Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
e
bl a r e nsf
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
-tr n o n
Sh
Q d i ah
Transition to Oracle Solaris 11 Student Guide D73488GC30 Edition 3.0 | November 2014 | D89085
Learn more from Oracle University at oracle.com/education/
Author
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Venu Poddar
Disclaimer
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Technical Contributors and Reviewers Juanita Heieck Kathy Slattery Alta Estad Alissa Bader Clark Sharon Veach
This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle. The information contained in this document is subject to change without notice. If you find any problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not warranted to be error-free.
Graphic Designer
Restricted Rights Notice
Maheshwari Krishnamurthy
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United States Government, the following notice is applicable:
Editors Aju Kumar Anwesha Ray
a
U.S. GOVERNMENT RIGHTS The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract.
a s a h eฺ ) e Publishers tฺa Guid e n Sumesh Koshy sฺ ent e t Syed Ali ira Stud m Srividya Rameshkumar e his @ i v se t a q dฺ to u i h sha ense ( i lic av Q id h a Sh Raj Kumar
-tr n o n
e
bl a r e nsf
Trademark Notice
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Contents
1
2
Introduction Overview 1-2 Course Goals 1-3 Agenda 1-4 Introductions 1-6 Your Lab Environment 1-7 Practice 1 Overview: Course Introduction 1-8
Q d i ah
3
Managing Software Packages in Oracle Solaris 11 Job Workflow 3-2 Objectives 3-3 Agenda 3-4 IPS: Overview 3-5 Planning for IPS 3-6 IPS Components 3-7
iii
a
-tr n o n
Introducing Oracle Solaris 11 New Features and Enhancements Job Workflow 2-2 Objectives 2-3 Agenda 2-4 Oracle Solaris 11 Operating System: Overview 2-5 Oracle Solaris 11: Features and Enhancements 2-6 Installation Methods 2-8 Software Management Features 2-9 Networking Features and Enhancements 2-10 Oracle Solaris Zones Enhancements 2-13 Storage and File System Enhancements 2-15 User Environment Feature Changes 2-16 Desktop Environment Enhancements 2-17 System Security Enhancements 2-18 Agenda 2-20 Key Features of Oracle Solaris 10 and Oracle Solaris 11: Comparison 2-21 Agenda 2-22 Transitioning Strategy 2-23 Summary 2-24
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Sh
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda 3-9 Local Package Repository 3-10 Creating a Local Repository 3-11 Enabling Users to Retrieve Packages Using an HTTP Interface 3-13 Configuring the IPS Clients 3-14 Updating the Local Master Repository Automatically 3-15 Practices 3-1 and 3-2: Overview 3-16 Agenda 3-17 Package Management: pkg (1) 3-18 pkg Command Examples: search 3-19 pkg Command Examples: info 3-20 pkg Command Examples: install 3-21 pkg Command Examples: list, verify, and contents 3-22 pkg Command Examples: uninstall 3-23 Package Manager 3-24 Managing Packages by Using a Web Browser 3-25 Update Manager 3-26 Agenda 3-27 Updating a System to Oracle Solaris 11.2 3-28 Determining Your Starting Point 3-29 Identifying the Repository in Use 3-30 Verifying the SRU Currently Installed 3-31 Updating a System Running Oracle Solaris 11 11/11 to Oracle Solaris 11.2 3-32 Updating a System Running Oracle Solaris 11 11/11 with an SRU to Oracle Solaris 11.2 3-34 Updating a System Running Oracle Solaris 11.1 with or without an SRU to Oracle Solaris 11.2 OS 3-35 Updating a System to Oracle Solaris 11.2 3-36 Practices 3-3 and 3-4: Overview 3-37 Agenda 3-38 Boot Environment (BE) 3-39 beadm Utility 3-40 beadm Command Examples: list 3-42 beadm Command Examples: create 3-43 beadm Command Examples: activate, rename, and destroy 3-44 beadm Command Examples: mount and unmount 3-45 Package Manager BE Features 3-46 Quiz 3-47 Summary 3-52 Practice 3-5: Overview 3-53
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Sh
Q d i ah
iv
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
4
Installing the Oracle Solaris 11 Operating System Job Workflow 4-2 Objectives 4-3 Agenda 4-4 Oracle Solaris 11 Installation Methods 4-5 Oracle Solaris 11 System Requirements 4-6 Agenda 4-7 Oracle Solaris 11 Text Installer 4-8 Oracle Solaris 11 Text Installation: Disks 4-11 Oracle Solaris 11 Text Installation: Network 4-13 Oracle Solaris 11 Text Installation: Users 4-14 Oracle Solaris 11 Text Installation: Support 4-15 Oracle Solaris 11 Live Media 4-16 Oracle Solaris 11 Live Media: Device Driver Utility 4-17 Oracle Solaris 11 Live Media: Partition Editor 4-18 Oracle Solaris 11 Live Media Installer: Disk 4-19 Oracle Solaris 11 Live Media Installer: Time Zone 4-21 Oracle Solaris 11 Live Media Installer: Users 4-22 Oracle Solaris 11 Live Media Installer: Support 4-23 Practices 4-1 and 4-2: Overview 4-24 SMF-Based System and Network Configuration 4-25 Configuring an Oracle Solaris 11 Image 4-27 Agenda 4-29 Oracle Solaris 11 Automated Installation 4-30 How Automated Installation Works 4-31 AI Environmental Requirements 4-32 IPS Case: Using Default Manifest 4-34 IPS Case: Using Custom Manifest 4-36 IPS Case: Using a System Configuration Profile 4-38 IPS Case: Multiple AI Services 4-39 Configuring the AI Server 4-40 Setting Up the AI Server 4-41 Creating an Installation Service 4-42 AI Manifests 4-43 default.xml AI Manifest File 4-44 Criteria Manifest 4-46 Criteria Manifest: Examples 4-48 AI Manifest Wizard 4-49 System Configuration Profiles 4-50 System Configuration Profile: Example 4-51 AI Server Configuration Walkthrough 4-53
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Sh
Q d i ah
v
e
-tr n o n
a
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda 4-57 Comparing JumpStart with AI 4-58 Comparing Rules Keywords and Criteria Directives 4-59 Converting a JumpStart Profile to an AI Manifest 4-62 Agenda 4-65 Distribution Constructor 4-66 Distribution Constructor Manifest Files 4-67 Building an OS Image 4-68 Quiz 4-69 Summary 4-75 Practices 4-3, 4-4, 4-5 and 4-6: Overview 4-76 5
Oracle Solaris 11 Network Administration Enhancements Job Workflow 5-2 Objectives 5-3 Agenda 5-4 Introducing Oracle Solaris 11 Network 5-5 Oracle Solaris 10 Network Protocol Stack 5-6 Oracle Solaris 11 Network Protocol Stack 5-7 Network Configuration During Installation 5-8 Agenda 5-9 Oracle Solaris 11 Network Administration 5-10 Network Administration Commands 5-11 Comparing Network Administration Commands 5-12 Administering Datalinks 5-13 Configuring IP Interfaces and IP Addresses 5-14 Configuring Persistent Routes 5-15 Configuring Reactive Profiles 5-16 Practice 5-1: Overview 5-18 Practice 5-2: Overview 5-19 Agenda 5-20 Transitioning to Virtual Networking 5-21 Virtual Network Building Blocks 5-22 Building a Simple Virtual Network 5-23 Configuring a Private Virtual Network 5-24 Creating a Datalink in Non-Global Zone from the Global Zone Accessing a Virtual Network Configuration 5-26 Bandwidth Management 5-27 Managing Bandwidth 5-28 Practice 5-3: Overview 5-30 Agenda 5-31
e
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
-tr n o n
Q d i ah
Sh
vi
bl a r e nsf
5-25
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Elastic Virtual Switch (EVS): Overview 5-32 Elastic Virtual Switch: Example 5-33 Installing the Mandatory EVS Packages 5-34 Setting Up SSH Authentication 5-35 Configuring an EVS Controller 5-36 Configuring Elastic Virtual Switches 5-38 Creating VNICs for an Elastic Virtual Switch 5-39 Creating a VNIC anet Resource for an EVS 5-40 Practice 5-4: Overview 5-41 Agenda 5-42 Link Aggregation 5-43 Types of Link Aggregation 5-45 Creating a Trunk Aggregation 5-47 Creating a DLMP Aggregation 5-48 Configuring Probe-Based Failure Detection for DLMP Aggregation 5-49 Agenda 5-50 IP Network Multipathing 5-51 IPMP Components 5-52 IPMP Configurations 5-53 Configuring IPMP: Active-Active 5-54 Configuring IPMP: Active-Standby 5-55 Failure Detection in IPMP 5-56 Monitoring IPMP 5-57 Practice 5-5: Overview 5-59 Agenda 5-60 Network Bridging 5-61 Configuring a Network Bridge 5-63 Practices 5-6 and 5-7: Overview 5-64 Agenda 5-65 Integrated Load Balancer (ILB) 5-66 ILB Operation Modes 5-68 ILB Operation Modes: DSR 5-69 ILB Operation Modes: NAT 5-70 Enabling and Disabling ILB 5-71 Configuring ILB 5-72 Agenda 5-73 dlstat Command 5-74 dlstat: Examples 5-75 flowstat Command 5-77 flowstat: Examples 5-78 Agenda 5-79
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Sh
Q d i ah
vii
e
-tr n o n
a
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Viewing IP Traffic Statistics 5-80 Viewing TCP and UDP Traffic Statistics 5-81 Viewing User and Process Information 5-82 Analyzing Network Traffic 5-83 wireshark Utility 5-84 Performing Network Diagnostics 5-85 Managing the network-monitor Module 5-86 Retrieving Reports That Are Generated by the network-monitor Module 5-87 Viewing Statistics of the network-monitor Fault Management Module 5-88 Quiz 5-89 Summary 5-99 Practice 5-8: Overview 5-100 6
Sh
Q d i ah
viii
a
-tr n o n
Administering Oracle Solaris 11 Zones Job Workflow 6-2 Objectives 6-3 Agenda 6-4 Oracle Solaris 11 Zones 6-5 Zones: New Features 6-6 Agenda 6-9 Oracle Solaris 10 Zones 6-10 Migrating Oracle Solaris 10 Zones (V2V) 6-12 Migrating Oracle Solaris 10 Global Zones (P2V) 6-14 Agenda 6-16 Configuring Nonglobal Zones by Using the Automated Installer (AI) 6-17 Specifying a Nonglobal Zone in the AI Manifest 6-18 Nonglobal Zone Configuration Files 6-19 Adding a Nonglobal Zone Manifest and Profile 6-20 Agenda 6-21 Oracle Solaris Zone Brands 6-22 Overview of Kernel Zones 6-23 System Requirements for Using Oracle Solaris Kernel Zones 6-24 Configuring Kernel Zones 6-26 Agenda 6-29 Installing a Kernel Zone 6-30 Booting a Kernel Zone 6-32 Cloning by Using zoneadm clone 6-33 Suspending and Resuming a Kernel Zone 6-34 Migrating a Kernel Zone 6-35 Agenda 6-37 Monitoring Zone Resource Consumption 6-38
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Monitoring Zone Memory Consumption 6-39 Monitoring Zone CPU Consumption 6-40 Monitor Total and High Zone Resource Consumption 6-41 Monitoring File System Statistics 6-42 Quiz 6-43 Summary 6-45 Practice 6: Overview 6-46 7
Oracle Solaris 11 ZFS Enhancements Job Workflow 7-2 Objectives 7-3 Agenda 7-4 Introducing Oracle Solaris 11 ZFS Enhancements 7-5 Agenda 7-7 ZFS Shadow Data Migration 7-8 Shadow Migration Considerations 7-9 Configuring ZFS Shadow Data Migration 7-11 Agenda 7-12 Splitting a Mirrored ZFS Storage Pool 7-13 Splitting a ZFS Mirrored Pool: Example 7-14 Agenda 7-15 Identifying ZFS Snapshot Differences 7-16 Identifying ZFS Snapshot Differences: Example 7-17 Using Time Slider 7-18 Enabling and Disabling Time Slider 7-19 Agenda 7-20 ZFS Deduplication 7-21 ZFS Deduplication Properties 7-23 ZFS Deduplication: Example 7-24 Agenda 7-25 Common Multiprotocol SCSI Target (COMSTAR) 7-26 COMSTAR: Benefits and Limitations 7-28 Configuring COMSTAR 7-29 Quiz 7-31 Summary 7-38 Practice 7 Overview: Oracle Solaris 11 ZFS Enhancements 7-39
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
8
Oracle Solaris 11 Security Enhancements Job Workflow 8-2 Objectives 8-3 Agenda 8-4
ix
e
-tr n o n
a
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Security Enhancements 8-5 Agenda 8-9 Oracle Solaris Cryptographic Framework 8-10 Administrative Command: Examples 8-12 User Command: Examples 8-15 Agenda 8-17 Increasing Security for Automated Installations 8-18 Configuring Security for Automated Installations 8-19 Configuring Kerberos Clients Using AI 8-21 Agenda 8-23 ZFS DataSet Encryption 8-24 ZFS Pool Encryption: Example 8-25 ZFS File System Encryption: Example 8-26 Agenda 8-27 Read-Only (Immutable) Zones 8-28 file-mac-profile Property 8-29 Administering Read-Only Zones 8-30 Read-Only (Immutable) Global Zone 8-32 Agenda 8-33 BART 8-34 BART: Example 8-35 Agenda 8-37 Auditing in Oracle Solaris 8-38 Displaying Audit Service Defaults 8-41 Enabling and Disabling the Audit Service 8-42 Viewing Contents of Binary Audit Files 8-43 Quiz 8-44 Summary 8-48 Practice 8 Overview: Oracle Solaris 11 Security Enhancements 8-49
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Sh
Q d i ah
x
e
-tr n o n
a
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
I t d ti Introduction
e
a
bl a r e nsf
Sh
Q d i ah
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Overview • • • • •
Course goals Agenda Practices Introductions Your learning center
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic to Oracle Solaris 11 course. This is an advanced course that builds atovthe Transition Welcome Q d Solaris 10 system administration courses. It is focused on the skills and knowledge iOracle on h a for transitioning from the Oracle Solaris 10 operating environment to the Oracle Sh required Solaris 11 operating environment. This course highlights the new features in Oracle Solaris 11, including the Automated Installer (AI), the Image Packaging System (IPS), and network virtualization. Throughout the course, you learn how to transition to the Oracle Solaris 11 operating environment by performing a series of guided hands-on practices that walk you through the critical tasks associated with operating system migration activities. These practices include case studies that illustrate the best practices when transitioning from Oracle Solaris 10 to Oracle Solaris 11. This course does not address the system administration tasks that are currently supported in Oracle Solaris 10 (or other) operating systems. Rather, it focuses on the new and enhanced features found in the Oracle Solaris 11 operating system. It is assumed that you already have the skills and knowledge that are necessary for administering the Oracle Solaris 10 operating system.
Transition to Oracle Solaris 11 1 - 2
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Course Goals The goals of this course are to: • Familiarize you with the Oracle Solaris 11 new features and enhancements: – – – – –
Image Packaging System (IPS) Automated Installer (AI) Network virtualization Oracle Solaris Zones Security
tra n Provide you with the skills necessary for a successful no a transition from Oracle Solaris 10 to Oracle 11 asSolaris h ฺ ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
•
Transitioning to a new operating system can be a very daunting task. It involves working with a wide range of complex technologies and procedures, many of which are new to the personnel participating in the project.
Sh
Q d i ah
Transition to Oracle Solaris 11 1 - 3
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda •
Day 1 – Lesson 1: Introduction – Lesson 2: Introducing Oracle Solaris 11 New Features and Enhancements – Lesson 3: Managing Software Packages in Oracle Solaris 11
•
•
Day 2
le
– Lesson 3: Managing Software Packages in Oracle Solaris 11 rab fe s – Lesson 4: Installing the Oracle Solaris 11 Operating System n a
tr
Day 3
a
non
– Lesson 5: Oracle Solaris 11 Network Enhancements as ฺ h ) – Lesson 6: Administering Oracle Solaris de tฺae 11 iZones
e t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic Solaris 11 course consists of five days of lectures and practice av to Oracle The Transition Q id This course also covers the latest Oracle Solaris 11.2 features and enhancements. activities. h a esso 2 p provides o des a b brief e o overview e e o of a all tthe e key ey features eatu es a and de enhancements a ce e ts o of O Oracle ac e Sh • Lesson • • • •
• •
Solaris 11 OS that are discussed in this course. Lesson 3 explains how to work with IPS, its main features, and components; and also how to manage software packages using IPS. Lesson 4 explains how to install Oracle Solaris 11 OS using the text installer, Live CD, and Automated Installer. Lesson 5 briefly lists and explains the network enhancements of Oracle Solaris 11 OS. Lesson 6 explains how Oracle Solaris 11 Zones are different from Oracle Solaris 10 Zones. It also explains how to migrate Oracle Solaris 10 Zones to Oracle Solaris 11 Zones. Lesson 7 briefly lists and explains the ZFS enhancements of Oracle Solaris 11 OS. Lesson 8 briefly lists and explains the security enhancements of Oracle Solaris 11 OS.
Transition to Oracle Solaris 11 1 - 4
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda •
Day 4 – Lesson 6: Administering Oracle Solaris 11 Zones
•
Day 5 – Lesson 7: Oracle Solaris 11 ZFS Enhancements – Lesson 8: Oracle Solaris 11 Security Enhancements
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 1 - 5
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Introductions • • • • • •
Name Company affiliation Title, function, and job responsibility Experience related to topics in this course Reasons for enrolling in this course Expectations from this course
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 1 - 6
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Your Lab Environment
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i avVirtualBoxlicis a cross-platform virtualization application. It extends the capabilities OracleQ VM id existing computer so that you can run multiple operating systems inside multiple of your h a Sh virtual machines at the same time.
As part of each lesson, you will be given the opportunity to practice in a lab environment. The lab environment used in this course is based on the Oracle VM VirtualBox virtualization software, the interface of which is shown in the slide.
Transition to Oracle Solaris 11 1 - 7
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practice 1 Overview: Course Introduction This practice covers how to familiarize yourself with the lab environment.
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic to the practices for Lesson 1. Your instructor will walk you through avActivity Guide Open your Q idmaterial, and you will have a chance to familiarize yourself with the lab environment the h a Sh configuration and setup.
Transition to Oracle Solaris 11 1 - 8
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IIntroducing t d i Oracle O l Solaris S l i 11 New Features and Enhancements
e
a
bl a r e nsf
Sh
Q d i ah
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Job Workflow
Introducing New Features and Enhancements M Managing i Software S ft Packages
Installing
e
bl a r e nsf
Network Administration Enhancements
Administering Zones
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic Solaris 11 course presents each of the system administration tasks av to Oracle The Transition Q id context of a workflow. Before you begin a lesson, take a look at the job workflow in the in the h a Sh slide diagram at the beginning of each lesson. ZFS Enhancements
Security Enhancements
As indicated in the workflow, you start with an introduction to the new features and enhancements in the Oracle Solaris 11 OS.
Transition to Oracle Solaris 11 2 - 2
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Objectives After completing this lesson, you should be able to: • Describe the Oracle Solaris 11 operating system • Describe the Oracle Solaris 11 features and enhancements • Compare the features of Oracle Solaris 10 and Oracle Solaris 11 le b a • Describe a strategy for transitioning from Oracle Solaris 10fer s n to Oracle Solaris 11 a tr
onn a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i licyou to the new features and enhancements in the Oracle Solaris 11 avintroduces This lesson Q id system. The lesson begins with a description of Oracle Solaris 11 and continues operating h a Sh with a high-level description of each new feature and enhancement.
It also provides a comparison of the features in Oracle Solaris 10 with those of Oracle Solaris 11. This is followed by a description of a strategy for transitioning from Oracle Solaris 10 to Oracle Solaris 11.
Transition to Oracle Solaris 11 2 - 3
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • •
Oracle Solaris 11 new features and enhancements Features comparison Strategy for transitioning to Oracle Solaris 11
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 2 - 4
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Operating System: Overview Oracle Solaris 11: • Builds on the proven technologies of Oracle Solaris 10 • Provides access to the latest Oracle Solaris 11 technology • Has been tested and optimized for Oracle hardware and software • Offers state-of-the-art reliability, availability, and le b a serviceability er f s an r • Is an integrated component of Oracle’s Exadata and t on E l i systems Exalogic t n a
as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i c av is theliindustry-leading OracleQ Solaris operating system for the enterprise. Oracle Solaris 11 d raises hi the bar for the innovation introduced in Oracle Solaris 10 with a unique set of features athat h few other operating systems can offer. Oracle Solaris 11 has been tested and optimized S for Oracle hardware and software and is an integral part of Oracle’s combined hardware and software portfolio.
Oracle Solaris 11 provides customers with access to the latest Oracle Solaris technology, allowing developers, architects, and administrators to test and deploy applications within large data centers, which greatly simplify their day-to-day operations. Oracle Solaris 11 is characterized by the reliability, availability, and serviceability that you expect from a leading enterprise operating system. system Oracle Solaris 11 provides new optimizations and features designed to deliver proven scalability and reliability as an integrated component of Oracle’s Exadata and Exalogic systems.
Transition to Oracle Solaris 11 2 - 5
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11: Features and Enhancements • • • • • • • • •
Installation methods Software management features Networking features and enhancements Oracle Solaris Zones enhancements Storage and file system features User account management features Desktop environment enhancements System y configuration g features Security features
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i av 11: lic OracleQ Solaris d •i Introduces a new, modern software installation architecture, offering several installation h a cchoices. o ces This s includes c udes a co completely p ete y hands-free a ds ee auto automated ated network et o installation sta at o Sh • •
•
experience, a graphical Live Media installer (x86 only), and an interactive text-based installation for systems without a graphical display. Introduces Image Packaging System (IPS) as the next-generation packaging system that provides safe system updates and upgrades Provides significant enhancements to networking, including several new network virtualization features for high availability, improved performance, and resource management. t The Th key k building b ildi bl blocks k off network t k virtualization i t li ti are VNIC VNICs, virtual it l switching, aggregations, bridging, virtual local area networks (VLANs), and Elastic Virtual Switch (EVS). Enhances its virtualization solution with Oracle Solaris 10 Zones (also known as solaris10 branded zones). Oracle Solaris 10 Zones provide a seamless method for migrating to Oracle Solaris 11. Additional features such as delegated zone g and installation of administration, boot environment ((BE)) for zones, configuration nonglobal zones as part of an AI client installation, and enhanced zone monitoring are also included.
Transition to Oracle Solaris 11 2 - 6
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
•
• •
•
•
Expands support for Oracle Solaris 10 storage technologies. The ZFS file system includes several enhancements, including ZFS as the root file system, encryption, deduplication, shadow migration, and ZFS snapshot differences. Additional enhancements include the Common Multiprotocol SCSI Target (COMSTAR) technology and Common Internet File System (CIFS) support for seamless file sharing with Windows environments. Introduces the User Manager GUI for creating and managing users apart from providing the usual command-line interface Includes GNOME 2.30, an intuitive, easy-to-use desktop environment, and the Firefox web browser, among a variety of other software included in the network package repository GNU (not UNIX) commands and a default bash shell environment are also repository. available. Provides significant changes to system configuration features and tools apart from introducing the Oracle Solaris Unified Archives feature for system recovery and cloning and the Common UNIX Printing System (CUPS) feature as a printing solution Continues to optimize security controls. This release supplies several security-related enhancements: root as a role, encrypted ZFS datasets, Trusted Platform Module (TPM) support, and enhancements to Oracle Solaris Trusted Extensions.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 2 - 7
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Installation Methods •
Unattended installation – Oracle Solaris 11 Automated Installer (AI) —
— — —
•
Network installation: Uses software package repository or an Oracle Solaris Unified Archive AI Services: Refer to client architecture and OS to be installed AI manifests: Provide client installation instructions AI profiles: Provide system configuration information
Interactive installation
– Oracle Solaris 11 Live Media installation (x86 only)n-tra
o
n a as ฺ h ) ฺae uide – Interactive text installer t e ฺn nt G s Suited for server deployments e at tude r i Text-based interface em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av — —
Suited for desktops and notebooks GUI interface
— —
Oracle Solaris 11 offers several installation options: • Unattended installation: An improved, hands-free, automated installation of networked systems. syste s This s process p ocess replaces ep aces tthe eO Oracle ac e So Solaris a s Ju JumpStart pSta t functionality u ct o a ty a available a ab e in Oracle Solaris 10 and earlier releases. • Interactive installation: Interactive installation by using a text-based user interface (because most servers use a text-based console for installation), and interactive installation for x86 desktop and notebook systems by using the Oracle Solaris 11 Live Media for x86
Q d i ah
Sh
Oracle Solaris 11 does not support the following installation features: • Oracle Solaris Flash Archive installation: Instead, use the Oracle Solaris Unified Archive feature to perform cloning and recovery operations. • Oracle Solaris JumpStart feature: Instead, use the AI feature. • Oracle Solaris Live Upgrade feature: Instead, use the beadm utility. Note: You can use the js2ai utility to convert Oracle Solaris 10 JumpStart rules, profiles, and system identification files to AI criteria files, AI manifests, and AI configuration files, respectively.
Transition to Oracle Solaris 11 2 - 8
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Software Management Features •
Use IPS to perform software management tasks, such as: – – – –
•
Software installation Software updates Operating system upgrades Removal of software packages
Software management components include:
le
– IPS command-line utilities, such as pkg install, pkg rab e f update, pkg list, and pkg uninstall ans
-tr
– IPS repositories as storage location for softwarenpackages on
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av 11 introduces OracleQ Solaris the Image Packaging System (IPS) feature, which is a d redesigned software packaging model. IPS is a comprehensive delivery hi acompletely h framework that spans the complete software life cycle, addressing software installation, S updates, operating system upgrades, and the removal of software packages. In contrast to the SVR4 packaging model used in earlier Oracle Solaris releases, IPS eliminates the need for patching. Relying on the use of network repositories of software packages, IPS dramatically changes how an administrator updates system and application software. IPS packages can be installed into nonglobal zones in addition to the global zone. Note: There is no upgrade path from Oracle Solaris 10 to Oracle Solaris 11. You must perform f a fresh f h installation. i t ll ti
Transition to Oracle Solaris 11 2 - 9
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Networking Features and Enhancements • • • • • • • • •
Generic datalink names Network administration command changes Naming and directory services configuration Network virtualization features Enhanced IPMP feature Performance and efficiency enhancements Resource management enhancements Network security y enhancements a Network observability enhancements as
e
bl a r e nsf
a
-tr n o n
h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic generic names to each datalink on a system by using the net0, av 11 supports OracleQ Solaris id netN naming convention. net1, h a Sh Oracle Solaris 11 introduces the following three commands to manage persistent network
configuration: • ipadm: Creates persistent configuration of interfaces, addresses, and TCP/IP properties. This command replaces the ifconfig command of Oracle Solaris 10. • dladm: Manages datalink configuration. This command replaces the ndd command and the drive.conf file of Oracle Solaris 10 for configuration of certain network parameters. • route: Configures persistent routes. This command replaces the use of the /etc/defaultrouter file in Oracle Solaris 10 to manage a system route configuration.
Oracle Solaris 11 uses Service Management Facility (SMF) to manage the naming and directory services configuration. In Oracle Solaris 10, you edited the various files in the /etc directory to configure the naming and directory services.
Transition to Oracle Solaris 11 2 - 10
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 provides several network virtualization features that you can use for high availability, managing network resources, and improving overall network performance. Some of the key network virtualization features include: • VNICs: Refers to a p pseudo network interface that is configured g on top p of a p physical y network interface of a system. Each VNIC has its own MAC address that you can configure with additional attributes, thus enabling the VNIC to be easily integrated into an existing network infrastructure. • Aggregation: Refers to an L2 entity that ensures continuous access of a system to the network. Link aggregations increase the availability and reliability of network connectivity by pooling multiple datalink resources that you administer as a single unit. - Datalink multipathing (DLMP): Refers to a type of probe probe-based based link aggregation that detects the loss of connectivity between DLMP-aggregated links and configured targets. This type of failure detection addresses the limitations of the link-based failure detection mechanism, which can detect only failures caused by the loss of direct connection between the datalink and the first-hop switch. - Trunk aggregation: Refers to a type of a link aggregation mode that is based on the IEEE 802.3ad standard and works by enabling multiple flows of traffic to be spread across a set of aggregated ports. • Bridging: Refers to an L2 technology that connects multiple datalinks on a network into a single network. Ethernet bridging is supported in Oracle Solaris 11 with the addition of the Spanning Tree and Transparent Interconnect of Lots of Links (TRILL) protocols. • Virtual switching: Refers to the built-in virtual switching capabilities of Oracle Solaris 11 that simulates a network physical switch. On a single system, you can use virtual switches to enable zones and virtual machines to communicate with each other other. • EVS feature: Refers to an L2 technology that enables direct management of virtual switches. You can create EVS switches to deploy multiple virtual networks that span multiple hosts, within either a multi-tenant cloud environment or a datacenter. • Virtual eXtensible Local Area Network (VXLAN): Refers to an L2 and L3 technology that works by overlaying a datalink network on top of an IP network. The VXLAN feature addresses the 4K limitation of VLAN configuration. Typically, VXLANs are used in a cloud infrastructure to isolate multiple virtual networks. You can manage VXLANs by using the EVS feature. • Edge Virtual Bridging (EVB): Refers to an L2 technology that enables Oracle Solaris 11 systems to exchange virtual link information with an external switch. EVB offloads the enforcement of traffic service-level agreements (SLAs) to the switch. • Layer 3 Virtual Router Redundancy Protocol (VRRP): Refers to the proprietary L3 feature that provides high availability of IP addresses, addresses such as those that are used for routers and load balancers. L3 VRRP removes the need to configure unique VRRP virtual MAC addresses for VRRP routers, thereby providing better support for VRRP over IPMP and InfiniBand interfaces, and in zones.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Sh
Q d i ah
Transition to Oracle Solaris 11 2 - 11
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
In Oracle Solaris 11, IP network multipathing (IPMP) has been redesigned to enhance the administrative model and improve monitoring. IP interfaces are grouped into a virtual IP interface, such as, ipmp0. This virtual IP interface serves all of the data IP addresses, while test addresses that are used for probe-based failure detection are assigned to an underlying i interface, f such h as net0. The Th new ipmpstat utility ili provides id visibility i ibili to the h IPMP subsystem. b Oracle Solaris 11 provides performance and efficiency features through the following features: • DCB: Refers to the L2 technology that you can use to manage the bandwidth, relative priority, and flow control of multiple traffic types that share the same network link (for example, when sharing a datalink between networking and storage protocols) • ILB: Refers to the L3 and L4 technology that enables a system to spread the load of network t k processing i amongstt available il bl resources. ILB can b be used d tto iimprove reliability li bilit and scalability, and to minimize the response time of network services. Load balancing involves using multiple systems to deal with high demands of a network by balancing the load between multiple systems.
e
bl a r Oracle Solaris 11 provides resource management capabilities through the following features: fe s n • Flows: Refers to a subset of data packets that are identified by common attributes. tra protocol n These attributes consist of packet header information information, such as IP addresses addresses, noas well as assign type, and transport port numbers. You can observe flows individually, a as ฺ You administer flows flows their own SLAs (for example, bandwidth control and priority). h ) at the L2, L3, and L4 layers of the Oracle Solaris network ide stack. ฺae protocol t u e G in a local area network • LLDP: Refers to the L2 technology that is used ฺn by systems t s n e t udeinformation with each other. LLDP (LAN) to exchange configuration and a management r i t management information to other enables a system to advertise connectivity and m is S e systems on the network network. i@ th v e a ฺqthe network Oracle Solaris 11 improves us sockets implementation by no longer using the d i o t h STREAMS module.aThis enhancement results in performance improvements and also e h s s n ( provides a new, simplified developer interface for adding new socket types. The new network licemonitors network traffic volume, allowing it to shift from interrupt avi socketQ architecture also id to polling mode, which is much more efficient when dealing with high network traffic driven h a Sh volumes. Oracle Solaris 11 provides the following commands to observe network traffic: • tcpstat: Enables you to observe network traffic at the transport layer, specifically for TCP and UDP • ipstat: Enables you to observe network traffic at the IP layer, aggregated on source, destination, higher-layer protocol, and interface
Additionally, y, Oracle Solaris 11 supports pp the use of Wireshark GUI to troubleshoot networking g issues and to perform package analysis. The Wireshark utility and its command-line equivalent, TShark, enables you to capture packet data from a live network or read packets from a previously saved capture file.
Transition to Oracle Solaris 11 2 - 12
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris Zones Enhancements • • • • • • •
Oracle Solaris 10 branded zones Oracle Solaris kernel zones Whole root zones only Zone resource monitoring Delegated administration Zones on shared storage NFS server in nonglobal zones
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic significant enhancements to zone administration and monitoring, av 11 includes OracleQ Solaris id help administrators manage consolidated and virtualized workloads more efficiently. which h a Sh For users running applications either in zones or on bare metal on Oracle Solaris 10 systems,
virtual-to-virtual (v2v) and physical-to-virtual (P2V) tools are provided to help the transition to an Oracle Solaris 10 zone running in Oracle Solaris 11. An Oracle Solaris 10 zone can have a shared IP stack with the global zone or an exclusive IP stack. Oracle Solaris 10 Zones provide a proven and fully supported option for quick adoption of Oracle Solaris 11, which allows administrators to benefit immediately from all the new features available while providing an easy application migration path. Oracle O l S Solaris l i 11 11.2 2 supports t a ffully ll iindependent d d t and d iisolated l t d environment i t called ll d O Oracle l Solaris Kernel Zones (also known as solaris-kz branded zone). Kernel zones use an independent kernel and user environment within the zone. Each kernel zone can run at a different kernel version from the global zone and can be updated separately without requiring a reboot of the global zone. Note: The following legacy branded zone features are supported only in Oracle Solaris 10: • Linux u b brand a d ((lx)) • Oracle Solaris 8 Containers (solaris8) • Oracle Solaris 9 Containers (solaris9) Transition to Oracle Solaris 11 2 - 13
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Another enhancement to zone technology is that the distinction in Oracle Solaris 10 between whole root and sparse root is irrelevant. In Oracle Solaris 10, sparse root zones conserve disk space and permit fast zone creation by sharing a single instance of key file systems among multiple zones. In Oracle Solaris 11, the root file system is ZFS and zone creation leverages ZFS clones for similar space and time savings. When a new boot environment is created by cloning an existing one, the base boot environment’s zones are also cloned into the new boot environment. As a result, you no longer have to choose between different zone types. Oracle Solaris 11 greatly enhances your ability to monitor zone resource consumption with the introduction of the zonestat command. With zonestat, you can observe memory and CPU utilization, utilization of resource control limits, total utilization, and per-zone utilization breakdowns over specified time periods. In Oracle Solaris 11, you can delegate specific zone administration tasks to different administrators using Role-Based Access Control (RBAC). With delegated administration standard, users are identified with the permissions to log in, manage, or clone that zone.
le b a In Oracle Solaris 11.1 release, you can configure, install, and run Oracle Solaris Zones e hosted r f s directly on arbitrary storage device objects such as Fibre Channel and iSCSI targets. Another n anew r t enhancement of this release is the support for NFS servers in nonglobal zones. A otonindicate that the unavailable zone state has been added in Oracle Solaris 11.1 release n aattached, or moved. s zone has been installed, but cannot be verified, made ready, booted, a ) h deฺchanges, such as Starting from Oracle Solaris 11.2 release, you can makea configuration e i zone without the need to tinฺ a running u e changing network configuration and resource controls, G n ฺ t had to reboot a zone for a sadministrators n reboot. In the earlier releases of Oracle Solaris, e e t ud ira Reconfiguration configuration change to take effect. Live Zone eliminates down time in t m S e s service availability within the zone changes are made made. @wheneconfiguration hi i t v ฺqa o us d i t h a e h s (s icen i v l a Q d ahi
Sh
Transition to Oracle Solaris 11 2 - 14
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Storage and File System Enhancements •
ZFS enhancements – Default file system – Deduplication – ZFS snapshot differences (zfs diff) – ZFS shadow migration
• •
COMSTAR CIFS support
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i licfile system in Oracle Solaris 11. UFS is still available for nonroot file avdefault root ZFS isQ the id Oracle Solaris 11 has added ZFS deduplication, which detects and removes systems. h a data from ZFS file systems. If a ZFS file system has the dedup property enabled, Sh redundant duplicate data blocks are removed synchronously. As a result, the file system stores only unique data. Support for listing the differences between ZFS snapshots (zfs diff) has been added with Oracle Solaris 11. Also, now you can use the shadow migration feature to migrate data from an old file system to a new one while simultaneously allowing access and modification of the new file system during the migration process. The Common Multiprotocol SCSI Target (COMSTAR) technology, introduced in Oracle Solaris 11, 11 enables network file sharing, sharing similar to NFS and CIFS, CIFS but for raw block-device block device access via iSCSI or SAN. This technology enables any Oracle Solaris 11 host to become a SCSI target, allowing it to be accessed over a storage network by a variety of initiator hosts. COMSTAR supplies a software framework that makes it possible for all SCSI device types to connect to a transport protocol and provide network device access. In this way, virtual machines can share image files or access to a database. Oracle Solaris 11 provides in-kernel CIFS support for seamless file sharing with Windows environments. i t The Th CIFS service i also l includes i l d new features, f t such h as host-based h tb d access control (which allows a CIFS server to restrict access to specific clients according to IP addresses), access control lists (ACLs) on shares, and client-side caching of offline files with synchronization on reconnect. Transition to Oracle Solaris 11 2 - 15
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
User Environment Feature Changes • • • •
Administrative command locations Default user shell and path changes Development tools locations Creating and managing user accounts
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i c administrative commands are located in the /usr/sbin directory v 11,lithe aSolaris In Oracle Q id compared to /sbin in the previous release. In addition, the /sbin directory has been when h a Sh replaced by an /sbin →/usr/sbin symbolic link.
In Oracle Solaris 10, the default scripting shell (/bin/sh) is the Bourne shell. Starting with Oracle Solaris 11, the bash shell is the default interactive shell, and ksh93 replaces ksh as the default system shell.
There are other changes in Oracle Solaris 11 that affect user experience. The default user path is /usr/bin. The default path for the root role is /usr/bin:/usr/sbin. The developer tools that were previously located in the /usr/ccs/bin directory has been moved to the /usr/bin / /bi directory. directory The /usr/ccs/bin / / /bi directory is replaced by a /usr/ccs/bin / / /bi → /usr/bin symbolic link. Although most of the user and group management commands almost remain the same, with some enhancements, Oracle Solaris 11 replaces the Solaris Management Console graphical tool and its associated command-line interface of Oracle Solaris 10 with the User Manager GUI.
Transition to Oracle Solaris 11 2 - 16
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Desktop Environment Enhancements • • •
Enhanced desktop environment Time Slider snapshot management CUPS printing
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic Solaris 11 offers a state-of-the-art GNOME desktop with the avusers, Oracle For desktop Q id graphical desktop manager (GDM) as the only graphical login option. Oracle Solaris GNOME h a Sh 10 supports the use of both Common Desktop Environment (CDE) and GDM for login.
The Oracle Solaris 11 desktop includes the innovative Time Slider tool. Integrated with the File Browser, Time Slider supports file and directory recovery, which is made possible through native snapshot and clone capabilities in ZFS. A user can click in Time Slider to snapshot a home directory and later revert to it if necessary. The Oracle Solaris 11 desktop also includes a network administration GUI to manage network connections from the desktop. The Common UNIX Printing System (CUPS) is the default print service on Oracle Solaris 11, replacing the LP print service used in Oracle Solaris 10. CUPS support includes a web and graphical interface to manage your printing environment. A system that is running CUPS becomes a host that can accept print requests from client systems, process those requests, and then send them to the appropriate printer.
Transition to Oracle Solaris 11 2 - 17
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
System Security Enhancements • •
Secure by default root treated as a role
• • • •
Robust data encryption Driver support for TPM Trusted Extensions enhancements Auditing enhancements
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic a fully secure-by-default environment. With automatic av 11 provides OracleQ Solaris id secure-by-default, all network services are disabled except for SSH, or set to listen for local h a h system communications only. In Oracle Solaris 10, the Secure by default feature is available S but disabled by default and had to be enabled during the OS installation or by running the netservices limited command. In Oracle Solaris 11, root is treated as a role rather than a user. During system installation, an initial user is defined. After an initial user login, a user with the appropriate privileges can subsequently assume the role of root by using su or by performing administrative tasks after authentication using sudo or pfexec. You can use the pfexec command to directly assign a rights profile or directly assign more roles to a user account. account Oracle Solaris 11 supports a robust mechanism for your data protection by implementing on-disk encryption/decryption support and key management for ZFS datasets. In the event of theft or in the case of untrusted paths to networked storage, encrypted ZFS datasets can help to safeguard data and prevent unauthorized access. The kernel implements raw encryption/decryption functions that are applied to all data and file system metadata.
Transition to Oracle Solaris 11 2 - 18
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 includes driver support for TPM hardware. TPM devices are often embedded in systems to securely store certificates or encryption keys that help to perform platform authentication and/or attestation. Attestation is a process that determines whether a server is trustworthy and has not been breached. Oracle Solaris 11 enhances Oracle Solaris Trusted Extensions by introducing labeled IPsec and labeled ZFS datasets. Additionally, Trusted Extensions now enables per-label and per-user credentials, which allow administrators to set up a requirement for a unique password for each label. This password is in addition to the session login password, thus allowing administrators to set a per-zone encryption key for each label of every user’s home directory. The auditing service of Oracle Solaris 11 is enabled by default default. When compared to Oracle Solaris 10, you do not need to reboot the system when enabling or disabling the auditing service. Further, you can use the auditconfig command to view and edit audit policy.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 2 - 19
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • •
Oracle Solaris 11 new features and enhancements Features comparison Strategy for transitioning to Oracle Solaris 11
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 2 - 20
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Key Features of Oracle Solaris 10 and Oracle Solaris 11: Comparison Feature
Oracle Solaris 10
Oracle Solaris 11
Packaging model
SVR4 packaging
Image Packaging System (IPS)
Maintaining system software
SVR4 patching
Image Packaging System (IPS)
OS installation
• Interactive: Installation DVD • Automated: Oracle Solaris JumpStart
• Interactive: Installation CD and package repositories • Automated: Automated Installer and package repositories
e
bl a r fe s Blueprints for custom Distribution Constructor to create Building a n tra DVDs ISO and virtual machine images customized n di t ib ti iimage distribution no a Virtual Networking N/A Network virtualization as ฺ and resource h ) management ae uide ฺ t e ksh User environment and SVR4 G and SVR4 commands ฺn Bash,nGNU, t s commands e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ainvthe slidelicshows the major changes made to some of the key features of Oracle The table Q id 10 in Oracle Solaris 11. Solaris h a Sh For more information, refer to the website at http://docs.oracle.com/cd/E36784_01/html/E39134/compare-1.html.
Transition to Oracle Solaris 11 2 - 21
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • •
Oracle Solaris 11 new features and enhancements Features comparison Strategy for transitioning to Oracle Solaris 11
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 2 - 22
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Transitioning Strategy • • • • •
A sound understanding of the key features of Oracle Solaris 10 is critical. Solaris is binary-compatible across hardware architectures. Source code is compatible across different machine architectures. le Migration path for ZFS and UFS file systems is supported. erab f s n Multiple migration paths for transitioning applications: tra
n-
– A Applications li ti can run di directly tl on O Oracle l S Solaris l i 11 11. no a s – Applications can run in Oracle Solaris 10 haZones.
) deฺ e a i ฺ t u e G n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lichave a sound understanding of the key features of Oracle Solaris 10, av should Administrators Q id Oracle Solaris Zones and ZFS (especially to support root file systems), before including h a Sh preparing for transitioning to Oracle Solaris 11. Oracle Solaris 11 builds upon these features. Oracle continues the Solaris commitment to binary compatibility across hardware architectures. This simplifies migrations between major Oracle Solaris releases and allows applications to take advantage of performance gains from Oracle’s newest SPARC and x86 hardware systems. Oracle guarantees source code compatibility across different machine architectures, allowing software providers to simply recompile applications across hardware architectures.
O l S Oracle Solaris l i 11 supports t a migration i ti path th ffor ZFS and d UFS fil file systems t by b using i the th ZFS shadow migration feature. You can migrate data from an old file system to a new file system while simultaneously allowing access and modification of the new file system during the migration process. Oracle offers multiple migration paths for transitioning applications to Oracle Solaris 11. Applications can run directly on Oracle Solaris 11 in global or nonglobal zones. The release global zone. Just as also supports Oracle Solaris 10 Zones hosted within an Oracle Solaris 11 g Oracle Solaris 8 and 9 branded zones helped to transition applications to Oracle Solaris 10, Oracle Solaris 10 branded zones in Oracle Solaris 11 enable a more gradual, step-by-step approach to an OS migration. Transition to Oracle Solaris 11 2 - 23
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Summary In this lesson, you should have learned how to: • Describe the Oracle Solaris 11 operating system • Describe the Oracle Solaris 11 features and enhancements • Identify the key differences between Oracle Solaris 10 and the Oracle Solaris 11 features le b a • Strategically prepare to transition to Oracle Solaris 11 fer
s n a n-tr
no a as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic presented with the new features and enhancements in the Oracle av you were In this Q lesson, id 11 operating system. You had an opportunity to compare the features in Oracle Solaris h a 10 with those of Oracle Solaris 11. Finally, you were provided a strategy to transition Sh Solaris from Oracle Solaris 10 to Oracle Solaris 11.
Transition to Oracle Solaris 11 2 - 24
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Managing M i Software S ft Packages P k in Oracle Solaris 11
e
a
bl a r e nsf
Sh
Q d i ah
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Job Workflow
Introducing New Features and Enhancements M Managing i Software S ft Packages
Installing
e
bl a r e nsf
Network Administration Enhancements
Administering Zones
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i avbegin theliclesson, take a look at the job workflow in the slide diagram. So far, you BeforeQ you id learned about the new features and enhancements of the Oracle Solaris 11 OS. have h a Sh You will now learn how to manage software packages with the help of an IPS repository. ZFS Enhancements
Security Enhancements
Transition to Oracle Solaris 11 3 - 2
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Objectives After completing this lesson, you should be able to: • Describe the Image Packaging System (IPS) • Plan for moving to IPS • Configure a local package repository • Configure network client systems to use IPS • Search for software packages by using IPS le b a er f • Install software packages by using IPS s an r t • Remove software p packages g by y using g IPS on n a • Update the OS image by using IPS s a h eฺ ) e • Manage boot environments id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i licyou to the new Oracle Solaris 11 software packaging feature: Image avintroduces This lesson Q id Packaging System (IPS). The lesson begins with a description of IPS and later compares IPS h a h with package management in the Oracle Solaris 10 operating system. S Next, the lesson shows you how to configure a local IPS repository. It then shows you the ways to manage software packages by using IPS. The lesson also covers how to update a system to Oracle Solaris 11.2. Finally, you learn to manage boot environments in the Oracle Solaris 11 operating system.
Transition to Oracle Solaris 11 3 - 3
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • •
Introducing the Image Packaging System (IPS) Configuring a local IPS repository Managing software packages by using IPS Updating a system to Oracle Solaris 11 11.2 2 Managing boot environments
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 4
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IPS: Overview Oracle Network Repositories Firewall Mirrored Network Repository Custom Repository
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n Oracle Solaris sฺ ent e t Image Packaging System ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i licSystem (IPS) is a framework that enables software lifecycle avPackaging The Image Q id management, such as installation, upgrade, and removal of packages. IPS also enables users h a h to create their own packages, create and manage package repositories, and copy S and mirror existing software package repositories. Packages can be installed only into file systems that Operating System
Active Boot Environment
Inactive Boot Environment
are part of a boot environment (BE). For example, on a default Oracle Solaris 11 installation, only datasets under rpool/ROOT/BEname/ are supported for package operations. Using IPS, you can perform the following tasks: • Create and manage images. • Search the IPS packages on your system and in IPS repositories. • Copy, mirror, create, and administer package repositories. • Create and publish IPS packages to a package repository.
Transition to Oracle Solaris 11 3 - 5
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Planning for IPS • • • • •
Oracle Solaris 11 or later SPARC and x86 architectures Web-based or local package repository Repository mirroring Client access to IPS server
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v ic IPS is Q theapackagingl system for the Oracle Solaris 11 operating systems as SVR4 is the id packaging system for the Oracle Solaris 10 operating systems. A key component of IPS is h a h the package repository. A package repository is a location where software packages are S stored and from where packages are retrieved by client systems. You can even clone an entire package repository, such that any package repository that the client can access has everything they need to proceed.
Transition to Oracle Solaris 11 3 - 6
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IPS Components
Package Repository
Cloned Repository
e
bl a r e nsf
Server Client
a
pkg k Command
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i av up of thelicfollowing key components. Each component has a role to play. IPS is Q made d •i Package: A package in IPS is a collection of actions defined by a set of key-value pairs h a tthat at represent ep ese t metadata, etadata, such suc as classification, c ass cat o , descriptions, desc pt o s, o or ot other e att attributes butes suc such as Sh
path and alias. The key-value pair can also represent a data payload. These actions can represent items, such as directories, links, drivers, and services. Each IPS package is represented by a Fault Management Resource Identifier (FMRI), which is used with the pkg(1) command to indicate the packages on which to perform operations.
•
Repository: A repository is a location where clients publish and retrieve packages. The location is described by a uniform resource identifier (URI), such as http://pkg oracle com/solaris/release A repository can contain packages http://pkg.oracle.com/solaris/release. from any number of publishers, such as solaris and ha-cluster. A publisher can publish to multiple repositories. A repository has an origin and zero or more cloned repositories. The repository origin is the location of a package repository that contains both package metadata (package manifests and catalogs) and package content (package files).
Transition to Oracle Solaris 11 3 - 7
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
•
FMRI: The FMRI includes descriptive information about the package, such as the package name, version information, and date. For example, the FMRI, pkg://solaris/developer/
[email protected],5.110.175.2.0.0.42.2:20140624T183919Z, consists of the following information: - Scheme: pkg - Publisher: solaris - Category: developer - Package Name: apptrace - Component Version: 0.5.11 - Build Version: 5.11 - Branch Version: 0.175.2.0.0.42.2 - Time Stamp (when the package was published): 20140624T183919Z
• •
Manifest: A manifest describes the components and attributes that make up a package. Client package management utility: pkg(1) is a command-line utility that you can use to create and manage images; search package data; and perform software installation, upgrade, and removal. Boot environment (not shown): A boot environment (BE) is a bootable image of an Oracle Solaris 11 operating system plus any other application software packages installed in that image. System administrators can maintain multiple BEs in their systems, and each BE can have different software versions installed.
•
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 8
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • •
Introducing the Image Packaging System (IPS) Configuring a local IPS repository Managing software packages by using IPS Updating a system to Oracle Solaris 11 11.2 2 Managing boot environments
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 9
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Local Package Repository •
The default package repository is available at: http://pkg.oracle.com/solaris/release/
•
Reasons for creating a local repository: – – – –
Default repository not available to clients Performance Security Replication
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic avsystem installation The default manifest installs the Oracle Solaris 11 operating system from Q d hi public repository at http://pkg.oracle.com/solaris/release/. If you have an Oracle support athe h contract, the installation, you can change the default manifest to use the Oracle S supportpost repository. You can also add additional publishers and repositories, such as those for Oracle Exadata, Oracle Solaris Cluster, and Oracle Solaris Studio. You can create your own local package repository. Having a local package repository is necessary when your network clients do not have access to the web-based default repository. Other reasons you might want to have a local copy of a package repository include: • Performance: Having a local package repository allows clients access to packages at local network speeds. speeds • Security: You might not want your client systems to have access to the Internet. • Replication: You want to ensure that an installation that you perform next year is exactly the same as the installation you perform today.
Transition to Oracle Solaris 11 3 - 10
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Creating a Local Repository 1. Obtain software packages: – Download IPS repository zip files. – Copy from the default package repository.
2. Create a ZFS file system for the repository. 2 repository 3. Copy the packages to the repository. 4. Set the publisher.
e
bl a r e nsf
a
Sh
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic you perform the following steps: aavlocal repository, To create Q d ah1.i Obtain the repository files.
-tr n o n
When creating a local package repository repository, you first download the Oracle Solaris 11 repository files from: http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html The repository files provide you with a complete archive of software packages, which allow you to set up a local network IPS repository to which client systems can connect. Download the following repository files: - README file (README-zipped-repo.txt) -
Repository assembly script (install-repo.ksh)
-
MD5 checksum file
-
Four IPS repository parts (zip files)
2. Make the installation script file executable. # cd /opt/ora/repodir (download directory) # chmod +x install-repo.ksh
Transition to Oracle Solaris 11 3 - 11
3. Create a ZFS file system for the repository. A good practice is to store the repository in a separate ZFS file system with compression enabled.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
# zfs create –o compression=on p –o atime=off rpool/export/IPSpkgrepos # zfs create rpool/export/IPSpkgrepos/Solaris
\
4. Run the repository installation script, install-repo.ksh. # ./install-repo.ksh -d /export/IPSpkgrepos/Solaris -c -v -I Comparing checksums of downloaded files...done. Checksums match. Uncompressing sol-11_2-repo-1of4.zip...done. Uncompressing sol-11_2-repo-2of4.zip...done. Uncompressing sol-11_2-repo-3of4.zip...done. Uncompressing sol-11_2-repo-4of4.zip...done. Repository can be found in /export/IPSpkgrepos/Solaris. Initiating repository verification. Building ISO image...done. ISO image and instructions for using the ISO image are at: /opt/ora/repodir/sol-11_2-repo.iso /opt/ora/repodir/README-repo-iso.txt
a
-tr n o n
a s a h eฺ ) e tฺa Guid e 5. Configure the publisher. n t sฺ system n e e t The publisher for the Oracle Solaris r 11 operating is solaris and the default a tud i origin for that publisher is http://pkg.oracle.com/solaris/release. If you want your clients em his S @ t gett packages to k from f your local l l repository, it you must t reset t the th origin i i for f the th solaris i i t v e a publisher as shown us “Configuring the IPS Clients” later in this lesson. dฺinqthe tsection i o h sha ense ( i lic av Q id h a Sh
Transition to Oracle Solaris 11 3 - 12
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Enabling Users to Retrieve Packages Using an HTTP Interface 1. Create a depot server instance (optional). 2. Add a new instance of the pkg/server service. 3. 4 4. 5. 6.
Set the path to the repository. Set the port number (optional). (optional) Restart the package depot server service. Test whether the repository server is working.
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i c repository, you need to create a depot server instance to provide av a localliIPS After creating Q id access to the data contained within a package repository. You could configure the network h a Sh default instance of the service. To create and configure a new depot server instance, perform the following steps: 1. Create a depot server instance of the pkg/server service, named solaris: # svccfg -s pkg/server add solaris
2. Set the path where the pkg/server:solaris instance can find the repository data: # svccfg -s pkg/server:solaris setprop pkg/inst_root=/export/IPSpkgrepos/Solaris
\
3. Set the port number on which the depot server instance should listen for incoming package requests (optional): # svccfg -s pkg/server:solaris setprop pkg/port=81
4. Restart the package depot server service: # svcadm refresh pkg/server:solaris # svcadm enable pkg/server:solaris
5. Test whether the repository server is working by opening a browser window on the localhost location. Transition to Oracle Solaris 11 3 - 13
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring the IPS Clients Set the local IPS publisher. # pkg publisher PUBLISHER solaris
TYPE STATUS P URI origin online F http://pkg.oracle.com/solaris/release/
# pkg set-publisher –G http://pkg.oracle.com/solaris/release/ -g http://s11-server1.mydomain.com/ solaris # pkg publisher PUBLISHER solaris
TYPE origin
\
e
bl a r e nsf
STATUS P URI online F http://s11-server1.mydomain.com/
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v ic asystems For client tol access a local repository, you must set the publisher to the local IPS Q id as shown in the example in the slide. Here, s11-server1.mydomain.com is the publisher h a name of the Oracle Solaris 11 system on which you configured a depot server Sh FQDN instance.
Transition to Oracle Solaris 11 3 - 14
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Updating the Local Master Repository Automatically The svc:/application/pkg/mirror SMF service: • •
•
Updates the local master repository from the Oracle support repository automatically Performs a periodic pkgrecv operation from the solaris publisher origins to /var/share/pkg/repositories/solaris, which le b starts at 2:30 AM one day each month a er f s Refreshes the repository catalog at the end of each ran t successful run of the service on-
n a as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic ausev the svc:/application/pkg/mirror You can SMF service to automatically update Q d support repository. By default, the hi local master repository from the Oracle athe h svc:/application/pkg/mirror SMF service a periodic pkgrecv operation S from the solaris publisher origins defined in this performs image to
/var/share/pkg/repositories/solaris. This pkgrecv operation starts at 2:30 AM one day each month. Therefore, in a data center environment, only one system needs to have an Internet publisher origin and run the mirror service to automatically receive updates. Other systems can set their publisher origin to this repository and then they too will always have the latest update, at least once a month. For more information, refer to p _ p g http://docs.oracle.com/cd/E36784_01/html/E36805/pkgmirror.html#scrolltoc.
Transition to Oracle Solaris 11 3 - 15
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practices 3-1 and 3-2: Overview •
Practice 3-1 covers the following topics: – – – – –
Creating a ZFS file system for the package repository Downloading the package repository zip files Configuring the IPS service with the new repository location Updating the repository catalog Testing the new repository
le
Practice 3-2 covers configuring a network client to access erab f s n the local IPS repository. ra
•
t
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 16
non
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • •
Introducing the Image Packaging System (IPS) Configuring a local IPS repository Managing software packages by using IPS Updating a system to Oracle Solaris 11 11.2 2 Managing boot environments
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 17
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Package Management: pkg (1) Package Management Task IPS Command
Oracle Solaris 10 Equivalent
Install package.
pkg install
pkgadd -a
Display package state and version information. information
pkg list
pkginfo
Verify package installation.
pkg verify
pkgchk -v
Display package information.
pkg info
pkginfo -v
Display the contents of a package.
pkg contents
pkgchk -l
tra n pkg search pkgchk –lno -p Search for a package. a as ฺ h pkg uninstall pkgrm Uninstall a package. ) ฺae uide t e G pkg update ฺn nt pkgadd Install package updates. s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v licthe primary user interface in the Image Packaging System. The table in acommand The pkg is Q idslide shows the pkg commands that are used to perform common package management this h a Sh tasks. It compares these commands with equivalent commands used in Oracle Solaris 10.
Transition to Oracle Solaris 11 3 - 18
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
pkg Command Examples: search # pkg search apptrace INDEX ACTION VALUE PACKAGE pkg.description set Apptrace utility for application tracing, including shared objects pkg:/developer/
[email protected] pkg.summary set Apptrace Utility pkg:/developer/
[email protected] basename file usr/bin/apptrace pp pkg:/developer/
[email protected] pkg.fmri set solaris/developer/apptrace pkg:/developer/
[email protected]
# pkg search -o pkg.name basename:apptrace PKG NAME PKG.NAME developer/apptrace
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v examples lic of searching for a package (apptrace). ashows This slide Q id h a Sh
Transition to Oracle Solaris 11 3 - 19
a
-tr n o n
e
bl a r e nsf
# pkg search basename:apptrace INDEX ACTION VALUE PACKAGE basename file usr/bin/apptrace pkg:/developer/
[email protected]
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
pkg Command Examples: info # pkg info -r apptrace Name: developer/apptrace Summary: Apptrace Utility Description: Apptrace utility for application tracing, including shared objects Category: Development/System State: Not installed Publisher: solaris Version: 0.5.11 Build Release: 5.11 Branch: 0.175.2.0.0.42.2 Packaging Date: June 24, 2014 06:39:19 PM Size: 162.04 kB FMRI: pkg://solaris/developer/
[email protected],5.110.175.2.0.0.42.2:20140624T183919Z
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v anlexample ic ashows This slide of displaying package information. The –r option retrieves the Q d data from the repositories of the image’s configured publishers. hi ainformation h S
Transition to Oracle Solaris 11 3 - 20
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
pkg Command Examples: install # pkg install -nv apptrace Packages to install: 1 Estimated space available: 36.11 GB Estimated space to be consumed: 19.83 MB Create boot environment: No Create backup boot environment: No Rebuild boot archive: No Changed packages: packages solaris developer/apptrace None -> 0.5.11,5.11-0.175.2.0.0.42.2:20140624T183919Z # pkg install apptrace Packages to install: 1 Create boot environment: No Create backup boot environment: No DOWNLOAD Completed
e
PKGS 1/1
FILES 10/10
bl a r e nsf
a
-tr n o n
XFER (MB) SPEED 0.1/0.1 81.7k/s
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v examples lic of performing a package (apptrace) installation dry run (-n) and ashows This slide Q id package installation. ahreal a Sh Note: Starting from Oracle Solaris 11.2, you can use the -rr option with the pkg install PHASE Installing new actions Updating package state database Updating package cache Updating image state Creating fast lookup database Updating package cache
ITEMS 29/29 Done 0/0 Done Done 1/1
command to run package operations recursively across multiple nonglobal zones along with the named nonglobal zones, from the global zone.
Transition to Oracle Solaris 11 3 - 21
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
pkg Command Examples: list verify, list, verify and contents # pkg list apptrace NAME (PUBLISHER) developer/apptrace
VERSION 0.5.11-0.175.2.0.0.42.2
# pkg verify -v apptrace PACKAGE pkg://solaris/developer/apptrace p g // / p / pp
IFO i--
STATUS OK
# pkg contents apptrace PATH usr usr/bin usr/bin/apptrace usr/lib usr/lib/abi usr/lib/abi/amd64 usr/lib/abi/amd64/apptrace so 1 usr/lib/abi/amd64/apptrace.so.1 usr/lib/abi/apptrace.so.1 ... ... #
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v examples lic of listing an installed package (apptrace), verifying package ashows This slide Q id and displaying the contents of a package. The pkg contents command with no status, h a option just lists the directory, file, and link content. You can use the pkg contents Sh command to find dependencies between packages.
Transition to Oracle Solaris 11 3 - 22
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
pkg Command Examples: uninstall # pkg uninstall apptrace Packages to remove: 1 Create boot environment: No Create backup boot environment: No PHASE Removing old actions Updating package state database Updating package cache Updating image state Creating fast lookup database Updating package cache
ITEMS 25/25 Done 1/1 Done Done 1/1
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v anlexample ic ashows This slide of uninstalling a package (apptrace). Q d ahi h S
Transition to Oracle Solaris 11 3 - 23
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Package Manager
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic GUI provides most package and publisher operations and some BE av Manager The Package Q id operations. If you are new to the Oracle Solaris 11 and IPS technologies, use the Package h a h Manager GUI to quickly download and install packages. S
Transition to Oracle Solaris 11 3 - 24
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Managing Packages by Using a Web Browser
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic the package repository by using a web browser. With a web avyou to access IPS allows Q id you can search for and install packages, and view the contents of a package browser, h a Sh manifest.
Transition to Oracle Solaris 11 3 - 25
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Update Manager • •
Updates all installed packages to the newest version Can be invoked in one of the following three ways: – In the Package Manager GUI, click the Updates button. – In the Package Manager GUI GUI, select the Package > Updates menu. – Use pm-launch with the packagemanager subcommand: —
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic of IPS is the Update Manager. Update Manager updates all av Another important feature Q id packages to the newest version allowed by the constraints imposed on the system installed h a Sh by installed packages and publisher configuration. The Update Manager feature can be invoked in one of the three following ways: • In the Package Manager GUI, click the Updates button • In the Package Manager GUI, select the Package > Updates menu option. • Use pm-launch with the packagemanager subcommand: $ /usr/lib/pm-launch packagemanager –update –all
Note: Starting g from Oracle Solaris 11.1,, you y can use the -C option p with the p pkg g update p command to install packages in nonglobal zones concurrently with the global zone. For an example on using the –C option, refer to http://docs.oracle.com/cd/E36784_01/html/E36802/gmhap.html#scrolltoc. If the system created a new BE for the update, you edit the default BE name. Click the Restart Now button to restart your system immediately or the Restart Later button to restart your system at a later time. You must restart to boot into the new BE. The new BE will become your active BE BE. Your current BE will be available as an alternate boot choice. choice
Transition to Oracle Solaris 11 3 - 26
e
bl a r e nsf
$ /usr/lib/pm-launch packagemanager update all
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • •
Introducing the Image Packaging System (IPS) Configuring a local IPS repository Managing software packages by using IPS Updating a system to Oracle Solaris 11 11.2 2 Managing boot environments
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 27
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Updating a System to Oracle Solaris 11.2 You can update your system to Oracle Solaris 11.2 OS by using one of the following repositories: • Web-based Oracle Solaris support repository, for those who have an Oracle Support pp Agreement: g https://pkg.oracle.com/solaris/support • Web-based Oracle Solaris release repository, for those le b without an Oracle Support Agreement: a er f s http://pkg.oracle.com/solaris/release tran
onn a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic Packaging System (IPS) to manage software updates. The Oracle av the Image OracleQ uses id 11 product engineering group releases software updates for the operating system on Solaris h a a regular basis. These updates are published as Support Repository Updates (SRUs) to a Sh web-based Oracle repository and to My Oracle Support (MOS) for distribution. SRUs contain a number of bug fixes and critical security fixes that, when applied to an existing Oracle Solaris 11 systems, help to ensure that the systems run without any issues. Oracle customers with an active Oracle Support Agreement will have access to the SRUs to routinely update their Oracle Solaris 11 systems. Oracle’s web-based support repository is located at http://pkg.oracle.com/solaris/support. With the support contract, you can also download them from My Oracle Support (https://support (https://support.oracle.com/). oracle com/) If you do not have an Oracle Support Agreement, then download the Oracle Solaris 11.2 zip files from http://www.oracle.com/technetwork/server-storage/solaris11/downloads/beta2182939.html. To understand how to create an Oracle SSO account and to access the SRUs by using My Oracle Support, refer to the tutorial available at:
http://supportweb.siebel.com/crmondemand/videos/Customer_Support/UITraining/MOS2010/ http://supportweb siebel com/crmondemand/videos/Customer Support/UITraining/MOS2010/ registration/registration.htm
Transition to Oracle Solaris 11 3 - 28
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Determining Your Starting Point Before you start updating your system, determine your starting point. • Identify which repository is in use on your system. • Identify which OS release your system is running running. • Verify which SRU your system is running. • Identify to which release you want to update.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 29
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Identifying the Repository in Use •
For a system without Oracle Support Agreement, and using the Oracle Solaris release repository, you will see the following output:
# pkg publisher PUBLISHER solaris
TYPE origin
STATUS P LOCATION online F http://pkg.oracle.com/solaris/release
e
bl • For a system with Oracle Support Agreement, and using fera s n the Oracle Solaris support repository, you will see the a -tr n o following output: n a # pkg publisher as ฺ h PUBLISHER TYPE STATUS P LOCATION ) solaris origin online F http://pkg.oracle.com/solaris/support ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Q hid
a Sh
Transition to Oracle Solaris 11 3 - 30
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Verifying the SRU Currently Installed If your system has Oracle Solaris 11 11/11 installed with an SRU, the package information appears as the following: % pkg list -v entire FMRI pkg://solaris/entire@0 5 11 5 11-0 175 0 10 0 5 0:20120803T182627Z pkg://solaris/
[email protected],5.11-0.175.0.10.0.5.0:20120803T182627Z
IFO i--
In this example, SRU #10.5 is installed.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 31
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Updating a System Running Oracle Solaris 11 11/11 to Oracle Solaris 11.2 11 2 1. Ensure that your package repository is set to use http://pkg.oracle.com/solaris/release. 2. Review the licenses of the Oracle Solaris 11.1 preupgrade repository (0.5.11-0.175.0.10.1.0.0). 3. Update the system packages. A new boot environment is created. 4. Reboot the system to use the new updated boot environment. le b a er 5. On a SPARC system only, for each zone, remove the f s ldomsmanager package. tran
n-
6. Update the IPS S package. no a as ฺ 7. Review the update’s license. h ) ide ฺae environment 8. Update the system packages. A new boot is t u e G n ฺ t s created. n e e t d a r new u 9. Reboot the system to use boot environment. mithe Stupdated
Sh
e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic Oracle Solaris 11 11/11 to Oracle Solaris 11.2, perform the ava systemlrunning To update Q hid steps: afollowing 1.
su e tthat at you your pac package age repository epos to y is s set to use http://pkg.oracle.com/solaris/release. ttp //p g o ac e co /so a s/ e ease Ensure # pkg publisher PUBLISHER TYPE solaris origin
2.
STATUS P LOCATION online F http://pkg.oracle.com/solaris/release
Review the licenses of the Oracle Solaris 11.1 preupgrade repository (0.5.110.175.0.10.1.0.0). # pkg update –license | less
3.
Update the system packages. A new boot environment is created. # pkg update –-be-name Solaris11Upgraded –-accept
[email protected]
\
Note: For systems that cannot directly connect to Oracle’s hosted package repositories, download the Oracle Solaris 11.1 Pre-Upgrade Repository Image from http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html. This image contains packages that you must update before updating to Oracle Solaris 11 11.2. 2 In Practice 3-1, you will watch a demonstration on how to update your system running Oracle Solaris 11 to Oracle Solaris 11.2 OS by using a local repository. Transition to Oracle Solaris 11 3 - 32
4.
Reboot the system to use the new updated boot environment. # reboot
5.
On a SPARC system only, for each zone, remove the pkg:/system/ldoms/ldomsmanager p g / y / / g p package. g
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
# for z in `zoneadm list`; do zlogin $z pkg uninstall \ ldomsmanager; done
6.
Update the IPS packages. # pkg update package/pkg
Note: Because of earlier bugs in some packages, it was possible to incorrectly install those packages on a system. The pkg update command removes the following bad packages, if they are installed: • x86: pkg:/consolidation/ldoms/ldoms-incorporation •
SPARC: -
pkg:/consolidation/nvidia/nvidia-incorporation pkg:/driver/network/ethernet/elxl pkg:/driver/network/ethernet/pcn pkg:/driver/network/ethernet/dnet pkg:/driver/network/ethernet/iprb
e
a
-tr n o n
a s a ) h deฺ 7. Review the licenses of Oracle Solaris 11.2 OS. ฺae t ui # pkg update –license | less ฺne G t s n e e t 8. Update the system packages. A new is created. a environment rboot ud iSolaris11.2 t m S # pkg update –-be-name –-accept e his @ i
[email protected] v se t a q uupdated boot environment. 9. Reboot the system dtoฺ use tthe i o h # reboot sha ense ( i lic av Q id h a Sh
Transition to Oracle Solaris 11 3 - 33
bl a r e nsf
\
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Updating a System Running Oracle Solaris 11 11/11 with an SRU to Oracle Solaris 11.2 11 2 1. Ensure that your package repository is set to use http://pkg.oracle.com/solaris/support. 2. If your system is installed with an SRU that is earlier than SRU #10.5, update the system to SRU #10.5 (0.5.11,5.11-0.175.0.10), and then reboot. If your system is already installed with an SRU #10.5 or later, continue updating the system to Oracle Solaris 11.2. le b a er 3. On a SPARC system only, for each zone, remove the f s n ldomsmanager package. -tra 4. 5. 6. 7.
n
no Update the IPS packages. a as ฺ h Review the licenses of Oracle Solaris 11.2 update. ) ae OS. ide ฺ11.2 t u Update the system to Oracle Solaris e ฺn nt G s e e Reboot the system to userthe boot environment. at newudupdated
Sh
mi is St e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i ic Oracle Solaris 11 11/11 with an SRU to Oracle Solaris 11.2 OS, ava systemlrunning To update Q hid the following steps: aperform 1.
Ensure that y your package p g repository p y is set to use http://pkg.oracle.com/solaris/support. p p g pp # pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris origin online F http://pkg.oracle.com/solaris/support
2.
If your system is installed with an SRU that is earlier than SRU #10.5, update the system to SRU #10.5 (0.5.11,5.11-0.175.0.10), and then reboot. # pkg update –be-name S11SRU10.5 --accept
[email protected],5.110 175 0 10 0.175.0.10 # init 6
3. 4. 4 5.
If your system is already installed with an SRU #10.5 or later, continue updating the system to Oracle Solaris 11.2. On a SPARC system only, for each zone, remove the pkg:/system/ldoms/ldomsmanager package. Update the IPS packages. packages Review the licenses and update the system to Oracle Solaris 11.2 OS. Reboot the system to use the new updated boot environment.
Transition to Oracle Solaris 11 3 - 34
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Updating a System Running Oracle Solaris 11.1 with or without an SRU to Oracle Solaris 11.2 11 2 OS If Oracle Solaris 11.1 is installed with or without an SRU, no special steps are required to update the system. 1. Based on whether you have an Oracle Support Agreement or not,, ensure that your y package p g repository p y is p pointing g to the correct repository (support or release). 2. Review the licenses of Oracle Solaris 11.2 OS. le b 3. Update the system to Oracle Solaris 11.2 OS. a er f s 4. Reboot the system to use the new updated boot an r t environment. environment non
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 35
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Updating a System to Oracle Solaris 11.2 Start State of the System Intermediate State of the System Oracle Solaris 11 11/11 (General Availability)
Oracle Solaris 11 (at an SRU lower than SRU #10.5)
Oracle Solaris 11 (at SRU #10.5 and later)
• Updated to Oracle Solaris 11.1 pre-upgrade repository • Removed some of the non-relevant packages by updating package/pkg • On O SPARC systems t only, l uninstalled i t ll d ldomsmanager ld package • Updated to Oracle Solaris 11 SRU 10.5 • Removed some of the bad packages by updating package/pkg • On SPARC systems only, uninstalled ldomsmanager package • Removed some of the bad packages by updating package/pkg • On SPARC systems only, uninstalled ldomsmanager package
a s a h eฺ Oracle Solaris 11.1 at any SRU ) e None tฺa Guid Oracle Solaris 11.1 e n (General Availability) sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Q hid
a Sh
Transition to Oracle Solaris 11 3 - 36
End State of the System
e
bl a r Oracle Solaris 11.2 fe s n tra n no
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practices 3-3 and 3-4: Overview •
Practice 3-3 provides demonstrations that show how to update from Oracle Solaris 11 to Oracle Solaris 11.2 release by using: – The pkg update command
•
Practice 3-4 covers managing software packages by using: – The pkg utility
e
bl a r e nsf
– The Package Manager GUI
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 37
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • •
Introducing the Image Packaging System (IPS) Configuring a local IPS repository Managing software packages by using IPS Updating a system to Oracle Solaris 11 11.2 2 Managing boot environments
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 38
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Boot Environment (BE) • • • • •
A BE is a bootable instance of an Oracle Solaris 11 operating system. Multiple BEs can be maintained on a system. BEs can have different software versions installed installed. BEs make updating software a low-risk operation. BE management utilities include:
e
– The beadm command
bl a r e nsf
– The Package Manager GUI
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lic of an Oracle Solaris 11 operating system plus any other A BE is aabootable instance Q id application software packages installed into that image. System administrators can maintain h a h multiple BEs on their systems, and each BE can have different software versions installed. S With multiple BEs, the process of updating software becomes a low-risk operation because system administrators can create backup BEs before making any software updates to their system. If needed, they have the option of booting a backup BE.
You do not have to create a backup BE as a separate step if you are updating IPS packages. When you use the pkg install or pkg update command, use the --require-backupbe, --backup-be-name , --be-name, or --require-new-be option to make the changes i a new b in boott environment, i t nott in i th the currentt boot b t environment. i t After the initial installation of Oracle Solaris 11 onto a system, a BE is created. Use the beadm utility or the pkg command to administer additional BEs on your system. Note: The time to reboot Oracle Solaris 11 is significantly faster when compared to the reboot time taken by Oracle Solaris 10. The faster reboot helps in minimizing system down time. Administrators can decide whether to configure fast reboot by default or not by setting a Boolean value for the config/fastreboot_default config/fastreboot default SMF property in the svc:/system/boot-config:default SMF service, allowing certain system and firmware checks to be bypassed both for SPARC and x86 systems. Transition to Oracle Solaris 11 3 - 39
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
beadm Utility • •
Is the primary BE management tool Enables you to: – – – – – – – –
Create a new BE Create a snapshot of an existing BE Create a BE based on a snapshot Activate an existing, inactive BE Mount and unmount a BE Destroy BEs and snapshots Rename BEs Display BE information
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic primary BE management tool. The beadm utility aggregates all avutility is lthe The beadm Q id in a BE and performs actions on the entire BE at once. You no longer need to datasets h a perform ZFS commands to modify each dataset individually. It manages the dataset Sh structures within BEs. For example, when the beadm utility clones a BE that has shared datasets, the utility automatically recognizes and manages those shared datasets for the new BE. The beadm utility enables you to perform administrative tasks on your BEs. These tasks can be performed without upgrading your system. It automatically manages and updates the GRUB menu for x86 systems, or the boot menu for SPARC systems. For example, when you use the beadm utility to create a new BE, BE that environment is automatically added to the GRUB menu or boot menu.
Transition to Oracle Solaris 11 3 - 40
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
The beadm utility enables you to perform the following tasks: • • • • • • • • • • • •
Create a new BE based on the active BE. Create a new BE based on an inactive BE. Create a snapshot of an existing BE BE. Create a new BE based on an existing snapshot. Create a new BE and add a custom title to the x86 GRUB menu or the SPARC boot menu. Activate an existing, inactive BE. Mount a BE. U Unmount t a BE. BE Destroy a BE. Destroy a snapshot of a BE. Rename an existing, inactive BE. Display information about your BE snapshots and datasets.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 41
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
beadm Command Examples: list
# beadm list BE -solaris solaris-1
Active -----NR -
Mountpoint ---------/ -
# beadm list -a solaris BE/Dataset/Snapshot ------------------solaris rpool/ROOT/solaris rpool/ROOT/solaris/var rpool/ROOT/solaris/var@2014.. ... ...
Space ----3.47G 94.03M
Policy -----static static
Created ------2014-07-07 01:05 2014-07-09 03:52
Active Mountpoint ------ ----------
Space -----
NR -
2.88G static 2014-07-07 01:05 323.72M static 2014-07-07 01:05 748.5K static 2014-07-09 03:52
/ /var -
Policy Created ------ -------
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v examples lic of listing boot environments and associated snapshots. ashows This slide Q id that the BE is currently active, and R means that it will be the BE that will be active Nhmeans a Sh on reboot as well.
Transition to Oracle Solaris 11 3 - 42
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
beadm Command Examples: create
# beadm create solaris-2 # beadm create solaris-2@backup # beadm create -e solaris-2@backup solaris-3
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v examples lic of creating a new BE and a clone. ashows This slide Q d •i The first command creates a new BE. h a Sh • The second command creates a snapshot of the new BE BE. •
The third command creates a BE clone from a snapshot.
Transition to Oracle Solaris 11 3 - 43
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
beadm Command Examples: activate rename, activate, rename and destroy # beadm activate solaris-3 # beadm rename solaris-2 solaris-old # beadm destroy solaris
e
a
bl a r e nsf
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v examples lic of activating, renaming, and destroying BEs. ashows This slide Q id h a Sh
Transition to Oracle Solaris 11 3 - 44
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
beadm Command Examples: mount and unmount
# beadm mount solaris-1 /solaris-1 # beadm unmount solaris-1
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v examples lic of mounting and unmounting inactive BEs. ashows This slide Q id h a Sh
Transition to Oracle Solaris 11 3 - 45
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Package Manager BE Features
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic is a GUI that enables you to install, update, and manage packages on av Manager The Package Q idinstalled system. If you use the Package Manager to update all the packages on your your h a a clone of the active BE is created. During this process, any update happens to the Sh system, cloned BE, not the active BE. You do not actually update until you choose to boot the new BE. After you boot the new BE, you can change your mind and boot back to the original. You do not have to reboot to get to your preupdate state if you have not yet rebooted to the new, updated BE. You can use the Package Manager to manage your BEs as follows: • Delete old and unused BEs to make disk space available. • Change C the default f BE on your system. • Activate a BE.
Transition to Oracle Solaris 11 3 - 46
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz What benefits does a local IPS repository provide? a. Greater capacity for more packages in the repository b. Automatically created backup BEs c Increased performance for package retrieval c.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic avc Answer: a, Q id h a Sh
Transition to Oracle Solaris 11 3 - 47
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which utility is used to manage BEs in Oracle Solaris 11? a. Live Upgrade b. beadm c BE Manager c.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Answer: b Q id h a Sh
Transition to Oracle Solaris 11 3 - 48
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz You want to gather installation information about a new application without actually installing the software. Which command is most appropriate for this task? a. p pkg g install –-dry y new_app pp b. pkg install –-noinstall new_app c. pkg install –dv new_app d. pkg install –nv new_app
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Answer: d Q id h a Sh
Transition to Oracle Solaris 11 3 - 49
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which command is used to verify a package installation? a. pkg verify new_package b. pkg status new_package c pkg –v c. v new_package new package d. pkg validate new_package
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lic Answer: aa Q id h a Sh
Transition to Oracle Solaris 11 3 - 50
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which command is used to set solaris-alt as the default boot environment? a. activate –v solaris-alt b beadm solaris b. solaris-alt alt boot c. beadm activate solaris-alt d. activate –d solaris-alt
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lic Answer: ca Q id h a Sh
Transition to Oracle Solaris 11 3 - 51
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Summary In this lesson, you should have learned how to: • Describe the Image Packaging System (IPS) • Plan for moving to IPS • Configure a local package repository • Configure network client systems to use IPS • Search for software packages by using IPS le b a er f • Install software packages by using IPS s an r t • Remove software p packages g by y using g IPS on n a • Update the OS image by using IPS s a h eฺ ) e • Manage boot environments id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic introduced to the new Oracle Solaris 11 software packaging feature: av you were In this Q lesson, id Packaging System (IPS). You were then shown how to configure a local IPS repository Image h a and how to manage software packages by using IPS. You also had the opportunity to learn Sh how to update a system to Oracle Solaris 11.2. Finally, you were introduced to boot environments and how to manage them.
Transition to Oracle Solaris 11 3 - 52
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practice 3-5: Overview This practice covers the following topics: • Displaying boot environments • Creating boot environments • Selecting boot environments • Removing boot environments
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 3 - 53
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Sh
e
a
Q d i ah a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av -tr n o n bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IInstalling t lli the th Oracle O l Solaris S l i 11 Operating System
e
a
bl a r e nsf
Sh
Q d i ah
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Job Workflow
Introducing New Features and Enhancements M Managing i Software S ft Packages
Installing
e
bl a r e nsf
Network Administration Enhancements
Administering Zones
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i avbegin theliclesson, take a look at the job workflow in the slide diagram. So far, you BeforeQ you id learned how to manage software packages by using the IPS repository. have h a Sh You will now learn how to install the Oracle Solaris 11 OS using Text Installer, Live Media, ZFS Enhancements
Security Enhancements
and AI.
Transition to Oracle Solaris 11 4 - 2
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Objectives After completing this lesson, you should be able to: • Describe Oracle Solaris 11 installation options • Describe an Oracle Solaris 11 Live Media installation • Describe an Oracle Solaris 11 Text installation • Describe an Oracle Solaris 11 Automated installation • Configure a system image le b a er f • Configure an AI server s an r t • Configure g an AI client on n a • Install Oracle Solaris 11 by using AI s a h eฺ ) e • Compare JumpStart and AI tฺa Guid e n • Convert a JumpStart configuration sฺ etontan AI configuration e t a tud irconstructor • Describe the distribution m S e
is @ h i t e a©v2014,uOracle s q ฺ Copyright and/or its affiliates. All rights reserved. d i o t h sha ense ( i licyou to the new Oracle Solaris 11 operating system installation avintroduces This lesson Q id You explore both interactive and automated installations. Then you compare Oracle methods. h a 10 JumpStart installation with Oracle Solaris 11 installation and convert Oracle Solaris Sh Solaris 10 JumpStart installation to Oracle Solaris 11 installation. The lesson also shows you how to configure and work with automated installation features. Finally, you are introduced to the distribution constructor.
Transition to Oracle Solaris 11 4 - 3
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • •
Introducing Oracle Solaris 11 operating system installation options Performing interactive installations of the Oracle Solaris 11 operating p g system y Configuring an AI Server and clients Comparing and converting JumpStart to AI le b a Working with the distribution constructor fer
• • •
o
s n a n-tr
n a as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 4
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Installation Methods •
GUI installation – Live Media (x86 only)
•
Text installation – Text installer
•
Automated installation – Automated installations through media – Automated installations of multiple clients
•
e
Installation images can be downloaded from: http://www.oracle.com/technetwork/serverstorage/solaris11/downloads has
a ฺ ide
bl a r e nsf
a
-tr n o n
) e a ฺ et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a s and/or its affiliates. All rights reserved. uOracle Copyright dฺq © t2014, i o h sha ense ( i av 11 canlicbe installed in the following ways: OracleQ Solaris d •i Oracle Solaris 11 Live Media image: You use the Oracle Solaris 11 Live Media image h a to install sta on o x86-based 86 based syste systems. s This s method et od is s used for o syste systems s tthat at have a eag graphic ap c Sh •
•
•
display. It contains software packages that are normally found in workstations and notebook environments. Oracle Solaris 11 Text installer: You use the Oracle Solaris 11 Text installation for x86- or SPARC-based systems. This method is used for systems that do not have a graphic display. It contains software packages that are normally found in server environments. A t Automated t d IInstallations t ll ti through th h media: di You Y can initiate i iti t an automated t t d iinstallation t ll ti off the Oracle Solaris 11 OS on a SPARC or an x86 system by booting an AI Image on media, such as CD, DVD, or USB. This method initiates a hands-free installation of only that system and uses a manifest file to obtain the installation instructions. Automated Installations over the network: The Oracle Solaris 11 Automated installation provides a “hands-free” network installation for multiple client systems for y This method enables administrators to create and x86- or SPARC-based systems. manage customized installation profiles for different systems.
All installation downloads are in an ISO image format that can be burned to a CD or a DVD, or used directly within Oracle VM Server or other virtualization software. Transition to Oracle Solaris 11 4 - 5
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 System Requirements
Installer
Minimum Memory
Minimum Disk Space
Recommended Minimum Disk Space
Text I t ll Installer
1.5 GB for x86 2 0 GB ffor SPARC 2.0
4.9 GB for x86 4 9 GB ffor SPARC 4.9
9 GB for x86 9 GB ffor SPARC
Live Media
1.5 GB for x86
6.7 GB
13 GB
Automated Installer
1.5 GB for x86 2.0 GB for SPARC
Varies depending on the number and size of packages included for installation
13 GB for solarisdesktop 9 GB for solarislarge-server 8 GB for solarissmall-server 6 GB for solarisminimal-server
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i c v thelihardware ashows This slide requirements needed for installing Oracle Solaris 11. Q d hi Oracle Solaris 11.1 now supports installation to x86 systems with UEFI firmware. aNote: h S GRUB 2 has been added as the default x86 boot loader, which not only supports
UEFI-specified, GPT partitioning schemes, but also disks that are larger than 2 TB. You must note that UEFI 2.1+ is required and this feature is not currently available on SPARC platforms. For information about GRUB2 and how to upgrade your GRUB legacy system to a release that supports GRUB2, see the following websites: • http://docs.oracle.com/cd/E36784_01/html/E36801/gkvif.html#scrolltoc • http://docs.oracle.com/cd/E36784_01/html/E36801/gluae.html#scrolltoc Starting with Oracle Solaris 11.2, a new group package, solaris-minimal-server, installs the smallest possible set of Oracle Solaris packages. Fewer packages reduce potential system vulnerabilities, and provide faster system updates, faster system cloning, and faster backup in the cloud.
Transition to Oracle Solaris 11 4 - 6
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • •
Introducing Oracle Solaris 11 operating system installation options Performing interactive installations of the Oracle Solaris 11 operating p g system y Configuring an AI Server and clients Comparing and converting JumpStart to AI le b a Working with the distribution constructor fer
• • •
o
s n a n-tr
n a as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 7
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Text Installer
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic Solaris 11 Text installer, you are provided with a menu of keyboard av the Oracle When Q starting id as shown in this slide. The default is US-English. layouts h a Sh
Transition to Oracle Solaris 11 4 - 8
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Text Installer
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i avshown inlicthe slide provides the language options. The default is English. The screen Q id h a Sh
Transition to Oracle Solaris 11 4 - 9
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Text Installer
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i av menulicprovides you with options, such as installing additional device drivers The installation Q idchanging the terminal type. The default is “Install Oracle Solaris” (option 1). and h a Sh
Transition to Oracle Solaris 11 4 - 10
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Text Installation: Disks
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i c 11.1 release, the ability to install to iSCSI target LUNs has been av OracleliSolaris Starting from Q id in the Text installer. Administrators can choose between installing on local disks or included h a Sh iSCSI disks. •
•
Local Disks: This is the default option for disks that are attached to the computer, including internal and external hard disks. iSCSI: If you want the installer to search for remote disks that are accessible over a network by using the iSCSI standard, select this option. You can connect to a remote iSCSI disk by using DHCP auto-discovery or by manually specifying a target IP address, an iSCSI target name and LUN, and an initiator name.
For more information, f refer f to http://docs.oracle.com/cd/E36784_01/html/E36800/texttask.html#scrolltoc.
Transition to Oracle Solaris 11 4 - 11
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Text Installation: Disks
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic 11 Text installation, you must choose the disk on which to install the avOracle Solaris DuringQ the id OS. h a Sh
Transition to Oracle Solaris 11 4 - 12
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Text Installation: Network
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i ic a name to the installation system. This is the network host name. av to lassign You are required Q id you must decide how the installation system network is to be configured: Also, h a uto at ca y Also so known o as reactive eact e network, et o , co configures gu es tthe e network et o auto automatically at ca y Sh • Automatically:
• •
using a combination of Network Configuration Profile and Location profile files. You can configure multiple Network Configuration Profile files and Location profile files by using the reactive network. A network configuration file can have a static IP or an IP obtained by the DHCP server. Manually: Enables you to configure the network interface manually by assigning the desired IP address, subnet mask, and router N None: Di bl reactive Disables ti network. t k Wh When selecting l ti thi this option, ti you mustt configure fi th the network manually.
Transition to Oracle Solaris 11 4 - 13
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Text Installation: Users
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i c default, root is configured as a role rather than as a user. During v 11,liby aSolaris In Oracle Q id installation, the Text installer helps you to set up the root password and initial user system h a You use the initial user account to log in to the system. After the initial user login, a Sh account. user with the appropriate privileges can subsequently assume the role of root by using su or perform administrative tasks after authentication by using sudo or pfexec. Note: If user information is not specified on this page, root becomes a normal account and can directly log in to the system.
Transition to Oracle Solaris 11 4 - 14
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Text Installation: Support
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic installers now provide the ability to automatically connect to Oracle avSolaris 11.1 The Oracle Q id services through the integration of Oracle Configuration Manager and Oracle Auto support h a Request. By providing My Oracle Support credentials to take advantage of Oracle’s Sh Service support services, administrators can get systems online and in service faster.
Transition to Oracle Solaris 11 4 - 15
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Live Media
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i licLive Media for x86 provides a GUI-based interactive installation that avSolaris 11 The Oracle Q id through the process of configuring the system for the OS installation. The Live Media steps h a installs a software payload that includes a full desktop operating environment. The Live Sh then Media also provides additional utilities, such as the Device Driver Utility and partition editor, to help ensure a successful installation.
Transition to Oracle Solaris 11 4 - 16
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Live Media: Device Driver Utility
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic helps you to decide whether Oracle Solaris 11 can be installed on avDriver Utility The Device Q idx86 system. When started, it runs a quick device compatibility check on your system. If a your h a driver problem is detected, it provides the tools for installing the appropriate device Sh device driver packages from a file, web, or the IPS repository.
Transition to Oracle Solaris 11 4 - 17
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Live Media: Partition Editor
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i licEditor enables you to customize the installation disk layout before you av Partition The GParted Q id the OS installation. Note that GParted is usually used only if you are attempting to set begin h a Sh up a disk to boot multiple operating systems.
Transition to Oracle Solaris 11 4 - 18
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Live Media Installer: Disk
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i c 11.1 release, the ability to install to iSCSI target LUNs has been av OracleliSolaris Starting from Q id in the Live Media Installer. Administrators can choose between installing on local included h a Sh disks or iSCSI disks. •
•
Local Disks: This is the default option for disks that are attached to the computer, including internal and external hard disks. iSCSI: If you want the installer to search for remote disks that are accessible over a network using the iSCSI standard, select this option. You can connect to a remote iSCSI disk using DHCP auto-discovery or by manually specifying a target IP address, an iSCSI target name and LUN, and an initiator name.
For more information, f refer f to http://docs.oracle.com/cd/E36784_01/html/E36800/guitask.html#scrolltoc.
Transition to Oracle Solaris 11 4 - 19
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Live Media Installer: Disk
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i licLive Media installer helps you to choose the target installation disk or avSolaris 11 The Oracle Q id partition. h a Sh
Transition to Oracle Solaris 11 4 - 20
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Live Media Installer: Time Zone
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i licLive Media installer provides a point-and-click time zone configuration avSolaris 11 The Oracle Q id Simply click the city nearest to your installation location. interface. h a Sh
Transition to Oracle Solaris 11 4 - 21
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Live Media Installer: Users
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i v lic in Oracle Solaris 11, root is configured by default as a role rather SimilarQ toathe Text installer, idas a user. During system installation, the Live Media installer helps you to set up the root than h a and initial user account. You use the initial user account to log in to the system. Sh password After initial user login, you can assume the role of root by using su or perform administrative tasks after authentication by using sudo or pfexec. Note that the root password will be the same as the user account password entered here. In addition to the initial user configuration, the Users dialog box enables you to set the host name for your system. The network configuration method is automatically set to reactive network.
Transition to Oracle Solaris 11 4 - 22
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Live Media Installer: Support
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic installers now support the ability to automatically connect to Oracle avSolaris 11.1 The Oracle Q id services through the integration of Oracle Configuration Manager and Oracle Auto support h a Request. By providing My Oracle Support credentials to take advantage of Oracle’s Sh Service support services, administrators can get systems online and in service faster.
Transition to Oracle Solaris 11 4 - 23
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practices 4-1 and 4-2: Overview • •
Practice 4-1 covers installing Oracle Solaris 11 by using the Text installer. Practice 4-2 covers installing Oracle Solaris 11 by using the Live Media installer.
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i licperform interactive installations of the Oracle Solaris 11 operating av In these practices, you Q id system. h a Sh
Transition to Oracle Solaris 11 4 - 24
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
SMF-Based System and Network Configuration •
System and network configuration files are moved from /etc to the SMF repository.
•
System and network configuration changes: – – – – – – – –
File system sharing Network configuration The system host name Power management Time zone Naming services Domain name Environment variables
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i c system and network configuration data that was previously stored in v 11,lithe aSolaris In Oracle Q id/etc directory is now stored in an SMF repository. Moving configuration data to SMF the h a properties enables the delivery of a uniform, extensible architecture for system Sh service configuration, which provides you with a more complete capability to manage the system configuration. The following network configuration features have changed in Oracle Solaris 11: • File system sharing: Sharing a file system is managed through SMF and administered by using the zfs command. The /etc/dfs/dfstab file is meaningful only for legacy file systems. • Network configuration: f Network configuration f persistence through the editing off these files is no longer necessary. You use commands such as svccfg, svcprop, ipadm, and dladm to manage this type of network configuration. Files such as /etc/hostname., /etc/dhcp., and /etc/hostname.ip*.tun* are no longer relevant. • The system host name: A system’s host name is now set by configuring the config/nodename g service p property p y of the svc:/system/identity:node y y SMF service. The /etc/nodename file is no longer relevant.
Transition to Oracle Solaris 11 4 - 25
•
•
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
•
•
Power management: Power management is now administered by using the poweradm command. The /etc/power.conf file and the pmconfig command are no longer relevant. Time zone: A new svc:/system/timezone:default SMF service enables you to set the time zone on an Oracle Solaris 11 system. Naming services: The primary repository for all naming services configuration is the SMF repository. All legacy configuration files, such as resolv.conf, nsswitch.conf, /var/yp/*, and /var/ldap/ are regenerated from the SMF data when an appropriate service is started or refreshed. You do not edit these files directly. The /etc/nsswitch.conf configurations are now handled by the svc:/system/name-service/switch svc:/system/name service/switch service and /etc/resolv.conf /etc/resolv conf configurations are handled by svc:/network/dns/client. A new utility, nscfg(1), has been provided to import and export name service configuration into and out of the SMF repository and allows legacy files such as /etc/nsswitch.conf and /etc/resolv.conf to regenerate from SMF configuration for backward compatibility.
Domain name: The system’s domain name is now handled by the svc:/system/identity/domain service. The /etc/defaultdomain file is no l longer relevant. l t Environment variables: The system’s environment variables are now being handled by the svc:/system/environment:init service. The /etc/default/init file is now read-only. To use the svc:/system/environment:init SMF service, the skip_init_upgrade property must be set to true.
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t d options to svccfg(1M), extract, unew irarelease, Note: Starting from the Oracle Solaris 11.1 t m S eintroduced, and delcust commands have been is which help administrators to better @ h i t understand the administrative e that have been made on a system and apply avcustomizations s q ฺ u those changes to otherid systems.to The svccfg editprop command has also been improved h a e to enable administrators easily change the service configuration by using a text editor. sh etonsservice ( i Some of the infrastructural properties that are typically less interesting to c v i l a Q administrators are now hidden. d i h a Sh •
Transition to Oracle Solaris 11 4 - 26
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring an Oracle Solaris 11 Image •
The sysconfig utility replaces sys-unconfig and sysidtool.
•
Unconfigure the system: – sysconfig unconfigure –g system
•
Configure the system: – sysconfig configure
•
e
bl a r e nsf
System configuration profile creation: – sysconfig create-profile
•
Configure functional grouping interactively:
a
-tr n o n
a – sysconfig configure –g network,naming_services as
•
h eฺ ) e Configure functional grouping non-interactively: tฺa Guid e n – sysconfig create-profile sฺ ent\ e t –g network,naming_services ira Stud \ m –o /var/tmp/sysconfig_dir e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
The sysconfig utility is used in Oracle Solaris 11 to unconfigure and reconfigure an existing Oracle Solaris 11 system or its subsystem. The subsystems of a system that are configurable are referred to as “functional groupings.” A functional grouping is a service or collection of services that are configured or unconfigured when the utility is executed. The sysconfig utility replaces the sysunconfig and sysidtool utilities. The sysconfig utility launches the System Configuration tool. You use the System Configuration tool to interactively unconfigure and configure the OS image. You can perform the following three operations by using the sysconfig utility:
Sh
Q d i ah
• •
Unconfiguration of the system: Brings the OS image to a pristine (unconfigured) state Configuration of the system: Enables you to reconfigure the OS image. It helps you to change the host name, IP address, name service, time zone, initial user account, and root password.
•
System configuration profile creation: Helps you to create a system configuration profile. The system configuration profile is an XML-based file that contains the host name, IP address, name service, time zone, initial user account, and root password configuration properties. properties The system configuration profile can be used with the sysconfig configure command or with Automatic Installation (AI) to configure an OS image. Transition to Oracle Solaris 11 4 - 27
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Apart from using sysconfig to perform system configurations, you can also reconfigure and unconfigure individual functional groups. The functional groupings that can be configured on a system are date_time, network, naming_services, location, users, identity, support, and keyboard. The system grouping will configure or unconfigure all functional groupings. Groupings can also be unconfigured and left in an unconfigured state. The following command reconfigures the network and naming services functional groupings. The SCI Tool is invoked and the groupings will be reconfigured interactively. # sysconfig configure -g network,naming_services
The following sequence of commands creates a profile for the network and naming services, and then use the profile to reconfigure the groupings non-interactively: # sysconfig create-profile -g network,naming_services -o /var/tmp/sysconfig_dir/ # sysconfig configure -g network,naming_services -c /var/tmp/sysconfig_dir/sc_profile.xml
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 28
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • •
Introducing Oracle Solaris 11 operating system installation options Performing interactive installations of the Oracle Solaris 11 operating p g system y Configuring an AI Server and clients Comparing and converting JumpStart to AI le b a Working with the distribution constructor fer
• • •
o
s n a n-tr
n a as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 29
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Automated Installation AI Server Installation Service Manifests M
M ... M
Boot Image
...
DHCP Server
e
bl a r e nsf
IPS Repository
Installation Service
a
2
-tr n o n
a s a h eฺ ) e tฺa Guid e n ฺ the Network t Automated InstallationssOver n e e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic is used to automate the installation of the Oracle Solaris 11 OS on av installer The automated Q idor more SPARC and x86 systems over a network. The installations can differ in one h a Sh architecture, packages installed, disk capacity, network configuration, and other parameters. 1
3
An automated installation can be run in a “serverless” mode where the client boots from the ISO image and uses a manifest that is either located on the media or obtained from a network location to which you have access. Client access to an IPS repository and DHCP service are required. An automated installation over the network to a client system, as shown in the slide, involves the following core steps: 1. A client system boots and gets IP information from the DHCP server. 2. The client contacts an installation service on the AI server and accesses the boot image and the AI manifest containing the installation specifications. 3. The client is installed with the operating system, pulling packages from the IPS repository specified in the AI manifest.
Transition to Oracle Solaris 11 4 - 30
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
How Automated Installation Works Boot client from network. Client contacts gets DHCP server, g IP address and boot program. Client gets boot program and loads it.
Client uses HTTP to download install programs from AI Image. Client identifies installation services and chooses matching service. Client contacts installation service and gets installation Manifest.
Install successful?
User examines logs No and error messages and determines course of action.
Yes
Automatic reboot set in manifest?
No
a
-tr n o n
a s a h eฺ ) AI installs AI client e a uid System tฺreboots. and configures the e G n ฺ t system for use. s n e at tude r i em his S @ vi se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i licset up an installation server with one or more installation services. You av you have Assume that Q id customized the installation specifications for the installation services to suit your needs. have h a Now, you are ready to install the Oracle Solaris 11 OS to client systems on the network. You Sh need only to boot the client, and the process runs to completion without further input from you. Client downloads boot archive and loads kernel.
Yes
The flowchart in the slide illustrates how a client system is installed. The client browses for available installation services, seeking a service where the installation criteria in the service’s manifest file match the characteristics of the client system. When a match is found, the installation is performed on the client system, using a boot image and manifest specifications provided by the installation service.
Transition to Oracle Solaris 11 4 - 31
e
bl a r e nsf
User can examine logs and reboot Manually.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
AI Environmental Requirements • • • • •
Network Client access to AI service and IPS repository AI service storage location Manifests and system configuration profiles Custom manifest and profile storage location
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i v lic systems over the network, you should set up DHCP and also an AI To useQ AIato install client id installation service on an installation server. AI uses DHCP to provide the IP address, subnet h a h mask, router, DNS server, and the location of the installation server to the client machine to S be installed. The DHCP server and AI installation server can be the same machine or two different machines. The client machines that you want to install should be able to access an Oracle Solaris Image Packaging System (IPS) software package repository. The IPS package repository can be on the installation server, on another server on the local network, or on the Internet. An AI installation service is associated with an x86 network boot image (net image), one or more installation instruction files (AI manifests), manifests) and zero or more system configuration instruction files (system configuration profiles). The net image is not a complete installation. Client machines must access an IPS package repository to complete their installations. The AI manifest specifies one or more IPS package repositories where the client retrieves the packages needed to complete the installation. The AI manifest also includes the names of additional packages to install and information such as target device and partition information. You can also specify instructions for configuring the client.
Transition to Oracle Solaris 11 4 - 32
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
If two client machines have different architectures or need to be installed with different versions of the Oracle Solaris 11 OS, you create two AI installation services and associate each installation service with a different net image. If two client machines need to be installed with the same version of the Oracle Solaris 11 OS but with different configurations applied, you create two AI manifests for the AI installation service. The different AI manifests can specify different packages to install or a different slice as the installation target. If client systems need to have different configurations applied, create multiple system configuration profiles for the installation service. The different system configuration profiles can specify different network or locale setup, or unique host name and IP address. Note: Starting from Oracle Solaris 11.1 release, a new set of Role-Based Access Control (RBAC) profiles and authorizations are available for managing the Automated Installation service, including the Install Service Management profile. The Automated Installer command-line utility, installadm, now supports three new options, update-service, update-profile, and set-service, to improve flexibility for administrators maintaining a set of installation services. Oracle Solaris 11.1 also supports the ability to specify a manifest location with a system boot argument.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 33
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IPS Case: Using Default Manifest
Installation Server Static IP Address, Default Route svc:/network/dns/multicast
IPS Software Package Repository pkg.oracle.com
AI Service Components from installadm Package Client
e
AI Installation Service
bl a r e nsf
Default Client Provisioning Manifest
a
-tr n o n
DHCP Server Direct Client to Installation Server
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic to do to use AI is create one installation service. In this minimal av you have The minimum Q id all clients have the same architecture and are installed with the same version of the scenario, h a Oracle Solaris OS. The installations use the default AI manifest, which specifies the most Sh recent version of the OS available from the default IPS package repository on the Internet. 1. Make sure that the installation server has a static IP address and default route. 2. Install the installation tools package, install/installadm. 3. Run the installadm create-service command. 4. Make sure that the clients can access a DHCP server. g to boot 5. Make sure that the necessaryy information is available in the DHCP configuration the service. 6. Make sure that the clients can access an IPS software package repository. To use the default IPS package repository, the clients must be able to access the Internet. 7. Network boot the client.
Transition to Oracle Solaris 11 4 - 34
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
When you network boot the client, the following steps are performed: 1. The client gets the installation server address from the DHCP server. 2. Because the installation server has only one installation service, the client uses that service if the architecture matches. matches 3. Because the installation service has only one AI manifest, the client uses that default AI manifest, installing software packages from the IPS package repository over the network. 4. When the client boots after installation, an interactive tool prompts for system configuration information because no system configuration profile is provided.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 35
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IPS Case: Using Custom Manifest
Installation Server Static IP Address, Default Route svc:/network/dns/multicast
Local IPS Software Package Repository
AI Service Components from installadm Package Client
e
AI Installation Service
bl a r e nsf
Custom Client Provisioning Manifest
a
-tr n o n
DHCP Server Direct Client to Installation Server
Sh
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic parameters, such as a local IPS publisher, the target disk for avthe installation To specify Q partition or mirror configuration, or additional software packages to install, provide hid ainstallation,
a customized AI manifest. Perform the following steps before you boot the client, in addition to the minimum required steps: 1. Create a new AI manifest, or write a script that dynamically creates a custom AI manifest at client installation time. 2. Run the installadm create-manifest command to add the new manifest or script to the installation service. Specify criteria for the client to select this manifest or script, or use the -d option to make this manifest or script the default manifest specification for this service. service
Transition to Oracle Solaris 11 4 - 36
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
When you network boot the client, the following steps are performed: 1. The client gets the installation server address from the DHCP server. 2. Because the installation server has only one installation service, the client uses that service if the architecture matches. matches 3. The client is directed to the correct provisioning manifest by criteria specified to create-manifest. If no criteria match, the client uses the default manifest for this service. 4. The client is provisioned according to the selected manifest. 5. When the client boots after installation, an interactive tool prompts for system g information because no system y configuration g p profile is p provided. configuration
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 37
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IPS Case: Using a System Configuration Profile
Installation Server Static IP Address, Default Route svc:/network/dns/multicast
IPS Software Package Repository pkg.oracle.com
AI Service Components from installadm Package Client
e
AI Installation Service
bl a r e nsf
Default Client P Provisioning i i i Manifest M if t
a
-tr n o n
DHCP Server Direct Client to Installation Server
Sh
a s a h eฺ Configuration Profile ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic avsystem configuration To specify parameters, such as time zone, user accounts, and Q d networking, provide a Service Management Facility (SMF) system configuration profile. ahi
Perform the following steps before you boot the client, in addition to the minimum required steps: 1. Create a system configuration profile by using the sysconfig create-profile utility. 2. Run the installadm create-profile command to validate the profile, add the profile to the installation service, and specify criteria to select which clients should use this system configuration profile. When you network boot the client, the following steps are performed: 1 The client gets a temporary IP address for itself along with the address of the installation 1. server, from the DHCP server. 2. Because the installation server has only one installation service, the client uses that service if the architecture matches. 3. Because the installation service has only one AI manifest, the client uses that default AI manifest, installing software packages from the IPS package repository over the network. 4. The client is directed to the correct system configuration profile by criteria specified to create-profile. 5. The client is configured according to the selected configuration profile. If no configuration profile is selected because the criteria do not match, the interactive configuration tool starts. Transition to Oracle Solaris 11 4 - 38
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IPS Case: Multiple AI Services
Installation Server Static IP Address, Default Route svc:/network/dns/multicast AI Service Components from installadm Package
Local IPS Software Package Repository pkg.oracle.com
Client
e
AI Installation Service for Oracle Solaris 11 version m
Client
bl a r e nsf
a
-tr n o n
Sh
a s a AI Installation Service for h eฺ ) e Oracle Solaris 11 version n tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i v lic of the Oracle Solaris 11 OS, create additional AI installation adifferent To install versions Q hid Perform the following steps before you boot the client, in addition to the minimum aservices. DHCP Server Direct Client to Installation Server
required steps: 1. Run the installadm create-service command and specify a different net image. 2. Run the installadm create-client command to direct the client to this new installation service. 3. Create custom manifests and system configuration profiles (if required) and associate them with the appropriate AI service.
g steps are performed: When yyou network boot the client, the following 1. The client gets a temporary IP address for itself along with the address of the installation server, from the DHCP server. 2. The client is directed to this new installation service by create-client. 3. The client is provisioned according to the default provisioning manifest for this service. 4. When the client boots after installation, an interactive tool prompts for system configuration information because no system configuration profile is provided.
Transition to Oracle Solaris 11 4 - 39
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring the AI Server •
Set up the AI service: – Installation images – DHCP server
• • • •
Set up or remove clients. clients Add or delete manifest files. Add or delete system configuration profiles. le b a Administer installation services by using the AI SMF er f s n service. -tra
on n a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i v licoverview of the tasks that you must perform when configuring your AI aprovides This slide an Q id server. h a Sh
Transition to Oracle Solaris 11 4 - 40
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Setting Up the AI Server • • •
Install Oracle Solaris 11 OS. Set a static IP address for the network interface. Install the installadm package:
# pkg install installadm
•
Enable DNS multicast on the AI server:
e
bl a r e nsf
# svcadm enable svc:/network/dns/multicast:default
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 41
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Creating an Installation Service •
Set up a DHCP server in managed state.
# installadm set-server –i 192.168.0.100 –c 20 -m
•
Create the AI service.
# installadm create-service -n x86_clients -s /export/images/sol-11_1-ai-x86.iso -d /rpool/ai/x86_clients
•
\ \
e
List the AI services.
a
# installadm list
-tr n o n
a s a hx86_clients ฺ ) # installadm create-client -e 08:00:27:85:C7:D6e-n e d a i ฺ et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a s and/or its affiliates. All rights reserved. uOracle Copyright dฺq © t2014, i o h sha ense ( i lic av Q id •
bl a r e nsf
Add AI clients to the AI service.
ah h S
Transition to Oracle Solaris 11 4 - 42
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
AI Manifests • • • •
Default manifest Derived manifest Custom manifest Criteria manifest
e
bl a r e nsf
a
-tr n o n
Sh
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i av are XMLlicfiles that are used to specify multiple sets of installation and system AI manifests Q instructions for each installation service. hid aconfiguration
AI has four types of manifests: • Default manifest: A default manifest is an installation manifest that has no criteria associated with it. The default manifest is used by clients when no other installation manifest’s criteria match the client. • Derived manifest: The default AI manifest for an installation service is a derived manifest. When you create an installation service, a default manifest called orig_default is created for the service. A derived manifest enables the AI process to use existing system configuration f data to simplify f AI configuration f steps. • Custom manifest: To perform different installations on different clients by using the same installation image, you need to provide customized AI manifests for that installation service. Clients that do not match the criteria specific to any custom manifest are installed using the instructions in the default manifest. • Criteria manifest: The criteria manifest allows you to associate client-specific installation instructions with AI services. services When the client matches the criteria that have been specified for a criteria manifest, the client uses the associated manifest.
Transition to Oracle Solaris 11 4 - 43
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
default.xml AI Manifest File
/
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic file, default.xml, provides a generic configuration applicable to avAI manifest The default Q id clients. You can change the AI defaults by copying the default.xml file to a new file most h a editing the new file as desired. You can then apply the new manifest by using the Sh and installadm create-manifest –f command, as in this example: installadm create-manifest –f new_manifest –n AI_service_name The element is used to configure the disk drive used for the OS installation.
Transition to Oracle Solaris 11 4 - 44
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
default.xml AI Manifest File name="http://pkg.oracle.com/solaris/release"/> pkg:/entire pkg:/group/system/solaris-large-server
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i c and packages sections of the default manifest file. The v theliIPS ashows This slide Q id element defines the location of the IPS origin and which software packages to h a h install and uninstall. The entire package is recommended so that the system will be S updated coherently when patching or upgrading in the future. The solaris-large-server package is suitable for a server installation.
Transition to Oracle Solaris 11 4 - 45
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Criteria Manifest • • • •
Associates client-specific installation instructions with AI services Uses an AI manifest selection algorithm Uses multiple non-overlapping non overlapping criteria Can be added using the installadm create-manifest command:
e
bl a r # installadm create-manifest -f /export/manifests/manifest_x86.xml \ fe s -n s11-x86 –C /export/manifests/criteria_x86.xml n tra n no a as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i c you to associate client-specific installation instructions with AI avmanifestliallows The criteria Q id When the client matches the criteria that have been specified for a criteria manifest, services. h a Sh the client uses that manifest. An AI manifest is selected for a client according to the following algorithm: • If custom manifests are defined for this installation service but the client does not match criteria for any custom manifest, the client uses the default manifest. • If the client matches criteria that have been specified for a custom manifest, the client uses the associated manifest.
p manifests,, the client characteristics are evaluated in the If client characteristics match multiple following order: • mac • ipv4 • platform • arch • cpu • mem
Transition to Oracle Solaris 11 4 - 46
For example, if one criteria specification matches the client’s MAC address and another criteria specification matches the same client’s IP address, the manifest associated with the MAC address criteria specification is used, because mac is a higher priority for selection than ipv4.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
You use the installadm create-manifest command to add a criteria manifest to a service, as in the following example: # pfexec installadm create-manifest -m /export/manifests/manifest_x86.xml -n s11-x86 –C /export/manifests/criteria_x86.xml
\ \
In this case, when a client meets the criteria identified in the criteria_x86.xml criteria file, the manifest_x86.xml manifest x86 xml will be applied to that client client.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 47
-tr n o n
Criteria Manifest: Examples
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
•
arch criteria manifest file: i86pc
•
mac criteria manifest file: 192.168.0.114/24
Transition to Oracle Solaris 11 4 - 48
e
-tr n o n
a
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
AI Manifest Wizard
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i c release, a new interactive browser interface enables you to easily av Solarisli11.2 In the Q Oracle id AI manifests, which can be used on an AI server. By stepping through a series of create h a you can quickly create a new manifest that describes the disk layout and ZFS Sh screens, datasets, IPS repository and software packages, and zones to be installed. You can then save this manifest to the AI server that can be associated with a client installation later by using the installadm(1M) command. You can use the AI Manifest Wizard to create manifest files for AI without having to edit XML files. The AI Manifest Wizard web application is served from the AI server's web server, which is controlled via the svc:/system/install/server SMF service. By default, this runs on port 5555, 5555 but can be modified via the SMF service's service s all_services/port all services/port property. property You can access the AI Manifest Wizard by using the URL for the AI server. For example, the URL for an AI server named ai-server would be http://ai-server.domain:5555. Additionally, you can also start the AI Manifest Wizard by running the /usr/bin/ai-wizard command on the AI server. For more information about the AI Manifest Wizard, refer to installadm(1M) and ai_manifest(4) man pages.
Transition to Oracle Solaris 11 4 - 49
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
System Configuration Profiles • • • • •
•
System configuration profiles specify client configuration. System configuration profiles set SMF properties for appropriate SMF services. System configuration profiles are applied during the first client boot after installation. AI clients may have multiple system configuration profiles. le b a If no system configuration profile is specified, the er f s interactive system configuration tool is used at first client an r t on boot. boot n a s a System configuration profiles are created using the h ฺ ) sysconfig create-profile utility. tฺae uide
ne nt G ฺ s ate tude r i em his S @ vi se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic profiles specify client system configuration as a set of configuration avconfiguration The system Q id parameters in the form of a Service Management Facility (SMF) profile. The system h a h configuration profile sets SMF properties for appropriate SMF services. S System configuration profiles are applied during the first boot of the system after AI installation. SMF services responsible for particular configuration areas process SMF properties and configure the system accordingly.
Each client can use any number of system configuration profiles. For example, a client might be assigned one profile that provides only the host name and IP address for that client. The same client and many other clients might be assigned other profiles that set more broadly applicable li bl property t values. l If no system t configuration fi ti profile fil iis provided id d ffor a particular ti l client, li t the interactive configuration tool is started on that client. The system configuration profiles can be created using the sysconfig create-profile utility or a text editor. Note: If multiple system configuration profiles are provided, those profiles must not configure the same SMF properties, because this will cause conflicts with undefined results.
Transition to Oracle Solaris 11 4 - 50
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
System Configuration Profile: Example value="$5$bypT4oRp$Dsy3J0FhJNBXqlxDtCJjlqk3k3ZHAg8cb98bPLs3kI9"/> ... ...
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic profile is used to configure client systems. The following example avconfiguration The system Q id entries for configuring the initial standard user and root roles: shows h a p xxxx
model 123-xyz
Command option: -c platform=123-xyz Criteria file: pkg:/entire pkg:/group/system/solaris-desktop
Transition to Oracle Solaris 11 4 - 62
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Converting a JumpStart Profile to an AI Manifest JumpStart Profile (Class) File Keywords fdisk c0t3d0 solaris maxfree
AI Manifest Directives pkg:/entire pkg:/solaris-small-server pkg:/xxxxxx/123xyz
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 4 - 64
a
-tr n o n
create ncp oracle_profile netcfg:ncp:oracle_profile> create ncu phys net0
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e # netadm enable -p loc classroom ฺa uid # netadm enable -p ncp oracle_profile et G n ฺ t s n e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i athev netadmliclist command to display all profile information, including which You use Q id are active, even if the currently active profile is DefaultFixed and you are using profiles h a g It is the only y command that yyou can use to determine which Sh fixed network configuration. •
Enable a profile:
profile is active on a system. Also, you use the netadm list command to check which profile is active after an installation.
You use the netcfg command to create new profiles and customize them, and you use the netadm command to display information about existing profiles and to manage user-defined profiles.
Transition to Oracle Solaris 11 5 - 16
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring Reactive Profiles •
Create an NCP and NCU: # netcfg netcfg> create ncp oracle_profile netcfg:ncp:oracle_profile> create ncu phys net0 Created ncu 'net0'. Walking properties … ...
•
Create a location profile: # netcfg netcfg> create loc User Created loc 'User'. Walking properties ... ...
e
bl a r e nsf
a
-tr n o n
a s a h eฺ • Enable a profile: ) e tฺa Guid e # netadm enable -p loc classroom n sฺ ent # netadm enable -p ncp oracle_profile e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic configuration object types are: av profile land The network Q d •i Network Configuration Profiles (NCPs): An NCP specifies the configuration of h a et o links sa and d interfaces. te aces There eea are e ttwo o types o of NCPs: C s network Sh Automatic NCP: It is a system-defined profile that is made up of one link NCU and one interface NCU for each physical link that is present of the system. The content of the Automatic NCP changes if network devices are added or removed. - User-defined NCPs: They are profiles that you create to meet the needs of your particular network configuration. A user-defined NCP can be modified and removed db by th the user. Network Configuration Units (NCUs): They are the individual configuration objects (or profiles) that contain all of the properties that define an NCP. Each NCU represents a physical link or an interface and contains properties that define the configuration for that link or interface. Location Profiles: It is one of the two primary profile types that define the system’s network configuration and specifies the systemwide network configuration (for example, the naming services, domain, IP Filter, and IPsec configuration). There are both system- and user-defined locations. -
•
•
Transition to Oracle Solaris 11 5 - 17
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practice 5-1: Overview This practice covers the following topics: • Accessing the current network profile • Creating and deploying a network profile
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 18
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practice 5-2: Overview This practice covers exploring the new capabilities of the ipadm and dladm utilities: • Manage datalinks by using dladm. ipadm • Manage IP configuration by using ipadm.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 19
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • • • • • •
Introducing the Oracle Solaris 11 network Performing basic network administration Configuring network virtualization features Configuring EVS Configuring link aggregation Configuring IPMP le b a er f Configuring network bridges s an r t Configuring g g ILB on n a Managing network resources s a h eฺ ) e Using network monitoring tools id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 20
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Transitioning to Virtual Networking Network Physical Link 1 Network
Network
Webserver 1
Webserver 2
vnic
vnic
Webserver 1 Zone
Webserver 2 Zone
vnic
vnic Virtual Switch
Etherstub
vnic Router Zone
Router
vnic db1 Server
db1 Server
db1 Server
Virtual Switch
tra n no Etherstub
a s a h eฺ ) e tฺa Guid e n ฺ Solaris t 11 sOracle n e e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v licis the process of combining hardware network resources and software avirtualization Network Q id resources into a single administrative unit. The goal of network virtualization is to network h a provide systems and users with efficient, controlled, and secure sharing of the networking Sh resources. The end product of network virtualization is the virtual network. vnic vnic vnic db1 db2 db3 Server Zone Server Zone Server Zone
With server virtualization becoming more mainstream in the IT industry, the focus is shifting to a deployment model that uses network virtualization to support the sharing of network traffic amongst multiple virtual machines (VMs) or zones. Along with a rise in the adoption of cloud architectures that rely upon virtualization for deploying workloads, network virtualization is playing an even more critical role in the overall network administration strategy in Oracle Solaris. Solaris Using virtual infrastructure (shown on the right in the graphic in the slide) to consolidate physical systems in the data center, enterprises can experience the following: • Lower total cost of ownership of servers • Higher server utilization • Increased operational efficiency • Tighter sec security rit
Transition to Oracle Solaris 11 5 - 21
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Virtual Network Building Blocks Components
Description
Virtual NIC (VNIC)
A VNIC is a virtual network device with the same datalink functionality as the physical interface.
Virtual switch
A virtual switch is an entity that facilitates communication between virtual machines (VMs). The virtual switch loops traffic between virtual machines (inter-VM traffic) within the physical machine and does not send this traffic out on the wire.
Elastic Virtual Switch (EVS)
An EVS enables direct management of virtual switches. You can create EVS switches to deploy multiple virtual networks that span multiple hosts, within either a multi-tenant cloud environment or a datacenter. Additionally, you can connect any Oracle Solaris VNIC to an EVS switch or a virtual p port. Such VNICs automatically y inherit their network configuration from EVS.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic about the EVS feature later in this lesson. avwill learnlmore Note: Q You id h a Sh
Transition to Oracle Solaris 11 5 - 22
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Building a Simple Virtual Network
Global Zone Zone 1
Zone 2
vnic 1
vnic 2 Virtual Switch net0
Network
e
bl a r e nsf
a
-tr n o n
a s a h eฺ # dladm create-vnic -l net0 vnic1 ) e # dladm create-vnic -l net0 vnic2 tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic shows a simple virtual network with two Solaris zones. Whenever you av in the slide The graphic Q id two or more VNICs on the same physical port, a virtual switch will be created at the create h a layer. The effect of the creation of the virtual switch is that traffic between Zone 1 and Sh MAC Zone 2 is switched at the MAC layer. As long as the VNICs share the same physical NIC and are on the same VLAN, this MAC layer virtual switch can be employed. This slide shows you how to create two VNICs on the physical interface.
Transition to Oracle Solaris 11 5 - 23
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring a Private Virtual Network
Global Zone
Stub 0
Zone 3
Zone 4
vnic 1
vnic 2
192.168.1 Network vnic 0
net0
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) # dladm create-etherstub stub0 e tฺa Guid # dladm create-vnic -l stub0 vnic0 e n # dladm create-vnic -l stub0 vnic1 sฺ ent e t # dladm create-vnic -l stub0 vnic2 ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v a simple, lic isolated private virtual network with two Solaris zones. This virtual ashows This slide Q id consists of the following: network h a Sh • GLDv3 network interface net0: This interface connects the gglobal zone to the ppublic 192.168.0 Network
•
•
•
network. Etherstub stub0: You use etherstubs to isolate the virtual network from the rest of the virtual networks in the system as well as the external network to which the system is connected. You cannot use an etherstub just by itself. Instead, you use VNICs with an etherstub to create the private or isolated virtual networks. You can create as many etherstubs as you require. You can also create as many VNICs over each etherstub as required. required Three VNICs: vnic0 is created over etherstub stub0. This interface can be configured in the global zone to provide a route between the private virtual network (192.168.1.0) and the public network. Technologies such as IP forwarding, IP filtering, and Network Address Translation (NAT) can be used to customize the relationship between the private and public networks. VNICs vnic1 and vnic2 are also created over etherstub stub0 and are used to attach the nonglobal zones to stub0. Two exclusive IP zones: Each of the two exclusive IP zones has a VNIC assigned. vnic1 is assigned to Zone 3 and vnic2 is assigned to Zone 4.
Transition to Oracle Solaris 11 5 - 24
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Creating a Datalink in Non-Global Zone from the Global Zone Create a VNIC v1 in nonglobal zones zone1 and zone2 from the global zone. # dladm create-vnic -t -l net1 zone1/v1 # dladm create-vnic -t -l net1 zone2/v1 # dladm show-link -Z LINK ZONE net1 global net0 global zone1/net0 zone1 zone2/net0 zone2 zone1/v1 zone1 zone2/v1 zone2
CLASS phys phys vnic vnic vnic vnic
MTU 1500 1500 1500 1500 1500 1500
STATE unknown up up up up up
OVER --net0 net0 net1 net1
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i c 11.2, you can create datalinks in nonglobal zones from the global av OracleliSolaris Starting from Q id This feature enables administrators to dynamically create VNICs, VLANs, and IP-overzone. h a InfiniBand partitions directly in the nonglobal zone’s namespace from the global zone. Link Sh names are specified as / and the links are created directly in the specified nonglobal zone. The example in the slide shows how to create a VNIC v1 in nonglobal zones zone1 and zone2 from the global zone. The zone1/net0 and zone2/net0 are automatically created VNICs for zone1 and zone2, respectively.
Transition to Oracle Solaris 11 5 - 25
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Accessing a Virtual Network Configuration # dladm show-link LINK net1 net2 net0 net3 stub0 vnic0 vnic1 vnic2
CLASS phys phys phys phys etherstub vnic vnic vnic
# dladm show-vnic LINK OVER vnic0 stub0 vnic1 stub0 vnic2 stub0
MTU 1500 1500 1500 1500 9000 9000 9000 9000
SPEED 40000 40000 40000
STATE unknown unknown up unknown unknown up up up
OVER -----stub0 stub0 stub0
MACADDRESS 2:8:20:61:47:f6 2:8:20:81:e5:95 2:8:20:e9:10:18
e
t0ra n o
bl a r e nsf
MACADDRTYPE random random random
VIDS
0 n a 0 s a h ) deฺ e # dladm show-etherstub a i ฺ t u e LINK G n sฺ ent stub0 e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v useful lic commands for accessing your virtual network configuration. The first ashows This slide Q id (dladm show-link) shows you how to list all the links configured in your system. command h a This includes VNICs and etherstubs. The next command (dladm show-vnic) shows you Sh how to list the VNIC links. The last command (dladm show-etherstub) shows you how to
list the etherstubs.
Transition to Oracle Solaris 11 5 - 26
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Bandwidth Management •
This enables the assignment of a portion of the available bandwidth of an NIC by setting the maxbw option.
•
The allocated portion of bandwidth is known as a share. – The limit is the maximum allocation of bandwidth that the share can consume.
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic enables you to assign a portion of the available bandwidth of an NIC avmanagement Bandwidth Q idconsumer, such as an application or a customer. You can control bandwidth on a to a h a per-application, per-port, per-protocol, and per-address basis. Bandwidth management Sh ensures efficient use of the large amount of bandwidth available from the new GLDv3 network interfaces. Resource control features enable you to implement a series of controls on an interface’s available bandwidth. The allocated portion of bandwidth is known as a share. By setting up shares, you can allocate enough bandwidth for applications that cannot function properly without a certain amount of bandwidth. For example, streaming media and Voice over IP consume a great deal of bandwidth bandwidth. You can use the resource control features to guarantee that these two applications have enough bandwidth to successfully run. You can also set a limit on the share. The limit is the maximum allocation of bandwidth that the share can consume. Using limits, you can contain noncritical services from taking away bandwidth from critical services. You can prioritize among the various shares allotted to consumers. You can give highest priority to critical traffic, such as heartbeat packets for a cluster, and lower priority for less critical applications. You can control bandwidth usage through the management of flows (by using the flowadm command) and link utilization (by using the dladm command).
Transition to Oracle Solaris 11 5 - 27
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Managing Bandwidth Global Zone
St b 0 Stub
Zone 3
Zone 4
vnic 1
vnic 2
192 168 1 N 192.168.1 Network t k vnic 0
Firewall
100Mb/s Priority=Low
e
net0
bl a r e nsf
a
192 168 0 Network 192.168.0
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v youlichow to restrict flows and lower priority on a VNIC. Flows consist of ashows This slide Q id packets that are organized according to an attribute. Flows enable you to further network h a Sh allocate network resources.
Transition to Oracle Solaris 11 5 - 28
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Managing Bandwidth # flowadm add-flow -l vnic2 -a transport=tcp,local_port=80 http1 # flowadm set-flowprop –p maxbw=100M http1 # flowadm show-flowprop http1 FLOW PROPERTY PERM VALUE http1 maxbw rw 100 http1 priority rw medium http1 hwflow roff
DEFAULT -medium --
POSSIBLE -low,medium,high on,off
# dladm show-linkprop –p priority vnic2 LINK PROPERTY PERM VALUE EFFECTIVE vnic2 priority rw low low
DEFAULT medium
a
-tr n o n
POSSIBLE low,medium,high
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i av in thislicslide, a flow named http1 is created by using the flowadm command. In the Q example iduser-designed flow (http1) restricts vnic2 bandwidth to 100 Mbits/s and sets the link This h a Sh priority to low.
Transition to Oracle Solaris 11 5 - 29
e
bl a r e nsf
# dladm set-linkprop –p priority=low vnic2
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practice 5-3: Overview This practice covers exploring Oracle Solaris 11 network virtualization: • Configure two zones on a private virtual network. • Configure the virtual network for public access access. • Secure the virtual network behind a firewall. • Control network traffic flow.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 30
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • • • • • •
Introducing the Oracle Solaris 11 network Performing basic network administration Configuring network virtualization features Configuring EVS Configuring link aggregation Configuring IPMP le b a er f Configuring network bridges s an r t Configuring g g ILB on n a Managing network resources s a h eฺ ) e Using network monitoring tools id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 31
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Elastic Virtual Switch (EVS): Overview •
•
•
Is an entity that represents explicitly created virtual switches that belong to the same Layer 2 (L2) segment Enables you to create and administer a virtual i t l switch it h th thatt spans one or more physical machines (nodes) Provides network connectivity between VMs connected to it from anywhere in the network
Compute Node VM1
VM2
VNIC1
VNIC2
VPort VPort Elastic Virtual Switch
Datalink
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i av centerslicinclude multiple physical servers hosting several virtual machines (VMs) Today’s data Q idare connected by a network fabric. Provisioning networking for VMs in a data center is a that h a for administrators, because it includes virtual networking between VMs, managing Sh challenge the MAC address and IP address, and administering VLANs and VXLANs. The additional challenge apart from ensuring internal and external network connectivity for VMs is to provision and enforce service-level agreements (SLAs). These SLAs might include bandwidth limits and priorities. Data center administrators also need to provide isolation between multiple tenants sharing a common network infrastructure. To meet these requirements, Oracle Solaris network virtualization capabilities enable administrators to manage virtual p as first-class operating p g switches across a data center. The virtual switches are exposed system abstractions. These virtual switches, also known as elastic virtual switches, span multiple physical servers and enable system administrators to manage them as a single virtual switch. Starting with the Oracle Solaris 11.2 release, you can use the Oracle Solaris Elastic Virtual Switch (EVS) feature to manage multiple virtual switches that are spread across several physical machines. An elastic virtual switch represents an isolated L2 segment, and the isolation is implemented through VLANs or VXLANs VXLANs. Every elastic virtual switch is associated with a name, virtual ports, and a block of IP addresses. You can create, monitor, and control the virtual switch resources. Transition to Oracle Solaris 11 5 - 32
e
bl a r e nsf
(EVS0)
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Elastic Virtual Switch: Example Compute Node (CN1)
Compute Node (CN2)
VM1
VM2
VM3
VM4
VM5
VM6
VNIC1
VNIC2
VNIC3
VNIC4
VNIC5
VNIC6
VPort
VPort
VPort EVS1 VPort
VPort
e
bl a r e nsf
VPort EVS2
a
-tr n o n
a s a Datalink Datalink h eฺ ) e tฺa Guid e n t VLAN, sฺ e Network Fabric en t VXLAN ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic shows an example of two elastic virtual switches (EVS1 and EVS2) av in the slide The graphic Q id two compute nodes. The VMs that are provisioned on these compute nodes are between h a connected through the elastic virtual switches that span across the two compute nodes. Each Sh compute node connects to the same network fabric through a datalink. The datalink is also known as an uplink port. The datalinks on these compute nodes connect the virtual switch to the external network. The VNIC is connected to the elastic virtual switch through a virtual port (VPort). The VNICs inherit properties that are associated with the virtual ports, such as MAC address, IP address, and SLAs. In the graphic in the slide, the VMs VM1, VM2, and VM6 can communicate with each other through the elastic virtual switch EVS1. EVS1 The VMs VM3, VM3 VM4, VM4 and VM5 can communicate with each other through the elastic virtual switch EVS2. Note: The limitation of EVS is that you can connect only temporary VNICs to an elastic virtual switch.
Transition to Oracle Solaris 11 5 - 33
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Installing the Mandatory EVS Packages You need to install the following packages before using EVS: Packages
Description
pkg:/service/network/evs
You need to install this core package on the EVS manager manager, EVS controller, and EVS nodes. This package contains the following components: • evsadm • evsstat • svc:/network/evs:default
pkg:/system/management/r ad/module/rad evs ad/module/rad-evscontroller
You need to install this package only on the system that acts as an EVS controller. controller This package contains the SMF service service, svc:/network/evs-controller:default.
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Note • The svc:/network/evs:default SMF service has the controller property that holds o ds tthe e host ost name a eo or tthe e IP add address ess o of tthe e EVS S co controller. t o e The e EVS S cclient e t uses tthe e host name or the IP address to communicate with the EVS controller. You use the evsadm set-prop command to manage the controller property. • The svc:/network/evs-controller:default SMF service has properties that capture information that is necessary for implementing L2 segments across physical machines. You use the evsadm set-controlprop command to manage the controller properties.
Q d i ah
Sh
a
-tr n o n
Transition to Oracle Solaris 11 5 - 34
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Setting Up SSH Authentication EVS Node
EVS Node
evsuser
root
evsuser
root
/var/user/ evsuser/.ssh/ authorized_keys
/root/.ssh/ id_rsa.pub
/var/user/ evsuser/.ssh/ authorized_keys
/root/.ssh/ id_rsa.pub
...
e
EVS Controller evsuser
bl a r e nsf
administrator
a
-tr n o n
a s a h eฺ ) e ฺa uid EVS Manager t e ฺn nt G s e Note: It is assumed that the controller property tode at is seton r u i t ssh://
[email protected] m is S each host. e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic shows the setting up of SSH authentication between the EVS av in the slide The graphic Q id components. You need SSH authentication with the preshared public key for the evsadm h a h command to communicate with the EVS controller non-interactively and securely. You need to S set up the SSH authentication with the preshared public key for evsuser between the evsuser
evsuser
/var/user/ evsuser/.ssh/ id_rsa.pub
/var/user/ evsuser/.ssh/ authorized_keys
/$HOME/.ssh/id_ rsa.pub
following components in the EVS setup: • EVS manager and EVS controller: Append the public key of the administrator or the user running the evsadm command on the EVS manager to the /var/user/evsuser/.ssh/authorized_keys file on the EVS controller. • EVS nodes and EVS controller: Append the public key of the root user on each EVS node to the /var/user/evsuser/.ssh/authorized_keys /var/user/evsuser/ ssh/authorized keys file on the EVS controller. You need to append these public keys because the zoneadmd daemon runs as root. This daemon connects to the EVS controller and retrieves configuration information for the VNIC anet resource. For more information, see the zoneadmd(1M) man page. • EVS controller and EVS nodes: Append the public key of evsuser on the EVS controller to the /var/user/evsuser/.ssh/authorized_keys file on each EVS S controller communicates with each off the EVS S node for f setting node because the EVS VPort properties.
Transition to Oracle Solaris 11 5 - 35
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring an EVS Controller 1. Set the EVS controller. # evsadm set-prop -p controller=[value[...,]]
2. Display the configured EVS controller. # evsadm show-prop [[-c] -o field[,...]] [-p prop[,...]]
3. Set the properties for the EVS controller. # evsadm set-controlprop [-h host] -p prop=[value[...,]]
e
bl a r e nsf
a
-tr n o n
a s a hprop[,...]] ฺ ) # evsadm show-controlprop [[-c] -o field[,...]] e[-p e d a i ฺ et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i v only licone compute node as an EVS controller in your network, and then set aspecify You must Q idEVS controller on each compute node so that the compute nodes can communicate with the h a y need to set the controller properties p p only y once from any y Sh the EVS controller. However,, you 4. Display the properties of an EVS controller.
compute node that can communicate with the EVS controller. You can run the evsadm command on any machine, which can communicate with the EVS controller. You can also reset the controller properties for an EVS controller.
Before you configure the EVS controller, you must set up SSH authentication with preshared keys between the host where you run the evsadm command and the EVS controller. You need SSH authentication so that the evsadm command can communicate with the EVS controller non-interactively and securely.
Transition to Oracle Solaris 11 5 - 36
The following example shows how to configure the s11-server host as the EVS controller whose L2 segments are created by using a VXLAN. # evsadm set-prop -p controller=ssh://s11-server
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
# evsadm d show-prop h PROPERTY
PERM
VALUE
DEFAULT
Controller
rw
ssh://s11-server
--
# evsadm set-controlprop -p l2-type=vxlan # evsadm set-controlprop -p vxlan-range=10000-20000 # evsadm set set-controlprop controlprop -p p vxlan vxlan-addr=192.168.10.0/24 addr 192.168.10.0/24 # evsadm set-controlprop -h s11-server -p uplink-port=net3 # evsadm set-controlprop -h s11-client -p uplink-port=net4
PROPERTY
PERM
VALUE
DEFAULT
l2-type
rw
vxlan
vlan
uplink-port
rw
--
--
e
bl a r HOST sfe an r t -on
# evsadm show-controlprop
n a s uplink-port rw net3 -- ha ฺ ) e e d a i ฺ uplink-port rw net4 -et t Gu n ฺ s vlan-range rw -n-e e t d a tu -vlan-range-avail r--mir S e s @ 192.168.10.0/24 hi vxlan-addr rw / 0.0.0.0 i t v e a uv4s vxlan-ipvers idฺq rw v4 o t h vxlan-mgroup 0.0.0.0 sha enserw 0.0.0.0 ( i c li vxlan-range rw 10000-20000 -av Q id
--
s11-server s11-client -------
--ah vxlan-range-avail r- 10000-20000 h S In this example, example the vxlan-range-avail property displays the VXLAN IDs (10000-20000)
that are available for implementing elastic virtual switches. An IP interface that is part of the subnet 192.168.10.0/24 is used to create the VXLAN links on the EVS nodes.
Transition to Oracle Solaris 11 5 - 37
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring Elastic Virtual Switches 1. Create an elastic virtual switch. # evsadm create-evs [-T tenant-name] \ [-p {prop=value[,...]}[,..]] EVS-switch-name
2 Add an IPnet to an elastic virtual switch. 2. switch # evsadm add-ipnet [-T tenant-name] \ -p subnet=value[{,prop=value[,...]}[,...]] \ EVS-switch-name/IPnet-name
3. Add a VPort to an elastic virtual switch.
e
bl a r e nsf
a
-tr n o n
# evsadm add add-vport vport [ [-T T tenant tenant-name] name] [ [-p p {prop=value[,...]}[,...]] EVS-switch-name/VPort-name
\
a s a h eฺ ) e 4. Display the configured elastic virtual switch. tฺa Guid e n # evsadm sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic an elastic virtual switch, you need to understand your virtual avplan to configure When Q you id Determine how many L2 segments you need and the IPnet information for each topology. h a y might g need to determine Sh network includingg the subnet and the default router. In addition,, you the number of virtual ports that you need to configure for the elastic virtual switch and the properties that you need to specify for virtual ports
The following example shows how to create the elastic virtual switch ORA with the tenant tenantA, add an IPnet ora_ipnet, and add a VPort vport0 to the elastic virtual switch: # evsadm create-evs -T tenantA ORA # evsadm d add-ipnet dd i t -T T tenantA t tA -p subnet=192.168.10.0/24 b t 192 168 10 0/24 ORA/ora_ipnet ORA/ i t # evsadm add-vport -T tenantA ORA/vport0 # evsadm NAME
TENANT
STATUS VNIC
IP
HOST
ORA
tenantA
idle
--
ora_ipnet
-
free
--
192.168.10.2/24 /
--
vport0 p
--
Transition to Oracle Solaris 11 5 - 38
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Creating VNICs for an Elastic Virtual Switch 1. Configure a VNIC for an elastic virtual switch. # dladm create-vnic -t -c EVS-switch-name[/VPort-name] \ [-T tenant-name] VNIC-name
2 Display information about VNICs connected to an elastic 2. virtual switch.
e
bl a r e nsf
# dladm show-vnic -c
tra Note: The -c option displays the information about VNICs n o connected to an elastic virtual switch. an
as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i licshows how to create a temporary VNIC vnic1 and connect the VNIC av example The following Q id elastic virtual switch ORA and VPort vport0: to the h a Sh # dladm create create-vnic vnic -t t -c c ORA/vport0 vnic1 # dladm show-vnic -c LINK
TENANT
EVS
vnic1
sys-global ORA
VPORT
OVER
MACADDRESS
VIDS
vport0 evs-vxlan10000 2:8:20:b0:6e:63 0
Transition to Oracle Solaris 11 5 - 39
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Creating a VNIC anet Resource for an EVS The following example shows how to create a zone that has a VNIC anet resource evszone/net1, which is connected to ORA EVS and vport0 of the tenant tenantA. # zonecfg -z evszone Use 'create' to begin configuring a new zone zonecfg:evszone> create create: Using system default template 'SYSdefault' zonecfg:evszone> set zonepath=/export/zones/evszone zonecfg:evszone> set tenant=tenantA zonecfg:evszone> add anet zonecfg:evszone:net> set evs=ORA zonecfg:evszone:net> set vport=vport0 zonecfg:evszone:net> end zonecfg:evszone> exit # zoneadm -z evszone install # zoneadm -z evszone boot
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n # dladm show-vnic -c nt esฺ dMACADDRESS e LINK TENANT EVS VPORT ratOVER VIDS u i t evszone/net1 tenantA ORA vport0 net2 2:8:20:89:a1:97 200 m is S e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i v licin the slide, when evszone boots, the VNIC anet evszone/net1 is Note: Q In a the example id associated with the MAC address, IP address, and SLA properties of the VPort ORA/vport0. h a h zone’s s VNIC anet resource for S You can use the enhanced zonecfg command to configure a zone an elastic virtual switch. You can set the following properties for the anet resource when you are configuring a zone: • tenant: Specifies the name of the tenant. If a value is not specified when configuring a zone, the system assigns the default value, sys-global tenant. • vport: Specifies the name of the VPort. If a value is not specified when configuring a y VPort is automaticallyy generated g for the elastic virtual switch and the zone,, a system VPort inherits the elastic virtual switch properties. • evs: Specifies the name of an elastic virtual switch to which you must connect the anet resource A VPort in a data center is uniquely identified by the tenant name, elastic virtual switch name, and VPort name. For more information about EVS, refer to http://docs.oracle.com/cd/E36784_01/html/E36813/index.html.
Transition to Oracle Solaris 11 5 - 40
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practice 5-4: Overview This practice covers how to set up two elastic virtual switches between two compute nodes by performing the following tasks: • Configuring two zones on a private virtual network • Installing the mandatory EVS packages • Setting up the SSH authentication • Configuring the EVS controller le b a • Configuring the EVS across compute nodes er f s an r t • Configuring compute nodes to use the EVS settings on n • Verifying the EVS configuration sa
a ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 41
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • • • • • •
Introducing the Oracle Solaris 11 network Performing basic network administration Configuring network virtualization features Configuring EVS Configuring link aggregation Configuring IPMP le b a er f Configuring network bridges s an r t Configuring g g ILB on n a Managing network resources s a h eฺ ) e Using network monitoring tools id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 42
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Link Aggregation • •
Link aggregations enable you to pool multiple datalink resources that you administer as a single unit. Link aggregation consists of several interfaces on a system y that are configured g together g as a single, g , logical g unit to increase throughput of network traffic.
e
bl a r e nsf
aggr1
net0
a
-tr n o n
a s a net1 h eฺ ) e tฺa Guid e n sฺ ent e net2 t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic you to pool multiple datalink resources that you administer as a av Link aggregations enable Q id unit. By combining the resources of the multiple datalinks and dedicating them to single h a Sh serving the system’s network operations, the system’s performance is greatly improved.
The graphic in the slide shows an example of a link aggregation configured on a system, in which an aggregation aggr1 consists of three underlying datalinks, net0 through net2. These datalinks are dedicated to serving the traffic that traverses the system through the aggregation. The underlying links are hidden from external applications. Instead, the logical datalink aggr1 is accessible. Link aggregation has the following features: • Increased bandwidth: The capacity of multiple links is combined into one logical link. • Automatic failover and failback: By supporting link-based failure detection, traffic from a failed link is failed over to other working links in the aggregation. • Improved administration: All underlying links are administered as a single unit. • Less drain on the network address pool: The entire aggregation can be assigned one IP address. • Link protection: You can configure the datalink property that enables link protection for packets flowing through the aggregation.
Transition to Oracle Solaris 11 5 - 43
•
Resource management: Datalink properties for network resources as well as flow definitions enable you to regulate applications’ use of network resources.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Note: Link aggregations perform similar functions as IP network multipathing (IPMP) to p network p performance and availability. y For more information about Link improve Aggregation, refer to http://docs.oracle.com/cd/E36784_01/html/E37516/gdysx.html#scrolltoc.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 44
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Types of Link Aggregation Oracle Solaris supports two types of link aggregations: • Trunk aggregations: – Support aggregation over multiple switches; require switch configuration co gu a o a and d sswitch-vendor c e do p proprietary op e a y e extensions e so s – Provide unique features such as policies and load balancing, aggregation of Link Aggregation Control Protocol (LACP) mode and switches
•
Datalink multipathing (DLMP) aggregations:
a
– Are created by y specifying p y g dlmp p as the link aggregation gg g n-tr mode
o n a – Support failover between multiple switches;sdo not require a ฺ h vendor proprietary extensions ) ideprotection, ฺae asulink t e – Enable use of link layer features, such ฺn nt G s e user-defined flows, and a the ability t udeto customize link r i properties, such asebandwidth m is St i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Trunk Aggregations
Q d i h aggregations benefit a variety of networks with different traffic loads. For example, if a aTrunk
Sh
system in the network runs applications with distributed heavy traffic, you can dedicate a trunk aggregation to that application’s traffic to avail the increased bandwidth. For sites with limited IP address space that nevertheless require large amounts of bandwidth, you need only one IP address for a large aggregation of interfaces. For sites that need to hide the existence of internal interfaces, the IP address of the aggregation hides its interfaces from external applications. In Oracle Solaris, when you create link aggregation, the aggregation is by default created in t trunk k mode. mode Typically Typically, systems that are configured with link aggregations also use an external switch to connect to other systems. Trunk aggregations also support back-to-back configuration. Instead of using a switch, two systems are directly connected together to run parallel aggregations. The most common application for back-to-back link aggregations is the configuration of mirrored database servers.
Transition to Oracle Solaris 11 5 - 45
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Datalink Multipathing (DLMP) Aggregations A trunk aggregation generally suffices for the requirements of a network setup. You can span trunk aggregation to multiple switches but requires switch configuration and switch-vendor proprietary p p y extensions to work. DLMP aggregations gg g can span p over multiple p switches. In a trunk aggregation, every port is associated with every configured datalink over the aggregation. In a DLMP aggregation, a port is associated with any of the aggregation's configured datalinks as well as with the primary the interface and VNICs over that aggregation. You can switch between a trunk aggregation and a DLMP aggregation by using the dladm modify-aggr command, provided that you use only the options supported by the specific type. type Note: If you switch from a trunk aggregation to a DLMP aggregation, you must remove the switch configuration that was previously created for the trunk aggregation.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 46
-tr n o n
e
bl a r e nsf
DLMP aggregation supports link-based and probe-based failure detection to ensure continuous availability of the network to send and receive traffic. For more information about the failure detection, refer to the http://docs.oracle.com/cd/E36784 01/html/E37516/gnant.html#scrolltoc. http://docs.oracle.com/cd/E36784_01/html/E37516/gnant.html#scrolltoc.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Creating a Trunk Aggregation
# ipadm show-if IFNAME CLASS lo0 loopback net0 ip net1 ip
STATE ok ok ok
ACTIVE yes no no
OVER ----
# ipadm delete-ip net0 # ipadm delete-ip net1
e
bl a r e nsf
# dladm create-aggr -L active -l net0 -l net1 aggr0 # dladm show-aggr LINK MODE aggr0 gg trunk
POLICY L4
ADDRPOLICY auto
LACPACTIVITY active
a
-tr n o n
LACPTIMER short
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic shows the commands to create a link aggregation with two av in the lslide The example Q id underlying datalinks, net0 and net1. The aggregation is also configured to transmit LACP h a h packets. The S datalinks. example begins with the removal of existing IP interfaces over the underlying
Transition to Oracle Solaris 11 5 - 47
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Creating a DLMP Aggregation # dladm create-aggr –m dlmp -l net0 -l net1 -l net2 -l net3 speedway0 # dladm show-link LINK CLASS net0 phys net1 phys p y net2 phys net3 phys speedway0 aggr
MTU 1500 1500 1500 1500 1500
# dladm show-aggr LINK MODE POLICY speedway0 DLMP --
STATE up up p up up up
OVER ----net0 net1 net2 net3
e
ADDRPOLICY --
LACPACTIVITY --
LACPTIMER --
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic shows how to create a DLMP aggregation. The aggregation has four av in the lslide The example Q id underlying datalinks. h a h S
Transition to Oracle Solaris 11 5 - 48
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring Probe-Based Failure Detection for DLMP Aggregation # dladm show-aggr LINK MODE POLICY speedway0 dlmp --
ADDRPOLICY --
LACPACTIVITY --
LACPTIMER --
# dladm set-linkprop –p probe-ip=+ speedway0 # dladm set set-linkprop linkprop –p p probe-fdt=15 probe fdt=15 speedway0 # dladm show-linkprop LINK PROPERTY speedway0 probe-ip speedway0 probe-fdt
–p probe-ip,probe-fdt speedway0 PERM VALUE EFFECTIVE DEFAULT rw + + -rw 15 15 10
POSSIBLE -1-600
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic shows how to configure probe-based failure detection for a DLMP av in the lslide The example Q id aggregation. h a Sh
Transition to Oracle Solaris 11 5 - 49
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • • • • • •
Introducing the Oracle Solaris 11 network Performing basic network administration Configuring network virtualization features Configuring EVS Configuring link aggregation Configuring IPMP le b a er f Configuring network bridges s an r t Configuring g g ILB on n a Managing network resources s a h eฺ ) e Using network monitoring tools id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 50
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IP Network Multipathing
Server IPMP Group
net0 net1 net2
LAN Active
Client
e
bl a r e nsf
Active Standby
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic it is important to eliminate any single point of failure. IP network av environments, In production Q id multipathing (IPMP) provides a mechanism for building redundant network interfaces to guard h a h against failures with network interfaces, cables, switches, or other networking hardware. In S addition to eliminating any single point of failure, the IPMP load spreading feature increases the machine’s bandwidth by spreading the outbound load among all the cards in the same IPMP group. When compared with the IPMP configuration in Oracle Solaris 10, Oracle Solaris 11 groups the IP interfaces into a virtual IP interface (for example, ipmp0). The virtual IP interface serves all of the data IP addresses, while test addresses that are used for probe-based failure detection are assigned to an underlying interface interface, such as net0. net0 With IPMP, you can assign two or more NICs to a failover group. Each interface is assigned a static test IP address, which is used by Solaris to verify the operational state of the interface. The interfaces with the static test IP addresses are used to periodically send an Internet Control Message Protocol (ICMP) echo request to a target system and listen for the response. If no response occurs within a given number of tries, the link is marked as failed. IPMP will fail over all application IP addresses currently configured on that physical interface to another physical h i l iinterface t f within ithi the th IPMP group. In I this thi way, network t k outages t due d to t failed f il d network t k hardware are eliminated.
Transition to Oracle Solaris 11 5 - 51
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IPMP Components IPMP consists of the following software components: • IPMP daemon: in.mpathd • IPMP service: svc:/network/ipmp • Configuration file: /etc/default/mpathd • IPMP administration command: ipadm • IPMP display information command: ipmpstat
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i c av of thelifollowing IPMP consists software components: Q d daemon: Detects failure by sending ICMP echo probes through the interface and ah•i IPMP h g on the interface. If a failure is detected from one of also monitors the RUNNING flag S • •
• •
these methods, the daemon chooses the standby IP address or the next appropriate IP address and failover occurs. IPMP service: Manages the IPMP daemon. The IPMP service also sets IPMP properties, such as enabling or disabling transitive probing. Configuration file: Specifies the daemon’s default behavior. This file can be used to set parameters, such as specifying the interfaces to probe for failure and the duration. This fil can also file l b be used d tto specify if what h t th the status t t off a ffailed il d iinterface t f should h ld b be after ft it iis repaired, or whether to monitor all interfaces, including those that do not belong to an IPMP group. IPMP administration command: Administers the IP interfaces of the IPMP group IPMP display information command: Provides information about the status of IPMP
Transition to Oracle Solaris 11 5 - 52
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
IPMP Configurations •
•
An IPMP configuration consists of two or more physical interfaces on the same system that are attached to the same network. These interfaces can belong g to an IPMP g group p in either of the following configurations: – Active-active – Active-standby
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lictypically consists of two or more physical interfaces on the same aconfiguration An IPMP Q id that are attached to the same LAN. These interfaces can belong to an IPMP group in system h a Sh either of the following configurations: •
•
Active-active: In this configuration, all underlying interfaces are active. An active interface is an IP interface that is currently available for use by the IPMP group. By default, an underlying interface becomes active when you configure the interface to become part of an IPMP group. Active-standby: In this configuration, at least one interface is administratively configured as a reserve. The reserve interface is called the standby interface. Although idle the standby IP interface is monitored by the multipathing daemon to track the idle, interface’s availability, depending on how the interface is configured. If link-failure notification is supported by the interface, link-based failure detection is used. If the interface is configured with a test address, probe-based failure detection is also used. If an active interface fails, the standby interface is automatically deployed as needed. You can configure as many standby interfaces as you want for an IPMP group.
Transition to Oracle Solaris 11 5 - 53
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring IPMP: Active-Active
# dladm rename-link net0 link0_ipmp0 # dladm rename-link net1 link1_ipmp0 # ipadm create-ip link0_ipmp0 # ipadm create-ip link1_ipmp0 # ipadm create-ipmp ipmp0 # ipadm add-ipmp –i link0_ipmp0 –i link1_ipmp0 ipmp0 # # # #
ipadm ipadm ipadm ipadm
create-addr create-addr create-addr create create-addr addr
–a –a –a –a a
192.168.0.112/24 192.168.0.113/24 192.168.0.142/24 192.168.0.143/24 192 168 0 143/24
ipmp0/v4add1 ipmp0/v4add2 link0_ipmp0/test link1_ipmp0/test link1 ipmp0/test
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v youlicthe steps to configure an active-active IPMP configuration with flexible ashows This slide Q id names. Here, you rename the datalinks net0 and net1 to link0_ipmp0 and datalink h a link1_ipmp0, respectively. Before these datalinks can be used by IPMP, you must create Sh an IP interface for each one. Now you are ready to create the IPMP group. This involves two steps. You first create the IPMP group (ipmp0 in this example), and then you add the underlying interfaces (link0_ipmp0 and link1_ipmp0) to the group. Note that this example shows vanity naming of the network interfaces. You use vanity naming to label network components. This helps you clarify complex network topologies. Next assign the data IP addresses to the IPMP interface (ipmp0) Next, (i 0) in the form of IP address objects (ipmp0/v4add1 and ipmp0/v4add2). Finally, assign the test IP addresses to each underlying interface in the form of IP address objects (link0_ipmp0/test and link1_ipmp0/test).
Transition to Oracle Solaris 11 5 - 54
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring IPMP: Active-Standby
# dladm rename-link net0 link0_ipmp0 # dladm rename-link net1 link1_ipmp0 # dladm rename-link net2 link2_ipmp0 # ipadm create-ip link0_ipmp0 # ipadm create-ip link1_ipmp0 link1 ipmp0 # ipadm create-ip link2_ipmp0 # ipadm create-ipmp ipmp0
# # # # #
ipadm ipadm p ipadm ipadm ipadm
create-addr create-addr create-addr create-addr create-addr
–a –a –a –a –a
192.168.0.112/24 192.168.0.113/24 / 192.168.0.142/24 192.168.0.143/24 192.168.0.144/24
ipmp0/v4add1 ipmp0/v4add2 p p / link0_ipmp0/test link1_ipmp0/test link2_ipmp0/test
a
-tr n o n
a s a h eฺ ) e tฺa Guid e # ipadm set-ifprop -p standby=on -m ip link2_ipmp0 n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v youlicthe steps to configure an active-standby IPMP configuration with flexible ashows This slide Q id names. The steps are similar to those shown in the previous slide. datalink h a link0 ipmp0, link1_ipmp0, link1 ipmp0, Sh Here, you rename the datalinks net0, net1, and net2 to link0_ipmp0, and link2_ipmp0, respectively. You then create an IP interface for each one.
Now you create the IPMP group. This involves two steps. You first create the IPMP group (ipmp0 in this example), and then you add the underlying interfaces (link0_ipmp0, link1_ipmp0, and link2_ipmp0) to the group. After the IPMP group is created, you set the standby property in one of the underlying interfaces (link2_ipmp0 in this example) to on. Next, assign the data IP addresses to the IPMP interface (ipmp0) in the form of IP address objects (ipmp0/v4add1 and ipmp0/v4add2). Finally, assign the test IP addresses to each underlying interface in the form of IP address objects (link0_ipmp0/test, link1_ipmp0/test, and link2_ipmp0).
Transition to Oracle Solaris 11 5 - 55
e
bl a r e nsf
# ipadm add-ipmp –i link0_ipmp0 –i link1_ipmp0 –i link2_ipmp0 ipmp0
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Failure Detection in IPMP IPMP performs failure detection on the IPMP group’s underlying IP interfaces to ensure continuous availability of the network to send or receive traffic. • The in.mpathd p daemon handles the following g types yp of failure detection: – Two types of probe-based failure detection: — —
No test addresses are configured. Test addresses are configured.
e
bl a r e nsf
a
tr – Link-based failure detection,, if supported pp by y the NIC n-driver.
Sh
no a as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i licavailability of the network to send or receive traffic, IPMP performs avcontinuous To ensure Q hid detection on the IPMP group’s underlying IP interfaces. Failed interfaces remain afailure
unusable until they are repaired. Remaining active interfaces continue to function while any existing standby interfaces are deployed as needed.
Transition to Oracle Solaris 11 5 - 56
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Monitoring IPMP
# ipmpstat -g GROUP GROUPNAME ipmp0 ipmp0
STATE degraded
# ipmpstat -i INTERFACE ACTIVE link2_ipmp0 yes link1_ipmp0 yes link0_ipmp0 no
GROUP ipmp0 ipmp0 ipmp0
# ipmpstat -an ADDRESS :: 192.168.0.113 192.168.0.112
STATE down up up
GROUP ipmp0 ipmp0 ipmp0
FDT INTERFACES 10.00s link2_ipmp0 link1_ipmp0 [link0_ipmp0]
FLAGS -s------mbM--------
LINK up up up
PROBE ok ok failed
STATE ok ok failed
INBOUND OUTBOUND --link1_ipmp0 link2_ipmp0 link1_ipmp0 link2_ipmp0 link2_ipmp0 link1_ipmp0
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic command to monitor IPMP group activity and health. athev ipmpstat You use Q idslide shows three examples of the ipmpstat usage. The examples that you see here This h a active-standby standby configuration created by the procedure shown in the Sh are taken from an IPMP active previous slide. Here, one of the underlying interfaces has failed. The first example (ipmpstat –g) displays information about the IPMP group. The IPMP group is named ipmp0. It has three underlying interfaces: link0_ipmp0, link1_impm0, and link2_ipmp0. Note that the state of the IPMP group is degraded and the underlying interface link0_ipmp0 has brackets around it (boxed) indicating that it has failed. The second example (ipmpstat –i) displays information about the IP interfaces. Here, link2_ipmp0 is in the Active state and link0_ipmp0 is in the Failed state. The third example (ipmpstat –an) displays information about the IPMP data addresses. IP address 192.168.0.112 is currently assigned to the standby interface (link2_ipmp0) and 192.168.0.113 is assigned to link1_ipmp0 for all INBOUND data traffic. OUTBOUND data traffic is spread across both active interfaces for each IP address.
Transition to Oracle Solaris 11 5 - 57
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Monitoring IPMP # ipmpstat -pn TIME INTERFACE 0.06s link2_ipmp0 0.90s link1_ipmp0 0.92s link2_ipmp0 0.49s link0_ipmp0 -0.49s 0.49s link0_ipmp0 link0 ipmp0 2.52s link2_ipmp0 2.74s link1_ipmp0 3.69s link1_ipmp0 2.31s link0_ipmp0 ...
PROBE i163 i162 i164 i161 i160 i165 i163 i164 i162
NETRTT 0.26ms 0.26ms 0.19ms --0.23ms 0.24ms 0.25ms --
RTT 0.49ms 0.39ms 0.36ms --0.39ms 0.38ms 0.45ms --
RTTAVG 0.33ms 0.31ms 0.34ms --0.34ms 0.32ms 0.34ms --
TARGET 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100 192.168.0.100
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic (ipmpstat –pn) shows information about the IPMP probe. For av in the lslide The example Q id probing to work correctly, the IPMP group must be connected to the local area network IPMP h a Sh and at least one other host (the probe target) must also be connected to the same network. Here, link2_ipmp0 (standby) and link1_ipmp0 interfaces are actively probing target 192.168.0.100. Interface link0_ipmp0 probing is failing.
Transition to Oracle Solaris 11 5 - 58
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practice 5-5: Overview This practice covers exploring IP network multipathing (IPMP): • Creating and testing an IPMP active-active configuration • Creating and testing an IPMP active-standby configuration • Removing the IPMP configuration
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 59
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • • • • • •
Introducing the Oracle Solaris 11 network Performing basic network administration Configuring network virtualization features Configuring EVS Configuring link aggregation Configuring IPMP le b a er f Configuring network bridges s an r t Configuring g g ILB on n a Managing network resources s a h eฺ ) e Using network monitoring tools id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 60
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Network Bridging
Network Segment
Network Segment
Forwarding
le
Bridging: rab e f s n • Is used to connect separate network segments a -tr n o • Simplifies Si lifi network t k administration d i i t ti n a s • Uses a packet-forwarding mechanism ) ha ฺ ฺae uide t • Supports STP ,TRILL, EVB, and DCB e G n
sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i c to connect separate network segments. When connected by a v areliused abridges Network Q id the attached network segments communicate as if they were a single network bridge, h a Bridging is implemented at the datalink layer (L2) of the networking stack to connect Sh segment. subnetworks together. Using a bridge configuration simplifies the administration of the various nodes in the network by connecting them to a single network. By connecting these segments through a bridge, all the nodes share a single broadcast network. Thus, each node can reach the other nodes by using network protocols such as IP rather than by using routers to forward traffic across network segments. If you do not use a bridge, you must configure IP routing to permit the forwarding of IP traffic between nodes. nodes To forward packets to their destinations, bridges must listen in promiscuous mode on every link that is attached to the bridge. Listening in promiscuous mode causes bridges to become vulnerable to the occurrences of forwarding loops, in which packets circle forever at full line rate. To prevent this, bridging uses the Spanning Tree Protocol (STP) to prevent network loops that would render the subnetworks unusable. In addition to STP, Oracle Solaris 11 supports the Transparent Interconnect of Lots of Links (TRILL) protocol.
Transition to Oracle Solaris 11 5 - 61
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Unlike STP and RSTP, TRILL does not shut down physical links to prevent loops. Instead, TRILL computes the shortest-path information for each TRILL node in the network and uses that information to forward packets to individual destinations. As a result, TRILL enables the system to leave all links in use at all times. Data Center Bridging (DCB) is a set of features that enhance traditional Ethernet networks’ abilities to manage traffic especially in environments where network traffic volume and transmission rates are high. DCB features address fibre channel’s sensitivity to packet loss while traversing the Ethernet network. It enables peers to distinguish traffic based on priorities. Support for enhanced transmission selection (ETS) based on IEEE 802.1Qaz has been added to the DCB functionality introduced in Oracle Solaris 11 11/11. This will provide guaranteed bandwidth and lossless Ethernet transport for converged network environments where storage protocols share the same fabric as regular network traffic. For more information about DCB, refer to http://docs.oracle.com/cd/E36784_01/html/E37516/glahx.html#NWDLKglahx.
e
bl EVB is an IEEE standard that defines new protocols and mechanisms for exchanging era f s information about virtual links between hosts/stations and a switch/bridge. With EVB, more n tra for information about virtual link configurations can be advertised on the network beyond, n example, bandwidth share or priority definitions for physical links that DCB nofeatures provide. a s bridge port and In general, EVB can be used to enable reflective relay on the external aEVB h ฺ ) automate virtual port configuration on the bridge. Support for the Virtual Station Interface e e d a i ฺ (VSI) Discovery and Configuration Protocol (VDP) and uControl Protocol (ECP) are etthe Edge G n ฺ t new in Oracle Solaris 11.1 release. Using EVB, sproperties n(such as the bandwidth limit) of the e e t d a Oracle Solaris Virtual NIC (VNIC) can be iexchanged with r Stu the switch so that the switch can be m configured accordingly for the VNIC.e The standard defined in the IEEE 802.1Qbg is is from @ h i t specification. Additional information can be obtained evb(7P), vdpd(1M), dladm(1M), v se a q and http://docs.oracle.com/cd/E36784_01/html/E36813/gmhgg.html#scrolltoc. dฺ to u i h With the introduction ha of network se virtualization, inter-VM traffic is sent through an internal s n ( e i software switch v without ic being sent through the physical network infrastructure. This process l a Q aidsdorganizations that have networking policies that require all network traffic to be routed hi an external network so that access control lists (ACL), packet monitoring, and so on athrough h S can be configured on the external switch switch. In this release release, you can enable reflective relay to ensure that this inter-VM traffic is also subjected to these same policies. For more information, see http://docs.oracle.com/cd/E36784_01/html/E36813/index.html.
Transition to Oracle Solaris 11 5 - 62
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring a Network Bridge # dladm create-bridge -l net0 -l net3 tonowhere # dladm show-bridge BRIDGE PROTECT tonowhere stp # dladm LINK net0 net3
ADDRESS PRIORITY DESROOT 32768/8:0:27:15:2:19 32768 32768/8:0:27:15:2:19
show-bridge -l tonowhere STATE UPTIME forwarding 90 discarding 90
DESROOT 32768/8:0:27:15:2:19 32768/8:0:27:15:2:19
e
# dladm remove-bridge -l net0 -l net3 tonowhere # dladm delete-bridge tonowhere
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic shows you how to create, display, and remove a network bridge. av in the lslide The example Q id h a Sh
Transition to Oracle Solaris 11 5 - 63
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practices 5-6 and 5-7: Overview • •
Practice 5-6 covers creating a bridge between two network interfaces. Practice 5-7 covers creating a link aggregation.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 64
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • • • • • •
Introducing the Oracle Solaris 11 network Performing basic network administration Configuring network virtualization features Configuring EVS Configuring link aggregation Configuring IPMP le b a er f Configuring network bridges s an r t Configuring g g ILB on n a Managing network resources s a h eฺ ) e Using network monitoring tools id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 65
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Integrated Load Balancer (ILB) •
Provides Layer 3 and Layer 4 load-balancing capabilities for Oracle Solaris installed on SPARC and x86-based systems. It is managed by the svc:/network/loadbalancer/ilb:default service.
•
Intercepts incoming requests from clients, decides which back-end server should handle the request based on load-balancing rules, and then forwards the request to the able er f selected server s an r t Performs optional p health checks and p provides the data on for n a the the load-balancing algorithms to verify whether s a hrequest selected server can handle the incoming ฺ ) e e d a i ฺ u etserver Spreads workload directed to the across multiple G n ฺ t s n e servers irat ude
•
•
m is St e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i av are thelickey features of ILB: The following Q d •i Supports stateless Direct Server Return (DSR) and Network Address Translation (NAT) h a odes o of ope operation at o for o IPv4 a and d IPv6 6 modes Sh • •
Enables ILB administration through a command-line interface (CLI) Provides server monitoring capabilities through health checks
ILB enables: • Clients to ping virtual IP (VIP) addresses • You to add and remove servers from a server group without interrupting service • You Y to t configure fi session i persistence i t (stickiness) ( ti ki ) • You to perform connection draining • Load-balancing of TCP and UDP ports • You to specify independent ports for virtual services within the same server group • You to load balance a simple port range • Port range shifting and collapsing For more information about ILB and its features, refer to http://docs.oracle.com/cd/E36784_01/html/E37517/gmvhl.html#scrolltoc. Transition to Oracle Solaris 11 5 - 66
Installing ILB
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ILB has two portions, the kernel and the userland. The kernel portion is automatically installed as part of the Oracle Solaris 11 installation. To obtain the userland portion of ILB, you must package g by y using g the p pkg g install ilb command. manuallyy install the ilb p
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 67
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ILB Operation Modes ILB supports the following modes of operation for IPv4 and IPv6, in single-legged and dual-legged topologies: • Stateless Direct Server Return (DSR) topology • Network Address Translation (NAT) mode (full-NAT (full NAT and half-NAT) topology
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 68
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ILB Operation Modes: DSR Ethernet Switch Segment or VLAN
Client IP: 129.146.86.x
Internet
e
bl a r e nsf
a
-tr n o n
a s a Server 1 Server 2 h eฺ ) VIP: 10.0.0.20 VIP: 10.0.0.20 e IP: 192.168.1.50 10.0.0.20 tฺa Guid VIP: IP: 192.168.1.60 e n GW: 192.168.1.31 IP: 192.168.1.21 GW: 192.168.1.31 ฺ t s n (Default Gateway) e (Default Gateway) e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic incoming requests to the back-end servers, but allows the return av ILB balances In DSR mode, Q id from the servers to the clients to bypass it. However, you can also set up ILB to be used traffic h a as a router for the back-end server. In this case, the response from the back-end server to the Sh client is routed through the machine that is running ILB. ILB
With stateless DSR, ILB does not save any state information of the processed packets, except basic statistics. Because ILB does not save any state in this mode, the performance is comparable to the normal IP-forwarding performance. This mode is best suited for connectionless protocols.
Transition to Oracle Solaris 11 5 - 69
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ILB Operation Modes: NAT Ethernet Switch Segment or VLAN
Client IP: 129.146.86.x
Internet
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e Ethernet Switch tฺa Guid Segment ore VLAN Server 1 n sฺ ent IP: 192.168.1.50 e t GW: 192.168.1.21 ira Stud (Default Gateway) m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v in stand-alone lic aNAT ILB uses mode strictly for load balancing. In this mode, ILB rewrites the Q d hi information and handles incoming as well as outgoing traffic. ILB operates in both aheader h half-NAT and full-NAT modes. S
In the half-NAT and full-NAT modes, ILB matches the response from the back-end server to the incoming request, and replaces the changed IP address and the transport protocol port number with that of the original incoming request. ILB then forwards the response to the client. Essentially, both modes rewrite the destination IP address. However, full-NAT also rewrites the source IP address, making it appear to the server that all connections are from the load balancer.
N t NAT mode Note: d provides id additional dditi l security, it and d iis b bestt suited it d ffor HTTP or secure sockets k t layer (SSL) traffic.
Transition to Oracle Solaris 11 5 - 70
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Enabling and Disabling ILB 1. Enable the appropriate forwarding service: either IPv4 or IPv6, or both of them. Note that this command produces no output when successful. # ipadm set-prop -p forwarding=on ipv4 # ipadm set-prop -p forwarding=on ipv6
2. Enable the ILB service.
e
bl a r e nsf
# svcadm enable ilb
3. Disable the ILB service.
a
-tr n o n
a s a h eฺ ) e id tฺa orGdisabled. u e 4. Verify that the ILB service is enabled n sฺ ent e t # svcs ilb ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic make sure that the system’s Role-Based Access Control (RBAC) avenable ILB, BeforeQ you id files have the following entries. If the entries are not present, add them manually: attribute h a /etc/security/auth attr Sh • File name: /etc/security/auth_attr # svcadm disable ilb
•
-
solaris.network.ilb.config:::Network ILB Configuration::help=NetworkILBconf.html
-
solaris.network.ilb.enable:::Network ILB Enable Configuration::help=NetworkILBenable.html
-
solaris.smf.manage.ilb:::Manage Integrated Load Balancer Service States::help=SmfILBStates.html
File name: /etc/security/prof_attr - Network ILB:::Manage ILB configuration via ilbadm:auths=solaris.network.ilb.config,solaris.network.ilb.enab le;help=RtNetILB.html -
•
The NetworkManagement entry in the file must include solaris.smf.manage.ilb.
File name: /etc/user_attr - daemon::::auths=solaris.smf.manage.ilb,solaris.smf.modify.applic ation Transition to Oracle Solaris 11 5 - 71
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring ILB 1. Set up the back-end servers. # route add -p default 192.168.1.21
2. Set up the server group in ILB. # ilbadm create-sg -s servers=192.168.1.50,192.168.1.60 srvgrp1
3. Set up the simple health check called hc-srvgrp1. # ilbadm create-hc -h hc-test=tcp,hc-timeout=3, hc-count=3,hc-inerval=60 hc-srvgrp1
4 Set 4. S t up an ILB rule. l
a s a # ilbadm create-rule -e -p -i vip=10.0.2.20,port=5000 h –meฺ ) e lbalg=rr,type=half-nat,pmask=32 -h hc-name=hc-srvgrp1 tฺa Guid e -o servergroup=srvgrp1 rule1_rr n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Q hid
a Sh
Transition to Oracle Solaris 11 5 - 72
e
\
bl a r e nsf
a
-tr n o n \ \
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • • • • • •
Introducing the Oracle Solaris 11 network Performing basic network administration Configuring network virtualization features Configuring EVS Configuring link aggregation Configuring IPMP le b a er f Configuring network bridges s an r t Configuring g g ILB on n a Managing network resources s a h eฺ Using the network monitoring toolsฺae) id
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 73
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
dlstat Command • •
Reports runtime statistics about datalinks Enables you to: – – – – –
Examine all links and reports statistics Examine a specific link and reports statistics Examine physical network devices and reports statistics Examine link aggregations and reports statistics Specify the sampling interval and count values
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic reports runtime statistics about datalinks. The output is sorted in av command The dlstat Q id descending order of link utilization. The slide lists what you can do using dlstat. h a h S
Transition to Oracle Solaris 11 5 - 74
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
dlstat: Examples
# dlstat LINK net1 net2 net3 net0 speedway0
IPKTS 0 0 0 0 59.02K
RBYTES 0 0 0 0 5.93K
OPKTS 0 0 155 6.73K 6 73K 115.69K
OBYTES 0 0 10.43K 765.05K 765 05K 148.09M
# dlstat show-phys LINK IPKTS net1 2.90K net2 4.78K net3 10.73K net0 49.49K
RBYTES 501.69K 627.83K 1.34M 4.45M
OPKTS 9.02K 16.47K 26.00K 70.83K
OBYTES 5.03M 20.59M 32.64M 90.65M
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v examples lic of dlstat usage. ashows The slide Q id first example, running dlstat without subcommands displays a summary of statistics In the h a Sh for all the links. The report shows incoming traffic (IPKTS and RBYTES) and outgoing traffic (OPKTS and OBYTES).
In the second example, the show-phys subcommand reports network traffic statistics for each physical network device. Note that if your link aggregations (speedway0) are present, they are also displayed.
Transition to Oracle Solaris 11 5 - 75
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
dlstat: Examples
# dlstat show-link LINK IPKTS net1 0 net2 0 net3 0 net0 0 speedway0 59.16K # dlstat show-aggr LINK speedway0 speedway0 speedway0 speedway0 p y speedway0
PORT -net0 net1 net2 net3
RBYTES 0 0 0 0 5.94K
OPKTS 0 0 155 6 6.73K 73K 115.75K
IPKTS RBYTES 68.08K 6.93M 49.59K 4.46M 2.92K 505.13K 4.81K 631.91K 10.76K 1.34M
OBYTES 0 0 10.43K 765.06K 765 06K 148.09M
OPKTS 122.66K 70.84K 9.05K 16.76K 26.01K
OBYTES 148.92M 90.65M 5.03M 20.59M 32.64M
e
bl a r e nsf
a
-tr n o n
a s a # dlstat show-bridge ฺ FORWARDS ) h dDROPS e e BRIDGE LINK IPKTS RBYTES OPKTS ฺa OBYTES i t 702Gu 0 tonowhere -2 191 9e 0 n ฺ net0 2 191 es 6 ent 447 0 -t d a net3 0 0 3 255 0 -ir Stu m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av subcommand The show-link reports network traffic statistics for each network link, whereas Q d hi show-aggr subcommand reports incoming and outgoing network traffic statistics for athe h aggregated links. The PORT field indicates the devices that make up the link aggregation. S
Transition to Oracle Solaris 11 5 - 76
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
flowstat Command • •
Enables you to gather runtime statistics on user-defined flows Using flowstat, you can: – Display receive-side receive side statistics only (includes bytes) – Display transmit-side statistics only – Specify an interval in seconds at which statistics are le b refreshed along with a count value. The default interval is a er f one second. s an r t – Display p y statistics for all flows on the specified p linkoor statistics n n for the specified flow a
as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic packets that are organized according to an attribute. Flows enable av of network Flows Q consist idto further allocate network resources. Packets traverse a path when they flow into or out you h a a system. On a granular level, packets are received and transmitted through receive (Rx) Sh ofrings and transmit (Tx) rings of an NIC. From these rings, received packets are passed up the network stack for further processing while outbound packets are sent to the network.
Transition to Oracle Solaris 11 5 - 77
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
flowstat: Examples
# flowstat 1 1 FLOW IPKTS http1 430.45K
RBYTES 910.46M
# flowstat -r FLOW IPKTS http1 2.95M
RBYTES 3.44M
# flowstat -t FLOW OPKTS http1 17.89M
OBYTES 987.22M
IDROPS 0
OPKTS 398.22K
OBYTES 44.09M
ODROPS 0
IDROPS 0
e
bl a r e nsf
ODROPS 0
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic slide shows information every second about incoming and outgoing av inlthe The first example Q id on all configured flows on the system. traffic h a receive side statistics for all flows. Sh The second example shows receive-side The third example shows transmit-side statistics for all flows.
Transition to Oracle Solaris 11 5 - 78
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • • • • • •
Introducing the Oracle Solaris 11 network Performing basic network administration Configuring network virtualization features Configuring EVS Configuring link aggregation Configuring IPMP le b a er f Configuring network bridges s an r t Configuring g g ILB on n a Managing network resources s a h eฺ ) e Using the network monitoring tools id ฺa
et t Gu n ฺ s n e e t d a mir is Stu e i@ e th v a ฺq ©o2014, usOracle and/or its affiliates. All rights reserved. dCopyright i t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 79
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Viewing IP Traffic Statistics To gather and report statistics on IP traffic based on the selected output mode and sort order, use the ipstat command. # ipstat -l l 5 SOURCE DEST s11-server1.mydomain.com s11-desktop.mydomain.com s11-desktop.mydomain.com s11-server1.mydomain.com Total: bytes in: 39.0 bytes out: 28.0
PROTO UDP UDP
INT net0 net0
BYTES 39.0 28.0
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic 11.2 release, you can use the ipstat(1M) command to report av OraclelSolaris Starting with Q id about IP traffic. ipstat provides options to gather and report statistics only on IP statistics h a matching specified source or destination address, interface, and higher layer protocol. Sh traffic For more information, refer to the ipstat(1M) man page.
Transition to Oracle Solaris 11 5 - 80
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Viewing TCP and UDP Traffic Statistics To gather and report statistics on TCP and UDP traffic based on the selected output mode and sort order, use the tcpstat command. # tcpstat -l l ZONE global global global global global Total: bytes
5 PID 795 795 795 795 795 in:
PROTO SADDR UDP s11-server1.mydo UDP s11-desktop.mydo UDP s11-desktop.mydo UDP s11-desktop.mydo UDP s11-server1.mydo 34.0 bytes out: 23.0
SPORT 53 42857 59127 38509 53
DADDR s11-desktop.mydo s11-server1.mydo s11-server1.mydo s11-server1.mydo s11-desktop.mydo
DPORT 42857 53 53 53 59127
BYTES 20.0 9.0 7.0 7.0 7.0
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic 11.2 release, you can use the tcpstat(1M) command to report av OraclelSolaris Starting with Q id on TCP and UDP traffic. tcpstat provides options to gather and report statistics statistics h a on traffic matching specified source or destination address, interface, process ID, source Sh only or destination port, and zone name. For more information, refer to the tcpstat(1M) man page.
Transition to Oracle Solaris 11 5 - 81
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Viewing User and Process Information To list the user, process ID, and the program that originally created the network endpoint or controls it now, use the netstat -u command. # netstat -nauv UDP: IPv4 Local Address Remote Address -------------------- -------------------*.* *.* *.* *.* *.631 /etc/cups/cupsd.conf 127.0.0.1.53 192 168 0 100 53 192.168.0.100.53 *.111 *.* *.52951 *.111 *.* *.36871 *.* . . . (output truncated)
User Pid State -------- ------ ---------root 79 Unbound root 79 Unbound netadm 308 Unbound netadm 308 Unbound root 430 Idle
Command ---------------/lib/inet/in.mpathd /lib/inet/in.mpathd /lib/inet/nwamd /lib/inet/nwamd /usr/sbin/cupsd -C
root root daemon daemon daemon daemon daemon daemon root
/usr/sbin/named /usr/sbin/named /usr/sbin/rpcbind /usr/sbin/rpcbind /usr/sbin/rpcbind /usr/sbin/rpcbind /usr/sbin/rpcbind /usr/sbin/rpcbind /usr/lib/inet/in.ndpd
443 443 539 539 539 539 539 539 585
Idle Idle Idle Unbound Idle Idle Unbound Idle Unbound
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i ic 11.2 release, the netstat command provides the -u option to av OraclelSolaris Starting with Q idinformation about processes and users in the netstat output. In the example in the view h a Sh slide: •
• •
-a: Displays the state of all sockets, all routing table entries, or all interfaces, both physical and logical -n: Displays network addresses as numbers. netstat normally displays addresses as symbols. -v: Provides verbose information
In the example, the output includes details of both IPv4 and IPv6, and all active UNIX domain sockets.
Transition to Oracle Solaris 11 5 - 82
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Analyzing Network Traffic •
Oracle Solaris 11 provides the following network traffic analyzers: – Tshark: Command-line network traffic analyzer: — —
Captures p p packet data from a live network Reads packet data from a previously saved capture file
– Wireshark: Third-party graphical user interface (GUI) network protocol analyzer: —
•
Interactively dumps and analyze network traffic
Both TShark and Wireshark analyzers:
a
-tr n o n
– Assemble all of the packet data in a TCP conversation and a s a h format display the data in ASCII, EBCDIC, or)hex ฺ e e d a i ฺ – Contain many filterable fields et Gu
ฺn nt s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 83
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
wireshark Utility
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic to capture and interactively browse the traffic running on a computer ausev Wireshark You can Q id Because of its rich and powerful feature set, system administrators, security experts, network. h a and educators around the world use it regularly. It is freely available as open Sh developers, source and is released under the GNU General Public License version 2. Using Wireshark, you can: • Capture live packet data from a network interface • Display packets with very detailed protocol information • Open and save captured packet data • Import packet data from and export packet data to many other capture programs • Filter packets by using many criteria • Search for packets by using many criteria • Colorize packet display based on filters • View various statistics This slide shows the Wireshark packet analyzer interface.
Transition to Oracle Solaris 11 5 - 84
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Performing Network Diagnostics •
network-monitor is a fault manager daemon (fmd) transport module utility. – Monitors network resources – Reports p conditions that might g lead to limited or degraded g network functionality – Generates an ireport on detecting an abnormal network le condition b a er f – Does not diagnose the error condition s an r t – Does not perform any recovery actions n
o
•
n a Use the fmdump command to retrieve ireports. s
a ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 85
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Managing the network-monitor Module •
View the current status of the network-monitor module: # fmadm config MODULE cpumem-retire p disk-diagnosis … network-monitor
•
VERSION STATUS 1.1 active 0.1 active
DESCRIPTION CPU/Memory / y Retire Agent g Disk Diagnosis engine
1.0
Network monitor
active
e
bl a r e nsf
Enable the network-monitor module: ... # enable # # Enable/disable the network-monitor. # setprop enable true ...
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic command to report the current status of the network-monitor ausev the fmadm You can Q id which is displayed as active when it is performing fault monitoring, as shown in the module, h a Sh first example in the slide. You control the state of the network-monitor module by setting the enable property to true in the /usr/lib/fm/fmd/plugins/network-monitor.conf configuration file, as shown in the second example in the slide. The monitor will be active upon reboot.
Transition to Oracle Solaris 11 5 - 86
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Retrieving Reports That Are Generated by the network-monitor Module Use the fmdump command to retrieve the ireports: # fmdump –Ivp –c ‘ireport.os.sunos.net.datalink.*’ nvlist version: 0 class = ireport.os.sunos.net.datalink.mtu p _mismatch version = 0x0 uuid = f3832064-e83b-6ce8-9545-8588db76493d pri = high detector = fmd:///module/network-monitor attr = (embedded nvlist) nvlist version: 0 linkname = net0 linkid = 0x3 mtu = 0x1b58 (end attr) __ttl = 0x1 __tod = 0x513a4f2e 0x279ba218
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i avwith yourlicnetwork occurs, or if you suspect degraded network performance, you If a problem Q idretrieve the ireports that are generated by the network-monitor module by using the can h a command. These reports include the name of the datalink for which a potential Sh fmdump problem was detected.
Transition to Oracle Solaris 11 5 - 87
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Viewing Statistics of the network-monitor Fault Management Module Use the fmstat command to view statistics that are kept by the network-monitor fault management module: # fmstat –m network-monitor NAME mtu-mismatch.allocerr mtu-mismatch.enabled mtu-mismatch.nprobes mtu-mismatch.procerr sysev_drop vlan-mismatch.enabled
VALUE 0 true 7 0 0 true
DESCRIPTION memory allocation errors operating status for mtu-mismatch number of transmitted ICMP probes errors processing datalinks number of dropped sysevents operating status for vlan-mismatch
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic reports fault management module statistics. You can also use the av command The fmstat Q id command to view statistics for diagnosis engines and agents that are currently fmstat h a in fault management, which includes the network-monitor transport module Sh participating utility.
Transition to Oracle Solaris 11 5 - 88
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which command is used to enable a reactive network profile? a. netadm enable –p Automatic b. netadm –p Automatic c netadm enable –p c. p DefaultFixed d. netadm –p DefaultFixed
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lic Answer: aa Q id h a Sh
Transition to Oracle Solaris 11 5 - 89
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which command is used to display a network interface IP address? a. ipadm show-ip interface b ipadm show-if b. show if interface c. ipadm show-all interface d. ipadm show-addr interface
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Answer: d Q id h a Sh
Transition to Oracle Solaris 11 5 - 90
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which command is used to create an IPMP group? a. dladm create-ipmp ipmp_name b. ipadm create-group ipmp_name c dladm create-group c. create group ipmp_name ipmp name d. ipadm create-ipmp ipmp_name
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Answer: d Q id h a Sh
Transition to Oracle Solaris 11 5 - 91
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which command is used to display IPMP group information? a. ipmpstat -g b. ipmpadm -g c ipmpcfg –g c. g d. ipmpconf -g
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lic Answer: aa Q id h a Sh
Transition to Oracle Solaris 11 5 - 92
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz A VNIC is a virtual network device with the same datalink interface as a physical interface. a. True b False b.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lic Answer: aa Q id h a Sh
Transition to Oracle Solaris 11 5 - 93
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which property controls maximum flow bandwidth? a. speed b. maxbw c threshold c. d. maximum
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Answer: b Q id h a Sh
Transition to Oracle Solaris 11 5 - 94
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz To use VNICs, a zone must be configured as what IP type? a. Shared-IP b. Exclusive-IP c Either shared or exclusive c.
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Answer: b Q id h a Sh
Transition to Oracle Solaris 11 5 - 95
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz You have created an etherstub called stub2. You now want to create vnic1 and attach it to stub2. Which command(s) would you use to do this? a. # dladm create-vnic1 b. # dladm create-vnic -l vnic1 c. # dladm create-vnic -l stub2 vnic0 le b a d. # dladm create-vnic -l stub2 vnic1 fer
o
s n a n-tr
n a as ฺ h ) ฺae uide t e ฺn nt G s e at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av Answer: d Q id h a Sh
Transition to Oracle Solaris 11 5 - 96
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which bridging protocols does Oracle Solaris 11 network support? a. STP only b TRILL only b. c. STP and TRILL
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lic Answer: ca Q id h a Sh
Transition to Oracle Solaris 11 5 - 97
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Quiz Which command is used to display datalink statistics? a. dladm b. dlmon c dlstat c. d. dlcfg
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i v lic Answer: ca Q id h a Sh
Transition to Oracle Solaris 11 5 - 98
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Summary In this lesson, you should have learned how to: • Describe the Oracle Solaris 11 network • Perform basic network administration • Configure the network virtualization feature • Configure EVS • Configure IPMP le b a er f • Configure link aggregation s an r t • Configure g a network bridge g on n a • Configure ILB s a h eฺ ) e • Manage network resources tฺa Guid e n • Use network monitoring tools nt esฺ
at tude r i em his S @ vi se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic introduced to the Oracle Solaris 11 network, and then how to perform av you were In this Q lesson, id network administration. You then learned to configure the network virtualization basic h a You also had the opportunity to learn how to configure EVS, link aggregation, IPMP, Sh features. network bridges, and ILB features. Finally, you were shown how to manage network resources and how to use the various network monitoring tools.
Transition to Oracle Solaris 11 5 - 99
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Practice 5-8: Overview This practice covers using the new Oracle Solaris 11 utilities to monitor the network by using: • The wireshark utility • The dlstat command
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q ฺ u Oracle and/or its affiliates. All rights reserved. © 2014, dCopyright i o t h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 5 - 100
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Ad i i t i Oracle Administering O l Solaris S l i 11 Zones Z
e
a
bl a r e nsf
Sh
Q d i ah
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Job Workflow
Introducing New Features and Enhancements M Managing i Software S ft Packages
Installing
e
bl a r e nsf
Network Administration Enhancements
Administering Zones
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i avbegin theliclesson, take a look at the job workflow in the slide diagram. So far, you BeforeQ you id learned how to install Oracle Solaris 11 OS using Text Installers, Live Media installers, have h a Sh and AI. ZFS Enhancements
Security Enhancements
You will now learn how to administer Oracle Solaris Zones.
Transition to Oracle Solaris 11 6 - 2
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Objectives After completing this lesson, you should be able to: • Describe the new features and enhancements of Oracle Solaris 11 Zones • Configure an Oracle Solaris 10 zone • Perform a virtual-to-virtual (V2V) migration of zones present in the source system le b a • Migrate a physical Oracle Solaris 10 system to an Oracle fer s n Solaris 10 Zone (P2V) a -tr n o • Configure C fi a nonglobal l b l zone b by using i AI n a as ฺ • Configure an Oracle Solaris Kernel Zone h ) ฺae uide t • Manage an Oracle Solaris Kernel Zone e ฺn nt G s e • Monitor zone resource consumption irat ude
m is St e i@ e th v a s and/or its affiliates. All rights reserved. uOracle Copyright dฺq © t2014, i o h sha ense ( i licyou to the new features and enhancements of Oracle Solaris 11 avintroduces This lesson Q id You learn how to configure an Oracle Solaris 10 Zone in Oracle Solaris 11 and Zones. h a Oracle Solaris 10 Zones from Oracle Solaris 10. You then learn to configure Sh migrate nonglobal zones by using AI. You also have an opportunity to configure and manage Oracle Solaris Kernel Zone. Finally, you learn how to monitor zone resource consumption.
Transition to Oracle Solaris 11 6 - 3
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • •
Introducing Oracle Solaris 11 Zones Configuring an Oracle Solaris Kernel Zone Managing an Oracle Solaris Kernel Zone Migrating Oracle Solaris 10 Zones Configuring zones by using AI Monitoring zone resource consumption
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 6 - 4
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 11 Zones Before Consolidation Host 1
Host 2
Host 3
App 1
App 2
App 3
NIC Port
NIC Port
NIC Port
1 Gb
100 Mb
1 Gb
e
bl a r e nsf
After Consolidation
ZONE O 1
ZONE O 2
a
-tr n o n
ZONE O 3
a VNIC s a 300 Mb ) h 1 Gb ฺ100 Mb e e d a i ฺ t u ePort G n Physical NIC ฺ t s n e e t d a mir is10SGbtu e i@ e th v a s and/or its affiliates. All rights reserved. uOracle Copyright dฺq © t2014, i o h sha ense ( i av Zoneslicis an OS virtualization feature in Oracle Solaris with a long and OracleQ Solaris id distinguished pedigree. One of the most highly adopted, highly used, mature virtualization h a h technologies, Solaris Zones was first introduced as a core part of Oracle Solaris 10. In S Oracle SolarisOracle 11, Oracle Solaris Zones become even more central to both the application VNIC
VNIC
and the end user. Enhancements and new features include: • Integration into the new packaging system (IPS) • Support for Oracle Solaris 10 Zones • Integration with the new Oracle Solaris 11 network stack architecture • Improved observability • Increased control over administration • Tight integration with ZFS
Transition to Oracle Solaris 11 6 - 5
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Zones: New Features Zones Feature
Description
Solaris 10 Zones
Solaris 10 Zones host Solaris 10 user environments inside zones on Oracle Solaris 11.
Boot environments for zones
Boot environments are integrated with Oracle Solaris Zones.
IPS integration
Oracle Solaris Zones have been integrated with the new IPS package management tools in Oracle Solaris 11.
Zone resource monitoring
Oracle Solaris 11 features a robust zones resource monitoring utility, zonestat.
e
bl a r fe Delegated administration Delegate common zone administration tasks for specific zones s n to different administrators by using Role-Based Access r Control. ta n Zones on shared storage Configure install, Configure, install and run Oracle Solaris Zones hosted no directly on arbitrary storage device objects, such asaFibre Channel or iSCSI targets. as ฺ h ) NFS server in nonglobal zones Nonglobal zones now support ide ฺaeNFS servers. t u e G n the zone New unavailable zone state This state indicates ฺthat has been installed, but cannot t s n e e t be verified, made ready, booted, attached, or moved. a tud r i em his S @ vi se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i ainvthis slideliclists the new features of Oracle Solaris 11 Zones. The table Q id Solaris 10 Zones Oracle h a Sh Oracle Solaris 10 Zones host Oracle Solaris 10 user environments inside zones on Oracle Solaris 11. They are meant to help maintainers of Oracle Solaris 10 systems consolidate their production environments onto systems running Oracle Solaris 11. Workloads running within Oracle Solaris 10 Zones can take advantage of the performance improvements made to the Oracle Solaris 11 kernel and use some of the innovative technologies available only on Oracle Solaris 11 (such as virtualized NICs). The Oracle Solaris 10 Zones support x86 and SPARC Solaris 10 9/10 (or later released Oracle Solaris 10 update) Zones. Note that it is possible to use an earlier update p p release if yyou first install the kernel p patch 142909-17 (SPARC) or 142909-17 (x86/x64), or a later version. Note: Starting with Oracle Solaris 11.1, the IPoIB Datalink Administration feature improves the usability of zones on Infiniband. With this feature, IP over Infiniband (IPoIB) datalinks can be configured under anet resources in the same way as VNICs using the zonecfg command. Boot Environments for Zones Boot environments are integrated with Oracle Solaris Zones. Zone root file systems use Zone Boot Environment (ZBE) datasets. When a new boot environment is created by cloning an existing one, the base boot environment’s zones are also cloned into the new boot environment. Transition to Oracle Solaris 11 6 - 6
IPS Integration
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris Zones have been integrated with the new IPS package management tools in Oracle Solaris 11. Zones require an active network connection for their creation, and must be p ((by y using g zoneadm attach -u)) to stay y in sync y with the global g zone,, if manuallyy updated zones were detached. The pkg update command can also be run from the global zone to update the nonglobal zones. Sparse root zones are not supported in Oracle Solaris 11. Zone Resource Monitoring Oracle Solaris 11 features a robust zones resource monitoring utility, zonestat. The zonestat utility greatly enhances the observation of system resources consumed by Oracle Solaris Zones. You can observe memory and CPU utilization, utilization of resource control limits, and total utilization and per-zone utilization breakdowns over specified time periods. Delegated Administration With Oracle Solaris 11, you can delegate common zone administration tasks for specific zones to different administrators by using Role-Based Access Control (RBAC). With delegated administration, for each zone, a user or set of users may be identified with the permissions to log in, manage, or clone that zone. These specific authorizations are interpreted by the appropriate commands running in the global zone to allow access at the correct authorization level to the correct user.
a
-tr n o n
a s a h eฺ Zones on Shared Storage ) e d to configure, install, and iyou tฺa enable u With Oracle Solaris 11.1, zones of shared storage n feature e G t device objects, such as Fibre sฺ storage run Oracle Solaris Zones hosted directly on arbitrary n e e t a configure ud the path to the device directly by the Channel or iSCSI targets. You can specify irand t m S e thenhautomatically g( ) command. The zone is y encapsulated p into its own zpool. p The zonecfg(1M) is @ i t v se and migration of Oracle Solaris Zones. aim is to simplify deployment, aadministration, q ฺ u d Zones i o NFS Server in Nonglobal t h seSolaris, establishing an NFS share was not supported in shaof eOracle n In previous versions ( i v as liticrequired a privilege to be granted that is prohibited by the Oracle Zones azones nonglobal Q security id model. With Oracle Solaris 11, NFS servers are now supported in a nonglobal zone. h a want to disable shares within a zone, you can add PRIV_SYS_SHARE to the zone's set Sh Ifofyou prohibited privileges. unavailable Zone State This state indicates that the zone has been installed, but cannot be verified, made ready, booted, attached, or moved. A zone enters the unavailable state at the following times: • When the zone’s storage is unavailable and svc:/system/zones:default begins, such as during system boot • When the zone’s storage is unavailable • When archive-based installations fail after successful archive extraction • When the zone’s software is incompatible with the global zone’s software, such as after an improper -F (force) attach The unavailable zone state allows pkg operations to work even if a zone’s storage is not available. It is important for Oracle Solaris Zones on shared storage implementation.
Transition to Oracle Solaris 11 6 - 7
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Zones: New Features Zones Feature
Description
Live zone reconfiguration
This enables configuration changes in a running zone without the need to reboot, eliminating down time in service availability within the zone when configuration changes are made.
Datalinks creation in nonglobal zones from the global zone
This feature enables administrators to dynamically create VNICs, VLANs, and IP-over-InfiniBand partitions directly in the nonglobal zone’s namespace from the global zone.
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic avReconfiguration Live Zone Q id from Oracle Solaris 11.2 release, you can make configuration changes in a running h Starting a Sh zone without the need to reboot. Previously, administrators had to reboot a zone for a configuration change to take effect. Live Zone Reconfiguration eliminates down time in service availability within the zone when configuration changes are made. You can use this feature to make the following changes in running nonglobal zones: • Change resource controls • Change network configuration g the CPU resource pool • Change • Add or remove file systems • Add or remove virtual and physical devices Create Datalinks in Nonglobal Zones from the Global Zone Starting from Oracle Solaris 11.2, you can create datalinks in nonglobal zones from the global zone. This feature enables administrators to dynamically create VNICs, VLANs, and IP-over-InfiniBand p partitions directly y in the nonglobal g zone’s namespace p from the g global zone. Link names are specified as / and the links are created directly in the specified non-global zone. Transition to Oracle Solaris 11 6 - 8
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • •
Introducing Oracle Solaris 11 Zones Migrating Oracle Solaris 10 Zones Configuring zones by using AI Configuring an Oracle Solaris Kernel Zone Managing an Oracle Solaris Kernel Zone Monitoring zone resource consumption
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 6 - 9
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Oracle Solaris 10 Zones •
A complete runtime environment for Oracle Solaris 10 – Oracle Solaris 10 9/10 or later
• • • • •
Supported on SPARC and x86 architectures Support 32 32-bit bit and 64 64-bit bit applications Virtual-to-virtual (V2V) Physical-to-virtual (P2V) Support only ZFS
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i liczone is a complete runtime environment for Solaris 10 applications on avSolaris 10 The Oracle Q id and x86 machines running the Oracle Solaris 10 9/10 operating system or later. You SPARC h a install the patches 119254-75 (SPARC) or 119255-75 (x86/x64), or later versions on Sh must your Oracle Solaris 10 system before you create the archive to be used to install the zone. The Oracle Solaris 10 Zones are supported on all SPARC, and x86 architecture machines that the Oracle Solaris 11 release has defined as supported platforms. The Solaris 10 zone supports the execution of 32-bit and 64-bit Solaris 10 applications. Solaris 10 Zones include the tools required to install an Oracle Solaris 10 system image into a zone. You cannot install a Solaris 10 zone directly from a Solaris 10 media. A P2V capability is used to directly migrate an existing system to a zone on a target system system. The Oracle Solaris 10 zone also supports the tools used to migrate a Solaris 10 zone to an Oracle Solaris 10 zone. The V2V process for migrating a Solaris 10 zone into an Oracle Solaris 10 zone supports the same archive formats as P2V. The Oracle Solaris 10 zone supports the whole root zone model. All of the required Oracle Solaris 10 software and any additional packages are installed into the private file systems of the zone.
Transition to Oracle Solaris 11 6 - 10
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
The zone must reside on its own ZFS dataset; only ZFS is supported. The ZFS dataset will be created automatically when the zone is installed or attached. If a ZFS dataset cannot be created, the zone will not be installed or attached. Note that the parent directory of the zone path must also be a ZFS dataset or the file system creation will fail. Any script or program that executes in an Oracle Solaris 10 zone should also work in a Solaris 10 zone. A /dev/sound device cannot be configured into the Solaris 10 zone. Zone Physical-to-Virtual and Virtual-to-Virtual Preflight Checker The process of consolidating a system into a zone is referred to as physical-to-virtual (P2V). A new preflight checker utility, zonep2vchk(1M), has been added to Oracle Solaris 11, which can be run on the physical system before performing the P2V process to provide information and identify any issues in advance. This utility can also generate a proposed zone configuration based on the source system configuration and analyze any applications running on the source system for potential issues.
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ud irarpool/zones/zone1@send-to-nfs t systemA# zfs snapshot -r m S e his @ i systemA# zfs send -rc > t v serpool/zones/zone1@send-to-nfs a /net/nfssrv/export/scratch/zone1.zfs q ฺ u dzfs i o t h systemB# create tank/zones a e h s s n ( systemB# licezfs receive -d tank/zones < avi/net/nfssrv/export/scratch/zone1.zfs
Q d i h Boot Environments for Oracle Solaris 10 Zones aMultiple
Sh
Starting with ith Oracle Solaris 11.2 11 2 release, release Oracle Solaris 10 Zones ssupport pport m multiple ltiple boot environments. Administrators have a greater degree of flexibility and safety when performing patching operations within an Oracle Solaris 10 environment running on an Oracle Solaris 11 system. For more information, see the zones(5) and solaris10(5) man page. To activate a boot environment, set the com.oracle.zones.solaris10:activebe property on the zone’s ROOT dataset as shown in the following: # zfs set com.oracle.zones.solaris10:activebe=be_name zone/root/dataset / /
An installed Solaris 10 zone with more than one boot environment is required to have the activebe property set. If the property is not set, or is set to a missing or invalid boot environment name, the zone will transition to unavailable state on next zone or system boot. To resolve this, the activebe property must be corrected, and the zone must be attached with zoneadm attach.
Transition to Oracle Solaris 11 6 - 11
e
bl a r e nsf
Recursive ZFS Send When you need to migrate one or more zones to another system, consider using the zfs send and zfs receive commands. Depending on the scenario, it may be best to use replication streams or recursive streams. streams A recursive stream package consists of the specified dataset and its descendents. Similar to a replication stream, a recursive stream does not include any unneeded intermediate snapshots. Additionally, administrators can now also create entirely self-contained recursive streams. The following commands might be used to generate a recursive zfs send stream without worrying about whether the zone is a clone of another zone.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Migrating Oracle Solaris 10 Zones (V2V) 1. Assess the Oracle Solaris 10 zone to be migrated. 2. Create an archive of the Oracle Solaris 10 zone to be migrated. 3 Prepare the Oracle Solaris 11 target system. 3. system 4. Migrate Solaris 10.
e
bl a r e nsf
a
-tr n o n
Sh
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i avan OraclelicSolaris 10 zone to Oracle Solaris 11, perform the following steps: To migrate Q d ah1.i Assess the Oracle Solaris 10 zone to be migrated. An existing Oracle Solaris 10 8/11
syste (o system (or later ate released e eased So Solaris a s 10 0 update) ca can be d directly ect y migrated g ated into to a an O Oracle ac e Solaris 10 zone on an Oracle Solaris 11 system. Depending on the services performed by the original system, you might need to manually customize the zone after it has been installed. For example, the privileges assigned to the zone might need to be modified or the network interface is different. It is critical that you examine the source system and collect the following information: - Host name - Host H t ID - Domain name - Running applications - Networking - Storage - Zone configuration
Transition to Oracle Solaris 11 6 - 12
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
2. Create an archive of the Oracle Solaris 10 zone to be migrated. You have a variety of methods available for creating the archive. The installer can accept the following archive formats: - flar image - cpio archives - gzip compressed cpio archives - bzip2 compressed cpio archives - pax archives created with the -x xustar (XUSTAR) format - ufsdump level zero (full) backups After you have created an archive, archive you must provide a method (such as NFS) for transporting it to the target system. 3. Prepare the Oracle Solaris 11 target system. Before you can migrate the Solaris 10 zone, you must first prepare the target system. This normally involves: - Configuring the client side of the image transport - Configuring the Oracle Solaris 10 zone 4 Migrate the Solaris 10 zone. 4. zone After performing the previous task, task use the zoneadm attach subcommand to migrate the Solaris 10 zone. Finally, after completing the migration, you can perform the post-migration configuration based on the information that you gathered when assessing the source system.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 6 - 13
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Migrating Oracle Solaris 10 Global Zones (P2V) 1. 2. 3. 4 4.
Assess the global zone to be migrated. Create an archive of the global zone to be migrated. Prepare the Oracle Solaris 11 target system. Migrate the Solaris 10 global zone zone.
e
bl a r e nsf
a
-tr n o n
Sh
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i avan OraclelicSolaris 10 global zone to Oracle Solaris 11, perform the following steps: To migrate Q d ah1.i Assess the global zone to be migrated. An existing Oracle Solaris 10 9/10 system (or a
So a s 10 Solaris 0 update released e eased later) ate ) ca can be d directly ect y migrated g ated into to a an O Oracle ac e So Solaris a s 10 0 zone o e on an Oracle Solaris 11 system. Depending on the services performed by the original system, you might need to manually customize the zone after it has been installed. For example, the privileges assigned to the zone might need to be modified or the network interface is different. It is critical that you examine the source system and collect the following information: - Host name - Host H t ID - Domain name - Root password - Running applications - Networking - Storage
Transition to Oracle Solaris 11 6 - 14
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
2. Create an archive of the global zone to be migrated. You have a variety of methods available for creating the archive. The installer can accept the following archive formats: - flar image - cpio archives - gzip compressed cpio archives - bzip2 compressed cpio archives - pax archives created with the -x xustar (XUSTAR) format - ufsdump level zero (full) backups After you have created an archive, you must provide a method (such as NFS) for transporting it to the target system. system 3. Prepare the Oracle Solaris 11 target system. Before you can migrate the global zone, you must first prepare the target system. This normally involves configuring: - The client side of the image transport - The Oracle Solaris 10 zone 4. Migrate the Oracle Solaris 10 global zone. After performing the previous task, use the zoneadm attach subcommand to migrate the Oracle Solaris 10 global zone zone. Finally Finally, after completing the migration, you can perform the post-migration configuration based on the information that you gathered when assessing the source system.
a
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q dฺ to u i h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 6 - 15
-tr n o n
e
bl a r e nsf
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Agenda • • • • • •
Introducing Oracle Solaris 11 Zones Migrating Oracle Solaris 10 Zones Configuring zones by using AI Configuring an Oracle Solaris Kernel Zone Managing an Oracle Solaris Kernel Zone Monitoring zone resource consumption
e
a
bl a r e nsf
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic av
Q d i ah
Sh
Transition to Oracle Solaris 11 6 - 16
-tr n o n
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Configuring Nonglobal Zones by Using the Automated Installer (AI) • • •
AI supports nonglobal zone installation. AI manifest The configuration element
•
The zone’s zone s self self-assembly assembly SMF service
e
bl a r e nsf
a
-tr n o n
a s a h eฺ ) e tฺa Guid e n sฺ ent e t ira Stud m e his @ i v se t a q uOracle and/or its affiliates. All rights reserved. Copyright dฺ © t2014, i o h sha ense ( i lic nonglobal zone installation by using the Automated Installer (AI). av 11 supports OracleQ Solaris id zones are installed and configured on first reboot after the global zone is installed. h Nonglobal a Sh When a system is installed by using AI, nonglobal zones can be installed on that system by using the configuration element in the AI manifest.
When the system first boots after the global zone installation, the zone’s self-assembly SMF service (svc:/system/zones-install:default) configures and installs each nonglobal zone defined in the global zone AI manifest.
Transition to Oracle Solaris 11 6 - 17
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
Specifying a Nonglobal Zone in the AI Manifest
...