'0 ORACLE"
Q)
:t:
..0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
.
ec
a..
c c
..... ...
0 :::J ro c
........
:::J ::J
:9:.
I .
... .... .
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
-
I....
0
How Automated Installation Works
-
IP address.and chooses matching course of action
I....
0 boot program service
"'0
c
ro Client contacts
'
Q)
(.)
Client gets boot installservice and
program and loads it gets installation User can examine
logs and reboot
0 manifest manually
"r"
"r"
0
N Automated installer
Client downloads
@ installs client from
........ boot archive and
IPS repository
..c loadskemel
0) specified in
c manifest and
>.
a..
0
0
"'0 ORACLE"
Q)
:t:
..0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
.
ec
a..
c "'0
Q)
0 N
........ c
:::J
0
:9:.
I .
c
..... ...
.. .... .
.
. :::J ro c
-"'0 ::J
I....
0
c
u
0
:::J
" '
0
e
a..
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
AI Environmental Requirements
To install service on an install server. AI uses DHCP to provide the IP address, subnet mask,
use router, DNS server, and the location of the install server to the client machine to be installed.
AI The DHCP server and AI install server can be the same machine or two different machines.
to
inst The client machines you want to install must be able to access an Oracle Solaris Image
all Packaging System (IPS) software package repository. The IPS package repository can be on
clie
the install server, on another server on the local network, or on the Internet. An AI install
nt
sys service is associated with a SPARC or x86 network boot image (net image), one or more
tem installation instruction files (AI manifests), and zero or more system configuration instruction
s files (SC profiles). The net image is not a complete installation. Client machines must access
ove an IPS package repository to complete their installations. The AI manifest specifies one or
r
the more IPS package repositories where the client retrieves the packages needed to complete
net the installation. The AI manifest also includes the names of additional packages to install and
wor information such as target device and partition information. You can also specify instructions
k, for configuring the client.
you
mu
st
set
up
DH
CP
and
als
o
an
AI
....c..
::J
ct:l
c
:::J
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
AI AI service, store the service in a standard directory.
doe If two client machines have different architectures or need to be installed with different
s
versions of the Oracle Solaris 11 OS, you create two AI install services and associate each
not
sup install service with a different net image. If two client machines need to be installed with the
port same version of the Oracle Solaris 11 OS but need to be installed differently in other ways,
stor you create two AI manifests for the AI install service. The different AI manifests can specify
ing different packages to install or a different slice as the install target. If client systems need to
the have different configurations applied, create multiple SC profiles for the install service. The
AI different system configuration (SC) profiles can specify different network or locale setup or
ser unique hostname and IP address.
vice AI stores the default manifest files in .. /auto_install/manifest. Custom manifests and
in a
profiles should never be stored inside the AI service directory structure.
ded
icat
ed
ZF
S
file
syst
em.
Wh
en
cre
atin
g
the
IPS Case: Using Default Manifest
AIService Components
L AI
from SeNioe
,_, installadm Package ) 'r
r+[ Client
I
'------
DHCP Server
Default Client
Direct Client to Install Server r,
Provisioning Manifest
'-- NW e'0'--
ORACLE'
Copyright 2011, Oracle and/or Hs affiliates.All rights reserved.
The minimum you have to do to use AI is create one install service. In this minimal scenario.
all clients have the same architecture and are installed with the same version ofthe Oracle
Solaris OS. The installations use the default AI manifest. which specifies the most recent
version of the OS available from the default IPS package repository on the Internet.
1. Make sure the install server has a static IP address and default route.
2. Install the installation tools package, install/installadm.
3. Run the installadm create- service command.
4. Make sure the clients can access a DHCP server.
5. Make sure the necessary information is available in the DHCP configuration to boot the
service.
6. Make sure the clients can access an IPS software package repository To use the
default IPS package repository, the clients must be able to access the Internet.
7. Network boot the client.
2. Because the install server has only one install service, the client uses that service if the
architecture matches.
3. Because the install service has only one AI manifest, the client uses that default AI
manifest, installing software packages from the IPS package repository over the network.
........
ro 4. When the client boots after installation, an interactive tool prompts for system
!i= configuration information because no system configuration profile is provided.
ro
1l
-
I....
0
"0 c ro
Q)
(..)
ro
I....
0
(\J
..c
0 >
c
>.
c..
0
0
"0
Q )
... ... ..
..c
I....
0
c
0
:.;:::::;
(..)
AIInstall Service
ORACLe
Copyright 2011, Oracle and/or Hs affiliates.All rights reserved.
To specify installation parameters such as a local IPS publisher. the target disk for installation.
partition or mirror configuration. or additional software packages to install. provide a
customized AI manifest. Perform the following steps before you boot the client. in addition to
the minimum required steps
1. Create a new AI manifest. or write a script that dynamically creates a custom AI
manifest at client installation time.
2. Run the installadm create-manifest command to add the new manifest or
script to the install service. Specify criteria for the client to select this manifest or script,
or use the - d option to make this manifest or script the default manifest specification for
this service.
2. Since the install server has only one install service, the client uses that service if the
architecture matches.
3. The client is directed to the correct provisioning manifest by criteria specified to create-
manifest. If no criteria match, the client uses the default manifest for this service.
4. The client is provisioned according to the selected manifest.
5. When the client boots after installation, an interactive tool prompts for system
configuration information because no system configuration profile is provided.
When you network boot the client, the following steps are performed:
1. The client gets the install server address from the DHCP server.
IPS Case: Using an SC Profile
-
( AI nstall Service
l -=: Client
Default Client
Provisioning Manifest
,..._
DHCP Server
Configuration Profile Direct Client to Install Server
-
ORACLe
Copyright 2011. Oracle and/or Hs affiliates.All rights reserved.
To specify system'configuration parameters such as time zone. user accounts. and networking,
provide a Service Management Facility (SMF) system configuration profile (SC profile)
Perform the following steps before you boot the client. in addition to the minimum required
steps
1. Create an SC profile using the sysconf ig create- profile utility
2. Run the installadm create- profile command to validate the profile. add the
profile to the install service. and specify criteria to select which clients should use this SC
profile
When you network boot the client. the following steps are performed
1. The client gets the install server address from the DHCP server.
2. Since the install server has only one install service. the client uses that service if the
architecture matches.
3. Since the install service has only one AI manifest. the client uses that default AI manifest.
installing software packages from the IPS package repository over the network.
4. The client is directed to the correct system configuration profile by criteria specified to
create-profile
5. The client is configured according to the selected configuration profile If no configuration
profile is selected because the criteria do not match. the interactive configuration tool
starts.
IPS Case: Multiple AI Services
AIService Components
--+l +
Client
from nstalladm Package
J
AIInstall Service for
Oracle Solaris 11 version m Client
l
AIInstall Service for
,
t -:>'0'-'
Oracle Solaris 11 version n DHCP Server
Direct Client to Install Server
): '
ORACLe
To install differentversions of the Oracle Solaris 11 OS. create additional AI install. Perform
the following steps before you boot the client. in addition to the minimum required steps
1. Run the installadm create- service command and specify a different net image
2. Run the installadm create-client command to direct the client to this new
install service.
3. Create custom manifests and SC profiles (if required) and associate them with the
appropriate AI service.
When you network boot the client. the following steps are performed
1. The client gets the install server address from the DHCP server.
2. The client is directed to this new install service by create-client.
3. The client is provisioned according to the default provisioning manifest for this service.
4. When the client boots after installation. an interactive tool prompts for system
configuration infonnation because no system configuration profile is provided
Configuring the AI Server
0
-
Administer install services by using the AI SMF service.
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ..Q...).
"0 ORACLE.
..c Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
0
I....
c..
c This slide provides an overview of the tasks you must perform when configuring your AI
0
:.;:::::; server.
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Transition to Oracle Solaris 11 4 - 33
Setting Up the AI Server
-
I.... installed
0
"0
- pkg install installadm
c
ro Create the AI service by using installadm create-
Q)
ro
(..) service:
I....
0 c
:::J
"0
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
installa -s /export/images/sol-11-exp-201011-ai-x86.iso \
dm -d /rpool/ai/x86 clients
create-
service Add AI clients by using installadm create-client:
-n installadm create-client -e 08:00:27:85:C7:D6 \
clients
\ -n x86 clients
-i
_
192.168. ORACLE.
0.100 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
-c
Setting up the AI server involves the four key tasks shown in the slide.
Note that create-service automatically enables the AI service in SMF.
Also note that create-client is needed only if more than one service for a particular
architecture (Spare or x86) is provided on the AI server. When there is only one, they will all
use that service by default and do not need to be specifically configured with create
client.
AI Manifests
Default manifest
'*
C l
Custom manifest
Criteria manifest
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
c AI manifests are XML files used to specify multiple sets of installation and system
0
:.;:::::; configuration instructions for each install service.
::J
..c AI has three types of manifests:
........
Cl)
Default manifest: A default manifest is an installation manifest that has no criteria
"0
I.... associated with it. The default manifest is used by clients when no other installation
0
c manifest's criteria match the client.
0
:.;:::::;
(..)
Custom manifest: To perform different installations on different clients by using the
::J same install image, you need to provide customized AI manifests for that install service.
" Clients that do not match the criteria specific to any custom manifest are installed using
0
e the instructions in the default manifest.
c..
Q)
I....
"0 Criteria manifest: The criteria manifest allows you to associate client-specific
installation instructions with AI services. When the client matches the criteria that have
c
o been specified for a criteria manifest, the client uses the associated manifest.
.....c...
::J
ro
c
:::J
Transition to Oracle Solaris 11 4 - 35
The default .xml File
- <logical>
I....
0
"0 <zpool name="rpool" is root="true">
c
ct:l <filesystem name="export" mountpoint="/export"/>
Q)
(..) <filesystem name="export/home"/>
ct:l
I.... <be name="solaris"/>
0 </zpool>
</logical>
</target>
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
ct:l
c c
0 :::J
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
The You can change the AI defaults by copying the default.xml file to a new file and editing the
de new file as desired. You can then apply the new manifest by using the installadm add
fa
ult manifest -f command, as in this example:
.x installadm create-manifest -f new manifest -n AI service name
ml
ma The <target> element is used to configure the disk drive used for the OS installation.
nife
st
file
pro
vid
es
a
gen
eric
con
figu
rati
on
app
lica
ble
to
mo
st
clie
nts.
The default .xml File
</publisher>
- </source>
I....
0
"0 <software data action= 11 install 11 >
c
ct:l <name>pkg:/entire</name>
Q)
(..) <name>pkg:/group/system/solaris-large-server</name>
ct:l
I.... </software_data>
0 </software>
</ai_instance>
</auto install>
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c This slide shows the IPS and packages sections of the default manifest file. The
0
:.;:::::; <software> element defines the location of the IPS origin and which software packages to
::J
..c install and uninstall. The entire package is recommended so that the system will be
........
rJ)
updated coherently when patching or upgrading in the future. The solaris-large- server
"0 package is suitable for a server installation.
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Transition to Oracle Solaris 11 4 - 37
The Criteria Manifest
..c
c
:::J
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
/ ORACLE.
export/mani Copyright 2011, Oracle and/or its affiliates. All rights reserved.
fests/crite
ria
The criteria manifest allows you to associate client-specific installation instructions with AI
x86.xml
services. When the client matches the criteria that have been specified for a criteria manifest,
the client uses that manifest.
An AI manifest is selected for a client according to the following algorithm:
If custom manifests are defined for this install service but the client does not match
criteria for any custom manifest, the client uses the default manifest.
If the client matches criteria that have been specified for a custom manifest, the client
uses the associated manifest.
mac
ipv4
platform
arch
cpu
mem
For example, if one criteria specification matches the client's MAC address and another
criteria specification matches the same client's IP address, the manifest associated with the
-
I....
0 MAC address criteria specification is used, because mac is higher priority for selection than
"0
c ipv4.
ct:l You use the installadm create-manifest command to add a criteria manifest to a service,
Q) as in this example:
(..)
ct:l pfexec installadm create-manifest -m
I....
0 /export/manifests/manifest_x86.xml -n sll-x86 \
-C /export/manifests/criteria_x86.xml
In this case, when a client meets the criteria identified in the criteria_x86.xml criteria file,
rJ)
"0
the manifest_x86.xml will be applied
I....
0
to that client.
c
0
:.;:::::;
(..)
"0
Q
... ... ::J " 0 c.. Q)
e
)
..
..c "0
I....
..c Q)
0 N
I....
c.. c
0
c .....c...
0 ::J
:.;:::::;
::J ct:l
..c c
:::J
........
-
<ai criteria manifest>
0
"'0 <ai criteria name="mac">
c
ro <Value>O:l4:4F:20:53:94</value>
Q) </ai_criteria>
u
r.. </ai_criteria_manifest>
_o ipv4 criteria manifest file:
0
<ai criteria manifest>
....-
....-- <ai_criteria name="ipv4">
0
N <Value>l92.168.0.114</value>
..c
</ai_criteria>
0)
</ai_criteria_manifest>
;::
>.
0..
0 ORACLE"
u
"'0 Copyright 2011, Oracle and/or its affiliates.All rights reserved.
Q)
..0
..c
0.._ This slide shows examples of arch, mac, and ipv4 criteria files.
0..
c
0
.._
0
c
0
u::J
"'0
0.._
0..
Q..
_)
"'0
Q)
N
;::
0
..c
+-'
::J
ro
c
::::>
System Configuration Profiles
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Transition to Oracle Solaris 11 4 - 41
sys SC Profile: Example
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
ORACLE.
con
fig The System configuration profiles (SC profiles) specify client system configuration as a set of
configuration parameters in the form of a Service Management Facility (SMF) profile. The SC
creprofile sets SMF properties for appropriate SMF services.
ateSC profiles are applied during the first boot of the system after AI installation. SMF services
responsible for particular configuration areas process SMF properties and configure the
- system accordingly.
proEach client can use any number of SC profiles. For example, a client might be assigned one
profile that provides only the hostname and IP address for that client. The same client and
filemany other clients might be assigned other profiles that set more broadly applicable property
values. If no SC profile is provided for a particular client, the interactive configuration tool is
utility
started on that client.
. The SC profiles can be created using the sysconfig create-profile utility or using a
text editor.
-
I....
value="$5$bypT4oRp$Dsy3JOFhJNBXqlxDtCJjlqk3k3ZHAg8cb98bPLs3ki9"/>
0 <propval type=astring name="type value=role"/>
"0 </property_group>
c <property_group type="application name="user_account">
ct:l
Q) <propval type=astring name="login" value="oracle1"/>
(..) <propval type=astring name="password"
ct:l
I.... value="$5$LuaMBnZg$m2YIULH2KoMJeTim2ahxm08rsKEmMQxYtKSKHMKwFr6"/>
0 <propval type=astring name="type value="normal"/>
<propval type=astring name="description" value="Oracle"/>
<propval type=count" name="gid" value="10"/>
<propval type=astring name="shell" value="/usr/bin/bash"/>
<propval type=astring name="roles" value="root"/>
<propval type=astring name="pro!iles value="System
Administrator"/>
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
The initial standard user and root role.
SC
prof
ile
is
use
d to
con
figu
re
clie
nt
syst
em
s.
Thi
s
slid
e
sho
ws
entr
ies
for
con
figu
ring
the
SC Profile: Example
I....
<propval type="astring name="sudoers value="ALL=(ALL) ALL"/>
0 </property_group>
</instance>
</service>
<service version="1" type="service name="system/timezone">
-
<instance enabled="true" name="de!ault">
<property_group type="application name="timezone">
<propval type="astring" name="localtime" value="US/Mountain"/>
</property_group>
</instance>
</service>
<service version="1" type="service name="system/identity">
<instance enabled="true" name="node">
<property_group type="application" name="con!ig">
<propval type="astring" name="nodename" value="sl1-client3"/>
</property_group>
</instance>
</service>
. ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
This slide shows the entries for setting up the time zone and node hostname.
I.. ORACLE'
. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
This slide shows entries for setting up the system keymap, terminal type, and network type.
<service version="l" type="service" name="network/install">
<instance enabled="true" name="default">
<property_group type="application" name="install ipv4_interface">
<propval type="astring name="address type value=static"/>
<propval type="net_address_v4" name="static_address"
value="l92.168.0.140/24"/>
<propval type="astring name="name value="net0/v4"/>
</property_group>
-
<property group type="application" name="install_ipv6 interface">
0 <propval type="astring" name="stateful" value="yes"/>
<propval type="astring name="stateless value="yes"/>
<propval type="astring" name="address_type" value="addrconf"/>
<propval type="astring" name="name value="net0/v6"/>
</property_group>
</instance>
</service>
<service version="l" type="service name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
c This slide shows entries for configuring an IP address and the name-service switch.
-
0
:..cs
<service version="1" type="service name="network/dns/client">
<property_group type="application" name="con!ig">
<property type="net_address name="nameserver">
<net address list>
<value_node value="192.168.0.100"/>
</net_address list>
</property>
<propval type=astring" name="domain value="mydomain.com"/>
-
0 <property type="astring name="search">
<astring list>
<value_node value="mydomain.com"/>
</astring_list>
</property>
</property_group>
<instance enabled="true" name="de!ault"/>
</service>
</service_bundle>
(
I....
c.. ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
-
Administering the AI SMF Service
-
Q)
ORACLE"
Copyright 2011, Oracle and/or its affiliates.All rights reserved.
This slide shows how to enable and disable the AI SMF service.
.
Copyright 2011, Oracle and/or its affiliates. All rights reserve
This slide begins a step-by-step walkthrough for configuring an AI service. This walkthrough
includes:
Creating the AI service
Adding a client to the AI service
Creating a custom manifest
Creating a criteria manifest
Adding manifests to the AI service
Creating an SC profile
Adding the profile to the AI service
Validating the SC profile
In this slide, you create a new AI service named custom_ai in the
/export/AI/custom_ai directory. The AI image used in this service is sol-11-dev-
171-ai-x86. iso (Oracle Solaris 11 Build 171). Next, you add client
08:00:27:85:C7:D8 to the custom ai AI service.
rootsll-servl:-# vi /var/tmp/manifests/custom_manifest.xml
<!DOCTYPE auto install SYSTEM
0 "file:///usr/share/install/ai.dtd">
<auto install>
<ai instance name="custom ai" auto reboot="true">
<target>
- <logical>
<zpool name="rpool" is_root="true">
<filesystem name="export" mountpoint="/export"/>
<filesystem name="export/home"/>
<be name="solaris"/>
</zpool>
</logical>
</target>
<software type="IPS">
<source>
<publisher name="solaris">
<origin name="http://sll-servl.mydomain.com"/>
</publisher>
</source>
..
Now that the custom_ai service exists, you create a custom manifest file named
custom-manifest.xml. Here, you set the image name to custom-ai. This results in a
manifest name (identifier) that is used to manage the manifest. Next, the target element
configures the client default boot disk using Oracle Solaris 11 standard conventions. Then,
you set the IPS publisher to a local origin (http://s11-serv1.mydomain.com).
<software data action="install">
<name>pkg:/entire</name>
-
<name>pkg:/group/system/solaris-large-server</name>
0 </software_data>
</software>
</ai_instance>
</auto install>
rootsll-servl:-# vi /var/tmp/manifests/criteria_custom_ai.xml
<ai criteria manifest>
<ai criteria name="mac">
<value>
OB:00:27:B5:C7:DB
</value>
</ai criteria>
</ai_criteria_manifest>
ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
I....
This slide continues the custom_mainfest edit. Here, you identify which software packages
:.
e are to be loaded on the client system from the IPS server.
After the custom manifest build is completed, you create a criteria manifest for the client
system. In this case, you use the client's MAC address as the criteria.
rootsll-servl:-# installadm add-manifest -n custom ai \
-f /var/tmp/manifests/custom_manifest.xml \
-C /var/tmp/manifests/criteria_custom_ai.xml
rootsll-servl:-# sysconfig create-profile \
- -o /var/tmp/manifests/client_profile.xml
I....
0
"0 rootsll-servl:-# installadm create-profile -n custom_ai \
c
ct:l -f /var/tmp/manifests/client_profile.xml -p client_profile \
Q) -C /var/tmp/manifests/criteria_custom_ai.xml
(..)
ct:l
I....
rootsll-servl:-# installadm validate -n custom ai \
0 -p client_profile
.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Now that the custom manifest and criteria manifest are built, you associate them with the
0
"<""""
-
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Task JumpStart AI
Set up an install Use the Use the installadm
server. setup_install serve create-service
-
r command. command.
This table in the slide compares the methods used to accomplish JumpStart tasks and AI
........
rJ)
:.;:::::;
tasks. -
ro
Comparing Rules Keywords
and Criteria Directives
- manifest.
I....
0
"0
c arch spare Command option: - c cpu=spare
ro Criteria file:
Q)
(..)
<ai_criteria name="cpu">
ro
I.... <value>sparc</value>
0 </ai_criteria> <_ l.
ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Q
... ...
)
..
..c
..c
0
I....
c..
c This table compares Oracle Solaris 10 JumpStart rules file keywords to Oracle Solaris 11 AI
0
:.;:::::;
::J
..c criteria file directives.
.
ro
Comparing Rules Keywords
and Criteria Directives
-
I....
0 <value>xx.xx.xx.xx</value>
"0
c </ai criteria>
ro
Q) network xx.xx.xx.xx Use ipv4 with a range.
(..) Command option: -c ipv4=xx.xx.xx.xx
ro
I....
yy.yy.yy.yy
0
Criteria file:
<ai_criteria name="ipv4">
<range>xx.xx.xx.xx yy.yy.yy.yy</range>
</ai_criteria>
I
Copyright 2011, Oracle
. and/or its affiliates. All
rights reserved
This table continues the comparison of Oracle Solaris 10 JumpStart rules file keywords to
.
Copyright 2011, Oracle and/or its affiliates. All rights reserved. OR
This table continues the comparison of Oracle Solaris 10 JumpStart rules file keywords to
.
Oracle Solaris 11 AI criteria file directives.
-
I....
0 <slice name="O" lS root="true" force="true"/>
"0
c </disk>
ro </target_device>
Q)
(..)
</target>
ro
I....
.
0 bootenv A boot environment is automatically created on
the Oracle Solaris OS.
<software_data action="install" type="IPS"> t."
cluster
<name>pkg:/entire</name>
SUNWCXall
<name>pkg:/group/system/solaris-desktop</name>
</software_data>
,.. - f
ro This table shows how to convert Oracle Solaris 10 JumpStart rules file keywords to Oracle
Solaris 11 AI manifest directives.
Conve rting a JumpStart Profile to an AI Manifest
-
<partition name="l"
0 part_type="SOLARIS">
</disk>
ro
Q) </target_device>
</target
ro
I....
ro
This table shows how to convert Oracle Solaris 10 JumpStart rules file keywords to Oracle
Solaris 11 AI manifest directives.
- <name>pkg:/entire</name>
<name>pkg:/babel install</name>
<name>pkg:/xxxxxx/123xyz</name>
</software_data>
I....
</software>
0 <software data action="uninstall"
package 123xyz delete
type="IPS">
<name>pkg:/xxxxxx/123xyz</name>
</software_data> .
Manifest files
.. You use the distribution constructor to build custom Oracle Solaris images. These images can
be used to install the Oracle Solaris software on individual systems, multiple systems, or
Virtual Machines (VMs) that run the Oracle Solaris 11 operating system. The distribution
constructor takes an XML manifest file as input and builds an ISO image or Virtual Machine
image that is based on the parameters specified in the manifest file.
Using the distribution constructor, you can build customized versions of the following types of
Oracle Solaris 11 images:
x86 or SPARC Oracle Solaris Text installer image
Oracle Solaris x86 LiveCD image
x86 or SPARC ISO image for Automated Installations
x86 Oracle Solaris Virtual Machine
The distribution constructor is distributed in the distribution-constructor package. The
distribution-constructor package contains the dis tro_cons t command-1 ine
utility for building custom Oracle Solaris images and Virtual Machine images. It also
contains default manifest files that are used to describe the various image types.
-
I....
installation of the Oracle Solaris
0 OS on SPARC machines
all_lang_slim_cd_x86.xml x86 LiveCD ISO image Used to create an ISO image
comparable to the Oracle Solaris
LiveCD
ai_sparc_image.xml SPARC AI ISO image Used to create a SPARC AI ISO
image for automated installations of
the Oracle Solaris OS to SPARC
clients
ai_x86_image.xml x86 AliSO image Used to create an x86 AliSO
image for automated installations of
the Oracle Solaris OS to x86
clients
vmc_image.xml x86 Virtual Machine Used to create a Virtual Machine
image
"
This table lists the default manifest files shipped with the distribution-constructor package.
After you install the distribution-constructor package, you can locate these manifest files in the
/usr /share/ distro_const/ image_ type directory.
The distribution-constructor package also contains additional "finalizer" scripts that can be
used to make installation customizations based on the type of image that you are building.
The manifest files point to the finalizer scripts, and the finalizer scripts transform the generic
image into a media-specific distribution. You can create your own finalizer scripts. If you do
create new scripts, edit the manifest files to point to these new scripts.
Note: See the Oracle Safaris 11 Distribution Constructor Guide for more information about
creating custom finalizer scripts.
Building an OS Image
Building an OS image can be done in one step by using the distro_const command
ro without options. You use the options provided in the distro_const command to stop and
restart the build process at various stages in the image-generation process, in order to check
and debug your selection of files, packages, and scripts for the image that is being built. This
process of stopping and restarting during the build process is called checkpointing.
Checkpointing supports the process of developing and debugging images. You can start
building an image, pause at any stage you want and examine the contents of the image, and
then resume building the image. Checkpointing is optional. The checkpointing feature is
enabled by default in the manifest file. A ZFS dataset, or a mount point that correlates to a
ZFS dataset, must be specified as the build area.
Checkpointing allows you to stop and resume at a specific checkpoint (step).
Example:
distro_const build -p step manifest
distro_const build -r step manifest
Alternatively, you can disable checkpointing in the manifest file by setting the
checkpoint_enable parameter to false.
Checkpointing should not be disabled, because it makes debugging problems very difficult.
-
(.
Describe an Oracle Solaris 11 Text installation
Describe an Oracle Solaris 11 Automated installation
Configure an AI server
..
.
Configure an AI client
Install Oracle Solaris 11 by using AI
Compare a JumpStart OS installation to an AI OS
installation
Convert a JumpStart configuration to an AI configuration
0
Describe the distribution constructor 0
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
ro In this lesson, you were presented with the Oracle Solaris 11 installation options. You were
shown how to install the operating system using the interactive options (text installer and
LiveCD) as well as automated installation. You then spent some time looking at how to
configure an AI server and client. You also had the opportunity to compare a JumpStart OS
installation to an AI OS installation and see how to perform the conversion. Finally, you were
introduced to the distribution constructor and shown how to build an OS image.
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
Oracle Solaris 11 Zones
BEFORE CONSOLIDATION
Host 1 Host3
100 Mbps 100Mbps 100Mbps
AFTER CONSOUDATION
SOLARIS
ZONE3
600Mb
PhysicalNIC Port
ORAC
Copyright 2011, Oracle and/or its affiliates.All rights reserved.
Oracle Solaris Zones is a built-in OS virtualization with a long and distinguished pedigree.
One of the most highly adopted, highly used, mature virtualization technologies, Oracle
SolarisZones was first introduced as a core part of Oracle Solaris 10. As of Oracle Solaris 11,
Oracle Solaris Zones becomes even more central to both the application and the end user.
Enhancements and new features include:
Integration into the new packaging system (IPS)
Support for Oracle Solaris 10 Zones
Integration with the new Oracle Solaris 11 network stack architecture
Improved observability
Increased control over administration
Tight integration with ZFS
New Zones Features
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0 This slide shows the new Oracle Solaris 11 Zones features.
I....
c..
c
0
:.;:::::;
::J :::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
Transition to Oracle Solaris 11 5 - 5
Boot Environments for Zones
Ora Solaris 11. They are meant to help maintainers of Solaris 10 systems consolidate their
cle production environments onto systems running Oracle Solaris 11. Workloads running within
Sol
aris Solaris 10 zones can take advantage of the performance improvements made to the Oracle
10 Solaris 11 kernel and use some of the innovative technologies available only on Oracle
Zo Solaris 11 (such as virtualized NICs). The Solaris 10 zones support x86 and SPARC Solaris
nes 10 10/09 (or later released Oracle Solaris 10 update) zones. Note that it is possible to use an
host
Sol earlier update release if you first install the kernel patch 141444-09 (SPARC) or 141445-09
aris (x86/x64), or later version.
10
(S1
0)
use
r
env
iron
me
nts
insi
de
zon
es
on
Ora
cle
Boot environments are integrated with Oracle Solaris Zones. Zone root file systems use Zone
Boot Environment (ZBE) datasets. When a new boot environment is created by cloning an
existing one, the base boot environment's zones are also cloned into the new boot
environment.
IPS Integration
Oracle Solaris Zones have been integrated with the new IPS package management tools in
Oracle Solaris 11. Zones require an active network connection for their creation and must be
manually updated (by using zoneadm attach -u) to stay in sync with the global zone.
Sparse root zones are not supported in Oracle Solaris 11.
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
ro
- Oracle Solaris 10 10/09 or later
Supported on sun4v, sun4u, and x86 architectures
Supports 32-bit and 64-bit applications
-
I....
0
"0
c
Virtual-to-virtual (V2V)
ro
Q) Physical-to-virtual (P2V)
(..)
ro 0
I....
0 "0
- ..Q...).
"<""""
"<""""
..c Supports
0
(\J
..c
0 only ZFS
I....
..c
c..
c
0 0
>c :.;:::::;
Limitations
>.
c..
0
Solaris 10 Zones
solarislO Branded Zones
Copyright
and/or
reserve
ORACLE.
::J
..c The Solaris 10 zone is a complete runtime environment for Oracle Solaris 10 applications on
...... SPARC and x86 machines running the Oracle Solaris 10 10/09 operating system or later. You
rJ)
"0
must install the s10 patch before you create the archive that will be used to install the zone.
I....
0
The Solaris 10 zones are supported on all sun4v, sun4u, and x86 architecture machines that
c the Oracle Solaris 11 release has defined as supported platforms. The brand supports the
0
:.;:::::; execution of 32-bit and 64-bit Oracle Solaris 10 applications. The brand includes the tools
(..)
::J required to install an Oracle Solaris 10 system image into a zone.
"
0
e You cannot install a Solaris 10 zone directly from Oracle Solaris 10 media. A physical-to
virtual (P2V) capability is used to directly migrate an existing system to a zone on a target
c.. system. The brand also supports the tools used to migrate an Oracle Solaris 10 zone to a
Q)
I....
"0
Solaris 10 zone. The virtual-to-virtual (V2V) process for migrating an Oracle Solaris 10 zone
Q)
N into a Solaris 10 zone supports the same archive formats as P2V. The solarislO brand
supports the whole root zone model. All of the required Oracle Solaris 10 software and any
c additional packages are installed into the private file systems of the zone.
0
....c
..
::J
ro
c
:::J
The zone must reside on its own ZFS dataset; only ZFS is supported. The ZFS dataset will be
created automatically when the zone is installed or attached. If a ZFS dataset cannot be
created, the zone will not install or attach. Note that the parent directory of the zone path must
also be a ZFS dataset or the file system creation will fail. Any script or program that executes
in an Oracle Solaris 10 zone should also work in a Solaris 10 zone.
A 1dev1sound device cannot be configured into the Solaris 10 zone.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
2. CreateMigrating
an archive ofSolaris 10 10
the Solaris Zones (V2V)
zone to be migrated.
3. Prepare the Oracle Solaris 11 target system.
4.
1. Migrate the
Assess Solaris 10. 10 zone to be migrated.
Solaris
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
> c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..) Q...
.
..c
..c
0
I....
c..
c There are four key tasks to migrating an Oracle Solaris 10 zone to Oracle Solaris 11:
0
:..c 1. Assess the Solaris 10 zone to be migrated. An existing Oracle Solaris 10 10/09 system
(or later released Solaris 10 update) can be directly migrated into a Solaris 10 zone on
s an Oracle Solaris 11 system. Depending on the services performed by the original
...... system, you might need to manually customize the zone after it has been installed. For
rJ)
"0
example, the privileges assigned to the zone might need to be modified or the network
I.... interface is different. It is critical that you examine the source system and collect the
0
c following information:
0
:.;:::::;
(..)
Hostname Host
::J
ID Domain
"
0
e name
c.. Root password
Q)
I....
Running applications
"0
Q)
N Networking
c
0
....c.
.
::J
ro
c
:::J
Storage
Zone configuration
2. Create an archive of the Solaris 10 zone to be migrated. You have a variety of methods
available for creating the archive. The installer can accept the following archive formats:
flar image
epic archives
gzip compressed epic archives
bzip2 compressed epic archives
pax archives created with the -x xustar (XUSTAR) format
-
I....
ufsdump level zero (full) backups
0
"0
After you have created an archive, you must provide a method (such as NFS) of
c transporting it to the target system.
ct:l
Q) 3. Prepare the Oracle Solaris 11 target system. Before you can migrate the Solaris 10
(..)
ct:l
I....
zone, you must first prepare the target system. This normally involves:
0 Configuring the client side of the image transport
Installing the SUNWs1Obrand packag
Configuring the Solaris 10 zone
4. Migrate the Solaris 10 zone. After performing the previous task, use the zoneadm at
tach subcommand to migrate the Solaris 10 zone. Finally, after completing the
migration, you can perform the post-migration configuration based on the information
that you gathered when assessing the source system.
I....
0
c
0
:.;:::::;
(..)
::J
ec...
"0
Q)
I....
"0
Q)
N
c
0
....c..
::J
ct:l
c
:::J
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c ....c..
0 ::J
: ro
..c
c
:::J
s
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
2. Create an archive of the global zone to be migrated. You have a variety of methods
available for creating the archive. The installer can accept the following archive formats:
flar image
The 1. Assess the global zone to be migrated. An existing Oracle Solaris 10 10/09 system (or
re later released Solaris 10 update) can be directly migrated into a Solaris 10 zone on an
are
four Oracle Solaris 11 system. Depending on the services performed by the original system,
key you might need to manually customize the zone after it has been installed. For example,
task the privileges assigned to the zone might need to be modified or the network interface is
s to different. It is critical that you examine the source system and collect the following
mig information:
rati
ng Hostname
an Host ID
Ora
cle Domain name
Sol Root password
aris
10 Running applications
glo Networking
bal
zon Storage
e to
Ora
cle
Sol
aris
11:
cpio archives
gzip compressed cpio
archives bzip2 compressed
cpio archives
pax archives created with the -x xustar (XUSTAR)
format ufsdump level zero (full) backups
-
I...
After you have created an archive, you must provide a method (such as NFS) of
.
0 transporting it to the target system.
"0
c 3. Prepare the Oracle Solaris 11 target system. Before you can migrate the global
ct:l zone, you must first prepare the target system. This normally involves:
Q)
(..)
ct:l
Configuring the client side of the image
I....
I
.
.
.
.
0
c
0
:
.
;
:
:
:
:
:
;
(
.
.
)
:
:
J
"
e
0
c
.
.
Q
)
I
.
.
.
.
"
0
Q
)
c
0
.
.
.
.
.
c
2. Create an archive of the global zone to be migrated. You have a variety of methods
available for creating the archive. The installer can accept the following archive formats:
flar image
.
.
.
:
:
J
c
t
:
l
c
:
:
:
J
Agenda
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
by Using the Automated Installer (AI)
AI supports non-global zone installation.
AI manifest
The configuration element
The zone's self-assembly SMF service
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE'
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
.. ...,
..c
..c
0
Configuring Non-Global Zones by Using AI
I....
c..
c
0
:.;:::::;
::J
..c c
:::J
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Ora
cle Non-global zones are installed and configured on the first reboot after the global zone is
Sol installed. When a system is installed by using AI, non-global zones can be installed on that
aris system by using the configuration element in the AI manifest.
11
sup When the system first boots after the global zone installation, the zone's self-assembly SMF
port service (svc: I system/ zones- install: default) configures and installs each non
s global zone defined in the global zone AI manifest.
non
-
glo
bal
zon
e
inst
alla
tion
by
usi
ng
the
Aut
om
ate
d
Inst
alle
r
(AI)
.
</soft ware>
<configuration type= 11 zone 11 name="zone5" source="http://sll
ss.mydomain.com/zone configs/zone5.cfg11 />
</ai_instance>
-
I....
</auto install>
0
"0
c
ct:l
Q)
(..)
ct:l
I....
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Specifying a Non-Global Zone in the AI Manifest
Thi highlighted. You use the configuration element in the AI manifest for the client system to
s specify non-global zones. Use the name attribute of the configuration element to specify
exa
mpl the name of the zone. Use the source attribute to specify the location of the configuration file
e for the zone. The zone configuration file must be in zonec fg export format. AI copies this
sho configuration file onto the installed client system to be used to configure the zone. The source
ws location can be any http:// or file:// location that the client can access during installation.
an
exc
erpt
fro
m
an
AI
ma
nife
st
file.
The
co
nfi
gu
rat
io
n
ele
me
nt
is
Adding a Non-Global Zone Manifest and Profile
-
I....
0
"0 custom ai 08:00:27:8S:C7:D9 i386 /export/ai/custom_ai
c
ct:l
Q)
(..) Manifest Status Criteria
ct:l
I....
Profile Criteria
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c ct:l
0
c
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
Thi AI service named custom ai.
s
slid
e
sho
ws
an
exa
mpl
e
of
add
ing
a
non
-
glo
bal
zon
e
ma
nife
st
and
a
prof
ile
to
an
exi
stin
g
Agenda
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Transition to Oracle Solaris 11 5 - 18
Monitoring Zone Resource Consumption
c The zones tat utility reports on the CPU, memory, and resource control utilization of the
0
:.;:::::; currently running zones. Each zone's utilization is reported as a percentage of both system
::J
..c resources and the zone's configured limits.
........
rJ) The zones tat utility prints a series of reports at specified intervals. It can print one or more
"0 summary reports. When run from within a zone, only processor sets visible to that zone are
I....
0 reported. The zone output will include all of the memory resources and the limits resource.
c
0 The zones tat service in the global zone must be online to use the zones tat service in
:.;:::::;
(..)
::J the zone. The zones tat service in each zone reads system configuration and utilization
" data from the zones tat service in the global zone. The zonestatd system daemon is
0
e started during system boot. The daemon monitors the utilization of system resources by zones
c.. as well as zone and system configuration information, such as psrset processor sets, pool
Q)
I.... processor sets, and resource control settings. There are no configurable components.
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
Monitoring Zone Memory Consumption
- [total]
I....
0 631M 82.2%
"0 [system] 215M 28.1%
c global 14.9M 1.94%
ct:l
Q) zone1 123M 15.8%
(..) zone2 137M 18.3%
ct:l
I....
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 5 - 20
In shows a summary of utilization every five seconds.
the
slid
e
you
see
a
zo
nes
ta
t
utili
ty
rep
ort
on
zon
e
me
mor
y
con
su
mpt
ion.
Thi
s
exa
mpl
e
-
11.0%
I....
0 [system] 0.03 3.11%
"0 Global 0.06 6.01%
c zone1 0.01 1.11%
ct:l
Q) zone2 0.00 0.82%
(..)
ct:l
I....
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
ct:l
c c
0 :::J
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
In This example shows a report on the default processor set (pset) once a second for one
the minute.
slid
e
you
see
a
zo
ne
s
ta
t
utili
ty
rep
ort
on
zon
e
CP
U
(pr
oce
sso
r
set
s)
con
su
mp
tion
.
Total and High Zone Resource Consumption
-
----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
I.... ZONE USED \PART \CAP \SHRU USED PCT \CAP USED PCT \CAP
0 [total) 0.05 5.14\ - 635M 82.8% 882M 44.0%
"0 [systQID) 0.02 2.28% - 213M 27.8% 324M 16.2%
c -
,0s
global 0.02 2.31\ 15.1M 1.97% 355M 17.7%
ct:l zonel 0.00 0.47% - 122M 15.9% 194M 9.20%
Q) zone2 0.00 0.06% - 0 0.00% 17.6M 0.99% II
(..)
ct:l Report: High Usage
I....
Start: Sat Apr 2 11:24:35 MDT 2011
0 End: Sat Apr 2 11:25:35 MDT 2011
Intervals: 6. Duration:
0:01:00
SUMMARY Cpus/Online: 1/1 Physical: 767M Virtual: 2000M
----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
ZONE USED \PART \CAP \SHRU
[total) 0.06 6.53% - USED
636M
PCT
92.9%
\CAP USED
982M
PCT
44.1\
\CAP
[system) 0.02 2.42% - 213M 27.9% 325M 16.2%
global 0.03 3.64%- 15.1M 1.97% 355M 17.7%
zonel 0.00 0.67% - 122M 15.9% 194M 9.20%
zone2 0.00 0.09% - 0 0.00% 17.6M 0.99%
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
-
0
I.... :.;:::::;
0 (..)
"0
c
ro ::J " 0 c.. Q)
Q)
(..)
"0
I.... e
ro
I.... Q)
N
0 c
0
.....c...
::J
ro
c
:::J
"0
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
Transition to Oracle Solaris 11 5 - 23
Total and High Zone Resource Consumption
sers.
D The auth property
e login (solaris.zone.login)
l manage (solaris.zone.manage)
e
clone (solaris.zone.clonefrom)
g
a The admin zone property
t zonecfg:zonel> add admin
e
zonecfg:zonel:admin> set user=oracle
z zonecfg:zonel:admin> set auths=login,manage
o
zonecfg:zonel:admin> e
n
e
s
a ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
d
m
i With Oracle Solaris 11, you can delegate common zone administration tasks for specific
n zones to different administrators by using Role-Based Access Control (RBAC). With
i delegated administration, for each zone, a user or set of users may be identified with the
s permissions to log in, manage, or clone that zone. These specific authorizations associated
t with the auth property are interpreted by the appropriate commands running in the global
r zone to allow access at the correct authorization level to the correct user.
a The admin zone property defines the username and the authorizations for that user for a
ti given zone (as shown in the example in the slide).
o
n
t
o
d
if
f
e
r
e
n
t
u
..c l
0
> c
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
>.
c..
0
0 ORACLE.
"0
..) Q...
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Summary
In also shown the tasks involved in migrating Oracle Solaris 10 zones to Oracle Solaris 11. You
this learned that non-global zones can be installed by using the AI service. Finally, you learned
les how to monitor zone resource consumption and delegate zone administration.
son
,
you
wer
e
pre
sen
ted
wit
h
the
ne
w
Ora
cle
Sol
aris
11
zon
es
feat
ure
s.
You
wer
e
Migrating Oracle Solaris 10 zones to Oracle Solaris 11
(V2V)
Migrating Oracle Solaris 10 global zones to Oracle Solaris
-
I....
0 11 (P2V)
"0
c
ro Monitoring zone resource utilization
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
Practice 5 Overview: Migrating
......
"0
rJ) Oracle Solaris 10 Zones to Oracle Solaris 11
I....
0
c This practice covers the following topics:
0
:.;:::::;
(..)
"0
I.... e
Q)
N
c
0
....c..
::J
ro
c
:::J
Practice Environment
q Orade VM VirtuaiBor Manager
File Md1ne Help
-
SollO- erl
-
Host )rtver:
W1ndowsec:tsoJld
0
I.... SolllX-Seoverl Controler: ICH C97
@Powered Off
"0
c e
SolllX-[}esj[top
R""""9' Adapter 1: :ntel P'l.0/1000 MTOesktop (Internal netwo<k, 'intnet')
ct:l
Q) ty uSB
(..)
ct:l
0
I....
a Shared Folders
Shared Folders:I
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
0
c
0 .....c...
:.;:::::; ::J
::J ct:l
..c c
........ :::J
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
Transition to Oracle Solaris 11 5 - 26
Re "Installing the Oracle Solaris 11 Operating System" that your practice environment is based
call on the Oracle VM VirtualBox virtualization software_
fro
m The following four virtual machines (VMs) play an important role in this lesson's practice:
the Soi11X-SuperServer: This VM provides network services such as DNS and NFS used
les
son by the VMs in the practice.
s Soi11X -Server1: This is the IPS server used to install the SUNWs1Obrand package_
title
d Sol10- Server1: This is the source system for the zone migration practice_
"Ma Soi11X- Desktop: This is the target system for the zone migration practice.
nag
ing
Sof
twa
re
Pac
kag
es
in
Ora
cle
Sol
aris
11"
and
Objectives
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...). ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Agenda
..c
0
>c
>.
c..
0
0 ORACLE.
"0
..Q) ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Transition to Oracle Solaris 11 6 - 29
Objectives
Thi You will learn how to set up and manage NWAM, configure a virtual network, configure a
s network bridge, and configure network link aggregation.
les
son
intr
odu
ces
you
to
the
ne
w
Ora
cle
Sol
aris
11
net
wor
k
feat
ure
s
and
enh
anc
em
ent
s.
New and Enhanced Network Utilities
Configuring Network Virtualization
-
I...
.
0
"0
Configuring Network Bridges
c
ro
Q
New Network Monitoring Utilities
)
(..)
ro
I...
.
0
-
"<"""
"
"<"""
"
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Transition to Oracle Solaris 11 6 - 2
Agenda
.
.
.
.
.
.r
J
)
"
0
I
.
.
.
.
0
c
0
:
.
;
:
:
:
:
:
;
(
.
.
)
:
:
J
"
e
0
c
.
.
Q
)
I
.
.
.
.
"
0
Q
)
c
0
.
.
.
.
c
Transition to Oracle Solaris 11 6 - 31
Objectives
.
.
:
ro
:
J
c
:
:
:
J
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0
..)Q.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Transition to Oracle Solaris 11 6 -
33
Introducing Oracle Solaris 11 Network
Enhancements
The and interoperability of network interfaces and features. A new GLDv3 network driver
net framework has been added to provide support for Virtual LANs (VLANs), bridging, and link
wor
kin aggregation. The GLDv3 framework also provides the ability to support MAC layers other than
g Ethernet.
sta Here are the key network enhancements:
ck
has Network management and observability: Oracle Solaris 11 adds a variety of robust
bee new network utilities. For network management, the ipadm utility command provides a
n set of subcommands that can be used to manage interfaces (interface creation and
red deletion, modifying interface properties, and displaying interface configuration), manage
esi
gne addresses (address creation and deletion, modifying address properties, and displaying
d address configuration), and manage TCPIIP protocol properties (modifying and
to displaying them). For network observability, the new wireshark and dlstat utilities
unif have been added. wireshark is a powerful network protocol analyzer that allows you
y,
to capture and interactively browse the traffic running on a computer network. By using
sim
plify dlstat, you can generate reports containing runtime statistics about the network data
, links.
and
enh
anc
e
the
obs
erv
abil
ity
networks depending on their network conditions and profiles (that is, whether the
users are connected through an Ethernet cable or connected wirelessly). NWAM is
the default behavior on all installations of Oracle Solaris 11.
Network virtualization: Network virtualization takes server virtualization to the
next level with the ability to virtualize entire network topologies of servers, routers,
switches, and firewalls, all running on a single platform and requiring no additional
investment in networking hardware. Using the basic building blocks of Virtual
Network Interface Controllers (VNICs), virtual switches and interconnects, Virtual
LANs (VLANs), and routing and firewall functionality, network virtualization can be
bridging support has been added to Oracle Solaris 11 by using the Spanning
0 Tree Protocol (STP, IEEE 802.1D-1998) and TRILL protocol. (\
0
e The IPMP interface can be assigned a customized name to identify the IPMP
c.. group more easily within your network setup.
Q)
I....
"0
Q)
N
c
0
.....c
...
::J
ct:l
c
:::J
-
I....
"0
0
Configuring Network Bridges
c
ro New Network Monitoring Utilities
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Network Auto-Magic (NWAM)
..c
0
Network Configuration Units (NCUs)
>c
External Network Modifiers (ENMs)
>.
c.. Known WLANs
0
0
"0 ORACLE.
..) Q... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
The automatically addressing basic Ethernet and Wi-Fi configurations, such as connecting to your
Net wired or wireless network at startup and displaying notifications about the status of your
wor
k currently active network connection from the desktop. With its primary focus on mobility,
Aut NWAM is capable of dynamically changing a system's configuration in response to different
o- network events or at a user's request.
Ma
gic You use NWAM to set up user-defined profiles that enable you to connect to networks in a
(N variety of settings, such as in the office, at home, or at your local coffee shop. NWAM is an
WA essential tool if you have a laptop and system that require frequent changes in network
M) environments.
feat
ure NWAM automatically manages network configuration by storing information in the form of
sim profiles on the system. NWAM then determines which profile should be activated, depending
plifi on current network conditions (that is, whether a system is connected through a wired
es Ethernet cable or a wireless connection on a laptop), and subsequently activates that profile.
bas
ic The use of profiles is a primary component of NWAM.
net
wor
k
con
figu
rati
on
by
profiles.
The profile and configuration object types are:
Network Configuration Profiles (NCPs): An NCP specifies the configuration of
network links and interfaces. This profile is one of the primary profile types that compose
the NWAM configuration. The second primary profile type is the Location profile. The
default NCPs are Automatic, No Net, and Automatic Location. These are created by the
system.
Location Profile: The Location profile specifies the systemwide network configuration.
The name services, domain, the IP Filter, and IPsec configuration are examples. The
-
I....
0 information consists of a set of properties that defines the systemwide network
"0
c configuration. There are both system-defined and user-defined locations.
ct:l
Q) Network Configuration Units (NCUs): NCUs are the individual configuration objects
(..)
ct:l (or profiles) that contain all of the properties that make up an NCP. The NCP is
0
I....
essentially a container that stores the NCUs that define it. Each NCU correlates to an
individual link or interface in the system.
External Network Modifiers (ENMs): ENMs are profiles that are used to manage
applications that are external to NWAM, such as a VPN application. These applications
can modify and create a network configuration. The nwamd daemon activates or
deactivates an ENM, depending on the conditions that are specified as part of the ENM.
Known Wireless Local Area Networks (WLANs): Known WLANs are configuration
objects that NWAM uses to monitor and store information about wireless networks that
"0
are known to your system. NWAM maintains a list of all such wireless networks and then
Q
... ...
)
refers to this list to determine the order in which connections to available wireless
.. networks are attempted.
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
How NWAM Works
- configured
I....
0
"0
c 3. Checks the conditions of the Location profiles
ro
Q) 4. Activates
engine the Location profile that is specified by the policy
(..)
ro
I.... 5. Configures the network, or networks, accordingly
0
-
"<""""
"<"""" c
0 :::J
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
1. As an event handler, nwamd detects each event as it
occurs.
W 2. As a profile daemon, nwamd consults the active profile.
h 3. Depending on the change, nwamd might reconfigure the
e network, or networks, accordingly.
n ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
a '
n
At all times, one NCP and one Location profile must be active on the system. During a system
boot, the profile daemon (nwamd) performs the first set of steps presented in the slide.
e
When an event triggers a change in the network configuration, the NWAM daemon (nwamd)
v functions in various roles and performs the operations presented in the second set of steps
e presented in the slide.
n The following are some of the event triggers:
t Connecting or disconnecting an Ethernet cable
t Connecting or disconnecting a WLAN card
r Booting a system when a wired interface, a wireless interface, or both are available
i
Resuming from suspend when a wired interface, a wireless interface, or both are
g available (if supported)
g Acquiring or losing a DHCP lease
e
r
s
c
h
a
n
g
e
:
Interaction with Other
Oracle Solaris Technologies
IP Multipathing (IPMP)
Virtualization
Oracle VM Server for SPARC
VirtualBox
-
I....
0
"0
Solaris zones
c
ro Virtual networks
Q)
(..)
ro Bridging
I....
..c
0
> c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..) Q...
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Service Management Facility (SMF): At any given time, either the
network/physical:default service or the network/physical:nwam service
Co IP Multipathing (IPMP): Before configuring your network by using IPMP, you must
nsi disable the network/physical:nwam SMF service.
der
the Oracle VM Server for SPARC and VirtualBox: NWAM is supported in both Oracle
foll Solaris hosts and guests. NWAM manages only the interfaces that belong to the
owi specified virtual machines and does not interfere with other virtual machines.
ng
wh Solaris zones: NWAM works in global zones or in an exclusive stack non-global zone.
en NWAM does not work in a shared stack non-global zone.
usi Virtual networks: NWAM currently does not manage VNICs and etherstubs.
ng
NW Bridging:NWAM implementation does not actively support network configurations that
AM use the bridging technology. You do not need to disable the
with network/physical:nwam service before using this technology on your system.
oth
er
Ora
cle
Sol
aris
tec
hno
logi
es:
must be enabled on your system. If the network/physical:default service is
enabled, the traditional network configuration is used. If the
network/physical:nwam service is enabled, the traditional configuration files are
ignored, and NWAM manages the network configuration according to the policy that is
specified by the profiles that are enabled on the system.
Networking utilities: When the network/physical:nwam service is enabled, you
can still use command-line networking utilities (such as dlstat, dladm, and
ipadm) to monitor the components of your current network configuration.
-
I....
0
"
0
c
c
t
:
l
Q
)
(
.
)
c
t
:
l
I
.
.
.
.
0
(
\
J
.
.
c
0
c
>
>
.
c
.
.
0
0
"
0
..Q
...)
.
.
.
c
I
.
.
.
.
0
c
0
:.;:
:::
:;
(
.
)
::
J
"
e
0
c.
.
Q)
I
.
.
.
.
"
0
Q
)
c
0
...
.
c
..
:
:
J
c
t
Service Management Facility (SMF): At any given time, either the
network/physical:default service or the network/physical:nwam service
:
l
c
:
:
:
J
The netcfg Command
netcfg Description
Subcommand
Create Create an in-memory profile of specific type.
Walkprop Walk each property associated with the current profile. For each property, the name
and current value are displayed, and a prompt is given to allow the user to change
the current value.
-
I....
0 set prop-name=valuel Set the current (in-memory) value of the specified property. If performed in
"0 noninteractive mode, the change is also committed to persistent storage.
c
ro List List all profiles, property-value pairs, and resources that exist at the current or
Q) specified scope.
(..)
ro
I....
verify Verify that the current in-memory object has a valid configuration.
0 commit '- -
Commit the current in-memory profile to persistent storage
y
end End the current profile specification, and pop up to the next higher scope.
exit Exit the netcfg session. The current profile is verified and committed before
ending.
destroy Remove all of the specified profile from memory and persistent storage.
"0 ORACLE.
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved
)
..
..c
..c
0
I....
c..
c The netcfg command is used to create and modify NWAM profiles. Using the netcfg
0
:.;:::::; command, you can perform the following tasks:
::J
..c Create or destroy a user-defined profile.
........
rJ)
Open an existing profile for viewing and/or editing.
"0
I....
0 List all of the profiles that exist on a system and their property values.
c List all of the property values and resources for a specified profile.
0
:.;:::::;
(..) Display each property that is associated with a profile.
::J
" Set or modify one or all of the properties of a specified profile.
0
e Export the current configuration for a user-defined profile to standard output or a file.
c.. Delete any changes that were made to a profile and revert to the previous configuration
Q)
I....
for that profile.
"0
Q)
N
c
o Verify that a profile has a valid configuration.
..c
:5 This slide shows the netc fg subcommands.
ro
c
:::J
Transition to Oracle Solaris 11 6 - 12
The netadm Command
netadm
Description
Subcommand
enable Enable the specified profile. If the profile name is not unique, the profile type must
be specified to identify the profile to be enabled.
disable Disable the specified profile. If the profile name is not unique, the profile type must
be specified to identify the profile to be disabled.
-
I....
0 list List all available profiles and their current state. If a specific profile is specified by
"0 name, list only the current state of that profile.
c
ro show-events Listen for stream of events from the NWAM daemon and display them.
.\
Q)
(..)
ro
I....
scan-wifi Initiate a wireless scan on link linkname.
0 select-wifi Select a wireless network to connectto from scan results on link linkname. Prompts
for selection, Wi-Fi key, and so forth, if necessary.
help Display a usage message with short descriptions for each subcommand.
"0
ORACLE.
Q
... .... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
.
..c
..c
0
I....
c..
c The netadm command is used to administer NWAM profiles and interact with the NWAM
0
:.;:::::; daemon.
::J
..c
c The subcommands supported by the netadm command are shown in this slide .
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
e
0
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
c
:::J
Configuring NWAM
Enable NWAM.
# svcadm disable network/physical:default
# svcadm enable network/physical:nwam
View current NWAM NCPs, NCUs, and locations.
- # netadm list
I...
0
"0
c Create an NCP and NCU.
ro
Q)
(..) # netcfg
ro
I...
"0
ORACLE.
..Q...).
..c Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
0
I...
c..
c Here are the tasks involved in configuring NWAM:
0
:.;:::::;
::J
Enable NWAM: The NWAM service must be enabled before you can configure it. If the
..c NWAM service is not currently enabled, first disable standard network configuration, and
......
rJ) then enable NWAM.
"0
I...
Example:
0
c # svcadm disable network/physical:default
0 # svcadm enable network/physical:nwam
:.;:::::;
(..)
::J View current NWAM profiles: You can display information on the NCP, NCU, and
"
0
e location profiles currently configured on the system.
# netadm list
c..
Q)
I...
Create an NCP and NCU: Using the netadm utility, you can create custom NCPs.
"0
Q)
NCPs have associated NCUs, which describe the network interface configuration.
N
# netcfg
c netcfg> create ncp oracle_profile
0
....c netcfg:ncp:oracle_profile> create ncu phys netO
..
::J
ro
c
:::J
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
In this practice, you configure and manage NWAM.
During this practice, you:
- Enable NWAM
- Create and deploy an NWAM profile
-
I....
"0
0
- Disable NWAM
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Agenda
-
I....
"0
0
Configuring Network Bridges
c
ro New Network Monitoring Utilities
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
The ipadm command has been introduced to eventually replace the i fconfig command for
interface configuration. The command also replaces the ndd command to configure protocol
enabl e -if , disable -if Enable or disable the given interface by reading the configuration from the
persistent store.
set-ifprop, reset -if prop, set- i fprop modifies an interface property to the value specified by the
show- i fprop user. reset - if prop resets an interface property to its default value. show-
i f prop displays the current value of an interface property.
- create - addr, de let e - Create or delete an IPv4 or IPv6 address on the interface address object. The
I....
0 addr, show-addr address type can be specified as static, DHCP, or auto-configured in the case
"0
c of 1Pv6. show- addr shows IP address information.
ro
Q) up-addr, down-addr Mark an IP address as up or down.
(..)
ro
I....
refresh - addr If the address is of the type "static," DAD (Duplicate Address Detection) will be
restarted (if necessary) on the address identified by the address object. If the
0 address is of the type "dhcp," the lease duration
obtained on the address will be extended by the DHCP client daemon.
enabl e - addr, disab le- addr Create, delete, and show a virtual switch between the VNICs.
set-prop, reset - prop, show - set - prop sets the protocol property to a specificvalue. reset -prop resets
prop a protocol property to its default value. show - prop displays the current value
of a protocol property.
set-addrprop, reset-addrprop, set - addrprop modifies the value of a property on an address object.
show-addrprop reset- addrprop resets an address property to its default value. show -
addrprop displays the current value of an address property.
"0
ORACLE'
Q
... .... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
.
..c
..c
0
I....
c..
c Advances in Oracle Solaris have surpassed the capabilities of traditional tools to efficiently
0
:.;:::::; administer various aspects of network configuration. The ifconfig command, for example,
::J
..c has been the customary tool to configure network interfaces. However, this command does
c
........
rJ)
not implement persistent configuration settings. Over time, ifconfig has undergone
"0 enhancements for added capabilities in network administration. However, as a consequence,
I....
0 the command has become complex and confusing to use. Another issue with interface
c configuration and administration is the absence of simple tools to administer TCP/IP Internet
0
:.;:::::;
(..) protocol properties or tunables. The ndd command has been the prescribed customization
::J
tool for this purpose. However, like the i fconfig command, ndd does not implement
"
e persistent configuration settings. Previously, persistent settings could be simulated for a
network scenario by editing the boot scripts. With the introduction of the Service Management
0
c.. Facility (SMF), using such workarounds can become risky because of the complexities of
Q)
I....
managing SMF dependencies, particularly in the light of upgrades to the Oracle Solaris
"0
Q) installation.
N
c
0
.....c..
.
::J
ro
c
:::J
The ipadm Utility
properties. As a tool for configuring interfaces, the ipadm command offers the following
advantages:
It manages IP interfaces and IP addresses more efficiently by being the tool uniquely
designed for IP interface administration, unlike the i fconfig command that is used for
purposes other than interface configuration.
It provides an option to implement persistent interface and address configuration
settings.
-
I....
As a tool to set protocol properties, the ipadm command provides the following benefits:
0
"0 It can set temporary or persistent protocol properties for IP, Address Resolution Protocol
c (ARP), Stream Control Transmission Protocol (SCTP), and Internet Control Messaging
ct:l
Q) Protocol (ICMP), as well as upper-layer protocols, such as TCP and User Datagram
(..)
ct:l Protocol (UDP).
I....
0 It provides information about each TCP/IP parameter, such as a property's current and
default setting, as well as the range of possible settings. Thus, debugging information is
more easily obtained.
The ipadm command also follows a consistent command syntax and, therefore, is
easier to use.
The slide shows the subcommands currently supported by the ipadm utility.
"0
Q
... ...
)
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
dladm Subcommand Description
rename -link Give a link a meaningful name.
delete -phys Delete the persistent configuration of a link associated with physical
hardware that has been removed from the system.
show-phys Show the physical device and attributes of all physical links.
-
create-vlan, delete-vlan, Create, delete, and show a tagged VLAN link with an ID of vid over
I....
0 show-vlan Ethernet link ether-link.
"0
c scan-wifi, show-wifi, connect- Scan for, show, connectto, and disconnect from one or more Wi-Fi
ro wifi, disconnect-wifi networks.
Q)
(..) show-ether Show state information for all physical Ethernet links.
ro
I....
0 create-secobj, delete -secobj, Create, delete, and show a secure object in the specified class to be
show-secobj used as a WEP or WPA key in connecting to an encrypted network.
create-vnic, delete-vnic, Create, delete, and show a VNIC over the specified link.
show-vnic
create -etherstub, delete- Create, delete, and show a virtual switch betiNeen the VNICs.
etherstub, show-etherstub
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
Q
... ....
)
.
..c
..c
0
I....
c..
c The dladm command is used to configure data links. This slide shows the new capabilities of
0
:.;:::::; the dladm utility.
::J
..c
c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
e
0
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
c
:::J
dladm Enhancements
dladm Subcommand Description
create - iptun, mod ify- Create, delete, modify, and show an IP tunnel.
iptun, remove-iptu n, show-
iptu n
create - br idge, modify - br Create, delete, modify, and show a layer two bridge.
idge, remove-bridge , show-
bridge
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
ORACLE.
Q
... .... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
.
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
e
0
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
c
Th the dladm utility.
e
dla
dm
co
mm
and
is
use
d to
con
figu
re
dat
a
link
s.
Thi
s
slid
e
sho
ws
the
ne
w
cap
abil
itie
s
of
Practice 6-2: Overview
-
I....
0 - Manage IP configuration by using ipadm
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
-
I....
"0
0
Configuring Network Bridges
c
ro New Network Monitoring Utilities
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Transitioning to Virtual Networking
Network
(/)
Q) Physical Link 1
........
ro
tE
ro Network Network
(/)
:t:
-
I....
0 Etherstub
"'0
c
ro
Q)
(.)
Router ------
0
"r"
"r"
0
N
@
........
..c
0)
c Oracle Solaris 11
>.
a..
0
0
"'0 ORACLE"
Q)
:t: Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..0
.
.
ec
a..
c c
..... ...
0 :::J ro c
........ ::J
:::J
:9:.
I .
... .... .
.
-"'0
I....
0
c
u
0
:::J
" '
0
e
a..
"'0
Q)
N
c
0
Today's IT organizations face the costly management of server sprawl (shown on the left in
the slide diagram). This includes the hardware, maintenance, and personnel resources
Net network resources into a single administrative unit. The goal of network virtualization is to
wor provide systems and users with efficient, controlled, and secure sharing of the networking
k
virt resources. The end product of network virtualization is the virtual network.
uali Virtual networks are classified into two broad types: external and internal. External virtual
zati networks consist of several local networks that are administered by software as a single
on
is entity. The building blocks of classic external virtual networks are switch hardware and VLAN
the software technology.
pro
ces
s of
co
mbi
nin
g
har
dw
are
net
wor
k
res
our
ces
and
soft
war
e
needed to manage, operate, and administer those servers on a daily basis. Oracle's network
virtualization solution allows enterprises to enable workload isolation and granular resource
control for all of the system's computing and 1/0 resources. Using virtual infrastructure (shown
on the right in the slide diagram) to consolidate physical systems in the data center,
enterprises can experience the following:
Lower total cost of ownership of servers
Higher server utilization
Increased operational efficiency
-
I....
Tighter security
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Virtual Network Components
Components Description
Solaris zone A Solaris zone is the combination of system resource controls
and the boundary separation provided by zones.
Virtual NIC (VNIC) A VNIC is a virtual network device with the same data link
functionality as physical interface.
I....
Virtual switch The virtual switch provides the same connectivity between
VNICs on a virtual network that switch hardware provides for
c the systems connected to a switch's ports.
Q)
Etherstub An etherstub is a pseudo-network interface that provides an
(..) unmanaged virtual Ethernet switch for virtual interfaces.
ro
Flows A flow is a stream of packets all having the same
0 characteristics, such as the port number or destination
address.
Physical network interface A physical network interface (phys) is an interface controlled
by a hardware driver.
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
c This table shows the key components that make up a virtual network.
0
:..cs
........ c
rJ)
:::J
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
boundary separation provided by zones. Zones act as completely isolated virtual servers
within a single operating system instance. The Solaris zone is the basic server building
Sol block of a virtual network.
ari
Virtual NIC (VNIC): A VNIC is a virtual network device with the same data link
s
functionality as physical interface. You configure VNICs on top of a physical interface or
zon
e: etherstub. You configure VNICs as you configure any physical port, using the same
A commands with the same syntax.
Sol Virtualswitch: The virtual switch provides the same connectivity between VNICs on a
aris virtual network that switch hardware provides for the systems connected to a switch's
zon ports. Each VNIC is implicitly connected to a virtual switch that corresponds to the
e is physical interface. You create VNICs on top of a physical NIC or an etherstub.
the
co
mbi
nati
on
of
syst
em
res
our
ce
con
trol
s
and
the
Etherstub: An etherstub is a pseudo-network interface that provides an unmanaged
virtual Ethernet switch for virtual interfaces. You use etherstubs to isolate the virtual
network from the rest of the virtual networks in the system as well as from the external
network to which the system is connected. Network traffic originating from virtual links
connected to the etherstub is directed to other virtual interfaces connected to the same
etherstub.
Flows: A flow is a stream of packets all having the same characteristics, such as the
port number or destination address. These flows are managed by transport, service, or
virtual machine, including zones. Flows cannot exceed the amount of bandwidth that is
guaranteed to the application or to the customer's purchased share.
.....c...
-
::J
I.... ct:l
0 c
"0 :::J
c
ct:l
Q)
(..)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
hysical network interface: A physical network interface (phys) is an interface
controlled by a hardware driver. You need at least one physical network interface.
P
Building a Simple Virtual Network
Global Zone
Zone 1 Zone2
-
I....
0
"0
c
ro
Q)
(..)
ro
I.... Network
0
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
c This slide shows a simple virtual network with two Solaris zones. Whenever you create two or
0
:.;:::::; more VNICs on the same physical port, a virtual switch will be created at the MAC layer. The
::J
..c effect of the creation of the virtual switch is that traffic between Zone 1 and Zone 2 is switched
........
rJ)
at the MAC layer. It is not necessary to stop using the physical NIC (neto) to be switched by
"0 some external piece of hardware. As long as the VNICs share the same physical NIC and are
I....
0 on the same VLAN, this MAC layer virtual switch can be employed.
c
0
:.;:::::;
This slide shows you how to create two VNICs on the physical interface.
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
Transition to Oracle Solaris 11 6 - 32
Configuring a Private Virtual Network
Global Zone
Zone3 Zone4
-
StubO
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
192.168.0 Network
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
::J
c
ro
0 c
:.;:::::;
::J :::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
Thi network consists of the following:
s
slid GLDv3 network interface netO: This interface connects the global zone to the public
e network.
sho Etherstub stubO: You use etherstubs to isolate the virtual network from the rest of the
ws virtual networks in the system as well as the external network to which the system is
a
sim connected. You cannot use an etherstub just by itself. Instead, you use VNICs with an
ple etherstub to create the private or isolated virtual networks. You can create as many
isol etherstubs as you require. You can also create as many VNICs over each etherstub as
ate required.
d
priv
ate
virt
ual
net
wor
k
with
two
Sol
aris
zon
es.
Thi
s
virt
ual
Three VNICs: vnico is created over etherstub stubO. This interface can be configured
in the global zone to provide a route between the private virtual network (192.168.1.0)
and the public network. Technologies, such as IP forwarding, IP filtering, and Network
Address Translation (NAT), can be used to customize the relationship between the
private and public networks. VNICs vnicl and vnic2 are also created over etherstub
stubo and are used to attach the non-global zones to stubo.
Two exclusive IP zones: The two exclusive IP zones each have a VNIC assigned.
vnicl is assigned to Zone 3, and vnic2 is assigned to Zone 4.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 6 - 30
:::J
-
I.... net3 phys 1500 unknown
0 StubO etherstub 9000 unknown
vnicO
vnic1 vnic 9000 up stubO
"0 vnic 9000 up stubO
c vnic2
ct:l vnic 9000 up stubO
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c .....c...
0 ::J
:.;:::::; ct:l
::J c
.a :::J
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
Thi command (dladm show-link) shows you how to list all the link configured in your system.
s This includes VNICs and etherstubs. The next command (dladm show-vnic) shows you
slid
e how to list the VNIC links. The last command (dladm show-ethers tub) shows you how to
sho list the etherstubs.
ws
use
ful
co
mm
and
s
for
acc
essi
ng
you
r
virt
ual
net
wor
k
con
figu
rati
on.
The
first
Bandwidth Management
"0
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved. ORACLE.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
Transition to Oracle Solaris 11 6 - 32
You can prioritize among the various shares allotted to consumers. You can give highest
priority to critical traffic, such as heartbeat packets for a cluster, and lower priority for less
Ba to a consumer, such as an application or customer. You can control bandwidth on a per
nd application, per-port, per-protocol, and per-address basis. Bandwidth management ensures
wid
th efficient use of the large amount of bandwidth available from the new GLDv3 network
ma interfaces. Resource control features enable you to implement a series of controls on an
nag interface's available bandwidth.
em
ent The allocated portion of bandwidth is known as a share. By setting up shares, you can allocate
ena enough bandwidth for applications that cannot function properly without a certain amount of
ble bandwidth. For example, streaming media and Voice-over IP consume a great deal of
s bandwidth. You can use the resource control features to guarantee that these two applications
you have enough bandwidth to successfully run. You can also set a limit on the
to
ass share. The limit is the maximum allocation of bandwidth that the share can consume. Using
ign limits, you can contain noncritical services from taking away bandwidth from critical services.
a
por
tion
of
the
ava
ilab
le
ban
dwi
dth
of a
NI
C
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Managing Bandwidth
Global Zone
StubO
-
I....
"0
0
Priority = Low
c
ro
Q) 192.168.0 Network
(..)
ro
I....
0
oracle@sllx-servl:-# flowadm add-flow -1 vnic2 -a transport=TCP \
-p maxbw=lOOM,priority=low vnic2-throttle oracle@sllx-
servl:-# flowadm show-flow
FLOW LINK IPADDR PROTO LPORT RPORT DSFLD
vnic2-throttle vnic2 -- tcp
oracle@sllx-servl:-#flowadm show-flowprop vnic2-throttle
FLOW PROPERTY VALUE DEFAULT POSSIBLE
vnic2- maxbw 100 lOOM
throttle priority low low
vnic2-throttle
"0
ORACLE.
Q Copyright 2011, Oracle and/or its affiliates. All rights reserved.
... ...
)
..
..c
..c This slide shows you how to restrict flows and lower priority on a VNIC.
0
I....
c..
c
0
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
Transition to Oracle Solaris 11 6 - 34
In command. This flow (vnic2- throttle) restricts vnic2 bandwidth to 100 Mbits/s and sets
this the link priority to low.
exa
mpl
e,
a
flo
w
na
me
d
vn
ic
2-
th
ro
ttl
e
is
cre
ate
d
by
usi
ng
the
flo
wa
dm
In this practice,
Introducing you explore
the Oracle Oracle
Solaris Solaris Enhancements
11 Network 11 network
virtualization.
During this practice, you:
- Configure two zones on a private virtual network
-
I...
0 - Configure the virtual network for public access
"0
c
ro - Secure the virtual network behind a firewall
Q)
(..) Control network traffic flow
ro
I...
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserve
......
rJ)
"0
I...
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I...
"0
Q)
N
c
0
....c
..
::J
ro
c
-
:::J
I....
0
"0 c ro
Q)
(..)
ro
I....
0
-
"<""
"" Managing NWAM
"<""
""
0
(\
New and Enhanced Network Management Utilities
J
K
r
J
)
"
0
I
.
.
.
.
0
c
0
:
.
;
:
:
:
:
:
;
(
.
.
)
:
:
J
"
e
0
c
.
.
Q
)
I
.
.
.
.
"
0
Q
)
c
0
.
.
.
.
Agenda
c
.
.
:
ro
:
Introducing the Oracle Solaris 11 Network Enhancements
J
c
:
:
:
J
IP Multipathing (IPMP)
Network Infrastructure
;------------------------------------
I
I
I
I
I
-- :I
-- Database
I
Server
Oracle- Web -IPMP
DB Service
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c
o
n
f
i
g
u
r
a
t
i
o
n"0
c ro "<""""
ro I.... "<""""
0
Q) 0 (\J
(..) -
IP Multipathing (IPMP)
..c
0
>c
>.
c..
0
0
"0
..Q) ...
.
..c
..c
0
I....
c..
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
c An IPMP configuration typically consists of two or more physical interfaces on the same
0
:.;:::::; system that are attached to the same LAN. These interfaces can belong to an IPMP group in
::J
..c either of the following configurations:
......
rJ) Active-active configuration: In this configuration, all underlying interfaces are active. An
"0
I....
active interface is an IP interface that is currently available for use by the IPMP group. By
0 default, an underlying interface becomes active when you configure the interface to become
c
0
:.;:::::;
part of an IPMP group.
(..)
::J Active-standby configuration: In this configuration, at least one interface is administratively
" configured as a reserve. The reserve interface is called the standby interface. Although idle,
0
e the standby IP interface is monitored by the multipathing daemon to track the interface's
c.. availability, depending on how the interface is configured. If link-failure notification is
Q)
I.... supported by the interface, link-based failure detection is used. If the interface is configured
"0
Q) with a test address, probe-based failure detection is also used. If an active interface fails, the
N
standby interface is automatically deployed as needed. You can configure as many standby
c interfaces as you want for an IPMP group.
0
....c.
.
::J
ro
c
:::J
This slide shows a two-interface IPMP group ipmpO with an active-active configuration.
LOCI!Ar'II Nttwork
ipmpO
192.168.0.112 192.168.0.113
linkO_ipmpO link1_ipmp0
(192.168.0.142) (192.168.0.143)
Fllltd
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c This slide shovvs an IPMP active-active configuration. In this configuration, all underlying
0
:o=; interfaces are active. No underlying interfaces are reserved for replacement in the event of an
::J
..0 active interface failure.
c
1i) IPMP failure detection can be link-based, probe-based, or both to determine the availability of
"0
'- a specific underlying IP interface in the group. If IPMP determines that an underlying interface
0 has failed, that interface is flagged as failed and is no longer usable. The data IP address that
c
0
:o=;
vvas associated with the failed interface is then redistributed to another functioning interface in
() the group. If available, a standby interface is also deployed to maintain the original number of
::J
"0 active interfaces.
0
'-
0.
Q)
'-
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
Two data addresses are assigned to the group: 192.168.10.112 and 192.168.10.113.
Two underlying interfaces are configured as active interfaces and are assigned flexible
link names: linkO_ipmpO and link1_ipmp0.
Probe-based failure detection is used, and thus the active interfaces are configured with test
addresses, as follows:
linkO_ipmpO: 192.168.0.142
link1_ipmp0: 192.168.0.143
The Active and Failed areas in the diagram indicate only the status of underlying interfaces,
and not physical locations. No physical movement of interfaces or addresses, and no transfer
of IP interfaces, occurs within this IPMP implementation. The areas serve to show only how
an underlying interface changes status as a result of either failure or repair.
ipmpO
192.168.0.112 192.168.0.113
linkO_ipmpO linlk1_ipmp0
(192.168.0.142) (192..168.0.143)
'
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights reserved.
)
.
:0
..c.
0
'-
0.
Q)
c '-
0
:o=;
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
ipmpO
192.168.0.112 192.168.0.113
lirnkO_ipmpO link1_ipmp0
(192.168.0.142)
(19,2..168.0.143)
"0
Q ORACLE.
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c IPMP continues to probe the failed underlying interface (l inkO _ipmpo) to determine if it has
2 been repaired. When IPMP determines that an underlying interface has been repaired, it flags
.5
the interface as Active. The data IP address that was associated with the failed interface is
w then redistributed to the repaired interface.
c
"0
'-
0
c
0
:o=;
()
=:)
"0
0
'-
0.
Q)
'-
How IPMP Works: Active-Standby
LocalArta Nllltwork
ipmpO
192.168.0.112 192.168.0.113
linkO_ipmpO link1_ipmpo
(192.168.0.142) (192.168.0.143)
OMht
Standby
link2_ipmp0
(192.168.0.144)
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights reserved.
)
.
:0
..c.
0
'-
0.
0.
c Q)
0 '-
:o=;
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
=a The Active, Offline, Reserve, and Failed areas in the figures indicate only the status of
underlying interfaces, and not physical locations. No physical movement of interfaces or
w addresses, and no transfer of IP interfaces, occurs within this IPMP implementation. The areas
serve to show only how an underlying interface changes status as a result of either
failure or repair
0
0
(\J
,\ '3.(\
..c
0
> c
>.
c..
0
0
e
......
rJ)
"""0
I....
0
c
0
:.;:::::;
(.)
::J
"" "
e
0 c..
Q)
I....
"""0
Q)
N
c
0
....c..
::J
ro
How IPMP Works: Active-Standby
ipmpO
192.168.0.112 192.168.0.113
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights reserved.
)
.
:0
..c.
0
'-
0.
Q)
c '-
0
:o=;
::J
..0
c
1i)
"0
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
LocalAreaNetwork
ipm pO
192.168.0.112 192.168.0.113
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights reserved.
)
.
:0
..c.
0
'-
0.
c IPMP continues to probe the failed underlying interface (l inkO _ipmpo) to determine if it has
0
:o=; been repaired. When IPMP determines that an underlying interface has been repaired, it flags
::J
..0 the interface as Active and the standby interface (l ink2_ipmpO) is moved back to a standby
c
1i) state. The data IP address that was associated with the failed interface is then redistributed to
"0 the repaired interface.
'-
0
c
0
:o=;
()
::J
"0
0
'-
0.
Q)
'-
How IPMP Works: Active-Standby
LocalArea Nletwork
ipmpO
192.168.0.112 192.168.0.113
Fllltcl : ,, otniiW
I link1_ipmp0
.---.;:;.;:&tl=by:2..-_--.,{< (192.168.0.143)
link2_ip
(192.168.0.144)
-- -
"0
Q ORACLE'
.. .... Copyright 2011, Oracle and/or its affiliates.All rights reserved.
)
.
:0
..c.
0
'-
0.
- -i link1_ipmp0 ipmpO
I....
0
"0
c
ro roots11-serv1:-# ipadm create-addr -T static \
Q)
-a 192.168.0.112/24 ipmp0/v4add1
(..)
ro
I....
roots11-serv1:-# ipadm create-addr -T static \
0 -a 192.168.0.113/24 ipmp0/v4add2
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c This slide shows you the steps to configure an active-active IPMP configuration with flexible
0
:.;:::::; data link names as shown in the diagram in the earlier slide titled "How IPMP Works: Active
::J
.a Active." Here, you rename the data links neto and netl to linkO_ipmpO and
........
rJ)
linkl_ipmpO, respectively. Before these data links can be used by IPMP, you must create
"0 an IP interface for each one.
I....
0 Now you are ready to create the IPMP group. This involves two steps. You first create the
c
0 IPMP group(ipmpo in this example), and then you add the underlying interfaces
:.;:::::;
(..) (linkO_ipmpO and linkl_ipmpo)to the group.
::J
" Next, assign the data IP addresses to the IPMP interface(ipmpo)in the form of IP address
0
e objects(ipmpO/v4addl and ipmpO/v4add2).
c.. Finally, assign the test IP addresses to each underlying interface in the form of IP address
Q)
I....
objects(linkO_ipmpO/test and linkl_ipmpO/test).
Configuring IPMP: Active-Standby
roots11-serv1:-# dladm rename-link netO linkO_ipmpO
roots11-serv1:-# dladm rename-link net1 link1_ipmp0
roots11-serv1:-# dladm rename-link net1 link2_ipmp0
roots11-serv1:-# ipadm create-ip linkO_ipmpO
roots11-serv1:-# ipadm create-ip link1_ipmp0
roots11-serv1:-# ipadm create-ip link2_ipmp0
roots11-serv1:-# ipadm create-ipmp ipmpO
-
I....
roots11-serv1:-# ipadm add-ipmp -i linkO_ipmpO \
0 -i link1_ipmp0 -i link2_ipmp0 ipmpO
"0 roots11-serv1:-# ipadm set-ifprop -p standby=on -m ip link2_ipmp0
c
ct:l roots11-serv1:-# ipadm create-addr -T static \
Q)
(..)
-a 192.168.0.112/24 ipmp0/v4add1
ct:l
I....
roots11-serv1:-# ipadm create-addr -T static \
0 -a 192.168.0.113/24 ipmp0/v4add2
roots11-serv1:-# ipadm create-addr -T static \
-a 192.168.0.142/24 linkO_ipmpO/test
roots11-serv1:-# ipadm create-addr -T static \
-a 192.168.0.143/24 link1_ipmp0/test
roots11-serv1:-# ipadm create-addr -T static \
-a 192.168.0.144/24 link2_ipmp0/test
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 6 -49
Monitoring IPMP
Thi data link names as shown in the diagram in the earlier slide titled "How IPMP Works: Active
s Active." The steps are similar to those shown on the previous slide.
slid
e Here, you rename the data linksnetO, netl,and net2 to linkO_ipmpO, linkl_ipmpO,
sho and link2_ipmpO, respectively. You then create an IP interface for each one.
ws
you Now you create the IPMP group. This involves two steps. You first create the IPMP group
the (ipmpO in this example), and then you add the underlying interfaces (linkO_ipmpO,
ste linkl_ipmpO, and link2_ipmpo) to the group.
ps
to Once the IMP group is created, you set the standby property in one of the underlying
con interfaces (link2_ipmpO in this example) to on.
figu Next, assign the data IP addresses to the IPMP interface (ipmpo) in the form of IP address
re
an objects (ipmpO /v4addal nd ipmpO /v4add2).
acti Finally, assign the test IP addresses to each underlying interface in the form of IP address
ve- objects (linkO_ipmpO/test, linkl_ipmpO/test, and link2_ipmp0).
sta
ndb
y
IP
MP
con
figu
rati
on
wit
h
flex
ible
roots11-serv1:-# ipmpstat -g
GROUP GROUPNAME STATE FDT INTERFACES
ipmpO ipmpO degraded 10.00s link2_ipmp0 link1_ipmp0 [linkO_ipmpO]
roots11-serv1:-# ipmpstat -i
INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE
-
link2_ipmpO yes ipmpO -s----- up ok ok
I....
0 link1_ipmpO yes ipmpO --mbM-- up ok ok
linkO_ipmpO no ipmpO ------- up failed failed
"0
c
ct:l
Q)
(..) roots11-serv1:-# ipmpstat -an
ct:l ADDRESS STATE GROUP INBOUND
I....
0 OUTBOUND
down ipmpO link1_ipmp0 link2_ipmp0
192.168.0.11 up ipmpO link1_ipmp0 link2_ipmp0
3 up ipmpO link2_ipmp0 link1_ipmp0
192.168.0.11
2
"0 ORACLE'
Q
... . Copyright 2011, Oracle and/or its affiliates. All rights
)
.. .. reserved.
..
c
..c
0
I....
c..
c You use the ipmpstat command to monitor IPMP group activity and health.
0
:.;:::::;
::J This slide shows three examples of ipmpstat usage. The examples that you see
..c here are taken from an IPMP active-standby configuration created by the procedure
........
rJ) shown in the previous slide. Here, one of the underlying interfaces has failed.
"0
I.... The first example (ipmpstat -g) displays information about the IPMP group. The
0
c IPMP group is named ipmpO. It has three underlying interfaces: linkO_ipmpO,
0 linkl_impmO, and link2_ipmpO. Note that the state of the IPMP group is
:.;:::::;
(..)
::J degraded and the underlying interface linkO_ipmpo has brackets around it (boxed)
" indicating that it has failed.
0
e The second example (ipmpstat -i) displays information about the IP interfaces. Here,
c.. link2 ipmpO is in the Active state and linkO ipmpO is in the Failed state.
Q)
I....
"0
Q)
c
0
.....c
...
::J
ct:l
c
:::
J
-
I...
The third example (ipmpstat -an) displays information about the IPMP data addresses. IP
0 address 192.168.0.112 is currently assigned to the standby interface (link2_ipmpo) and
""0
c 192.168.0.113 is assigned to linkl_ipmpO for all INBOUND data traffic.
ct:l
Q) OUTBOUND data traffic is spread across both active interfaces for each IP address.
(.)
ct:l
I...
0
(\J
..c
0
> c
>.
c..
0
0
""0
..) Q...
.
..c
I...
0
c
0
:.;:::::;
(.)
::J
" "
e
0 c..
Q)
I...
""0
Q)
N
c
0
....c.
.
::J
ct:l
c
:::J
roots11-serv1:-# ipmpstat -pn
TIME INTERFACE PROBE NETRTT RTT RTTAVG TARGET
0.06s link2_ipmpO i163 0.26ms 0.49ms 0.33ms 192.168.0.100
0.90s link1_ipmpO i162 0.26ms 0.39ms 0.31ms 192.168.0.100
0.92s link2_ipmpO i164 0.19ms 0.36ms 0.34ms 192.168.0.100
0.49s linkO_ipmpO i161 192.168.0.100
-
I.... -0.49s linkO_ipmpO i160 192.168.0.100
0
"0
2.52s link2_ipmpO
c.. i165 0.23ms 0.39ms 0.34ms 192.168.0.100
c 2.74s link1_ipmpO i163 0.24ms 0.38ms 0.32ms 192.168.0.100
ct:l
Q) 3.69s link1_ipmpO i164 0.25ms 0.45ms 0.34ms 192.168.0.100
(..) 2.31s linkO_ipmpO i162 192.168.0.100
ct:l
I....
"0 O
Q
... ...
) Copyright 2011,
R
.. Oracle and/or its A
..c affiliates. All CL
..c rights reserved.
0 E'
I....
c This example (ipmpstat -pn) displays information about the IPMP probe. For IPMP
0
:.;:::::; probing to work correctly, the IPMP group must be connected to the local area network and at
::J
..c least one other host (the probe target) must also be connected to the same network.
........
rJ) Here, interfaces link2_ipmpO (standby) and linkl_ipmpO are actively probing target
"0
I....
192.168.0.100. Interface linkO_ipmpO probing is failing.
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Agenda
-
I....
0 - Create an IPMP active-standby configuration
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Introducing the Oracle Solaris 11 Network Enhancements
Managing NWAM
New and Enhanced Network Management Utilities
Configuring Network Virtualization
-
I....
"0
0
Configuring IPMP
c
ro
Q)
Configuring Network Bridges
(..)
ro
I....
New Network Monitoring Utilities
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
'0
....rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Unlike STP and RSTP, TRILL does not shut down physical links to prevent loops. Instead,
TRILL computes the shortest-path information for each TRILL node in the network and uses
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Network Bridging
Net bridge, the attached network segments communicate as if they were a single network
wor segment. Bridging is implemented at the data link layer (L2) of the networking stack to
k connect subnetworks together.
brid
ges Using a bridge configuration simplifies the administration of the various nodes in the network
are by connecting them to a single network. By connecting these segments through a bridge, all
use
the nodes share a single broadcast network. Thus, each node can reach the others by using
d
to network protocols such as IP rather than by using routers to forward traffic across network
con segments. If you do not use a bridge, you must configure IP routing to permit the forwarding of
nec IP traffic between nodes.
t
sep To forward packets to their destinations, bridges must listen in promiscuous mode on every
ara link that is attached to the bridge. Listening in promiscuous mode causes bridges to become
te vulnerable to the occurrences of forwarding loops, in which packets circle forever at full line
net rate. To prevent this, bridging uses the Spanning Tree Protocol (STP) to prevent network
wor
k loops that would render the subnetworks unusable. In addition to STP, Oracle Solaris 11
seg supports Transparent Interconnect of Lots of Links (TRILL) protocol.
me
nts.
Wh
en
con
nec
ted
by
a
that information to forward packets to individual destinations. As a result, TRILL enables the
system to leave all links in use at all times.
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
oracles11x-serv1:-# dladm create-bridge -1 natO -1
net3 tonowhere oracles11x-serv1:-# dladm show-bridge
BRIDGE PROTECT ADDRESS PRIORITY DESROOT
Tonowhere stp 32768/8:0:27:15:2:19 32768
32768/8:0:27:15:2:19 oracles11x-serv1:-# dladm
-
show-bridge -1 tonowhere
I.... LINK STATE UPTIME DESROOT
0
natO forwarding 90
"0
c 32768/8:0:27:15:2:19 net3 discarding 90
ct:l 32768/8:0:27:15:2:19 oracles11x-serv1:-#
Q) dladm remove-bridge -1 natO -1 net3 tonowhere
(..) oracles11x-serv1:-# dladm delete-bridge tonowhere
ct:l '(\
ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
c This slide shows you how to create, display, and remove a network bridge.
0
:..cs
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
Practices 6-5 and 6-6: Overview
-
I...
0
"0
c
ro
Q)
(..)
ro
I...
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I...
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I...
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Introducing the Oracle Solaris 11 Network Enhancements
New Network Utilities
Managing NWAM
Configuring Network Virtualization
-
I....
"0
0
Configuring Network Bridges
c
ro New Network Monitoring Utilities
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
The wireshark Utility
"0
Q ORACLE"
.. .... Copyright 2011, Oracle and/or its affiliates.All rights
)
. reserved.
:0
..c.
0
'-
0.
c Wireshark is a network protocol analyzer. You can use it to capture and interactively brovvse
0
:o=; the traffic running on a computer network. Because of its rich and powerful feature set, system
::J
..0 administrators, security experts, developers, and educators around the world use it regularly.
c
1i) It is freely available as open source and is released under the GNU General Public License
"0 version 2.
'-
0
With Wireshark you can:
c
0
:o=; Capture live packet data from a network interface
()
::J Display packets with very detailed protocol information
"0
0 Open and save captured packet data
'-
0.
Q)
'- Import and export packet data from and to many other capture programs
Filter packets by using many criteria
Search for packets by using many criteria
Colorize packet display based on filters
View various statistics
This slide shows the Wireshark packet analyzer interface.
Reports runtime statistics about data links.
dlstat allows you to:
- Examine all links and reports statistics
- Examine a specific link and reports statistics
-
I....
"0
0
- Examine physical network devices and reports statistics
c
ro - Examine link aggregations and reports statistics
Q)
(..)
ro Specify a sampling interval
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>c
>.
c..
0
0 ORACLE.
"0 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..Q) ...
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Transition to Oracle Solaris 11 6 - 64
The dlstat Utility
The descending order of link utilization. The slide lists what you can do using dlstat.
dl
st
at
co
mm
and
rep
orts
runt
ime
stat
istic
s
abo
ut
dat
a
link
s.
The
out
put
is
sort
ed
in
the
oracles11x-serv1: # dlstat
LINK IPKTS RBYTES OPKTS OBYTES
vnicO 222 9.42K 1.50K 118.00K
vnic1 1.10K 82.73K 168 7.15K
vnic2 1.10K 82.73K 168 7.15K
speedway08.95K 713.56K 17.69K 20.80M
oracles11x-serv1: # dlstat show-phys
"0
Q
... ...
)
..
..c
..c ::J " 0 c.. Q)
0
I....
c..
I....
"0
e
c Q)
0 N
:.;:::::; c
::J Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.a
........
rJ)
"0
I.... The slide shows examples of dlstat usage.
0
c In the first example, running dlstat without subcommands displays a summary of statistics
0
:.;:::::;
(..)
for all the links. The report shows incoming traffic (IPKTS and RBYTES) and outgoing traffic
(OPKTS and OBYTES).
In the second example, the show-phys subcommand reports network traffic statistics for
each physical network device. The INDEX field identifies the ring queue associated with a
d vice. The report includes statistics for data received (rx) and data transmitted (tx). Note
e that if your link aggregations (speedwayo) are present, they are also displayed.
oraeles11x-serv1: # dlstat show-link
LINKTYPE ID INDEX PKTS BYTES
vnieO rx local 114 4.84K
vnieO rx beast 112 4.75K
vnieO rx SW 0 0
vnieO tx beast 1.01K 79.68K
-
I.... vnieO tx SW 514 40.38K
0
speedwayO rx hw 0 5.22K 458.88K
"0
c speedwayO rx hw 1 1.28K 87.51K
ct:l
Q)
(..)
ct:l
I....
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
.a
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
Transition to Oracle Solaris 11 6 - 68
dlstat: Examples
The output, the ID field indicates whether hardware rings are exclusively assigned (indicated by
sh hw) or shared (indicated by sw) among clients. rx rings are shared if other clients, such as
ow VNICs, are configured over the link as well. In the example shown in the slide, sharing is
-
lin indicated by the vnicO swvalue in the ID column.
k The show- aggr subcommand reports incoming and outgoing network traffic statistics for
sub
co aggregated links. The PORT field indicates the devices that make up the link aggregation.
mm
and
rep
orts
net
wor
k
traff
ic
stat
istic
s
for
eac
h
net
wor
k
link.
In
the
-
I....
0 - Install and explore the dl stat utility
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Summary
..c
0
>
c
>.
c..
0
ORACLE.
..c Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
0
I....
c..
c In this lesson, you were presented with the new Oracle Solaris 11 network features. You were
0
:.;:::::; also shown the tasks involved in managing NWAM and configuring virtual networks. Finally,
::J
..c you learned how to configure a network bridge.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
I...
"0
c
ct:l
Q)
(..)
ct:l
I...
0
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
I...
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I...
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Objectives
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...). ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Agenda
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
"0
0
Configuring ZFS Deduplication
c
ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
ZFS deduplication: Deduplication is the process of eliminating duplicate copies of data.
ZFS deduplication saves space and unnecessary 1/0, which can lower storage costs
:::J
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Introducing Oracle Solaris 11
Storage Enhancements
You can migrate UFS and ZFS file systems.
Z You can split a mirrored ZFS storage pool.
F You can determine ZFS snapshot differences.
S
You can use deduplication in ZFS to save storage space.
i COMSTARs for iSER, SRP, and FCoE are now supported. '
s
t There is greater Microsoft interoperability with fully
h integrated CIFS support.
e l'-le(\ .... o. \O
d ORACLE.
e Copyright 2011, Oracle and/or its affiliates. All rights reserved.
f
a A number of important storage features and enhancements have been introduced with the
u release of the Oracle Solaris 11 operating system. These features and enhancements
lt include:
r ZFS default root file system: ZFS is the default root file system for the Oracle Solaris
o 11 operating system. With a ZFS root pool, you do not have to worry about calculating
slice sizes for 1, lvar, 1export, and so on only to find out you did not create them with
o enough space (or with too much). With ZFS, they consume only as much space as they
t need. ZFS reduces complexity by eliminating the need for multiple volume management
fi tools. Another benefit to having a ZFS root pool is that you can mirror your root file
l system with very little effort.
e Migrating UFS and ZFS file systems: You can use the ZFS Shadow Migration
s feature to migrate data from old UFS and ZFS file systems to new file systems
y while simultaneously allowing access and modification of the new file systems
s during the migration process.
t Splitting mirrored ZFS storage pools: A mirrored ZFS storage pool can be
quickly cloned as a backup pool.
e
ZFS snapshot differences: A very useful feature has been implemented for ZFS in
m Oracle Solaris 11, which allows you to list all file changes between two snapshots of a
. ZFS file system.
0
"0
c
ct:l
Q)
(..) ct:l I....
-
I....
ZFS deduplication: Deduplication is the process of eliminating duplicate copies of data.
ZFS deduplication saves space and unnecessary 1/0, which can lower storage costs
and improve performance. ZFS deduplication automatically avoids writing the same
data twice on your drive by detecting duplicate data blocks and keeping track of the
multiple places where the same block is needed.
COMSTAR targets for iSER, SRP, and FCoE: COMSTAR (Common Multiprotocol
SCSI Target) is the software framework that enables the ability to turn any Oracle
Solaris host into a target device that can be accessed over a storage network. The
COMSTAR framework makes it possible for all SCSI device types (tape, disk, and
"0
Q the like) to connect to a transport (such as Fibre Channel) with concurrent access to
... ...
)
.. all logical unit numbers (LUN) and a single point of management. Support for a
..c number of protocols has been added: iSCSI Extensions for RDMA (iSER) and SCSI
RDMA
Protocol (SRP) for hosts that include an lnfiniBand Host Channel Adapter, iSCSI, and
Fibre Channel over Ethernet (FCoE). Oracle Solaris DTrace probes have also been
0
s
added to COMSTAR in the SCSI Target Mode Framework (STMF) and SCSI Block ) "'
I....
0 Device (SBD).
c
0 Greater Microsoft interoperabilitywith fully integrated CIFS: Oracle Solaris 11
:.;:::::;
(..) includes fully integrated ClFS. The Common Internet File System (CIFS), also known
::J
as SMB, is the standard for Microsoft file-sharing services. The Oracle Solaris CIFS
ec...
"0
service provides file sharing and MS-RPC administration services required for
Q)
I.... Windows-like behavior for interoperabilitywith CIFS clients, including many new
"0
Q)
features such as
N host-based access control, which allows a CIFS server to restrict access to specific
c clients by IP address, ACLs (access control lists) on shares, and synchronization of
0 client-side offline file caching during reconnection. Microsoft ACLs are also supported
.....c. in ZFS.
..
::J
ct:l
c
:::J
Agenda
"0
0
Configuring ZFS Deduplication
c
ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
ZFS Shadow Data Migration
"0
c c
ro :::J
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Create Data from source file system is copied to the shadow file
an system.
ZFS
system.
Set
shadow
property ORACLE.
on Copyright 2011, Oracle and/or its affiliates. All rights reserved.
empty
ZFSA common task for administrators is to migrate data from one system to another. In the most
system
abstract sense, this problem encompasses a large number of use cases, from replicating data
to between servers to keeping user data on laptops in sync with servers. The ZFS Shadow Data
to Migration feature in Oracle Solaris 11 OS provides a simple-to-use solution for moving data
quickly and safely between systems.
system
to You can use the shadow migration feature to migrate file systems as follows:
A local or remote ZFS file system to a target ZFS file system
migrated.
A local or remote UFS file system to a target ZFS file system
ZFS Shadow Data Migration uses a simple method that pulls the data to be migrated:
Create an empty ZFS file system.
Set the shadow property on an empty ZFS file system, which is the target (or shadow)
file system, to point to the file system to be migrated.
Data from the file system to be migrated is copied over to the shadow file system.
You can use the shadows tat command to monitor a file system migration, which
provides the following data:
- migrated.
I....
0
"0
c
ro Be patient.
Q)
(..)
ro
Use the shadows tat command to monitor shadow
I....
0 migration activity.
-
"<""""
"<""""
0
(\J
..c
0
>c
>.
c..
0
0 ORACLE.
"0
..Q) ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0 ZFS Shadow Data Migration
I....
c..
c
0
:.;:::::;
::J
..c c
:::J
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Shadow Migration Considerations
Wh The file system to be migrated must be set to read-only. If the file system is not set to
en read-only, in-progress changes might not be migrated.
pla
nni The target file system must be completely empty.
ng If the system is rebooted during a migration, the migration continues after the system is
you booted.
r
sha Access to directory content that is not completely migrated or access to file content that
do is not completely migrated is blocked until the entire content is migrated.
w
mig If you want the UlD, GID, and ACL information to be migrated to the shadow file system
rati during an NFS migration, make sure that the name service information is accessible
on between the local and remote systems. You might consider copying a subset of the file
con system data to be migrated for a test migration to see that all the information is migrated
figu
properly before completing a large migration of data over NFS.
rati
on, Migrating file system data over NFS can be slow, depending on your network
con bandwidth. Be patient.
sid
er
the
foll
owi
ng:
The BYTES XFRD column identifies how many bytes have been transferred to the
shadow file system.
The BYTES LEFT column fluctuates continuously until the migration is almost
complete. ZFS does not identify how much data needs to be migrated at the
beginning of the migration because this process might be too time-consuming.
Consider using the BYTES XFRD and the ELAPSED TIME information to estimate
the length of the migration process.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ..
)
. ..
..c
You can use the shadows tat command to monitor a file system migration, which
provides the following data:
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c
...
::J
ct:l
c
:::J
Configuring ZFS Shadow Data Migration
roots11-source:-# share -F nfs -o ro /export/UFS_data
root@s11-source:-# share -F nfs -o ro /export/ZFS_data
roots11-target:-# pkg install shadow-migration
root@s11-target:-# svcadm enable shadowd
roots11-target:-# zfs create -o \
shadow=nfs://s11-source/export/UFS_data \
-
I.... rpool/export/shadow_UFS_data
0
"0
roots11-target:-# zfs create -o \
c shadow=nfs://s11-source/export/ZFS_data \
ct:l
Q) rpool/export/shadow_ZFS_data
(..)
ct:l
I....
root@s11-target:- # shadowstat
0 EST
BYTES BYTES ELAPSED
DATASET XFRD LEFT ERRORS TIME
rpool/export/UFS_shadow 85.7M 77.75M 00:05:11
rpool/export/ZFS_shadow - 00:05:12
No migrations in progress
,.........
"0 ORACLE'
Q
...) ...
..
..c Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
0
I....
c..
c Splitting a ZFS Mirrored Pool: Example
0
:.;:::::;
::J The slide shows an example of setting up ZFS shadow data migration on a remote host
..c containing the file system to be migrated and the target host containing the shadow file
........
rJ) system.
"0
I....
0
Here, two remote file systems (one UFS, one ZFS) are exported as read-only NFS file
c systems.
0
:.;:::::; On the target host, you must first install the shadow-migration software package. After the
(..)
::J
package is installed, enable the shadowd service.
"
e Finally, create an empty ZFS file system for each exported file system on the remote host. On
0 each ZFS shadow file system, set the shadow option to
c..
Q)
I....
nfs://remote_system/exported_file_system.
"0
Q) Run the shadows tat command on the target host to monitor shadow migration activity.
N
c
0
.....c.
..
::J
ct:l
c
:::J
Agenda
"0
0
Configuring ZFS Deduplication
c
ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Splitting a Mirrored ZFS Storage Pool
- :::J
I....
0
"0
c
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
new pool contents are identical to the original mirror
pool.
T
By default, zpool split detaches the last disk.
h
e
accessible.
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
A mirrored ZFS storage pool can be quickly cloned as a backup pool by using the zpool
split command. Currently, this feature cannot be used to split a mirrored root pool.
You use the zpool split command to detach disks from a mirrored ZFS storage pool to
create a new pool with one of the detached disks. The new pool will have identical contents to
the original mirrored ZFS storage pool. By default, a zpool split operation on a mirrored
pool detaches the last disk for the newly created pool. After the split operation, the new pool
must be imported to be accessible.
Splitting a ZFS Mirrored Pool: Example
oraclesllx-servl: # zpool create newpool mirror c7t2d0 c7t3d0
oraclesllx-servl: # zpool split -n newpool newpooll
would create newpooll' with the following layout:
newpooll
c7t3d0
oraclesllx-servl: # zpool split newpool newpooll
oraclesllx-servl: # zpool import newpooll
oraclesllx-servl: # zpool status
-
I.... pool: newpool
0 state: ONLINE
"0 scan: none requested
c
ct:l config:
Q)
NAME STATE READ WRITE CKSUM
(..)
ct:l newpool ONLINE 0 0 0
I....
0 c7t2d0 ONLINE 0 0 0
pool: newpooll
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
newpooll ONLINE 0 0 0
c7t3d0 ONLINE 0 0 0
"0
Q
- ... ORACLE'
... ...
) Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
.a
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
The In this example, you create a mirrored pool (newpool). Then you run the zpool split -n
slid command to perform a "dry run" on the spilt operation. Next, you split the mirror to create the
e
sho newpooll pool. Finally, you import the newpooll pool and check ZFS pool status. The
ws status shows that the newpool and newpooll pools each contain one disk from the original
an mirrored ZFS pool.
exa
mpl
e of
split
ting
a
ZF
S
mirr
ore
d
stor
age
poo
l.
Agenda
"0
0
Configuring ZFS Deduplication
c
ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
-
I....
0
"0 c ro
Transition to Oracle Solaris 11 7 - 14
Identifying ZFS Snapshot Differences
.. "0
I.... e
c Q)
0 N
> c
0
c ....c..
>
. ::J
ro
c.
. c
0 :::J
0
"
0
..Q)
... .
..
c
..
c
0
I...
.
c.
.
c
0
:.;::::
:;
::
J
..
c
.....
. rJ
)
-
I....
NAME newpool/mydatabefore CREATION
0 newpool/mydataafter Mon Apr 6 14:54 2011
"0
c rpool/ROOT/solarisinstall Mon Apr 6 14:59 2011
ct:l
Q) Fri Mar 4 22:33 2011
(..)
0 M /newpool/mydata/
+ /newpool/mydata/newfile
oracles11x-serv1: #
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0 This slide shows an example of identifying ZFS snapshot differences.
I....
c..
c
0
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Identifying ZFS Snapshot Differences:
Example
I e example, you take a before snapshot of the newpool/mydata ZFS file system. Then you
n create a new file (newfile) in /newpool/mydata. You take another snapshot (after) of
the same ZFS file system and list the snapshots based on name and creation date. Finally, you
t compare the before and after snapshots to determine the differences. Note that in the zfs
h diff command output, M indicates that /newpool/mydata/was modified and+ indicates
that a file (/newpool/mydata/newfile) was added to the later dataset.
Splitting a Mirrored ZFS Storage Pool
Identifying ZFS Snapshot Differences
Configuring ZFS Deduplication
-
I....
0
"0 c ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0 >
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
"0
I.... e
Q)
N
c
0
....c..
::J
ro
c
:::J
Here are some applications that typically benefit from ZFS deduplication:
-
I....
0
Enables data deduplication at the level of files, blocks, or
"0
c
ro bytes
Q)
(..)
ro Is synchronous
I....
..c
0 File servers
>
c
>.
c..
0
0 ORACLE.
"0
..)Q.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
ZFS Deduplication
-
I.... Virtualization storage: Server virtualization, such as Solaris zones, is another area with
0
much duplicate data. Multiple installations of the same virtualized operating system
"0
c share the same kernel, libraries, system files, and applications.
ct:l
Q) :::J
(..)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Wh stored only once.
en
you
run
the
se
typ
es
of
app
licat
ion
s
on
ded
upli
cati
on-
ena
ble
d
ZF
S
file
syst
em
s,
dat
a is
One new ZFS file system property: dedup
Two new ZFS pool properties
dedupratio
dedupditto
-
I....
0
"0
c
ro
Q)
(..)
ro
I....
"0
Q
... ... Copyright
)
.. 2011, Oracle
..c and/or its
..c affiliates. All
0 rights reserved.
I....
c..
ORACLE.
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
ZFS Deduplication Properties
To ZFS has one new ZFS file system property to support deduplication, dedup. You use the
sup deduplication (dedup) property to remove redundant data from your ZFS file systems. If a file
port
the system has the dedup property enabled, duplicate data blocks are removed synchronously.
ded The result is that only unique data is stored and common components are shared between
upli files. When dedup is enabled, the dedup checksum algorithm overrides the checksum
cati property. Setting the value to verify is equivalent to specifying sha2 56 for the checksum
on property. If the property is set to verify and two blocks have the same signature, ZFS does a
feat
ure, byte-for-byte comparison with the existing block to ensure that the contents are identical.
Ora ZFS has two new ZFS pool properties to support deduplication: dedupratio and
cle dedupditto. The dedupratio property is a read-only value used as a multiplier that
Sol
aris indicates the deduplication ratio achieved for a ZFS pool. The dedupdi t to property sets
11 a deduplication copy threshold. If the reference count for a deduped block goes above this
add threshold, another ditto copy of the block is stored automatically.
s
ne By telling ZFS to store an additional copy after a specific number of references, you build in
w some redundancy just in case the original block gets checksum errors.
pro
pert
ies
to
ZF
S.
ZFS Deduplication: Example
oracle@sllx-servl:-zpool list
NAMB SIZB ALLOC FRBB CAP DBDUP HEALTH ALTROOT
Newpool l.07G l69K l.07G 0% l.OOx ONLINE
Newpooll l.07G l30K l.07G 0% l.OOx ONLINE
Rpool l5.9G 4.l2G ll.SG 25% l.OOx ONLINE
oracle@sllx-servl:-zpool get all newpoollgrep dedup
Newpool dedupditto 0 default
0 newpool dedupratio l.OOx
oracle@sllx-servl:-zfs get all newpool/mydatalgrep dedup
-
I....
newpool/mydata dedup off default
"0 oracle@sllx-servl:-zfs set dedupon newpool/mydata
c oracle@sllx-servl:-zfs get all newpool/mydatalgrep
ct:l
Q) dedup newpool/mydata dedup on local
(..)
ct:l
oracle@sllx-servl:-cp /opt/ora/course_files/bigfile.zip /newpool/mydata/dirl
I.... oracle@sllx-servl:-cp /opt/ora/course_files/bigfile.zip /newpool/mydata/dir2
0 oracle@sllx-servl:-cp /opt/ora/course_files/bigfile.zip /newpool/mydata/dir3
oracle@sllx-servl:-zpool list
NAMB SIZB ALLOC FRBB CAP DBDUP HEALTH ALTROOT
Newpool l.07G 302M 794M 27% 3.00x ONLINE
Newpooll l.07G l30K l.07G 0% l.OOx ONLINE
Rpool l5.9G 4.l2G ll.SG 25% l.OOx ONLINE
oracle@sllx-servl:- zpool get all newpoollgrep dedup
Newpool dedupditto 0 default
Newpool dedupratio 3.00x
. . ,. ,........-..
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c ct:l
0
c
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
In enabled. The properties show that deduplication is currently disabled. Next, you enable
this deduplication. You copy the same file to the three different directories in the file system that
exa
mpl has deduplication enabled. Finally, you recheck the ZFS properties and find that the deduped
e, file system has a deduplication factor of3.
you
che
ck
the
ZF
S
pro
pert
ies
to
det
erm
ine
wh
eth
er
ded
upli
cati
on
has
bee
n
Agenda
"0
0
Configuring ZFS Deduplication
c
ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
- Storage Network
ORACLe
Copyright 2011, Oracle and/or Hs affiliates.All rights reserved.
Benefits:
The iSCSI protocol runs across existing Ethernet networks.
Existing Fibre Channel devices can be connected to clients
without the cost of Fibre Channel HBAs.
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Transition to Oracle Solaris 11 7 - 24
You can use any supported network interface card (NIC), Ethernet hub, or
Ethernet switch.
The
One IP port can handle multiple iSCSI target devices.
iSC
SI You can use existing infrastructure and management tools for IP networks.
prot Existing Fibre Channel devices can be connected to clients without the cost of Fibre
oco Channel HBAs.
l
run Systems with dedicated arrays can now export replicated storage with ZFS or UFS file
s systems.
acr There is no upper limit on the maximum number of configured iSCSI target devices.
oss
The protocol can be used to connect to Fibre Channel or iSCSI Storage Area Network
exis
ting (SAN) environments with the appropriate hardware.
Eth
ern
et
net
wor
ks.
-
I....
0
"0
c
ro
Q)
(.)
ro
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ro
c
:::J
Configuring COMSTAR
..c
:::J
0
>
c
>.
c..
0
0
"0
..)Q..
..
..c
..c
0
I....
c..
c
0
:..c
s
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
Enable
initiator
service.
..e\\'<. Access the iSCSI disk.
. Ae. Use the format utility to identify the iSCSI LUN information.
Configur
e the - Create a ZFS file system on the iSCSI LUN.
target ORACLE.
device Copyright 2011, Oracle and/or its affiliates. All rights reserved.
discover
y
method.
Tasks required for configuring COMSTAR:
Reconfig
ure Install the storage-server software package: This package contains all the software
I dev required to configure SCSI targets. The storage-server software package is installed on
namespathe system that provides the storage devices.
ce Create an iSCSILUN: This task is performed on the system that provides the disk
recogniz volumes. The disk volume provided by the server is referred to as the target. When the
e the
iSCSI LUN is associated with an iSCSI target, it can be accessed by an iSCSI initiator. This
task involves:
dis
Enabling the stmf service
Identifying a disk volume to serve as the SCSI target
Running the stmfadm utility to create a LUN
Making the LUN viewable to the initiators
Create the iSCSI target: This task is performed on the system that provides the disk
volumes. This task involves:
Enabling the target service
Running the tadm utility to create an iSCSI target
Enabling initiator service
Configuring the target device discovery method
Reconfiguring the 1dev namespace to recognize the iSCSI disk
Access the iSCSI disk: This task is performed on the initiator client host. This task
involves:
Using the format utility to identify the iSCSI LUN information
Creating a ZFS file system on the iSCSI LUN
-
I....
0
"0
c
ct:l
Q)
(.) ct:l I....
0
0
(\J
..c
0 >
c
>.
c..
0
0
"0
Q )
... ... ..
..c
I....
0
c
0
:.;:::::;
(.)
"0
I.... e
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
-
I....
0
"0
Configure ZFS deduplication
c
ro Configure COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
J
Migrating UFS and ZFS file systems
Splitting a mirrored ZFS storage pool
Identifying ZFS snapshot differences
-
I....
0
"0
Configuring ZFS deduplication
c
ro Configuring COMSTAR
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
Cl)
2
-
I...
"0
c
ct:l
Q)
(..)
ct:l
I...
0
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
I...
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I...
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Oracle Solaris 11 Security Enhancements
-
I....
0
"0
c
ct:l
Q)
(..)
ct:l
I....
0
-
"<""""
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...). ORACLE'
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ct:l
c
:::J
Objectives
"0
0
Use the Basic Audit Reporting Tool (BART) to audit
c
ro system files
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Secure by Default
Root account as a role
RBAC kernel enhancements
Oracle Solaris Cryptographic Framework
-
I....
"0
0
ZFS dataset encryption
c
ro Basic Auditing Reporting Tool (BART)
Q)
(..)
ro
I.... Labeled IPsec
0
-
"<""""
Trusted Extension enhancements
"<""""
0
(\J
..c
0
>c
>.
c..
0
0 ORACLE.
"0
..Q) ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
A release of the Oracle Solaris 11 operating system, including the following:
nu
mb Secure by Default: Oracle Solaris 11 provides a fully Secure by Default environment.
er Oracle Solaris Secure by Default reduces the attack surface of the Oracle Solaris OS by
of disabling as many network services as possible while still leaving a useful system. In
imp this way, the number of exposed network services is dramatically reduced. With
orta automatic Secure by Default, network services are disabled by default or set to listen for
nt
sec local system communications only.
urit Root account as a role: Oracle Solaris 11 implements a role for root. The root as a role
y option was first delivered in Solaris 8 (1998). What is different in Oracle Solaris 11 is that
feat
ure this option is enabled by default during installation. The advantage of root as a role is
s that it ensures that administrative actions done by the root account are attributable to a
and real (unique) person. Because you must have at least one user who is authorized to
enh assume the root role, a standard user account (which can assume that role) is
anc automatically created during the installation process. If you do not want this feature, you
em
ent can revert to Solaris 10 behavior by running the following command:
s # rolemod -K type=normal root
hav
e
bee
n
intr
odu
ced
with
the
RBAC kernel enhancements: In Oracle Solaris 11, an in-kernel pfexec
implementation is used to execute administrative commands requiring a higher privilege
level. Unlike in Solaris 10, in Oracle Solaris 11 the pfexec program is no longer a
privileged program, so it cannot pass any privileges to other programs. Instead, it sets a
process execution mode flag that specifies that all subsequent executions are subject to
the RBAC policy specified in rights profiles. You use the usermod -P command to
Cl) delegate administrative privileges to trusted users.
Q
...) ... Unlike in Solaris 10, the process privileges of setuid-to-root binaries are also specified
..
ro by using RBAC. A new rights profile, Forced Privileges, specifies the required privilege
!i= set for these applications, instead of granting all privileges. This significantly reduces the
ro potential to be an attack vector against the system.
1l Oracle Solaris 11 adds new privileges: file read, file write, and net access. These
-
I....
0 privileges restrict read, write, and outbound network access. Additionally, a new rights
"0
c profile, Stop, removes default authorizations and execution rights from specific users
ro
Q)
facilitating the creation of restricted execution environments.
(..)
ro
I.... Oracle Solaris Cryptographic Framework: Cryptography is the science of encrypting
0 and decrypting data. Cryptographic services provide authentication and encryption
"<""""
"<"""" mechanisms to applications and users. Central to the Oracle Solaris Cryptographic
0
(\J Framework is the pktool command. The pktool command allows you to manage the
..c
certificates and keys on multiple keystores including PKCS#11 tokens, Netscape
0 >
Security Services (NSS) tokens, and standard file-based keystores for OpenSSL. Oracle
c Solaris Cryptographic Framework now supports the NSA Suite B algorithms.
>.
c..
0 ZFS Dataset Encryption: When using ZFS dataset encryption, the ZFS dataset at rest
0 is encrypted, and can only be mounted by a user who can supply the cryptographic key
"0
Q ) that is associated with the ZFS dataset. When the file system is mounted, it is no longer
... ... ..
..c cryptographically protected. Instead, normal Solaris access controls (ACLs, permission
..c bits, containment) apply. Encryption can be specified at the pool or dataset level (per
0
I....
c.. mount point), and each dataset can have a unique encryption key. This is in contrast to
c systems that do whole-disk.
0 c
:.;:::::;
::J :::J
.a
........
Cl)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"0
0
I....
c..
Q)
I....
"0
Q)
N
c
0
.....c..
.
::J
ro
ic Audit Reporting Tool: The Basic Audit Reporting Tool (BART) enables you to
comprehensively validate systems by performing file-level checks of one or more
B systems over time. Changes in a BART manifest across systems, or for one system over
a time, can validate the integrity of your systems. BART provides manifest creation,
s manifest comparison, and rules for scripting reports.
Labeled IPsec: When labeled processes in a multilevel secure operating system, such
as Oracle Solaris Trusted Extensions, communicate across system boundaries, their
network traffic needs to be labeled and protected. Traditionally, this requirement is met
by using a physically separate network infrastructure to ensure that data belonging to
different labeled domains stays in separate physical infrastructures. Labeled IPsec/IKE,
which is new in Oracle Solaris 11, enables customers to reuse the same physical
network infrastructure for labeled communications by transferring labeled data within
separate labeled IPsec security associations, removing the need for a redundant and
expensive physical network infrastructure.
Trusted Extension enhancements: To enable greater flexibility and security, Trusted
Extensions now enables per-label and per-user credentials allowing administrators to
-
I....
0 require a unique password for each label. This password is in addition to the session
""0
c login password, thereby allowing administrators to set a per-zone encryption key for
ct:l
Q)
each label of every user's home directory. Trusted Extensions has now also added
(.) support to explicitly set security labels on ZFS datasets, ensuring that ZFS file systems
0
ct:l
I....
" label cannot be mounted on a zone of a different label, and thus
for a specific security
cannot inadvertently upgrade or downgrade the classification of dat
0
(\J
..c
0
>
c
>.
c..
0
0
""0
Q
... ...
)
..
..c
e
........
rJ)
""0
I....
0
c
0
:.;:::::;
(.)
::J
" "
e
0 c..
Q)
I....
""0
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Oracle Solaris Cryptographic Framework
-
I....
0 User commands
"0
c
ro Binary signatures for third-party software
Q)
(..)
ro
.
I....
0
"<""""
-
"<""""
0
(\J
0 ..Q...)
"0 ORACLE.
..c Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..c
0
I....
c..
c Cryptographic services provide authentication and encryption mechanisms to applications
0
:.;:::::; and users.
::J
..c Administrator commands: The framework provides commands for administrators, for
......
rJ) users, and for developers who supply providers. The cryptoadm command administers
"0
I....
a running cryptographic framework. The command is part of the CryptoManagement
0 rights profile. This profile can be assigned to a role for secure administration of the
c cryptographic framework. The cryptoadm command allows you to:
0
:.;:::::;
(..)
::J Display cryptographic provider information
" Disable or enable provider mechanisms
0
e Disable or enable the metaslot
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
-
I....
User commands: The Oracle Solaris Cryptographic Framework provides user-level
0 commands to check the integrity of files, to encrypt files, and to decrypt files.
"0
c - digest command: Computes a message digest for one or more files or for stdin.
ct:l
Q) A digest is useful for verifying the integrity of a file. SHA1 and MD5 are examples of
(.)
ct:l digest functions.
I....
0 - mac command: Computes a message authentication code (MAC) for one or more files
or for stdin. A MAC associates data with an authenticated message. A MAC enables a
receiver to verify that the message came from the sender and that the message has not
been tampered with. The sha1_mac and md5_hmac mechanisms can compute a MAC.
- encrypt command: Encrypts files or stdin with a symmetric cipher. The encrypt
-1 command lists the algorithms that are available. Mechanisms that are listed under a
user-levellibrary are available to the encrypt command. The framework providesAES,
DES, 3DES (Triple-DES), and ARCFOUR mechanisms for user encryption.
"0 - decrypt command: Decrypts files or stdin that were encrypted with the
Q )
... ... encrypt command. The decrypt command uses the identicalkey and
..
..c mechanism that were used to encrypt the original file.
..c - pktool command: Allows you to manage the certificates and keys on multiple
0
I....
c.. keystores, including PKCS#11 tokens, Netscape Security Services (NSS) tokens, and
c standard file-based keystore for OpenSSL.
0
:.;:::::;
::J Binary signatures for third-party software: The elf sign command provides a means to
.a sign providers to be used with the Oracle Solaris Cryptographic Framework. Typically, this
........
rJ)
command is run by the developerofa provider. The elfsigncommand has subcommands
"0
I.... to request a certificate from Oracle and to sign binaries. Another subcommand verifies the
0
c signature. Unsigned binaries cannot be used by the Oracle Solaris Cryptographic Framework.
0 Signing one or more providers requires the certificate from Oracle and the private key that
:.;:::::;
(.)
::J was used to request the certificate.
" 0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c...
::J
ct:l
c
:::J
Administrative Command: Examples
User-level providers:
Provider: /usr/lib/security/$ISA/pkcsll_kernel.so
Provider: /usr/lib/security/
$ISA/pkcsll_softtoken.so Provider:
-
/usr/lib/security/$ISA/pkcsll_tpm.so
I....
0
"0 Kernel software providers:
c des aes
ct:l
Q) arefour
(..) blowfish
ct:l
I.... ecc
0 shal
sha2
md4
mdS
rsa
swrand
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 8-
10
The system. Providers are cryptographic services that consumers use. Because providers plug in
cry to the framework, they are also called "plugins." The cryptoadm list command separates
pto
ad
the providers into three categories: user-level providers, kernel software providers, and kernel
m hardware providers.
li
st
co
mm
and
dis
pla
ys
a
list
of
the
pro
vid
ers
curr
entl
y
inst
alle
d
in
the
status: enabled
Sensitive Token Object Automatic Migrate: enabled
Persistent object store slot: sun crypto Softtoken
Persistent object store token: sun Software PKCS#ll softtoken
oracle@sllx-servl:-# cryptoadm list -m provider=aes
- aes:
I....
0
"0 CKM_AES_ECB,CKM_AES_CBC,CKM_AES_CTR,CKM_AES_CCM,CKM_AES_GCM,CKM_AES_GMAC
c oracle@sllx-servl:-# cryptoadm list -p
ct:l
Q) provider=aes aes: all mechanisms are enabled.
(..) oracle@sllx-servl:-# cryptoadm disable provider=aes
ct:l
I.... mechanism=CKM AES GMAC
0 oracle@sllx-servl:-# cryptoadm list -p provider=aes
aes: all mechanisms are enabled, except CKM_AES_GMAC.
oracle@sllx-servl:-# cryptoadm enable provider=aes
mechanism=CKM AES GMAC
oracle@sllx-servl:-# cryptoadm list -p provider=aes
aes: all mechanisms are enabled.
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
The metaslot. A metaslot is a single slot that presents a union of the capabilities of other slots that
cry are loaded in the framework. The metaslot eases the work of dealing with all of the
pto
capabilities of the providers that are available through the framework. When an application
ad
m that uses the metaslot requests an operation, the metaslot figures out which actual slot should
li perform the operation. Metaslot capabilities are configurable, but configuration is not required.
st The metaslot is on by default.
m
eta The cryptoadm list -m command displays a list of mechanisms that can be used with the
slo installed providers or metaslot.
ts
co A mechanism is the application of a mode of an algorithm for a particular purpose.
mm Cryptographic algorithms are established, recursive computational procedures that encrypt or
and hash input. Encryption algorithms can be symmetric or asymmetric. Symmetric algorithms use
dis the same key for encryption and decryption. Asymmetric algorithms, which are used in public
pla key cryptography, require two keys. Hashing functions are also algorithms. If a provider is
ys
the specified, display the name of the specified provider and the mechanism list that can be used
sys with that provider. If the metaslot keyword is specified, display the list of mechanisms that can
tem be used with the metaslot.
wid
e
con
figu
rati
on
for
a
The cryptoadm list -p command displays the mechanism policy (that is, which
mechanisms are available and which are not) for the installed providers.
The cryptoadm disable and cryptoadm enable commands allow you to disable or
enable provider mechanisms.
-
I....
0
"0
c
ct:l
Q)
(.)
ct:l
I....
0
(\J
..c
0
>
c
>.
c..
0
0
"0
Q
... ...
)
..
..c
I....
0
c
0
:.;:::::;
(.)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 8-
12
:::J
oracle@s11x-serv1:-# digest -1
sha1
md5
sha256
sha384
Sha512
oracle@s11x-serv1:-# digest -a sha1 /etc/release
-
I.... E64eb9c537f90f6cbaOcfd1e6b39fe9dd33cf552
0 oracle@s11x-serv1:-# mac -1
"0 Algorithm Keysize: Min Max (bits)
c
ct:l
Q)
(..)
des mac 64 64
ct:l sha1 hmac 8 512
I....
"0
Q
... ... Copyright
)
.. 2011,
..c Oracle
..c and/or its
0 affiliates.
I....
c.. All rights
c reserved.
0
:.;:::::;
::J
..c
........ This slide
rJ)
"0
shows digest
I.... and mac
0
c command
0 usage.
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
:::J
O
R
A
CL
E'
User Command: Examples
-
I.... cangetin oracles11x-serv1:-# pktool list objtype=key
0 Enter PIN for sun Software PKCS#11 softtoken: cangetin
"0
c Found 1 symmetric keys.
ct:l Key #1 - AES: myaeskey (256 bits)
Q)
(..)
oracles11x-serv1:-# cat /newpool/mydata/newfile
ct:l This is a test.
I....
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I.... This slide shows pktool, encrypt, and decrypt command usage.
c..
c
0
:.;:::::; c
::J :::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
Transition to Oracle Solaris 11 8 - 14
subcommand changes the passphrase used to authenticate a user to the softtoken object
store. setpin prompts you for the old passphrase. If the old passphrase matches, pktool
The prompts for the new passphrase twice. If the two entries of the new passphrase match, it will
pk become the current passphrase for the token. The default passphrase is changeme.
to
ol The pktool genkey command generates a symmetric key in the specified keystore. The
co genkey subcommand prompts the user to enter a PIN for a token-based keystore.
mm Next, the slide display shows the contents of the /nevvpool/mydata/newfile text file. The
and encrypt command is used with the new key to encrypt this file. The next command shows
allo that the file is now encrypted. Finally, the file is decrypted by using the same key.
ws
use
rs
to
ma
nag
e
the
soft
tok
en
obj
ect
stor
e.
The
set
pi
n
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
ZFS Dataset Encryption
..c
0
Data is encrypted by using AES.
>
c ZFS encryption uses the Oracle Solaris Cryptographic
>.
c..
0
0
Framework. .
"0
..) Q... ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.
..c
..c
0
I....
c..
c Benefits of ZFS encryption include the following:
0
:.;:::::; :::J
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
Transition to Oracle Solaris 11 8-
16
encryption operations, such as key changes and rekey, are performed online.
You can use your existing storage pools as long as they are upgraded. You have the
ZF
flexibility of encrypting specific file systems.
S
enc ZFS encryption is inheritable to descendent file systems. Key management can be
rypt delegated through ZFS-delegated administration.
ion Data is encrypted by using AES (Advanced Encryption Standard) with key lengths of
is 128,192, and 256 in the CCM and GCM operation modes.
inte
grat ZFS encryption uses the Oracle Solaris Cryptographic Framework, which automatically
ed gives it access to any available hardware acceleration or optimized software
with implementations of the encryption algorithms.
the
ZF
S
co
mm
and
set.
Lik
e
oth
er
ZF
S
ope
rati
ons
,
-
I.... oracle@sllx-servl:-# zfs get encryption encryptedpool/mysecrets
0 NAME PROPERTY VALU SOURCE
"0
c encryptedpool/mysecrets encryption on local
ct:l oracle@sllx-servl:-# zfs get keysource encryptedpool/mysecrets NAME
Q)
(..)
PROPERTY VALUE SOURCE
ct:l encryptedpool/mysecrets keysource passphrase,prompt inherited from
I....
0 encryptedpool
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0 This slide shows an example of encrypting a ZFS pool.
I....
c..
c
0
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
In ample, first we create a ZFS pool named encryptedpool with the encryption property
thi set to on. Then we create a ZFS file system named mysecrets in the encrypted pool.
s The keysource property of the mysecrets file system shows that encryption
ex (passphrase prompt) was inherited from the encrypted ZFS pool.
I
ZFS File System Encryption: Example
-
I....
0 oracle@sllx-servl:-# zfs get keysource newpool/mysecretdata
"0 NAME PROPERTY VALUE SOURCE
c newpool/mysecretdata encryption aes-256-ccm local
ct:l
Q) oracle@sllx-servl:-# zfs get keysource newpool/mysecretdata
(..) NAME PROPERTY VALUE SOURCE
ct:l
I.... newpool/mysecretdata keysource raw,file:///myzfskey local
0
"0
Q ORACLE'
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 8-
18
Thi In this example, first we generate a keystore file named /myf skey. Then we create a ZFS file
s system named mysecretdata with the /myfskey keystore file. The keysource property of
slid the mysecretdata file system shows that the encryption key source comes from the
e
sho /myf skey keystore file.
ws
an
exa
mpl
e
of
enc
rypt
ing
a
ZF
S
file
sys
tem
wit
hin
a
poo
l.
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
..Q...).
ORACLE.
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J
Basic Audit Reporting Tool (BART)
BART:
Is a tool that performs a file-level check of the software
contents of a system
Enables you to determine what file-level changes have
-
I....
0 occurred on a system
"0
c Compares changes to a known baseline
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
..)Q..
..
..c
..c
0
I....
c..
c c
0 :::J
:.;:::::;
::J
..c
......
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
Transition to Oracle Solaris 11 8 - 20
BA allows you to quickly, easily, and reliably gather information about the components of the
RT software stack that is installed on deployed systems. Using BART can greatly reduce the
is a
tool costs of administering a network of systems by simplifying time-consuming administrative
that tasks.
per BART enables you to determine what file-level changes have occurred on a system, relative
for
ms to a known baseline. You use BART to create a baseline or control manifest from a fully
a installed and configured system. You can then compare this baseline with a snapshot of the
file- system at a later time, generating a report that lists file-level changes that have occurred on
lev the system since it was installed.
el
che
ck
of
the
soft
war
e
con
tent
s
of a
sys
tem
.
BA
RT
oracle@s11x-serv1:/var/tmp# vi bartrules
IGNORE all
/export/home/oracle
CHECK all
oracle@s11x-serv1:/var/tmp# bart create -r bartrules > \
bart-'hostname'-'date '+%d%m%Y-%H:%M:%S''
-
I.... oracle@s11x-serv1:/var/tmp# ls bart*
0 bart-s11x-serv1-12042011-17:04:35 bartrules
"0
c oracle@s11x-serv1:/var/tmp# touch /export/home/oracle/newfile
ct:l oracle@s11x-serv1:/var/tmp# bart create -r bartrules > \
Q)
bart-'hostname'-'date '+%d%m%Y-%H:%M:%S''
(..)
ct:l oracle@s11x-serv1:/var/tmp# ls bart*
I....
0 bart-s11x-serv1-12042011-17:04:35 bartrules
bart-s11x-serv1-12042011-17:08:34
oracle@s11x-serv1:/var/tmp# bart compare \
bart-s11x-serv1-12042011-17:04:35 \
bart-s11x-serv1-12042011-17:08:34
/export/home/oracle:
size control:38 test:39
/export/home/oracle/newfile:
add
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0 The slide shows an example of using BART.
I....
c..
c
0
:.;:::::; :::J
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
In create a BART rules file. In this case, BART ignores all file changes on the system except for
thi the file changes in the /export/home/oracle directory. Then you run the BART report by
s using the BART rules file to create a comparison baseline. In a bart compare report, the
ex baseline is indicated by the "control" field.
am Next, a new file is created in the I export/home/ oracle directory and a second BART
ple report is generated. The second BART report is used to compare against the baseline report
,
created earlier. In a bart compare report, the BART report to be compared against the
firs
baseline is indicated by the "test" field.
t
yo Finally, bart compare is run by using the baseline (control) and test BART report. The
u results show that I export/home/ oracle directory size was changed and
/export/home/oracle/newfile was added.
BART: Example
oracle@s11x-serv1:/var/tmp# vi /export/home/oracle/newfile
This is a test.
oracle@s11x-serv1:/var/tmp# bart create -r bartrules > \
bart-'hostname'-'date '+%d%m%Y-%H:%M:%S''
oracle@s11x-serv1:/var/tmp# ls bart*
-
bart-s11x-serv1-12042011-17:04:35 bart-s11x-serv1-12042011-17:11:50
I....
0 bart-s11x-serv1-12042011-17:08:34 bartrules
"0 oracle@s11x-serv1:/var/tmp# bart compare bart-s11x-serv1-12042011-
c 17:08:34 bart-s11x-serv1-12042011-17:11:50
ct:l
Q) /export/home/oracle/newfile:
(..) size control:O test:16
ct:l
I.... mtime control:4da4db66 test:4da4dc11
0 contents control:d41d8cd98fOOb204e9800998ecf8427e
test:02bcabffffd16feOfc250f08cad95eOc
"0 ORACLE'
Q
... ... Copyright 2011, Oracle and/or its affiliates. All rights reserved.
)
..
..c
..c
0
I....
c..
c :::J
0
:.;:::::;
::J
..c
........
rJ)
"0
I....
0
c
0
:.;:::::;
(..)
::J
"
0
e
c..
Q)
I....
"0
Q)
N
c
0
.....c.
..
::J
ct:l
c
Transition to Oracle Solaris 11 8 - 22
Ne BART report is run. Using the second BART report, a new baseline is run against the third
xt, BART report. The results show that in the "test" report, I export/home/ oracle/newfile
a has grown by 16 bytes. The modified timestamp and file contents have changed.
text
me
ssa
ge
is
add
ed
to
the
Ie
xp
ort
/h
o
me
/
or
ac
le/
ne
wf
ile
file
and
a
thir
d
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0
"0
ORACLE.
..Q...).
Copyright 2011, Oracle and/or its affiliates. All rights reserved.
K
......
Practice 8 Overview:
Oracle Solaris 11 Security Enhancements
This practice covers the following topics:
Managing encryption keys
Configuring a ZFS encrypted pool
Configuring a ZFS encrypted file system
-
I....
0
"0
c Exploring the Basic Audit Reporting Tool
ro
Q)
(..)
ro
I....
0
"<""""
-
"<""""
0
(\J
..c
0
>
c
>.
c..
0
0 ORACLE.
"0
..Q.. Copyright 2011, Oracle and/or its affiliates. All rights reserved.
.).
0
e
c..
Q)
I....
"0
Q)
N
c
0
....c
..
::J
ro
c
:::J