THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Activity Guide
D73488GC11 Edition 1.1 November 2011 D74867
Oracle University and BOS-it GmbH & Co.KG use only
Transition to Oracle Solaris 11
Disclaimer This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle. The information contained in this document is subject to change without notice. If you find any problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not warranted to be error-free. Restricted Rights Notice If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United States Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract. Trademark Notice Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Author David Giroux Technical Contributors and Reviewers Alta Elstad, Glenn Faden, Glynn Foster, Dave Miner, John Powell, Gary Riseborough, Bart Smaalders This book was published using:
Oracle Tutor
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1: Course Introduction.................................................................................................1-1 Practices for Lesson 1....................................................................................................................................1-2 Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements .................2-1 Practices for Lesson 2....................................................................................................................................2-2 Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express ..................................3-1 Practices for Lesson 3....................................................................................................................................3-2 Practice 3-1: Configuring a Local IPS Package Repository ...........................................................................3-4 Practice 3-2: Configuring a Network Client to Access the IPS Server ............................................................3-8 Practice 3-3: Updating the Oracle Solaris 11 Image ......................................................................................3-10 Practice 3-4: Managing Software Packages ..................................................................................................3-11 Practice 3-5: Publishing a New Package .......................................................................................................3-21 Practice 3-6: Managing the Boot Environments .............................................................................................3-27 Practice 3-7: Testing Your Skills and Knowledge ...........................................................................................3-32 Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System ...............................................4-1 Practices for Lesson 4....................................................................................................................................4-2 Practice 4-1: Installing the Oracle Solaris 11 OS by Using the Text Installer .................................................4-4 Practice 4-2: Installing the Oracle Solaris 11 OS by Using the LiveCD Installer ............................................4-6 Practice 4-3: Installing the Oracle Solaris 11 OS by Using the Automated Installer .......................................4-9 Practice 4-4: Configuring Oracle Solaris 11 Instances ...................................................................................4-19 Practice 4-5: Customizing the Automated Installation ....................................................................................4-29 Practice 4-6: Test Your Skills and Knowledge ...............................................................................................4-39 Practices for Lesson 5: Administering Oracle Solaris 11 Zones .................................................................5-1 Practices for Lesson 5....................................................................................................................................5-2 Practice 5-1: Migrating an Oracle Solaris 10 Zone to Oracle Solaris 11 ........................................................5-4 Practice 5-2: Migrating an Oracle Solaris 10 Global Zone to Oracle Solaris 11 (P2V) ...................................5-10 Practice 5-3: Monitoring Zone Resource Utilization .......................................................................................5-16 Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements .............................................6-1 Practices for Lesson 6....................................................................................................................................6-2 Practice 6-1: Managing NWAM ......................................................................................................................6-4 Practice 6-2: Exploring the Capabilities of the ipadm Utility ...........................................................................6-12 Practice 6-3: Configuring Network Virtualization ............................................................................................6-16 Practice 6-4: Configuring IPMP ......................................................................................................................6-30 Practice 6-5: Configuring a Network Bridge ...................................................................................................6-44 Practice 6-6: Configuring a Link Aggregation .................................................................................................6-47 Practice 6-7: Monitoring the Network .............................................................................................................6-49 Practice 6-8: Test Your Skills and Knowledge ...............................................................................................6-58 Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements .............................................................7-1 Practices for Lesson 7....................................................................................................................................7-2 Practice 7-1: Migrating a ZFS File System .....................................................................................................7-5 Practice 7-2: Splitting a Mirrored ZFS Storage Pool.......................................................................................7-10 Practice 7-3: Identifying ZFS Snapshot Differences .......................................................................................7-14 Practice 7-4: Configuring ZFS Deduplication .................................................................................................7-15 Practice 7-5: Configuring a COMSTAR iSCSI Target ....................................................................................7-17 Practice 7-6: Test Your Skills and Knowledge ...............................................................................................7-22 Practices for Lesson 8: Oracle Solaris 11 Security Enhancements ............................................................8-1 Practices for Lesson 8....................................................................................................................................8-2
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Table of Contents
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 8-1: Managing Encryption Keys .......................................................................................................8-4 Practice 8-2: Configuring a ZFS Encrypted Storage Pool ..............................................................................8-6 Practice 8-3: Configuring a ZFS Encrypted File System ................................................................................8-9 Practice 8-4: Configuring Read-Only Zones ...................................................................................................8-10 Practice 8-5: Configuring the Basic Audit Reporting Tool (BART) .................................................................8-14
Chapter 1
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1: Course Introduction Chapter 1 - Page 1
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 1: Course Introduction
Practices Overview There is no practice for Lesson 1.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 1
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1: Course Introduction Chapter 1 - Page 2
Chapter 2
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements Chapter 2 - Page 1
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements
Practices Overview There is no practice for Lesson 2.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 2
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements Chapter 2 - Page 2
Chapter 3
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 1
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express
Practices Overview The managing software updates practices introduce you to the Image Packaging System (IPS). These practices provide a guided, hands-on experience with managing software packages by using IPS. During the practices, you apply package management best practices applicable to the Oracle Solaris 11 operating system. The key areas explored in the practices are: • Configuring an IPS package repository • Configuring network clients to access IPS • Updating the current OS image (demonstration) • Managing software updates using IPS • Publishing a new package • Managing boot environments • Testing your skills and knowledge
Assumptions Your lab environment is based on the Oracle VM VirtualBox virtualization software. VirtualBox is a cross-platform virtualization application. It extends the capabilities of your existing computer so that it can run multiple operating systems (inside multiple virtual machines) at the same time. The following illustration shows the VirtualBox manager interface.
Figure 1: Oracle VM VirtualBox Manager Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 2
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 3
Figure 2: Lab Network Topology Each virtual machine (VM) plays an import role in your lab as follows: • Sol11 SuperServer: This VM provides network services, such as DNS, used by the VMs in the lab. Note: The Sol11 SuperServer VM must be started before any additional virtual machines are started. The Sol11 SuperServer must always be running to perform the labs in this guide. • Sol11 Server1: This is the server in which you will configure IPS services. • Sol11 Desktop: This is the IPS client machine. Note: When performing your labs, power-off any unnecessary virtual machines. This helps improve overall lab performance. Note: When launching a virtual machine for the first time, you might see the First Run Wizard appear. Click the Cancel button to continue.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 3
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
The virtual machines (VMs) are configured on a private internal network (192.168.0). Each VM can communicate with other VMs on the same private network (see Figure 2) but cannot communicate with the local host machine or other machines on the same network as the local host machine.
Overview IPS manages software in units of packages. An IPS package is a collection of directories, files, links, drivers, dependencies, groups, users, and license information in a defined format. This collection represents the installable objects of a package. Packages have attributes such as a package name and description. When you install or upgrade to the Oracle Solaris 11 release, the system initially has one publisher configured: the solaris publisher. The default publisher has the following repository origin: http://pkg.oracle.com/solaris/release/ You can create your own local package repository. Having a local package repository is necessary when your network clients do not have access to the web-based default repository. Other reasons you might want to have a local copy of a package repository include: • Performance: Having a local package repository allows clients to access packages at local network speeds. • Security: You might not want your clients systems to have access to the Internet. • Replication: You want to ensure that an installation that you perform next year is exactly the same as the installation you perform today. In your lab environment, your virtual machine client cannot access the default publisher for software update services. So your first task will be to create your own local package repository and make it the default publisher so that the network client can be serviced by IPS.
Before You Begin When creating a local package repository, you must first download the Oracle Solaris 11 repository image from the following site: http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html. The repository image provides you with a complete archive of software packages to allow you to set up a local network IPS repository that client systems can connect to. The repository image is provided in two parts that must be concatenated. You use the following command-line instructions to successfully create a full ISO image that can be burned to a duallayer DVD or directly mounted using the lofiadm command. You download parts A and B of the repository ISO by clicking these links: • Download Part A SPARC, x86 (2 GB) • Download Part B SPARC, x86 (2 GB) The following commands are used to concatenate parts A and B: $ unzip sol-11-xxx-xxx-repo-full-iso-a.zip $ unzip sol-11-xxx-xxx-repo-full-iso-b.zip $ cat sol-11-xxx-xxx-repo-full.iso-a sol-11-xxx-xxx-repo-full.iso-b > sol-11-xxx-xxx-repo-full.iso Note: For training purposes, these steps have already been performed for you. Note: The responses to the commands shown in practice are examples only. The values you see during your lab experience might vary slightly. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 4
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 3-1: Configuring a Local IPS Package Repository
Perform these steps on the Sol11-Server1 machine to configure a local IPS package repository: 1. Verify that the Sol11-SuperServer and Sol11-Server1 virtual machines are running. This can be determined by starting the Oracle VM VirtualBox Manager utility (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start the Sol11-SuperServer VM first, followed by the Sol11-Server1 virtual machine. 2. Log in to virtual machine Sol11-Server1 as user oracle. Use the password oracle1. 3.
Run the su command to assume primary administrator privileges. oracle@s11-serv1:~$ su – Password: oracle1 root@s11-serv1:~#
4. Determine the hostname of this server. root@s11-serv1:~# hostname s11-serv1 5. Verify that this server can access DNS services. root@s11-serv1:~# nslookup s11-serv1 Server: 192.168.0.100 Address: 192.168.0.100#53 Name: Address: 6.
s11-serv1.mydomain.com 192.168.0.112
Verify that the /export/IPS file system has been configured on the system. root@s11-serv1:~# zpool list NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT rpool 32G 9.47G 22.5G 29% 1.00x ONLINE root@s11-serv1:~# zfs list NAME USED AVAIL REFER MOUNTPOINT rpool 9.54G 22.0G 39K /rpool rpool/ROOT 1.80G 22.0G 31K legacy rpool/ROOT/solaris 1.80G 22.0G 1.53G / rpool/ROOT/solaris/var 217M 22.0G 215M /var rpool/dump 1.03G 22.0G 1.00G rpool/export 5.68G 22.0G 33K /export rpool/export/IPS 5.68G 22.0G 5.68G /export/IPS rpool/export/home 66K 22.0G 32K /export/home rpool/export/home/oracle 34K 22.0G 34K /export/home/oracle rpool/swap 1.03G 22.0G 1.00G Normally, a local IPS repository has to be manually created on the local server. This involves creating a ZFS file system on the local server for the IPS repository and copying the repository files from the repository ISO image to the local repository. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 5
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Task: Configure a Local IPS Package Repository
7. Assess the current IPS configuration on the Sol11-Server1 system: root@s11-serv1:~# svcs application/pkg/server STATE STIME FMRI disabled 17:00:56 svc:/application/pkg/server:default root@s11-serv1:~# svcprop -p pkg/inst_root application/pkg/server
/var/pkgrepo This system is not currently configured as an IPS server (the service is disabled). Note the default location of the IPS repository determined by the pkg/inst_root property. The /var/pkgrepo directory is not the correct location of your local repository. 8. Determine whether the IPS service is currently available: root@s11-serv1:~# pkg search entire pkg: Unable to contact valid package repository Encountered the following error(s): This is likely a network configuration problem. Framework error: code: 6 reason: Couldn’t resolve host “pkg.oracle.com’ URL: ‘http://pkg.oracle.com/solaris/release’. (happened 4 times) Searching for a package is quick way of determining whether the IPS service is available. Based on the results shown here, this system has no access to the IPS service. 9.
Set the application/pkg/server service pkg/inst_root property to the repository location (/export/IPS/repo). root@s11-serv1:~# svccfg –s application/pkg/server setprop \ pkg/inst_root=/export/IPS/repo root@s11-serv1:~#
10. Set the application/pkg/server service pkg/readonly property to true. root@s11-serv1:~# svccfg –s application/pkg/server setprop \ pkg/readonly=true 11.
Verify the application/pkg/server service inst_root property. root@s11-serv1:~# svcprop -p pkg/inst_root \ application/pkg/server /export/IPS/repo
12. Refresh the application/pkg/server service. root@s11-serv1:~# svcadm refresh application/pkg/server Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 6
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
The following example shows you the steps used to copy the IPS repository from the ISO image to a local ZFS file system. Do not run these commands in this lab. The repository has already been installed on the local server for you. # zfs create -o compression=on rpool/export/IPS # lofiadm –a sol-11-xxx-xxx-repo-full.iso # mount –F hsfs /dev/lofi/1 /mnt # rsync –aP /mnt/repo /export/IPS The package repository is very large (approximately 4.4 gigabytes). Depending on the speed of your host machine, the rsync command can take a couple hours to complete.
root@s11-serv1:~# svcadm enable application/pkg/server 14. Verify that the application/pkg/server service is enabled. root@s11-serv1:~# svcs application/pkg/server STATE STIME FMRI online 17:00:56 svc:/application/pkg/server:default 15. Use the pkgrepo refresh command to refresh the package repository. root@s11-serv1:~# pkgrepo refresh –s /export/IPS/repo Initiating repository refresh. When you create a new package repository, you must refresh the repository catalog so that package search operations will work correctly. This might take several minutes to complete. 16. List the current package publishers. root@s11-serv1:~# pkg publisher PUBLISHER Solaris
TYPE origin
STATUS URI online http://pkg.oracle.com/solaris/release/
The command output shows the current publisher. A publisher is a forward domain name that identifies a person, group of persons, or an organization that publishes one or more packages .The repository type origin is the location of a package repository that contains both package metadata (package manifests and catalogs) and package content (package files). The default publisher URI is http://pkg.oracle.com/solaris/release/. 17. Remove the current publisher URI (http://pkg.oracle.com/solaris/release/) and add a new URI (http://s11-serv1.mydomain.com) to the preferred publisher name solaris. Show the results. root@s11-serv1:~# pkg set-publisher –G \ http://pkg.oracle.com/solaris/release/ \ –g http://s11-serv1.mydomain.com/ solaris root@s11-serv1:~# pkg publisher PUBLISHER solaris
TYPE origin
STATUS URI online http://s11-serv1.mydomain.com
18. Test IPS on the local server by searching for the entire package. root@s11-serv1:~# pkg search entire INDEX Pkg.fmri
ACTION set
VALUE solaris/entire
PACKAGE pkg:/entire@ 0.5.11-0.175.0.0.0.2.0
19. Display the status of the IPS repository. root@s11-serv1:~# pkgrepo info -s /export/IPS/repo PUBLISHER PACKAGES STATUS UPDATED solaris 4292 online 2011-10-23T20:10:52.513193Z 20. Display the IPS repository description. root@s11-serv1:~# pkgrepo get -s /export/IPS/repo \ repository/description SECTION PROPERTY VALUE repository description This\ repository\ serves\ a\ copy\ of\ the\ Oracle\ Solaris\ 11\ Build\ 175b\ Package\ Repository. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 7
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
13. Enable the application/pkg/server service.
Overview Now that you have a local package repository setup, you must configure the network clients to access the new repository. By default, clients are configured to use the publisher http://pkg.oracle.com/solaris/release/. In this task, you reconfigure the client to access the http://s11-serv1.mydomain.com/ package publisher.
Task: Configure a Network Client to Access the IPS Server Perform these steps on the Sol11-Desktop machine to configure a network client to access the IPS server: 1. Double-click Sol11-Desktop icon to launch the Sol11-Desktop virtual machine. 2. Log in to virtual machine Sol11-Desktop as user oracle. Use the password oracle1. 3. Right-click the desktop background and open a terminal window. 4. In the terminal window, run the su command to assume primary administrator privileges. oracle@s11-desktop:~$ su – Password: oracle1 root@s11-desktop:~# 5.
Verify that this client can access DNS services by resolving the IPS server hostname. root@s11-desktop:~# nslookup s11-serv1 Server: 192.168.0.100 Address: 192.168.0.100#53 Name: Address:
6.
s11-serv1.mydomain.com 192.168.0.112
Verify that this client can ping the IPS server. root@s11-desktop:~# ping s11-serv1 s11-serv1 is alive
7.
List the current package publishers. root@s11-desktop:~# pkg publisher PUBLISHER Solaris
8.
TYPE origin
STATUS URI online http://pkg.oracle.com/solaris/release/
Remove the current publisher URI (http://pkg.oracle.com/solaris/release/) and add a new URI (http://s11-serv1.mydomain.com) to the preferred publisher name solaris. root@s11-desktop:~# # pkg set-publisher –G \ http://pkg.oracle.com/solaris/release/ \ –g http://s11-serv1.mydomain.com/ solaris
9.
Verify that the preferred publisher is http://s11-serv1.mydomain.com/. root@s11-desktop:~# pkg publisher PUBLISHER solaris
TYPE origin
STATUS URI online http://s11-serv1.mydomain.com/
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 8
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 3-2: Configuring a Network Client to Access the IPS Server
11. Using the package repository browser, search for the entire package:
12. Close the Firefox browser. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 9
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
10. Test the client access to the IPS server by opening the http://s11-serv1.mydomain.com URL in the Firefox browser.
Overview IPS allows you to update the OS image to a new version of Oracle Solaris 11. Each package in the image is updated from the publisher that provided the current installed version. If the original publisher is non-sticky, then a newer version of the package that is compatible with this image could be installed from another publisher. If a publisher is non-sticky, then a package that was installed from this publisher could be updated from another publisher. A newly-added publisher is sticky by default. You can use the pkg set-publisher command to set a publisher as sticky or non-sticky. A new boot environment (BE) is created when a full image update is performed. When the system creates a new BE for the update, you can edit the default BE name. When you are satisfied with the BE name, restart your system immediately. You must restart to boot into the new BE. The new BE will be your default boot choice. Your current BE will be available as an alternate boot choice.
Demonstration For this practice, we’ve provided you with two Oracle Solaris 11 image update demonstrations. The first demonstration shows you how to update an image using the pkg update command. The second demonstration shows you how to update an image using the Package Manager GUI. Demonstration: - Updating an Image Using the pkg update Command Demonstration: - Updating an Image Using Package Manager Check with your instructor for demonstration availability.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 10
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 3-3: Updating the Oracle Solaris 11 Image
Overview After you have made the IPS server available to the network clients, the client system administrators have the option to manage software updates either by using CLI commands or by using GUI-based utilities. In this task, you work with the CLI commands and GUI-based utilities to perform common software update tasks such as adding, removing, and searching for packages. You also learn how to perform a “dry run” on package installations, which enables you to see the changes that will occur on the system when a package is installed, without actually installing the package. To demonstrate the IPS capabilities, you manage the apptrace software package. To run this lab, you must be logged in to the Sol11-Desktop virtual machine as the oracle user and have obtained primary administrator privileges. See Practice 3-2 if you need help.
Task: Manage Software Packages To begin, you manage client packages using the pkg command. Perform these steps to manage software packages: 1. In a terminal window on the Sol11-Desktop virtual machine, determine whether the apptrace software packages are current installed. root@s11-desktop:~# pkg list apptrace pkg list: no packages matching ‘apptrace’ installed 2.
Search the IPS package repository for the apptrace software package. root@s11-desktop:~# pkg search apptrace INDEX ACTION VALUE PACKAGE pkg.description set Apptrace utility for application tracing, including shared objects pkg:/developer/
[email protected] pkg.summary set Apptrace Utility pkg:/developer/
[email protected] basename file usr/bin/apptrace pkg:/developer/
[email protected] pkg.fmri set solaris/developer/apptrace pkg:/developer/
[email protected]
3.
Display detailed information about the apptrace package. root@s11-desktop:~# pkg info -r apptrace Name: developer/apptrace Summary: Apptrace Utility Description: Apptrace utility for application tracing, including shared objects Category: Development/System State: Not installed Publisher: solaris Version: 0.5.11 Build Release: 5.11 Branch: 0.175.0.0.0.2.1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 11
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 3-4: Managing Software Packages
4.
Perform a “dry run” on the apptrace package installation. root@s11-desktop:~# pkg install -nv apptrace Creating Plan… Packages to install: 1 Estimated space available: 25.82 GB Estimated space to be consumed: 15.78 MB Create boot environment: No Create backup boot environment: No Rebuild boot archive: No Changed packages: solaris developer/apptrace None -> 0.5.11,5.11-0.175.0.0.0.2.1:2011019T053054Z The dry run shows that one package will be installed. The package installation will not impact on the boot environment. No currently install packages will be changed.
5.
Install the apptrace package. root@s11-desktop:~# pkg install apptrace Creating plan... Packages to install: 1 Create boot environment: No Create backup boot environment: No DOWNLOAD Completed
PKGS 1/1
PHASE Install Phase
FILES 10/10 ACTIONS 29/29
PHASE Package State Update Phase Image State Update Phase 6.
Verify the apptrace package installation. root@s11-desktop:~# pkg verify -v apptrace PACKAGE STATUS Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 12
ITEMS 1/1 2/2
XFER (MB) 0.1/0.1
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Packaging Date: October 19 2011 05:30:54 AM Size: 159.64 kB FMRI: FMRI: pkg://solaris/developer/
[email protected],5.110.175.0.0.0.2.1:2011019T053054Z Note that an FMRI is the fault management resource identifier. The FMRI is the identifier for this package. The FMRI includes the package publisher, package name, and version. The pkg command uses FMRIs, or portions of FMRIs, to operate on packages.
7.
OK
Remove the apptrace package from the system image. root@s11-desktop:~# pkg uninstall apptrace Creating Plan… Packages to install: 1 Create boot environment: No Create backup boot environment: No PHASE Removal Phase
ACTIONS 26/26
PHASE Package State Update Phase Package Cache Update Phase Image State Update Phase 8.
ITEMS 1/1 1/1 2/2
Verify that the apptrace package has been removed. root@s11-desktop:~# pkg list apptrace pkg list: no packages matching ‘apptrace’ installed
Now you will manage the apptrace package by using the graphical Package Manager utility. 9. On the desktop background, double-click the Add More Software icon. Select the solaris publisher. 10. In the File menu, click Manage Publishers.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 13
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
pkg://solaris/developer/apptrace
Note: When a publisher is sticky, the client source updates from the same publisher that provided the package originally. 12. In the Package Manager search field, type apptrace and click Return.
The status icon indicates that the apptrace package is not currently installed on this system. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 14
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
11. Verify that the package publisher that you configured in Practice 3-1 is enabled and sticky. Also, verify that the Origin points to the IPS server. Click OK.
14. Click the Files tab to view the files called out in the apptrace manifest.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 15
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
13. Select the apptrace package. Note the contents of the general tab at the bottom of the display. This information is derived from the apptrace manifest.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
15. Click the Dependencies tab.
16. Click the Versions tab.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 16
18. Verify that the apptrace package installed successfully. Close the Install/Update dialog box.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 17
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
17. Click the Install/Update button. Then click Proceed in the Install Confirmation dialog box.
20. Verify that the apptrace package was successfully removed. Close the Remove dialog box.
21. Close the Package Manager window. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 18
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
19. Select the apptrace package and click the Remove button. Then click Proceed in the Remove Confirmation dialog box.
23. Click Install to install the apptrace package and then click OK to open the package with Package Manager. Then click Proceed in the Install/Update dialog box.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 19
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Now you will manage the apptrace package by using a web browser. 22. Launch the Firefox browser and open the http://s11-serv1.mydomain.com URL in the Firefox browser. In the Search Package field, enter apptrace and click Search.
25. After the apptrace package is installed, click Close. 26. Close the Firefox web browser.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 20
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
24. Verify that the apptrace package is installed, click Close.
Overview Now that you have some experience managing software updates with IPS, let’s create a new package and publish it to your IPS repository. The package you create and publish is called new_package. To run this lab you must be logged in to the Sol11-Desktop and So111-Server1 virtual machines as the oracle user and have obtained primary administrator privileges.
Task: Publish a New Package Perform these steps to publish a new package: 1. In a terminal window on the Sol11-Server1 virtual machine, enable IPS modification. root@s11-serv1:~# svcadm root@s11-serv1:~# svccfg pkg/readonly=false root@s11-serv1:~# svcadm root@s11-serv1:~# svcadm
disable application/pkg/server –s application/pkg/server setprop \ refresh application/pkg/server enable application/pkg/server
A best practice is to make the IPS repository read-only when not actively adding packages. This assumes this practice is being observed. 2.
In a terminal window on the Sol11-Desktop virtual machine, create a new directory for the new package named /var/tmp/new_package. Change directory to /var/tmp/new_package. root@s11-desktop:~# mkdir –p /var/tmp/new_package root@s11-desktop:~# cd /var/tmp/new_package
3.
Create a text file named ips_rocks in the /var/tmp/new_package directory. root@s11-desktop:/var/tmp/new_package# vi ips_rocks IPS makes software update easy!
4.
Open a package publication transaction for your new package. root@s11-desktop:/var/tmp/new_package# eval 'pkgsend -s \ http://s11-serv1.mydomain.com open
[email protected]' export PKG_TRANS_ID=1300392779_pkg%3A%2F%2Fsolaris%2Fnew_package%401.0%2 C5.11-1%3A20110317T201259Z In this example, the –s points to your IPS publisher. The “new_package” version is 1.0, sub-version 1.
5.
Copy/paste the output of the pkgsend open (in step 4) command and use it as your next command. root@s11-desktop:/var/tmp/new_package# export \ PKG_TRANS_ID=1300392779_pkg%3A%2F%2Fsolaris%2Fnew_package%401.0%2 C5.11-1%3A20110317T201259Z The PKG_TRANS_ID environment variable is required to give context to any additional pkgsend commands used to build the package.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 21
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 3-5: Publishing a New Package
Add a destination directory for your text file when the package is installed. root@s11-desktop:/var/tmp/new_package# pkgsend -s \ http://s11-serv1.mydomain.com add dir mode=0555 owner=root \ group=bin path=/export/new_package
7.
Add your text file ips_rocks to your package. root@s11-desktop:/var/tmp/new_package# pkgsend -s \ http://s11-serv1.mydomain.com add file \ /var/tmp/new_package/ips_rocks mode=0555 owner=root group=bin \ path=/export/new_package/ips_rocks
8.
Set a name attribute for your new package. root@s11-desktop:/var/tmp/new_package# pkgsend -s \ http://s11-serv1.mydomain.com add set name=description \ value="My first IPS package"
9.
Close the package publication transaction for your new package. root@s11-desktop:/var/tmp/new_package# pkgsend -s \ http://s11-serv1.mydomain.com close PUBLISHED pkg://solaris/
[email protected],5.11-1:20110317T201259Z
10. In a terminal window on the Sol11-Serv1 virtual machine, disable IPS modification. root@s11-serv1:~# root@s11-serv1:~# pkg/readonly=true root@s11-serv1:~# root@s11-serv1:~#
svcadm disable application/pkg/server svccfg –s application/pkg/server setprop \ svcadm refresh application/pkg/server svcadm enable application/pkg/server
11. Use the pkgrepo refresh command to update the repository catalog with your new package. root@s11-serv1:~# pkgrepo refresh -s /export/IPS/repo root@s11-serv1:~#
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 22
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
6.
13. Click the package link to view the package details.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 23
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
12. Open the web browser on the Sol11-Desktop virtual machine and search for your new package.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 24
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
14. Using the web browser, display the contents of your package manifest.
root@s11-desktop:/var/tmp/new_package# cd ~ root@s11-desktop:~# pkg search new_package INDEX ACTION VALUE PACKAGE basename dir export/new_package pkg:/
[email protected] pkg.fmri set solaris/new_package pkg:/
[email protected] 16. Use the pkg CLI command to install your new package. root@s11-desktop:~# pkg install new_package Packages to install: 1 Create boot environment: No DOWNLOAD PKGS XFER (MB) Completed 1/1 0.0/0.0 PHASE Install Phase
FILES 1/1
ACTIONS 4/4
PHASE Package State Update Phase Image State Update Phase
ITEMS 1/1 2/2
17. Verify that your new package has been installed on the desktop system. root@s11-desktop:~# pkg list new_package NAME (PUBLISHER) VERSION new_package 1.0-1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 25
STATE installed
UFOXI -----
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Note that there are four actions defined in the manifest. 15. In a terminal window on the Sol11-Desktop virtual machine, change directory to your home directory and search the IPS repository for your new package.
root@s11-desktop:~# pkg verify -v new_package Verifying: PACKAGE pkg://solaris/new_package
STATUS OK
19. Display the contents of you new package. root@s11-desktop:~# pkg contents new_package PATH export/new_package export/new_package/ips_rocks 20. Verify that your new package performs correctly after installation. root@s11-desktop:~# cat /export/new_package/ips_rocks IPS makes software updates easy.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 26
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
18. Verify that the status of your new package is OK.
Overview With multiple boot environments (BEs), the process of updating software becomes a low-risk operation because you can create backup boot environments before making any software updates to your system. If needed, you have the option of booting to a backup boot environment. During this practice, you will create a new full boot environment based on the current BE. The current BE does not have the diffstat package installed. You make the new BE the active boot environment and you update it with the diffstat package. You reboot to the original boot environment to prove that the two BEs are now logically separated. You also mount and update an inactive BE. You also create a clone and a snapshot of the current BE. To run this lab, you must be logged in to the Sol11-Server1 virtual machine as the oracle user and have obtained root privileges. See Practice 3-2 if you need help.
Task: Manage the Boot Environments Perform these steps to manage boot environment: 1. In a terminal window on the Sol11-Server1 virtual machine, list the current BEs. root@s11-serv1:~# beadm list BE Active Mountpoint Space ------- ---------- ----solaris NR / 2.28G
Policy Created ------ ------static 2011-08-05 14:13
The Active field indicates whether the boot environment is active now (N) and active on reboot (R). 2.
Clone the current active BE. Name the clone solaris-1. root@s11-serv1:~# beadm create solaris-1
3.
List the current BEs. root@s11-serv1:~# beadm list BE Active Mountpoint Space ------- ---------- ----solaris NR / 2.28G solaris-1 161.0K
4.
Policy -----static static
Created ------2011-08-05 14:13 2011-08-08 22:14
Activate the solaris-1 BE. Display the list of BEs. Note that solaris-1 is pending activation on reboot. root@s11-serv1:~# beadm activate solaris-1 root@s11-serv1:~# beadm list BE Active Mountpoint Space Policy Created ------- ---------- ----- ------ ------solaris N / 460.0M static 2011-08-05 14:13 solaris-1 R 2.28G static 2011-08-08 14:13
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 27
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 3-6: Managing the Boot Environments
Reboot the Sol11-Server1 virtual machine. root@s11-serv1:~# init 6 Notice that solaris is now the default boot entry in the GRUB menu.
6. 7.
After Sol11-Server1 has rebooted, log in as the oracle user and su to root. In a terminal window, list the current BEs. root@s11-serv1:~# beadm list BE Active Mountpoint Space ------- ---------- ----solaris 3.96M solaris-1 NR / 2.34G
Policy -----static static
Created ------2011-05-01 22:14 2011-08-08 14:13
Note that the solaris-1 image is now active. 8.
Verify that the diffstat package is not currently installed on the new active BE. root@s11-serv1:~# pkg list diffstat pkg list: no packages matching “diffstat’ installed
9.
Install the diffstat package on the new active BE. root@s11-serv1:~# pkg install diffstat Creating plan... Packages to install: 1 Create boot environment: No Create backup boot environment: No DOWNLOAD PKGS Completed 1/1
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 28
FILES 6/6
XFER (MB) 0.0/0.0
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
ACTIONS 24/24
PHASE Package State Update Phase Image State Update Phase
ITEMS 1/1 2/2
10. Activate the solaris BE. Display the list of BEs. Note that solaris is pending activation on reboot. root@s11-serv1:~# beadm activate solaris root@s11-serv1:~# beadm list BE Active Mountpoint Space Policy ------- ---------- ----- -----solaris R 2.29G static solaris-1 N / 74.98M static
Created ------2011-08-05 14:13 2011-08-08 14:13
11. Reboot the Sol11-Server1 virtual machine. After Sol11-Server1 has rebooted, log in as the oracle user and su to root. 12. Verify that the solaris image is now active and that the diffstat package is not installed. root@s11-serv1:~# beadm list BE Active Mountpoint Space Policy Created ------- ---------- ---------- ------solaris NR / 2.35G static 2011-08-05 14:13 solaris-1 78.95M static 2011-08-08 14:13 root@s11-serv1:~# pkg list diffstat pkg list: no packages matching “diffstat’ installed 13. Mount the inactive BE. root@s11-serv1:~# beadm mount solaris-1 /solaris-1 root@s11-serv1:~# beadm list BE Active Mountpoint Space Policy Created ------- ---------- ---------- ------solaris NR / 2.35G static 2011-08-05 14:13 solaris-1 /solaris-1 78.95M static 2011-08-08 14:13 14. Verify that the diffstat package is installed in the inactive package: root@s11-serv1:~# pkg -R /solaris-1 verify -v diffstat Verifying: PACKAGE STATUS pkg://solaris/text/diffstat OK 15. Remove the diffstat package from the mounted inactive BE. root@s11-serv1:~# pkg -R /solaris-1 uninstall diffstat Creating Plan… Packages to install: 1 Create boot environment: No Create backup boot environment: No Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 29
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
PHASE Install Phase
ACTIONS 19/19
PHASE ITEMS Package State Update Phase 1/1 Package Cache Update Phase 1/1 Image State Update Phase 2/2 root@s11-serv1:~# pkg -R /solaris-1 list diffstat pkg list: no packages matching “diffstat’ installed 16. Unmount the inactive BE. root@s11-serv1:~# beadm unmount solaris-1 17. Create a snapshot of the solaris BE. Name the snapshot backup. root@s11-serv1:~# beadm create solaris@backup 18. Display the list of snapshots associated with the solaris BE. root@s11-serv1:~# beadm list -a solaris BE/Dataset/Snapshot Active Mountpoint Space ------------------------ ---------- ----solaris rpool/ROOT/solaris NR / 1.90G 22:14 rpool/ROOT/solaris/var NR /var 228.97M 22:14 rpool/ROOT/solaris/var@2011... 1.08M 14:13 rpool/ROOT/solaris/var@backup 0 14:19 rpool/ROOT/solaris/var@install 144.55M 22:33 rpool/ROOT/solaris@2011... 1.08M 14:13 rpool/ROOT/solaris@backup 0 14:19 rpool/ROOT/solaris@install 53.19M 22:33
Policy Created ------ ------static 2011-08-05 static 2011-08-05 static 2011-08-08 static 2011-08-08 static 2011-08-05 static 2011-08-08 static 2011-08-08 static 2011-08-05
19. Create a new boot environment from the solaris@backup snapshot. Name this BE solaris-2. root@s11-serv1:~# beadm create -e root@s11-serv1:~# beadm list BE Active Mountpoint Space ------- ---------- ----solaris NR / 2.35M solaris-1 79.18M solaris-2 135.0K
solaris@backup solaris-2 Policy Created ------ ------static 2011-08-05 22:14 static 2011-08-08 14:13 static 2011-08-08 14:59
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 30
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
PHASE Removal Phase
root@s11-serv1:~# beadm destroy solaris-2 Are you sure you want to destroy solaris-2? This action cannot be undone(y/[n]): y root@s11-serv1:~# beadm list BE Active Mountpoint Space Policy Created ------- ---------- ----- ------ ------solaris NR / 2.35G static 2011-08-05 22:14 solaris-1 79.18M static 2011-08-08 14:13 21. Rename the original solaris-1 BE to solaris-alt. root@s11-serv1:~# beadm rename solaris-1 solaris-alt 22. List the boot environments. root@s11-serv1:~# beadm list BE Active Mountpoint Space ------- ---------- ----Solaris NR / 2.35G solaris-alt 79.18M
Policy -----static static
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 31
Created ------2011-08-08 14:59 2011-08-05 22:14
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
20. Delete the solaris-2 BE and show the results.
Overview In this practice, you get to apply the skills and knowledge you gained from the lecture and guided practices. You are challenged with completing the following task(s) without the benefit of a step-by-step guide. Hint: Use all the available resources, such as man pages, student guide, activity guide, and your instructor, to successfully complete each task. Note: This practice is optional. Check with your instructor to determine if you have enough time available to complete this practice. If you begin this practice and run out of time, set this practice aside and return to it if time permits.
Task 1: Manage Software Packages Perform this task on the Sol11-Server1 VM. • Determine the current status of the IPS repository. •
Display detailed information about the snort software package.
•
Determine if the snort package is currently installed in the system.
•
Perform a "dry run" installation of the snort package.
•
Install the snort package.
•
Verify that the snort package was installed correctly.
•
Remove the snort package.
Task 2: Manage the Boot Environment (BE) Perform this task on the Sol11-Server1 VM. • List the current bootable environments (BEs). • Clone the active BE to a BE named solaris11. • Activate BE solaris11 and reboot the system. • Create a snapshot of the active BE (solaris11). • Create a new boot environment named solaris11-1 from the BE snapshot. • Activate the original BE (solaris) and reboot the system. • Destroy the solaris11 and solars11-1 BEs.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3: Managing Software Updates in Oracle Solaris 11 Express Chapter 3 - Page 32
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 3-7: Testing Your Skills and Knowledge
Chapter 4
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 1
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System
Practices Overview The practices for the lesson titled “Installing the Oracle Solaris 11 Operating System” introduce you to the operating system installation methods and provide guided, hands-on experience with both interactive and hands-free operating system installation. During the practices, you apply Oracle Solaris 11 installation best practices. The key areas explored in these practices are: • Installing the Oracle Solaris 11 OS by using the Text installer • Installing the Oracle Solaris 11 OS by using the LiveCD installer • Installing the Oracle Solaris 11 OS by using the Automated Installer
Assumptions As in the lesson titled “Managing Software Packages in Oracle Solaris 11,” your practice environment is based on the Oracle VM VirtualBox virtualization software.
Figure 1: Oracle VM VirtualBox Manager Remember: The virtual machines (VMs) are configured on a private internal network (192.168.0). Each VM can communicate with other VMs on the same private network but cannot communicate with the local host machine or other machines on the same network as the local host machine. The virtual machines (VM) you use in the practices are as follows: • Sol11-SuperServer: This VM provides network services such as DNS used by the VMs in the practice. • Sol11-Server1: This is the server that provides IPS and AI services. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 2
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 4
Sol11-Client1: This is the Automatic Installer network client machine. Sol11-Client2: This is the Automatic Installer network client machine. Sol11-Client3: This is the Automatic Installer network client machine. Text-Install: This is the system in which you will use the Text installer to install the OS. LiveCD-Install: This is the system in which you will use the LiveCD to install to the OS.
Note: The responses to the commands shown in practice are examples only. The values you see during your practice experience might vary slightly. Note: When launching a virtual machine for the first time, you might see the First Run Wizard appear. Click the Cancel button to continue.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 3
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
• • • • •
Overview When you install the Oracle Solaris 11 OS by using the Text installer, you must first download the Oracle Solaris 11 Text installer image from the following site: http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html. The Text installation download is in an ISO image format that can be burned to a CD/DVD or used directly within Oracle VM Server or other virtualization software. Note: For training purposes, the Text installer ISO has already been downloaded for you. The ISO image file can be found in the /opt/ora/course_files directory of the VirtualBox host machine.
Task: Install the Oracle Solaris 11 OS by Using the Text Installer Perform these steps to install the Oracle Solaris 11 OS by using the Text installer: 1. Log in to the host machine and launch the Oracle VM VirtualBox Manager.
2. 3.
In the Oracle VM VirtualBox Manager window, click the Text-Install virtual machine icon (1). Verify that the appropriate ISO image is mounted on the DVD (2). If the Text-Install ISO is not mounted in the Text-Install virtual machine DVD drive, you can find the ISO file in the /opt/ora/images directory on the host system.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 4
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 4-1: Installing the Oracle Solaris 11 OS by Using the Text Installer
5.
Click the Start button (3). This will boot the Text-Install virtual machine from the Text installer on the DVD to begin the OS installation. During the OS installation process, use the configuration data that follows to complete the Text installation. Note: The Text installer program may direct you to use the F2 or ESC + 2 keys to move to the next step in the installation process. If ESC + 2 does not work, try using the F2 key. • • • • • • •
Keyboard layout: Use your local keyboard layout. Language: Use your local language. Installation menu: Install Oracle Solaris Disks: default Fdisk Partitions: Use the whole disk. Computer name: solaris-text Ethernet network configuration: Manually - IP Address: 192.168.0.88 - Configure DNS: Yes - DNS Server IP address: 192.168.0.100 - Search domain: mydomain.com - Alternate Name Service: None
• •
Time zone: Use your local region. Date and time: Set to current date and time.
•
Root password: oracle1
•
User account: - Your real name: oracle -
6. 7. 8.
Username: oracle1
- Password: oracle1 After the Text installation has completed, use the F8 key to reboot the Oracle Solaris 11 OS as directed. After the system has successfully booted, log in to the system and verify that the configuration setup in step 5 is operational. Shut down (power-off) the Text-Install virtual machine.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 5
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4.
Overview When you install the Oracle Solaris 11 OS by using the LiveCD installer, you must first download the Oracle Solaris 11 LiveCD install image from the following site: http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html. The LiveCD installation download is in an ISO image format that can be burned to a CD/DVD or used directly within Oracle VM Server or other virtualization software. Note: For training purposes, the LiveCD installer ISO has already been downloaded for you. The ISO image file can be found in the /opt/ora/images directory of the VirtualBox host machine.
Task: Install the Oracle Solaris 11 OS by Using the LiveCD Installer Perform these steps to install the Oracle Solaris 11 OS by using the LiveCD installer: 1. Log in to the host machine and launch the Oracle VM VirtualBox Manager.
2. 3.
Select the LiveCD-Install virtual machine icon (1). Verify that the appropriate ISO image is mounted on the DVD (2). If the LiveCD-Install ISO is not mounted in the LiveCD-Install virtual machine DVD drive, you can find the ISO file in the /opt/ora/images directory on the host system.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 6
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 4-2: Installing the Oracle Solaris 11 OS by Using the LiveCD Installer
5.
6.
7.
Click the Start button (3). This will boot the LiveCD-Install virtual machine from the LiveCD installer on the DVD to begin the OS installation. Note: Choose the default boot option in the GRUB menu. During the LiveCD desktop initialization, you are asked to select the keyboard layout and language. Set these based on your local environment. Note that when navigating through the installation, F2 usually works and is the hint that is displayed by default in the UI. ESC + 2 is the fallback. When the LiveCD desktop is initialized, double-click the Install Oracle Solaris icon to begin the OS installation.
During the OS installation process, use the following configuration data to complete the LiveCD installation: • Disk: default • Disk Partition: Use the whole disk. • Time Zone, Date and Time: Click the city closest to your install location. • Locale: - Language: Set to your preference. - Territory: Set to your preference. •
8.
User account: - Your real name: Oracle -
Log-in name: oracle1
-
User password: oracle1
• Computer name: solaris-live After the LiveCD installation has completed, reboot the Oracle Solaris OS as directed. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 7
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4.
After the system has successfully booted, shutdown (power-off) the LiveCD-Install virtual machine.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
9.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 8
Overview Deploying the Oracle Solaris 11 operating system with the Automated Installer (AI) involves three tasks: • Verifying that the system meets AI requirements • Configuring the AI server • Deploying the OS to network clients Before you install the Oracle Solaris 11 OS by using AI, you must first download the Oracle Solaris 11 AI install image from the following site: http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html. The AI installation download is in an ISO image format that can be burned to a CD or a DVD or used directly within Oracle VM Server or other virtualization software. Note: For training purposes, the AI ISO has already been downloaded for you. The ISO image file can be found in the /opt/ora/course_files directory of the Sol11-Server1 virtual machine.
Task 1: Verifying the System AI Requirements Perform these steps to verify the system requirements for the AI OS installation: 1. Verify that the Sol11-SuperServer and Sol11-Server1 virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them at this time. 2. Log in to virtual machine Sol11_Server1 as user oracle. Use the password oracle1. 3.
In the terminal window, run the su command to assume primary administrator privileges. root@s11-serv1:~$ su – Password: oracle1 root@s11-serv1:~#
4.
Determine the build number of the installed operating system. root@s11-serv1:~# cat /etc/release Oracle Solaris 11 11/11 X86 Copyright(c) 1983, 2011, Oracle and/or its affiliates. All rights reserved. Assembled 18 October 2011
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 9
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 4-3: Installing the Oracle Solaris 11 OS by Using the Automated Installer
Verify that the operating system is configured with a static IP address. root@s11-serv1:~# svcs network/physical:default STATE STIME FMRI online 15:02:57 svc:/network/physical:default root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE ADDR … net0/v4 static ok 192.168.0.112/24 …
6.
Verify that DNS is operational. root@s11-serv1:~# nslookup s11-serv1.mydomain.com Server: 192.168.0.100 Address: 192.168.0.100#53 Name: s11-serv1.mydomain.com Address: 192.168.0.112
Task 2: Configuring the AI Server After you have verified that the server meets the AI requirements, you are now ready to configure the AI server. In this task, you configure the AI server to automatically install an Oracle Solaris 11 desktop client using the AI default settings. Note: Because you are not using the default IPS service, you will need to adjust the default AI service accordingly. Perform these steps to configure the AI server: 1. On the Sol11-Server1 virtual machine, enable the svc:/network/dns/multicast server in the AI server. root@s11-serv1:~# svcadm enable \ svc:/network/dns/multicast:default root@s11-serv1:~# svcs | grep dns online 15:03:05 svc:/network/dns/client:default online 15:19:27 svc:/network/dns/multicast:default 2.
Create a directory for your AI server. root@s11-serv1:~# mkdir –p /export/ai/basic_ai
3.
Verify that the netmasks file is configured appropriately for the DHCP service. root@s11-serv1:~# getent netmasks 192.168.0.0 Note that DHCP requires that the network mask for the local subnet be configured in the /etc/netmasks file. If an entry does not exist, update the netmasks file now. # vi /etc/netmasks … 192.168.0.0 255.255.255.0
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 10
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
Use the installadm create-service command to create an AI service based on the following information: •
Service name: basic_ai
•
DHCP base IP address: 192.168.0.130
•
DHCP IP address range: 5
•
AI ISO image location: /opt/ora/course_files/sol-11-dev-175b-ai-x86.iso
•
Target directory: /export/ai/basic_ai
root@s11-serv1:~# installadm create-service -n basic_ai \ -s /opt/ora/course_files/sol-11-dev-175b-ai-x86.iso \ -i 192.168.0.130 -c 5 -d /export/ai/basic_ai Creating service from: /opt/ora/course_files/sol-11-dev-175b-aix86.iso Setting up the image ... Creating service: basic_ai Image path: /export/ai/basic_ai Adding IP range to local DHCP configuration Refreshing install services Creating default-i386 alias. Setting the default PXE bootfile in the local DHCP configuration to 'default-i386/boot/grub/pxegrub' Refreshing install services Note: You can remove an AI service and associated clients by using the command installadm delete-service -r svcname. 5.
Use the installadm list command to verify that your AI service is installed. root@s11-serv1:~# installadm list Service Name Alias Of Status Arch ------------ ------------- ---basic_ai on x86 default-i386 basic_ai on x86
6.
Image Path ---------/export/ai/basic_ai /export/ai/basic_ai
Use the installadm create-client command to add the client MAC addresses for the Sol11-Client1 and Sol11-Client2 virtual machines to the basic_ai service. root@s11-serv1:~# 08:00:27:85:C7:D6 Adding host entry configuration. root@s11-serv1:~# 08:00:27:85:C7:D7 Adding host entry configuration.
installadm create-client -e \ -n basic_ai for 08:00:27:85:C7:D6 to local DHCP installadm create-client -e \ -n basic_ai for 08:00:27:85:C7:D7 to local DHCP
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 11
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4.
Use the installadm list –c command to verify that the client was added to AI server basic_ai. root@s11-serv1:~# installadm list -c Service Name Client Address Arch Image Path ------------ -------------------------basic_ai 08:00:27:85:C7:D6 i386 /export/ai/basic_ai 08:00:27:85:C7:D7 i386 /export/ai/basic_ai
8.
Create a directory to store your manifest files. root@s11-serv1:~# mkdir –p /var/tmp/manifests Note: Do not place manifest copies under the service directory that was created by the installadm utility. The service directory structure is private to installadm and must not be used for storage by users.
9.
Copy the default manifest file to the /var/tmp/manifests/basic_ai.xml file. root@s11-serv1:~# cp \ /export/ai/basic_ai/auto_install/manifest/default.xml /var/tmp/manifests/basic_ai.xml
\
10. Modify the /var/tmp/manifests/basic_ai.xml file XML tag elements by using the following: •
AI instance name (ai_instance name): basic_ai
• •
Auto-reboot (auto_reboot): true IPS origin URI: http://s11-serv1.mydomain.com
•
IPS package: entire@latest
•
IPS package: solaris-small-server
11. Use the diff command to view the differences between the basic_ai.xml file and the default.xml file. root@s11-serv1:~# diff /var/tmp/manifests/basic_ai.xml \ /export/ai/basic_ai/auto_install/manifest/default.xml 10c10 < --> 48c48 < --> 61c61 < pkg:/group/system/solaris-small-server --> pkg:/group/system/solaris-large-server 12 Create a MAC address–based criteria manifest named criteria_basic_ai.xml in the /var/tmp/manifests directory. Use the MAC addresses of the network clients S1ol11Client1 and Sol11-Client2. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 12
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
7.
Note: If the AI client does not match the criteria for a service (in this case, a specific MAC address), the AI service will use the default manifest when installing the OS. 13. Add the manifest_demo manifest and criteria manifest to the basic_ai service. root@s11-serv1:~# installadm create-manifest –n basic_ai \ -f /var/tmp/manifests/basic_ai.xml \ -C /var/tmp/manifests/criteria_basic_ai.xml When a custom AI manifest (basic_ai.xml in this example) is defined for this install service and the client matches the criteria that have been specified (in the criteria_basic_ai.xml file) for the custom AI manifest, the client will use that manifest. In a case where the client characteristics match multiple AI manifests, the client characteristics are evaluated in the order: mac,ipv4,platform,arch,cpu,mem. If the client does not match the criteria for any custom AI manifest, the client uses the default AI manifest. 14. Use the installadm list –m command to verify that your manifests have been added to the basic_ai service. root@s11-serv1:~# Service Name -----------basic_ai
installadm list -m Manifest Status ------------basic_ai orig_default Default Default-i386 orig_default Default root@s11-serv1:~# installadm list -m -n basic_ai Manifest Status Criteria ------------- -------basic_ai mac = 08:00:27:85:C7:D6 - 08:00:27:85:C7:D7 orig_default Default none
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 13
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
root@s11-serv1:~# vi /var/tmp/manifests/criteria_basic_ai.xml 08:00:27:85:C7:D6 08:00:27:85:C7:D7
After you have completed AI server configuration, it is time to test your work by deploying the Oracle Solaris 11 operating system to a network client. Perform these steps to deploy the OS to a network client: 1.
On the host system, launch the Oracle VM VirtualBox Manager.
2. 3. 4.
Verify that the Sol11-Server1 virtual machine is running (1). Select the Sol11-Client1 virtual machine icon (2). Click the Start button (3). This will boot the Sol11-Client1 virtual machine. If the AI server is configured correctly, you should see the OS installation begin. Note: If the Sol11-Client1 virtual machine fails to boot with a “No bootable medium found” error, change the virtual machine adapter. To change the adapter type, open the Oracle VM VirtualBox Manager, select the Sol11-Client1 virtual machine, and click Settings. In the Settings dialogue box, select Network and click Advanced under Adapter 1. Select another from the Adapter Type menu. Restart the Sol11-Client1 virtual machine.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 14
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Task 3: Deploying the OS to a Network Client
6.
When the Sol11-Client1 system starts the GNU GRUB menu, select the Oracle Solaris 11 11/11 Text Installer and command line boot option.
Note: When you choose the “default” boot option, the interactive system configuration menus you used during the “Text Install” practice will be available to you during this OS installation. Also, the IPS server is not used. Note: The OS installation will take a while to complete. During the OS installation process, use the configuration data that follows to complete the Text installation. Note: The Text installer program directs you to use the F2 or ESC + 2 keys to move to the next step in the installation process. If ESC + 2 does not work, try using the F2 key. • Installation menu: Install Oracle Solaris • Disks: default • Fdisk Partitions: Use the whole disk. • Computer name: s11-client1 • Ethernet network configuration: Automatic • Time zone: Use your local region. • Date and time: Set to current date and time. •
Root password: oracle1
•
User account: - Your real name: Oracle -
7. 8.
Username: oracle
- Password: oracle1 After the installation has completed, reboot (F8) the Sol11-Client1 virtual machine. After Sol11-Client1 completes the initial boot, log in as the oracle user and su to root. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 15
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
Verify that the Sol11-Client1 virtual machine network configuration is setup correctly. root@s11-client1:~# ipadm show-addr ADDROBJ TYPE STATE ADDR … net0/_b static ok 192.168.0.xxx/24 … root@s11-client1:~# ping 192.168.0.112 192.168.0.112 is alive
10. Shut down (power-off) the Sol11-Client1 virtual machine. 11. Open the VirtualBox Manager window.
12. Verify that the Sol11-Server1 virtual machine is running (1). 13. Select the Sol11-Client2 virtual machine icon (2). 14. Click the Start button (3). This will boot the Sol11-Client2 virtual machine. If the AI server is configured correctly, you should see the OS installation begin. 15. When the Sol11-Client2 system starts the GNU GRUB menu, select the Oracle Solaris 11 11/11 Automated Install boot option.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 16
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
9.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 17
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Note: When you choose this boot option, the interactive system configuration is not available to you during this OS installation. IPS is used during the OS installation. Note: The OS installation will take a while to complete. 16. Note that the message traffic indicates that the IPS server is providing the installation packages.
Green indicates a read operation is being performed. 18. The SCI tool will be invoked during the OS startup. Enter the following system configuration information: • Computer name: s11-client2 • Ethernet network configuration: Automatic • Time zone: Use your local region. • Date and time: Set to current date and time.
19. 20.
•
Root password: oracle1
•
User account: - Your real name: oracle -
Username: oracle1
-
Password: oracle1
After Sol11-Client2 completes the initial boot, log in as the oracle user and su to root. Verify that the Sol11-Client2 virtual machine network configuration is setup correctly. root@s11-client2:~# ipadm show-addr ADDROBJ TYPE STATE ADDR … net0/_b static ok 192.168.0.xxx/24 … root@s11-client2:~# ping 192.168.0.112 192.168.0.112 is alive
21.
Shut down (power-off) the Sol11-Client2 virtual machine.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 18
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
17. Note the disk activity icon in the IPS server (Sol11-Server1) virtual machine window.
Overview After the Oracle Solaris 11 operating system is installed, the instance must be configured with attributes such as: hostname, IP address, naming services, and user credentials. The sysconfig utility is the interface for configuring, reconfiguring, and unconfiguring the Solaris instance. A Solaris instance is defined as a boot environment in either a global or a non-global zone. There are three operations that are performed using the sysconfig utility: • • •
Unconfiguration Configuration System configuration (SC) profile creation
During this practice, you work the sysconfig utility to unconfigure and configure Solaris 11 images. And create SC profiles.
Task 1: Unconfigure an Oracle Solaris 11 Image Perform these steps to unconfigure a configured Solaris 11 image: 1. Open the Oracle VM VirtualBox Manager and start the Sol11-Client1 VM. 2. Log in to virtual machine Sol11_Server1 as user oracle and su to root. 3. Determine the current host name and IP address. root@s11-client1:~# hostname s11-client1 root@s11-client1:~# ipadm show-addr ADDROBJ TYPE STATE ... net0/_b dhcp ok ...
ADDR 192.168.0.130/24
Note that the default network interface is net0. 4.
Use the sysconfig utility to return the Solaris 11 to an unconfigured (pristine) state. root@s11-client1:~# sysconfig unconfigure This program will unconfigure your system. The system will be reverted to a "pristine" state. It will not have a name or know about other systems or networks. Do you want to continue (y/[n])? y Enter user name for system maintenance (control-d to bypass): root Enter root password (control-d to bypass): solaris root@unknown:~#
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 19
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 4-4: Configuring Oracle Solaris 11 Instances
Determine the current host name and IP address. root@unknown:~# hostname unknown root@unknown:~# ipadm show-addr ADDROBJ TYPE STATE lo0/v4 static ok lo0/v6 static ok
6.
ADDR 127.0.0.1/8 ::1/128
Determine if the default user account oracle still exists. root@unknow:~# logins | grep oracle root@unknow:~# At this point, you have a pristine system. The next time the system is booted, the System Configuration Tool will be run. System Configuration Tool helps you establish a new system configuration.
7.
Reboot the system. root@unknow:~# init 6
8.
When the System Configuration Tool is available, use the following properties to configure the system: • Hostname: s11-client1 • Network type: Manually • Network interface: net0 • Static IP address: 192.168.0.140 • Default route: none • DNS: Configure DNS • Name server address: 192.168.0.100 • DNS domain name: mydomain.com • DNS search: mydomain.com • Alternate Name Service: None • Time zone: your local time zone • Root password: oracle1 • Your real name: Oracle • User login: oracle • User password: oracle1 • Root password: oracle1
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 20
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
...
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 21
Oracle University and BOS-it GmbH & Co.KG use only
.
9. Log in to virtual machine Sol11_Client1 as user oracle and su to root. 10. Determine the current host name and IP address. root@s11-client1:~# hostname s11-client1 root@s11-client1:~# ipadm show-addr ADDROBJ TYPE STATE lo0/v4 static ok net0/v4 dhcp ok lo0/v6 static ok net0/_a addrconf ok
ADDR 127.0.0.1/8 192.168.0.140/24 ::1/128 fe80::a00:27ff:fe85:c7d6/10
Task 2: Configure a Solaris 11 Image Using a System Configuration Profile The sysconfig utility can be used to generate a system configuration (SC) profile using the create-profile subcommand. The resulting XML profile can later be used with the sysconfig configure command to configure systems non-interactively. Valid SC profile names must include an .xml extension. Perform these steps to configure a Solaris 11 image using an SC profile: 1. On the Sol11-Client1 virtual machine, create an SC profile using the following system configuration attributes: • Hostname: ilovesolaris11 • Network type: Manually • Network interface: net0 • Static IP address: 192.168.0.141 • Default route: none • DNS: Configure DNS • Name server address: 192.168.0.100 • DNS search: mydomain.com • Alternate name service: None • Time zone: your local time zone • Root password: oracle2 • Your real name: Oracle2 • User login: oracle2 • User password: oracle2 • Root password: oracle2 root@s11-serv1:~# sysconfig create-profile \ -o /var/tmp/ilovesolaris11_profile.xml Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 22
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Exiting System Configuration Tool. Log is available at: /var/tmp/install/sysconfig.log Hostname: s11-client1 s11-client1 console login:
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Oracle University and BOS-it GmbH & Co.KG use only
... ...
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 23
Explore the newly created SC profile. root@s11-client1:~# cd /var/tmp root@s11-client1:var/tmp# more ilovesolaris11_profile.xml Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 24
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
2.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 25
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
3.
Use the ilovesolaris11.xml profile to reconfigure the system. root@s11-client1:~# sysconfig configure \ -c /var/tmp/ilovesolaris11_profile.xml This program will re-configure your system. Do you want to continue (y/[n])? y ... ilovesolaris11 console login:
4.
Log in to the system as user oracle2 and su to root.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 26
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
root@s11-client1:/var/tmp#
The primary repository for all naming services configuration is the SMF repository. You can use the SMF utilities such as: svccfg , svcprop, and svcadm to set and modify any configuration parameter for the host name and a naming service. Perform these steps to reconfigure the host name, time zone, and naming service: 1. On the Sol11-Client1 virtual machine, change the host name to client5. root@ilovesolaris11:~# svccfg -s svc:/system/identity:node \ setprop config/nodename=client5 root@ilovesolaris11:~# svcadm refresh svc:/system/identity:node root@ilovesolaris11:~# svcadm restart identity:node Hostname:client5 root@ilovesolaris11:~# exit oracle@ilovesolaris11:~$ exit logout client5 console login: oracle2 Password: oracle2 oracle@client5:~$ su Password: oracle2 root@client5:~# 2.
On the Sol11-Client1 virtual machine, change the time zone to US/Central. root@client5:~# svccfg -s timezone:default \ setprop timezone/localtime=US/Central root@client5:~# svcadm refresh timezone:default root@client5:~# date Wed Oct 26 07:39:32 CDT 2011
3.
On the Sol11-Client1 virtual machine, configure the DNS naming service using these properties. • Nameserver address: 192.168.0.100 • DNS search: mydomain.com root@client5:~# svccfg svc:> select dns/client svc:/network/dns/client> setprop config/search=mydomain.com svc:/network/dns/client> setprop config/nameserver=192.168.0.100 svc:/network/dns/client> select dns/client:default svc:/network/dns/client:default> refresh svc:/network/dns/client:default> validate svc:/network/dns/client:default> select name-service/switch svc:/system/name-service/switch> setprop config/host="files dns" svc:/system/name-service/switch> select system/nameservice/switch:default svc:/system/name-service/switch:default> refresh svc:/system/name-service/switch:default> validate Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 27
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Task 3: Set the Host Name, Time Zone, and Naming Service
4.
Shut down and power-off the Sol11-Client1 virtual machine.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 28
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
svc:/system/name-service/switch:default> exit root@client5:~# svcadm enable dns/client root@client5:~# svcadm refresh name-service/switch root@client5:~# grep host /etc/nsswitch.conf hosts: files dns root@client5:~# tail -4 /etc/resolv.conf # DO NOT EDIT THIS FILE. EDITS WILL BE LOST. search mydomain.com nameserver 192.168.0.100 root@client5:~# nslookup s11-serv1 Server: 192.168.0.100 Address: 192.168.0.100#53 Name: s11-serv1.mydomain.com Address: 192.168.0.112 root@client5:~#
Overview Automatic Installation allows you to customize your Solaris 11 installations by adding system configuration (SC) profiles. SC profiles are used to customize the system attributes such as hostname, IP address, naming services, and use credentials of the AI clients.
Task 1: Customizing an AI Service Now that you have AI working, you are ready to customize the AI service. In this task, you configure the AI server to automatically install an Oracle Solaris 11 desktop client using the AI custom system configuration profile. Perform these steps to customize the AI service: 1. Disable the basic_ai AI service and show the results. root@s11-serv1:~# installadm disable basic_ai Stopping the service basic_ai root@s11-serv1:~# installadm list Service Name Alias Of Status Arch Image Path ------------ ------------- ------------basic_ai off x86 /export/ai/basic_ai default-i386 basic_ai on x86 /export/ai/basic_ai 2.
Remove the basic_ai AI service and show the results. root@s11-serv1:~# installadm delete-service -r basic_ai WARNING: The service you are deleting, or a dependent alias, is the alias for the default i386 service.Without the default-i386 service, clients will fail to boot unless explicitly assigned to a service using the create-client command. Are you sure you want to delete alias, default-i386? [y/N]: y Removing this service's bootfile from local DHCP configuration Stopping the service default-i386 The installadm SMF service is being taken offline. The installadm SMF service is no longer online because the last install service has been disabled or deleted. Removing host entry '08:00:27:85:C7:D7' from local DHCP configuration. Removing host entry '08:00:27:85:C7:D6' from local DHCP configuration. Stopping the service basic_ai root@s11-serv1:~# installadm list There are no services configured on this server.
3.
Create a directory for the custom AI service. root@s11-serv1:~# mkdir –p /export/ai/custom_ai
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 29
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 4-5: Customizing the Automated Installation
Use the installadm create-service command to create another AI service based on the following information: •
Service name: custom_ai
•
DHCP base IP address: 192.168.0.135
•
DHCP IP address range: 5
•
AI ISO image location: /opt/ora/course_files/sol-11-dev-175b-ai-x86.iso
•
Target directory: /export/ai/custom_ai root@s11-serv1:~# installadm create-service -n custom_ai \ -s /opt/ora/course_files/sol-11-dev-175b-ai-x86.iso \ -i 192.168.0.135 -c 5 -d /export/ai/custom_ai Creating service from: /opt/ora/course_files/sol-11-dev-175b-aix86.iso Setting up the image ... Creating service: custom_ai Image path: /export/ai/custom_ai Adding IP range to local DHCP configuration Refreshing install services Creating default-i386 alias. Setting the default PXE bootfile in the local DHCP configuration to 'default-i386/boot/grub/pxegrub' Refreshing install services
5.
Use the installadm list command to verify that your AI service is installed. root@s11-serv1:~# installadm list Service Name Alias Of Status Arch ------------ ------------- ---custom_ai on x86 default-i386 custom_ai on x86
6.
Image Path ---------/export/ai/custom_ai /export/ai/custom_ai
Use the installadm create-client command to add the client MAC address 08:00:27:85:C7:D8 to the custom_ai service. root@s11-serv1:~# installadm create-client -e \ 08:00:27:85:C7:D8 -n custom_ai Adding host entry for 08:00:27:85:C7:D8 to local DHCP configuration.
7.
Use the installadm list –c command to verify that the client was added to AI server custom_ai. root@s11-serv1:~# installadm list -c Service Name Client Address Arch ------------ ----------------custom_ai 08:00:27:85:C7:D8 i386
Image Path ---------/export/ai/custom_ai
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 30
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4.
Copy the /var/tmp/manifests/basic_ai.xml file to the /var/tmp/manifests/custom_ai.xml file. root@s11-serv1:~# cp /var/tmp/manifests/basic_ai.xml \ /var/tmp/manifests/custom_ai.xml
9.
Modify the /var/tmp/manifests/custom_ai.xml file XML tag element by using the following: • Auto_install manifest: •
AI instance name (ai_instance name): custom_ai
• •
Auto-reboot (auto_boot): true IPS origin URI: http://s11-serv1.mydomain.com
•
IPS package: entire
•
IPS package: solaris-small-server
10. Use the diff command to view the differences between the custom_ai.xml file and the basic_ai.xml file. root@s11-serv1:~# diff /var/tmp/manifests/custom_ai.xml \ /var/tmp/manifests/basic_ai.xml 27c27 < --> 11. Create a MAC address-based criteria manifest named criteria_custom_ai.xml in the /var/tmp/manifests directory. Use the MAC addresses of the network client Sol11Client3. root@s11-serv1:~# vi /var/tmp/manifests/criteria_custom_ai.xml 08:00:27:85:C7:D8 Note: If the AI client does not match the criteria for a service (in this case, a specific MAC address), the AI service will use the default manifest when installing the OS. 12. Add the custom_ai manifest and criteria manifest to the custom_ai service and show the results. root@s11-serv1:~# installadm create-manifest –n custom_ai \ -f /var/tmp/manifests/custom_ai.xml \ –C /var/tmp/manifests/criteria_custom_ai.xml root@s11-serv1:~# installadm list -c -m Service Name Client Address Arch Image Path ------------ -------------------------Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 31
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
8.
/export/ai/custom_ai
13. Use the sysconfig utility to create a profile for Sol11-Client3 using the following properties: • Hostname: s11-client3 • Network type: Manually • IPv4 interface name: net0 • Static IP address: 192.168.0.142 • Default route: None • DNS: Configure DNS • DNS Server IP address: 192.168.0.100 • DNS search: mydomain.com • Alternate name service: None • Time zone: choose your local time zone • Root password: oracle1 • Your real name: oracle1 • Username: oracle1 • User password: oracle1 root@s11-serv1:~# sysconfig create-profile \ -o /var/tmp/manifests/client3_profile.xml Note: The sysconfig create-profile utility launches a system configuration tool similar to the System Configuration Tool you used during the Text installation in Practice 4-1.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 32
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
custom_ai 08:00:27:85:C7:D8 i386 Service Name Manifest Status ------------ ------------custom_ai custom_ai orig_default Default default-i386 orig_default Default
14. View the contents of the Sol11-Client3 profile. root@s11-serv1:~# more /var/tmp/manifests/client3_profile.xml
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 33
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
The System Configuration Summary should look similar to the following:
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 34
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
15. Add the system configuration profile manifest custom_ai service and show the results. root@s11-serv1:~# installadm create-profile –n custom_ai \ -f /var/tmp/manifests/client3_profile.xml –p client3_profile \ -C /var/tmp/manifests/criteria_custom_ai.xml Profile client3_profile.xml added to database. root@s11-serv1:~# installadm list -p -n custom_ai Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 35
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Criteria -------mac = 08:00:27:85:C7:D8
16. Validate the system configuration profile. root@s11-serv1:~# installadm validate -n custom_ai \ -p client3_profile Validating static profile client3_profile... Passed
Task 2: Deploying the OS to a Network Client After you have completed AI server configuration, it is time to test your work by deploying the Oracle Solaris 11 operating system to a network client. Perform these steps to deploy the OS to a network client: 1. On the host system, launch the Oracle VM VirtualBox Manager.
2. 3. 4.
Verify that the Sol11-Server1 virtual machine is running (1). Select the Sol11-Client3 virtual machine icon (2). Click the Start button (3). This will boot the Sol11-Client3 virtual machine. If the AI server is configured correctly, you should see the OS installation begin. Note: Perform the next step as soon as possible.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 36
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Profile ------client3_profile
When the Sol11-Client1 system starts the GNU GRUB menu, select the Oracle Solaris 11 11/11 Automated Install boot option.
Note: When you choose this boot option, the interactive system configuration is not available to you during this OS installation. IPS is used during the OS installation. 6. Note that the message traffic indicates that the IPS server is providing the installation package. When the AI installation completes, you should see messages similar to these.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 37
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
8.
After the OS installation is complete, reboot from the hard disk and log in as oracle1. Check the system configuration to verify that the OS if configured according to the profile. Shut down and power-off the Sol11-Client3 virtual machine.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
7.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 38
Overview In this practice, you get to apply the skills and knowledge you gained from the lecture and guided practices. You are challenged with completing the following task(s) without the benefit of a step-by-step guide. Hint: Use all the available resources, such as man pages, student guide, activity guide, and your instructor, to successfully complete each task. Note: This practice is optional. Check with your instructor to determine if you have enough time available to complete this practice. If you begin this practice and run out of time, set this practice aside and return to it if time permits.
Task 1 : Remove an AI Service Perform this task on the Sol11-Server1 VM. • Determine the name of the current AI service. • Remove the current AI service from the system.
Task 2: Manage the Boot Environment Perform this task on the Sol11-Server1 VM. Add new AI service to the system using these AI service configuration properties: • AI service name: my_ai •
Source AI ISO image: /opt/ora/course_files/sol-11-dev-ai-175b.x86.iso
• •
DHCP base address: 192.168.0.160 DHCP address count: 10
•
Target directory: /export/ai/my_ai
Task 3: Add a Client to the AI Service Perform this task on the Sol11-Server1 VM. Add a client to the my_ai AI service using these properties: • Client virtual machine: Sol11-Client4 • Client MAC address: 08:00:27:85:C7:D9
Task 4: Create a Manifest for the New AI Service Perform this task on the Sol11-Server1 VM. Create a manifest for the my_ai service using the manifest configuration properties: •
AI instance name (ai_instance name): my_ai
• •
Auto-reboot (auto_reboot): true IPS origin URI: http://s11-serv1.mydomain.com
•
IPS package: entire
•
IPS package: solaris-small-server
•
Criteria: MAC address 08:00:27:85:C7:D9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 39
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 4-6: Test Your Skills and Knowledge
Perform this task on the Sol11-Server1 VM. Create a system configuration profile for AI client Sol11-Client4 using the manifest configuration properties: • Hostname: s11-client4 • Network type: Manually • IPv4 interface name: net0 • Static IP address: 192.168.0.143 • Default route: None • DNS: Configure DNS • DNS Server IP address: 192.168.0.100 • DNS search: mydomain.com • Alternate name service: None • Time zone: choose your local time zone • Root password: oracle1 • Your real name: oracle1 • Username: oracle1 • User password: oracle1
Task 6: Install the Oracle Solaris 11 OS on the AI Client After you have completed AI server configuration, it is time to test your work by deploying the Oracle Solaris 11 operating system to the network client. Open the Oracle VM VirtualBox Manager and start the Sol11-Client4 VM. Monitor the installation of the Oracle Solaris 11 OS on the network client.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System Chapter 4 - Page 40
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Task 5: Create a System Configuration Profile for the AI Client
Chapter 5
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 1
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 5: Administering Oracle Solaris 11 Zones
Practices Overview The practices for the lesson titled “Administering Oracle Solaris 11 Zones” introduce you to the virtual-to-virtual (V2V) and physical-to-virtual (P2V) methods for migrating Oracle Solaris 10 zones to solaris10 zones. These practices provide guided, hands-on experience with migrating zones. During the practices, you apply Solaris 10 zone migration best practices applicable to the Oracle Solaris 11 operating system. The key areas explored in this practice are: • Migrating Oracle Solaris 10 zones to Oracle Solaris 11 (V2V) • Migrating Oracle Solaris 10 global zones to Oracle Solaris 11 (P2V) • Monitoring zone resource utilization
Assumptions As in the lessons titled “Managing Software Packages in Oracle Solaris 11” and “Installing the Oracle Solaris 11 Operating System,” your practice environment is based on the Oracle VM VirtualBox virtualization software.
Figure 1: Oracle VM VirtualBox Manager Remember: The virtual machines (VMs) are configured on a private internal network (192.168.0). Each VM can communicate with other VMs on the same private network but not with the local host machine or other machines on the same network as the local host machine. The VMs you use in this practice are as follows: • Sol11- SuperServer: This VM provides network services such as DNS and NFS used by the VMs in the practice. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 2
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 5
Sol10-Server1: This is the system you use as the source of the zone migration practices. • Sol11-Server1: This is the system you use as the target of the zone migration practices. Note: You will also need an IPS server running on the same subnet as the AI clients for this practice. Be sure to have started the Sol11-Server1 VM before you begin the lab. Note: The responses to the commands shown in these practices are examples only. The values you see during your practice experience might vary slightly.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
•
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 3
Overview Oracle Solaris BrandZ technology provides the framework to create zones that are used to run applications that cannot be run in an Oracle Solaris 11 environment. In the lab, you experience working with the Oracle Solaris 10 zones. Oracle Solaris 10 Zone workloads running within these Oracle Solaris 10 zones can take advantage of the enhancements made to the Oracle Solaris kernel and utilize some of the innovative technologies available only on the Oracle Solaris 11 release. In this practice, you explore the virtual-to-virtual (V2V) process for migrating an Oracle Solaris 10 native zone to an Oracle Solaris 11 environment. To do this, you perform four key tasks: • Assess the source Solaris 10 Zone • Prepare the source system for migration • Prepare the target system for migration • Migrate from the Solaris 10 zone
Task 1: Assess the Source Solaris 10 Zone Perform these steps to assess the source Solaris 10 zone: 1. Verify that the Sol11-SuperServer, Sol11-Server1, and Sol10-Server1 virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them at this time. 2. Log in to virtual machine Sol10-Server1 as user root. Use the password cangetin. 3.
In the terminal window, run the zoneadm list command to determine the state of the zones currently configured on the system. # zoneadm list -cv ID NAME STATUS PATH 0 global running / - zone1 installed /export/zones/1 Note that zone1 is in the installed state.
4.
BRAND native native
IP shared shared
Boot zone zone1. # zoneadm –z zone1 boot
5.
Log in to zone zone1. # zlogin zone1 [Connected to zone 'zone1' pts/6] Last login: Mon Mar 28 13:31:10 on console Oracle Corporation SunOS 5.10 Generic Patch 2005 #
6.
Determine the zone’s hostname. # hostname zone1
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 4
January
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 5-1: Migrating an Oracle Solaris 10 Zone to Oracle Solaris 11
Determine the zone’s host ID. # hostid 34dcc40c
8.
Determine the zone’s domain. # domainname mydomain.com
9.
Determine the zone’s network interface and IP configuration. # ifconfig -a lo0:1: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 net0:1: flags=1000843 mtu 1500 index 2 inet 192.168.0.116 netmask ffffff00 broadcast 192.168.0.255
10. Determine the zone’s disk usage. # df -k Filesystem / /dev /lib /platform /sbin /usr proc ctfs mnttab objfs swap /etc/svc/volatile fd swap swap
kbytes 12221960 12221960 12221960 12221960 12221960 12221960 0 0 0 0 484308 0 484016 484004
used 7965682 7965682 7965682 7965682 7965682 7965682 0 0 0 0 328 0 36 24
avail capacity 4134059 66% 4134059 66% 4134059 66% 4134059 66% 4134059 66% 4134059 66% 0 0% 0 0% 0 0% 0 0% 483980 1%
Mounted on / /dev /lib /platform /sbin /usr /proc /system/contract /etc/mnttab /system/object
0 483980 483980
/dev/fd /tmp /var/run
0% 1% 1%
11. Exit from zone1 to the global zone. # ~. [Connection to zone ‘zone1’ pts/4 closed] 12. In the global zone, determine how zone1 is configured. # zonecfg -z zone1 info zonename: zone1 zonepath: /export/zones/1 brand: native autoboot: false bootargs: pool: limitpriv: Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 5
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
7.
Task 2: Prepare the Source Solaris 10 Zone for Migration Perform these steps to prepare the source Solaris 10 zone for migration: 1. Halt zone1. # zoneadm –z zone1 halt 2.
Place zone1 in the ready state. # zoneadm -z zone1 ready # zoneadm list -cv ID NAME STATUS 0 global running 1 zone1 ready
PATH / /export/zones/1
BRAND native native
IP shared shared
When in the ready state, the zone is established. The kernel creates a "zsched" process, the network interface is ready, file systems are mounted, and devices are configured. The zone has unique ID. However, processes are not started. The zone must be in the ready state for the migration to succeed. 3.
Run the showmount –e command to determine whether the source system is configured as an NFS server. # showmount –e export list for s10-serv1: /export/share (everyone)
4.
Create a gzip compressed cpio archive named 1.cpio.gz for zone1, which will still be named zone1 on the target system. # cd /export/zones/1 # find . -print | cpio -oP@ | gzip > /export/share/1.cpio.gz 7139590 blocks Note: This will take awhile to complete. Perform the next task while the archive is being built. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 6
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
scheduling-class: ip-type: shared hostid: inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr net: address: 192.168.0.116 physical: net0 defrouter not specified
Perform these steps to prepare the target system for migration: 1. Log in to virtual machine Sol11-Server1 as user oracle and su to root. 2.
Mount the NFS share directory from the source system to the /export/share directory. root@s11-serv1:~# showmount -e s10-serv1 export list for s10-serv1: /export/share (everyone) root@s11- serv1:~# mkdir /export/share root@s11- serv1:~# mount -F nfs s10-serv1:/export/share \ /export/share
3.
List the contents of the /export/share directory. root@s11-serv1:~# ls /export/share 1.cpio.gz
4.
Check to see whether your IPS server is currently running. If not, start it now. Make sure the IPS server is completely started before performing the next step. Create an Oracle Solaris 10 Zone suitable for the migration.
5.
6.
root@s11-serv1:~# zonecfg -z zone1 zone1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone1> create -t SYSsolaris10 zonecfg:zone1> set zonepath=/zones/zone1 zonecfg:zone1> set autoboot=true zonecfg:zone1> select anet linkname=net0 zonecfg:zone1:anet> set allowed-address=192.168.0.116/24 zonecfg:zone1:anet> set configure-allowed-address=true zonecfg:zone1:anet> end zonecfg:zone1> set hostid=34dcc40c zonecfg:zone1> verify zonecfg:zone1> commit zonecfg:zone1> exit Verify that the zone1 configuration meets the Oracle Solaris 10 Zone migration requirements. root@s11-serv1:~# zonecfg -z zone1 info zonename: zone1 zonepath: /zones/zone1 brand: solaris10 autoboot: true bootargs: file-mac-profile: pool: limitpriv: scheduling-class: Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 7
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Task 3: Prepare the Target System for Migration
Task 4: Migrate from the Solaris 10 Zone Perform these steps to migrate the Solaris 10 zone: 1. After the zone1 archiving has completed (in Task 2), use the zoneadm attach subcommand to attach the gzip image to zone1. root@s11-serv1:~# ls /export/share 1.cpio.gz root@s11-serv1:~# zoneadm -z zone1 attach -a \ /export/share/1.cpio.gz Progress being logged to /var/log/zones/zoneadm.20111026T145954Z.zone1.attach Log File: /var/log/zones/zoneadm.20111026T145954Z.zone1.attach Attaching... Installing: This may take several minutes... Attach complete. Log saved in non-global zone as /zones/zone1/root/var/log/zones/zoneadm.20111026T145954Z.zone1.at tach root@s11-serv1:~# Note: This will take several minutes to complete.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 8
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
ip-type: exclusive hostid: 34dcc40c fs-allowed: anet: linkname: net0 lower-link: auto allowed-address: 192.168.0.116/24 configure-allowed-address: true defrouter not specified allowed-dhcp-cids not specified link-protection: "mac-nospoof, ip-nospoof" mac-address: random mac-prefix not specified mac-slot not specified vlan-id not specified priority not specified rxrings not specified txrings not specified mtu not specified maxbw not specified rxfanout not specified
List the zones currently configured on the system. root@s11-serv1:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - zone1 installed /zones/zone1 solaris10 excl
3
Boot the newly migrated zone. root@s11-serv1:~# zoneadm –z zone1 boot ...
4.
List the zones to verify that zone1 has successfully booted. root@s11-serv1:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 1 zone1 running /zones/zone1 solaris10 excl
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 9
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
2.
Overview In this practice, you explore the physical-to-virtual (P2V) process for migrating an Oracle Solaris 10 global zone to an Oracle Solaris 11 environment. To do this, you perform four key tasks: • Assess the source Solaris 10 global zone • Prepare the source global zone for migration • Prepare the target global zone for migration • Migrate from the Solaris 10 global zone
Task 1: Assess the Source Solaris 10 Global Zone Perform these steps to assess the source Solaris 10 global zone: 1. Verify that the Sol11-SuperServer, Sol10-Server1, and Sol11-Serv1 virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them at this time. 2. Log in to virtual machine Sol10-Server1 as user root. Use the password cangetin. 3. In the terminal window, verify that the release of the Oracle Solaris 10 OS meets migration requirements. # cat /etc/release Oracle Solaris 10 9/10 s10x_u9wos_14a X86 Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. Assembled 11 August 2010 4.
Determine the global zone’s hostname. # hostname s10-serv1
5.
Determine the global zone’s host ID. # hostid 34dcc40c
6.
Determine the global zone’s domain. # domainname mydomain.com
7.
Determine the zone’s network interface and IP configuration. # ifconfig -a lo0: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 net0: flags=1000843 mtu 1500 index 2 inet 192.168.0.115 netmask ffffff00 broadcast 192.168.0.255 ether 8:0:27:5e:d9:55 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 10
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 5-2: Migrating an Oracle Solaris 10 Global Zone to Oracle Solaris 11 (P2V)
Determine the zone’s disk usage. # df -k Filesystem kbytes used avail capacity Mounted on /dev/dsk/c0t0d0s0 12221960 4049892 8049849 34% / /devices 0 0 0 0% /devices ctfs 0 0 0 0% /system/contract proc 0 0 0 0% /proc mnttab 0 0 0 0% /etc/mnttab swap 726248 996 725252 1% /etc/svc/volatile objfs 0 0 0 0% /system/object sharefs 0 0 0 0% /etc/dfs/sharetab fd 0 0 0 0% /dev/fd swap 725336 84 725252 1% /tmp swap 725288 36 725252 1% /var/run /dev/dsk/c0t0d0s7 3741322 3729 3700180 1% /export/home ora 1953261564 224403328 172885823612% /opt/ora
Task 2: Prepare the Source Global Zone for Migration Perform these steps to prepare the source global zone for migration: 1. In the terminal window, run the zoneadm list command to determine the state of the zones currently configured on the system. # zoneadm list -cv ID NAME STATUS 0 global running 1 zone1 ready 2.
PATH / /export/zones/1
BRAND native native
Halt the non-global zones. # zoneadm –z zone1 boot # zoneadm –z zone1 halt
3.
Determine the NFS share directory. # showmount -e export list for s10-serv1: /export/share (everyone)
4.
Create a flar image of the global zone in the NFS share directory. # flarcreate -S -n s10-serv1 -x /export/zones \ -x /export/share -L cpio /export/share/s10-serv1.flar Full Flash Checking integrity... Integrity OK. Running precreation scripts... Precreation scripts done. Creating the archive... 10520784 blocks Archive creation complete. Running postcreation scripts... Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 11
IP shared shared
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
8.
Task 3: Prepare the Target System for Migration Perform these steps to prepare the target system for migration: 1. Verify that the s10-serv1 NFS share directory is mounted on the s11-serv1 machine. root@s11- serv1:~# mount|grep /export/share /export/share on s10-serv1:/export/share remote/read/write/setuid/devices/rstchown/xattr/dev=8d80001 on Sat Aug 13 04:58:40 2011 2.
List the contents of the /export/share directory. root@s11-serv1:~# ls /export/share 1.cpio.gz s10-serv1.flar
3.
Create a Solaris 10 zone suitable for the global zone migration. root@s11-serv1:~# zonecfg -z zone2 zone1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone2> create -t SYSsolaris10 zonecfg:zone2> set zonepath=/zones/zone2 zonecfg:zone2> set autoboot=true zonecfg:zone2> select anet linkname=net0 zonecfg:zone2:anet> set allowed-address=192.168.0.117/24 zonecfg:zone2:anet> set configure-allowed-address=true zonecfg:zone2:anet> end zonecfg:zone2> set hostid=34dcc40c zonecfg:zone2> verify zonecfg:zone2> commit zonecfg:zone2> exit
4.
Verify that the zone2 configuration meets the Solaris 10 global zone migration requirements. root@s11-serv1:~# zonecfg -z zone2 info zonename: zone2 zonepath: /zones/zone2 brand: solaris10 autoboot: true bootargs: file-mac-profile: pool: limitpriv: scheduling-class: ip-type: exclusive Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 12
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Postcreation scripts done. Running pre-exit scripts... Pre-exit scripts done. Note: This will take awhile to complete. Perform the next task while the archive is being built.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 13
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
hostid: 34dcc40c fs-allowed: anet: linkname: net0 lower-link: auto allowed-address: 192.168.0.117/24 configure-allowed-address: true defrouter not specified allowed-dhcp-cids not specified link-protection: "mac-nospoof, ip-nospoof" mac-address: random mac-prefix not specified mac-slot not specified vlan-id not specified priority not specified rxrings not specified txrings not specified mtu not specified maxbw not specified rxfanout not specified
Now that the target system is prepared, it is time to migrate from the Solaris 10 global zone. Perform these tasks to migrate the Solaris 10 global zone: 1. After the global zone flar image has completed building (in Task 2), use the zoneadm install subcommand to install the flar image in zone2. root@s11- serv1:~# zoneadm -z zone2 install -a \ /export/share/s10-serv1.flar -u A ZFS file system has been created for this zone. Progress being logged to /var/log/zones/zoneadm.20111026T154122Z.zone2.install Installing: This may take several minutes... Postprocessing: This may take a while... Postprocess: The following zones in this image will be unusable: zone1 Postprocess: These zonepaths could be removed from this image: Postprocess: /export/zones/1 Postprocess: Updating the image to run within a zone Postprocess: Migrating data from: rpool/zones/zone2/rpool/ROOT/zbe-0 to: rpool/zones/zone2/rpool/export Postprocess: A backup copy of /export is stored at /export.backup.20111026T155332Z. It can be deleted after verifying it was migrated correctly. Result: Installation completed successfully. Log saved in non-global zone as /zones/zone2/root/var/log/zones/zoneadm.20111026T154122Z.zone2.in stall Note: This will take awhile to complete. 2.
3.
List the zones currently configured on the system. root@s11-serv1:~# zoneadm list -cv ID NAME STATUS PATH 0 global running / 1 zone1 running /zones/zone1 - zone2 installed /zones/zone2
BRAND solaris solaris10 solaris10
IP shared excl excl
Boot the newly migrated zone. root@s11-serv1:~# zoneadm –z zone2 boot zone 'zone2': WARNING: net0:2: no matching subnet found in netmasks(4): 192.168.0.117; using default of 255.255.255.0.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 14
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Task 4: Migrate from the Solaris 10 Global Zone
5.
List the zones to verify that zone2 has successfully booted. root@s11- serv1:~# zoneadm list -cv ID NAME STATUS PATH 0 global running / 1 zone1 running /zones/zone1 3 zone2 running /zones/zone2
BRAND solaris solaris10 solaris10
IP shared excl excl
Power-off the Sol10-Server1 virtual machine.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 15
Overview Oracle Solaris 11 provides a powerful new zone monitoring utility: zonestat. The zonestat utility allows you to gather reports on CPU, memory, and resource control utilization of the currently running zones. Each zone’s utilization is reported as a percentage of both system resources and the zone’s configured limits. The zonestat utility prints a series of reports at the specified interval. It optionally also prints one or more summary reports at a specified interval.
Task: Monitor Zone Resource Utilization Perform the following steps to monitor zone resource utilization: 1. Use the zonestat utility to display a summary of memory utilization every five seconds. root@s11-serv1:~# zonestat -z global -r physical-memory 5 Collecting data for first interval... Interval: 1, Duration: 0:00:05 PHYSICAL-MEMORY SYSTEM MEMORY mem_default 767M ZONE USED PCT CAP %CAP [total] 631M 82.2% [system] 215M 28.1% global 14.9M 1.94% zone1 123M 15.8% zone2 137M 18.3% … Use Control + C to escape the zonestat command. 2.
Use the zonestat utility to report on the default processor set (pset) once a second for one minute. root@s11-serv1:~# zonestat -r default-pset 1 1m Interval: 8, Duration: 0:00:08 PROCESSOR_SET TYPE ONLINE/CPUS MIN/MAX pset_default default-pset 1/1 1/1 ZONE USED PCT CAP %CAP SHRS %SHR %SHRU [total] 0.11 11.0% [system] 0.03 3.11% global 0.06 6.01% zone1 0.01 1.11% zone2 0.00 0.82% …
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 16
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 5-3: Monitoring Zone Resource Utilization
Use the zonestat utility to monitor silently at 10-second intervals for one minute and then produce a report on the total and high utilizations. root@s11-serv1:~# zonestat -q -R total,high 10s 1m Report: Total Usage Start: Sat Oct 1 11:24:35 MDT 2011 End: Sat Oct 1 11:25:35 MDT 2011 Intervals: 6, Duration: 0:01:00 SUMMARY Cpus/Online: 1/1 Physical: 767M Virtual: 2000M ---------CPU---------- ----PHYSICAL----- -----VIRTUAL----ZONE USED %PART %CAP %SHRU USED PCT %CAP USED PCT %CAP [total] 0.05 5.14% - 635M 82.8% - 882M 44.0% [system]0.02 2.28% - 213M 27.8% - 324M 16.2% global 0.02 2.31% - 15.1M 1.97% - 355M 17.7% zone1 0.00 0.47% - 122M 15.9% - 184M 9.20% zone2 0.00 0.06% 0 0.00% - 17.6M 0.88% Report: High Usage Start: Sat Apr 2 11:24:35 MDT 2011 End: Sat Apr 2 11:25:35 MDT 2011 Intervals: 6, Duration: 0:01:00 SUMMARY Cpus/Online: 1/1 Physical: 767M Virtual: 2000M ---------CPU---------- ----PHYSICAL----- -----VIRTUAL----ZONE USED %PART %CAP %SHRU USED PCT %CAP USED PCT %CAP [total] 0.06 6.53% - 636M 82.8% - 882M 44.1% [system]0.02 2.42% - 213M 27.8% - 325M 16.2% global 0.03 3.64% - 15.1M 1.97% - 355M 17.7% zone1 0.00 0.67% - 122M 15.9% - 184M 9.20% zone2 0.00 0.09% 0 0.00% - 17.6M 0.88% -
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 17
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
3.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 5: Administering Oracle Solaris 11 Zones Chapter 5 - Page 18
Chapter 6
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 1
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements
Practices Overview The practices for the lesson titled “Oracle Solaris 11 Network Enhancements” introduce you to the important new networking features found in Oracle Solaris 11. These practices provide guided, hands-on experience in working with these new features. During the practices, you apply network administration best practices applicable to the Oracle Solaris 11 operating system. The key areas explored in these practices are: • Managing NWAM •
Exploring the capabilities of the ipadm utility
• • • • •
Creating IPMP configurations Configuring network virtualization Configuring a network bridge Configuring link aggregation Monitoring the network
Assumptions As in previous lessons, your practice environment is based on the Oracle VM VirtualBox virtualization software.
Figure 1: Oracle VM VirtualBox Manager Remember: The virtual machines (VMs) are configured on a private internal network (192.168.0). Each VM can communicate with other VMs on the same private network (see Figure 2) but cannot communicate with the local host machine or other machines on the same network as the local host machine.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 2
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 6
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 3
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Figure 2: Practice Network Topology The virtual machines (VMs) you use in these practices are as follows: • Sol11-SuperServer: This VM provides network services such as DNS and NFS used by the VMs in the practice. • Sol11-Server1: This is the system that you use to perform the network configuration practices. • Sol11-Desktop: This is the system that you use to perform the NWAM practice. You also use this system to verify the results of the network configuration practices performed on the Sol11-Server1 system. Note: The responses to the commands shown in these practices are examples only. The values you see during your practice experience might vary slightly.
Overview Network Auto-Magic (NWAM) is a technology that simplifies and automates network configuration on Solaris 11. The key NWAM components are the Network Profiles, which allow you to specify various network configurations to be created depending on the current network conditions. The Network Profiles component is often commonly referred to as NWAM. In this practice, you perform these tasks: • Assess the current NWAM configuration. • Create and deploy an NWAM profile.
Task 1: Assessing the Current NWAM Configuration Note: For NWAM to configure the host’s network interface “auto-magically”, DHCP service must be available. During the practice for Lesson 4, you configured DHCP by using the installadm utility. Perform these steps to configure an NWAM profile: 1. Verify that the Sol11-SuperServer and Sol11-Desktop virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them at this time. 2. Log in to virtual machine Sol11-Desktop system as user oracle. 3. Click the Network Preferences icon to determine which NCPs and network interfaces (NCUs) are currently enabled by NWAM.
4. Open a terminal window, su to root.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 4
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 6-1: Managing NWAM
Display the current network configuration for this system. root@s11-desktop:~# ipadm show-addr ADDROBJ TYPE STATE lo0/v4 static ok net0/_a static ok lo0/v6 static ok
6.
List all available NWAM profiles and their current states. root@s11-desktop:~# netadm TYPE PROFILE ncp Automatic ncp start_state ncu:phys net0 ncu:ip net0 loc aces loc Automatic loc NoNet loc User
7.
list Automatic STATE disabled offline
List the NWAM start_state profile. root@s11-desktop:~# netadm TYPE PROFILE ncp start_state ncu:phys net0 ncu:ip net0
9.
list STATE disabled online online online online offline offline disabled
List the NWAM Automatic profile. root@s11-desktop:~# netadm TYPE PROFILE ncp Automatic loc Automatic
8.
ADDR 127.0.0.1/8 192.168.0.111/24 ::1/128
list start_state STATE online online online
List the NWAM location profiles. root@s11-desktop:~# netadm TYPE PROFILE loc aces loc Automatic loc NoNet loc User
list -p loc STATE online offline offline disabled
10. Lists all the phys and ip network configuration units (NCUs) in the active network configuration profiles (NCPs). root@s11-desktop:~# netadm list -c phys TYPE PROFILE STATE ncu:phys net0 online root@s11-desktop:~# netadm list -c ip TYPE PROFILE STATE Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 5
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
net0
online
11. List all NWAM profiles and their auxiliary states. root@s11-desktop:~# netadm list -x TYPE ncp ncp ncu:phys ncu:ip loc loc loc loc
PROFILE Automatic start_state net0 net0 aces Automatic NoNet User
STATE disabled online online online online offline offline disabled
AUXILIARY STATE disabled by administrator active interface/link is up interface/link is up active conditions for activation are unmet conditions for activation are unmet disabled by administrator
12. Use the netcfg export command to create backups of the start_state and aces profiles. root@s11-desktop:~# netcfg export -f start_state_ncp_backup ncp \ start_state root@s11-desktop:~# netcfg export -f aces_loc_backup \ loc aces root@s11-desktop:~# ls *backup aces_loc_backup start_state_ncp_backup 13. Use the netcfg utility to select the start_state profile and list its NCUs. root@s11-desktop:~# netcfg netcfg> select ncp start_state netcfg:ncp:start_state> list NCUs: phys net0 ip net0 14. Select the phys NCU and display its properties. netcfg:ncp:start_state> select ncu phys net0 netcfg:ncp:start_state:ncu:net0> list ncu:net0 type link class phys parent "start_state" activation-mode manual enabled true netcfg:ncp:start_state:ncu:net0> end 15. Select the ip NCU and display its properties. netcfg:ncp:start_state> select ncu ip net0 netcfg:ncp:start_state:ncu:net0> list ncu:net0 type interface class ip Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 6
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
ncu:ip
16. Select the aces location profile and list its properties. netcfg> select loc aces netcfg:loc:aces> list loc:aces activation-mode enabled nameservices nameservices-config-file dns-nameservice-configsrc dns-nameservice-domain dns-nameservice-servers netcfg:loc:aces> end netcfg> exit root@s11-desktop:~#
manual true dns "/etc/nsswitch.dns" manual "mydomain.com" "192.168.0.100"
Task 2: Create and Deploy an NWAM Profile Perform these steps to configure an NWAM profile: 1. Create an NCP named oracle_profile. root@s11-desktop:~# netcfg netcfg> create ncp oracle_profile 2.
Create a phys NCU for data link net1. netcfg:ncp:oracle_profile> create ncu phys net1 Created ncu 'net1'. Walking properties ... activation-mode (manual) [manual|prioritized]> manual link-mac-addr> Press Return link-autopush> Press Return link-mtu> Press Return netcfg:ncp:oracle_profile:ncu:net1> list ncu:net1 type link class phys parent "oracle_profile" activation-mode manual enabled true Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 7
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
parent "start_state" enabled true ip-version ipv4 ipv4-addrsrc static ipv4-addr "192.168.0.111" netcfg:ncp:start_state:ncu:net0> end netcfg:ncp:start_state> end netcfg>
3.
Create an ip NCU for data link net1. netcfg:ncp:oracle_profile> create ncu ip net1 Created ncu 'net1'. Walking properties ... ip-version (ipv4,ipv6) [ipv4|ipv6]> ipv4 ipv4-addrsrc (dhcp) [dhcp|static]> static ipv4-addr> 192.168.0.111 ipv4-default-route> Press Return netcfg:ncp:oracle_profile:ncu:net1> list ncu:net1 type interface class ip parent "oracle_profile" enabled true ip-version ipv4 ipv4-addrsrc static ipv4-addr "192.168.0.111" ipv6-addrsrc dhcp,autoconf netcfg:ncp:oracle_profile:ncu:net1> verify All properties verified netcfg:ncp:oracle_profile:ncu:net1> commit Committed changes netcfg:ncp:oracle_profile:ncu:net1> end netcfg:ncp:oracle_profile> list ncu ip net1 ncu:net1 type interface class ip parent "oracle_profile" enabled true ip-version ipv4 ipv4-addrsrc static ipv4-addr "192.168.0.111" ipv6-addrsrc dhcp,autoconf netcfg:ncp:oracle_profile> end netcfg>
4.
Create a location (loc) NCP named classroom. netcfg> create loc classroom
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 8
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
netcfg:ncp:oracle_profile:ncu:net1> end Committed changes netcfg:ncp:oracle_profile> list NCUs: phys net1
5.
Use the netcfg list command to display all profiles that exist at the current scope. root@s11-desktop:~# netcfg list NCPs: Automatic oracle_profile start_state Locations: aces Automatic Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 9
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
activation-mode (manual) [manual|conditional-any|conditionalall]> conditional-all conditions> "system-domain is mydomain.com" nameservices (dns) [dns|files|nis|ldap]> dns nameservices-config-file ("/etc/nsswitch.dns")> Press Return dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual dns-nameservice-domain> "mydomain.com" dns-nameservice-servers> "192.168.0.100" dns-nameservice-search> Press Return dns-nameservice-sortlist> Press Return dns-nameservice-options> Press Return nfsv4-domain> Press Return ipfilter-config-file> Press Return ipfilter-v6-config-file> Press Return ipnat-config-file> Press Return ippool-config-file> Press Return ike-config-file> Press Return ipsecpolicy-config-file> Press Return netcfg:loc:classroom> list loc:classroom activation-mode conditional-all conditions "system-domain is mydomain.com" enabled false nameservices dns nameservices-config-file "/etc/nsswitch.dns" dns-nameservice-configsrc manual dns-nameservice-domain "mydomain.com" dns-nameservice-servers "192.168.0.100" netcfg:loc:classroom> verify All properties verified netcfg:loc:classroom> commit Committed changes netcfg:loc:classroom> end netcfg> exit
6.
Use the netcfg export command to create backups of your oracle_profile and classroom profiles. root@s11-desktop:~# netcfg export -f oracle_ncp_backup ncp \ oracle_profile root@s11-desktop:~# netcfg export -f classroom_loc_backup \ loc classroom 7. Destroy the classroom profile and show the results. root@s11-desktop:~# netcfg destroy loc classroom root@s11-desktop:~# netcfg list NCPs: Automatic oracle_profile start_state Locations: aces Automatic NoNet User 8.
Recover the classroom profile from your backup and show the results. root@s11-desktop:~# netcfg -f classroom_loc_backup Configuration read. root@s11-desktop:~# netcfg list NCPs: Automatic oracle_profile start_state Locations: aces Automatic classroom NoNet User
9.
Use the netcfg enable command to enable classroom and oracle_profile profiles. root@s11-desktop:~# netadm enable classroom Enabling loc 'classroom' root@s11-desktop:~# netadm enable oracle_profile Enabling ncp 'oracle_profile'
10. Reboot the system to verify that oracle_profile and classroom are the default NWAM profiles. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 10
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
classroom NoNet User
11. After the system reboots, log in as oracle and su to root. 12. Open the Network Preferences dialog box.
Note that network interface net1 is now connected to the network. 13. Use the ping command to verify communication with a remote host. root@s11-desktop:~# ping s11-ss s11-ss is alive
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 11
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
root@s11-desktop:~# init 6
Overview The ipadm command provides a set of subcommands that you use to manage network interfaces, manage IP addresses, and manage TCP/IP protocol properties. The ipadm utility replaces some of the ifconfig command functionality for IP interface-related tasks.
Task: Exploring the Capabilities of the ipadm Utility Perform these steps to explore the capabilities of the ipadm utility: 1. Verify that the Sol11-SuperServer and Sol11-Server1 virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them at this time. 2. Log in to virtual machine Sol11-Server1 system as user oracle and su to root. 3.
In a terminal window, run the dladm show-phys command to determine the state of the physical network interfaces currently configured in the system. root@s11-serv1:~# dladm LINK MEDIA net0 Ethernet net1 Ethernet net2 Ethernet net3 Ethernet
4.
show-phys STATE up unknown unknown unknown
SPEED 1000 1000 1000 0
DEVICE e1000g0 e1000g1 e1000g2 e1000g3
Run the dladm show-link command to determine the state of each network link currently configured in the system. root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE net0 phys 1500 up net1 phys 1500 unknown net2 phys 1500 unknown net3 phys 1500 unknown zone1/net0 vnic 1500 up zone2/net0 vnic 1500 up
5.
DUPLEX full full full unknown
OVER ----net0 net0
Run the ipadm show-if command to show network interface configuration information. root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -net0 ip ok yes --
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 12
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 6-2: Exploring the Capabilities of the ipadm Utility
Rename link net1 to training1 and show the results. root@s11-serv1:~# dladm rename-link net1 training1 root@s11-serv1:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX net0 Ethernet up 1000 full training1 Ethernet unknown 1000 full net2 Ethernet unknown 1000 full net3 Ethernet unknown 0 unknown root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -training0 phys 1500 unknown -net2 phys 1500 unknown -net3 phys 1500 unknown -zone1/net0 vnic 1500 up net0 zone2/net0 vnic 1500 up net0
7.
8.
DEVICE e1000g0 e1000g1 e1000g2 e1000g3
Run the ipadm command to create an IP interface for link training1 and show the results. root@s11-serv1:~# ipadm create-ip training1 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -net0 ip ok yes -training1 ip down no -Run the ipadm command to create the static IPv4 address 192.168.0.113/24 on the interface training1 and show the results. root@s11-serv1:~# ipadm create-addr -T static -a \ 192.168.0.113/24 training1/v4 root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net0/v4 static ok 192.168.0.112/24 training1/v4 static ok 192.168.0.113/24 lo0/v6 static ok ::1/128 net0/v6 addrconf ok fe80::a00:27ff:febb:669c/10
9.
Run the ipadm command to show the current and persistent values of the IP address properties for interface training1. root@s11-serv1:~# ipadm show-addrprop training1/v4 ADDROBJ PROPERTY training1/v4 broadcast training1/v4 deprecated training1/v4 prefixlen training1/v4 private
PERM rrw rw rw
CURRENT PERSISTENT 192.168.0.255 -off -24 24 off --
DEFAULT POSSIBLE 192.168.0.255 -off on,off 24 1-30,32 off on,off
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 13
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
6.
rrw rw
-on global
----
-on global
-on,off --
10. Run the ipadm command to show the interface properties for interface training1. root@s11-serv1:~# ipadm show-ifprop training1 IFNAME training1 training1 training1 training1 training1 training1 training1 training1 training1 training1 training1 training1 training1 training1
PROPERTY arp forwarding metric mtu exchange_routes usesrc forwarding metric mtu nud exchange_routes usesrc group standby
PROTO ipv4 ipv4 ipv4 ipv4 ipv4 ipv4 ipv6 ipv6 ipv6 ipv6 ipv6 ipv6 ip ip
PERM rw rw rw rw rw rw rw rw rw rw rw rw rw rw
CURRENT on off 0 1500 on none off 0 1500 on on none -off
PERSISTENT ---------------
DEFAULT on off 0 1500 on none off 0 1500 on on none -off
POSSIBLE on,off on,off -68-1500 on,off -on,off -1280-1500 on,off on,off --on,off
11. Run the ipadm command to show the TCP protocol properties. root@s11-serv1:~# ipadm show-prop tcp PROTO PROPERTY tcp ecn
PERM CURRENT rw passive
PERSISTENT DEFAULT -passive
tcp tcp tcp
extra_priv_ports largest_anon_port max_buf
rw rw rw
2049,4045 -65535 -1048576 --
2049,4045 65535 1048576
tcp tcp
recv_buf sack
rw rw
128000 active
---
128000 active
tcp tcp tcp
send_buf rw smallest_anon_port rw smallest_nonpriv_port rw
49152 32768 1024
----
49152 32768 1024
POSSIBLE never,passive, active 1-65535 32768-65535 1280001073741824 2048-1048576 never,passive, active 4096-1048576 1024-65535 1024-32768
12. Run the ipadm command to enable ipv4 forwarding and show the results. root@s11-serv1:~# ipadm set-prop -p forwarding=on ipv4 root@s11-serv1:~# ipadm show-prop ip PROTO ipv4 ipv4 ipv6 ipv6 ipv6
PROPERTY forwarding ttl forwarding hoplimit hostmodel
PERM rw rw rw rw rw
CURRENT on 255 off 255 weak
PERSISTENT on -----
DEFAULT off 255 off 255 weak
ipv4
hostmodel
rw
weak
--
weak
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 14
POSSIBLE on,off 1-255 on,off 1-255 strong, src-priority, weak strong, src-priority,
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
training1/v4 reqhost training1/v4 transmit training1/v4 zone
13. Run the ipadm command to disable ipv4 forwarding. root@s11-serv1:~# ipadm set-prop -p forwarding=off ipv4 14. Run the ipadm command to disable the training1 network interface and show the results. root@s11-serv1:~# ipadm disable-if -t training1 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -net0 ip ok yes -training1 ip disabled no -Note that the –t option makes the operation temporary. 15. Verify that the IP address object for the training1 interface is also disabled. root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE lo0/v4 static ok net0/v4 static ok lo0/v6 static ok net0/v6 addrconf ok training1/v4 static disabled
ADDR 127.0.0.1/8 192.168.0.112/24 ::1/128 fe80::a00:27ff:febb:669c/10 192.168.0.113/24
Note that the –t option makes the operation temporary. 16. Delete the training1 network interface and show the results. root@s11-serv1:~# ipadm delete-ip training1 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -net0 ip ok yes -Note that the –t option makes the operation temporary. 17. Rename the training1 data link to net1 and show the results. root@s11-serv1:~# dladm rename-link training1 net1 root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE OVER LINK CLASS MTU STATE OVER net0 phys 1500 up -net2 phys 1500 unknown -net2 phys 1500 unknown -net3 phys 1500 unknown -zone1/net0 vnic 1500 up net0 zone2/net0 vnic 1500 up net0
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 15
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
weak
Overview Network virtualization is the process of combining hardware network resources and software network resources into a single administrative unit. The goal of network virtualization is to provide systems and users with efficient, controlled, and secure sharing of the networking resources. The end product of network virtualization is the virtual network. An internal virtual network consists of one system using Solaris zones that are configured over at least one pseudo-network interface. These containers can communicate with each other as though on the same local network, providing a virtual network on a single host. The building blocks of the virtual network are virtual network interface cards or virtual NICs (VNICs) and virtual switches (etherstubs). Oracle Solaris network virtualization provides the internal virtual network solution. In this practice, you explore Oracle Solaris 11 network virtualization. To do this, you perform these key tasks: • Configure two zones on a private virtual network. • Configure the virtual network for public access. • Secure the virtual network behind a firewall. • Control network traffic flow.
Task 1: Configure Two Zones on a Private Virtual Network The following illustration shows the topology of the virtual network that you create in this task.
Perform these steps to configure two zones on a private virtual network: 1. Verify that the Sol11-SuperServer and Sol11-Server1 virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them at this time. 2. Log in to virtual machine Sol11-Server1 system as user oracle and su to root.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 16
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 6-3: Configuring Network Virtualization
In the terminal window, verify that the IPS publisher is configured correctly and is operational. root@s11-serv1:~# pkg publisher PUBLISHER solaris (preferred)
TYPE origin
STATUS online
URI http://s11-serv1.mydomain.com/
root@s11-serv1:~# pkg search entire INDEX pkg.fmri
4.
ACTION set
VALUE solaris/entire
PACKAGE pkg:/
[email protected]
Verify that an rpool/zones ZFS file system exits and is mounted as /zones. root@s11-serv1:~# zfs list rpool/zones NAME USED AVAIL REFER MOUNTPOINT rpool/zones 7.45G 14.5G 33K /zones If the rpool/zones ZFS file system does not exist, run this command: root@s11-serv1:~# zfs create -o mountpoint=/zones \ rpool/zones
5.
Run the dladm utility to create an etherstub named stub0 and show the results. root@s11-serv1:~# dladm create-etherstub stub0 root@s11-serv1:~# dladm show-etherstub LINK stub0
6.
Use the dladm utility to create VNICs vnic0, vnic1, and vnic2. Attach these VNICs to etherstub stub0. root@s11-serv1:~# dladm create-vnic -l stub0 vnic0 root@s11-serv1:~# dladm create-vnic -l stub0 vnic1 root@s11-serv1:~# dladm create-vnic -l stub0 vnic2
7.
Show the results of the previous step. root@s11-serv1:~# dladm show-vnic LINK OVER SPEED MACADDRESS zone1/net0 net0 1000 2:8:20:31:4f:75 zone2/net0 net0 1000 2:8:20:61:49:15 vnic0 stub0 0 2:8:20:4e:eb:76 vnic1 stub0 0 2:8:20:63:72:ff vnic2 stub0 0 2:8:20:a3:19:a2
8.
Configure zone3 and display the results. root@s11-serv1:~# zonecfg -z zone3 zone3: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone3> create zonecfg:zone3> set zonepath=/zones/zone3 zonecfg:zone3> set autoboot=true zonecfg:zone3> set ip-type=exclusive zonecfg:zone3> add net Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 17
MACADDRTYPE random random random random random
VID 0 0 0 0 0
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
3.
9.
Configure zone4 and display the results. root@s11-serv1:~# zonecfg -z zone4 zone4: No such zone configured Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 18
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
zonecfg:zone3:net> set physical=vnic1 zonecfg:zone3:net> end zonecfg:zone3> verify zonecfg:zone3> commit zonecfg:zone3> exit root@s11-serv1:~# zonecfg -z zone3 info | more zonename: zone3 zonepath: /zones/zone3 brand: ipkg autoboot: true bootargs: pool: limitpriv: scheduling-class: ip-type: exclusive hostid: fs-allowed: net: address not specified allowed-address not specified physical: vnic1 defrouter not specified anet: linkname: net0 lower-link: auto allowed-address not specified defrouter not specified allowed-dhcp-cids not specified link-protection: mac-nospoof mac-address: random mac-prefix not specified mac-slot not specified vlan-id not specified priority not specified rxrings not specified txrings not specified mtu not specified maxbw not specified rxfanout not specified
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 19
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Use 'create' to begin configuring a new zone. zonecfg:zone4> create zonecfg:zone4> set zonepath=/zones/zone4 zonecfg:zone4> set autoboot=true zonecfg:zone4> set ip-type=exclusive zonecfg:zone4> add net zonecfg:zone4:net> set physical=vnic2 zonecfg:zone4:net> end zonecfg:zone4> verify zonecfg:zone4> commit zonecfg:zone4> exit root@s11-serv1:~# zonecfg -z zone4 info | more zonename: zone4 zonepath: /zones/zone4 brand: ipkg autoboot: true bootargs: pool: limitpriv: scheduling-class: ip-type: exclusive hostid: fs-allowed: net: address not specified allowed-address not specified physical: vnic2 defrouter not specified anet: linkname: net0 lower-link: auto allowed-address not specified defrouter not specified allowed-dhcp-cids not specified link-protection: mac-nospoof mac-address: random mac-prefix not specified mac-slot not specified vlan-id not specified priority not specified rxrings not specified txrings not specified
10. Install zone3. root@s11-serv1:~# zoneadm -z zone3 install A ZFS file system has been created for this zone. Progress being logged to /var/log/zones/zoneadm.20111027T100036Z.zone3.install Image: Preparing at /zones/zone3/root. Install Log: AI Manifest: SC Profile: Zonename: Installation:
/system/volatile/install.15667/install_log /tmp/manifest.xml.GWaiLE /usr/share/auto_install/sc_profiles/enable_sci.xml zone3 Starting ...
DOWNLOAD Completed
Creating IPS image Installing packages from: solaris origin: http://s11-serv1.mydomain.com/ PKGS FILES XFER (MB) 167/167 32062/32062 175.8/175.8
PHASE Install Phase
ACTIONS 44313/44313
PHASE Package State Update Phase Image State Update Phase Installation: Succeeded
ITEMS 167/167 2/2
Note: Man pages can be obtained by installing pkg:/system/manual done. Done: Installation completed in 663.629 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C)to complete the configuration process. Log saved in non-global zone as /zones/zone3/root/var/log/zones/zoneadm.20111027T100036Z.zone3.install
Note that this step normally takes several minutes to complete. 11. Boot zone zone3 and show the results. root@s11-serv1:~# zoneadm -z zone3 boot root@s11-serv1:~# zoneadm list -cv ID NAME STATUS PATH 0 global running /
BRAND solaris
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 20
IP shared
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
mtu not specified maxbw not specified rxfanout not specified
running running running
/zones/zone1 /zones/zone2 /zones/zone3
solaris10 solaris10 solaris
excl excl excl
12. Log in to zone3 and complete the system configuration. root@s11-serv1:~# zlogin -C zone3 [Connected to zone 'zone3' console] Use this configuration parameter: • Computer name: zone3 • Ethernet network configuration: Manually • Network Interface: vnic1 • IP Address: 192.168.1.100 • DNS: Do not configure • Alternate Name Service: None • Time zone: Use your local region. • Date and time: Set to current date and time. • Root password: oracle1 • User account: • Your real name: Oracle • Username: oracle • Password: oracle1 When the system configuration is completed, use the ~. escape sequence to exit back to the global zone. 13. Install zone4. root@s11-serv1:~# zoneadm -z zone4 install A ZFS file system has been created for this zone. Progress being logged to /var/log/zones/zoneadm.20111027T102236Z.zone4.install Image: Preparing at /zones/zone4/root. Install Log: AI Manifest: SC Profile: Zonename: Installation:
/system/volatile/install.18425/install_log /tmp/manifest.xml.Iia49J /usr/share/auto_install/sc_profiles/enable_sci.xml zone4 Starting ...
DOWNLOAD Completed
Creating IPS image Installing packages from: solaris origin: http://s11-serv1.mydomain.com/ PKGS FILES XFER (MB) 167/167 32062/32062 175.8/175.8
PHASE
ACTIONS Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 21
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
1 zone1 3 zone2 4 zone3
44313/44313
PHASE Package State Update Phase Image State Update Phase Installation: Succeeded
ITEMS 167/167 2/2
Note: Man pages can be obtained by installing pkg:/system/manual done. Done: Installation completed in 659.419 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C)to complete the configuration process. Log saved in non-global zone as /zones/zone4/root/var/log/zones/zoneadm.20111027T102236Z.zone4.install
Note that this step normally takes several minutes to complete. 14. Boot zone zone4 and show the results. root@s11-serv1:~# zoneadm -z zone4 boot root@s11-serv1:~# zoneadm list -cv ID NAME STATUS PATH 0 global running / 1 zone1 running /zones/zone1 3 zone2 running /zones/zone2 4 zone3 running /zones/zone3 5 zone4 running /zones/zone4
BRAND solaris solaris10 solaris10 solaris solaris
15. Log in to zone4 and complete the sysid configuration. root@s11-serv1:~# zlogin -C zone4 [Connected to zone 'zone4' console] Use this configuration parameter: • Computer name: zone4 • Ethernet network configuration: Manually • Network Interface: vnic2 • IP Address: 192.168.1.101 • DNS: Do not configure • Alternate Name Service: None • Time zone: Use your local region. • Date and time: Set to current date and time. • Root password: oracle1 • User account: • Your real name: Oracle • Username: oracle • Password: oracle1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 22
IP shared excl excl excl excl
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Install Phase
16. Log in to zone3 and use the ping command to verify that the virtual network connecting zone3 and zone4 is operational. root@s11-serv1:~# zlogin zone3 root@zone3:~# ping 192.168.1.101 192.168.1.101 is alive 17. Exit back to the global zone.
Task 2: Configure the Virtual Network for Public Access Now that you have constructed a virtual network connecting two zones, you attach it to the global zone using vnic0 and then set up IPv4 forwarding to allow public access. The following illustration shows the network topology that you build in this task.
Perform these steps to configure the virtual network for public access: 1. Use the dladm command to determine the VNICs that are currently configured in the system. root@s11-serv1:~# dladm show-vnic LINK OVER SPEED MACADDRESS vnic0 stub0 0 2:8:20:31:6b:54 vnic1 stub0 0 2:8:20:81:cb:a1 zone3/vnic1 stub0 0 2:8:20:81:cb:a1 vnic2 stub0 0 2:8:20:71:27:b zone4/vnic2 stub0 0 2:8:20:71:27:b zone1/net0 net0 1000 2:8:20:31:4f:71 zone2/net0 net0 1000 2:8:20:91:ab:b1 zone3/net0 net0 1000 2:8:20:6f:62:db zone4/net0 net0 1000 2:8:20:4b:92:ea
MACADDRTYPE random random random random random random random random random
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 23
VID 0 0 0 0 0 0 0 0 0
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
When the system configuration is completed, use the ~. escape sequence to exit back to the global zone.
Create an IP interface for vnic0 and show the results. root@s11-serv1:~# ipadm create-ip vnic0 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -net0 ip ok yes -vnic0 ip down no --
3.
Run the ipadm command to create the static IPv4 address 192.168.1.102/24 on the interface vnic0 and show the results. root@s11-serv1:~# ipadm create-addr -T static -a \ 192.168.1.102/24 vnic0/v4 root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net0/v4 static ok 192.168.0.112/24 vnic0/v4 static ok 192.168.1.102/24 lo0/v6 static ok ::1/128 net0/v6 addrconf ok fe80::a00:27ff:febb:669c/10
4.
Run the ipadm command to enable IPv4 forwarding and show the results. root@s11-serv1:~# ipadm set-prop -p forwarding=on ipv4 root@s11-serv1:~# ipadm show-prop ip
5.
PROTO ipv4 ipv4 ipv6 ipv6 ipv6
PROPERTY forwarding ttl forwarding hoplimit hostmodel
PERM rw rw rw rw rw
CURRENT on 255 off 255 weak
PERSISTENT on -----
DEFAULT off 255 off 255 weak
ipv4
hostmodel
rw
weak
--
weak
POSSIBLE on,off 1-255 on,off 1-255 strong, src-priority, weak strong, src-priority, weak
Log in to the Sol11-Desktop system and use the ping command to verify access to a nonglobal zone on the virtual network. root@s11-desktop:~# ping 192.168.1.100 192.168.1.100 is alive
6.
On the Sol11-Server1 virtual machine, log in to the zones in the virtual network and verify that the zone can access a remote system. root@s11-serv1:~# zlogin zone3 … root@zone3:~# ping 192.168.0.111 192.168.0.111 is alive
7.
Move back to the global zone. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 24
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
2.
Now that your virtual network can be accessed from remote systems, secure the virtual network by placing it behind a firewall. The following illustration shows the network topology you build in this task.
Perform these steps to secure the virtual network behind a firewall: 1. Create an IP filter configuration file that blocks all outgoing and incoming traffic except for outgoing ICMP (ping) packets. root@s11-serv1:~# vi /etc/ipf/ipf.conf # ipf.conf # # IP Filter rules to be loaded during startup # # See ipf(4) manpage for more information on # IP Filter rules syntax. block out on net0 all pass out quick on net0 proto icmp from any to any keep state block in on net0 all 2.
Enable IP filtering. root@s11-serv1:~# ipf -E
3.
Import the IP filter configuration from the IP file configuration file. root@s11-serv1:~# ipf -f /etc/ipf/ipf.conf
4.
Verify the IP filter configuration. root@s11-serv1:~# ipfstat -io block out on net0 all pass out quick on net0 proto icmp from any to any keep state block in on net0 all
5.
Log in to the Sol11-Desktop system and use the ping command to verify that the virtual network is secure. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 25
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Task 3: Secure the Virtual Network Behind a Firewall
6.
Log in to zone3 in the virtual network and verify that the zone can access a remote system.
7.
root@s11-serv1:~# zlogin zone3 … root@zone3:~# ping 192.168.0.111 192.168.0.111 is alive Move back to the global zone.
Task 4: Control network Interface Data Flow Now that you have some experience in working with virtual networks, let us take a look at controlling data flow on a network interface. In this task, you create a policy for inbound HTTP traffic. You do this by restricting HTTP data flow on vnic3. Perform these steps to control virtual network data flow: 1. Display the status of the data links. root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -net1 phys 1500 unknown -net2 phys 1500 unknown -net3 phys 1500 unknown -stub0 etherstub 9000 unknown -vnic0 vnic 9000 up stub0 vnic1 vnic 9000 up stub0 zone3/vnic1 vnic 9000 up stub0 vnic2 vnic 9000 up stub0 zone4/vnic2 vnic 9000 up stub0 zone1/net0 vnic 1500 up net0 zone2/net0 vnic 1500 up net0 zone3/net0 vnic 1500 up net0 zone4/net0 vnic 1500 up net0 2.
Create interface vnic3 and use the flowadm command to control HTTP data on vnic3. root@s11-serv1:~# dladm create-vnic -l stub0 vnic3 root@s11-serv1:~# flowadm add-flow -l vnic3 \ -a transport=tcp,local_port=80 http1
3.
Use the flowadm show-flow command to display the flow controls currently configured in the system. root@s11-serv1:~# flowadm show-flow FLOW LINK IPADDR PROTO LPORT RPORT DSFLD http1 vnic3 -tcp 80 ---
4.
Throttle HTTP traffic across the vnic3 VNIC to 100 Mb/s. root@s11-serv1:~# flowadm set-flowprop –p maxbw=100M \ http1
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 26
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
root@s11-desktop:~# ping 192.168.1.100 no answer from 192.168.1.100
Set the priority on vnic3 to low. root@s11-serv1:~# dladm set-linkprop –p priority=low vnic3
6
Display the flow controls properties. root@s11-serv1:~# flowadm show-flowprop http1 FLOW PROPERTY VALUE DEFAULT POSSIBLE vnic2-throttle maxbw 100 --root@s11-serv1:~# dladm show-linkprop –p priority vnic3 LINK PROPERTY PERM VALUE DEFAULT POSSIBLE vnic3 priority rw low high low, medium, high
Now, network interface vnic3 can be used to enforce the HTTP policy.
Task 5: Remove the Virtual Network In this task, you remove the zones and the virtual network from the system. Perform these steps to remove the virtual network: 1. Disable the IP filter. root@s11-serv1:~# ipf -D root@s11-serv1:~# ipfstat -io empty list for ipfilter (out) empty list for ipfilter (in) 2.
3.
Halt zones zone1, zone2, zone3, and zone4. root@s11-serv1:~# zoneadm –z zone1 halt root@s11-serv1:~# zoneadm –z zone2 halt root@s11-serv1:~# zoneadm –z zone3 halt root@s11-serv1:~# zoneadm –z zone4 halt root@s11-serv1:~# zoneadm list –cv ID NAME STATUS PATH … - zone1 installed /zones/zone1 - zone2 installed /zones/zone2 - zone3 installed /zones/zone3 - zone4 installed /zones/zone4
BRAND
solaris10 solaris10 solaris solaris
Uninstall zones zone1, zone2, zone3, and zone4. root@s11-serv1:~# zoneadm –z zone1 uninstall Are you sure you want to uninstall zone zone1 (y/[n])? y Progress being logged to /var/log/zones/zoneadm.20111027T102736Z.zone1.uninstall
root@s11-serv1:~# zoneadm –z zone2 uninstall Are you sure you want to uninstall zone zone2 (y/[n])? y Progress being logged to /var/log/zones/zoneadm.20111027T102803Z.zone2.uninstall
oot@s11-serv1:~# zoneadm –z zone3 uninstall Are you sure you want to uninstall zone zone3 (y/[n])? y Progress being logged to /var/log/zones/zoneadm.20111027T102854Z.zone3.uninstall
root@s11-serv1:~# zoneadm –z zone4 uninstall Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 27
IP excl excl excl excl
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
Progress being logged to /var/log/zones/zoneadm.20111027T102920Z.zone4.uninstall
4.
5.
Delete zones zone1, zone2, zone3, and zone4. root@s11-serv1:~# zonecfg –z zone1 delete Are you sure you want to delete zone zone1 root@s11-serv1:~# zonecfg –z zone2 delete Are you sure you want to delete zone zone2 root@s11-serv1:~# zonecfg –z zone3 delete Are you sure you want to delete zone zone3 root@s11-serv1:~# zonecfg –z zone4 delete Are you sure you want to delete zone zone4
(y/[n])? y (y/[n])? y (y/[n])? y (y/[n])? y
Display the current IP interfaces. root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE lo0 loopback ok yes net0 ip ok yes vnic0 ip ok yes
OVER ----
6.
Remove the IP interface from data link vnic0 and show the results. root@s11-serv1:~# ipadm delete-ip vnic0 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -net0 ip ok yes --
7.
Check to see whether there are any flows associated with vnic3. If a flow is present, remove it. root@s11-serv1:~# flowadm show-flow FLOW LINK IPADDR PROTO LPORT RPORT DSFLD vnic2-throttle vnic2 -tcp 80 --root@s11-serv1:~# flowadm remove-flow –l vnic3 root@s11-serv1:~# flowadm show-flow root@s11-serv1:~#
8
Remove all the VNIC data links from the system. root@s11-serv1:~# dladm delete-vnic root@s11-serv1:~# dladm delete-vnic root@s11-serv1:~# dladm delete-vnic root@s11-serv1:~# dladm delete-vnic
9.
vnic0 vnic1 vnic2 vnic3
Remove the etherstub from the system. root@s11-serv1:~# dladm delete-etherstub stub0 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 28
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Are you sure you want to uninstall zone zone4 (y/[n])? y
OVER -----
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
10. Display the remaining data links. root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE net0 phys 1500 up net1 phys 1500 unknown net2 phys 1500 unknown net3 phys 1500 unknown
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 29
Overview IP network multipathing (IPMP) provides physical interface failure detection, transparent network access failover, and packet load spreading for systems with multiple interfaces that are connected to a particular local area network or LAN. An IPMP configuration typically consists of two or more physical interfaces on the same system that are attached to the same LAN. These interfaces can belong to an IPMP group in either of the following configurations: • Active-active configuration: In this configuration, all underlying interfaces are active. An active interface is an IP interface that is currently available for use by the IPMP group. By default, an underlying interface becomes active when you configure the interface to become part of an IPMP group. • Active-standby configuration: In this configuration, at least one interface is administratively configured as a reserve. The reserve interface is called the standby interface. Although idle, the standby IP interface is monitored by the multipathing daemon to track the interface's availability, depending on how the interface is configured. If link-failure notification is supported by the interface, link-based failure detection is used. If the interface is configured with a test address, probe-based failure detection is also used. If an active interface fails, the standby interface is automatically deployed as needed. You can configure as many standby interfaces as you want for an IPMP group. In this practice, you configure both active-active and active-standby configurations.
Task 1: Create an Active-Active IPMP Configuration In this task you configure an active-active IPMP group consisting of two network interfaces (net0 and net1). Perform these steps to configure IPMP: 1. Verify that the Sol11-SuperServer and Sol11-Server1 virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them at this time. 2. Log in to virtual machine Sol11-Server1 as user oracle and su to root. 3.
In a terminal window, use the ipadm command to display the IP network interfaces currently configured in the system. root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -net0 ip ok yes --
4.
Delete the net0 network interface and display the results. root@s11-serv1:~# ipadm delete-ip net0 Aug 19 10:29:27 s11-serv1 in.ndpd[799]: Interface net0 has been removed from kernel. In.ndpd will no longer use it root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 30
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 6-4: Configuring IPMP
5.
Rename data link net0 to link1_ipmp0 and data link net1 to link1_ipmp0 and show the results. root@s11-serv1:~# dladm rename-link net0 link0_ipmp0 root@s11-serv1:~# dladm rename-link net1 link1_ipmp0 root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE OVER link0_ipmp0 phys 1500 unknown -link1_ipmp0 phys 1500 unknown -net2 phys 1500 unknown -net3 phys 1500 unknown --
6.
Create IP interfaces for data links link0_ipmp0 and link1_ipmp0. Show the results. root@s11-serv1:~# ipadm create-ip link0_ipmp0 root@s11-serv1:~# ipadm create-ip link1_ipmp0 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -link0_ipmp0 ip down no -link1_ipmp0 ip down no --
7.
Create an IPMP group named ipmp0. root@s11-serv1:~# ipadm create-ipmp ipmp0
8.
Add IP interfaces link0_ipmp0 and link1_ipmp0 to IPMP group ipmp0 and show the results. root@s11-serv1:~# ipadm add-ipmp –i link0_ipmp0 –i link1_ipmp0 \ ipmp0 root@s11-serv1:~# ipmpstat –g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 ok -link1_ipmp0 link0_ipmp0
9.
Assign two static IP addresses to the IPMP interface to be used for data access. root@s11-serv1:~# ipadm create-addr –T static \ –a 192.168.0.112/24 ipmp0/v4add1 root@s11-serv1:~# ipadm create-addr –T static \ –a 192.168.0.113/24 ipmp0/v4add2
10. Assign a static IP address to each IPMP subinterface to be used for link testing. root@s11-serv1:~# ipadm create-addr –T static \ –a 192.168.0.142/24 link0_ipmp0/test root@s11-serv1:~# ipadm create-addr –T static \ –a 192.168.0.143/24 link1_ipmp0/test 11. Display the data and test IP addresses. root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE ADDR Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 31
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
When configuring IPMP, you must assign all network interfaces attached to the same LAN to an IPMP group. In this step, you delete the net0 interface in preparation for configuring it in an IPMP group.
static static static static static static static static
ok ok ok ok ok ok ok ok
127.0.0.1/8 192.168.0.142/24 192.168.0.143/24 192.168.0.112/24 192.168.0.113/24 ::1/128 fe80::a00:27ff:fe36:a51c/10 fe80::a00:27ff:fe05:424a/10
12. Use the ipmpstat command to display IPMP address information. root@s11-serv1:~# ipmpstat -an ADDRESS STATE GROUP INBOUND OUTBOUND :: down ipmp0 --192.168.0.113 up ipmp0 link1_ipmp0 link1_ipmp0 link0_ipmp0 192.168.0.112 up ipmp0 link0_ipmp0 link1_ipmp0 link0_ipmp0 Note that the INBOUND traffic is restricted to one interface depending on which IP address is used. The OUTBOUND traffic is spread across both interfaces. 13. Use the ipmpstat command to display IP interface information. root@s11-serv1:~# ipmpstat -i INTERFACE ACTIVE GROUP FLAGS LINK link1_ipmp0 yes ipmp0 ------up link0_ipmp0 yes ipmp0 --mbM-up
PROBE ok ok
STATE ok ok
The interface FLAGS are defined as: i = Unusable due to being INACTIVE. s = Masked STANDBY. m = Nominated to send/receive IPv4 multicast for its IPMP group. b = Nominated to send/receive IPv4 broadcast for its IPMP group. M = Nominated to send/receive IPv6 multicast for its IPMP group. d = Unusable due to being down. h = Unusable due to being brought OFFLINE by in.mpathd (IPMP daemon) because of a duplicate hardware address. 14. Use the ipmpstat command to display information about test address targets. root@s11-serv1:~# ipmpstat -nt INTERFACE MODE TESTADDR TARGETS link1_ipmp0 multicast 192.168.0.143 192.168.0.100 192.168.0.111 link0_ipmp0 multicast 192.168.0.142 192.168.0.100 192.168.0.111 15. Use the ipmpstat command to display current probe information. root@s11-serv1:~# ipmpstat -pn TIME INTERFACE PROBE NETRTT RTT RTTAVG 1.07s link0_ipmp0 i2182 0.55ms 0.92ms 0.61ms Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 32
TARGET 192.168.0.100
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
lo0/v4 link0_ipmp0/test link1_ipmp0/test ipmp0/v4add1 ipmp0/v4add2 lo0/v6 link0_ipmp0/_a link1_ipmp0/_a
link1_ipmp0 link1_ipmp0 link0_ipmp0 link1_ipmp0 link0_ipmp0 link0_ipmp0 link1_ipmp0 link1_ipmp0 link0_ipmp0
i2154 i2155 i2183 i2156 i2184 i2185 i2157 i2158 i2186
0.38ms 0.43ms 0.35ms 0.47ms 0.40ms 0.39ms 0.38ms 0.37ms 0.42ms
0.59ms 0.64ms 0.42ms 0.73ms 0.48ms 0.47ms 0.63ms 10.98ms 0.51ms
0.63ms 0.63ms 0.58ms 0.65ms 0.57ms 0.56ms 0.64ms 1.94ms 0.55ms
192.168.0.111 192.168.0.111 192.168.0.100 192.168.0.111 192.168.0.100 192.168.0.100 192.168.0.111 192.168.0.111 192.168.0.100
Task 2: Test the Active-Active IPMP Configuration In this task you test the active-active IPMP configuration by causing one of the subinterfaces to fail. Then you verify that the system is still accessible by using the remaining interface. Perform these steps to test the IPMP configuration: 1. Shut down the Sol11-Server1 virtual machine.
2.
Open the VirtualBox Manager GUI and click the Settings utility for the Sol11-Server1 virtual machine.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 33
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
1.28s 2.39s 2.45s 3.79s 3.98s 5.17s 5.49s 6.56s 6.79s ^C
Under the Network settings, select Adapter 2 and set the Attached to: field to Not attached.
4. 5.
Start the Sol11-Server1 virtual machine. Log in to virtual machine Sol11-Server1 as user oracle and su to root. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 34
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
3.
Use the ipmpstat command to display IPMP group information. root@s11-serv1:~# ipmpstat -g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 degraded 10.00s link1_ipmp0 [link0_ipmp0] Note that link0_ipmp0 has been boxed ([link0_ipmp0]) indicated that it has failed.
7.
Use the ipmpstat command to display IP interface information. root@s11-serv1:~# ipmpstat -i INTERFACE ACTIVE GROUP FLAGS LINK link1_ipmp0 yes ipmp0 --mbM-up link0_ipmp0 no ipmp0 ------up
PROBE ok failed
STATE ok failed
Interface link0_ipmp0 is no longer active. 8.
Use the ipmpstat command to display current probe information. root@s11-serv1:~# ipmpstat -pn TIME INTERFACE PROBE NETRTT RTT RTTAVG 0.21s link1_ipmp0 i505 0.62ms 1.11ms 0.70ms -1.99s link0_ipmp0 i504 ---1.15s link1_ipmp0 i506 0.51ms 0.65ms 0.70ms 0.25s link0_ipmp0 i506 ----1.02s link0_ipmp0 i505 ---2.85s link1_ipmp0 i507 0.56ms 0.70m 0.70ms 4.25s link1_ipmp0 i508 0.41ms 0.55ms 0.68ms ^C
TARGET 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
Note that link0_ipmp0 is failing probe tests. 9.
Move to Sol11-Desktop virtual machine and ping the IPMP data IP addresses. root@s11-desktop:~# ping 192.168.0.112 192.168.0.112 is alive root@s11-desktop:~# ping 192.168.0.113 192.168.0.113 is alive
10. Shut down the Sol11-Server1 virtual machine. 11. Open the VirtualBox Manager GUI and click the Settings utility for the Sol11-Server1 virtual machine. 12. Under the Network settings, select Adapter 2 and set the Attached to: field to Internal network.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 35
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
6.
15. Use the ipmpstat command to verify that the IPMP group ipmp0 STATE is ok. root@s11-serv1:~# ipmpstat –g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 ok -link1_ipmp0 link0_ipmp0
Task 3: Create an Active-Standby IPMP Configuration In this task you reconfigure the IPMP group ipmp0 from an active-active configuration to activestandby configuration. Perform these steps to configure an active-standby IPMP configuration: 1. On the Sol11-Server1 virtual machine, display the data links. root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE OVER link0_ipmp0 phys 1500 up -link1_ipmp0 phys 1500 up -net2 phys 1500 unknown -net3 phys 1500 unknown -2.
Rename data link net2 to link2_ipmp0 and show the results. root@s11-serv1:~# dladm rename-link net2 link2_ipmp0 root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE OVER link0_ipmp0 phys 1500 up -Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 36
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
13. Start the Sol11-Server1 virtual machine. 14. Log in to virtual machine Sol11-Server1 as user oracle and su to root.
1500 1500 1500
up unknown unknown
----
3.
Create IP interfaces for data links link2_ipmp0 and show the results. root@s11-serv1:~# ipadm create-ip link2_ipmp0 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -ipmp0 ipmp ok yes link0_ipmp0 link1_ipmp0 link0_ipmp0 ip ok yes -link1_ipmp0 ip ok yes -link2_ipmp0 ip down no --
4.
Add IP interfaces link2_ipmp0 to IPMP group ipmp0 and show the results. root@s11-serv1:~# ipadm add-ipmp –i link2_ipmp0 ipmp0 root@s11-serv1:~# ipmpstat –g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 ok 10.00s link2_ipmp0 link1_ipmp0 link0_ipmp0
5.
Assign a static IP address to IPMP subinterface link2_ipmp0 to be used for link testing and show the results. root@s11-serv1:~# ipadm create-addr –T static \ –a 192.168.0.144/24 link2_ipmp0/test root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 ipmp0/v4add1 static ok 192.168.0.112/24 ipmp0/v4add2 static ok 192.168.0.113/24 link0_ipmp0/test static ok 192.168.0.142/24 link1_ipmp0/test static ok 192.168.0.143/24 link2_ipmp0/test static ok 192.168.0.144/24 lo0/v6 static ok ::1/128 link0_ipmp0/_a static ok fe80::a00:27ff:fe36:a51c/10 link1_ipmp0/_a static ok fe80::a00:27ff:fe05:424a/10 link1_ipmp0/_a static ok fe80::a00:27ff:fe92:67eb/10
6.
Show the current setting of the standby property for the link2_ipmp0 interface. root@s11-serv1:~# ipadm show-ifprop –p standby link2_ipmp0 IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE link2_ipmp0 standby ip rw off -off on,off
Note that standby is currently turned off. 7.
Set the standby property for the link2_ipmp0 interface to on and show the results. root@s11-serv1:~# ipadm set-ifprop -p standby=on -m ip \ link2_ipmp0 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 37
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
link1_ipmp0 phys link2_ipmp0 phys net3 phys
IFNAME PROPERTY PROTO PERM CURRENT link2_ipmp0 standby ip rw on
8.
PERSISTENT DEFAULT on off
POSSIBLE on,off
Use the ipmpstat command to display IPMP group information. root@s11-serv1:~# ipmpstat -g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 ok 10.00s link1_ipmp0 link0_ipmp0 (link2_ipmp0)
Note that interface link2_ipmp0 is enclosed in parenthesis. This indicates that the interface is set to standby. 9.
Use the ipmpstat command to display IPMP address information. root@s11-serv1:~# ipmpstat -an ADDRESS STATE GROUP INBOUND OUTBOUND :: down ipmp0 --192.168.0.113 up ipmp0 link0_ipmp0 link1_ipmp0 link0_ipmp0 192.168.0.112 up ipmp0 link1_ipmp0 link1_ipmp0 link0_ipmp0 Note that interface link2_ipmp0 is not actively used for INBOUND and OUTBOUND traffic.
10. Use the ipmpstat command to display IPMP interface information. root@s11-serv1:~# ipmpstat -i INTERFACE ACTIVE GROUP FLAGS LINK PROBE link2_ipmp0 no ipmp0 is----up ok link1_ipmp0 yes ipmp0 ------up ok link0_ipmp0 yes ipmp0 --mbM-up ok
STATE ok ok ok
Note the flags for interface link2_ipmp0. This indicates that the interface is inactive and set to standby.
Task 4: Test the Active-Standby IPMP Configuration In this task, you test the active-standby IPMP configuration by causing one of the subinterfaces to fail. Then you verify that the system is still accessible by using the remaining interface. Perform these steps to test the IPMP configuration: 1. Shut down the Sol11-Server1 virtual machine.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 38
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
root@s11-serv1:~# ipadm show-ifprop -p standby link2_ipmp0
Open the VirtualBox Manager GUI and click the Settings utility for the Sol11-Server1 virtual machine.
3.
Under the Network settings, select Adapter 2 and set the Attached to: field to Not attached.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 39
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
2.
Start the Sol11-Server1 virtual machine. Log in to virtual machine Sol11-Server1 as user oracle and su to root.
6.
Use the ipmpstat command to display IPMP group information. root@s11-serv1:~# ipmpstat -g GROUP GROUPNAME STATE FDT ipmp0 ipmp0 degraded 10.00s
INTERFACES link2_ipmp0 link1_ipmp0 [link0_ipmp0]
Note that link1_ipmp0 has been boxed ([link1_ipmp0]) indicated that it has failed. 7.
Use the ipmpstat command to display IP interface information. root@s11-serv1:~# ipmpstat -i INTERFACE ACTIVE GROUP FLAGS LINK Link2_ipmp0 yes ipmp0 -s----up link1_ipmp0 yes ipmp0 --mbM-up link0_ipmp0 no ipmp0 ------up
PROBE ok ok failed
STATE ok ok failed
Interface link1_ipmp0 is no longer active but link2_ipmp0 is now active. 8.
Use the ipmpstat command to display IPMP address information. root@s11-serv1:~# ipmpstat -an ADDRESS STATE GROUP INBOUND OUTBOUND :: down ipmp0 --192.168.0.113 up ipmp0 link1_ipmp0 link2_ipmp0 link1_ipmp0 192.168.0.112 up ipmp0 link2_ipmp0 link2_ipmp0 link1_ipmp0 Note that interface link2_ipmp0 is being used for INBOUND and OUTBOUND traffic. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 40
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4. 5.
TIME 0.06s 0.90s 0.92s 0.49s -0.49s 2.52s 2.74s 3.69s 2.31s
INTERFACE link2_ipmp0 link1_ipmp0 link2_ipmp0 link0_ipmp0 link0_ipmp0 link2_ipmp0 link1_ipmp0 link1_ipmp0 link0_ipmp0
PROBE i163 i162 i164 i161 i160 i165 i163 i164 i162
NETRTT 0.26ms 0.26ms 0.19ms --0.23ms 0.24ms 0.25ms --
RTT 0.49ms 0.39ms 0.36ms --0.39ms 0.38ms 0.45ms --
RTTAVG 0.33ms 0.31ms 0.34ms --0.34ms 0.32ms 0.34ms --
TARGET 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
... Note that interface link2_ipmp0 is actively probing targets. 10. Move to Sol11-Desktop virtual machine and ping the IPMP data IP addresses. root@s11-desktop:~# ping 192.168.0.112 192.168.0.112 is alive root@s11-desktop:~# ping 192.168.0.113 192.168.0.113 is alive 11. Shut down the Sol11-Server1 virtual machine. 12. Open the VirtualBox Manager GUI and click the Settings utility for the Sol11-Server1 virtual machine. 13. Under the Network settings, select Adapter 2 and set the Attached to: field to Internal Network.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 41
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
9. Use the ipmpstat command to display current probe information. root@s11-serv1:~# ipmpstat -pn
16. Use the ipmpstat command to display IPMP group information. root@s11-serv1:~# ipmpstat -g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 ok 10.00s link1_ipmp0 link0_ipmp0 (link2_ipmp0)
Note that interface link2_ipmp0 has been placed backup in to standby and is inactive. This indicates that the failed interface has been repaired. 17. Use the ipmpstat command to display IPMP interface information. root@s11-serv1:~# ipmpstat -i INTERFACE ACTIVE GROUP FLAGS LINK PROBE link2_ipmp0 no ipmp0 is----up ok link1_ipmp0 yes ipmp0 ------up ok link0_ipmp0 yes ipmp0 --mbM-up ok
STATE ok ok ok
Task 5: Remove the IPMP Configuration In this task, you remove the IPMP group ipmp0 and return the network to its original configuration. Perform these steps to remove the IPMP configuration: 1. Remove all the subinterfaces from the IPMP group ipmp0 and show the results. root@s11-serv1:~# ipadm remove-ipmp –i link0_ipmp0 \ –i link1_ipmp0 –i link2_ipmp0 ipmp0 root@s11-serv1:~# ipmpstat -g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 failed --2.
Delete the IPMP group ipmp0. root@s11-serv1:~# ipadm delete-ipmp ipmp0 root@s11-serv1:~# ipmpstat –g root@s11-serv1:~#
3.
Display the IP address that is currently configured in the system. root@s11-serv1:~# ipadm show-addr ADDROBJ lo0/v4 ipmp0/v4add1 ipmp0/v4add2 link0_ipmp0/test link1_ipmp0/test link2_ipmp0/test lo0/v6 link0_ipmp0/_a link1_ipmp0/_a link2_ipmp0/_a
TYPE static static static static static static static static static static
STATE ok inaccessible inaccessible ok ok ok ok ok ok ok
ADDR 127.0.0.1/8 192.168.0.112/24 192.168.0.113/24 192.168.0.142/24 192.168.0.143/24 192.168.0.143/24 ::1/128 fe80::a00:27ff:fe21:acc9/10 fe80::a00:27ff:fe9b:d7a6/10 fe80::a00:27ff:fec2:b659/10
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 42
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
14. Start the Sol11-Server1 virtual machine. 15. Log in to virtual machine Sol11-Server1 as user oracle and su to root.
Delete the IP addresses and show the results. root@s11-serv1:~# ipadm delete-addr root@s11-serv1:~# ipadm delete-addr root@s11-serv1:~# ipadm delete-addr root@s11-serv1:~# ipadm delete-addr root@s11-serv1:~# ipadm delete-addr root@s11-serv1:~# ipadm show-addr ADDROBJ lo0/v4 lo0/v6 link0_ipmp0/_a link1_ipmp0/_a link2_ipmp0/_a
TYPE static static static static static
ipmp0/v4add1 ipmp0/v4add2 link0_ipmp0/test link1_ipmp0/test link2_ipmp0/test
STATE ok ok ok ok ok
ADDR 127.0.0.1/8 ::1/128 fe80::a00:27ff:fe21:acc9/10 fe80::a00:27ff:fe9b:d7a6/10 fe80::a00:27ff:fec2:b659/10
5.
Delete IP interfaces link0_ipmp0, link1_ipmp0, and link2_ipmp0. Show the results. root@s11-serv1:~# ipadm delete-ip link0_ipmp0 root@s11-serv1:~# ipadm delete-ip link1_ipmp0 root@s11-serv1:~# ipadm delete-ip link2_ipmp0 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes --
6.
Rename the data links to their original names and show the results. root@s11-serv1:~# dladm rename-link link0_ipmp0 net0 root@s11-serv1:~# dladm rename-link link1_ipmp0 net1 root@s11-serv1:~# dladm rename-link link2_ipmp0 net2 root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 unknown -net1 phys 1500 unknown -net2 phys 1500 unknown -net3 phys 1500 unknown --
7.
Restart the svc:/network/physical:default service. root@s11-serv1:~# svcadm restart svc:/network/physical:default
8.
Verify that the net0 network interface has been configured correctly. root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 43
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4.
Overview Bridges are used to connect separate network segments. When connected by a bridge, the attached network segments communicate as if they were a single network segment. Bridging is implemented at the data link layer (L2) of the networking stack. Bridges use a packet-forwarding mechanism to connect subnetworks together. In this practice, you create a bridge between two network interfaces (net0 and net3).
Task: Configure a Network Bridge Perform these steps to configure a network bridge: 1. In a terminal window, display the bridges currently configured in the system. root@s11-serv1:~# dladm show-bridge root@s11-serv1:~# No bridging devices are currently configured in the system. 2.
List the network interfaces currently configured in the system. root@s11-serv1:~# dladm show-phys LINK MEDIA STATE SPEED net0 Ethernet unknown 1000 net1 Ethernet unknown 1000 net2 Ethernet unknown 1000 net3 Ethernet unknown 0
DUPLEX full full full unknown
DEVICE e1000g0 e1000g1 e1000g2 e1000g3
3.
List the network interfaces currently configured in the system. root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes --
4.
Create an IP interface for data links net0 and net3 and show the results. root@s11-serv1:~# ipadm create-ip net0 root@s11-serv1:~# ipadm create-ip net3 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -net0 ip down no -net3 ip down no --
5.
Use the ipadm command assign IP address 192.168.0.112 to network interface net0. root@s11-serv1:~# ipadm create-addr -T static -a \ 192.168.0.112/24 net0/v4
6.
Use the ipadm command assign IP address 192.168.2.100 to network interface net3 and show the results. root@s11-serv1:~# ipadm create-addr -T static -a \ 192.168.2.100/24 net3/v4 root@s11-serv1:~# ipadm show-if Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 44
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 6-5: Configuring a Network Bridge
7.
OVER ---ADDR 127.0.0.1/8 192.168.0.112/24 192.168.2.100/24 ::1/128
Create a bridge named tonowhere between interfaces net0 (forwarding) and net3 (discarding) and show the results. root@s11-serv1:~# dladm create-bridge -l net0 -l \ net3 tonowhere root@s11-serv1:~# dladm show-bridge BRIDGE tonowhere
8.
PROTECT ADDRESS PRIORITY DESROOT stp 32768/8:0:27:15:2:19 32768 32768/8:0:27:15:2:19
Display detailed information about the bridge tonowhere. root@s11-serv1:~# dladm LINK STATE net0 forwarding net3 discarding
9.
show-bridge -l tonowhere UPTIME DESROOT 90 32768/8:0:27:15:2:19 90 32768/8:0:27:15:2:19
Remove interface net3 from the bridge tonowhere and show the results. root@s11-serv1:~# dladm root@s11-serv1:~# dladm LINK STATE net0 forwarding
remove-bridge -l net3 tonowhere show-bridge -l tonowhere UPTIME DESROOT 319 32768/8:0:27:15:2:19
10. Try to remove the bridge tonowhere. root@s11-serv1:~# dladm delete-bridge tonowhere dladm: delete operation failed: link busy 11. Remove interface net0 from the bridge tonowhere and show the results. root@s11-serv1:~# dladm remove-bridge -l net0 tonowhere root@s11-serv1:~# dladm show-bridge -l tonowhere root@s11-serv1:~# 12. Remove the bridge tonowhere and show the results. root@s11-serv1:~# dladm delete-bridge tonowhere root@s11-serv1:~# dladm show-bridge root@s11-serv1:~# 13 Delete the IP interface for data link net3. root@s11-serv1:~# ipadm delete-ip net3 root@s11-serv1:~# ipadm show-if Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 45
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
IFNAME CLASS STATE ACTIVE lo0 loopback ok yes net0 ip ok yes net3 ip ok yes root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE lo0/v4 static ok net0/v4 static ok net3/v4 static ok lo0/v6 static ok
CLASS STATE loopback ok ip ok
ACTIVE OVER yes -yes --
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
IFNAME lo0 net0
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 46
Overview Link aggregation allows you to enhance the network availability and performance by combining multiple network interfaces together to form an aggregation of those interfaces, which acts as a single network interface with greatly enhanced availability and performance. When you aggregate multiple network interfaces, you create a new network interface on top of the aggregated physical interfaces combined in the link layer. Link aggregation requires at least two network interfaces. The network interfaces must be unplumbed before they can be aggregated. In this practice, you aggregate four network interfaces on the Sol11-Server1 system as the persistent network interface. Note: Link aggregation is not a new technology in Oracle Solaris 11. This practice was added so that in the “Monitoring the Network” practice (Practice 6-6) you have more robust examples to work with when using the dlstat command.
Task: Configure a Link Aggregation Perform these steps to configure a link aggregation: 1. Delete the IP interface for data link net0. root@s11-serv1:~# ipadm delete-ip net0 2.
3.
List the network links currently configured in the system. root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE net0 phys 1500 unknown net1 phys 1500 unknown net2 phys 1500 unknown net3 phys 1500 unknown
OVER -----
Create a link aggregation named speedway0 consisting of network interfaces net0, net1, net2, and net3, and show the results. root@s11-serv1:~# dladm create-aggr -l net0 -l net1 \ -l net2 -l net3 speedway0 root@s11-serv1:~# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -net1 phys 1500 up -net2 phys 1500 up -net3 phys 1500 up -speedway0 aggr 1500 up net0 net1 net2 net3 root@s11-serv1:~# dladm show-aggr LINK speedway0
POLICY L4
ADDRPOLICY auto
LACPACTIVITY off
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 47
LACPTIMER short
FLAGS -----
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 6-6: Configuring a Link Aggregation
Create an IP interface for data link speedway0 and show the results. root@s11-serv1:~# ipadm create-ip speedway0 root@s11-serv1:~# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes -speedway0 ip down no --
5
Run the ipadm command to create the static IPv4 address for system s11-serv1 on the interface speedway0, and show the results. root@s11-serv1:~# ipadm create-addr -T static \ -a 192.168.0.112/24 speedway0/v4 root@s11-serv1:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 speedway0/v4 static ok 192.168.0.112/24 lo0/v6 static ok ::1/128
6.
Log in to the Sol11-Desktop system and use the ping command to verify connectivity to the Sol11-Serv1 server. root@s11-desktop:~# ping s11-serv1 s11-serv1 is alive
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 48
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4.
Overview Oracle Solaris 11 adds a variety of robust network utilities. For network observability, the new wireshark and dlstat utilities have been added. Wireshark is a powerful network protocol analyzer that lets you to capture and interactively browse the traffic running on a computer network. dlstat lets you to generate reports containing runtime statistics about data links. In this practice, you are presented with two tasks. In the first task you install and explore the wireshark utility. In the second task, you install and explore the dlstat utility.
Task 1: Monitor the Network by Using Wireshark Perform these steps to monitor the network by using Wireshark: 1. Verify that the Sol11-SuperServer, Sol11-Server1, and Sol11-Desktop virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them at this time. 2. Log in to virtual machine Sol11-Desktop as user oracle and su to root. 3. On the Sol11-Desktop system, double-click the Add More Software icon to launch the Package Manager service.
4.
Use Package Manager to install the wireshark packages.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 49
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 6-7: Monitoring the Network
To start Wireshark, open the Applications menu and select System Tools. Click the Wireshark icon.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 50
Click the List Available Capture Interfaces icon to begin your capture:
7.
Click the Options button for interface net1 and set the Capture Filter value to host 192.168.0.112 and the Capture File to /var/tmp/192.168.0.112.cap. Then click the Start button.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 51
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
6.
To generate network traffic between this system and 192.168.0.112, click the Package Manager Refresh button. Now, using the Package Manager, install a new package.
9.
After the package installation has completed, click the Stop The Running Live Capture button to stop your capture.
10. Click the Close This Capture File button to close and save your capture.
11. From the Files menu in the Wireshark main screen, select Open and browse to the /var/tmp directory. Select the 192.168.0.112.cap file and click Open. 12. Take a few minutes and read through the packet trace.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 52
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
8.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
13. Click the Statistics tab and select Summary.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 53
15. Click the Statistics tab and select Endpoints.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 54
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
14. Click the Statistics tab and select Protocol Hierarchy.
17. Click the Close This Capture File button to close and save your capture.
18. In the Wireshark main screen, click File and then click Quit to close Wireshark.
Task 2: Monitor the Network by Using dlstat Perform these steps to monitor the network by using the dlstat command: 1. Move back to the Sol11-Serv1 server.
2.
3.
Display statistics for all the network links. root@s11-serv1:~# dlstat LINK IPKTS RBYTES net0 0 0 net1 0 0 net2 0 0 net3 0 0 speedway0 4.86K 464.59K
OPKTS 0 0 0 0 17.17K
Display statistics for all physical network devices. root@s11-serv1:~# dlstat show-phys LINK TYPE INDEX PKTS net0 rx 0 5.25K net1 rx 0 1.32K net2 rx 0 1.32K
OBYTES 0 0 0 0 24.14M
BYTES 464.55K 93.89K 93.89K
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 55
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
16. Click the Statistics tab and select IO Graphs.
4.
rx rx rx rx rx tx tx tx tx
0 0 1 2 3 0 1 2 3
1.32K 5.25K 1.32K 1.32K 1.32K 4.86K 885 1.79K 10.21K
93.89K 464.55K 93.89K 93.89K 93.89K 3.46M 831.00K 1.88M 14.64M
Display statistics for all network links. root@s11-serv1:~# dlstat show-link LINK TYPE ID INDEX net0 rx local -net0 rx other -net0 rx sw -net0 tx local -net0 tx other -net0 tx sw -net1 rx local -net1 rx other -net1 rx sw -net1 tx local -net1 tx other -net1 tx sw -net2 rx local -net2 rx other -net2 rx sw -net2 tx local -net2 tx other -net2 tx sw -net3 rx local -net3 rx other -net3 rx sw -net3 tx local -net3 tx other -LINK TYPE ID INDEX net3 tx sw -speedway0 rx local -speedway0 rx other -speedway0 rx hw 0 speedway0 rx hw 1 speedway0 rx hw 2
PKTS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 PKTS 0 0 0 4.09K 265 302
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 56
BYTES 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 BYTES 0 0 0 373.20K 31.71K 34.51K
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
net3 speedway0 speedway0 speedway0 speedway0 speedway0 speedway0 speedway0 speedway0
5.
rx tx tx tx tx tx tx
hw local other hw hw hw hw
Display statistics for all network link aggregation. root@s11-serv1:~# dlstat show-aggr LINK PORT IPKTS speedway0 -9.26K speedway0 net0 5.28K speedway0 net1 1.33K speedway0 net2 1.33K speedway0 net3 1.33K
3 --0 1 2 3
302 0 0 3.49K 814 2.29K 10.65K
RBYTES 751.05K 466.74K 94.77K 94.77K 94.77K
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 57
34.51K 0 0 4.94M 835.50K 2.97M 15.41M
OPKTS 17.78K 4.89K 885 1.79K 10.22K
OBYTES 20.82M 3.46M 831.00K 1.88M 14.64M
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
speedway0 speedway0 speedway0 speedway0 speedway0 speedway0 speedway0
Overview In this practice, you get to apply the skills and knowledge you gained from the lecture and guided practices. You are challenged with completing the following tasks without the benefit of a step-by-step guide. Hint: Use all the available resources, such as man pages, student guide, activity guide, and your instructor, to successfully complete each task. Note: This practice is optional. Check with your instructor to determine if you have enough time available to complete this practice. If you begin this practice and run out of time, set this practice aside and return to it if time permits.
Task 1: Configure NWAM Perform this task on the Sol11-Desktop VM. •
Enable the start_state and aces profiles.
•
Remove the current NCU for network interface net0.
•
Create a new NCU for network interface net3. Assign IP address 192.168.0.111 to net3.
•
Test the new NWAM configuration.
Task 2: Configure a virtual network Perform this task on the Sol11-Server1 VM. • Create a private virtual network consisting of one etherstub and two virtual NICs. o Create the etherstub and virtual NIC devices. o Configure two non-global zones on the virtual network. o Verify that the non-global zones on the virtual network can communicate with each other. • Remove the private virtual network. o Remove the two non-global zones. o Remove the virtual NIC and etherstub devices.
Task 3: Configure IPMP Perform this task on the Sol11-Server1 VM. • Create an Active-Standby IPMP configuration. o Prepare network interfaces net0, net1, and net2 for using in an IPMP group. o Create an IPMP group consisting of network interfaces net0, net1, and net2. Make net2 the standby sublink. o Test the new IPMP group. • Remove the IPMP group. o Restore network interface net0 to the original configuration (static IP address 192.168.0.112). o Verify that network interface net0 is operational. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 6: Oracle Solaris 11 Express Network Enhancements Chapter 6 - Page 58
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 6-8: Test Your Skills and Knowledge
Chapter 7
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements Chapter 7 - Page 1
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements
Overview The default file system for Oracle Solaris 11 is ZFS. ZFS is the root file system on Oracle Solaris 11, and it offers a superior experience in terms of manageability, scalability, and data integrity. ZFS presents a pooled storage model that completely eliminates the concept of volumes and the associated problems of partitions, provisioning, wasted bandwidth, and stranded storage. Thousands of file systems can draw from a common storage pool, each one consuming only as much space as it actually needs. All operations are copy-on-write transactions ensuring that the on-disk state is always valid. Additionally, blocks are checksummed to prevent silent data corruption, allowing data to self-heal itself in replicated (mirrored or RAIDZ) configurations. If one copy is damaged, ZFS detects it and uses another copy to repair it. ZFS is also at the heart of Oracle Solaris 11 software installation and management with the IPS packaging system, greatly reducing planned and unplanned downtime with safe system upgrade capability. UFS is no longer supported as a root file system. COMSTAR (Common Multiprotocol SCSI Target) is a software framework that enables you to turn any Oracle Solaris 11 host into a SCSI target that can be accessed over the network by initiator hosts. COMSTAR breaks down the huge task of handling a SCSI target subsystem into independent functional modules. These modules are then glued together by the SCSI Target Mode Framework (STMF). These practices provide a guided, hands-on experience in working with the new ZFS enhancements and with COMSTAR. The key areas explored in these practices are: • Migrating UFS and ZFS file systems • Splitting a mirrored ZFS storage pool • Identifying ZFS snapshot differences • Configuring ZFS deduplication • Configuring an iSCSI target and an iSCSI initiator
Assumptions As in previous lessons, your practice environment is based on the Oracle VM VirtualBox virtualization software. Figure 1 shows the VirtualBox manager interface.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements Chapter 7 - Page 2
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practices for Lesson 7
Figure 2: Practice Network Topology The virtual machines (VM) you use in the practices are as follows: • Sol11 SuperServer: This VM provides network services such as DNS used by the VMs in the practices. • Sol11-Server1: This is the system that you use to perform the storage enhancement practices such as creating an iSCSI target and working with ZFS enhancements. • Sol11-Desktop: You configure this system as an iSCSI initiator. Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements Chapter 7 - Page 3
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Figure 1: Oracle VM VirtualBox Manager Remember: The virtual machines (VMs) are configured on a private internal network (192.168.0). Each VM can communicate with other VMs on the same private network (see Figure 2) but cannot communicate with the local host machine or other machines on the same network as the local host machine.
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Note: The responses to the commands shown in these practices are examples only. The values you see during your practice experience might vary slightly.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements Chapter 7 - Page 4
Overview Oracle Solaris 11 features ZFS shadow migration. Using shadow migration, you can migrate data from an old file system to a new file system while simultaneously allowing access and modification of the new file system. ZFS shadow migration allows you to migrate file systems as follows: • Migrate a local or remote ZFS file system to a target ZFS file system. • Migrate a local or remote UFS file system to a target ZFS file system.
Task 1: Prepare the Source File Systems In this task, you create ZFS and UFS file systems on the Sol11-Server1 virtual machine. These will be the source file systems used in the ZFS shadow migration. Perform these steps to prepare the source file systems: 1. Verify that the Sol11-SuperServer, Sol11-Server1, and Sol11-Desktop virtual machines are running. This can be determined by viewing the Oracle VM VirtualBox Manager window (refer to Figure 1) and checking the run status for each virtual machine. If the virtual machines are not running, start them now. 2. Log in to virtual machine Sol11-Server1 system as user oracle and su to root. 3. Determine the hostname and domain of this server. root@s11-serv1:~# hostname s11-serv1 root@s11-serv1:~# domainname mydomain.com 4. Verify that this server can access DNS services. root@s11-serv1:~# nslookup s11-serv1 Server: 192.168.0.100 Address: 192.168.0.100#53 Name: Address: 5.
s11-serv1.mydomain.com 192.168.0.112
List the disk drives currently configured in the system. root@s11-serv1:~# format AVAILABLE DISK SELECTIONS: 0. c3t0d0
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements Chapter 7 - Page 5
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 7-1: Migrating a ZFS File System
6.
515 alt 2 hd 128 sec 32> 515 alt 2 hd 128 sec 32> 515 alt 2 hd 128 sec 32> 514 alt 2 hd 128 sec 32>
Create a UFS file system on disk drive 6. specify disk (enter its number): 6 selecting c3t7d0 [disk formatted] No Solaris fdisk partition found. … format> fdisk No fdisk table exists. The default partition for the disk is: a 100% "SOLARIS System" partition Type "y" to accept the default partition, otherwise type "n" to edit the partition table. y format> partition … partition> modify Select partitioning base: 0. Current partition table (Shadow) 1. All Free Hog Choose base (enter number) [0]? 1 … Do you wish to continue creating a new partition table based on above table[yes]? Free Hog partition[6]? Enter size of partition '0' [0b, 0c, 0.00mb, 0.00gb]: 0 Enter size of partition '1' [0b, 0c, 0.00mb, 0.00gb]: 0 Enter size of partition '3' [0b, 0c, 0.00mb, 0.00gb]: 0 Enter size of partition '4' [0b, 0c, 0.00mb, 0.00gb]: 0 Enter size of partition '5' [0b, 0c, 0.00mb, 0.00gb]: 0 Enter size of partition '7' [0b, 0c, 0.00mb, 0.00gb]: 0 … Okay to make this the current partition table[yes]? Enter table name (remember quotes): "shadow" Ready to label disk, continue? y partition> quit … Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements Chapter 7 - Page 6
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5. c3t6d0 515 alt 2 hd 128 sec 32> 514 alt 2 hd 128 sec 32>
Create a mirrored ZFS pool named newpool consisting of disks c3t2d0 and c3t3d0. Show the results. root@s11-serv1:~# zpool create newpool mirror c3t2d0 c3t3d0 root@s11-serv1:~# zpool list NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT newpool 1.02G 112K 1.02G 0% 1.00x ONLINE rpool 30.5G 8.35G 22.2G 27% 1.00x ONLINE root@s11-desktop:~# zpool status pool: newpool state: ONLINE scan: none requested config: NAME newpool mirror-0 c3t2d0 c3t3d0
STATE ONLINE ONLINE ONLINE ONLINE
READ WRITE CKSUM 0 0 0 0 0 0 0 0 0 0 0 0
errors: No known data errors pool: rpool state: ONLINE scan: none requested config: NAME rpool c3t0d0s0
STATE ONLINE ONLINE
READ WRITE CKSUM 0 0 0 0 0 0
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 7: Oracle Solaris 11 Storage Enhancements Chapter 7 - Page 11
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
4. c3t5d0 add net zonecfg:zone6:net> set physical=vnic0 zonecfg:zone6:net> end zonecfg:zone6> verify zonecfg:zone6> commit Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements Chapter 8 - Page 10
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 8-4: Configuring Read-Only Zones
Note that the fixed-configuration value permits updates to /var/* directories, with the exception of directories that contain system configuration components. - IPS packages, including new packages, cannot be installed. - Persistently enabled SMF services are fixed. - SMF manifests cannot be added from the default locations. - Logging and auditing configuration files can be local. syslog and audit configuration are fixed. 4.
Use the sysconfig create-profile command to create a profile for zone6 using the following configuration properties: • Host name: zone6 • Network type: Manually • Network interface: vnic0 • IP Address: 192.168.0.166 • DNS: Configure DNS • DNS server IP address: 192.168.0.100 • Domain search: mydomain.com • Alternate name service: None • Time zone: your local time zone • Root password: oracle1 • User name: Oracle1 • Username: oracle1 • User password: oracle1 root@s11-serv1:~# sysconfig create-profile \ -o /var/tmp/zone6_cfg.xml
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements Chapter 8 - Page 11
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
zonecfg:zone6> exit
Install zone6 using the profile created in the previous step. root@s11-serv1:~# zoneadm -z zone6 install \ -c /var/tmp/zone6_cfg.xml Progress being logged to /var/log/zones/zoneadm.20111003T094702Z.zone6.install Image: Preparing at /zones/zone6/root. Install Log: AI Manifest: SC Profile: Zonename: Installation:
/system/volatile/install.4934/install_log /tmp/manifest.xml.B9aGNj /var/tmp/zone6_cfg.xml zone6 Starting ... Creating IPS image Installing packages from: solaris origin: http://s11-serv1.mydomain.com/
...
6.
Boot zone6. root@s11-serv1:~# zoneadm -z zone6 boot Note: Wait one minute until the zone configuration completes.
7.
Display the current value of the zone file-mac-profile property. root@s11-serv1:~# zonecfg -z zone6 info file-mac-profile file-mac-profile: fixed-configuration
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements Chapter 8 - Page 12
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
5.
Log in to zone6. root@s11-serv1:~# zlogin zone6 root@s11-zone6:~#
9.
Verify that the zone6 IPS publisher is configured correctly. root@s11-zone6:~# pkg publisher PUBLISHER TYPE STATUS solaris (syspub) origin
URI online proxy://http://s11-serv1.mydomain.com/
10. Verify that the apptrace package is not currently installed in the zone. root@s11-zone6:~# pkg list apptrace pkg list: no packages matching 'apptrace' installed 11. Attempt to install the apptrace package in the zone. root@s11-zone6:~# pkg install apptrace pkg install: Could not complete the operation on /var/pkg/lock: read-only filesystem. 12. Exit from zone6. root@s11-zone6:~# exit
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements Chapter 8 - Page 13
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
8.
Overview In this practice, you create a BART rules file and apply it to a BART report. You then compare BART reports to determine whether changes occurred in the /export/home/oracle directory.
Task: Explore BART Perform these steps to explore BART: 1. Change directory to /var/tmp and create a BART rules file named bartrules that contains these rules: IGNORE all /export/home/oracle CHECK all root@s11-serv1:~# cd /var/tmp root@s11-serv1:~# vi bartrules IGNORE all /export/home/oracle CHECK all 2.
Create a BART report by using the rules file that you created in the previous step and display the results. root@s11-serv1:/var/tmp# bart create -r bartrules > \ bart-`hostname`-`date '+%d%m%Y-%H:%M:%S'` root@s11-serv1:/var/tmp# ls bart* bart-s11-serv1-12042011-17:04:35 bartrules
3.
View the contents of the BART report. root@s11-serv1:/var/tmp# more bart-s11-serv1-12042011-17:04:35 ! Version 1.0 ! Tuesday, April 12, 2011 (17:04:35) # Format: #fname D size mode acl dirmtime uid gid #fname P size mode acl mtime uid gid #fname S size mode acl mtime uid gid #fname F size mode acl mtime uid gid contents #fname L size mode acl lnmtime uid gid dest #fname B size mode acl mtime uid gid devnode #fname C size mode acl mtime uid gid devnode /export/home/oracle D 38 40755 owner@:list_directory/read_data/add_file/write_data/add_subdirectory/ap pend_data/read_xattr/write_xattr/execute/read_attributes/write_attribut es/read_acl/write_acl/write_owner/synchronize:allow,group@:list_directo ry/read_data/read_xattr/execute/read_attributes/read_acl/synchronize:al low,everyone@:list_directory/read_data/read_xattr/execute/read_attribut es/read_acl/synchronize:allow 4da4d977 101 10 /export/home/oracle/.ICEauthority F 2545 10060 owner@:read_data/write_data/append_data/read_xattr/write_xattr/read_att Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements Chapter 8 - Page 14
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Practice 8-5: Configuring the Basic Audit Reporting Tool (BART)
4.
Create a file named newfile in the /export/home/oracle directory. root@s11-serv1:/var/tmp# touch /export/home/oracle/newfile
5.
Create another BART report by using the rules file and display the results. root@s11-serv1:/var/tmp# bart create -r bartrules > \ bart-`hostname`-`date '+%d%m%Y-%H:%M:%S'` root@s11-serv1:/var/tmp# ls bart* bart-s11-serv1-12042011-17:04:35 bartrules bart-s11-serv1-12042011-17:08:34
6.
Compare the two BART reports. root@s11-serv1:/var/tmp# bart compare \ bart-s11-serv1-12042011-17:04:35 \ bart-s11-serv1-12042011-17:08:34 /export/home/oracle: size control:5 test:6
7.
Edit the /export/home/oracle/newfile file by adding a simple message. root@s11-serv1:/var/tmp# vi /export/home/oracle/newfile This is a test.
8.
Create another BART report by using the rules file and display the results. root@s11-serv1:/var/tmp# bart create -r bartrules > \ bart-`hostname`-`date '+%d%m%Y-%H:%M:%S'` root@s11-serv1:/var/tmp# ls bart* bart-s11-serv1-12042011-17:04:35 bart-s11-serv1-12042011-17:08:34
9.
bart-s11-serv1-12042011-17:11:50 bartrules
Compare the second and third BART reports. root@s11-serv1:/var/tmp# bart compare \ bart-s11-serv1-12042011-17:08:34 bart-s11-serv1-12042011-17:11:50
/export/home/oracle/newfile: size control:0 test:16 mtime control:4da4db66 test:4da4dc11 contents control:d41d8cd98f00b204e9800998ecf8427e test:02bcabffffd16fe0fc250f08cad95e0c
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements Chapter 8 - Page 15
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
ributes/write_attributes/read_acl/write_acl/write_owner/synchronize:all ow,group@:read_xattr/read_attributes/read_acl/synchronize:allow,everyon e@:read_xattr/read_attributes/read_acl/synchronize:allow 4da49230 101 10 722a18de3360a057fd9231e184107740
Oracle University and BOS-it GmbH & Co.KG use only
THESE eKIT MATERIALS ARE FOR YOUR USE IN THIS CLASSROOM ONLY. COPYING eKIT MATERIALS FROM THIS COMPUTER IS STRICTLY PROHIBITED
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements Chapter 8 - Page 16
