Oracle Solaris 11 Advanced System Administration Ed 3 (Activity Guide)

User Manual:
Open the PDF directly: View PDF .
Page Count: 306
Download
Open PDF In Browser	View PDF
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Oracle Solaris
11
Advanced
)
ฺ
e
m
d
o
i
System
u
ilฺcAdministration
G
a
t
m den
g
tuGuide
o@Activity
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

D72965GC30
Edition 3.0
March 2013
D81025

Author

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Vijetha M Malkai

Disclaimer

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Technical Contributors
and Reviewers
Tammy Shannon
Anies Rahman
Rosemary Martinak

Editors
Malavika Jinka

This document contains proprietary information and is protected by copyright and
other intellectual property laws. You may copy and print this document solely for your
own use in an Oracle training course. The document may not be modified or altered
in any way. Except where your use constitutes "fair use" under copyright law, you
may not use, share, download, upload, copy, print, display, perform, reproduce,
publish, license, post, transmit, or distribute this document in whole or in part without
the express authorization of Oracle.
The information contained in this document is subject to change without notice. If you
find any problems in the document, please report them in writing to: Oracle University,
500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.

Aju Kumar

Restricted Rights Notice

Smita Kommini

If this documentation is delivered to the United States Government or anyone using
the documentation on behalf of the United States Government, the following notice is
applicable:

Graphic Designer
Seema Bopaiah

s

U.S. GOVERNMENT RIGHTS
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or
disclose these training materials are restricted by the terms of the applicable Oracle
license agreement and/or the applicable U.S. Government contract.

o

Cic

an
s
ha ฺ
Jayanthy Keshavamurthy
)
om uide
Veena Narasimhan
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
R
ero
Publishers

an
r
t
n

le

b
a
r
e
f

Trademark Notice

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names
may be trademarks of their respective owners.

Table of Contents
Practices for Lesson 1: Introduction ..............................................................................................................1-1
Practices Overview for Lesson 1 ....................................................................................................................1-2

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages ..............................2-1
Practice Overview for Lesson 2......................................................................................................................2-2
Practice 2-1: Configuring a Local IPS Package Repository ...........................................................................2-3
Practice 2-2: Configuring a Network Client to Access the Local IPS Server ..................................................2-7
Practice 2-3: Managing Multiple Boot Environments ......................................................................................2-10
Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts ......................................................3-1
Practice Overview for Lesson 3......................................................................................................................3-2
Practice 3-1: Verifying the System AI Requirements (Optional) .....................................................................3-4
Practice 3-2: Configuring the AI Server ..........................................................................................................3-8
Practice 3-3: Deploying the OS on the Network Client ...................................................................................3-13

le

Cic

b
Practices for Lesson 4: Managing Business Application Data ....................................................................4-1 era
sf
Practice Overview for Lesson 4......................................................................................................................4-2
n
a
tr
Practice 4-1: Managing Data Redundancy with a ZFS Mirrored Pool ............................................................4-3
n
Practice 4-2: Using ZFS Snapshots for Backup and Recovery ......................................................................4-10
no
a
Practice 4-3: Using a ZFS Clone ....................................................................................................................4-18
s
a
h
Practice 4-4: Configuring ZFS Properties.......................................................................................................4-21
)
ฺ
e
m
d
Practice 4-5: Troubleshooting ZFS Failures ...................................................................................................4-31
o
i
u
ilฺc.............................................................5-1
G
a
Practices for Lesson 5: Configuring Network and Traffic Failover
t
m den
g
Practice Overview for Lesson 5......................................................................................................................5-2
tu
o@ ............................................................................5-3
Practice 5-1: Managing a Reactive Network Configuration
S
d
l
s
Practice 5-2: Configuring the Network File
naSystem ........................................................................................5-11
hi
t
o
r
ฺ
e
Practice 5-3: Configuring a Link
s
oAggregationu.................................................................................................5-14
r
e
o
Practice 5-4: Configuringic
IPMP ......................................................................................................................5-16
t
(6:cConfiguring
se Zones and the Virtual Network ..........................................................6-1
o
Practices for Lesson
n
d
l
e
a for lLesson
ic 6......................................................................................................................6-2
Practicen
Overview
o
R 6-1: Creating an Oracle Solaris 11.1 Virtual Network .......................................................................6-5
Practice
o
r
e Practice 6-2: Creating Two Zones by Using VNICs........................................................................................6-6
Practice 6-3: Allocating Resources to Zones .................................................................................................6-14
Practice 6-4: Managing the Virtual Network Data Flow ..................................................................................6-25
Practice 6-5: Removing Part of the Virtual Network .......................................................................................6-27
Practices for Lesson 7: Managing Services and Service Properties...........................................................7-1
Practice Overview for Lesson 7......................................................................................................................7-2
Practice 7-1: Configuring SMF Services ........................................................................................................7-3
Practice 7-2: Working with Service Profiles ....................................................................................................7-12
Practice 7-3: Restoring and Recovering a Service .........................................................................................7-14
Practices for Lesson 8: Configuring Privileges and Role Based Access Control......................................8-1
Practice Overview for Lesson 8......................................................................................................................8-2
Practice 8-1: Delegating Privileges to Users and Processes .........................................................................8-3
Practice 8-2: Configuring Role-Based Access Control ...................................................................................8-14
Practices for Lesson 9: Securing System Resources Using Solaris Auditing ...........................................9-1
Practice Overview for Lesson 9......................................................................................................................9-2
Practice 9-1: Configuring and Administering Oracle Solaris Auditing .............................................................9-3
Practice 9-2: Managing Audit Records on Local Systems..............................................................................9-19
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Oracle Solaris 11 Advanced System Administration Table of Contents
iii

Practices for Lesson 10: Managing Processes and Priorities .....................................................................10-1
Practice Overview for Lesson 10....................................................................................................................10-2
Practice 10-1: Modifying Process Scheduling Priority ....................................................................................10-3
Practice 10-2: Configuring the FSS in an Oracle Solaris Zone ......................................................................10-22

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices for Lesson 11: Evaluating System Resources ..............................................................................11-1
Practice Overview for Lesson 11....................................................................................................................11-2
Practice 11-1: Managing Resource Controls in Global and Non-Global Zones..............................................11-3
Practice 11-2: Evaluating System Performance Levels..................................................................................11-14
Practices for Lesson 12: Monitoring and Troubleshooting Software Failures ...........................................12-1
Practice Overview for Lesson 12....................................................................................................................12-2
Practice 12-1: Setting Up System Messaging ................................................................................................12-3
Practice 12-2: Configuring System and Application Crash Facilities ..............................................................12-13

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Oracle Solaris 11 Advanced System Administration Table of Contents
iv

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 1:
e
m
d
o
i
Introduction
ilฺc t Gu
a
m 1 den
g
Chapter
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Introduction
Chapter 1 - Page 1

Practices Overview for Lesson 1

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
This practice introduces you to the project assignment that you will be using throughout this
course and to your virtual lab environment. The project assignment is divided into multiple
phases, which are presented in the checklist in Figure 1. The checklist items are synchronized
with the lesson topics.

Project Assignment
Your organization, Delicious Treats Company, is in the business of selling chocolate products
online locally and globally. In the United States, the company’s order, product, and customer
information is stored on 350 servers that are strategically located in various states. Out of these
350 servers, 250 servers are Oracle Solaris x86/64 machines, for instance, Ultra 20s. Currently,
the Oracle Solaris servers are running Oracle Solaris 10 or Solaris 9. According to the servicelevel agreements (SLAs), the business applications on these servers must be up 98% of the
time.
The company learned that Oracle has launched Oracle Solaris 11.1, which contains many
resource-saving features. The company is convinced that it can use Oracle Solaris 11.1 to its
benefit. Therefore, it has issued the directive to upgrade all Oracle Solaris machines to Oracle
Solaris 11.1.
As part of the Server Implementation team, you will install and configure Solaris 11.1 on 10
machines on a test basis. This will help you to explore Oracle Solaris 11.1 and prepare you to
administer business applications and the operating system. Your senior system administrator
has developed a predeployment test plan that consists of a checklist of tasks to be performed
(see Figure 1). As you progress through each lesson in the course, you will implement the
assigned tasks and report the results to your senior system administrator.

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Introduction
Chapter 1 - Page 2

le

b
a
r
e
f

Oracle Solaris 11.1 Predeployment Checklist

√

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Managing the Image Packaging System (IPS) and Packages
Installing Oracle Solaris 11.1 on Multiple Hosts
Managing the Business Application Data
Configuring Network and Traffic Failover
Configuring Zones and the Virtual Network
Managing Services and Service Properties

le

b
a
r
e
f

Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Oracle Solaris Auditing

s

an
r
t
n

Cic

no
a
s
a
h
Evaluating the System Resources
)
ฺ
e
m
d
o
i
Monitoring and Troubleshooting System Failures
ilฺc t Gu
a
m den
g
Figure 1: Oracle Solaris 11.1 Predeployment Checklist
o@ Stu
d
l
a this
n
o
Practices Infrastructureroฺr
se
u
e
ianc architectural
to view of the equipment and the platforms for the practices.
This section presents
c
(
e
o e(VMs)
ns are configured on a private internal network (192.168.0).
Multiple virtual
dmachines
l
c
a
li
Each VM
with other VMs only on the same private network (see Figure 2).
oncan communicate
R
The
VMs
are
configured
to
communicate
with the host machine only through the share
ero
Managing Processes and Priorities

directory. Internet access is not configured from these VMs.

Figure 2: Virtual Pod Network Schematic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Introduction
Chapter 1 - Page 3

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Your lab environment is based on the Oracle VM VirtualBox virtualization software. The
VirtualBox is a cross-platform virtualization application. Figure 3 shows the configured virtual
machines. The Oracle Solaris 11.1 OS is installed in the virtual machines with the exception of
Sol11-Client1, which is an empty VM.

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
Figure 3: Oracle VirtualBox Virtual
Machines
o
oฺr use
r
e
o of memory. Most of the host machines have a total of 8
ic withe2tGB
c
All the VMs are configured
(
GB to work with.
do icens
l
a
l located in /opt/ora/scripts. This directory contains mostly scripts
n files are
All the o
student
R
o you may be directed to use to establish the start or end state of a particular practice.
rthat

e The following list briefly describes the virtual machines:

Cic

•
•
•

Sol11-Server1: This VM provides network services, such as DNS, DHCP, and IPS that
are used by other VMs in this virtual network. This VM should always be up and
running. You use the command-line tools here.
Sol11-Desktop: This is a general purpose user machine with the GUI and other
features normally available on a network client machine. Most of the facilities available
in Sol11-Server1 are available in this VM.
Sol11-Client1: This is the VM for Oracle Solaris 11.1 installation that uses Automated
Install mode. After performing the practice, switch off this VM. It will not be needed for
any other practice.

Logging In to the Practice Environment
When you first log in to the practice environment, you are prompted to provide a login and
password for the host system:
•

Userid: root

•

Password: oracle
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Introduction
Chapter 1 - Page 4

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

After you have gained access to the host system, the user account and password for each
virtual machine is:
•

User account: oracle

•

Password: oracle1

•

Administrator privileges: As the oracle user, use su - to switch to the primary
administrator (root) role. The password is oracle1. The oracle user switches to
root because root is configured as a role by default. The first username created on the
system (during the OS installation) is the initial privileged user who can assume the
administrator role. This can be verified in the /etc/user_attr file.

Note: The Sol11-Server1 virtual machine must be started before any additional virtual
machines are started. The Sol11-Server1 must always be running to perform the practices
in this guide.

s
n
a
r
-t its icon on
1. On your host system, start the Oracle VM VirtualBox Manager by double-clicking
n
o
your desktop.
an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g double-click
2. In the Oracle VM VirtualBox Manager window,
the Sol11-Server1 virtual
dethe Sol11-Server1
@
u
t
machine to start it. Alternatively, you
can
simply
select
VM and click the
o
d is S
l
a
Start button.
n
th
o
r
ฺ
e
ero to us
c
i
(c nse
o
ld lice
a
n
o
R
o
r
Task: Becoming Familiar with Your Practice Environment

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Introduction
Chapter 1 - Page 5

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

3.

After the Sol11-Server1 VM is powered on, at the command prompt, log in as the user
oracle with the password oracle1.
s11-server1 console login: oracle
Password: oracle1
Last Login: Mon Nov 12 03:59:49 on console
Oracle Corporation SunOS 5.11 11.1 September 2012
Or
oracle@s11-server1:~$
oracle@s11-server1:~$ su –
Password: oracle1
...
root@s11-server1:~#

4.

le

b
a
r
e
f

s

an
r
t
n

Start the Sol11-Desktop. When the Username login screen appears, enter oracle for the
username and click the Log In button.
Note: It might take a few minutes for the Username login screen to appear.

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce
5.

When the password login screen appears, enter the password oracle1 and click the Log
In button.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Introduction
Chapter 1 - Page 6

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Open a terminal window by right-clicking on the desktop and selecting Open Terminal. In
the terminal window, run the su - command to assume the administrator privileges. The
password is oracle1.
oracle@s11-desktop:~$ su –
Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-desktop:~#

7.

11.1

September 2012

At times, you may need to power off a VM and close its window. You may also need to shut
down a VM to comply with the maximum recommended number of VMs running
simultaneously, which is currently limited to three VMs.
Now, practice shutting down a VM by using the Sol11-Desktop VM. To shut down the VM,
click the “close” button (x) in the top-right corner of the VM window.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Introduction
Chapter 1 - Page 7

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

8.

When the Close Virtual Machine dialog box appears, select “Power off the machine” and
click OK.

le

b
a
r
e
f

s

o

an
r
t
n

Note: You can verify that the VM is shut down by checking the status that appears under
the VM’s name in the Oracle VM VirtualBox Manager. The status for the Sol11-Desktop
should be “Powered Off.” The status for the Sol11-Server1 should be “Running.”

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Introduction
Chapter 1 - Page 8

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 2:
e
m
d
o
i
Managing
uImage
ilฺc tthe
G
a
m den System (IPS) and
Packaging
g
tu
o@Packages
S
d
l
s
i
na thChapter
o
r
2
ฺ
e
s
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 1

Practice Overview for Lesson 2

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
After installing a new OS, it is a common practice to ensure that you have the IPS Package
Repository set up on a local server. In these practices, you will set up a local repository on S11Server1 and configure a network client to access the repository.
When you install critical software updates, for example, packages updating Solaris kernel
facilities, creating another boot environment (BE) is very useful. In case the new package
corrupts your system, you can revert to the previous boot environment. So, you can consider
the original BE to be more like a backup environment. In the following practices, you will create
a backup BE, install the diffstat package, and work with multiple BEs. The key areas
covered in this practice are:
• Configuring a local IPS package repository
• Configuring a network client to access IPS
• Managing boot environments

s

an
r
t
n

Ci

no
a
s
a
h
)
ฺ
e
m
The following checklist shows your progress. Currently, youoare
aboutito
look into the IPS
d
functionality.
ilฺc t Gu
a
m den
g
√
Oracle Solaris
11.1 Predeployment
Checklist
tu
o@
S
d
l
s
na System
thi (IPS) and Packages
o
Managing the Image
Packaging
r
ฺ
e
us
eroSolaris
o
c
i
t
Installing
Oracle
11.1
on Multiple Hosts
c
(
e
s
o en
ldManaging
a
lic Business Application Data
n
o
R
o
Configuring Network and Traffic Failover
r
ce

Note: Your command output displays may be different than the displays in the practices,
especially storage units, process IDs, and related content.

Configuring Zones and the Virtual Network
Managing Services and Service Properties
Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Solaris Auditing
Managing Processes and Priorities
Evaluating System Resources
Monitoring and Troubleshooting System Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 2

le

b
a
r
e
f

Practice 2-1: Configuring a Local IPS Package Repository

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
You will recall from the lecture that when you install or upgrade to the Oracle Solaris 11 release,
the system initially has one publisher configured: the solaris publisher.
In your lab environment, your virtual machine client cannot access the default publisher URL to
download the IPS package repository. So your first task is to create your local package
repository and make it the default so that the network client can be serviced by IPS.

Tasks
1.
2.

Verify that the Sol11-Server1 virtual machine is running.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.

3.

Run the su command to assume administrator privileges.
oracle@s11-server1:~$ su –
Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-server1:~#

6.

Address:

192.168.0.100#53

Name:
Address:

s11-server1.mydomain.com
192.168.0.100

s

an
r
t
n

no
September
a
s
a
h
)
ฺ
e
4. Determine the host name and domain of this server. om
d
i
ilฺc t Gu
root@s11-server1:~# hostname
a
m den
g
s11-server1
o@ Stu
root@s11-server1:~# domainname
d
l
a this
n
mydomain.com
o
oฺr use
r
e
ic caneaccess
to DNS services.
c
5. Verify that this(server
do icens nslookup s11-server1
l
root@s11-server1:~#
a
l
n
oServer:
192.168.0.100
R
ro

e

Cic

le

11.1

Verify that the /export/IPS file system has been configured on the system.
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE
CAP DEDUP HEALTH ALTROOT
rpool 31.8G 9.87G 21.9G
31% 1.00x ONLINE root@s11-server1:~# zfs list
NAME
USED AVAIL REFER MOUNTPOINT
rpool
9.94G 21.3G
39K /rpool
rpool/ROOT
2.13G 21.3G
31K legacy
rpool/ROOT/solaris
2.13G 21.3G 1.58G /
rpool/ROOT/solaris/var
507M 21.3G
505M /var
rpool/dump
1.03G 21.3G 1.00G rpool/export
5.74G 21.3G
33K /export
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 3

b
a
r
e
f

2012

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

rpool/export/IPS
5.74G
rpool/export/home
212K
rpool/export/home/jholt
35.5K
rpool/export/home/jmoose 35.5K
rpool/export/home/oracle
34K
rpool/export/home/panna
35K
rpool/export/home/sstudent 35K
rpool/swap
1.03G

21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G

5.74G
37K
35.5K
35.5K
34K
35K
35K
1.00G

/export/IPS
/export/home
/export/home/jholt
/export/home/jmoose
/export/home/oracle
/export/home/panna
/export/home/sstudent
-

Note: Your display may be different for space allocation/usage.
Normally, a local IPS repository must be manually created on the local server. This
involves creating a ZFS file system on the local server for the IPS repository and copying
the repository files from the repository ISO image to the local repository.
The following example shows the steps used to copy the IPS repository from the ISO
image to a local ZFS file system. Do not run these commands in this practice. The
repository has already been installed on the local server for you.
# zfs create -o compression=on rpool/export/IPS
# lofiadm –a sol-11-1111-repo-full.iso
# mount –F hsfs /dev/lofi/1 /mnt
# rsync –aP /mnt/repo /export/IPS

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
tu 4.4 gigabytes). Depending on the
o@
S
d
The package repository is very llarge
(approximately
s
nathe rsync
speed of your host machine,
thicommand can take a couple of hours to
o
r
ฺ
e
complete.
ro o us
e
c
i
t
7. Assess the current
IPS configuration
on the Sol11-Server1 system:
c
(
e
s
o
n
root@s11-server1:~#
svcs application/pkg/server
ld lice
a
n
STATE
STIME
FMRI
o
R
ro disabled 17:00:56 svc:/application/pkg/server:default

e

Cic

root@s11-server1:~# svcprop -p pkg/inst_root application/pkg/server

/var/pkgrepo
This system is not currently configured as an IPS server (the service is disabled). Note
the default location of the IPS repository as determined by the pkg/inst_root
property. The /var/pkgrepo directory is not the correct location of your local
repository.
8.

Determine whether the IPS service is currently available:
root@s11-server1:~# pkg search entire
pkg: Some repositories failed to respond appropriately:
solaris:
Unable to contact valid package repository
Encountered the following error(s):
Unable to contact any configured publishers.
This is likely a network configuration problem.
Framework error: code: 6 reason: Couldn't resolve host 'pkg.oracle.com'
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 4

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

URL: 'http://pkg.oracle.com/solaris/release' (happened 4 times)

Note: This step will be especially useful on the job because you can see the displayed
URL. In the training environment, your publisher URL will point to s11-server1.
Searching for a package is a quick way of determining whether the IPS service is
available. Based on the results shown here, this system has no access to the IPS
service.
9.

Set the application/pkg/server service pkg/inst_root property to the repository
location (/export/IPS/repo).
root@s11-server1:~# svccfg –s application/pkg/server setprop \
pkg/inst_root=/export/IPS/repo
root@s11-server1:~#

10. Set the application/pkg/server service pkg/readonly property to true.
root@s11-server1:~# svccfg –s application/pkg/server setprop \
pkg/readonly=true
11. Verify the application/pkg/server service inst_root property.

no
a
s
a
h
)
ฺ
e
12. Refresh the application/pkg/server service. om
d
i
lฺc t Gu
iapplication/pkg/server
root@s11-server1:~# svcadm refresh
a
m den
g
13. Enable the application/pkg/server
service.
tu
o@
S
d
l
root@s11-server1:~# svcadm
enable
s
a thi application/pkg/server
n
o
14. Verify that the application/pkg/server
service is enabled.
oฺr use
r
e
o
root@s11-server1:~#
ic e t svcs application/pkg/server
c
(
STATEdo
STIME
FMRI
ns
l
e
c
a
i
l
n
17:00:56
svc:/application/pkg/server:default
oonline
R
o Use the pkgrepo refresh command to refresh the package repository.
r15.
root@s11-server1:~# svcprop -p pkg/inst_root \
application/pkg/server
/export/IPS/repo

e

Cic

s

an
r
t
n

root@s11-server1:~# pkgrepo refresh –s /export/IPS/repo
Initiating repository refresh.
When you create a new package repository, you must refresh the repository catalog so
that the package search operations will work correctly. This may take several minutes to
complete.
16. List the current package publishers.
root@s11-server1:~# pkg publisher
STATUS P

LOCATION

PUBLISHER

TYPE

solaris

origin online F http://pkg.oracle.com/solaris/release/

The command output shows the current publisher. A publisher is a forward domain
name that identifies a person, group of persons, or an organization that publishes one or
more packages. The repository type origin is the location of the package repository that
contains both package metadata (package manifests and catalogs) and package content
(package files). The default publisher URI is http://pkg.oracle.com/solaris/release/.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 5

le

b
a
r
e
f

17. Remove the current publisher URI (http://pkg.oracle.com/solaris/release) and add a new
URI (http://s11-server1.mydomain.com) to the publisher name solaris. Show the results.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# pkg set-publisher –G ‘*’ –g \
http://s11-server1.mydomain.com/ solaris
root@s11-server1:~# pkg publisher
PUBLISHER
solaris

TYPE
origin

STATUS URI
online http://s11-server1.mydomain.com

18. Test IPS on the local server by searching for the entire package.
root@s11-server1:~# pkg search entire
INDEX
ACTION
VALUE
PACKAGE
pkg.fmri
set
solaris/entire
pkg:/entire@0.5.11-0.175.0.0.0.2.0

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 6

le

b
a
r
e
f

Practice 2-2: Configuring a Network Client to Access the Local IPS
Server

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Now that you have a local package repository set up, you must configure the network clients to
access the new repository. By default, clients are configured to use the publisher
http://pkg.oracle.com/solaris/release/. In this task, you reconfigure the client to access the
http://s11-server1.mydomain.com/ package publisher solaris.

Tasks
1.
2.
3.
4.

Double-click the Sol11-Desktop icon to launch the Sol11-Desktop virtual machine.
Log in to the Sol11-Desktop virtual machine as the oracle user. Use the password
oracle1.
Right-click the desktop background and open a terminal window.
In the terminal window, run the su command to assume primary administrator privileges.

s

no
a
s September 2012
11.1 ha
)
ฺ
e
m
d
o
i
uIPS server host name.
lฺc t the
iresolving
G
5. Verify that this client can access DNS services by
a
m den
g
root@s11-desktop:~# nslookup
s11-server1
o@ Stu
d
Server:
192.168.0.100
l
a this
n
o
Address:
192.168.0.100#53
oฺr use
r
e
ic e to
Name: o (c s11-server1.mydomain.com
ns
d ic192.168.0.100
l
e
Address:
a
l
on
6. R
Verify that this client can ping the IPS server.
ro
oracle@s11-desktop:~$ su –
Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-desktop:~#

e

Cic

an
r
t
n

root@s11-desktop:~# ping s11-server1
s11-server1 is alive

7.

List the current package publishers.
This is what you can expect to see on the job because this is the default origin URL.
root@s11-desktop:~# pkg publisher
PUBLISHER
solaris

8.

TYPE
origin

STATUS P LOCATION
online F http://pkg.oracle.com/solaris/release/

Remove the current publisher URI (http://pkg.oracle.com/solaris/release) and add a new
URI (http://s11-server1.mydomain.com) to the publisher name solaris.
root@ s11-desktop:~# pkg set-publisher –G ‘*’ –g \
http://s11-server1.mydomain.com/ solaris

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 7

le

b
a
r
e
f

9.

Verify that the publisher is set to http://s11-server1.mydomain.com/.
root@s11-desktop:~# pkg publisher

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

PUBLISHER
solaris

TYPE
origin

STATUS P LOCATION
online F http://s11-server1.mydomain.com/

10. Test client access to the IPS server by opening the http://s11-server1.mydomain.com URL
in the Firefox browser.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
11. Using the package
ns browser, search for the entire package.
do icerepository
l
a
l
on
R
ro

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 8

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

12. Close the Firefox browser.
13. Close the Sol11-Desktop VM.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 9

Practice 2-3: Managing Multiple Boot Environments

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you create a new full BE based on the current BE. The current BE does not
have the diffstat package installed. You make the new BE the active boot environment and
you update it with the diffstat package. You reboot to the original boot environment to prove
that the two BEs are now logically separate. This action is also useful in case the diffstat
package is corrupted and you want to revert to the original environment.
As part of this practice, you also mount and update an inactive BE. In addition, you create
another BE (a copy of the current BE) and a backup copy. This will demonstrate to you how to
manage multiple BEs on the system.
To run this practice, you must be logged in to the Sol11-Server1 virtual machine as the oracle
user and have obtained primary administrator privileges. See Practice 2-2 if you need help.
Note: Your display outputs may differ slightly.

s

an
r
t
n

Tasks
1.

2.
3.

ro

e
Cic

4.

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
tu
othe@boot environment
S
d
The Active field indicates whether
is active now (N) and active on
l
s
a
i
n
h
reboot (R).
ฺro use t
o
r
Clone the current active
the clone solaris-1.
e BE.tName
o
c
i
c
root@s11-server1:~#
o ( ense beadm create solaris-1
d
l
acurrent BEs.
List n
the
lic
o
R root@s11-server1:~# beadm list
In a terminal window on the Sol11-Server1 virtual machine, list the current BEs.
root@s11-server1:~# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
NR
/
2.84G static 2012-11-30 08:47

BE
-solaris
solaris-1

Active
-----NR
-

Mountpoint Space
---------- ----/
2.84G
164.0K

Policy
-----static
static

Created
------2012-11-30 08:47
2012-12-09 07:01

Activate the solaris-1 BE. Display the list of BEs. Note that solaris-1 is pending
activation on reboot.
root@s11-server1:~# beadm activate solaris-1
root@s11-server1:~# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
N
/
469.0K static 2012-11-30 08:47
solaris-1 R
2.84G static 2012-12-09 07:01
The activation process will take a short amount of time to store the data in the partition.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 10

le

b
a
r
e
f

5.

Reboot the Sol11-Server1 virtual machine.
root@s11-server1:~# init 6

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Notice that solaris-1 is now the default boot entry in the GRUB menu.

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
lฺc t Gu
i
a
6. After Sol11-Server1 has rebooted, log in as the
nuser and su to root.
moracle
e
g
d
7. In a terminal window, list the current BEs.
o@ Stu
d
l
a list
is
root@s11-server1:~# n
beadm
h
t
o
r
BE
Active
se Space Policy Created
oฺMountpoint
r
u
e
----------- ------ ------ic e---------to
c
(
s
solaris
4.60M static 2012-11-30 08:47
do i-cen l
a
l
n
/
2.89G static 2012-12-09 07:01
osolaris-1 NR
R
ro Note that the solaris-1 image is now active.

e 8.

Cic

Verify that the diffstat package is not currently installed on the new active BE.
root@s11-server1:~# pkg list diffstat
pkg list: no packages matching “diffstat’ installed

9.

Install the diffstat package on the new active BE.
root@s11-server1:~# pkg install diffstat
Creating plan...
Packages to install:
1
Create boot environment:
No
Create backup boot environment:
No
DOWNLOAD
PKGS
Completed
1/1
PHASE
Install Phase

FILES
6/6
ACTIONS
24/24

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 11

XFER (MB)
0.0/0.0

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

PHASE
Package State Update Phase
Image State Update Phase

ITEMS
1/1
2/2

10. Activate the solaris BE. Display the list of BEs. Note that solaris is pending activation
on reboot.
root@s11-server1:~# beadm activate solaris
root@s11-server1:~# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
R
2.84G static 2012-11-30 08:47
solaris-1 N
/
72.06M static 2012-12-09 07:01

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
o BE.
13. Mount thedinactive
ns
l
e
c
a
li
n
mkdir -p /solaris-1
oroot@s11-server1:~#
R
ro root@s11-server1:~# beadm mount solaris-1 /solaris-1

12. Verify that the solaris image is now active and that the diffstat package is not
installed.
root@s11-server1:~# beadm list
BE
Active Mountpoint Space
Policy Created
------- ---------- ---------- ------solaris
NR
/
2.89G static 2012-11-30 08:47
solaris-1 76.03M static 2012-12-09 07:01
root@s11-server1:~# pkg list diffstat
pkg list: no packages matching “diffstat’ installed

e

Cic

root@s11-server1:~# beadm list
BE
Active Mountpoint Space
------- ---------- ----solaris
NR
/
2.89G
solaris-1 /solaris-1 76.03M

Policy
-----static
static

Created
------2012-11-30 08:47
2012-12-09 07:01

14. Verify that the diffstat package is installed in the inactive BE:
root@s11-server1:~# pkg -R /solaris-1 verify -v diffstat
Verifying: PACKAGE
STATUS
pkg://solaris/text/diffstat
OK
15. Remove the diffstat package from the mounted inactive BE.
root@s11-server1:~# pkg -R /solaris-1 uninstall diffstat
Creating Plan…
Packages to remove:
1
Estimated space available: 28.45 GB
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 12

le

b
a
r
e
f

11. Reboot the Sol11-Server1 virtual machine. After Sol11-Server1 has rebooted, log in as the
oracle user and su to root.
root@s11-server1:~# init 6

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Estimated space to be consumed: 14.58 MB
Rebuild boot archive:
No
Changed packages:
solaris
text/diffstat
1.51,5.11-0.175.1.0.0.9.0:20120207T035254Z -> None
PHASE
ITEMS
Removing old actions
19/19
Updating package state database
Done
Updating package cache
1/1
Updating image state
Done
Creating fast lookup database
Done
root@s11-server1:~# pkg -R /solaris-1 list diffstat
pkg list: no packages matching “diffstat’ installed

e

Cic

rpool/ROOT/solaris@backup
rpool/ROOT/solaris/var@install -

-

0
static 2012-12-09 07:18
144.54M static 2012-11-30 08:51

…
…
…

19. Create a new boot environment from the solaris@backup snapshot. Name this BE
solaris-2.
root@s11-server1:~# beadm create -e solaris@backup solaris-2
root@s11-server1:~# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
NR
/
2.89G static 2012-11-30 08:47
solaris-1 76.03M static 2012-12-09 07:01
solaris-2 130.0K static 2012-12-09 07:26

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 13

s

an
r
t
n

no
a
s
a
h
)backup.eฺ
17. Create a snapshot of the solaris BE. Name the snapshot
m
o
c Guid
ฺ
root@s11-server1:~# beadm create solaris@backup
l
i
a nt
m
18. Display the list of snapshots associated with
the solaris
g
de BE.
@
u
t
o
root@s11-server1:~# beadm
ld listis-aS solaris
a
n
BE/Dataset/Snapshot
Created
th Mountpoint Space Policy
o seActive
r
------------------- oฺ
------ ---------- ---------- ------er to u
solaris
c
i
(c nse
rpool/ROOT/solaris
NR
/
2.17G
static 2012-11-30 08:47
o
d
l
rpool/ROOT/solaris/var
/var
518.90M static 2012-11-30 08:47
e
a
lic
nrpool/ROOT/solaris/var@2012...
1.22M
static 2012-12-09 07:01
o
R
rpool/ROOT/solaris/var@backup
0
static 2012-12-09 07:18
ro
16. Unmount the inactive BE.
root@s11-server1:~# beadm unmount solaris-1

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

20. Destroy the solaris-2 BE and show the results.
root@s11-server1:~# beadm destroy solaris-2
Are you sure you want to destroy solaris-2? This action cannot
be undone(y/[n]): y
root@s11-server1:~# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
NR
/
2.89G static 2012-11-30 08:47
solaris-1 76.23M static 2012-12-09 07:01
21. Rename the original solaris-1 BE to solaris-alt.
root@s11-server1:~# beadm rename solaris-1 solaris-alt
22. List the boot environments.
root@s11-server1:~#
BE
Active
------solaris
NR
solaris-alt -

le

Space
----2.89G
76.23M

s

an
r
t
n

Policy Created
------ ------static 2012-11-30 08:47
static 2012-12-09 07:01

b
a
r
e
f

no
a
s
a
h
) removed.
ฺ
23. Destroy the solaris-alt BE and then verify that it hasm
been
e
d
o
i
ilฺc t Gu
root@s11-server1:~# beadm destroy asolaris-alt
n This action cannot be
msolaris-1?
e
Are you sure you want to destroy
g
d
undone(y/[n]): y
o@ Stu
d
l
a list
is
root@s11-server1:~# n
beadm
h
t
o
r
BE
Active
se Space Policy Created
oฺMountpoint
r
u
e
ic e---------to
---------------- ------c
(
s
solaris
2.89G static 2012-11-30 08:47
ldo liNRcen /
a
n
o
R
o
The next time you reboot the system, you will see only the solaris BE present on the
r

e

Cic

beadm list
Mountpoint
---------/
-

GNU GRUB menu.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 2: Managing the Image Packaging System (IPS) and Packages
Chapter 2 - Page 14

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 3:
e
m
d
o
i
Installing
u Solaris 11
ilฺc Oracle
G
a
t
n Hosts
mMultiple
on
e
g
d
tu3
o@Chapter
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 1

Practice Overview for Lesson 3

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
According to the predeployment plan and checklist, you will now start configuring the Automated
Installer (AI). The AI configuration practices help you to understand how you can save time and
resources while installing Oracle Solaris 11.1 on multiple client hosts individually.
√
√

Oracle Solaris 11.1 Predeployment Checklist
Managing the Image Packaging System (IPS) and Packages
Installing Oracle Solaris 11.1 on Multiple Hosts

le

b
a
r
e
f

Managing the Business Application Data

s

an
r
t
n

Configuring Network and Traffic Failover
Configuring Zones and the Virtual Network

o

an
s
Managing Services and Service Properties
ha ฺ
)
om uide
Configuring Privileges and Role-Based Access c
Control
ฺ
l
ai nt G
m
Securing System Resources by Using
Solaris
g uAuditing
de
@
t
o
ld is S
Managing Processes and
Priorities
a
n
th
o
r
ฺ
e
Evaluating System
us
ero Resources
o
c
i
t
(c and
e
sTroubleshooting
Monitoring
System Failures
o
n
d
l
e
c
a
li
on

Ci

R
o
In
the following practices, you install Oracle Solaris 11.1 OS on an x86/64 machine in an
r
ce

automated, unattended manner. Your first task is to verify that the system meets the AI
requirements. In the second task, you configure the AI on a server. Then as a final step, you
deploy the OS on a network client.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 2

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Before you install the Oracle Solaris 11.1 OS by using AI, you must first download the Oracle
Solaris 11.1 AI install image from the following site:
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html.
The AI installation download is in an ISO image format that can be burned to a CD or DVD, or
used directly within Oracle VM Server or other virtualization software.
Note: For training purposes, the AI ISO has already been downloaded for you. The ISO
image file can be found in the /root directory of the Sol11-Server1 virtual machine.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 3

Practice 3-1: Verifying the System AI Requirements (Optional)

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
This practice takes you through the steps for checking the existing version of Oracle Solaris
11.1 to verify the system requirements for the AI installation. For the purposes of AI
configuration, you need to configure the IPS repository on the local VM (S11-Server1) so that
you can minimize the package deployment.
Note: If you have completed Practice 2 during Lesson 2, skip this practice. It is included
here as a checkpoint prerequisite because you need to ensure that the IPS repository is
properly configured before you configure AI.
Note: Your command output displays may be different than the displays in the practice,
especially allocation and utilization, process IDs, and similar information.

s

an
r
t
n

Tasks

no
a
s
a
h
)
2.
ฺ
e
m
d
o
i
3.
ilฺc t Gu
a
n
oracle@s11-server1:~$ su – gm
e
d
Password: oracle1
o@ Stu
d
l
is
Oracle Corporation na
SunOS th
5.11
11.1
September
o
r
ฺ
e
root@s11-server1:~#
ro o us
e
c
i
t is Oracle Solaris 11 Build 173 release.
4. Verify that the (operating
system
c
e
s
root@s11-server1:~#
cat /etc/release
ldo licen
a
n
o
Oracle Solaris 11.1 X86
R
o
r
1.

e
Cic

Verify that the Sol11-Server1 virtual machine is running.
If the virtual machine is not running, start it at this time.
Log in to virtual machine Sol11-Server1 as the oracle user. Use the password oracle1.
Run the su command to assume primary administrator privileges.

Copyright (c) 1983, 2012, Oracle and/or its affiliates.
rights reserved.
Assembled 19 September 2012

5.

Verify that the operating system is configured with a static IP address.
root@s11-server1:~# svcs network/physical:default
STATE
STIME
FMRI
online
0:24:39
svc:/network/physical:default
root@s11-server1:~# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
…
net0/v4
static
ok
192.168.0.100/24
…

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 4

le

b
a
r
e
f

2012

All

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Verify that DNS is operational.
root@s11-server1:~# nslookup s11-server1.mydomain.com
Server:
192.168.0.100
Address:
192.168.0.100#53
Name:
s11-server1.mydomain.com
Address: 192.168.0.100

7.

Verify that the /export/IPS file system has been configured in the rpool on the system.
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP
rpool 31.8G 9.98G 21.9G 31%
root@s11-server1:~# zfs list
NAME
rpool
rpool/ROOT
rpool/ROOT/solaris
rpool/ROOT/solaris/var
rpool/dump
rpool/export
rpool/export/IPS
rpool/export/home
rpool/swap

ro

e
Cic

USED
9.95G
2.14G
2.14G
517M
1.03G
5.74G
5.74G
212K
1.03G

DEDUP
1.00x

AVAIL
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G

HEALTH
ONLINE

REFER
39K
31K
1.58G
373M
1.00G
33K
5.74G
37K
1.00G

ALTROOT
-

MOUNTPOINT
/rpool
legacy
/
/var
/export
/export/IPS
/export/home
-

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this based on the type of disks and platform.
n
Note: Your display mayrbe
slightly different
o
oฺ use
r
e
Normally, a local
ic IPS repository
to must be manually created on the local server. This
c
(
e
s file system on the local server for the IPS repository and copying
involveso
anZFS
d creating
l
e
the
repository
files
from
the repository ISO image to the local repository.
c
a
li
n
o
R The following example shows you the steps to copy the IPS repository from the ISO
image to a local ZFS file system. Do not run these commands in this practice. The
repository has already been installed on the local server for you.
# zfs create -o compression=on rpool/export/IPS
# lofiadm –a sol-11-1111-repo-full.iso
# mount –F hsfs /dev/lofi/1 /mnt
# rsync –aP /mnt/repo /export/IPS
The package repository is very large (over 6 GB). Depending on the speed of your host
machine, the rsync command can take a couple of hours to complete.

8. Assess the current IPS configuration on the Sol11-Server1 system:
root@s11-server1:~# svcs application/pkg/server
STATE
STIME
FMRI
disabled

0:24:39

svc:/application/pkg/server:default

root@s11-server1:~# svcprop -p pkg/inst_root application/pkg/server

/var/pkgrepo

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 5

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

This system is not currently configured as an IPS server (the service is disabled). Note
the default location of the IPS repository as determined by the pkg/inst_root
property. The /var/pkgrepo directory is not the correct location of your local
repository.
Note: When you configure IPS for the first time, you will see this default value. It is
shown here for that purpose. You will change it to the local ZFS file system.
9.

Set the pkg/inst_root property of the application/pkg/server service to the local
repository location /export/IPS/repo.
root@s11-server1:~# svccfg –s application/pkg/server setprop \
pkg/inst_root=/export/IPS/repo
root@s11-server1:~#

10. Set the pkg/readonly property of the application/pkg/server service to true.
root@s11-server1:~# svccfg –s application/pkg/server setprop \
pkg/readonly=true
11. Verify the inst_root property of the application/pkg/server service.

no
a
s
a
h
)
ฺ
e
m
d
o
i
12. Refresh the application/pkg/server service.
ilฺc t Gu
a
n
m application/pkg/server
root@s11-server1:~# svcadm refresh
e
g
d
tu
o@service.
13. Enable the application/pkg/server
S
d
l
s
a
hi application/pkg/server
root@s11-server1:~#on
svcadm tenable
r
ฺ
e
14. Verify that the application/pkg/server
service is enabled.
ero to us
c
i
c
( nse svcs application/pkg/server
root@s11-server1:~#
o
d
l
e
STATE
STIME
FMRI
c
a
i
l
n
o
online
0:24:39
svc:/application/pkg/server:default
ro R
root@s11-server1:~# svcprop -p pkg/inst_root \
application/pkg/server
/export/IPS/repo

e 15.

Cic

s

an
r
t
n

Use the pkgrepo refresh command to refresh the package repository.

root@s11-server1:~# pkgrepo refresh –s /export/IPS/repo
When you create a new package repository, you must refresh the repository catalog so
that the package search operations will work correctly. This may take several minutes to
complete.
16. List the current package publishers.
root@s11-server1:~# pkg publisher
PUBLISHER
solaris

TYPE
origin

STATUS
online

P LOCATION
F http://pkg.oracle.com/solaris/release/

The command output shows the current publisher. A publisher is a forward domain
name that identifies a person, group of persons, or an organization that publishes one or
more packages. The repository type origin is the location of a package repository that
contains both package metadata (package manifests and catalogs) and package content
(package files). The default publisher URI is http://pkg.oracle.com/solaris/release/.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 6

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

17. Remove the current publisher URI (http://pkg.oracle.com/solaris/release/) and add a new
URI (http://s11-server1.mydomain.com) to the publisher name solaris. Show the results.
root@s11-server1:~# pkg set-publisher -G \
http://pkg.oracle.com/solaris/release/ \
-g http://s11-server1.mydomain.com/ solaris
root@s11-server1:~# pkg publisher
PUBLISHER
solaris

TYPE
origin

STATUS P LOCATION
online F http://s11-server1.mydomain.com

Note: The value specified after the -G option is also mentioned here as the original
default that you will see while installing the repository for the first time. In the lab
environment, use the value displayed in the previous step.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 7

Practice 3-2: Configuring the AI Server

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
After you have verified that the server meets the AI requirements, you are ready to configure the
AI server. After the configuration is complete, you will be able to install the Oracle Solaris 11.1
OS on one or more client hosts. This practice will set up a DHCP server as part of the
configuration. This DHCP server allocates an IP address to the client host.

Tasks

1.

Note: Because you are not using the default IPS service, you need to adjust the default AI
service accordingly.
On the Sol11-Server1 virtual machine, check whether the
svc:/network/dns/multicast service is online. If the service is not online, enable it.
root@s11-server1:~# svcs network/dns/multicast
STATE
STIME
FMRI
disabled
1:08:14 svc:/network/dns/multicast:default
root@s11-server1:~# svcadm enable network/dns/multicast
root@s11-server1:~# svcs network/dns/multicast
STATE
STIME
FMRI
online
1:32:27 svc:/network/dns/multicast:default

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
2. Verify that the netmasks file is configured
appropriately
@ Stu for the DHCP service.
o
d
root@s11-server1:~# n
getent
192.168.0.0
al tnetmasks
is
h
o
r
ฺ
e
uthes network mask for the local subnet is configured in the
ero tthat
o
c
Note that DHCP
requires
i
(c file.
seIf an entry does not exist, update the netmasks file now.
/etc/netmasks
o
n
d
l
e
a /etc/netmasks
#nvi
lic
o
ro R …

e

Cic

192.168.0.0 255.255.255.0
root@s11-server1:~# getent netmasks 192.168.0.0
192.168.0.0
255.255.255.0

3.

Use the installadm create-service command to create an AI service based on the
following information:
- Service name: basic_ai
-

DHCP base IP address: 192.168.0.130

-

DHCP IP address range: 5

-

AI ISO image location: /opt/ora/iso/sol-11_1-ai-x86.iso

-

Target directory: /export/ai/basic_ai
root@s11-server1:~# installadm create-service -n basic_ai \
-s /opt/ora/iso/sol-11_1-ai-x86.iso -i 192.168.0.130 \
-c 5 -d /export/ai/basic_ai

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 8

le

b
a
r
e
f

Creating service from: /opt/ora/iso/sol-11_1-ai-x86.iso
Setting up the image ...

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Creating i386 service: basic_ai
Image path: /export/ai/basic_ai

Starting DHCP server...
Adding IP range to local DHCP configuration

le

ro

e
Cic

b
a
r
e
Unable to determine a route for network 192.168.0.0. Setting s
the
f
n
route
a
-tr
n
temporarily to 0.0.0.0; this should be changed to anoappropriate
value
an
s
a
in the DHCP configuration file. Please see h
dhcpd(8)
for further
)
ฺ
information.
om uide
c
ฺ
l
ai nt G
m
Refreshing install services g
de
@
u
t
o
ld is S
a
n
Creating default-i386
alias
th
o
r
ฺ
e
ero to us
c
i
Setting (the
c default
e PXE bootfile(s) in the local DHCP
s
o
n
configuration
ld lice
a
n
to:
Ro
bios clients (arch 00:00): default-i386/boot/grub/pxegrub2
uefi clients (arch 00:07): defaulti386/boot/grub/grub2netx64.efi

Refreshing install services
root@s11-server1:~#
Note: If a warning message “Unable to determine a route…” appears, ignore it because
it is caused by the virtual machine network configuration. The same is true for any other
warnings. These messages have no impact on this practice.
Note: If you need to, you can remove an AI service and its associated clients by using
the command installadm delete-service -r svcname.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 9

4.

Use the installadm list command to verify that your AI service is installed.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# installadm list
Service Name Alias Of
------------ -------basic_ai
default-i386 basic_ai
5.

Status
-----on
on

Arch
---i386
i386

Image Path
---------/export/ai/basic_ai
/export/ai/basic_ai

Use the installadm create-client command to add the client MAC address for the
Sol11-Client1 virtual machines to the basic_ai service.
root@s11-server1:~# installadm create-client -e \
08:00:27:85:C7:D6 -n basic_ai
Adding host entry for 08:00:27:85:C7:D6 to local DHCP
configuration.

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
u was added to the AI
ฺc the client
ilthat
6. Use the installadm list –c command to verify
G
a
t
m den
server basic_ai.
g
tu -c
o@ S
root@s11-server1:~# installadm
list
d
l
s
naAddress
Service Name Client
thi Arch Image Path
o
r
ฺ
e
------------ero
-------------------------us
o
c
i
t
basic_ai(c
08:00:27:85:C7:D6
i386
/export/ai/basic_ai
e
s
o
n
ld lice
a
n
o the directory /var/tmp/manifests to store the AI manifest files.
7. R
Create
o
r

Note that, on the job, you will not encounter duplicate MAC addresses on your network.
You should verify carefully what your actual network client systems’ MAC addresses are
in order to properly install Oracle Solaris 11.1 on them.
Note: Use the MAC addresses observed on your system.

e

Cic

root@s11-server1:~# mkdir -p /var/tmp/manifests

8.

Copy the default manifest file to the /var/tmp/manifests/basic_ai.xml file so that
you can modify it for your configuration.
root@s11-server1:~# cp \
/export/ai/basic_ai/auto_install/manifest/default.xml \
/var/tmp/manifests/basic_ai.xml
Note: In the previous step, the /var/tmp/manifests/basic_ai.xml file is created
read only. Before editing, you can change the permissions to 755 (using the command
chmod 755 basic_ai.xml) or ignore the warning from the vi editor and save it with the
“wq!” command.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 10

9.

Using the vi editor, modify the auto_install section of the
/var/tmp/manifests/basic_ai.xml file and use the following data.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

auto_install manifest:
-

AI instance name (ai_instance name): basic_ai and add auto_reboot="true"

-

IPS origin URI: http://s11-server1.mydomain.com

-

IPS package: entire (confirm that it uses the entire package)

-

IPS package: solaris-large-server (confirm that it uses the solaris-largeserver package)

10. Use the diff command to view the differences between the basic_ai.xml file and the
default.xml file.
root@s11-server1:~# diff /var/tmp/manifests/basic_ai.xml \
/export/ai/basic_ai/auto_install/manifest/default.xml
27c27
<

-->

40c40
<

-->


s

an
r
t
n

Cic

e

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a thisthat you made to the basic_ai.xml file.
This output shows you the n
modifications
o
11. Create a MAC address–based
sefile named criteria_ai.xml in the
oฺr criteria
r
u
e
/var/tmp/manifests
ic directory.
to Use the MAC address of the network client Sol11c
(
e
Client1.
o ens
d
l
a
root@s11-server1:~#
vi /var/tmp/manifests/criteria_ai.xml
lic
n
o
R
ro 

08:00:27:85:C7:D6



Note: If the AI client does not match the criteria for a service (in this case, a specific
MAC address), the AI service will use the default manifest when installing the OS.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 11

le

b
a
r
e
f

12. Add the basic_ai manifest and criteria file to the basic_ai service.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# installadm create-manifest –n basic_ai \
-f /var/tmp/manifests/basic_ai.xml \
-C /var/tmp/manifests/criteria_ai.xml
When a custom AI manifest (basic_ai.xml, in this example) is defined for this install
service and the client matches the criteria specified (in the criteria_ai.xml file) for
the custom AI manifest, the client will use that manifest. In cases where client
characteristics match multiple AI manifests, the client characteristics are evaluated in the
following order: mac, ipv4, platform, arch, cpu, and mem.
If the client does not match the criteria for any custom AI manifest, the client uses the
default AI manifest.
13. Use the installadm list –m command to verify that your manifest and the criteria have
been added to the basic_ai service.

s

an
r
t
n

root@s11-server1:~# installadm list -m
Service/Manifest Name
Status
Criteria
----------------------------------basic_ai
basic_ai
mac = 08:00:27:85:C7:D6
orig_default
Default
None
default-i386
orig_default
Default
None

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
a thi
ninstalladm
o
r
root@s11-server1:~#
list -m -n basic_ai
ฺ
se
o
r
u
e
Service/Manifest
Status
Criteria
ic e Name
to
c
(
--------------------------------o ens
d
l
c
a
onbasic_ai li

Ci

R
o
r
ce

basic_ai
orig_default

Default

mac = 08:00:27:85:C7:D6
None

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 12

le

b
a
r
e
f

Practice 3-3: Deploying the OS on the Network Client

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
After you complete the AI server configuration, it is time to test your work by deploying the
Oracle Solaris 11.1 operating system on a network client. You will use the VM named Sol11Client1 as the client host. After the client is imaged from the AI server, you will verify that the
install was done completely and accurately.

Tasks
1.
2.

Verify that the Sol11-Server1 virtual machine is running. If it is not, start it now.
Click the Sol11-Client1 virtual machine icon.

3.

Click the Start button. This will boot the Sol11-Client1 virtual machine. If the AI server is
configured correctly, you should see the OS installation begin.
Note
•

s

an
r
t
n

If the Sol11-Client1 virtual machine fails to boot with a “No bootable medium
found” error, change the virtual machine adapter. To change the adapter type, open
the Oracle VM VirtualBox Manager, select the Sol11-Client1 virtual machine,
and click Settings. In the Settings dialog box, select Network and click Advanced
under Adapter 1. Select another adapter from the Adapter Type menu. Restart the
Sol11-Client1 virtual machine.

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
• Perform the next step as soon as possible.
a
n
mGRUB
e
g
4. When the Sol11-Client1 system starts the GNU
menu, select the Oracle Solaris
d
tuoption.
o@
11.1 Text Installer and command
line boot
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
R
ro

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 13

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

When the Oracle Solaris installation menu appears, type option 1 for “Install Oracle Solaris”
and press Enter as instructed. During the OS installation process, use the following
configuration data to complete the Text installation.
Note: The Text installer program directs you to use the F2 key to move to the next step in
the installation process.
- Installation menu: 1. Install Oracle Solaris
- Disks: Local Disks
- Fdisk Partitions: Use the entire disk.
-

Computer name: s11-client1
Ethernet network configuration: Automatically
Time zone: Use your local region.
Date and time: Set to current date and time.
Root password: oracle1
User account:
- Your real name: oracle
Username: oracle

e

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 14

s

an
r
t
n

no
a
- Password: oracle1
s
a
h
6. The installation should take around 10 minutes. You will see)an “installation
ฺ complete”
e
m
d
o
message displayed.
i
ilฺc t Gu
a
.
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
on
R
ro
-

Cic

le

b
a
r
e
f

7.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

8.

After the installation has completed, reboot (F8) the Sol11-Client1 virtual machine.
Note: If the F8 key does not work, press the F9-Quit key. This returns you to the installation
menu. From the menu, select option 5 to reboot.
After Sol11-Client1 completes the initial boot and the solaris-client1 console
login prompt appears, power down the virtual machine.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 15

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
Chapter 3 - Page 16

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 4:
e
m
d
o
i
Managing
u
ilฺc tBusiness
G
a
m den Data
Application
g
tu4
o@Chapter
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 1

Practice Overview for Lesson 4

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
Following the predeployment test plan, you now need to address the storage requirements of
the business applications. You need to configure multiple ZFS storage pools. In this case, your
organization is working with the Oracle CRM application. Then you need to create file systems
for storing business application data. For file system backup and recovery, you will create
snapshots and clones. Then you will need to explore ZFS property compression to minimize the
storage space.
The default file system for Oracle Solaris 11 is ZFS. ZFS is the root file system on Oracle
Solaris 11 that offers a superior experience in terms of manageability, scalability, and data
integrity. The key areas explored in this practice are:
• Managing data redundancy with a ZFS mirrored pool
• Using ZFS snapshots for backup and recovery
• Using a ZFS clone
• Configuring ZFS compression
• Troubleshooting ZFS failures

s

an
r
t
n

Cic

no
a
as in the practice,
hdisplays
Note: Your command output displays may be different than )the
ฺ
e
especially storage, process IDs, and other information.om
d
i
ilฺc t Gu
a
m den
Look at your checklist to see where you are. g
o@ Stu
d
l
aSolaris t11.1
isPredeployment Checklist
Oracle
√
n
h
o
ฺr use
o
r
√
e
Managing
System (IPS) and Packages
o
icthe Image
tPackaging
c
(
e
o Oracle
√
nsSolaris 11.1 on Multiple Hosts
dInstalling
l
e
c
a
li
on Managing
R
the Business Application Data
ero
Configuring Network and Traffic Failover

Configuring Zones and the Virtual Network
Managing Services and Service Properties
Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Oracle Solaris Auditing
Managing Processes and Priorities
Evaluating System Resources
Monitoring and Troubleshooting System Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 2

le

b
a
r
e
f

Practice 4-1: Managing Data Redundancy with a ZFS Mirrored Pool

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you test application data redundancy by using different scenarios. First you
create a ZFS mirrored pool that contains one mirror. To minimize the chances of losing data,
you distribute the data over two mirrors. At this time, to address a policy change, you
reconfigure the pool to keep three copies of data, which requires you to create a three-way
mirror.

Tasks
1.
2.
3.

Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use the oracle1
password. Assume administrator privileges.
Execute the zpool list command to display the ZFS pools that are currently configured
in the system.
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
rpool 31.8G 9.90G 21.9G 31% 1.00x ONLINE -

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
Currently, the only ZFS pool that is available is the
uwhich is needed to make
ilฺcroot tpool,
G
a
the ZFS file system a root file system.
m den
g
4. Use the zpool status command to determine
@ Sthe
u disks that are currently configured for
t
o
d
the ZFS rpool.
al this
n
o
root@s11-server1:~#
ฺr zpool
estatus rpool
s
o
r
u
e
pool: rpool
ic e to
c
(
state:
ONLINE s
n
donone
l
erequested
c
a
scan:
i
l
n
oconfig:
R
o
r

e

Cic

NAME
rpool
c7t0d0s0

STATE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0

errors: No known data errors
This display shows that rpool is using the local disk c7t0d0.
So while creating new pools, leave this disk untouched.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 3

le

b
a
r
e
f

5.

Execute the format command to identify any additional disks configured in the system.
root@s11-server1:~# format

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c7t0d0 
/pci@0,0/pci8086,2829@d/disk@0,0
1. c7t2d0 
/pci@0,0/pci8086,2829@d/disk@2,0
2. c7t3d0 
/pci@0,0/pci8086,2829@d/disk@3,0
3. c7t4d0 
/pci@0,0/pci8086,2829@d/disk@4,0
4. c7t5d0 
/pci@0,0/pci8086,2829@d/disk@5,0
5. c7t6d0 
/pci@0,0/pci8086,2829@d/disk@6,0
6. c7t7d0 
/pci@0,0/pci8086,2829@d/disk@7,0
7. c7t8d0 
/pci@0,0/pci8086,2829@d/disk@6,0
8. c7t9d0 
/pci@0,0/pci8086,2829@d/disk@7,0

le

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
^C
oฺr use
r
e
o c7t2d0 to c7t9d0 are available for use.
icyou that
tdisks
The display tells
c
(
e
ns command, press Ctrl + C or Ctrl + D.
To cancel
do theiformat
l
e
c
a
l ZFS pool named oraclecrm by using the disks c7t2d0 and c7t3d0.
on a mirrored
6. R
Create
ro Show the results.

e

Cic

b
a
r
e
f

root@s11-server1:~# zpool create oraclecrm mirror c7t2d0 c7t3d0
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
oraclecrm 1008M
112K 1008M
0% 1.00x ONLINE rpool
31.8G 9.90G 21.9G 31% 1.00x ONLINE Here, you created a pool called oraclecrm with a mirror by using two free disks. The
purpose of this pool is to store the Oracle business application Customer Relationship
Management (CRM) components. Because your company required redundancy, you
have created a mirror, meaning that you have an online copy of the CRM data. This
online copy will come in handy in case one of the disks gets corrupted.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 4

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7.

Add another mirror in the oraclecrm pool by using disks c7t4d0 and c7t5d0.
root@s11-server1:~# zpool add oraclecrm mirror c7t4d0 c7t5d0
root@s11-server1:~# zpool status oraclecrm
pool: oraclecrm
state: ONLINE
scan: none requested
config:
NAME
oraclecrm
mirror-0
c7t2d0
c7t3d0
mirror-1
c7t4d0
c7t5d0

READ WRITE CKSUM
0
0
0
0
0
0
0
0
0
-

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
errors: No known data errors
e
m
d
o
i
ilฺc t Gu
a
n of data or disk corruption.
Your company is very concerned about g
losing
m datadebecause
You are asked to spread the data o
over
disks to mitigate the risk of data loss. To
@multiple
tuby
S
d
l
satisfy this objective, you create
another
mirror
two free disks. Now, the data is
s
a and the
irespective using
n
h
t
distributed over the two rmirrors
disks. This means that 50% of the
o
se and 50% of the data in the second mirror. You will
otheฺ first mirror
data will be stored
in
r
u
e
ic subsequently.
to
see a demonstration
c
(
e
s the mirrors by issuing the zpool iostat -v oraclecrm
o eofnboth
8. Check the
dcapacity
l
c
a
li
command.
on
R
ro root@s11-server1:~# zpool iostat -v oraclecrm

e

Cic

STATE
ONLINE
ONLINE
ONLINE
ONLINE
ONLINE
ONLINE
ONLINE

capacity
operations
bandwidth
pool
alloc
free
read write
read write
---------- ----- ----- ----- ----- ----- ----oraclecrm
94K 1.97G
0
10
53 11.7K
mirror
71.5K 1008M
0
7
53 7.77K
c7t2d0
0
7 5.18K 30.8K
c7t3d0
0
7 5.13K 30.8K
mirror
33.5K 1.02G
0
7
0 9.31K
c7t4d0
0
9 12.3K 65.8K
c7t5d0
0
9 12.3K 65.8K
---------- ----- ----- ----- ----- ----- ----Here you see the two mirrors listed with their details. Note that the total free space in the
pool, 1.97 GB, has been equally distributed between the two mirrors (1008 MB and 1.02
GB respectively). The alloc column shows the ZFS overhead.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 5

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

9.

Determine the mount point of the top-level file system.
root@s11-server1:~# zfs list oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm
94K 1.94G
31K /oraclecrm
The mount point of the pool or the top-level file system of oraclecrm is /oraclecrm.
This is the root of the pool; that is, all the file systems that are created will be within this
mount point.

10. Create a 2 MB file by using the mkfile command. Check the file storage allocation for the
mirrors by running the zpool iostat command.
root@s11-server1:~# mkfile 2m /oraclecrm/crmindex
root@s11-server1:~# zpool iostat -v oraclecrm
capacity
operations
bandwidth
pool
alloc
free
read write
read write
---------- ----- ----- ----- ----- ----- ----oraclecrm
1.38M 1.97G
0
5
26 7.18K
mirror
856K 1007M
0
3
26 4.67K
c7t2d0
0
3 2.51K 15.8K
c7t3d0
0
3 2.49K 15.8K
mirror
558K 1007M
0
2
0 3.50K
c7t4d0
0
2 3.47K 19.4K
c7t5d0
0
2 3.47K 19.4K
---------- ----- ----- ----- ----- ----- -----

le

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
s show different numbers.
Note: Your
nmay
do display
l
e
c
a
li
on

R Your CRM analyst shared with you that a small file will be needed for storing the index of
o
r
the CRM application. You create a 2 MB file called crmindex in the pool.
ce

Ci

Note how this 2 MB worth of storage has been roughly divided between the two mirrors.
This shows that all CRM data will be divided between the two mirrors.
Hint: In some cases, it may help to wait for some time before issuing the zpool
iostat command to allow ZFS to complete writing to the mirrors.
11. Use the zfs list oraclecrm command to list the capacity summary for the oraclecrm
pool.
root@s11-server1:~# zfs list oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm 2.09M 1.94G 2.03M /oraclecrm
Note the space used now at the top-level file system. This reflects the 2 MB of storage
used by the crmindex file.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 6

12. Use the zpool destroy oraclecrm command to delete the pool. Confirm the deletion by
using the zpool list command.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# zpool destroy oraclecrm
root@s11-server1:~# zpool list oraclecrm
cannot open 'oraclecrm': no such pool
Based on a review by the CRM analyst, there was a change in direction. It was agreed
that you keep three copies of data and not distribute it over two separate mirror sets.
To address this objective, you delete the current data redundancy configuration and
destroy the pool to create the new configuration.
13. Re-create the mirrored ZFS pool named oraclecrm by using the disks c7t2d0 and
c7t3d0. Show the results.

e

Cic

le

ab
root@s11-server1:~# zpool create oraclecrm mirror c7t2d0 c7t3d0fer
s
n
root@s11-server1:~# zpool list
a
r
-t
n
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
o
oraclecrm 1008M
126K 1008M
0% 1.00x ONLINE
a ns
a
rpool
31.8G 9.90G 21.9G 31% 1.00x h
ONLINE
)
ฺ
e
m
o
id
c
u
ฺ
l
i
G
Note: The purpose of the reconfiguration is toacreate a tthree-way mirror now and reuse
m youdinenfocusing on a cleaner setup, for
the existing storage disks. This will also g
assist
instance, having one mirror.
o@ Stu
d
l
a to addthanother
is disk to the mirror to make it a three-way
n
14. Use the zpool attach command
o
e zpool status command.
mirror. Confirm this action
sthe
oฺrby using
r
u
e
ic e tozpool attach oraclecrm c7t2d0 c7t4d0
root@s11-server1:~#
c
(
root@s11-server1:~#
do icens zpool status oraclecrm
l
a
l
onpool: oraclecrm
R
ro state: ONLINE
scan: resilvered 86.5K in 0h0m with 0 errors on Mon Dec 12
07:51:21 2012
config:
NAME
oraclecrm
mirror-0
c7t2d0
c7t3d0
c7t4d0

STATE
ONLINE
ONLINE
ONLINE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
-

errors: No known data errors

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 7

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Now this new configuration meets the objective of maintaining redundancy by keeping
three copies of data on three individual disks. The application data can be created as
shown earlier.
Notice that the attach command specifies an existing disk in the mirror and a free disk
to be included in the mirror. The result is displayed by the status command. The
status display also shows the resilvering action. The purpose of resilvering is to
replicate data on the newly added disk.
15. Use the zpool add command to add a cache device to the mirror to allow the cache
device to be used as local pool memory. Confirm this action by using the zpool status
command.
root@s11-server1:~# zpool add oraclecrm cache c7t5d0
root@s11-server1:~# zpool status oraclecrm
pool: oraclecrm
state: ONLINE
scan: resilvered 86.5K in 0h0m with 0 errors on Mon Dec 12
07:51:21 2012
config:

le

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
NAME
STATE
READ WRITE CKSUM
)
m 0ide
oraclecrm
ONLINE
0 ฺco0
l
i 0 t Gu0
a
mirror-0 ONLINE
0
gm0 ude0n 0
c7t2d0 ONLINE @
t
o
S
d
l
c7t3d0 ONLINE
0
0
0
s
a thi
n
o
c7t4d0
0
0
0
ฺr ONLINE
e
s
o
r
u
e
cache
ic e to
c
(
0
0
0
ns ONLINE
do ic7t5d0
l
e
c
a
l
on

Ci

R errors:
o
r
ce

No known data errors

This added device will serve as local memory for the pool to boost the input/output
performance. Your business analyst had indicated that you may need to boost the I/O
performance of the pool.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 8

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

16. Your business analyst has now indicated that you do not need to boost pool performance
because of the low volume of data. Use the zpool remove command to delete the cache
device. Confirm this action by using the zpool status command.
root@s11-server1:~# zpool remove oraclecrm c7t5d0
root@s11-server1:~# zpool status oraclecrm
pool: oraclecrm
state: ONLINE
scan: resilvered 86.5K in 0h0m with 0 errors on Mon Dec 12
07:51:21 2012
config:
NAME
oraclecrm
mirror-0
c7t2d0
c7t3d0
c7t4d0

READ WRITE CKSUM
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
errors: No known data errors
d
o
i
ilฺc t Gu
a
n
min theddisplay.
e
g
Note that the cache device does not appear
u
tpool.
o@
S
d
l
17. Use the zpool destroy command
to
delete
the
Use the zpool list command to
s
a thi
n
confirm the deletion.
o
selist
oฺr zpool
r
u
root@s11-server1:~#
e
icSIZE e ALLOC
to
c
(
NAME
FREE CAP DEDUP HEALTH ALTROOT
s
o
n
d
l
e
oraclecrm
a
lic1008M 126K 1008M 0% 1.00x ONLINE n
o
rpool
31.8G 9.90G 21.9G 31% 1.00x ONLINE ro R

e

Cic

STATE
ONLINE
ONLINE
ONLINE
ONLINE
ONLINE

root@s11-server1:~# zpool destroy oraclecrm
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH
rpool 31.8G 9.90G 21.9G 31% 1.00x ONLINE

ALTROOT
-

The purpose of destroying this pool is to conclude working with the mirrors. In the next
practice, you will create a new pool with no mirrors to simplify working with ZFS backup
and recovery functions. In addition, you will create a pool with no mirrors.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 9

Practice 4-2: Using ZFS Snapshots for Backup and Recovery

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
According to your predeployment test plan, in this practice, you evaluate the data backup and
recovery mechanism in Oracle Solaris 11.1. For backing up the data, you create snapshots, as
well as use ZFS send/receive commands. The send/receive commands can be used to save the
backed up data (snapshots) on the local or remote machine. You use rollback commands to
recover the backed up or lost data.

Tasks
1.
2.
3.

Verify that Sol11-Server1 virtual machine is running. If the virtual machine is not running,
start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
Execute the zpool list command to display the ZFS pools that are currently configured
in the system.
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
rpool 31.8G 9.90G 21.9G 31% 1.00x ONLINE Run the zpool create command to create a pool with two top-level virtual devices. Check
the pool information by using zpool list and zpool status.
root@s11-server1:~# zpool create oraclecrm c7t3d0 c7t4d0
'oraclecrm' successfully created, but with no redundancy; failure
of one device will cause loss of the pool
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
oraclecrm 1.97G
123K 1.97G
0% 1.00x ONLINE rpool
31.8G 9.90G 21.9G 31% 1.00x ONLINE -

s

an
r
t
n

o

4.

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R You now create a fresh pool by using two disks. This will give you experience in creating
o
r
a simple pool without any mirror. Because your configuration is simple, your displays will
ce

Ci

be clean and easy to follow.

Confirm that the new pool has been created.
root@s11-server1:~# zpool status oraclecrm
pool: oraclecrm
state: ONLINE
scan: none requested
config:
NAME
STATE
oraclecrm ONLINE
c7t3d0 ONLINE
c7t4d0 ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
0
0
0

errors: No known data errors

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 10

le

b
a
r
e
f

5.

Create a file system named oraclecrm/crmdata with a mount point of /crmdata.
Check the file system creation and the mount point by running the zfs list command.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# zfs create -o mountpoint=/crmdata \
oraclecrm/crmdata
root@s11-server1:~# zfs list -r oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm
137K 1.94G
31K /oraclecrm
oraclecrm/crmdata
31K 1.94G
31K /crmdata
You create a file system called crmdata in the oraclecrm pool. In this file system, you
plan to store data in various CRM applications, such as Order Management, Marketing,
and Customers.

s

an
r
t
n

Note that the mount point was specified to be /crmdata for oraclecrm/crmdata to
be able to access the crmdata file system directly.

6.

ro

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
root@s11-server1:~# zfs create oraclecrm/crmdata/cust
ilฺc t Gu
a
n
root@s11-server1:~# zfs creategm
oraclecrm/crmdata/mktg
e
d
tu
root@s11-server1:~# zfs d
create
o@ oraclecrm/crmdata/om
S
l
s
a listth-r
i oraclecrm
root@s11-server1:~# n
zfs
o
r
ฺ
e
NAME
AVAIL REFER MOUNTPOINT
ero to usUSED
oraclecrm(cic
252K
1.94G
31K /oraclecrm
e
s
oraclecrm/crmdata
127K 1.94G
34K /crmdata
ldo licen
a
n
Rooraclecrm/crmdata/cust 31K 1.94G 31K /crmdata/cust

Create new ZFS file systems named oraclecrm/crmdata/cust,
oraclecrm/crmdata/mktg, and oraclecrm/crmdata/om. List the descendants of the
oraclecrm file system.

oraclecrm/crmdata/mktg
oraclecrm/crmdata/om

31K
31K

1.94G
1.94G

31K
31K

/crmdata/mktg
/crmdata/om

Note: These file systems are created to demonstrate individual file systems for each
business application, as you will experience on the job.
Here, you create file systems to store data for the CRM application. The file systems are
cust, mktg, and om. Note the used column and the refer column for the new file
systems. The file systems are consuming an initial storage space of 31 KB.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 11

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7.

Using the tar command, create a tar bundle that will serve as an example of the business
application data. Copy custarchive.tar to each crmdata file system and the
/opt/ora/data directory for future use. Note the amount of data used and referenced by
these file systems.
root@s11-server1:~# tar cvf /crmdata/cust/custarchive.tar \
/usr/demo
...
a /usr/demo/expect/ 0K
a /usr/demo/expect/mkpasswd 6K
a /usr/demo/expect/ftp-rfc 1K
a /usr/demo/expect/rftp 9K
a /usr/demo/expect/weather 3K
…
…
…
root@s11-server1:~# cp /crmdata/cust/custarchive.tar \
/crmdata/mktg/custarchive.tar
root@s11-server1:~# cp /crmdata/cust/custarchive.tar \
/crmdata/om/custarchive.tar

le

s

an
r
t
n

ro

e
Cic

b
a
r
e
f

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this so that it will be available to you in the
You are saving the data in n
/opt/ora/data
o
subsequent steps. oฺr
se
r
u
e
ic e to
c
(
root@s11-server1:~#
do icens cp /crmdata/cust/custarchive.tar \
l
/opt/ora/data/custarchive.tar
a
l
n
Ro
For training purposes, you are creating application data and placing it in the crmdata
file systems.
root@s11-server1:~# zfs list -r oraclecrm
NAME
USED AVAIL REFER
oraclecrm
2.88M 1.93G
31K
oraclecrm/crmdata
2.75M 1.93G
35K
oraclecrm/crmdata/cust
929K 1.93G
929K
oraclecrm/crmdata/mktg
929K 1.93G
929K
oraclecrm/crmdata/om
929K 1.93G
929K

MOUNTPOINT
/oraclecrm
/crmdata
/crmdata/cust
/crmdata/mktg
/crmdata/om

After placing application data in each file system, you see that all the file systems
indicate 929 KB worth of storage. Your numbers may be different.
8.

Create a recursive snapshot of oraclecrm/crmdata named
oraclecrm/crmdata@monday. List the file systems below oraclecrm. Note the amount
of space used and referenced by oraclecrm/crmdata@monday.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 12

root@s11-server1:~# zfs snapshot -r oraclecrm/crmdata@monday

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Recursively create snapshots of every file system in crmdata. The purpose is to create
a backup of each file system—that is, cust, mktg, and om data.
root@s11-server1:~# zfs list -r oraclecrm
NAME
USED AVAIL REFER
oraclecrm
3.06M 1.93G
31K
oraclecrm/crmdata
2.75M 1.93G
34K
oraclecrm/crmdata/cust
929K 1.93G
929K
oraclecrm/crmdata/mktg
929K 1.93G
929K
oraclecrm/crmdata/om
929K 1.93G
929K

MOUNTPOINT
/oraclecrm
/crmdata
/crmdata/cust
/crmdata/mktg
/crmdata/om

Now, when you try to display the children file systems of oraclecrm recursively, the
snapshots are not displayed. Take a look at this.

s

root@s11-server1:~# zpool get listsnapshots oraclecrm
NAME
PROPERTY
VALUE
SOURCE
oraclecrm listsnapshots off
default

ro

e
Cic

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
As displayed here, the listsnapshots property isooff
by default.
You now enable it.
d
i
ilฺc t Gu
a
root@s11-server1:~# zpool set listsnapshots=on
oraclecrm
m den
g
tu of oraclecrm, they are displayed.
o@ file S
d
l
Now, when you display the descendant
systems
s
i
nafor each
thfile
o
Note that there is one snapshot
system and they are all suffixed with @monday.
r
ฺ
e
s way to create
o easy
r
u
As you can see, this
is a very
multiple data backups and identify all of
e
o
c
i
t
c
them with the
same
identifier.
o ( ense
d
l
root@s11-server1:~#
zfs list -r oraclecrm
lic
na
o
R NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm
oraclecrm/crmdata
oraclecrm/crmdata@monday
oraclecrm/crmdata/cust
oraclecrm/crmdata/cust@monday
oraclecrm/crmdata/mktg
oraclecrm/crmdata/mktg@monday
oraclecrm/crmdata/om
oraclecrm/crmdata/om@monday

2.90M
2.75M
0
929K
0
929K
0
929K
0

1.93G
1.93G
1.93G
1.93G
1.93G
-

31K
35K
35K
929K
929K
929K
929K
929K
929K

/oraclecrm
/crmdata
/crmdata/cust
/crmdata/mktg
/crmdata/om
-

Note that the newly created snapshots do not use any space (initially) but they do
indicate 929 KB worth of storage, which includes the data that you placed in each file
system. The snapshots initially do not take up any space because they are using the
existing file system data pointers.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 13

le

b
a
r
e
f

9.

Create a file named /crmdata/cust/colochoc. Confirm that the file exists.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# touch /crmdata/cust/colochoc
You create a file to store data on a customer colochoc (for Colorado Chocolate
Company).
root@s11-server1:~# ls /crmdata/cust/colochoc
/crmdata/cust/colochoc
Success! You confirmed that it exists. Note that this file was created after taking a
backup on Monday.
10. Create another recursive snapshot named oraclecrm/crmdata@tuesday.
root@s11-server1:~# zfs snapshot -r oraclecrm/crmdata@tuesday

s

an
r
t
n

Note that the colochoc file will be included in the Tuesday snapshot but not in the
Monday snapshot.

no
a
s
a
h
)
ฺ
root@s11-server1:~# zfs rollback oraclecrm/crmdata@monday
e
m
d
o
i
cannot rollback to 'oraclecrm/crmdata@monday':
lฺc t Gu more recent
i
a
snapshots exist
m den
g
use '-r' to force deletion
of the tfollowing
snapshots:
u
o@
S
d
l
s
oraclecrm/crmdata@tuesday
na thi
o
r
ฺ
se
o
r
u
e
Notice that more
(crmdata@tuesday) exist; therefore, you cannot roll
ic recentesnapshots
to
c
(
s
back to an
earlier
snapshot
unless
you
use the -r option that deletes the more recent
n
do till ithe
l
e
c
a
snapshots
crmdata@monday
snapshot
becomes the most recent. Do not roll
l
n
o
R back yet.

11. Attempt to roll back the oraclecrm/crmdata snapshot by using the
oraclecrm/crmdata@Monday snapshot. What happens?

ro

e
Cic

Question: If the oraclecrm/crmdata snapshot is rolled back to the Monday
snapshot, what data will be lost?
Answer: The file named /crmdata/cust/colochoc will be lost.
12. Delete the file named /crmdata/cust/colochoc.
root@s11-server1:~# rm /crmdata/cust/colochoc
Remove the customer colochoc to see if you can recover it.
13. List the descendant oraclecrm file systems. Roll back the
oraclecrm/crmdata/cust@tuesday snapshot.
root@s11-server1:~# zfs list -r oraclecrm
NAME
USED AVAIL
oraclecrm
2.94M 1.93G
oraclecrm/crmdata
2.77M 1.93G
oraclecrm/crmdata@monday
0
oraclecrm/crmdata@tuesday
0
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 14

REFER
31K
34K
34K
34K

le

b
a
r
e
f

MOUNTPOINT
/oraclecrm
/crmdata
-

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

oraclecrm/crmdata/cust
/crmdata/cust
oraclecrm/crmdata/cust@monday
oraclecrm/crmdata/cust@tuesday
oraclecrm/crmdata/mktg
oraclecrm/crmdata/mktg@monday
oraclecrm/crmdata/mktg@tuesday
oraclecrm/crmdata/om
oraclecrm/crmdata/om@monday
oraclecrm/crmdata/om@tuesday

948K

1.93G

929K

19K
0
929K
0
0
929K
0
0

1.93G
1.93G
-

929K
929K
929K
929K
929K
929K
929K
929K

/crmdata/mktg
/crmdata/om
-

root@s11-server1:~# zfs rollback oraclecrm/crmdata/cust@tuesday
You rolled back (recovered) to the cust@tuesday backup. Does it include the
colochoc customer file? You will find out in the next step.

no
a
root@s11-server1:~# ls /crmdata/cust/colochoc s
ha ฺ
/crmdata/cust/colochoc
)
om uide
c
ฺ
l
G
ai the
t
Yes, your customer colochoc is restored.m
Because
Tuesday backup was taken
n
de
after you created this customer, it was
ingyour cust@tuesday
backup.
@
u
t
o
S
d
15. Create a directory named /backup.
al this
n
o
root@s11-server1:~#
se/backup
oฺr mkdir
r
u
e
ic e to
c
(
s to store your Monday backups. Your company wants to save
Createdaoseparate n
directory
l
e
c
a
these
n backupsli offsite because this is the end of the quarter for your company.
o
R
o Use the zfs send command to recursively send the oraclecrm/crmdata@monday
r16.
14. Confirm that /crmdata/cust/colochoc is restored.

e

Cic

s

an
r
t
n

snapshot. Save the copy in a file named /backup/oraclecrm.crmdata.monday.

root@s11-server1:~# zfs send -Rv oraclecrm/crmdata@monday > \
/backup/oraclecrm.crmdata.monday
sending from @ to oraclecrm/crmdata@monday
sending from @ to oraclecrm/crmdata/om@monday
sending from @ to oraclecrm/crmdata/mktg@monday
sending from @ to oraclecrm/crmdata/cust@monday
Now you have only one /backup directory, which contains all the Monday backups.
This directory can be archived on tape or sent to another machine on the network. See
how simple the command is. Use -R to send all the snapshots in crmdata@monday.
The backed up snapshot naming convention has changed slightly to enable
differentiation between the snapshots and the backed up data.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 15

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

17. Use the ls -lh command to list the size of the file in /backup. Verify that it approximately
matches the size of the space used by the oraclecrm/crmdata file systems.
root@s11-server1:~# ls -lh /backup
total 1
-rw-r--r-1 root
root
oraclecrm.crmdata.monday

2.8M Dec 12 08:07

root@s11-server1:~# zfs list /crmdata
NAME
USED AVAIL REFER
oraclecrm/crmdata 2.77M 1.93G
34K

MOUNTPOINT
/crmdata

Yes. It does match approximately.

s

an
r
t
n

root@s11-server1:~# zfs send oraclecrm/crmdata/cust@monday > \
/backup/oraclecrm.crmdata.cust.monday

ro

e
Cic

no
a
s
a
h
root@s11-server1:~# ls -lh /backup/oraclecrm.crmdata.cust.monday
)
ฺ
e
m
d
o
-rw-r--r-1 root
root
946K
Oct
15
08:08
i
ilฺc t Gu
/backup/oraclecrm.crmdata.cust.monday
a
m den
g
tu
o@-r S
root@s11-server1:~# zfsld
list
oraclecrm
s
na thi USED AVAIL REFER MOUNTPOINT
NAME
o
r
ฺ
se
o
r
oraclecrm
2.97M 1.93G
31K /oraclecrm
u
e
o
c
i
t
c
oraclecrm/crmdata
2.77M
1.93G
34K /crmdata
( nse
o
ld lice
oraclecrm/crmdata@monday
0
34K a
n
0
34K Rooraclecrm/crmdata@tuesday
oraclecrm/crmdata/cust
/crmdata/cust
oraclecrm/crmdata/cust@monday
oraclecrm/crmdata/cust@tuesday
oraclecrm/crmdata/mktg
/crmdata/mktg
oraclecrm/crmdata/mktg@monday
oraclecrm/crmdata/mktg@tuesday
oraclecrm/crmdata/om
oraclecrm/crmdata/om@monday
oraclecrm/crmdata/om@tuesday

929K

1.93G

929K

19K
1K
929K

1.93G

929K
929K
929K

-

0
0
929K
0
0

1.93G
-

929K
929K
929K
929K
929K

/crmdata/om
-

As you can see, the Monday snapshot for the cust file system and its Monday backup
file consume approximately the same amount of storage space.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 16

le

b
a
r
e
f

18. Use the zfs send command to send the oraclecrm/crmdata/cust@monday snapshot
to the /backup directory. Then list the size of the snapshot stream.

19. Destroy the oraclecrm/crmdata/cust file system. Confirm whether it is deleted.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# zfs destroy -r oraclecrm/crmdata/cust
root@s11-server1:~# zfs list /crmdata/cust
/crmdata/cust: No such file or directory
You are destroying the cust file system so that you can test the recover (receive)
function.
20. Use the zfs receive command to re-create the oraclecrm/crmdata/cust file
system. Confirm the file system recovery by using the zfs list command.
root@s11-server1:~# zfs receive oraclecrm/crmdata/cust < \
/backup/oraclecrm.crmdata.cust.monday
root@s11-server1:~# zfs list /crmdata/cust
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm/crmdata/cust
929K 1.93G 929K /crmdata/cust
This demonstrates that the recovery was successful.

le

b
a
r
e
f

s

an
r
t
n

e
Cic

no
a
s
21. Use the zfs list command to confirm the recovery of the fullh/crmdata/cust
file
a
)
ฺ
system.
om uide
c
ฺ
root@s11-server1:~# zfs list -r oraclecrm
l
G MOUNTPOINT
ai AVAILnt REFER
NAME
USED
m
g
de
@
oraclecrm
2.96M tu1.93G
31K /oraclecrm
o
S
d
l
oraclecrm/crmdata
2.78M
1.93G
35K /crmdata
s
a thi
n
o
oraclecrm/crmdata@monday
0
34K ฺr use
o
r
e
oraclecrm/crmdata@tuesday
0
34K ic e to
c
(
oraclecrm/crmdata/cust
929K
1.93G
929K /crmdata/cust
s
o
n
d
l
e
oraclecrm/crmdata/cust@monday
0
929K lic
na
o
oraclecrm/crmdata/mktg
929K
1.93G
929K /crmdata/mktg
R
o
r
oraclecrm/crmdata/mktg@monday
oraclecrm/crmdata/mktg@tuesday
oraclecrm/crmdata/om
oraclecrm/crmdata/om@monday
oraclecrm/crmdata/om@tuesday

0
0
929K
0
0

1.93G
-

929K
929K
929K
929K
929K

/crmdata/om
-

This concludes the backup and recovery exercise. Keep the pool and destroy crmdata
and its descendant file systems. You will create new file systems in the next practice.
Confirm whether it has been destroyed.
root@s11-server1:~# zfs destroy -R oraclecrm/crmdata

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 17

Practice 4-3: Using a ZFS Clone

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
According to your predeployment test plan, in this practice, you continue to evaluate the data
backup and recovery mechanism in Oracle Solaris 11.1. In Practice 4-2, you worked with the
snapshots. In this practice, you work with the ZFS clone functionality. You have a test file
system called crmdata and you want to modify it, but you want to keep a version of the
unmodified file system.

Tasks
1.
2.
3.

Verify that the Sol11-Server1 virtual machine is running. If the virtual machine is not
running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
Execute the zfs list command to display the ZFS file systems that are currently
configured in the oraclecrm pool. Create the crmdata file system by using the zfs
create command.

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
root@s11-server1:~# zfs createg oraclecrm/crmdata
tu
o@-r S
root@s11-server1:~# zfsld
list
oraclecrm
s
na AVAIL
thi REFER MOUNTPOINT
o
NAME
USED
r
ฺ
e
us 1.94G 32K /oraclecrm
oraclecrm
ero t158K
o
c
i
(c nse 31K 1.94G 31K /oraclecrm/crmdata
oraclecrm/crmdata
o
d icofe the crmdata file system. Display the results.
a
4. Create
al snapshot
l
n
oCheck whether
R
the listsnapshots property is enabled so that the snapshots can be
ro
root@s11-server1:~# zfs list -r oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm 116K 2.01G
31K /oraclecrm

e

Cic

displayed.

root@s11-server1:~# zpool get listsnapshots oraclecrm
NAME
PROPERTY
VALUE
SOURCE
oraclecrm listsnapshots on
local
root@s11-server1:~# zfs snapshot oraclecrm/crmdata@Dec11
root@s11-server1:~# zfs list -r /oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm
159K 1.94G
32K /oraclecrm
oraclecrm/crmdata
31K 1.94G
31K /oraclecrm/crmdata
oraclecrm/crmdata@Dec11
0
31K -

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 18

le

b
a
r
e
f

5.

Create a clone of the snapshot and confirm the creation.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# zfs clone oraclecrm/crmdata@Dec11 \
oraclecrm/crmdata2
root@s11-server1:~# zfs list -r /oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm

202K

oraclecrm/crmdata
oraclecrm/crmdata@Dec11

31K
0

oraclecrm/crmdata2

18K

1.94G
1.94G
-

1.94G

33K

/oraclecrm

31K /oraclecrm/crmdata
31K 31K

/oraclecrm/crmdata2

Note that the snapshot is not mounted and the clone is. Remember from the previous
exercise that the snapshots (and clones for that matter) do not take up any storage
initially. Identify the snapshot and the clone in this display.
6.

s

an
r
t
n

root@s11-server1:/oraclecrm/crmdata2# cd
root@s11-server1:~# zfs list -r /oraclecrm
NAME
USED AVAIL REFER
oraclecrm
203K 1.94G
33K
oraclecrm/crmdata
31K 1.94G
31K
oraclecrm/crmdata@Dec11
0
31K
oraclecrm/crmdata2
19K 1.94G
31K

MOUNTPOINT
/oraclecrm
/oraclecrm/crmdata
/oraclecrm/crmdata2

Note the used column for the clone. The space utilization has gone up when compared
to the same column in step 5. Because you created a file in the clone, it will use more
storage to keep track of the new file.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 19

le

b
a
r
e
f

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
c e todemonstrate the major difference between the snapshot and
The precedingicommands
c
(
the clone.
o The snapshot
ns is not available and the clone is available, as well as modifiable.
d
l
e
c
a
7. Assuming
li have made the modifications in the clone, look at the space usage of the
on that you
clone.
R
ro

e

Cic

Compare the attributes of the snapshot and the clone.
root@s11-server1:~# ls -ld /oraclecrm/crmdata2
drwxr-xr-x
2 root
root
2 Dec 13 08:14
/oraclecrm/crmdata2
root@s11-server1:~# ls -ld /oraclecrm/crmdata@Dec11
/oraclecrm/crmdata@Dec11: No such file or directory
root@s11-server1:~# cd /oraclecrm/crmdata2
root@s11-server1:/oraclecrm/crmdata2# touch newcust
root@s11-server1:/oraclecrm/crmdata2# ls
newcust

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

8.

Now, you can proceed with replacing the main file system with the newly modified clone.
root@s11-server1:~# zfs promote oraclecrm/crmdata2
root@s11-server1:~# zfs list -r /oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm
206K 1.94G
33K /oraclecrm
oraclecrm/crmdata
0 1.94G
31K /oraclecrm/crmdata
oraclecrm/crmdata2
50K 1.94G
31K /oraclecrm/crmdata2
oraclecrm/crmdata2@Dec11
19K
31K If you do the math, the used space of the clone crmdata2 now reflects the total of the
main file system crmdata and the clone, that is, 31 KB + 19 KB = 50 KB. This means
that the new file newcust in the clone has been added to crmdata.

9.

Rename the main file system as crmdatabackup and rename the clone to replace the
main file system. Display the results.

s

an
r
t
n

root@s11-server1:~# zfs rename oraclecrm/crmdata \
oraclecrm/crmdatabackup
root@s11-server1:~# zfs rename oraclecrm/crmdata2 oraclecrm/crmdata
root@s11-server1:~# zfs list -r oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT

C

ro
ice 10.

no
a
s
a
h
)
ฺ
e
m
d
o
i
c Gu
oraclecrm
374K 1.94Gailฺ 33K /oraclecrm
nt /oraclecrm/crmdata
m d31K
oraclecrm/crmdata
50K 1.94G
e
g
o@ -Stu 31K oraclecrm/crmdata@Dec11
19K
d
l
a 0 th1.94G
is
oraclecrm/crmdatabackup
31K /oraclecrm/crmdatabackup
n
o
r
ฺ
e
ro o us
e
c
i
t that reflect the modified picture. If you need to go back to the
Now you have
the datasets
c
(
e
s
previous
ldoversion
eofncrmdata, it is saved as crmdatabackup.
c
a
i
l
n
RoThis method is useful when you want to maintain the previous version of the data or
overlay the production file system with modified data.

Destroy oraclecrm by using the zpool destroy command. Confirm the action.
root@s11-server1:~# zpool destroy oraclecrm
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH
rpool 31.8G 9.90G 21.8G 31% 1.00x ONLINE
You will start afresh in the next practice.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 20

ALTROOT
-

le

b
a
r
e
f

Practice 4-4: Configuring ZFS Properties

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
According to your predeployment test plan, in this practice, you check to see how share, quotas,
and reservation and data compression techniques work in Oracle Solaris 11.1.
While working with the quota and reservation properties, you create a new user, make the home
directory a ZFS file system, and set the properties on the user’s file system.

Task 1: Configuring Quota and Reservation Properties
1.
2.
3.

Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume primary administrator privileges.
Run the zpool list command to check the pools available. Use zfs list to display the
file systems available.
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
rpool 31.8G 9.90G 21.8G 31% 1.00x ONLINE root@s11-server1:~# zfs list
NAME
USED AVAIL REFER MOUNTPOINT
rpool
9.97G 21.3G
39K /rpool
rpool/ROOT
1.89G 21.3G
31K legacy
rpool/ROOT/solaris
1.89G 21.3G 1.61G /
rpool/ROOT/solaris/var
232M 21.3G 87.3M /var
rpool/dump
1.03G 21.3G 1.00G rpool/export
6.01G 21.3G
33K /export
rpool/export/IPS
5.74G 21.3G 5.74G /export/IPS
rpool/export/home
211K 21.3G
37K /export/home
rpool/swap
1.03G 21.3G
1.00G -

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Note that the /export/home file system is designed to store the file systems that
become the home directories for users.

4.

Now you can create the new user gail and use the ZFS file system as Gail’s home
directory.
root@s11-server1:~# useradd -u 60015 -g 10 -d /export/home/gail \
-m gail
80 blocks
root@s11-server1:~# ls -ld /export/home/gail
drwxr-xr-x
2 gail
staff
7 Dec 13 08:22
/export/home/gail

5.

Set a storage quota of 2 MB for Gail.
root@s11-server1:~# zfs set quota=2M rpool/export/home/gail
root@s11-server1:~# zfs get quota rpool/export/home/gail
NAME
PROPERTY VALUE SOURCE
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 21

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

rpool/export/home/gail quota
2M
local
root@s11-server1:~# zfs list /export/home/gail
NAME
USED AVAIL REFER MOUNTPOINT
rpool/export/home/gail
35K 1.97M
35K /export/home/gail
root@s11-server1:~# df -h /export/home/gail
Filesystem
Size Used Available Capacity Mounted on
rpool/export/home/gail
2.0M
35K
2.0M
2% /export/home/gail

Note the available space for Gail as displayed by multiple commands.
6.

Switch to Gail’s account and create a few files to test the storage limit.
root@s11-server1:~# su - gail
Oracle Corporation
SunOS 5.11
11.1
November 2012
gail@s11-server1:~$ mkfile 1m /export/home/gail/crmindex
gail@s11-server1:~$ ls -l /export/home/gail/crmindex
-rw------1 gail
staff
1048576 Dec 13 08:24
/export/home/gail/crmindex

s

an
r
t
n

no
a
s
a
h
)information.
ฺ Because Gail is
You needed to create a 1-MB file to store the CRM index
e
m
d
o
i
u
within her storage quota, there are no issues. ilฺc
G
a
t
n
m
7. Create more files in Gail’s account to test the
storage limit.
e
g
d
tu
gail@s11-server1:~$ mkfile
2m /export/home/gail/crmdoc
o@
S
d
l
s
/export/home/gail/crmdoc:
917504 of 2097152 bytes:
na initialized
hi
t
o
r
ฺ
e
Disc quota exceeded
ero to us
c
i
(c onlyn1sMB
e left in the quota. The system allocated the requested amount
o
Here lyou
have
d
e
c enough storage to meet the quota. It could spell potential problems if
but
nainitializedlionly
o
you use up all the allocated space.
ro R

e

Cic

gail@s11-server1:~$ ls -l /export/home/gail
total 4112
-rw------1 gail
staff
2097152 Dec 13 08:24 crmdoc
-rw------1 gail
staff
1048576 Dec 13 08:24 crmindex
-rw-r--r-1 gail
staff
165 Dec 13 08:22 local.cshrc
-rw-r--r-1 gail
staff
170 Dec 13 08:22 local.login
-rw-r--r-1 gail
staff
130 Dec 13 08:22
local.profile
gail@s11-server1:~$ mkfile 2m /export/home/gail/crmreq
Could not open /export/home/gail/crmreq: Disc quota exceeded
This is as expected.
gail@s11-server1:~$ ls -l /export/home/gail
total 4112
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 22

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

-rw------1
-rw------1
-rw-r--r-1
-rw-r--r-1
-rw-r--r-1
local.profile
8.

gail
gail
gail
gail
gail

staff
staff
staff
staff
staff

2097152
1048576
165
170
130

Dec
Dec
Dec
Dec
Dec

13
13
13
13
13

08:24
08:24
08:22
08:22
08:22

crmdoc
crmindex
local.cshrc
local.login

Gail is now working on a different project and needs to reserve 10 MB of storage. So now,
as the administrator, you want to make a storage reservation for Gail.
gail@s11-server1:~$ exit
logout
root@s11-server1:~# zfs set reservation=10M \
rpool/export/home/gail
cannot set property for 'rpool/export/home/gail': size is greater
than available space

le

b
a
r
e
f

Cic

e

s
n
a
r
-t up and
From the preceding steps, you know that Gail’s available space has beenn
used
o
the quota limit is still in force; therefore, you cannot make the storagen
reservation.
a
s
9. Remove the quota and the data files, and check the space utilization
a of the file systems.
h
)
ฺ
root@s11-server1:~# zfs set quota=none rpool/export/home/gail
e
m
d
o
i
ilฺc t Gu
a
n of any size that are not to
m
This will clear the quota property. Gail can
create datasets
e
g
d
exceed the total pool storage available.
o@ Stu
d
l
a this
n
o
e quota rpool/export/home/gail
root@s11-server1:~#
oฺr zfsusget
r
e
NAME
ic e to PROPERTY VALUE SOURCE
c
(
rpool/export/home/gail
quota
none
local
do icens
l
a
l
root@s11-server1:~#
rm
/export/home/gail/*
n
o
R
root@s11-server1:~# zfs list /export/home/gail
o
r
NAME
rpool/export/home/gail

USED
2.04M

AVAIL
21.3G

REFER
2.04M

MOUNTPOINT
/export/home/gail

The used column shows the current space usage since the files were deleted.
root@s11-server1:~# zfs list /export/home
NAME
USED AVAIL REFER MOUNTPOINT
rpool/export/home 246K 21.3G
38K /export/home
Note that the used column currently shows 246 KB of storage used.
10. Reserve 10 MB of storage for Gail.
root@s11-server1:~# zfs set reservation=10M \
rpool/export/home/gail
root@s11-server1:~# zfs get reservation rpool/export/home/gail
NAME
PROPERTY
VALUE
SOURCE
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 23

rpool/export/home/gail

reservation

10M

local

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Confirmed!
11. Now check the file systems.
root@s11-server1:~# zfs list /export/home/gail
NAME
USED AVAIL REFER MOUNTPOINT
rpool/export/home/gail 33.5K 21.3G 33.5K /export/home/gail
Note that the reserved space has not been added to Gail’s home directory.
root@s11-server1:~# zfs list /export/home
NAME
USED AVAIL REFER MOUNTPOINT
rpool/export/home 10.2M 21.3G
38K /export/home

s
n
a
r
However, note that space has been reserved in /export/home, which is the
-t parent
n
o
dataset. This demonstrates that reservations are considered in the used
disk
n space
a
calculation of the parent dataset.
s
a
h
)
ฺ
e
m
Task 2: Configuring the Share Property
d
o
i
u
ilฺc ant G
In this task, you share Gail’s home directory. In this situation,
assumption is made that her
a
m that
home directory contains an application documentation
isn
required by other users in other
e
g
d
@
u
t
locations on the network. In the real world,oyou
mayShave
another application directory for this
ld is
purpose that may need to be shared.
a
n
th
o
r
ฺ
e
s
ero to uvirtual
c
1. Verify that the Sol11-Server1
machine is running. If it is not, start it at this time.
i
c
(
e
s
Also start the
Sol11-Desktop
virtual
machine.
ldo licen
2. Log n
ina
to the Sol11-Server1
virtual machine as the oracle user. Use oracle1 as the
o
R
password. Assume administrator privileges.
o
cer3. Run the zpool list command to check the pools that are available. Use zfs list to

Ci

display the file systems that are available. Create a file in Gail’s directory.
root@s11-server1:~# zfs list
NAME
USED
rpool
9.97G
rpool/ROOT
1.89G
rpool/ROOT/solaris
1.89G
rpool/ROOT/solaris/var
232M
rpool/dump
1.03G
rpool/export
6.02G
rpool/export/IPS
5.74G
rpool/export/home
10.2M
rpool/export/home/gail
33.5K
rpool/export/home/jholt
35K
rpool/export/home/jmoose
35K
rpool/export/home/oracle
34K

AVAIL
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G

REFER
39K
31K
1.61G
87.3M
1.00G
274M
5.74G
38K
33.5K
35K
35K
34K

MOUNTPOINT
/rpool
legacy
/
/var
/export
/export/IPS
/export/home
/export/home/gail
/export/home/jholt
/export/home/jmoose
/export/home/oracle

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 24

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

rpool/export/home/panna
35K
rpool/export/home/sstudent 35K
rpool/swap
1.03G

21.3G
21.3G
21.3G

35K /export/home/panna
35K /export/home/sstudent
1.00G -

root@s11-server1:~# cd /export/home/gail
root@s11-server1:/export/home/gail# touch crmreq
In Gail’s home directory, you created the crmreq file.
4.

Using the chmod command, change the permissions on Gail’s home directory.
root@s11-server1:/export/home/gail# chmod 777 /export/home/gail
root@s11-server1:/export/home/gail# ls -ld /export/home/gail
drwxrwxrwx
2 gail
staff
4 Dec 13 08:27 /export/home/gail

e

Cic

le

b
a
r
e
You are setting these permissions only for training purposes. In the real world, you s
will
f
n
use appropriate permissions as required by your business environment and the
policies.
a
tr
n
5. Share her home directory with other users on the network.
no
a
root@s11-server1:/export/home/gail# zfs set share=name=gail,\
s
a
h
path=/export/home/gail,prot=nfs rpool/export/home/gail
)
ฺ
e
m
d
o
name=gail,path=/export/home/gail,prot=nfs
i
c Gu
ilฺzfs
a
root@s11-server1:/export/home/gail#
t sharenfs=on \
m denset
g
rpool/export/home/gail
o@ Stu
d
l
a/export/home/gail.
is
n
h
t
Enable the share property
on
o
oฺr use
r
e
ic e to
root@s11-server1:/export/home/gail#
share
c
(
s
gailldo /export/home/gail
nfs
sec=sys,rw
en
c
a
i
l
n
/export/home/gail
nfs
sec=sys,rw
oexport_home_gail
R
ro
This confirms that the file system is being shared.

root@s11-serv1:/export/home/gail# svcs -a | grep nfs
disabled
Dec_13
svc:/network/nfs/cbd:default
disabled
Dec_13
svc:/network/nfs/client:default
online

online
online
online
online
online

Dec_13

8:31:55
8:31:56
8:31:56
8:31:56
8:32:00

svc:/network/nfs/fedfs-client:default

svc:/network/nfs/status:default
svc:/network/nfs/rquota:default
svc:/network/nfs/mapid:default
svc:/network/nfs/nlockmgr:default
svc:/network/nfs/server:default

The system has brought the NFS server online. It is always a good idea to check this.
Note: You may need to manually share the NFS file system if it fails to do so
automatically.
If the NFS server is not enabled, issue this command:
# share -F nfs -o rw /export/home/gail
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 25

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Log in to the Sol11-Desktop virtual machine as the oracle user. Use oracle1 as the
password. Open a terminal window and assume administrator privileges. Check if you can
see the share.
root@s11-desktop:~# dfshares s11-server1
RESOURCE
SERVER ACCESS
TRANSPORT
s11-server1:/export/home/gail
s11-server1 s11-server1:/export/share
s11-server1 . . .
Yes, you can see the resource shared by the s11-server1 server.

7.

Create the mount point and mount the shared resource.
root@s11-desktop:~# mkdir /gaildir
root@s11-desktop:~# mount -f nfs s11-server1:/export/home/gail /gaildir
root@s11-desktop:~# cd /gaildir
root@s11-desktop:/gaildir# ls
crmreq

s

no
a
s
a
root@s11-desktop:/gaildir# touch crmdata
h
)
ฺ
root@s11-desktop:/gaildir# ls
e
m
d
o
i
crmdata crmreq
ilฺc t Gu
a
n you have read/write access.
m demeaning
g
You can create another file in the shared
directory,
tu you can unmount it.
o@Gail’sSdirectory,
d
l
8. Because you have finished working
with
s
na tcdhi
o
r
root@s11-desktop:/gaildir#
ฺ
e
s
o
r
u
e
root@s11-desktop:~#
ic e toumount /gaildir
c
(
o ens
d
l
a
Ifn
you are unable
lic to mount the /gaildir directory, use -f to unmount it.
o
ro R root@s11-desktop:~# umount -f /gaildir
You can see the shared file crmreq in Gail’s home directory.

e 9.

Cic

an
r
t
n

Return to the s11-server1 VM and stop sharing the directory.

root@s11-server1:~# zfs set sharenfs=off rpool/export/home/gail

Task 3: Configuring ZFS Compression
1.

Verify that the Sol11-Server1 virtual machine is running.

2.

Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume primary administrator privileges.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 26

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

3.

Using the command zpool, create the oraclecrm pool using disks c7t2d0 and c7t3d0.
Run the zfs list command to list the space currently used by oraclecrm. Make a note
of the value indicated.
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
rpool 31.8G 9.90G 21.8G 31% 1.00x ONLINE root@s11-server1:~# zpool create oraclecrm c7t2d0 c7t3d0
'oraclecrm' successfully created, but with no redundancy; failure
of one device will cause loss of the pool
root@s11-server1:~# zfs list -r oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm
88K 1.94G
31K /oraclecrm
Currently, you have the pool available to you with no other file systems, which you
confirm by using the -r option.

4.

5.

er6.o
c
i
C

s
n
a
r
Use the ls command with the –lh options to list the size of the archive file in -t
on
/opt/ora/data. Make a note of it.
n
a
root@s11-server1:~# ls -lh /opt/ora/data/custarchive.tar
s
a
) h13 09:09
-rw-r—r-1 root
root
786K Dec
ฺ
e
m
d
o
i
/opt/ora/data/custarchive.tar
ilฺc t Gu
a
gm en
The new file takes up approximately@
786 KB. tud
do is toShold the files that you will copy to the file
l
Create a directory named /oraclecrm/cmp
a
n
th
o
system.
r
ฺ
e
us /oraclecrm/cmp
ero tomkdir
root@s11-server1:~#
c
i
(c nse
o
ld cebe used to store the compressed customer data.
a
This
directoryliwill
n
Ro
Use the zfs get command to display the current settings of the compression and
compressratio properties for oraclecrm. Verify that compression is off and the
compression ratio is 1.00x.
root@s11-server1:~# zfs get compression,compressratio oraclecrm
NAME
PROPERTY
VALUE
SOURCE
oraclecrm compression
off
default
oraclecrm compressratio 1.00x
The compression property is set to off by default. Because compression is off, the
compressratio property is set to 1.00x. A ratio of 1-to-1 for data means no
compression.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 27

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7.

Copy /opt/ora/data/custarchive.tar to /oraclecrm/cmp/custarchive.tar.
List the file to display its size.
root@s11-server1:~# cp /opt/ora/data/custarchive.tar \
/oraclecrm/cmp/custarchive.tar
root@s11-server1:~# ls -lh /oraclecrm/cmp
total 1
-rw-r--r-1 root
root
786K Dec 13 09:47 custarchive.tar
After copying the file into the pool, it consumes approximately the same space.

8.

Use the zfs list command to list the space used by oraclecrm. Does the space used
match the size of /oraclecrm/cmp/custarchive.tar?
root@s11-server1:~# zfs list oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm
992K 1.94G
931K /oraclecrm

le

b
a
r
e
f

s

an
r
t
n

no
a
9. Use zfs get to verify that the compression ratio for oraclecrm issstill 1.00x.
ha ฺ
root@s11-server1:~# zfs get compressratio )oraclecrm
om uide
c
NAME
PROPERTY
VALUE SOURCE
ฺ
l
ai nt G
oraclecrm compressratio 1.00xmg ude
@
t
o
S
d
Yes, compressratio is still unchanged.
l
s
nafor oraclecrm
thi to gzip and verify that the new value is
o
10. Set the compression property
r
ฺ
e
set.
ero to us
c
i
(c nse zfs set compression=gzip oraclecrm
root@s11-server1:~#
o
ld lice
root@s11-server1:~#
zfs get compression oraclecrm
a
n
o
NAME
PROPERTY
VALUE
SOURCE
ro R
Yes, the zfs list command also confirms the same space consumption.

e

Cic

oraclecrm

compression

gzip

local

You set the compression property on oraclecrm file system to gzip. Now notice the
space usage of the files, which get stored in the oraclecrm file system.
root@s11-server1:~# zfs set compression=ggg oraclecrm
cannot set property for 'oraclecrm': 'compression' must be one of
'on | off | lzjb | gzip | gzip-[1-9] | zle'
The purpose of this command is to demonstrate the different types of compression
property values that are available. You intentionally specify ggg so that you can see
valid property values.
Optionally, you can experiment with these compression types and compare the
compression ratio.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 28

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

11. Copy /opt/ora/data/custarchive.tar to /oraclecrm/cmp/archive2.tar. List
all the files in /oraclecrm/cmp to display their sizes. Are the files in /oraclecrm/cmp
the same size?
root@s11-server1:~# cp /opt/ora/data/custarchive.tar \
/oraclecrm/cmp/archive2.tar
root@s11-server1:~# ls -lh /oraclecrm/cmp
total 3529
-rw-r--r-1 root
root
786K Dec 13 09:11 archive2.tar
-rw-r--r-1 root
root
786K Dec 13 09:09 custarchive.tar

Yes, they are equal as displayed by the ls command.
12. Use the zfs list command to list the space used by oraclecrm. Does the space used
match the sum of the size of the two files? No, the output reports a smaller size than the
sum of the two files.
root@s11-server1:~# zfs list oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm 1.12M 1.94G 1.06M /oraclecrm

s

an
r
t
n

no
a
s by the two files would
With reference to the preceding step, the sum of the space utilized
a
h
be 1572 KB as against 1.12 MB displayed by the zfs list
) command.
ฺ
e
m
d
o
i
ucompressratio property
13. Use the zfs get command to display the current isetting
lฺc oft the
G
a
for oraclecrm. Notice that compressratiom
is now 1.55x.
n
e
g
d
root@s11-server1:~# zfs get
oraclecrm
tu
o@compressratio
S
d
l
s
NAME
PROPERTY na
VALUE
hi SOURCE
t
o
r
ฺ
e
oraclecrm compressratio
s 1.68x o
r
u
e
o
ic e t
c
(
s means that data is being compressed at a ratio of 1.68-1
The ratio
nwhich
dois 1.68x,
l
e
c
a
li 59%).
n
o(approximately
R
o Copy /opt/ora/data/custarchive.tar to /oraclecrm/cmp/archive3.tar. List
r14.

e

Cic

all the files in /oraclecrm/cmp to display their sizes. Are the files in /oraclecrm/cmp
the same size?
root@s11-server1:~# cp /opt/ora/data/custarchive.tar \
/oraclecrm/cmp/archive3.tar
root@s11-server1:~# ls -lh /oraclecrm/cmp
total 2405
-rw-r--r--rw-r--r--rw-r--r--

1 root

root

786K Dec 13 09:11 archive2.tar

1 root

root

786K Dec 13 09:12 archive3.tar

1 root

root

786K Dec 13 09:09 custarchive.tar

Yes, they are.
15. Use the du –h command to display the space used by the files in /oraclecrm/cmp. How
does the amount of space used by these files compare?
root@s11-server1:~# du -h /oraclecrm/cmp/*
152K
/oraclecrm/cmp/archive2.tar
152K
/oraclecrm/cmp/archive3.tar
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 29

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

898K

/oraclecrm/cmp/custarchive.tar

The custarchive.tar file uses the same space as the ls -lh command indicates.
The other two files show a percentage of the original size of the files. The
custarchive.tar file was created in the cmp file system before enabling
compression. This was done intentionally, so that you can see the difference between
space usage by compressed and uncompressed files.
16. Use the zfs get command to display the current value of the compressratio property
for oraclecrm. What is the current compression ratio? How has it changed and why?
root@s11-server1:~# zfs get compressratio oraclecrm
NAME
PROPERTY
VALUE SOURCE
oraclecrm compressratio 2.20x -

le

Cic

e

b
The compression ratio is now 2.20x. It has increased with the addition of the second era
sf
compressed file. A larger portion of the data in the pool is now being compressed.nThis
a
tr
demonstrates that as you add more data files in a ZFS file system with compression
n
enabled, compression further reduces space utilization.
no
a
s
17. Remove the /oraclecrm/cmp/custarchive.tar file.
a
h
)
ฺ
root@s11-server1:~# rm /oraclecrm/cmp/custarchive.tar
e
m
d
o
i
u
lฺc of ttheGcompressratio
18. Use the zfs get command to display the current ivalue
property
a
n
m
for oraclecrm. What is the current compression
ratio?
eHow has it changed and why?
g u
d
@
t
root@s11-server1:~# zfs d
get
oraclecrm
o compressratio
S
l
s
a
i
NAME
PROPERTYon
VALUE
th SOURCE
r
ฺ
e
oraclecrm compressratio
ero to us 5.41x c
i
(c nse
o
The compression
ld liceratio has increased again with the removal of the uncompressed file.
a
n
o the zfs list command to list the space used by oraclecrm and du –h to list the
19. R
Use
o
space
used by the remaining two files in /oraclecrm/cmp. Does the refer value
r
reported by zfs list reflect the sum of the space used by the two files in
/oraclecrm/cmp?
root@s11-server1:~# zfs list oraclecrm
NAME
USED AVAIL REFER MOUNTPOINT
oraclecrm 398K 1.94G
336K /oraclecrm
root@s11-server1:~# du -h /oraclecrm/cmp/*
152K
/oraclecrm/cmp/archive2.tar
152K
/oraclecrm/cmp/archive3.tar
Yes, the two values are correlated.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 30

20. Using the zpool destroy command, delete the oraclecrm pool. Confirm the action.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# zpool destroy oraclecrm
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP
rpool 31.8G 9.90G 21.8G 31%

DEDUP
1.00x

HEALTH
ONLINE

ALTROOT
-

You have destroyed the pool because you have finished using it.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 31

Practice 4-5: Troubleshooting ZFS Failures

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you will work with ZFS device and data problems. For demonstration purposes,
you will simulate the problems and correct the problems. This practice includes the following
activities:
• Troubleshooting ZFS device issues
• Troubleshooting ZFS data errors

Task 1: Troubleshooting ZFS Device Issues
This task includes the following activities:
• Creating ZFS components
•

Configuring syslog for Fault Manager Daemon (FMD) messages

•

Troubleshooting a ZFS device error in a raidz pool

s

an
r
t
n

no
a
1. Verify that the Sol11-Server1 virtual machine is running. If the virtual
s machine is not
a
h
running, start it now.
)
ฺ
e
m
d
o
i
2. Log in to the Sol11-Server1 virtual machine as the
oracle
user.
Use
oracle1 as the
c Gu
ฺ
l
i
password. Assume primary administrator privileges.
a nt
m
g
oracle@s11-server1:~$ su - @
de
u
t
o
Password: oracle1
ld is S
a
n
th5.11
o
Oracle Corporation
SunOS
11.1
September 2012
r
ฺ
e
s
o
r
u
root@s11-server1:~#
e
ic e to
c
(
3. Using the zpool
ns create a raidz pool with three virtual devices. Verify the
do iccommands,
e
results.al
l
n
oroot@s11-server1:~#
R
format
ro
Task 1A: Creating the ZFS Components

e

Cic

le

b
a
r
e
f

Searching for disks...done
AVAILABLE DISK SELECTIONS:

0. c7t0d0 
cyl 1022 alt 2 hd 64 sec 32>
cyl 1022 alt 2 hd 64 sec 32>
cyl 1022 alt 2 hd 64 sec 32>
cyl 1022 alt 2 hd 64 sec 32>
cyl 1022 alt 2 hd 64 sec 32>
cyl 1022 alt 2 hd 64 sec 32>
cyl 1022 alt 2 hd 64 sec 32>

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 32

/pci@0,0/pci8086,2829@d/disk@6,0
8. c7t9d0 
/pci@0,0/pci8086,2829@d/disk@7,0

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Specify disk (enter its number): ^C
root@s11-server1:~# zpool create assetpool raidz c7t3d0 c7t4d0 c7t5d0
root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
assetpool 2.95G
241K 2.95G
0% 1.00x ONLINE rpool
31.8G 9.90G 21.8G 31% 1.00x ONLINE -

root@s11-server1:~# zpool status assetpool
pool: assetpool
state: ONLINE
scan: none requested

le

s

an
r
t
n

config:

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
r
se
oฺdata
r
u
errors: No known
errors
e
ic e zpool
to status -x
c
(
root@s11-server1:~#
s
nhealthy
do iare
e
allalpools
c
l
n
RUseo the zfs command to create an inventory file system in your assetpool.
NAME
assetpool
raidz1-0
c7t3d0
c7t4d0
c7t5d0

4.
o
r
ce

Ci

STATE
ONLINE
ONLINE
ONLINE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
-

root@s11-server1:~# zfs create assetpool/inventory
root@s11-server1:~# zfs mount | grep inventory
assetpool/inventory
/assetpool/inventory
root@s11-server1:~# ls -lh /opt/ora/data/custarchive.tar
-rw-r—r-1 root
root
786K Dec 13 09:09
/opt/ora/data/custarchive.tar
For training purposes, you use the custarchive.tar file to simulate business
application files.

5.

b
a
r
e
f

Use the cp command to copy the custarchive file into the inventory file system.
root@s11-server1:~# cp /opt/ora/data/custarchive.tar \
/assetpool/inventory/custarchive.tar

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 33

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Task 1B: Configuring syslog for FMD Messages
1.

Create a new file named /var/adm/messages.fmd for Fault Management Daemon to log
the device-related messages.
root@s11-server1:~# touch /var/adm/messages.fmd

2.

Back up the current /etc/syslog.conf file.
root@s11-server1:~# cp /etc/syslog.conf /etc/syslog.conf.orig

3.

Edit the /etc/syslog.conf file. Enter a new line below the existing line as shown.
root@s11-server1:~# vi /etc/syslog.conf
Existing line:
*.err;kern.debug;daemon.notice;mail.crit

/var/adm/messages

le

New line:
daemon.err

b
a
r
e
f

s

an
r
t
n

/var/adm/messages.fmd

no
a
s
a
h
) /var/adm/messages
ฺ
e
m
*.err;kern.debug;daemon.notice;mail.crit
d
o
i
u
ilฺc t G/var/adm/messages.fmd
daemon.err
a
m den
g
tu
o@
Remember to separate the columns
by using
tabs.
S
d
l
s
na thi
o
r
ฺ
sinesyslog? This step will ensure that all ZFS deviceoof this entry
r
What is the purpose
u
e
ic are elogged
to in a separate file for this practice.
related messages
c
(
ns hardware-related messages to the /var/adm/messages file.)
do FMD
(Normally,
writes
l
e
c
a
li
n
RUseo the svcadm command to refresh the syslog service for the new configuration to take
Make it look similar to the following:

4.

ro

e
Cic

effect.
root@s11-server1:~# svcadm refresh system-log

Task 1C: Troubleshooting a ZFS Device Error in a raid-z Pool
1.

Verify that you can read the contents of your data file
/assetpool/inventory/custarchive.tar.
root@s11-server1:~# tar tvf /assetpool/inventory/custarchive.tar
…
-r--r--r-- root/bin
0 Oct 20 22:18 usr/share/commonlisp/
-r--r--r-- root/bin
0 Oct 20 22:18 usr/share/commonlisp/source/
-r--r--r-- root/bin
0 Oct 20 22:27 usr/share/commonlisp/source/gpg
-error/
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 34

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

-r--r--r-- root/bin
2206 Oct 20 09:01 usr/share/commonlisp/source/gpg
-error/gpg-error-package.lisp
…
…
…
Can you access your data in the inventory file system? Yes
Note that the contents are irrelevant in this situation. The output of the file that you are
viewing was created to simulate a business application data file and is only for training
purposes.
2.

Display the status of assetpool and verify that all devices are online.
root@s11-server1:~# zpool status assetpool
pool: assetpool
state: ONLINE
scan: none requested
config:

3.

Ci

o
cer

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
NAME
STATE
READ WRITE o
CKSUM
d
i
u
ฺc G
assetpool
ONLINE
0 ail 0
0
t
m d0 en 0
g
raidz1-0 ONLINE
0
@ - Stu c7t3d0 ONLINEldo
s
a
i
n
h
c7t4d0 rONLINE
o se t ฺ
o
r
c7t5d0
u
e ONLINE
o
c
i
t
c
( nse
o No
d
l
e data errors
errors:
known
c
a
i
l
n
o the prtvtoc command, display the current vtoc configuration of the c7t5d0 disk.
RUsing
root@s11-desktop:~# prtvtoc /dev/rdsk/c7t5d0
* /dev/rdsk/c7t5d0 partition map
*
* Dimensions:
*
512 bytes/sector
* 2097152 sectors
* 2097085 accessible sectors
*
* Flags:
*
1: unmountable
* 10: read-only
*
* Unallocated space:
*
First
Sector
Last
*
Sector
Count
Sector
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 35

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

*
34
*
*
* Partition Tag
Directory
0
4
8
11

222

255

Flags

First
Sector

00
00

256
2080735

Sector
Count
2080479
16384

Last
Sector

Mount

2080734
2097118

Note that you will be working with the highlighted slice 0 entry.
4.

Save vtoc and cause the c7t5d0 disk to appear as failed. Use the /var/tmp/vtoc5 file
as indicated to make slice 0 disappear.
root@s11-server1:~# prtvtoc /dev/rdsk/c7t5d0 > /var/tmp/vtoc5.orig
root@s11-server1:~# prtvtoc /dev/rdsk/c7t5d0 > /var/tmp/vtoc5

le

b
a
r
e
f

s

an
r
t
n

Note that you have saved a copy of c7t5d0 vtoc to two files because you will modify
the /var/tmp/vtoc5 file and keep /var/tmp/vtoc5.orig as a copy of your original
vtoc configuration.

ro

e
Cic

no
a
s
a
h
)
ฺ
e
m
Delete the slice 0 configuration from vtoc (the highlighted
entry
in
the preceding step).
d
o
i
ilฺc t Gu
a
m den
g
root@s11-server1:~# vi /var/tmp/vtoc5
o@ Stu
d
l
a this
n
o
Verify that the slice 0 line
is
deleted.
se/var/tmp/vtoc5
oฺr tail
r
u
root@s11-server1:~#
e
ic e to
c
(
* 10: read-only
o ens
* ald
lic
n
o
R * Unallocated space:
*
First
Sector
*
Sector
Count
*
34
222
*
*
* Partition Tag Flags
Directory
8
11
00

Last
Sector
255
First
Sector
2158559

Sector
Count
16384

Last
Sector

Mount

2174942

Is the slice 0 line available? No, it has been deleted.
What is the purpose of deleting this entry? So that you can simulate a device problem
The system will not be able to use this disk because its vtoc configuration is not
available, thus affecting the ZFS pool.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 36

5.

Use the fmthard command to copy the modified vtoc to the disk.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# fmthard -s /var/tmp/vtoc5 /dev/rdsk/c7t5d0s0
fmthard: New volume table of contents now in place.
What is the purpose of this command? To overlay the current c7t5d0 vtoc
6.

7.

Repeat steps 1 and 2 in the current task.
Question: Why is the system showing no errors with disk c7t5d0, whereas its vtoc is
corrupted?
Answer: Because the system is working with vtoc and its configuration from memory. You
need to recycle the disk.
Using the zpool command, take the disk offline and attempt to put it back online. Display
the status of the pool.
root@s11-server1:~# zpool offline assetpool c7t5d0
root@s11-server1:~# zpool online assetpool c7t5d0
warning: device 'c7t5d0' onlined, but remains in faulted state
use 'zpool clear' to restore a faulted device
root@s11-server1:~#

s

an
r
t
n

C

ro
ice

no
a
s
a
h
)
ฺ
e
m
d
o
root@s11-server1:~# zpool status assetpool
i
ilฺc t Gu
a
pool: assetpool
m den
g
state: DEGRADED
@unavailable
tu in response to persistent
oare
S
status: One or more devices
d
l
s
na replicas
errors. Sufficient
thi exist for the pool to continue
o
r
ฺ
e
functioning
ro oinuasdegraded state.
e
c
i
action: Determine
if tthe device needs to be replaced, and clear the
c
(
e
s
ldoerrors
enusing 'zpool clear' or 'fmadm repaired', or replace the
c
a
i
l
n
device with 'zpool replace'.
Ro
Run 'zpool status -v' to see device specific details.

config:
NAME
STATE
READ WRITE CKSUM
assetpool
DEGRADED
0
0
0
raidz1-0 DEGRADED
0
0
0
c7t3d0 ONLINE
0
0
0
c7t4d0 ONLINE
0
0
0
c7t5d0 UNAVAIL
0
0
0
errors: No known data errors

In your raidz pool, is disk c7t5d0 available? No, it cannot be opened.
Note that the message displayed on your system may be different.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 37

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

8.

Using the more command, view the contents of your log file /var/adm/messages.fmd.
root@s11-server1:~# more /var/adm/messages.fmd
Dec 12 05:17:08 s11-server1 fmd: [ID 377184 daemon.error] SUNWMSG-ID: ZFS-8000-LR, TYPE: Fault, VER: 1, SEVERITY: Major
Dec 12 05:17:08 s11-server1 EVENT-TIME: Wed Dec 12 05:17:08 UTC
2012
Dec 12 05:17:08 s11-server1 PLATFORM: VirtualBox, CSN: 0,
HOSTNAME: s11-server1
Dec 12 05:17:08 s11-server1 SOURCE: zfs-diagnosis, REV: 1.0
Dec 12 05:17:08 s11-server1 EVENT-ID: fbe8ab80-a530-e5a3-bc1aa8709067f39e
Dec 12 05:17:08 s11-server1 DESC: ZFS device
'id1,sd@SATA_____VBOX_HARDDISK____VBc5298f81-7a69e7ac/a' in pool
'assetpool' failed to
open.
Dec 12 05:17:08 s11-server1 AUTO-RESPONSE: An attempt will be
made to activate a hot spare if available.
Dec 12 05:17:08 s11-server1 IMPACT: Fault tolerance of the pool
may be compromised.
Dec 12 05:17:08 s11-server1 REC-ACTION: Use 'fmadm faulty' to
provide a more detailed view of this event. Run 'zpool status lx' for
more information. Please refer to the associated reference
document at http://support.oracle.com/msg/ZFS-8000-LR for the
latest ser
vice procedures and policies regarding this diagnosis.
root@s11-server1:~#

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce 9. Using the zpool command, replace the faulty disk with an available disk. Clear any poolThe FMD facility logged the device corruption messages in the configured file.

level errors logged by ZFS. Verify the results.
root@s11-server1:~# zpool replace assetpool c7t5d0 c7t2d0
Which disk is replacing which disk? You are replacing c7t5d0 with c7t2d0.

root@s11-server1:~# zpool clear assetpool
root@s11-server1:~# zpool status assetpool
pool: assetpool
state: ONLINE
scan: resilvered 524K in 0h0m with 0 errors on Wed Dec 14
09:37:38 2012
config:
NAME
assetpool

STATE
ONLINE

READ WRITE CKSUM
0
0
0

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 38

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

raidz1-0
c7t3d0
c7t4d0
c7t2d0

ONLINE
ONLINE
ONLINE
ONLINE

0
-

0
-

0
-

errors: No known data errors
Has the faulty disk been replaced? Yes
Is the pool healthy? Yes
10. Using the scrub command, have ZFS streamline the data in the raidz pool.
root@s11-server1:~# zpool scrub assetpool
root@s11-server1:~# zpool status assetpool
pool: assetpool
state: ONLINE
scan: scrub repaired 0 in 0h0m with 0 errors on Wed Dec 14
18:05:55 2012
config:

le

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
m ide
oCKSUM
NAME
STATE
READ WRITE
c
u
ฺ
l
i
G
a
t
assetpool
ONLINE
0m
0 n 0
e 0
g
d
raidz1-0 ONLINE
0
0
@
u
t
o
ld is- S c7t3d0 ONLINE
a
n
h
t
o
c7t4d0 ฺrONLINEse
o
r
u
e
c7t2d0
ic eONLINE
to
c
(
o ens
d
l
a
Nolic
known data errors
n
oerrors:

Ci

R
o
r
Your display may be a bit different.
ce

What is the purpose of the scrub operation? To ensure data population on the new disk
11. Using the zpool command, destroy the pool assetpool.
root@s11-server1:~# zpool destroy assetpool

Task 2: Troubleshooting ZFS Data Errors in a Mirror Pool
In this task, you inject errors into your data file. Then you implement corrective measures to
make sure that the data is restored from the mirror copy.
The following activities are covered in this task:
• Running an explicit scrub
• Restoring data in the mirror pool

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 39

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Note: Your command output displays may be different than the displays in the practice. In
some cases, ZFS may indicate a different number of errors or no errors. It may show errors
at different points in the process based upon when it performs certain internal data integrity
processes, for example, the scrub operation. The steps in this task demonstrate multiple
possible scenarios to assist in understanding why your output would be unpredictable.
Some of the factors governing this unpredictability are:
• ZFS is monitoring the errors but can discover all the data errors only after a full
scrub. Based upon where it is in the scrub process, it will be able to display the sofar discovered errors. So for this reason, the number can change in subsequent
status displays.
• Because ZFS is performing the scrub operation periodically, it depends when it
launches it. This will affect the timing of the results displayed to you.
• Based upon the volume of data generated, ZFS may be able to work with the same
disk or utilize the spare disk.
Based upon multiple variables in the situation, you will get different output every time you
perform this task.

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
n If the virtual machine is not
m is running.
e
g
1. Verify that the Sol11-Server1 virtual machine
d
o@ Stu
running, start it now.
d
l
a machine
is as the oracle user. Use oracle1 as the
n
2. Log in to the Sol11-Server1
virtual
h
t
o
password. Assume administrator
se
oฺr uprivileges.
r
e
ic e to su oracle@S11-server1:~$
c
(
ns
Password:
do ioracle1
l
e
c
a
l
n
Corporation
SunOS 5.11
11.0
November 2012
oOracle
R
ro root@s11-server1:~#

The main objective of this task is to demonstrate a situation where the results can be different
with every iteration of the task, while at the same time showing you how ZFS discovers and
corrects the errors. This process of discovering and repairing is called self-healing, which is an
extremely useful function of ZFS.

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 40

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

3.

Use the zpool command and create a mirror pool. Check the health of the pool.
root@s11-server1:~# zpool create assetpool mirror c7t3d0 c7t4d0
spare c7t5d0
root@s11-server1:~# zpool status assetpool
pool: assetpool
state: ONLINE
scan: none requested
config:
NAME
assetpool
mirror-0
c7t3d0
c7t4d0
spares
c7t5d0

READ WRITE CKSUM
0
0
0
0
0
0
0
0
0
0
0
0

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
errors: No known data errors
)
ฺ
e
m
d
o
i
4. Use the tar command to create a demonstration data
file.
Let
it
generate
data for a minute
c Gu
ฺ
l
i
a nt
or more, and then break the command.
m
g
de
root@s11-server1:~# tar cvf@
/assetpool/data.tar
/usr
u
t
o
S
d
…
al this
n
o
…
ฺr use
o
r
e
/usr/bin/nvidia-xconfig
ic e to
c
(
/usr/bin/alacarte
do icens
l
/usr/bin/iceauth
a
l
n
o/usr/bin/ps2ascii
R
ro

e

Cic

STATE
ONLINE
ONLINE
ONLINE
ONLINE
AVAIL

/usr/bin/gvfs-mount
/usr/bin/pmap
/usr/bin/smproxy
/usr/bin/pkglint
/usr/bin/nautilus-connect-server
…


root@s11-server1:~# zfs list /assetpool
NAME
USED AVAIL REFER MOUNTPOINT
assetpool 154M
822M
154M /assetpool

For training purposes, you are creating a data file with a significant amount of data in it.
Your displays and data will be different.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 41

5.

Using the dd command, corrupt the data on the first disk.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# dd if=/dev/zero of=/dev/dsk/c7t3d0 oseek=100
bs=8192 count=10000 conv=notrunc
10000+0 records in
10000+0 records out
If you are not familiar with the dd command, refer to the man pages. Using full blocks,
you are overlaying 10,000 blocks of 8 kilobytes with zeros. Because you are using the
oseek option, you are bypassing the beginning data (VTOC and other system-reserved
sectors) on the disk.
6.

Using the tar command, display your data.
root@s11-server1:~# tar tvf /assetpool/data.tar
…
…
…
drwxr-xr-x root/sys
0 Oct 20 17:34 usr/
lrwxrwxrwx root/root
0 Oct 20 17:34 usr/tmp -> ../var/tmp
lrwxrwxrwx root/root
0 Oct 20 17:34 usr/mail -> ../var/mail
drwxr-xr-x root/bin
0 Oct 20 17:34 usr/snadm/
…
…
…

le

b
a
r
e
f

s

an
r
t
n

o

7.

ro

e
Cic

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
Is your data still there? Yes
o
r
ฺ
sethe status of the pool.
o display
r
Using the zpool command,
u
e
ic e tozpool status assetpool
c
root@s11-server1:~#
(
ns
do assetpool
l
e
pool:
c
a
li
n
Ro state: ONLINE
scan: none requested
config:
NAME
assetpool
mirror-0
c7t3d0
c7t4d0
spares
c7t5d0

STATE
ONLINE
ONLINE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
0
0
15
0
0
0

AVAIL

errors: No known data errors
Note the checksum errors on the disk c7t3d0. ZFS has discovered some data errors.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 42

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Your display may not show these errors until the scrub is performed in step 11. ZFS
discovers the errors based upon multiple factors and one of them is when it performs the
scrub.
8.

Using the zpool commands, take the corrupted disk offline and then bring it online to
refresh its status.
root@s11-server1:~# zpool offline assetpool c7t3d0
root@s11-server1:~# zpool online assetpool c7t3d0
warning: device 'c7t3d0' onlined, but remains in degraded state

9.

Using the zpool command, display the pool’s status.
root@s11-server1:~# zpool status assetpool
pool: assetpool
state: ONLINE
config:

le

s

STATE
ONLINE
ONLINE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
0
0
19
0
0
0

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
AVAIL
s
na thi
o
r
ฺ
e
s
o
r
u
e
errors: No iknown
c edata
to errors
c
(
o ens
d
l
a
Yes
lic
oIsnthe pool functional?
NAME
assetpool
mirror-0
c7t3d0
c7t4d0
spares
c7t5d0

b
a
r
e
f

Ci

R
o
r
What actions has ZFS taken? Due to data errors, it is trying to recover the data as
ce

indicated by the resilvering status. By recycling the disk, it has discovered more data
errors.
Your display may not show these errors until the scrub is performed in step 11. ZFS
discovers the errors based upon multiple factors and one of them is when it performs the
scrub.
Note: Out varies from system to system.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 43

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

10. Using the zpool command, clear the errors and display the pool’s status.
root@s11-server1:~# zpool clear assetpool
root@s11-server1:~# zpool status assetpool
pool: assetpool
state: ONLINE
scan: resilvered 9K in 0h0m with 0 errors on Thu Dec 15 07:15:31 2012
config:
NAME
assetpool
mirror-0
c7t3d0
c7t4d0
spares
c7t5d0

STATE
ONLINE
ONLINE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
0
0
0
0
0
0

le

s

an
r
t
n

AVAIL

no
a
s
a
h
By clearing the errors, now the corrupted disk seems to be
operational
and does not
)
ฺ
e
m
report any errors.
co Guid
ฺ
l
i
a pool, nandt display the pool’s health.
11. Using the zpool command, scrub the data on the
m
g
de
root@s11-server1:~# zpool scrub
assetpool
@
u
t
o
S
root@s11-server1:~# zpool ld
status s
assetpool
a
i
n
h
t
pool: assetpool ro
ฺ
e
s
o
r
state: ONLINEe
u
o
c
i
t
c
status: One
or
more
devices
has been diagnosed as degraded. An attempt
( nse
o
ld waslicmade
e to correct the error. Applications are unaffected.
a
n
action:
Determine
if the device needs to be replaced, and clear the
o
R
errors using 'zpool clear' or 'fmadm repaired', or replace the
ro
errors: No known data errors

e

Cic

b
a
r
e
f

device with 'zpool replace'.
Run 'zpool status -v' to see device specific details.
scan: scrub in progress since Wed Dec 12 05:59:16 2012
310M scanned out of 976M at 62.1M/s, 0h0m to go
2.01M repaired, 31.79% done
config:
NAME
assetpool
mirror-0
c7t3d0
c7t4d0
spares
c7t5d0

STATE
ONLINE
ONLINE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
0
0
343
0
0
0

(repairing)

AVAIL

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 44

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

errors: No known data errors

Note that ZFS is in the process of scrubbing the data as reported in the scan progress.
You may see a completely different output display based upon when ZFS runs into data
errors. This display is included here as a possible outcome.
The following display is another possible outcome you may receive, once again based
upon when and how ZFS encounters the errors.
pool: assetpool
state: DEGRADED
status: One or more devices has been diagnosed as degraded. An attempt
was made to correct the error. Applications are unaffected.
action: Determine if the device needs to be replaced, and clear the
errors
using 'zpool clear' or 'fmadm repaired', or replace the device
with 'zpool replace'.
Run 'zpool status -v' to see device specific details.
scan: scrub in progress since Wed Dec 12 05:59:16 2012
310M scanned out of 976M at 62.1M/s, 0h0m to go
2.01M repaired, 31.79% done
config:

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
NAME
STATE o@
READ WRITE
tu CKSUM
S
d
l
s
assetpool
DEGRADED
0
0
na thi 00
o
mirror-0 ฺrDEGRADED
0
0
e
s
o
r
u
e
0
0
31 (repairing)
c e DEGRADED
ic7t3d0
to
c
(
c7t4d0
ONLINE
0
0
0
s
o c7t5d0
n
d
l
e
ONLINE
0
0
0
lic
ona

Ci

R
o
r
ce

errors: No known data errors

Notice that in this example the pool is in the degraded state and that the spare disk
c7t5d0 you assigned in step 3 is now in use and has taken the place of the degraded
disk c7t3d0.
Now, attempt to clear these errors and then display the status of the pool.
root@s11-server1:~# zpool clear assetpool
root@s11-server1:~# zpool status assetpool

Note that the pool and all the disks are now back online, all the errors have been
corrected, and the spare disk c7t5d0 is still in use. The spare disk should become
available by the time you issue the next status command in the following step.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 45

le

b
a
r
e
f

12. Repeat the zpool status command to determine if the scrubbing is complete.
root@s11-server1:~# zpool status assetpool

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

In your case, if the scrub is completed before you issue the above command, your
results may be very different. The purpose of this step is to display the scrub progress.
13. Using the zpool commands, clear the errors and display status of the pool.
root@s11-server1:~# zpool clear assetpool
root@s11-server1:~# zpool status assetpool
pool: assetpool
state: ONLINE
scan: scrub repaired 47.9M in 0h0m with 0 errors on Thu Dec 15
07:17:26 2012
config:
NAME
assetpool
mirror-0
c7t3d0
c7t4d0

STATE
ONLINE
ONLINE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
0
0
0
0
0
0

le

an
r
t
n

s

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
errors: No known data errors
a
m den
g
tu
o@has S
d
Now you know that the data corruption
been repaired after the scrub operation.
l
s
nayour data.
thi
o
14. Using the tar command,ฺdisplay
r
e
utvfs /assetpool/data.tar
ero tar
root@s11-server1:~#
o
c
i
t
(c nse
…
o
e
… ald
c
i
l
n
o…
R
o
r

e
Cic

drwxr-xr-x
lrwxrwxrwx
lrwxrwxrwx
drwxr-xr-x
…
…
…

root/sys
root/root
root/root
root/bin

0
0
0
0

Oct
Oct
Oct
Oct

20
20
20
20

17:34
17:34
17:34
17:34

usr/
usr/tmp -> ../var/tmp
usr/mail -> ../var/mail
usr/snadm/

Is your data still there? Yes

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 46

b
a
r
e
f

15. Using the zpool destroy command, delete the pool.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# zpool destroy assetpool
root@s11-server1:~# zpool list
NAME
rpool

SIZE
31.8G

ALLOC
5.61G

FREE
26.1G

CAP
17%

DEDUP
1.00x

HEALTH
ONLINE

ALTROOT
-

This concludes the ZFS troubleshooting topic.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 47

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 4: Managing Business Application Data
Chapter 4 - Page 48

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 5:
e
m
d
o
i
Configuring
and
u
ilฺc t GNetwork
a
n
m dFailover
Traffic
e
g
tu5
o@Chapter
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 1

Practice Overview for Lesson 5

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
Following the predeployment test plan, it is now time to review the Oracle Solaris 11.1
networking functionality. Your company’s business applications, such as Oracle CRM, work with
the data that is being transmitted via the network interfaces configured on server and client
hosts. Because you will be monitoring the transaction traffic load and managing the network
interfaces, it is critical for you to know how the networking is configured. To provide you with an
orientation to the network, the following topics are covered in this practice:
• Modifying the Reactive Network configuration
• Configuring the Network File System
• Configuring link aggregation
• Implementing link failover by using IP multipathing

s

an
r
t
n

Note: Your command output displays may be different than the displays in the practice,
especially storage, processes, and other session-oriented content.

no
a
Look at your checklist to see where you are. You have just completed managing
the business
s
a
h
application data and you are now ready to test the network configuration
and
network
failover.
)
ฺ
e
m
id
co Checklist
u
ฺ
l
i
G
Oracle
Solaris
11.1
Predeployment
√
ma dent
g
√
Managing the Image Packaging System
o@ (IPS)SandtuPackages
d
l
s
aon Multiple
iHosts
√
n
h
t
Installing Oracle Solaris
11.1
o
oฺr use
r
e
√
Managingic
the Businessto
Application Data
c
(
e
s
o eNetwork
n and Traffic Failover
ldConfiguring
c
a
i
l
n
o
R
Configuring Zones and the Virtual Network
o
er

Cic

Managing Services and Service Properties

Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Oracle Solaris Auditing
Managing Processes and Priorities
Evaluating System Resources
Monitoring and Troubleshooting Software Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 2

le

b
a
r
e
f

Practice 5-1: Managing a Reactive Network Configuration

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Reactive network is a technology that simplifies and automates network configuration on Oracle
Solaris 11.1. The key reactive network components are the network profiles, which allow you to
specify various network configurations to be created depending on the current network
conditions.
In this practice, you perform the following tasks:
• Assess the current Reactive Network configuration.
• Create and deploy a Reactive Network profile.

Task 1: Assessing the Current Reactive Network Configuration

1.
2.
3.

Note: For Reactive Network to configure the host’s network interface “auto-magically,” the
DHCP service must be available.
Verify that the Sol11-Server1 and Sol11-Desktop virtual machines are running. If the
virtual machines are not running, start them now.
Log in to the Sol11-Desktop virtual machine as the oracle user with oracle1 as the
password.
Click the Network Preferences icon to determine the NCPs and network interfaces (NCUs)
that are currently enabled by Reactive Network. Click OK to continue.

s

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

4.

an
r
t
n

Open a terminal window, and su to root.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 3

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

Display the current network configuration for s11-desktop.
root@s11-desktop:~# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
net0/v4
static
ok
192.168.0.111/24
lo0/v6
static
ok
::1/128
net0/v6
addrconf disabled
::

6.

List all available Reactive Network profiles and their current state.
root@s11-desktop:~# netadm list
TYPE
PROFILE
STATE
ncp
Automatic
disabled
ncp
start_state
online
ncu:phys
net0
online
ncu:ip
net0
online
ncp
DefaultFixed
disabled
loc
Automatic
offline
loc
NoNet
offline
loc
aces
online

le

s

ncp
ncu:phys
ncu:ip

9.

start_state
net0
net0

online
online
online

List the Reactive Network location profiles.
root@s11-desktop:~# netadm list -p loc
TYPE
PROFILE
STATE
loc
Automatic
offline
loc
NoNet
offline
loc
aces
online

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 4

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
7. List the Reactive Network Automatic profile.
l
ai nt G
m
root@s11-desktop:~# netadm list
Automatic
g ude
@
t
TYPE
PROFILE
STATE
o
S
d
l
s
ncp
Automatic
na tdisabled
hi
o
r
ฺ
e
loc
Automatic
ero to us offline
c
i
8. List the Reactive
(cNetwork
estart_state profile.
s
o
n
ld lice
root@s11-desktop:~#
netadm list start_state
a
n
oTYPE
PROFILE
STATE
R
o
r

e
Cic

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

10. List all the phys and ip network configuration units (NCUs) in the active network
configuration profiles (NCPs).
root@s11-desktop:~# netadm list -c phys
TYPE
PROFILE
STATE
ncu:phys
net0
online
root@s11-desktop:~# netadm list -c ip
TYPE
PROFILE
STATE
ncu:ip
net0
online
11. List all the Reactive Network profiles and their auxiliary state.
root@s11-desktop:~# netadm
TYPE
PROFILE
ncp
Automatic
ncp
start_state
ncu:phys
net0
ncu:ip
net0
ncp
DefaultFixed
loc
Automatic
loc
NoNet
loc
aces

AUXILIARY STATE
disabled by administrator
active
interface/link is up
interface/link is up
disabled by administrator
conditions for activation are unmet
conditions for activation are unmet
active

s

an
r
t
n

ncp:start_state
management-type reactive
NCUs:
phys
net0
ip
net0

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 5

le

b
a
r
e
f

no
a
s
a
h
)
ฺ and aces profiles.
12. Use the netcfg export command to create backups of them
start_state
e
d
o
i
u
root@s11-desktop:~# netcfg export a-f
ncp \
ilฺcstart_state_ncp_backup
G
t
n
m
start_state
g ude
@
root@s11-desktop:~# netcfg
export t-f
aces_loc_backup loc aces
o
S
d
l
s
root@s11-desktop:~# n
lsa *backup
thi
o
r
ฺ
e
aces_loc_backup
o start_state_ncp_backup
r
us
e
o
c
i
t
13. Use the netcfg
(cutilityntoseselect the start_state profile and list its NCUs.
o
root@s11-desktop:~#
netcfg
ld lice
a
n
onetcfg> select ncp start_state
R
o
netcfg:ncp:start_state> list
r

e

Cic

list -x
STATE
disabled
online
online
online
disabled
offline
offline
online

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

14. Select the phys NCU and display its properties.
netcfg:ncp:start_state> select ncu phys net0
netcfg:ncp:start_state:ncu:net0> list
ncu:net0
type
link
class
phys
parent
"start_state"
activation-mode
manual
enabled
true
netcfg:ncp:start_state:ncu:net0> end
15. Select the ip NCU and display its properties.
netcfg:ncp:start_state> select ncu ip net0
netcfg:ncp:start_state:ncu:net0> list
ncu:net0
type
interface
class
ip
parent
"start_state"
enabled
true
ip-version
ipv4
ipv4-addrsrc
static
ipv4-addr
"192.168.0.111/24"
ipv6-addrsrc
dhcp,autoconf
netcfg:ncp:start_state:ncu:net0> end
netcfg:ncp:start_state> end
netcfg>

s

netcfg:loc:aces> list
loc:aces
activation-mode
conditions
enabled
nameservices
nameservices-config-file
dns-nameservice-configsrc
dns-nameservice-domain
dns-nameservice-servers
netcfg:loc:aces> end

conditional-all
“system domain is mydomain.com”
true
dns
"/etc/nsswitch.dns"
manual
"mydomain.com"
"192.168.0.100"

netcfg> exit
root@s11-desktop:~#

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 6

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
16. Select
on the acesl location profile and list its properties.
R
ro netcfg> select loc aces

e

Cic

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Task 2: Creating and Deploying a Reactive Network Profile
1.

Create an NCP named oracle_profile.
root@s11-desktop:~# netcfg
netcfg> create ncp oracle_profile

2.

Create a phys NCU for the net1 data link.
netcfg:ncp:oracle_profile> create ncu phys net1
Created ncu 'net1'. Walking properties ...
activation-mode (manual) [manual|prioritized]> manual
mac-addr> 
autopush> 
mtu> 
netcfg:ncp:oracle_profile:ncu:net1> list
ncu:net1
type
link
class
phys
parent
"oracle_profile"
activation-mode
manual
enabled
true
netcfg:ncp:oracle_profile:ncu:net1> end
Committed changes
netcfg:ncp:oracle_profile> list
ncp:oracle_profile
management-type reactive
NCUs:
phys net1

le

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

RCreate an ip NCU for the net1 data link.
3.
o
r
ce

netcfg:ncp:oracle_profile> create ncu ip net1
Created ncu 'net1'. Walking properties ...
ip-version (ipv4,ipv6) [ipv4|ipv6]> ipv4
ipv4-addrsrc [dhcp|static]> static
ipv4-addr> 192.168.0.111
ipv4-default-route> 
netcfg:ncp:oracle_profile:ncu:net1> list
ncu:net1
type
interface
class
ip
parent
"oracle_profile"
enabled
true
ip-version
ipv4
ipv4-addrsrc
static
ipv4-addr
"192.168.0.111"
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 7

s

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

netcfg:ncp:oracle_profile:ncu:net1> verify
All properties verified
netcfg:ncp:oracle_profile:ncu:net1> commit
Committed changes
netcfg:ncp:oracle_profile:ncu:net1> end
netcfg:ncp:oracle_profile> list ncu ip net1
ncu:net1
type
interface
class
ip
parent
"oracle_profile"
enabled
true
ip-version
ipv4
ipv4-addrsrc
static
ipv4-addr
"192.168.0.111"

s

an
r
t
n

no
a
s
a
h
4. Create a location (loc) NCP named classroom.
)
ฺ
e
m
d
o
i
netcfg> create loc classroom
lฺc t Gu
i
a
Created loc 'classroom'. Walking
n ...
m properties
e
g
d
activation-mode (manual) [manual|conditional-any|conditionalo@ Stu
all]> conditional-all ald
is
n
h
t
o
conditions> "system-domain
is
ฺr use mydomain.com"
o
r
nameservicesce
(dns) [dns|files|nis|ldap]>
dns
o
i
t
c
nameservices-config-file
("/etc/nsswitch.dns")> 
o ( ense
d
l
dns-nameservice-configsrc
(dhcp) [manual|dhcp]> manual
a
lic
n
o
dns-nameservice-domain> "mydomain.com"
ro R
netcfg:ncp:oracle_profile> end
netcfg>

e

Cic

le

b
a
r
e
f

dns-nameservice-servers> "192.168.0.100"
dns-nameservice-search> 
dns-nameservice-sortlist> 
dns-nameservice-options> 
nfsv4-domain> 
ipfilter-config-file> 
ipfilter-v6-config-file> Press Return>
ipnat-config-file> 
ippool-config-file> 
ike-config-file> 
ipsecpolicy-config-file> 
netcfg:loc:classroom> list
loc:classroom
activation-mode
conditional-all
conditions
"system-domain is mydomain.com"
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 8

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

enabled
nameservices
nameservices-config-file
dns-nameservice-configsrc
dns-nameservice-domain
dns-nameservice-servers
netcfg:loc:classroom> verify
All properties verified
netcfg:loc:classroom> commit
Committed changes
netcfg:loc:classroom> end
netcfg> exit
5.

false
dns
"/etc/nsswitch.dns"
manual
"mydomain.com"
"192.168.0.100"

s

an
r
t
n

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
6. Use the netcfg
export
ns command to create backups of your oracle_profile and
doprofiles.
l
e
classroom
c
a
li
n
oroot@s11-desktop:~#
R
netcfg export -f oracle_ncp_backup ncp \
ro
oracle_profile
root@s11-desktop:~# netcfg export -f classroom_loc_backup \
loc classroom
root@s11-desktop:~# ls *backup
aces_loc_backup
oracle_ncp_backup
classroom_loc_backup start_state_ncp_backup

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 9

le

b
a
r
e
f

Use the netcfg list command to display all the profiles that exist at the current scope.
root@s11-desktop:~# netcfg list
NCPs:
Automatic
start_state
DefaultFixed
oracle_profile
Locations:
Automatic
NoNet
aces
classroom

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7. Destroy the classroom profile and show the results.
root@s11-desktop:~# netcfg destroy loc classroom
root@s11-desktop:~# netcfg list
NCPs:
Automatic
start_state
DefaultFixed
oracle_profile
Locations:
aces
Automatic
NoNet
8.

le

Recover the classroom profile from your backup and show the results.
root@s11-desktop:~# netcfg -f classroom_loc_backup
Configuration read.
root@s11-desktop:~# netcfg list
NCPs:
Automatic
start_state
DefaultFixed
oracle_profile
Locations:
Automatic
NoNet
aces
classroom

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

9.

Use the netadm enable command to enable the classroom and oracle_profile
profiles.
root@s11-desktop:~# netadm enable classroom
Enabling loc 'classroom'
root@s11-desktop:~# netadm enable oracle_profile
Enabling ncp 'oracle_profile'

10. Reboot the system to verify that oracle_profile and classroom are the default
Reactive Network profiles.
root@s11-desktop:~# init 6
11. After the system reboots, log in as oracle. Use oracle1 as the password.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 10

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

12. Open the Network Preferences dialog box. Click OK to continue.

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
Note that the net1 network interfaceo
is@
now connected
tu to the network.
S
d
l
s
a Useththe
i ping command to verify communication with
13. Open a terminal window su tonroot.
o
r
a remote host.
ฺ
e
us s11-server1
ero toping
root@s11-desktop:~#
c
i
(c isnsalive.
e
s11-server1
o
d
l
e
lic
na the Sol11-Desktop
14. Power-off
virtual machine.
o
R
ro

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 11

Practice 5-2: Configuring the Network File System

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you configure the NFS server as well as the NFS client. You share a
documentation folder from the server and access it on the client host. The following activities
are covered:
• Configuring the NFS server
• Configuring the NFS client

Task 1: Configuring the NFS Server
1.

Verify that the Sol11-Server1 virtual machine is running.

2.

Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume primary administrator privileges.
Display the current status of the ZFS pool and the file systems.

3.

s

an
r
t
n

root@s11-server1:~# zpool list
NAME
SIZE ALLOC
FREE CAP DEDUP HEALTH ALTROOT
rpool 31.8G 9.90G 21.8G 31% 1.00x ONLINE root@s11-server1:~# zfs list -r /rpool
NAME
USED AVAIL REFER MOUNTPOINT
rpool
9.98G 21.3G
39K /rpool
rpool/ROOT
1.89G 21.3G
31K legacy
rpool/ROOT/solaris
1.89G 21.3G 1.61G /
rpool/ROOT/solaris/var
235M 21.3G 90.2M /var
rpool/dump
1.03G 21.3G 1.00G rpool/export
6.02G 21.3G
274M /export
rpool/export/IPS
5.74G 21.3G 5.74G /export/IPS
rpool/export/home
10.2M 21.3G
38K /export/home
rpool/export/home/gail
33.5K 21.3G 33.5K /export/home/gail
rpool/swap
1.03G 21.3G
1.00G -

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

4.

Your display may be different. Before you create the docs file system, you want to make
sure that it does not exist already.

Using the zfs create command, create a ZFS file system called
rpool/export/home/docs. Confirm the creation of the file system.
root@s11-server1:~# zfs create rpool/export/home/docs
root@s11-server1:~# zfs list /export/home/docs
NAME
USED AVAIL REFER MOUNTPOINT
rpool/export/home/docs
31K 21.3G
31K /export/home/docs
What is the mount point of rpool/export/home/docs? /export/home/docs

5.

Using the touch command, create a file called assetlist in /export/home/docs.
root@s11-server1:~# cd /export/home/docs
root@s11-server1:/export/home/docs# touch assetlist
root@s11-server1:/export/home/docs# cd

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 12

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Use the zfs commands to share the ZFS file system.
root@s11-server1:~# zfs set \
share=name=docs,path=/export/home/docs,prot=nfs \
rpool/export/home/docs
name=docs,path=/export/home/docs,prot=nfs
root@s11-server1:~# zfs set sharenfs=on rpool/export/home/docs
root@s11-server1:~# zfs set compression=on rpool/export/home/docs
root@s11-server1:~# share
docs
/export/home/docs
nfs sec=sys,rw
shares /export/share
nfs
sec=sys,rw
This shows that the /export/home/docs resource is being shared.

7.

le

b
a
r
e
f

Verify that the nfs services are up and running.
root@s11-server1:~# svcs -a | grep nfs
disabled
9:13:15
svc:/network/nfs/cbd:default
disabled
9:13:15
svc:/network/nfs/client:default
online
9:13:15 svc:/network/nfs/fedfs-client:default
online
9:13:15 svc:/network/nfs/status:default
online
9:13:15 svc:/network/nfs/mapid:default
online
9:13:18 svc:/network/nfs/rquota:default
online
9:13:36 svc:/network/nfs/nlockmgr:default
online
9:13:37 svc:/network/nfs/server:default

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
e
s
o
r
u
e
Is nfs/server
icup anderunning?
to Yes
c
(
do icens
l
a
l
on

R
o
r
ce 1. Verify that Sol11-Server1 is still running. Start the Sol11-Desktop virtual machine and
Task 2: Configuring the NFS Client

Ci

2.

log in as the oracle user. Use oracle1 as the password. Open a terminal window and
assume administrator privileges.
Use the dfshares command to confirm whether you can view the shared resource from
the s11-desktop virtual machine. Create a directory called /docs to use as the mount
point.
root@s11-desktop:~# dfshares s11-server1
RESOURCE

SERVER

s11-server1:/export/home/docs

s11-server1

ACCESS
-

root@s11-desktop:~# mkdir /docs

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 13

TRANSPORT

-

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

3.

Use the mount command to specify the resource to be mounted on the /docs directory.
root@s11-desktop:~# mount -F nfs -o ro s11-server1:/export/home/docs \
/docs
root@s11-desktop:~# cd /docs
root@s11-desktop:/docs# ls
assetlist

This demonstrates that the assetlist file in /export/home/docs can be shared on
s11-desktop from s11-server1.
4.

Using the umount command, unmount the /docs directory.
root@s11-desktop:/docs# cd
root@s11-desktop:~# umount /docs

le

Note: If you are unable to unmount, then run the umount -f /docs command.
5.

Return to s11-server1 and stop sharing the directory.

s

b
a
r
e
f

an
r
t
n

root@s11-server1:~# zfs set sharenfs=off rpool/export/home/docs
6.

Using the share command, check whether any resource is being shared.

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
root@s11-server1:~# share

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 14

Practice 5-3: Configuring a Link Aggregation

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Link aggregation requires at least two network interfaces. The network interfaces must be
unplumbed before they can be aggregated. In this practice, you combine four network interfaces
into one link aggregation called crmpipe0 to create a larger network pipe for the CRM
application. Then you manage the interfaces, which includes removing, adding, and eventually
deleting the crmpipe0 link aggregation. This portrays different network management situations
while working with the CRM application (for example, adjusting the bandwidth as needed).

Task 1: Configuring a Link Aggregation
1.

2.

le

b
a
r
e
f

s

Delete the IP interface for the net0 data link.
root@s11-server1:~# ipadm delete-ip net0

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
r crmpipe0
4. Create a link aggregation
that consists of the net0, net1, net2, and
se
oฺnamed
r
u
e
o
net3 network interfaces,
ic eandt show the results.
c
(
root@s11-server1:~#
do icens dladm create-aggr -l net0 -l net1 \
l
a
o-ln net2 -ll net3 crmpipe0
R
ro root@s11-server1:~# dladm show-link
3.

e

Cic

Verify that the Sol11-Server1 is running and that you have assumed administrator
privileges. Disable IP filtering.
root@s11-server1:~# ipf -D

List the network links that are currently configured in the system.
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
STATE
OVER
net1
phys
1500 unknown
-net2
phys
1500 unknown
-net0
phys
1500 unknown
-net3
phys
1500 unknown
--

LINK
net1
net2
net0
net3
crmpipe0

CLASS
phys
phys
phys
phys
aggr

MTU
1500
1500
1500
1500
1500

STATE
up
up
up
up
up

OVER
------

root@s11-server1:~$ dladm show-aggr
LINK
MODE POLICY
ADDRPOLICY
crmpipe0
trunk L4
auto
root@s11-server1:~$

net0 net1 net2 net3
LACPACTIVITY LACPTIMER
off
short

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 15

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

Create an IP interface for the crmpipe0 data link and show the results.
root@s11-server1:~# ipadm create-ip crmpipe0
root@s11-server1:~# ipadm show-if
IFNAME
CLASS
STATE
ACTIVE OVER
lo0
loopback ok
yes
-crmpipe0
ip
down
no
--

6

Run the ipadm command to create the static IPv4 address for the s11-server1 system
on the crmpipe0 interface, and show the results.
root@s11-server1:~# ipadm create-addr -T static \
-a 192.168.0.100/24 crmpipe0/v4
root@s11-server1:~# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
crmpipe0/v4
static
ok
192.168.0.100/24
lo0/v6
static
ok
::1/128

s
n
a
r
7. Log in to the Sol11-Desktop system and use the ping command to verifyn
connectivity
to
-t
o
the s11-server1 server.
n
a
s
root@s11-desktop:~# ping s11-server1
ha ฺ
)
s11-server1 is alive
m work.ide
onot
Note: Reboot the system if the ping command ldoes
c
u
ฺ
i
G
a
t
m den
g
Task 2: Removing the Link Aggregation
u
o@ SIPtinterface
d
l
1. From Sol11-Server1, delete the
crmpipe0
by using the ipadm command
s
a thi
n
o
root@s11-server1:~#
ipadmedelete-ip crmpipe0
oฺr ipadm
r
us show-addr
root@s11-server1:~#
e
o
c
i
t
ADDROBJ (c
STATE
ADDR
o ense TYPE
d
lo0/v4
static
ok
127.0.0.1/8
l
c
a
i
l
n
lo0/v6
static
ok
::1/128
o
R
ero root@s11-server1:~# dladm show-link

Cic

le

b
a
r
e
f

LINK
net1
net2
net0
net3
crmpipe0

CLASS
phys
phys
phys
phys
aggr

MTU
1500
1500
1500
1500
1500

STATE
up
up
up
up
up

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 16

OVER
----net0 net1 net2 net3

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

2.

Using the dladm command, delete the crmpipe0 aggregation.
root@s11-server1:~# dladm delete-aggr crmpipe0
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
STATE
OVER
net1
phys
1500
unknown -net2
phys
1500
unknown -net0
phys
1500
unknown -net3
phys
1500
unknown -root@s11-server1:~# ipadm show-if
IFNAME
CLASS
STATE
ACTIVE OVER
lo0
loopback ok
yes
-Currently, the link aggregation has been removed.
Note: At this time, you want to keep these links unconfigured because they will be needed
in this state for the next practice.

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 17

le

b
a
r
e
f

Practice 5-4: Configuring IPMP

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
IP network multipathing (IPMP) provides physical interface failure detection, transparent
network access failover, and packet load balancing.
An IPMP configuration typically consists of two or more physical interfaces on the same system
that are attached to the same LAN. These interfaces can belong to an IPMP group in either of
the following configurations:
• Active-active configuration: In this configuration, all underlying interfaces are active. An
active interface is an IP interface that is currently available for use by the IPMP group.
By default, an underlying interface becomes active when you configure the interface to
become a part of an IPMP group.
• Active-standby configuration: In this configuration, at least one interface is
administratively configured as standby. If an active interface fails, the standby interface
is automatically deployed as needed. You can configure as many standby interfaces as
you want for an IPMP group.
In this practice, you configure both active-active and active-standby configurations.

s

an
r
t
n

no
a
Task 1: Creating an Active-Active IPMP Configuration
s
a
h
In this task, you configure an active-active IPMP group that consists
) of twoeฺnetwork interfaces.
m
o
id
c virtualGmachines
u
ฺ
l
i
1. Verify that the Sol11-Server1 and Sol11-Desktop
are running. If any
a nt
virtual machine is not running, start it now. gm
de
@
u
t
o
2. Log in to the Sol11-Server1 virtual
machine
as
the
d is S oracle user and su to root.
l
a
n thetIPh network interfaces that are currently configured
3. Use the ipadm command to
display
o
r
ฺ
se
o
in the system.
r
u
e
ic e toipadm show-if
root@s11-server1:~#
c
(
ns STATE ACTIVE OVER
do icCLASS
IFNAME
l
e
a
l loopback ok
n
olo0
yes
-R
o
net0
ip
ok
yes
-er

Cic

Note: If you performed the previous practice, you will not see net0 in this display. This
step is shown here in case you perform this practice independently.
4.

If you did not delete the net0 network interface as part of Practice 5-3, delete it now and
display the results. If you have already deleted the network interface, go to step 5.
root@s11-server1:~# ipadm delete-ip net0
Note: If you performed the previous practice, you will not see net0 in this display. This
step is shown here in case you perform this practice independently.
.
root@s11-server1:~# ipadm show-if
IFNAME
CLASS
STATE
ACTIVE OVER
lo0
loopback ok
yes
--

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 18

le

b
a
r
e
f

When configuring IPMP, you must assign all network interfaces that are attached to the
same LAN to an IPMP group. In this step, you deleted the net0 interface in preparation
for configuring it in an IPMP group.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

le

b
a
r
e
6. Create IP interfaces for the link0_ipmp0 and link1_ipmp0 data links. Show the results.
f
s
n
a
root@s11-server1:~# ipadm create-ip link0_ipmp0
tr
n
root@s11-server1:~# ipadm create-ip link1_ipmp0
no
a
root@s11-server1:~# ipadm show-if
as
IFNAME
CLASS
STATE
ACTIVE OVER ) h
ฺ
e
m
d
o
lo0
loopback ok
yes
-i
ilฺc t Gu
link0_ipmp0 ip
down
no a -en
gm u-d
link1_ipmp0 ip
down @no
t
o
S
d
l
7. Create an IPMP group named ipmp0.
s
a thi
nipadm
o
r
root@s11-server1:~#
ฺ
secreate-ipmp ipmp0
o
r
u
e
o
8. Add the link0_ipmp0
IP interfaces to the ipmp0 IPMP group and
ic and
tlink1_ipmp0
c
(
e
s
show the results.
ldo licen
a
root@s11-server1:~#
n
o–i link1_ipmp0 ipmp0ipadm add-ipmp –i link0_ipmp0 \
R
ro

e

Cic

Rename the net0 data link to link0_ipmp0 and the net1 data link to link1_ipmp0.
Show the results.
root@s11-server1:~# dladm rename-link net0 link0_ipmp0
root@s11-server1:~# dladm rename-link net1 link1_ipmp0
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
STATE
OVER
link1_ipmp0 phys
1500
unknown
-net2
phys
1500
unknown
-link0_ipmp0 phys
1500
unknown
-net3
phys
1500
unknown
--

root@s11-server1:~# ipmpstat –g
GROUP
GROUPNAME STATE
FDT
ipmp0
ipmp0
ok
--

9.

INTERFACES
link0_ipmp0 link1_ipmp0

Assign two static IP addresses to the IPMP interface to be used for data access.
root@s11-server1:~# ipadm create-addr –T static \
–a 192.168.0.112/24 ipmp0/v4add1
root@s11-server1:~# ipadm create-addr –T static \
–a 192.168.0.113/24 ipmp0/v4add2

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 19

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

10. Assign a static IP address to each IPMP subinterface to be used for link testing.
root@s11-server1:~# ipadm create-addr –T static \
–a 192.168.0.142/24 link0_ipmp0/test
Dec 14 02:59:46 s11-server1 in.mpathd[113]: At least one
NOFAILOVER test address has been configured on group ‘ipmp0’;
link-state fault-detection setting will be ignored for the group
If you receive the above message, ignore it because link-state fault-detection is not your
objective
root@s11-server1:~# ipadm create-addr –T static \
–a 192.168.0.143/24 link1_ipmp0/test
11. Display the data and test the IP addresses.
root@s11-server1:~# ipadm show-addr
ADDROBJ
TYPE
STATE
lo0/v4
static
ok
link0_ipmp0/test static
ok
link1_ipmp0/test static
ok
ipmp0/v4add1
static
ok
ipmp0/v4add2
static
ok
lo0/v6
static
ok

le

ADDR
127.0.0.1/8
192.168.0.142/24
192.168.0.143/24
192.168.0.112/24
192.168.0.113/24
::1/128

b
a
r
e
f

s

an
r
t
n

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den information.
g
12. Use the ipmpstat command to display the
IPMP address
o@-anStu
root@s11-server1:~# ipmpstat
d
l
a GROUPthisINBOUND
n
ADDRESS
STATE
OUTBOUND
o
r
ฺ
e
s
o
r
::
-e downto uipmp0 -c
i
c
192.168.0.113
ipmp0 link0_ipmp0 link0_ipmp0 link1_ipmp0
e
o ( ensup
d
l
192.168.0.112
up
ipmp0 link1_ipmp0 link0_ipmp0 link1_ipmp0
c
a
i
l
n
o
R
o
r
Note: The INBOUND traffic is restricted to one interface depending on the IP address
that is used. The OUTBOUND traffic is spread across both interfaces.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 20

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

13. Use the ipmpstat command to display the IP interface information.
root@s11-server1:~# ipmpstat -i
INTERFACE
ACTIVE GROUP
FLAGS
LINK
link0_ipmp0 yes
ipmp0
--mbM-up
link1_ipmp0 yes
ipmp0
------up

PROBE
ok
ok

STATE
ok
ok

The interface FLAGS are defined as:
i = Unusable due to being INACTIVE
s = Masked STANDBY
m = Nominated to send/receive IPv4 multicast for its IPMP group
b = Nominated to send/receive IPv4 broadcast for its IPMP group
M = Nominated to send/receive IPv6 multicast for its IPMP group

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
is
Note the Sol11-Desktop
IPaaddress
192.168.0.111
under the Targets column.
n
h
t
o
ฺr to receive
e
VM should be up forro
you
this
display.
us
e
o
c
i
t
15. Use the ipmpstat
(c command
e to display the current probe information.
s
o
n
root@s11-server1:~#
ipmpstat -pn
ld lice
a
n
TIME
INTERFACE
PROBE
NETRTT
RTT
RTTAVG
TARGET
o
R
0.49s
link0_ipmp0
i195
0.70ms
1.29ms
0.71ms
192.168.0.111
ro
14. Use the ipmpstat command to display information about test address targets.
root@s11-server1:~# ipmpstat -nt
INTERFACE
MODE
TESTADDR
TARGETS
link0_ipmp0 multicast 192.168.0.142
192.168.0.111
link1_ipmp0 multicast 192.168.0.143
192.168.0.111

e

Cic

0.73s
1.38s
2.11s
3.25s
3.70s
4.58s
5.16s
6.04s
6.61s

link1_ipmp0
link0_ipmp0
link1_ipmp0
link0_ipmp0
link1_ipmp0
link0_ipmp0
link1_ipmp0
link0_ipmp0
link1_ipmp0

i145
i196
i146
i197
i147
i198
i148
i199
i149

0.68ms
0.59ms
0.51ms
0.50ms
0.60ms
0.56ms
0.43ms
0.53ms
0.77ms

0.96ms
0.73ms
0.69ms
0.58ms
1.01ms
0.72ms
0.60ms
0.60ms
0.84ms

1.94ms
0.71ms
1.78ms
0.70ms
1.69ms
0.70ms
1.55ms
0.69ms
1.46ms

^C
Your display may be different.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 21

192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111

le

b
a
r
e
f

d = Unusable due to being down
h = Unusable due to being brought OFFLINE by in.mpathd (IPMP daemon) because
of a duplicate hardware address

This

Task 2: Testing the Active-Active IPMP Configuration

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

In this task, you test the active-active IPMP configuration by causing one of the subinterfaces to
fail. Then you verify that the system is still accessible by using the remaining interface.
1.

Shut down the Sol11-Server1 virtual machine.

2.

Open the VirtualBox Manager GUI and click the Settings utility for the Sol11-Server1
virtual machine.

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 22

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

3.

Under Network settings, select Adapter 2 and set the “Attached to:” field to “Not attached.”
Click OK to continue.

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
4. Start the Sol11-Server1 virtual machine.
d
o
i
uIPMP interface and other
ilฺc thetfailed
G
Note: You might see a series of error messagesaabout
n to continue to the console login
mpressdEnter
e
g
services. You can ignore these messages and
prompt.
o@ Stu
d
l
a machine
is as the oracle user and su to root.
5. Log in to the Sol11-Server1
virtual
n
h
t
o
se IPMP group information.
oฺr toudisplay
6. Use the ipmpstat command
r
e
ic e toipmpstat -g
c
root@s11-server1:~#
(
ns STATE
do GROUPNAME
GROUP
FDT
INTERFACES
l
e
c
a
i
l
n
oipmp0
ipmp0
degraded 10.00s link1_ipmp0 [link0_ipmp0]
R
o
r

e

Cic

Note that link0_ipmp0 has been boxed ([link0_ipmp0]) indicating that it has failed.
7.

Use the ipmpstat command to display the IP interface information.
root@s11-server1:~# ipmpstat -i
INTERFACE
ACTIVE GROUP
FLAGS
LINK
link0_ipmp0 no
ipmp0
------up
link1_ipmp0 yes
ipmp0
--mbM-up
The link0_ipmp0 interface is no longer active.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 23

PROBE
failed
ok

STATE
failed
ok

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

8.

Use the ipmpstat command to display the current probe information.
root@s11-server1:~# ipmpstat -pn
TIME
INTERFACE
PROBE NETRTT RTT
RTTAVG
0.21s
link1_ipmp0 i505
0.62ms 1.11ms 0.70ms
-1.99s
link0_ipmp0 i504
---1.15s
link1_ipmp0 i506
0.51ms 0.65ms 0.70ms
0.25s
link0_ipmp0 i506
----1.02s
link0_ipmp0 i505
---2.85s
link1_ipmp0 i507
0.56ms 0.70m 0.70ms
4.25s
link1_ipmp0 i508
0.41ms 0.55ms 0.68ms
^C
Note that link0_ipmp0 is failing probe tests.
Your display may be different.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 24

le

b
a
r
e
f

s
n
a
r
9. Log in to the Sol11-Desktop virtual machine and ping the IPMP data IP addresses
-t
n
o
configured on the Sol11-Server1.
an
root@s11-desktop:~# ping 192.168.0.112
s
ha ฺ
192.168.0.112 is alive
)
om uide
root@s11-desktop:~# ping 192.168.0.113
c
ฺ
l
ai nt G
192.168.0.113 is alive
m
e
g andudshut
@
10. Return to the Sol11-Server1 virtual
machine
it down.
t
o
S
d
l
s
a and tclick
i the Settings utility for the Sol11-Server1
11. Open the VirtualBox Managern
GUI
h
o
r
ฺ
e
virtual machine.
ero to us
c
i
(c nse
o
ld lice
a
n
o
R
o
r

e

Cic

TARGET
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

12. Under Network settings, select Adapter 2 and set the “Attached to:” field to Internal
Network. Click OK to continue.

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
13. Start the Sol11-Server1 virtual
a machine.
is
n
h
t
o
14. Log in to the Sol11-Server1
semachine as the oracle user and su to root.
oฺr virtual
r
u
e
15. Use the ipmpstat
iccommand
toto verify that the IPMP group ipmp0 STATE is ok.
c
(
e
root@s11-server1:~#
do icens ipmpstat –g
l
a
lGROUPNAME STATE FDT
n
INTERFACES
oGROUP
R
ipmp0
ok
10.00s
link0_ipmp0 link1_ipmp0
ro ipmp0

e

Cic

Task 3: Creating an Active-Standby IPMP Configuration
In this task, you reconfigure the ipmp0 IPMP group from an active-active configuration to an
active-standby configuration.
1. On the Sol11-Server1 virtual machine, display the data links.
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
STATE
OVER
link1_ipmp0 phys
1500
up
-net2
phys
1500
unknown
-link0_ipmp0 phys
1500
up
-net3
phys
1500
unknown
--

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 25

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

2.

Rename the net2 data link to link2_ipmp0 and show the results.
root@s11-server1:~# dladm rename-link net2 link2_ipmp0
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
STATE
OVER
link1_ipmp0 phys
1500
up
-link2_ipmp0 phys
1500
unknown -link0_ipmp0 phys
1500
up
-net3
phys
1500
unknown --

3.

Create IP interfaces for the link2_ipmp0 data links and show the results.
root@s11-server1:~# ipadm create-ip link2_ipmp0
root@s11-server1:~# ipadm show-if
IFNAME
CLASS
STATE
ACTIVE OVER
lo0
loopback ok
yes
-ipmp0
ipmp
ok
yes
link1_ipmp0 link0_ipmp0
link1_ipmp0 ip
ok
yes
-link0_ipmp0 ip
ok
yes
-link2_ipmp0 ip
down
no
--

le

s

an
r
t
n

no
a
s
a
h
)
ฺ the results.
e
4. Add the link2_ipmp0 IP interfaces to the ipmp0 IPMP m
group and
show
d
o
i
u ipmp0
lฺclink2_ipmp0
i–i
root@s11-server1:~# ipadm add-ipmp
G
a
t
m den
root@s11-server1:~# ipmpstat –g
g
tu
o@ INTERFACES
GROUP GROUPNAME STATE FDT
S
d
l
s
a thi link2_ipmp0 link0_ipmp0 link1_ipmp0
ipmp0 ipmp0
ok on 10.00s
r
ฺ
se subinterface link2_ipmp0 to be used for link
o to theuIPMP
r
5. Assign a static IP address
e
c results.
ithe
to
testing and show
c
(
e
do icens ipadm create-addr –T static \
root@s11-server1:~#
l
a
l
link2_ipmp0/test
on–a 192.168.0.144/24
R
ro root@s11-server1:~# ipadm show-addr

e

Cic

b
a
r
e
f

ADDROBJ
lo0/v4
ipmp0/v4add1
ipmp0/v4add2
link1_ipmp0/test
link0_ipmp0/test
link2_ipmp0/test
lo0/v6

TYPE
static
static
static
static
static
static
static

STATE
ok
ok
ok
ok
ok
ok
ok

ADDR
127.0.0.1/8
192.168.0.112/24
192.168.0.113/24
192.168.0.143/24
192.168.0.142/24
192.168.0.144/24
::1/128

Note: Your display may be different.
6.

Show the current setting of the standby property for the link2_ipmp0 interface.
root@s11-server1:~# ipadm show-ifprop –p standby link2_ipmp0
IFNAME
PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
link2_ipmp0 standby ip
rw
off
-off
on,off

Note that standby is currently turned off.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 26

7.

Set the standby property for the link2_ipmp0 interface to on and show the results.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# ipadm set-ifprop -p standby=on -m ip link2_ipmp0
root@s11-server1:~# ipadm show-ifprop -p standby link2_ipmp0
IFNAME
PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
link2_ipmp0 standby
ip
rw
on
on
off
on,off

8.

Use the ipmpstat command to display the IPMP group information.
root@s11-server1:~# ipmpstat -g
GROUP GROUPNAME STATE FDT
INTERFACES
ipmp0 ipmp0
ok
10.00s link0_ipmp0 link1_ipmp0 (link2_ipmp0)

Note that the link2_ipmp0 interface is enclosed in parenthesis. This indicates that the
interface is set to standby.
9.

Use the ipmpstat command to display the IPMP address information.
root@s11-server1:~# ipmpstat -an
ADDRESS
STATE GROUP INBOUND
OUTBOUND
::
down
ipmp0 --192.168.0.113
up
ipmp0 link0_ipmp0 link0_ipmp0 link1_ipmp0
192.168.0.112
up
ipmp0 link1_ipmp0 link0_ipmp0 link1_ipmp0

s

an
r
t
n

no
a
s
a
h
)
ฺ and OUTBOUND
e
m
d
Note that the link2_ipmp0 interface is not actively
used
for
INBOUND
o
i
ilฺc t Gu
traffic.
a
m den information.
g
10. Use the ipmpstat command to display the
IPMP interface
o@-i Stu
d
root@s11-server1:~# ipmpstat
l
a this
n
o
INTERFACE
ACTIVE
GROUP
LINK
PROBE
STATE
ฺr use FLAGS
o
r
link2_ipmp0 cno
is----up
ok
ok
e toipmp0
i
c
( yes
link0_ipmp0
------up
ok
ok
se ipmp0
o
n
d
l
e
link1_ipmp0
ipmp0
--mbM-up
ok
ok
licyes
na
o
ro R Note the flags for the link2_ipmp0 interface. This indicates that the interface is

e

Cic

inactive and set to standby.

Task 4: Testing the Active-Standby IPMP Configuration
In this task, you test the active-standby IPMP configuration by causing one of the subinterfaces
to fail. Then you verify that the system is still accessible by using the remaining interface.
1.

Shut down the Sol11-Server1 virtual machine.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 27

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

2.

Open the VirtualBox Manager GUI and click the Settings utility for the Sol11-Server1
virtual machine.

le

b
a
r
e
f

s

an
r
t
n

no
a
sfield to “Not attached.”
3. Under Network settings, select Adapter 2 and set the “Attached
to:”
a
h
)
ฺ
Click OK to continue.
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
on
R
ro

e

Cic

4.
5.

Start the Sol11-Server1 virtual machine.
Log in to the Sol11-Server1 virtual machine as the oracle user and su to root.
Note: You might see a series of error messages about the failed IPMP interface. You can
ignore these messages and press Enter to continue.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 28

6.

Use the ipmpstat command to display the IPMP group information.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# ipmpstat -g
GROUP GROUPNAME STATE
FDT
ipmp0 ipmp0
degraded 10.00s

7.

8.

INTERFACES
link2_ipmp0 link1_ipmp0 [link0_ipmp0]

Note that link1_ipmp0 has been boxed ([link1_ipmp0]), indicating that it has failed.
Use the ipmpstat command to display the IP interface information.
root@s11-server1:~# ipmpstat -i
INTERFACE
ACTIVE GROUP
FLAGS
LINK
PROBE
STATE
link2_ipmp0 yes
ipmp0
-s----up
ok
ok
link0_ipmp0 no
ipmp0
------up
failed
failed
link1_ipmp0 yes
ipmp0
--mbM-up
ok
ok
The link0_ipmp0 interface is no longer active but link2_ipmp0 is now active.
Use the ipmpstat command to display the IPMP address information.
root@s11-server1:~# ipmpstat -an
ADDRESS
STATE GROUP
INBOUND
OUTBOUND
::
down
ipmp0
--192.168.0.113 up
ipmp0
link2_ipmp0 link2_ipmp0 link1_ipmp0
192.168.0.112 up
ipmp0
link1_ipmp0 link2_ipmp0 link1_ipmp0

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
u and OUTBOUND traffic.
ilฺc fortINBOUND
Note that the link2_ipmp0 interface is being
used
G
a
m deninformation.
9. Use the ipmpstat command to display thegcurrent probe
o@-pnStu
d
root@s11-server1:~# ipmpstat
l
a this RTT
TIME
INTERFACE ron
PROBE NETRTT
RTTAVG
TARGET
ฺ
e
s
o
r
0.06s
link2_ipmp0
u 0.26ms 0.49ms 0.33ms 192.168.0.111
e toi163
c
i
c
0.90s
link1_ipmp0
i162
0.26ms 0.39ms
0.31ms
192.168.0.111
( nse
o
0.92sld
link2_ipmp0
i164
0.19ms 0.36ms
0.34ms
192.168.0.111
e
c
a
i
l
n
0.49s
link0_ipmp0
i161
---192.168.0.111
o
R
--192.168.0.111
ro -0.49s link0_ipmp0 i160 --

e

Cic

2.52s
2.74s
3.69s
2.31s

link2_ipmp0
link1_ipmp0
link1_ipmp0
link0_ipmp0

i165
i163
i164
i162

0.23ms
0.24ms
0.25ms
--

0.39ms
0.38ms
0.45ms
--

0.34ms
0.32ms
0.34ms
--

192.168.0.111
192.168.0.111
192.168.0.111
192.168.0.111

…
…
…

Note that the link2_ipmp0 interface is actively probing targets.
10. Log in to the Sol11-Desktop virtual machine and ping the IPMP data IP addresses.
root@s11-desktop:~# ping 192.168.0.112
192.168.0.112 is alive
root@s11-desktop:~# ping 192.168.0.113
192.168.0.113 is alive
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 29

le

b
a
r
e
f

11. Return to the Sol11-Server1 virtual machine and shut it down.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

12. Open the VirtualBox Manager GUI and click the Settings utility for the Sol11-Server1
virtual machine.
13. Under Network settings, select Adapter 2 and set the “Attached to:” field to Internal
Network. Click OK to continue.

le

b
a
r
e
f

s

an
r
t
n

Cic

e

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
14. Start the Sol11-Server1
se
oฺrvirtualumachine.
r
e
ic e tovirtual machine as the oracle user and su to root.
15. Log in to the Sol11-Server1
c
(
ns to display the IPMP group information.
16. Use the lipmpstat
do icecommand
a
l
n
ipmpstat -g
oroot@s11-server1:~#
R
ro GROUP GROUPNAME STATE FDT INTERFACES
ipmp0 ipmp0

ok

10.00s link0_ipmp0 link1_ipmp0 (link2_ipmp0)

Note that the link2_ipmp0 interface has been placed back as standby and is inactive.
This indicates that the failed interface is repaired.
17. Use the ipmpstat command to display the IPMP interface information.
root@s11-server1:~# ipmpstat -i
INTERFACE
ACTIVE GROUP
FLAGS
LINK
PROBE
link2_ipmp0 no
ipmp0
is----up
ok
link0_ipmp0 yes
ipmp0
------up
ok
link1_ipmp0 yes
ipmp0
--mbM-up
ok

Task 5: Removing the IPMP Configuration
In this task, you remove the ipmp0 IPMP group and return the network to its original
configuration.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 30

STATE
ok
ok
ok

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

1.

Remove all the subinterfaces from the ipmp0 IPMP group and show the results.
root@s11-server1:~# ipadm remove-ipmp –i link0_ipmp0 \
–i link1_ipmp0 –i link2_ipmp0 ipmp0
Dec 14 04:17:43 s11-server1 in.mpathd[113]: All IP interfaces in
group ipmp0 are now unusable.
Note: You may see other error messages due to the system being in an unstable state.
You can ignore these messages.
root@s11-server1:~# ipmpstat -g
GROUP
GROUPNAME
STATE
FDT
ipmp0
ipmp0
failed --

2.

Delete the ipmp0 IPMP group.
root@s11-server1:~# ipadm delete-ipmp ipmp0
root@s11-server1:~# ipmpstat –g
root@s11-server1:~#

le

e

Display the IP address that is currently configured in the system.
root@s11-server1:~# ipadm show-addr
ADDROBJ
TYPE
STATE ADDR
lo0/v4
static
ok
127.0.0.1/8
link1_ipmp0/test static
ok
192.168.0.143/24
link0_ipmp0/test static
ok
192.168.0.142/24
link2_ipmp0/test static
ok
192.168.0.144/24
lo0/v6
static
ok
::1/128

root@s11-server1:~# ipadm delete-addr link1_ipmp0/test
root@s11-server1:~# ipadm delete-addr link2_ipmp0/test
root@s11-server1:~# ipadm show-addr
ADDROBJ
TYPE
STATE ADDR
lo0/v4
static
ok
127.0.0.1/8
lo0/v6
static
ok
::1/128

Your display may be different.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 31

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
nsdifferent.
Your ldisplay
be
do may
e
c
a
4. Delete
on the test IPli addresses and show the results.
R
ro root@s11-server1:~# ipadm delete-addr link0_ipmp0/test
3.

Cic

INTERFACES
--

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

Delete the link0_ipmp0, link1_ipmp0, and link2_ipmp0 IP interfaces. Show the
results.
root@s11-server1:~# ipadm delete-ip link0_ipmp0
root@s11-server1:~# ipadm delete-ip link1_ipmp0
root@s11-server1:~# ipadm delete-ip link2_ipmp0
root@s11-server1:~# ipadm show-if
IFNAME
CLASS
STATE
ACTIVE OVER
lo0
loopback ok
yes
--

6.

Rename the data links to their original names and show the results.
root@s11-server1:~# dladm rename-link link0_ipmp0 net0
root@s11-server1:~# dladm rename-link link1_ipmp0 net1
root@s11-server1:~# dladm rename-link link2_ipmp0 net2
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
STATE
OVER
net1
phys
1500
unknown
-net2
phys
1500
unknown
-net0
phys
1500
unknown
-net3
phys
1500
unknown
--

le

b
a
r
e
f

s

an
r
t
n

e
Cic

no
a
s
a
h
)
ฺ
7. Restart the svc:/network/physical:default service.
e
m
d
o
i
root@s11-server1:~# svcadm restart isvc:/network/physical:default
lฺc t Gu
a
n correctly.
m configured
8. Verify that the net0 network interface has g
been
e
d
@ Stu
oshow-addr
root@s11-server1:~# ipadm
d
l
a tSTATE
is ADDR
n
h
ADDROBJ
TYPE
o
se ok
oฺrstatic
lo0/v4
127.0.0.1/8
r
u
e
o
c
i
t
lo0/v6 (c
::1/128
e static ok
s
o
n
ldthe physical
e network interface.
9. Reinstate
c
a
i
l
n
oroot@s11-server1:~# ipadm create-ip net0
R
o
r
root@s11-server1:~# ipadm create-addr –T static \
-a 192.168.0.100/24 net0/v4add1

10. Test the network interface by using the ping command.
root@s11-server1:~# ping 192.168.0.111
192.168.0.111 is alive.
11. Power-off the Sol11-Desktop virtual machine.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 5: Configuring Network and Traffic Failover
Chapter 5 - Page 32

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 6:
e
m
d
o
i
Configuring
and the
u
ilฺc t GZones
a
n
m dNetwork
Virtual
e
g
tu6
o@Chapter
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 1

Practice Overview for Lesson 6

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
According to your predeployment plan, it is time to evaluate the business scenario. On one
company server, you are asked to create two independent virtual Oracle Solaris 11.1 systems
(zones) where the company can maintain two separate customers’ environments. Therefore,
you create a zone called grandmazone for the vendor Grandma’s Cookies and a zone called
choczone for Assorted Chocolates Inc. When these customers need assistance, you can recreate their scenario in their respective zones and evaluate the issues.
Because you have only one physical interface on this server, you are asked to create two virtual
network interfaces and assign one to each zone on a dedicated basis.
The key areas explored in the practices are:
• Configuring an Oracle Solaris 11.1 virtual network
• Configuring two zones to use VNICs
• Allocating resources to Oracle Solaris zones
• Managing resources on the virtual network interface
• Removing part of the virtual network

s

an
r
t
n

Ci

no
a
s
a
h
)
Note: Your command output displays may be different from the
displays
in ฺthe practice, for
e
m
d
o
i
u
example, storage data, process IDs, and session-related
information.
ilฺcand system-generated
G
a
t
n
m
g ude
@
t
√
Oracle Solaris
11.1 Predeployment
Checklist
o
S
d
l
s
a
i
n System
√
th (IPS) and Packages
o
Managing the Image
Packaging
r
ฺ
e
ro o us
e
c
√
i
t 11.1 on Multiple Hosts
Installing
Oracle Solaris
c
(
e
s
o en
ldManaging
√
a
licthe Business Application Data
n
o
R
√
o
r
Configuring Network and Traffic Failover
ce
Configuring Zones and the Virtual Network
Managing Services and Service Properties
Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Oracle Solaris Auditing
Managing Processes and Priorities
Evaluating System Resources
Monitoring and Troubleshooting System Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 2

le

b
a
r
e
f

Preparation

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

This practice requires the Sol11-Server1 virtual machine to have two CPUs so that resource
pools can be configured accordingly. To ensure that the Sol11-Sever1 virtual machine has
two CPUs in place, follow these steps:
1.

Shut down the Sol11-Server1 virtual machine.

2.

Open the VirtualBox Manager GUI and click the Settings utility for the Sol11-Server1
virtual machine.

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 3

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

3.

Under the System settings, click the Processor tab and verify that the number of processors is
2. If not, change the number of processors to 2. Click OK to continue.

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 4

Practice 6-1: Creating an Oracle Solaris 11.1 Virtual Network

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you configure an Oracle Solaris 11.1 virtual network. To do this, you perform the
following key tasks:
• Create a virtual network switch
• Create the virtual network interfaces
• Display the virtual network configuration

Task:
1.
2.
3.

Verify that the Sol11-Server1 virtual machine is running. If the virtual machine is not
running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
Run the dladm utility to create an etherstub named stub0. Confirm the creation of the
etherstub by using the show-link command.

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
4. Use the dladm
o utilityentoscreate the vnic0, vnic1, and vnic2 VNICs. Attach these VNICs
d
l
a
ic
to the
netherstublstub0.
o
ro R root@s11-server1:~# dladm create-vnic -l stub0 vnic0
root@s11-server1:~# dladm create-etherstub stub0
root@s11-server1:~$ dladm show-link
LINK
CLASS
MTU
STATE
OVER
net1
phys
1500
unknown -net2
phys
1500
unknown -net3
phys
1500
unknown -net0
phys
1500
up
-stub0
etherstub 9000
unknown -root@s11-server1:~#
Before you create the VNICs, you need to create a virtual network switch.

e

Cic

root@s11-server1:~# dladm create-vnic -l stub0 vnic1
root@s11-server1:~# dladm create-vnic -l stub0 vnic2

5.

Here vnic0 is required for the virtual switch stub0. The other VNICs are the virtual
network interfaces that would be available for your use.
Show the results of the preceding step.
root@s11-server1:~# dladm show-vnic
LINK
OVER
SPEED MACADDRESS
vnic0
stub0
0
2:8:20:84:d:cb
vnic1
stub0
0
2:8:20:a:97:10
vnic2
stub0
0
2:8:20:4:ee:9

MACADDRTYPE
random
random
random

All three VNICs have been created as displayed. Notice that each VNIC has a MAC
address created.
Now these VNICs are available for use as “physical” networks. You will use them in the
following practice for the zones.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 5

le

b
a
r
e
f

VID
0
0
0

Practice 6-2: Creating Two Zones by Using VNICs

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you configure Oracle Solaris 11 zones and assign the virtual network interfaces
created in the previous exercise. To do this, you perform the following key tasks:
• Configure two zones to use VNICs
• Display the zone configuration, including the interfaces

Task:
Perform the following steps to configure the zone named grandmazone and the zone named
choczone:
1.
2.
3.

Verify that the Sol11-Server1 virtual machine is running. If the virtual machine is not
running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
Verify that the IPS publisher is configured correctly and is operational.

s

no
a
LOCATION as
) h eฺ
http://s11-server1.mydomain.com/
m
co Guid
ฺ
l
i
a nt
root@s11-server1:~# pkg search m
diffstat
g
de
INDEX
ACTION VALUE
@
u
t
o
ld is S
a
n
th
o
PACKAGE
r
ฺ
e
s diff command compares files line by
erosetto uThe
pkg.description
c
i
line. Diffstat
(c nsreads
e the output of the diff command and displays
o
d
a histogram
of the insertions, deletions and modifications in
l
e
na file.licDiffstat is commonly used to provide a summary of the
each
o
R changes in large, complex patch files. Install diffstat if you
root@s11-server1:~# pkg publisher
PUBLISHER
TYPE
STATUS P
solaris
origin
online F

ro

e
Cic

an
r
t
n

need a program which provides a summary of the diff command's
output. pkg:/text/diffstat@1.51-0.175.1.0.0.9.0

…
…
If the IPS publisher is configured incorrectly, change to an operational publisher. For
example, if your current publisher is http://pkg.oracle.com/solaris/release/,
you need to change it to http://s11-server1.mydomain.com. Run the following
command:
root@s11-server1:~# pkg set-publisher –G ‘*’ \
–g http://s11-server1.mydomain.com/ solaris

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 6

le

b
a
r
e
f

Refer to Practice 2: Managing the Image Packing System (IPS) and Packages for
detailed IPS configuration.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

The objective is to access the IPS repository on the local system to speed up package
transfer during the zone installation steps.
4.

Verify that an rpool/zones ZFS file system exists and is mounted as /zones.
root@s11-server1:~# zfs list rpool/zones
NAME
USED AVAIL REFER MOUNTPOINT
rpool/zones
31K 22.6G
31K /zones
If the rpool/zones ZFS file system does not exist, run the following command:

5.

Configure grandmazone and display the results.

R
o
r
ce

Ci

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
root@s11-server1:~# zonecfg -z grandmazone
Use 'create' to begin configuring a new zone.
zonecfg:grandmazone> create
create: Using system default template ‘SYSdefault’
zonecfg:grandmazone> set zonepath=/zones/grandmazone
zonecfg:grandmazone> set autoboot=true
zonecfg:grandmazone> add net
zonecfg:grandmazone:net> set physical=vnic1
zonecfg:grandmazone:net> end
zonecfg:grandmazone> verify
zonecfg:grandmazone> commit
zonecfg:grandmazone> exit
root@s11-server1:~# zonecfg -z grandmazone info
zonename: grandmazone
zonepath: /zones/grandmazone
brand: solaris
autoboot: true
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 7

s

an
r
t
n

The root file systems for the zones will be stored in the rpool/zones file system.

le

b
a
r
e
f

root@s11-server1:~# zfs create -o mountpoint=/zones rpool/zones

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic1
defrouter not specified
anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
pkey not specified
linkmode not specified

le

s

Ci

6.

Configure choczone and display the results.
root@s11-server1:~# zonecfg -z choczone
Use 'create' to begin configuring a new zone.
zonecfg:choczone> create
create: Using system default template ‘SYSdefault’
zonecfg:choczone> set zonepath=/zones/choczone
zonecfg:choczone> set autoboot=true
zonecfg:choczone> add net
zonecfg:choczone:net> set physical=vnic2
zonecfg:choczone:net> end
zonecfg:choczone> verify
zonecfg:choczone> commit
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 8

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 9

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

zonecfg:choczone> exit
root@s11-server1:~# zonecfg -z choczone info
zonename: choczone
zonepath: /zones/choczone
brand: solaris
autoboot: true
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
address not specified
allowed-address not specified
physical: vnic2
defrouter not specified
anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified

pkey not specified
linkmode not specified
7.

Using the zoneadm command, display the configured zones.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# zoneadm list -cv
ID
0
-

NAME
global
grandmazone
choczone

STATUS
running
configured
configured

PATH
/
/zones/grandmazone
/zones/choczone

BRAND
solaris
solaris
solaris

IP
shared
excl
excl

Both zones are in configured state. They need to be installed.
8.

Using the sysconfig command, create a system configuration profile for grandmazone.
root@s11-server1:~# sysconfig create-profile -o \
/opt/ora/data/gmconf.xml

le

b
a
r
e
f

s

an
r
t
n

When the system configuration tool appears, follow the directions on the screen and
provide appropriate information from the following:
•
Computer name: grandmazone

o

an
s
ha ฺ
•
Ethernet network configuration: Manually
)
•
Network Interface: vnic1
om uide
c
ฺ
l
ai nt G
•
IP Address: 192.168.1.100
m
g ude
•
DNS: Do not configure @
DNS
t
o
S
d
l
•
Alternate Name Service:
None
s
na thi
o
r
ฺ
•
Time zone: Use
your
local
seregion.
o
r
u
e
•
Date and
ictime:eSettoto current date and time.
c
(
•
o password:
ns oracle1
dRoot
l
e
c
a
i name: oraclegm
o• n Your lreal

Ci

R•
o
r
ce
•
•

Username: oraclegm

User password: oracle1
Remove the Email address from the Support - Registration menu

After you have reviewed the information on the System Configuration Summary screen,
select F2_Apply.
Exiting System Configuration Tool. Log is available at:
/system/volatile/sysconfig/sysconfig.log.1999
root@s11-server1:~#
Display the SC profile that you just created for grandmazone.
root@s11-server1:~# more /opt/ora/data/gmconf.xml

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 10

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ






























…
…
root@s11-server1:~# zoneadm -z grandmazone install –c
/opt/ora/data/gmconf.xml

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce

The zone installation should take approximately 15 minutes.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 11

le

b
a
r
e
f

9.

Using the sysconfig command, create a system configuration profile for the choczone.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# sysconfig create-profile –o \
/opt/ora/data/chocconf.xml
When the system configuration tool appears, follow the directions on the screen and
provide the appropriate information from the following:
•
Computer name: choczone
•
Ethernet network configuration: Manually

ro

e
Cic

•

Network Interface: vnic2

•

IP Address: 192.168.1.200

•
•
•
•
•
•

DNS: Do not configure DNS
Alternate Name Service: None
Time zone: Use your local region.
Date and time: Set to current date and time.
Root password: oracle1
Your real name: oraclech

•

Username: oraclech

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
•
User password: oracle1
)
ฺ
e
m
d
o
i
•
Remove the Email address from the Support
u menu
ilฺc - Registration
G
a
t
n Configuration Summary screen,
mthe System
e
After you have reviewed the informationg
on
d
o@ Stu
select F2_Apply.
d
l
a this
n
o
oฺr use Tool. Log is available at:
Exiting System rConfiguration
e
ic e to
/system/volatile/sysconfig/sysconfig.log.2987
c
(
root@s11-server1:~#
do icens
l
a
l
n
Roroot@s11-server1:~# zoneadm -z choczone install –c \
/opt/ora/data/chocconf.xml

The zone installation should take approximately five minutes.
10. Show the results of the zone installations.
root@s11-server1:~# zoneadm list -iv
ID
0
-

NAME
global
grandmazone
choczone

STATUS
running
installed
installed

PATH
/
/zones/grandmazone
/zones/choczone

BRAND
solaris
solaris
solaris

IP
shared
excl
excl

BRAND
solaris

IP
shared

Both zones are in installed state.
11. Boot the grandmazone and choczone zones and show the results.
root@s11-server1:~# zoneadm -z grandmazone boot
root@s11-server1:~# zoneadm -z choczone boot
root@s11-server1:~# zoneadm list -v
ID NAME
0 global

STATUS
running

PATH
/

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 12

1 grandmazone
2 choczone

running
running

/zones/grandmazone
/zones/choczone

solaris
solaris

excl
excl

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Both zones have an ID and are in the running state.
12. Check the virtual network configuration in the global zone.
root@s11-server1:~# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
net0/v4add1
static
ok
192.168.0.100/24
lo0/v6
static
ok
::1/128
In the global zone, no information is displayed about the links that you created. Why?
Because the VNICs exist at the link level. They would be visible by using the dladm
commands that you used earlier.
13. Check the virtual network configuration in the grandmazone zone.

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
n the virtuall network configuration in the choczone zone. It should be similar to
14. Check
o
R
ro grandmazone, except for the name of the network interface and the IP address.

root@s11-server1:~# zlogin grandmazone
[Connected to zone 'grandmazone' pts/3]
Oracle Corporation
SunOS 5.11
11.1
September 2012
root@grandmazone:~# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
vnic1/v4
static
ok
192.168.1.100/24
lo0/v6
static
ok
::1/128
vnic1/v6
addrconf ok
fe80::8:20ff:fe0a:9710/10

e 15.

Cic

From grandmazone, use the ping command to verify that the virtual network that
connects grandmazone and choczone is operational.
root@grandmazone:~# ping 192.168.1.200
192.168.1.200 is alive

This demonstrates that you have connectivity with choczone because both zones are
created on the same network.
16. Exit to the global zone.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 13

le

b
a
r
e
f

Practice 6-3: Allocating Resources to Zones

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you allocate resources to the zones that you created in the previous practice. To
accomplish this goal, you perform the following key tasks:
• Enable services for resource pools
• Configure a persistent resource pool
• Bind the zone to a persistent resource pool
• Remove the resource pool configuration
• Manage the virtual network data flow

Task 1: Enabling Resource Pool Services
1.
2.

s

an
r
t
n

e

disabled
online

5.

16:06:10 svc:/system/pools:default
15:45:55 svc:/system/filesystem/local:default

Use the svcadm command to enable the pool services recursively. Confirm that the pool
services and the poold daemon are up.
root@s11-server1:~# svcadm enable -r pools/dynamic
root@s11-server1:~# svcs *pools*
STATE
STIME
FMRI
online
16:08:10 svc:/system/pools:default
online
16:08:11 svc:/system/pools/dynamic:default
root@s11-server1:~# pgrep -lf poold
8493 /usr/lib/pool/poold

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 14

le

b
a
r
e
f

no
a
s
a
root@s11-server1:~# pgrep -lf poold
h
)
ฺ
e
m
root@s11-server1:~# svcs *pools*
d
o
i
ilฺc t Gu
STATE
STIME
FMRI
a
m den
g
disabled
16:06:10 svc:/system/pools:default
o@ Stu
disabled
16:05:55ld
svc:/system/pools/dynamic:default
a this
n
o
ฺr uare
sedisabled.
oservices
r
Currently, all the e
pool
ic service
to is dependent on the default pool service.
c
e
4. Verify that the (dynamic
do icens svcs -d pools/dynamic
l
root@s11-server1:~#
a
l
n
oSTATE
STIME
FMRI
R
ro
3.

Cic

Verify that the Sol11-Server1 virtual machine is running. If the virtual machine is not
running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
Verify that the poold daemon and the pool services are running.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Use the pooladm command to display the default resource pool configuration that is
currently in use.
root@s11-server1:~# pooladm
system default
string
int
boolean
string

system.comment
system.version 1
system.bind-default true
system.poold.objectives wt-load

pool pool_default
int
pool.sys_id 0
boolean pool.active true
boolean pool.default true
int
pool.importance 1
string pool.comment
pset
pset_default

s

string

an
r
t
n

o

an
s
ha ฺ
)
pset pset_default
om uide
c
ฺ
l
ai -1 nt G
int
pset.sys_id
m
e
g udtrue
boolean pset.default
@
t
o
S1
uint ald
pset.min
s
i
n
h
uint
65536
ฺro uspset.max
et
o
r
pset.units population
e string
o
c
i
t
c
e
pset.load 164
o ( ensuint
d
l
lic uint pset.size 2
ona

R
o
r
ce

Ci

le

pset.comment

cpu
int
string
string

cpu.sys_id 1
cpu.comment
cpu.status on-line

int
string
string

cpu.sys_id 0
cpu.comment
cpu.status on-line

cpu

root@s11-server1:~#
Examine the default pool and the pset (processer set) configuration. Also note the
number of CPUs available.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 15

b
a
r
e
f

Task 2: Configuring a Persistent Resource Pool
1.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

2.

Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
Create the pool configuration file.
root@s11-server1:~# ls -l /etc/pool*
/etc/pool*: No such file or directory
Currently, the pooladm.conf file does not exist.
root@s11-server1:~# pooladm –s
Now you are saving the current pool configuration in the default file
/etc/pooladm.conf.

le

s

an
r
t
n

root@s11-server1:~# ls -l /etc/pool*
-rw-r--r-- 1 root root 1160 Dec 14 16:13 /etc/pooladm.conf
root@s11-server1:~# file /etc/pooladm.conf
/etc/pooladm.conf:
XML document

b
a
r
e
f

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
c
ailฺXML.nt Gu
The file has been created for you and it is m
of type
e the more command, so that you
g file byudusing
3. Display the contents of the pool configuration
@
t
o
S
ldat a time.
can examine its contents one page
s
a
i
n
h
t
root@s11-server1:~#
/etc/pooladm.conf
ฺro more
e
s
o
r
e to u

c
i
c
( system

ro R



wtload

0


388
2
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 16

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ


online
…
…
The XML file contains the default pool configuration that you saved in step 2.
4.

Use the poolcfg command to display the resource pool configuration from the config
file.
root@s11-server1:~# poolcfg -c info
system default
string
int
boolean
string

system.comment
system.version 1
system.bind-default true
system.poold.objectives wt-load

le

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
pool pool_default
)
de
int
pool.sys_id 0com
i
u
ฺ
l
ai truent G
boolean pool.active
m
e
g udtrue
boolean pool.default
@
t
o
S
int ald
pool.importance
1
s
i
n
h
t
o
string
pool.comment
ฺr use
opset
r
pset_default
e
o
c
i
t
c
( nse
…
o
d
l
e
… a
c
i
l
n
o

R
o
r
purpose of displaying it again is that you can view it another time before you make
ce

You will find that this display is exactly the same as in step 6 of the previous task. The

Ci

modifications.

5.

Create a pset called pset_1to2 by using the poolcfg command.
root@s11-server1:~# poolcfg -c 'create pset pset_1to2 \
(uint pset.min=1; uint pset.max=2)'
The pset is defined with a range of two CPUs (1–2). For instance, the kernel can use
one or two CPUs based on the workload.

6.

Use the poolcfg command to create a pool called pool_gmzone and associate it with the
pset_1to2 pset. Confirm whether the pool configuration file shows the current
modification stamp.
root@s11-server1:~# poolcfg -c 'create pool pool_gmzone \
(string pool.scheduler="FSS")'
While creating pool_gmzone, you also optionally indicate the Fair Share Scheduler
(FSS) as your default scheduling class.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 17

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# poolcfg -c 'associate pool pool_gmzone \
(pset pset_1to2)'
root@s11-server1:~# ls -l /etc/pool*
-rw-r--r-- 1 root root 1645 Dec 14 16:17 /etc/pooladm.conf
The pool configuration file has been modified as is evident from the time stamp.
7.

Use the poolcfg –c info command to view the modified pool configuration.
root@s11-server1:~# poolcfg -c info | more
system default
string
int
boolean
string

le

boolean
string
int
string
pset

pool.default false
pool.scheduler FSS
pool.importance 1
pool.comment
pset_1to2

pset pset_default
int
pset.sys_id -1
boolean pset.default true
uint
pset.min 1
uint
pset.max 65536
string pset.units population
uint
pset.load 42
uint
pset.size 2
string pset.comment

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 18

b
a
r
e
f

s

an
r
t
n

o

n
a
s
pool pool_default
ha ฺ
int
pool.sys_id 0 m)
co Guide
boolean pool.activeilฺtrue
boolean pool.default
nt
ma dtrue
e
g
int
pool.importance
o@ Stu 1
d
l
a pool.comment
is
string
n
h
t
o
ฺr uspset_default
e
opset
r
e
ic e to
c
(
pool_gmzone
ns
do pool
l
e
c
a
li
boolean pool.active true
on

R
o
r
ce

Ci

system.comment
system.version 1
system.bind-default true
system.poold.objectives wt-load

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

cpu
int
string
string

cpu.sys_id 1
cpu.comment
cpu.status on-line

int
string
string

cpu.sys_id 0
cpu.comment
cpu.status on-line

cpu

pset pset_1to2
int
boolean
uint
uint
string
uint
uint
string
root@s11-server1:~#

pset.sys_id -2
pset.default false
pset.min 1
pset.max 2
pset.units population
pset.load 0
pset.size 0
pset.comment

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
tu
o@
S
d
l
This is your new pool configuration.
The
pset,
s
a thi the pool, and the CPUs are all associated
n
o
and displayed as you had
specified.
Note that your pset_1to2 shows only one CPU
r
ฺ
e
s
o
r
currently. This is the
uCPU; maximum CPUs are used as needed. Output may
e minimum
o
c
i
t
slightly differ.
c
secommand to validate the configuration. Commit the changes by
o ( -n
n
d
8. Use the
pooladm
–c
l
e
a -c option.
lic
nthe
using
o
ro R

e
Cic

root@s11-server1:~# pooladm -n –c
root@s11-server1:~# pooladm -c

9.

Using the poolcfg –dc info command, display the current pool configuration that is in
use.
root@s11-server1:~# poolcfg -dc info | more
system default
string
int
boolean
string

system.comment
system.version 1
system.bind-default true
system.poold.objectives wt-load

pool pool_gmzone
int
pool.sys_id 1
boolean pool.active true
boolean pool.default false
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 19

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

string
int
string
pset

pool.scheduler FSS
pool.importance 1
pool.comment
pset_1to2

pool pool_default
int
pool.sys_id 0
boolean pool.active true
boolean pool.default true
int
pool.importance 1
string pool.comment
…
…

le

b
a
r
e
f

s

an
r
t
n

This display should include your modifications; for instance, the pool_gmzone pool and
its pset pset_1to2 shown here.

Cic

no
a
10. Use the poolstat command to display all the active resource pools.
s
a
h
)
ฺ
root@s11-server1:~# poolstat -r all
e
m
d
o
i
id pool
type rid rset
load
ilฺc t Gumin1 max2 size1 used
a
1 pool_gmzone
pset
1 pset_1to2
0.00 0.00
m den
g
0 pool_default
pset -1 pset_default
1 66K
1 0.00 0.03
@
u
t
o
ld is S
a
n
The output shows a default
pool as well
th as your new pool.
o
r
ฺ
e
ero to us
c
i
(c nse
o
Task 3: Binding
Zone
ld the
e to a Persistent Resource Pool
c
a
i
l
n
o
1. R
Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
o
er password. Assume administrator privileges.
2.

Use the zoneadm command to list the current state of the zones.
root@s11-server1:~# zoneadm list -iv
ID
0
1
2

NAME
global
grandmazone
choczone

STATUS
running
running
running

PATH
/
/zones/grandmazone
/zones/choczone

BRAND
solaris
solaris
solaris

IP
shared
excl
excl

The choczone and grandmazone zones are both up and running.
3.

Because grandmazone needs the resource pool, allocate the pool to grandmazone.
root@s11-server1:~# zonecfg -z grandmazone set pool=pool_gmzone

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 20

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

4.

Confirm that the pool allocation is included in the zone configuration.
root@s11-server1:~# zonecfg -z grandmazone info | grep pool
pool: pool_gmzone
The info sub option displays the pool that is allocated to the grandmazone zone.

5.

Reboot grandmazone to activate the resource pool binding. Check whether the zone has
rebooted and is currently running.
root@s11-server1:~# zlogin grandmazone init 6
root@s11-server1:~# zoneadm list -iv
ID
0
1
2

NAME
global
grandmazone
choczone

STATUS
running
running
running

PATH
/
/zones/grandmazone
/zones/choczone

Note that the reboot process might take a while to complete.
6.

Log in to grandmazone to confirm the availability of the resource pool.

e

string

system.poold.objectives wt-load

pool pool_gmzone
int
pool.sys_id 1
boolean pool.active true
boolean pool.default false
string pool.scheduler FSS
int
pool.importance 1
string pool.comment
pset
pset_1to2
pset pset_1to2
int
pset.sys_id 1
boolean pset.default false
uint
pset.min 1
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 21

IP
shared
excl
excl

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
September
d
o
i
ilฺc t Gu
a
en pool configuration.
gmtheumodified
7. Use the poolcfg –dc info command@
to view
d
t
o -dc S
d
l
root@grandmazone:~# poolcfg
info
s
na thi
o
r
ฺ
e
s
o
r
u
e
system default
ic system.comment
to
c
(
e
string
do inticenssystem.version 1
l
a
l
on
R
boolean system.bind-default true
ro
root@s11-server1:~# zlogin grandmazone
[Connected to zone 'grandmazone' pts/1]
Oracle Corporation
SunOS 5.11
11.1

Cic

BRAND
solaris
solaris
solaris

2012

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

uint
string
uint
uint
string

pset.max 2
pset.units population
pset.load 1827
pset.size 1
pset.comment

cpu
int
string
string

cpu.sys_id 0
cpu.comment
cpu.status on-line

root@grandmazone:~#

8.

Exit grandmazone. Log in to choczone.

no
a
s
a
h
)
ฺ
e
m
d
o
i
[Connection to zone 'grandmazone' pts/1
u
ฺc closed]
l
i
G
a
t
root@s11-server1:~# zlogin choczone
m den
g
[Connected to zone 'choczone'
pts/1]
o@5.11 Stu 11.1
d
l
Oracle Corporation
SunOS
September
a this
n
o
ฺr command,
9. Using the poolcfg –dcoinfo
se display the current pool configuration.
r
u
e
ic epoolcfg
root@choczone:~#
to -dc info
c
(
do icens
l
a
l
n
default
osystem
R
string system.comment
ro
root@grandmazone:~# exit
logout

e

Cic

int
system.version 1
boolean system.bind-default true
string system.poold.objectives wt-load
pool pool_default
int
pool.sys_id 0
boolean pool.active true
boolean pool.default true
int
pool.importance 1
string pool.comment
pset
pset_default
pset pset_default
int
pset.sys_id -1
boolean pset.default true
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 22

s

an
r
t
n

le

b
a
r
e
f

This is your new pool configuration. The pset, the pool, and the CPUs are all associated
as you had specified.

2012

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

uint
uint
string
uint
uint
string

pset.min 1
pset.max 65536
pset.units population
pset.load 149
pset.size 1
pset.comment

cpu
int
string
string

cpu.sys_id 1
cpu.comment
cpu.status on-line

root@choczone:~# exit

le

b
a
r
e
f

s

an
r
t
n

Because you have not modified any pool configuration here, you will see the default
resource pool configuration.

no
a
10. Exit the zone choczone.
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
Task 4: Removing the Resource Pool Configuration
a
m den user. Use oracle1 as the
1. Log in to the Sol11-Server1 virtual machinegas the oracle
o@ Stu
password. Assume administrator privileges.
d
l
a grandmazone
is
n
h
2. Remove the pool configuration
from
by using the zonecfg command.
t
o
ฺr use
o
r
root@s11-server1:~#
e tozonecfg -z grandmazone clear pool
c
i
c
( nse
o
d
l
e Check the zone to see if it is up and running.
3. Rebootagrandmazone.
c
i
l
n
oroot@s11-server1:~# zlogin grandmazone init 6
R
o
root@s11-server1:~# zoneadm list -iv
er

Cic

ID
0
2
3

4.

NAME
global
choczone
grandmazone

STATUS
running
running
running

PATH
/
/zones/choczone
/zones/grandmazone

BRAND
solaris
solaris
solaris

IP
shared
excl
excl

Log in to grandmazone. Use the poolcfg –dc info command to check the resource
pool configuration.
root@s11-server1:~# zlogin grandmazone
[Connected to zone 'grandmazone' pts/1]
Oracle Corporation
SunOS 5.11
11.1
September 2012
root@grandmazone:~# poolcfg -dc info
system default
string system.comment
int
system.version 1
boolean system.bind-default true
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 23

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

string

system.poold.objectives wt-load

pool pool_default
int
pool.sys_id 0
boolean pool.active true
boolean pool.default true
int
pool.importance 1
string pool.comment
pset
pset_default
pset pset_default
int
pset.sys_id -1
boolean pset.default true
uint
pset.min 1
uint
pset.max 65536
string pset.units population
uint
pset.load 1418
uint
pset.size 1
string pset.comment
cpu
int
cpu.sys_id 1
string cpu.comment
string cpu.status on-line
root@grandmazone:~#

le

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
o ens
d
l
a
ic of the new resource pool information? No, only the default resource
oDon you havelany

R
o
r
ce 5. Exit the grandmazone zone to return to the global zone.

Ci

b
a
r
e
f

pool configuration is available and displayed.
root@grandmazone:~# exit
logout

[Connection to zone ‘grandmazone’ pts/1 closed]
root@s11-server1:~#
Note that the resource pool configuration is kept because it will be used again in
subsequent practices.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 24

Practice 6-4: Managing the Virtual Network Data Flow

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Now that you have configured the resources for the zone, in this task, you manage the
resources on the virtual network.
It was determined by the transaction load for the choczone zone that it requires up to 100MB/s
of network bandwidth to receive and process the transaction on time. To accomplish this
objective, you also increase the priority of transaction handling to high.

Tasks
1.
2.

Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
Use dladm show-link to determine the state of all the links that are currently configured
in the system.
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
STATE
OVER
net1
phys
1500
unknown -net2
phys
1500
unknown -net0
phys
1500
up
-net3
phys
1500
unknown -stub0
etherstub 9000
unknown -vnic0
vnic
9000
up
stub0
vnic1
vnic
9000
up
stub0
grandmazone/vnic1
vnic
9000
up
stub0
vnic2
vnic
9000
up
stub0
choczone/vnic2
vnic
9000
up
stub0
choczone/net0
vnic
1500
up
net0
grandmazone/net0
vnic
1500
up
net0

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l are available that you created in Practice 6-1.
n same VNICs
oThe

Ci

R
o
r
3.
ce Use the flowadm command to create a flow called http1. Define this traffic to port 80.
Display the results.

First create a new VNIC called vnic3.
root@s11-server1:~# dladm create-vnic -l stub0 vnic3
root@s11-server1:~# flowadm add-flow -l vnic3 -a \
transport=tcp,local_port=80 http1
root@s11-server1:~# flowadm show-flow
FLOW

LINK

IPADDR

PROTO

LPORT

RPORT DSFLD

http1

vnic3

--

tcp

80

--

--

In this case, the name of the new flow control is http1 and it controls the vnic3
configuration.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 25

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

4.

Use the flowadm command to set the maximum bandwidth of the flow property to 100
Mbps on the http1 flow. Show the results.
root@s11-server1:~# flowadm set-flowprop -p maxbw=100M http1
root@s11-server1:~# flowadm show-flowprop http1
FLOW
http1

PROPERTY
maxbw

VALUE
100

DEFAULT
--

POSSIBLE
--

Note: The bandwidth capping is demonstrated here for training purposes only. On the
job, you may also have to manage the bandwidth by increasing or decreasing it. This
would be based on the transactions running for your business application.
5.

Use the dladm command to set the link property priority to high on the vnic3 link.
Display the results.
root@s11-server1:~# dladm set-linkprop -p priority=high vnic3
root@s11-server1:~# dladm show-linkprop -p priority vnic3
LINK
vnic3

PROPERTY
priority

PERM VALUE
rw
high

DEFAULT
high

s

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 26

an
r
t
n

POSSIBLE
low,medium,high

le

b
a
r
e
f

Practice 6-5: Removing Part of the Virtual Network
Overview

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

In this task, you delete the network flow. Other virtual network components and the zones are
not being deleted because they will be used in the subsequent practices.

Task
1.
2.

Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
Use the flowadm command to delete the flow. Display the results.
root@s11-server1:~# flowadm show-flow
FLOW
DSFLD
http1
--

LINK

IPADDR

PROTO

LPORT

RPORT

vnic3

--

tcp

80

--

root@s11-server1:~# flowadm remove-flow -l vnic3
root@s11-server1:~# flowadm show-flow
3.

Ci

4.

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Use the dladm command to display and delete the links. Display the results.
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
STATE
OVER
net1
phys
1500
unknown -net2
phys
1500
unknown -net0
phys
1500
up
-net3
phys
1500
unknown -stub0
etherstub 9000
unknown -vnic0
vnic
9000
up
stub0
vnic1
vnic
9000
up
stub0
grandmazone/vnic1
vnic
9000
up
stub0
vnic2
vnic
9000
up
stub0
choczone/vnic2
vnic
9000
up
stub0
choczone/net0
vnic
1500
up
net0
grandmazone/net0
vnic
1500
up
net0
vnic3
vnic
9000
up
stub0

R
o
r
ce

Use the dladm command to delete the vnic3 link.
root@s11-server1:~# dladm delete-vnic vnic3

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 27

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

Use the dladm command to display the links.
root@s11-server1:~# dladm show-link
LINK
CLASS
MTU
net1
phys
1500
net2
phys
1500
net0
phys
1500
net3
phys
1500
stub0
etherstub 9000
vnic0
vnic
9000
vnic1
vnic
9000
grandmazone/vnic1
vnic
9000
vnic2
vnic
9000
choczone/vnic2
vnic
9000
choczone/net0
vnic
1500
grandmazone/net0
vnic
1500

STATE
unknown
unknown
up
unknown
unknown
up
up
up
up
up
up
up

This configuration will be used in future practices.

OVER
-----stub0
stub0
stub0
stub0
stub0
net0
net0

le

s

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 6: Configuring Zones and the Virtual Network
Chapter 6 - Page 28

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 7:
e
m
d
o
i
Managing
and
u
ilฺc tServices
G
a
n
m deProperties
Service
g
tu7
o@Chapter
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 1

Practice Overview for Lesson 7

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
In these practices, you are given a plan for configuring, restoring, and maintaining the Oracle
Solaris 11.1 services and getting acquainted with various service profiles.
According to the predeployment plan, the time has come for you to evaluate the Service
Management Facility (SMF) services. You have been tasked with working with multiple
scenarios to test the SMF functionality. In support of your business applications, in certain
cases, you may have to create, troubleshoot, and modify the services and the service profiles.
The key areas explored in the practices are:
• Configuring SMF services
• Restoring and recovering a service
• Working with service profiles

s

an
r
t
n

Note: In many cases, your command output displays may be different from the displays in
the practice. Some examples would be storage, process IDs, and session-oriented and
system-generated information.

Ci

no
a
s
a
h
) youeareฺ working with
Check your progress. You just completed the zones lesson and
now
m
o
Services.
c Guid
ฺ
l
i
ma dent
g
√
Oracle Solaris
11.1 Predeployment
Checklist
tu
o@
S
d
l
s
√
na System
thi(IPS) and Packages
Managing the ImagerPackaging
o
ฺ
e
eroSolaristo11.1uons Multiple Hosts
√
c
Installing
Oracle
i
(c nse
o
√
ldManaging
e Business Application Data
the
c
a
i
l
n
o
√ R
o
Configuring Network and Traffic Failover
cer
√

Configuring Zones and the Virtual Network
Managing Services and Service Properties

Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Oracle Solaris Auditing
Managing Processes and Priorities
Evaluating System Resources
Monitoring and Troubleshooting System Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 2

le

b
a
r
e
f

Practice 7-1: Configuring SMF Services

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
As part of the predeployment testing plan, you are given the task of creating a simple service
that can also assist you in modifying a service. You will call this new service crmsvc, which has
been designed to monitor the CRM processes. In addition, you will also modify environment
variables and properties of actively running services. For example, you will determine any
memory leaks caused by the running programs and turning on the TCP trace. In this practice,
you work with SMF services in the following areas:
• Creating and exporting a service
• Modifying a service
• Changing an environment variable for a service
•

Changing a property for a service controlled by inetd

Task 1: Creating and Exporting a Service
1.

s

an
r
t
n

Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
Double-click the Sol11-Desktop icon to launch the Sol11-Desktop virtual machine.

no
a
s Use the password
2. Log in to the Sol11-Desktop virtual machine as the user oracle.
a
h
oracle1.
)
ฺ
e
m
d
o
i
3. Right-click the desktop background and open a terminal
u
lฺc window.
i
G
a
t
4. In the terminal window, run the su - command
n administrator privileges.
m to assume
e
g
d
oracle@s11-desktop:~$ su o
-@
tu
S
d
l
s
Password:
na thi
o
r
ฺ
Oracle Corporation
SunOS
11.1
September 2012
se 5.11
o
r
u
e
o
ic e t
root@s11-desktop:~#
c
(
o user esstudent
ns exists. If not, create the user sstudent and then confirm
5. Verify that
dthe
l
c
a
that
onthe user hasli been created.
R
ro root@s11-desktop:~# tail /etc/passwd

e

Cic

le

b
a
r
e
f

nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
aiuser:x:60003:60001:AI User:/:
pkg5srv:x:97:97:pkg(5) server UID:/:
oracle:x:60004:10:Oracle:/home/oracle:/usr/bin/bash
…
…
…
sstudent:x:60008:10:super student:/export/home/sstudent:/bin/sh

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 3

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Note: The user sstudent has been created so that you can create a new service as a
non-administrative user. Because you must have the appropriate privileges, you will
perform some steps as an administrative user.
If sstudent does not exist, run the following command:
root@s11-desktop:~# useradd -u 60008 -g 10 –d \
/export/home/sstudent -m -s /bin/bash -c "super student" sstudent
6.

As the sstudent user, create the smf directory in your home directory. Create a file called
monitor.crm with the contents shown below. Finally, grant the execution permission on
the script.
root@s11-desktop:~# su - sstudent
Oracle Corporation
SunOS 5.11
11.1
September 2012
sstudent@s11-desktop:~$ pwd
/export/home/sstudent
sstudent@s11-desktop:~$ mkdir smf
sstudent@s11-desktop:~$ ls
local.cshrc local.login local.profile smf
sstudent@s11-desktop:~$ cd smf
sstudent@s11-desktop:~/smf$ vi monitor.crm
sstudent@s11-desktop:~/smf$ cat monitor.crm
#!/bin/sh
echo "crm monitoring service" > /export/home/sstudent/smf/crmrep

s

an
r
t
n

r7.o

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use chmod 774 monitor.crm
sstudent@s11-desktop:~/smf$
r
e
ic e to
c
(
ns you granted the execute permission on the script so it can be
do ithe
After lcreating
script,
e
c
a
l
n
Roexecuted.
Exit the sstudent user account to return to the administrative user to configure the
service. Use the svccfg command to copy an existing service to serve as a template.
root@s11-desktop:~/smf$ exit
root@s11-desktop:~# svccfg export system/utmp > \
/var/svc/manifest/site/crmsvc.xml

Instead of starting the manifest file from scratch, you will have this template to work with.
8.

Edit the crmsvc.xml file to match the contents displayed. Your file should match these
contents exactly, so make sure to delete all unnecessary tags from the template.
root@s11-desktop:~# vi /var/svc/manifest/site/crmsvc.xml
root@s11-desktop:~# more /var/svc/manifest/site/crmsvc.xml




Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 4

le

b
a
r
e
f




Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

[Make sure you delete the dependency and dependent tags.]


[Make sure you delete the stability value and template tags and their associated
information]






s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
@service
u look like this. Review the contents
After editing, the manifest for youro
test
tshould
S
d
l
s
for any XML tags missing, and
naany typing
thi errors. Notice that exec_method matches up
o
r
with your program.
ฺ
e
s
roby using
uthe
efile
9. Validate the manifest
svccfg validate command.
o
c
i
t
c
(
e
root@s11-desktop:~#
do icens svccfg validate /var/svc/manifest/site/crmsvc.xml
l
a
l
on
R
ro Unless there are any spelling mistakes, the validate command should run fine.

e 10.

Cic

le

b
a
r
e
f

By using the svcadm restart command, make the manifest available to SMF.
root@s11-desktop:~# svcadm restart system/manifest-import

Because the service you created is in an SMF standard manifest directory, you can just
restart the manifest service. This will import the newly created service. You don’t have to
import the service individually. This is the recommended practice.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 5

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

11. Display the service by using the svcs command. If it is disabled, enable it by using the
svcadm command.
root@s11-desktop:~# svcs crmsvc
disabled
13:14:07 svc:/site/crmsvc:default
root@s11-desktop:~# svcadm enable /site/crmsvc
root@s11-desktop:~# svcs crmsvc
STATE
STIME
FMRI
online
13:43:36 svc:/site/crmsvc:default
Is your service enabled and online? Yes.
12. Now verify that the command echo was executed by using the new service.
root@s11-desktop:~# cat /export/home/sstudent/smf/crmrep
crm monitoring service

s
n
a
r
The action you had specified in the monitor.crm was executed by bringing
-tup the
n
o
service resulting in echoing the above string to the crmrep file. This is
how
n you can
a
execute a program as a service.
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
Task 2: Modifying Service Configuration
a
m den
g
Overview
o@ Stu
d
l
avariousthtypes
is of service modifications, for example, the
The following tasks will introduceothe
n
e properties and process to service conversion.
service environment variables,
sservice
oฺrnetwork
r
u
e
In this practice, you c
will
icwork with
toSMF services in the following areas:
(
e
• Changing
ns variable for a service
do anicenvironment
l
e
a
• on
Changing al property of a service controlled by inetd
R
ero

Cic

Task 2A: Change an Environment Variable for a Service
1.
2.
3.
4.

Double-click the Sol11-Desktop icon to launch the Sol11-Desktop virtual machine.
Log in to the virtual machine Sol11-Desktop as the user oracle. Use the password
oracle1.
Right-click the desktop background and open a terminal window.
In the terminal window, run the su - command to assume administrator privileges.
oracle@s11-desktop:~$ su Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-desktop:~#

11.1

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 6

le

b
a
r
e
f

September 2012

5.

By using the svcs command, check to see if the cron service is running.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-desktop:~# svcs system/cron
STATE
STIME
FMRI
online
6:52:52 svc:/system/cron:default
The cron service is up and running.
6.

Use the svccfg command to modify the memory environment variables for the cron
service.
root@s11-desktop:~# svccfg -s system/cron:default setenv \
UMEM_DEBUG default
root@s11-desktop:~# svccfg -s system/cron:default setenv \
LD_PRELOAD libumem.so

le

e
Cic

ab
The two environment variables are configured for the cron service for debugging thefer
s
n
memory leaks while the cron service is executing a program.
a
r
-t
n
o
n
7. Refresh and restart the cron service by using the svcadm commanda
to make the changes
s
effective.
ha ฺ
)
root@s11-desktop:~# svcadm refresh system/cron
om uide
c
ฺ
l
G
root@s11-desktop:~# svcadm restart
aisystem/cron
t
n
m
gbeen modified.
8. Verify that the environment variables have
de
@
u
t
o
Note: Use the back tick key on the
toSenclose the pgrep command. Look for the
ldkeyboard
s
a
i
n
h
t
back tick below the tilde (~)ro
the keyboard.
ฺ key on
e
s
o
r
u -e `pgrep -f /usr/sbin/cron`
root@s11-desktop:~#
e topargs
c
i
c
( nse
1593: /usr/sbin/cron
o
d
l
e
… a
c
i
l
n
o…
R
o
r
envp[10]: LD_PRELOAD=libumem.so
…
…
envp[19]: UMEM_DEBUG=default
envp[20]: A__z="*SHLVL
Your display may be slightly different.
Are the configured environment variables displayed in the output? Yes, envp[10] and
envp[19] show the new values.
This command is helpful when you need to debug or monitor programs for memory
leaks.
In order to find the memory leaks in the programs, you need knowledge of Oracle Solaris
debugging tools like mdb. The debugging topic is covered in more specialized course like
Oracle Solaris 11 Performance Management.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 7

Task 2B: Change a Property for an inetd-Controlled Service

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

1.
2.
3.

Verify that the Sol11-Server1 virtual machine is running. If it is not, start it now.
Log in to the virtual machine Sol11-Server1 as the user oracle. Use the password
oracle1.
Assume administrator privileges.
oracle@s11-server1:~$ su Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-server1:~#

4.

11.1

September 2012

By using the inetadm command, list the properties of the telnet service.
root@s11-server1:~# inetadm -l svc:/network/telnet:default
SCOPE
NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
default connection_backlog=10
default tcp_keepalive=FALSE

le

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Is the tcp_trace property for telnet enabled? No, because it says false in the
entry.
5.

Use the inetadm command to enable tcp_trace on the telnet service. Confirm the
action.
root@s11-server1:~# inetadm -m svc:/network/telnet:default tcp_trace=TRUE
root@s11-server1:~# inetadm -l svc:/network/telnet:default
SCOPE
NAME=VALUE
name="telnet"
…
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 8

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

…
…
default
default
default
default

inherit_env=TRUE
tcp_trace=TRUE
tcp_wrappers=FALSE
connection_backlog=10
tcp_keepalive=FALSE

Why do we need to turn on tcp_trace? So the telnet connections can be
monitored.
Is the tcp_trace enabled now for the telnet service? Yes.
6.

Start verifying the tcp_trace by using the telnet command to connect to the
localhost and the exit command to log out.
Note: If you are unable to connect, the telnet service may be down. You can bring it up by
using the command:
# svcadm enable network/telnet

s

no
a
s
Trying ::1…
a
h
)
ฺ
Connected to s11-server1.
e
m
d
o
i
Escape character is '^]'.
lฺc t Gu
i
a
login: oracle
m den
g
Password: oracle1
o@ Stu
d
l
Last login: Thu Dec n
15a 07:08:43
is on s11-desktop
h
t
o
Oracle Corporation
11.1
September
se 5.11
oฺr uSunOS
r
e
o
oracle@s11-server1:~#
exit
ic e t
c
(
logout
do icens
l
a
l to s11-server1 closed by foreign host.
Connection
n
Ro
root@s11-server1:~# telnet localhost

ro

e
Cic

7.

an
r
t
n

2012

Because you created the connection, you can check if the tcp_trace property is
logging the message.
Check whether any message was logged in the /var/adm/messages file.
root@s11-server1:~# tail -1 /var/adm/messages

Dec 15 08:27:57 s11-server1 inetd[787]: [ID 317013 daemon.notice]
telnet[13363] from 127:0:0:1 57330
Note: -1 in the command is the digit one.
By using the tail command with -1 option, you display the last or most current
message.
Is the telnet connection logged? Yes.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 9

le

b
a
r
e
f

8.

Confirm the entry in /etc/syslog.conf, which is configured to log this message.
root@s11-server1:~# grep /var/adm/messages /etc/syslog.conf

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

*.err;kern.debug;daemon.notice;mail.crit
...
...

/var/adm/messages

Notice that the daemon.notice facility messages are configured to be written to
/var/adm/messages. Who is writing the trace messages to /var/adm/messages?
The syslogd daemon.

Task 2C: Modify the Manifest for a Service
1.
2.

Double-click the Sol11-Desktop icon to launch the S11-Desktop virtual machine.
Log in to the virtual machine S11-Desktop as the user oracle. Use the password
oracle1.
Right-click the desktop background and open a terminal window.
In the terminal window, run the su - command to assume administrator privileges.

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
oracle@s11-desktop:~$ su )
ฺ
e
m
d
Password: oracle1
o
i
u September 2012
lฺc 11.1
G
Oracle Corporation
SunOS 5.11 ai
t
m den
g
root@s11-desktop:~#
othe@statusSoftuthe crmsvc service you created earlier
d
l
5. By using the svcs command, check
a this
n
o
in Practice 7-1, Task 1. Disable
service
and display the result.
ฺr the
e
s
o
r
u appear in a maintenance state when you run the svcs
Note: If the crmsvc
eservice tshould
o
c
i
c
( thenfirst
crmsvc command
se time, disable the service, refresh it, and then enable it to bring it
oonline
d
back into
an
state.
l
e
lic
na
o
root@s11-desktop~#
svcs crmsvc
R
o
r
3.
4.

e
Cic

online
10:04:44 svc:/site/crmsvc:default
root@s11-desktop:~# svcadm disable crmsvc
root@s11-desktop:~# svcs crmsvc
STATE
STIME
FMRI
disabled
10:07:59 svc:/site/crmsvc:default
Notice that at this time crmsvc is disabled.

6.

Use the cd command to switch to sstudent’s smf directory. Display the directory’s
contents.
root@s11-desktop~# cd /export/home/sstudent/smf;ls
crmrep
monitor.crm

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 10

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7.

By using the cp command, copy the file monitor.crm as monitor1.crm. By using the
vi editor, modify the contents of monitor1.crm as indicated below.
root@s11-desktop:/home/sstudent/smf# cp monitor.crm monitor1.crm
root@s11-desktop:/home/sstudent/smf# vi monitor1.crm
root@s11-desktop:/home/sstudent/smf# cat monitor1.crm
#!/bin/sh
echo "here is your modified crm monitoring service" >
/export/home/sstudent/smf/crmrep
Your modified service should record this new message in the crmrep file.

8.

Use the cd command to switch to the manifest directory. Edit the crmsvc.xml to refer to
monitor1.crm instead of monitor.crm.
root@s11-desktop:/home/sstudent/smf# cd /var/svc/manifest/site
root@s11-desktop:/var/svc/manifest/site# ls
crmsvc.xml
root@s11-desktop:/var/svc/manifest/site# vi crmsvc.xml
root@s11-desktop:/var/svc/manifest/site# grep monitor crmsvc.xml


s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den cd
g
root@s11-desktop:/var/svc/manifest/site#
o@ Stu
root@s11-desktop:~#
d
l
arestarttthe
ismanifest-import service. Enable crmsvc
n
h
o
9. By using the svcadm command,
r
se
oisฺonline.
r
and confirm the service
u
e
ic e tosvcadm restart manifest-import
c
root@s11-desktop:~#
(
do icens svcadm restart crmsvc
l
root@s11-desktop:~#
a
l
n
oroot@s11-desktop:~#
svcadm enable crmsvc
R
o
r

e
Cic

root@s11-desktop:~# svcs crmsvc
online
10:27:25 svc:/site/crmsvc:default
The service is online.

10. By using the cat command, display the new contents of the report.
root@s11-desktop:~# cat /export/home/sstudent/smf/crmrep
here is your modified crm monitoring service
So what was the purpose of modifying the service manifest? To demonstrate that these
are the steps you take to modify an existing service. The modified service is executing a
different program monitor1.crm.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 11

le

b
a
r
e
f

Practice 7-2: Working with Service Profiles

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you evaluate the current service profile. Based on your business application
environment, you want to make sure that only the required services are enabled at the system
startup. In addition, you learn how to limit remote access to your host by using a network profile.
The following activities are addressed:
• Creating an SMF profile
• Applying an SMF profile
•

Changing the services and their configuration by using the netservices command

Tasks
1.
2.
3.
4.

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
oracle@s11-desktop:~$ su h
)
ฺ
e
m
Password: oracle1
d
o
i
c Gu September 2012
Oracle Corporation
SunOS 5.11 ailฺ 11.1
m dent
g
root@s11-desktop:~#
@ status
tu of cups/scheduler service.
ocurrent
S
5. Use the svcs command to check lthe
d
s
a thi
nsvcs
o
root@s11-desktop:~#
cups/scheduler
r
ฺ
e
s
o
r
usvc:/application/cups/scheduler:default
online
e16:48:33
o
c
i
t
c
o ( ense
d
l
Currently,
c is enabled.
na theliservice
o
r6.o RUse the command svccfg extract to copy the currently active SMF profile into a file

e

Cic

Double-click the Sol11-Desktop icon to launch the Sol11-Desktop virtual machine.
Log in to the Sol11-Desktop virtual machine as the user oracle. Use the password
oracle1.
Right-click the desktop background and open a terminal window.
In the terminal window, run the su - command to assume administrator privileges.

called profile.xml.

root@s11-desktop:~# svccfg extract > profile.xml
7.

By using the vi editor, modify the extracted file profile.xml. Change the enabled
property of application/cups/scheduler service from true to false.
root@s11-desktop:~# vi profile.xml
root@s11-desktop:~# more profile.xml



…
…
…

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 12

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ





…
…
…
After you apply the configuration, this cups/scheduler service will be disabled.
8.

Use the svccfg command to apply the modified profile.
root@s11-desktop:~# svccfg apply profile.xml
Note: Allow the OS to apply the changes. It will take a few minutes.

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
Notice the cups/scheduler service is disabled.
ilฺc t Gu
a
m den
g
u svcadm enable command. As a last
Refresh and then enable the service
by using tthe
o@
S
d
l
s
step, verify that the servicen
isanow back ionline.
th
o
r
ฺ
e
us refresh cups/scheduler
ero tosvcadm
root@s11-desktop:~#
c
i
(c nse svcadm enable cups/scheduler
root@s11-desktop:~#
o
ld lice
a
root@s11-desktop:~#
svcs cups/scheduler
n
Roonline
16:50:15 svc:/application/cups/scheduler:default
root@s11-desktop:~# svcs cups/scheduler
disabled
16:48:33 svc:/application/cups/scheduler:default

ro

e
Cic

The service is once again enabled.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 7: Managing Services and Service Properties
Chapter 7 - Page 13

Practice 7-3: Restoring and Recovering a Service

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Your predeployment test plan calls for various SMF service scenarios. This practice covers
most of the repair and restore scenarios when a service or the SMF repository has become
defective. The following areas will be addressed in this practice:
•

Restoring a service in the maintenance state

•
•
•

Reverting to a previous SMF snapshot
Repairing a corrupt repository
Debugging a service that is not starting

Task 1: Restore a Service in the maintenance State
Now you look at a service which will be in the maintenance state. In a training scenario like
this, you will make a spelling error in the service manifest file, and observe the service going
into the maintenance state and correct the problem.

le

b
a
r
e
f

1.
2.
3.
4.

5.

ro

e
Cic

6.

s
n
a
r
-t
Double-click the Sol11-Desktop icon to launch the Sol11-Desktop virtual machine.
n
o
npassword
Log in to the Sol11-Desktop virtual machine as the user oracle. Useathe
s
oracle1.
ha ฺ
)
Right-click the desktop background and open a terminal window.
ide privileges.
comadministrator
u
ฺ
l
In the terminal window, run the su - command toiassume
a nt G
m
oracle@s11-desktop:~$ su g ude
@
t
o
Password: oracle1
S
d
l
s
a th5.11
i
Oracle Corporation on SunOS
11.1
September 2012
r
ฺ
e
root@s11-desktop:~#
ero to us
c
i
Use the command
to
(c svcs
e check if the crmsvc service is running.
s
o
n
ld lice
root@s11-desktop:~#
svcs crmsvc
a
n
o
STIME
FMRI
R STATE
online

10:27:25 svc:/site/crmsvc:default

By using vi (or any other UNIX editor), delete the last letter ‘m’ from the file name
monitor1.crm in the method block as indicated. Save the changes.
root@s11-desktop:~# cd /var/svc/manifest/site
root@s11-desktop:/var/svc/manifest/site# vi crmsvc.xml













E: basic
I: basic
P: basic
L: all
Because you are logged in as jholt, the current process shows your privileges, which
could be different for different accounts based on the privileges granted by the system
administrator.
Why would you want to use the -v option with this command? Issue the command and
analyze the difference. Refer to Task 1 if you need help.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 8

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

jholt@s11-server1:~$ ls -ld /export/home/jmoose/docs
drwxr-xr-x
2 jmoose
staff
2 Dec 15 03:00
/export/home/jmoose/docs
jholt@s11-server1:~$
Before you change the ownership of the docs directory in jmoose’s home directory, you
want to make sure jmoose is (of course!) the owner.
8.

As the jholt user, use the chown command to change the ownership of the docs
directory to jholt.
jholt@s11-server1:~$ chown jholt /export/home/jmoose/docs
chown: /export/home/jmoose/docs: Not owner

le

e
Cic

b
a
r
e
As expected, since jholt does not have the privilege to execute the chown command,
sf
n
a message is displayed.
a
tr
n
9. Use the ppriv command in debug mode to determine what privilege is missing.
no
a
jholt@s11-server1:~$ ppriv -eD chown jholt \ s
ha ฺ
/export/home/jmoose/docs
)
de = 60005,
chown[1737]: missing privilege "file_chown"
om (euid
i
c
u
ฺ
l
syscall = 56) for "/export/home/jmoose/docs"
ai nt G needed at
m
zfs_setattr+0xbb3
g ude
@
t owner
o
chown: /export/home/jmoose/docs:
Not
S
d
l
s
na thi
o
r
ฺ
se by jholt? The file_chown privilege. The -D
o isuneeded
Can you tell which
privilege
r
e
ic e to
option is for(debugging.
c
ns to determine what privilege is missing.
10. Use the ltruss
do command
e
c
a
li
n
ojholt@s11-server1:~$
truss chown jholt /export/home/jmoose/docs
R
o
r
execve("/usr/bin/chown", 0x08047E58, 0x08047E68) argc = 3
sysinfo(SI_MACHINE, "i86pc", 257)
= 6
mmap(0x00000000, 32, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON,
-1, 0) = 0xFEFB0000
mmap(0x00000000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEFA0000…
…
…
lstat64("/export/home/jmoose/docs", 0x08064010) = 0
chown("/export/home/jmoose/docs", 60005, -1)
Err#1 EPERM
[file_chown]
fstat64(2, 0x08046D90)
= 0
chown: write(2, " c h o w n : ", 7)
= 7
open("/usr/lib/locale/en_US.UTF-8/LC_MESSAGES/SUNW_OST_OSLIB.mo",
O_RDONLY) Err#2 ENOENT
/export/home/jmoose/docswrite(2, " / e x p o r t / h o m e"..,
24) = 24
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 9

: write(2, " : ", 2)
Not ownerwrite(2, " N o t

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

write(2, "\n", 1)
_exit(1)

= 2
o w n e r", 9)

= 9

= 1

The truss utility is also used for debugging purposes. As you see this utility also
reports that the file_chown privilege is missing (although not in plain English text).
11. Exit the jholt account and as the administrator, use the usermod command to grant
jholt the file_chown privilege. Confirm the entry in the /etc/user_attr file.
jholt@s11-server1:~$ exit
logout
root@s11-server1:~# usermod –K defaultpriv=basic,file_chown jholt
root@s11-server1:~# grep jholt /etc/user_attr
jholt::::defaultpriv=basic,file_chown

s

an
r
t
n

no
a
s
a
h
) Note that
Here you have granted jholt the file_chown privilege.
ฺ you are only
e
m
d
o
i
interested in granting him the file_chown privilege
youumust include the basic
ilฺcwillbuttreplace
G all his privileges with the
a
privilege also because the defaultpriv keyword
n
m
e privileges to users or roles.
g any
specified privileges. This file is used to record
dspecial
@
u
t
o
This facility is covered in detail lin
the
next
practice.
d is S
a
n
12. Log back in to jholt’s account.
Now issue
th that chown command. Confirm the ownership
o
r
ฺ
e
of the docs directory.
ero to us
c
i
root@s11-server1:~#
(c nse su - jholt
o
ld Corporation
e
Oracle
SunOS 5.11
11.1
September 2012
c
a
i
l
n
ojholt@s11-server1:~$ chown jholt /export/home/jmoose/docs
R
o
r

e
Cic

jholt@s11-server1:~$ ls -ld /export/home/jmoose/docs
drwxr-xr-x
2 jholt
staff
2 Dec 15 03:00
/export/home/jmoose/docs

Success! You were able to successfully change the ownership to jholt.
Return the ownership of the docs directory to jmoose, so that you can use this setup
again.
jholt@s11-server1:~$ chown jmoose /export/home/jmoose/docs
jholt@s11-server1:~$ ls -ld /export/home/jmoose/docs
drwxr-xr-x
2 jmoose
staff
2 Dec 15 03:00
/export/home/jmoose/docs

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 10

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Task 2B: Limiting the Privileges of a User
The following activities are covered in this task:
• Limiting the privileges of a user
• Determining the privileged commands you can use
1. In the jholt account, use the ps –ef command to display the current processes.
jholt@s11-server1:~$ ps -ef | more
UID
PID PPID
C
STIME TTY
root
0
0
0 01:07:24 ?
root
5
0
0 01:07:22 ?
root
1
0
0 01:07:25 ?
root
2
0
0 01:07:25 ?
root
3
0
0 01:07:25 ?
root
6
0
0 01:07:25 ?
root
7
0
0 01:07:25 ?
root
427
1
0 01:08:57 ?
/sbin/dhcpagent
root
10
1
0 01:07:27 ?
/lib/svc/bin/svc.startd
root
12
1
0 01:07:27 ?
/lib/svc/bin/svc.configd
daemon
75
1
0 01:07:52 ?
/lib/crypto/kcfd
netadm
96
1
0 01:07:57 ?
/lib/inet/ipmgmtd
root
114
1
0 01:08:07 ?
/lib/inet/in.mpathd
dladm
43
1
0 01:07:43 ?
/usr/sbin/dlmgmtd
netcfg
48
1
0 01:07:45 ?
/lib/inet/netcfgd

TIME
0:04
0:07
0:00
0:00
0:05
0:00
0:00
0:00

CMD
sched
zpool-rpool
/usr/sbin/init
pageout
fsflush
intrd
vmtasks

s

o

an
0:05
s
ha ฺ
)
de
om ui0:36
c
ฺ
l
ai nt G
m
g ude
0:00
@
t
o
ld is S
a
0:00
n
th
o
r
ฺ
e
ero to us
c
0:00
i
c
(
e
s
ldo licen
a
0:00
n
o

R
o
r
ce

Ci

an
r
t
n

0:00

…
…
…
At this time, with the current privileges, are you able to view any processes started by
others? Yes.
2.

Exit the jholt account and as the administrator, launch a Korn shell and use the usermod
command to limit jholt’s privileges.
jholt@s11-server1:~$ exit
logout
root@s11-server1:~# ps
PID TTY
TIME CMD
14050 pts/1
0:00 ps
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 11

le

b
a
r
e
f

13919 pts/1
13920 pts/1

0:00 su
0:00 bash

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# usermod -K defaultpriv=basic,!proc_info jholt
-bash: !proc_info: event not found
As the message says, the bash shell is not aware of the !proc_info event. Switch to
ksh.
root@s11-server1:~# ksh
root@s11-server1:~# ps
PID TTY
TIME CMD
14051 pts/1
0:00 ksh
14056 pts/1
0:00 ps
13919 pts/1
0:00 su
13920 pts/1
0:00 bash

ro

e
Cic

le

13919 pts/1
13920 pts/1

s

an
r
t
n

no
a
s
a
h
root@s11-server1:~# usermod -K defaultpriv=basic,!proc_info
)
ฺ
e
m
d
o
root@s11-server1:~# grep jholt /etc/user_attr
i
ilฺc t Gu
a
jholt::::defaultpriv=basic,!proc_info
m den
g
o@shell.Stu
d
l
Exit to Bash shell, which is your
default
a this
n
o
se
oฺr exit
r
u
root@s11-server1:~#
e
ic e tops
c
(
root@s11-server1:~#
o ens
dTTY
l
PID
TIME CMD
a
lic
n
o
0:00 ps
R 14067 pts/1

b
a
r
e
f

jholt

0:00 su
0:00 bash

You have taken away the process view privilege from jholt. Can you guess if he can
display the processes for other users? No.
3.

Return to the jholt account and use the ps –ef command to display the current
processes.
root@s11-server1:~# su - jholt
Oracle Corporation
SunOS 5.11
11.1
September 2012
jholt@s11-server1:~$ ps -ef
UID
PID PPID
C
STIME TTY
TIME CMD
jholt 12501 12500
0 04:34:45 pts/2
0:00 -bash
jholt 12505 12501
0 04:34:49 pts/2
0:00 ps -ef
jholt@s11-server1:~$

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 12

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Are you able to view processes for other users? No.
Why? Because the administrator has taken away the proc_info privilege.
Did you remember to log back in to jholt’s account? Yes.
Why? To make the new privileges effective.
How would you find out if jholt still has the privilege to execute the chown command?
a) issue the chown command on a file as demonstrated earlier
OR
b) check jholt’s privileges
4.

Exit the jholt account and as the administrator, replace the original privileges for the
jholt account.
jholt@s11-server1:~$ exit
logout
root@s11-server1:~# usermod -K defaultpriv=basic jholt
root@s11-server1:~# grep jholt /etc/user_attr
jholt::::defaultpriv=basic

le

s

an
r
t
n

no
a
sin the basic rights profile.
Now John Holt should be able to use all the privileges included
a
h
ฺ
You will learn more about profiles in the next practice. )
e
m
d
o
i
c privilege
u set? Yes, use the ppriv
Can you determine the privileges included in the
lฺbasic
i
G
a
t
command.
m den
g
5. Now you are curious. You want to know
what privileges
tu John Holt has. As John Holt, use
o@
S
d
l
the commands profiles, roles,
and
auths
to
view the privileges.
s
a thi
n
o
root@s11-server1:~#
oฺr suu-sejholt
r
e
Oracle Corporation
11.1
September 2012
ic e to SunOS 5.11
c
(
jholt@s11-server1:~$
profiles
o ens
dBasic
l
c
a
on All li Solaris User
R
ro

e

Cic

b
a
r
e
f

jholt@s11-server1:~$ roles
No roles
jholt@s11-server1:~$ auths
solaris.admin.wusb.read,solaris.mail.mailq,solaris.network.autoco
nf.read
If any special profiles, roles, or individual authorizations are assigned to John Holt, they
will be displayed here.
These facilities are part of Role-Based Access Control, which will be covered in the next
practice.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 13

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Use the profiles –l command to see more details of the privileges assigned to John
Holt.
jholt@s11-server1:~$ profiles -l
Basic Solaris User
auths=solaris.mail.mailq,solaris.device.mount.removable,sol
aris.admin.wusb.read
profiles=All
/usr/bin/cdrecord.bin
privs=file_dac_read,sys_devices,proc_lock_memory,proc_priocntl,ne
t_privaddr
/usr/bin/readcd.bin
privs=file_dac_read,sys_devices,net_privaddr
/usr/bin/cdda2wav.bin
privs=file_dac_read,sys_devices,proc_priocntl,net_privaddr
All
*
These are the same profiles you displayed in the previous step. However, the privileges
connected to the profiles are also displayed.

s

o

an
r
t
n

ro

e
Cic

an
s
ha ฺ
)
Exit the jholt account.
om uide
c
ฺ
l
ai nt G
m
g ude
jholt@s11-server1:~$ exit
@
t
o
S
d
logout
l
s
na thi
o
root@s11-server1:~#
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
n
Ro

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 14

le

b
a
r
e
f

Practice 8-2: Configuring Role-Based Access Control

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Your predeployment test plan calls for using the Role-Based Access Control (RBAC)
functionality of Oracle Solaris 11.1. By using RBAC, you can create the roles and assign them
specific privileges or authorizations. You can then assign these roles to the appropriate users.
This saves resources because you do not have to assign privileges to individual users. In this
practice, you will work with a role sdown and Shut profile with authorization to execute the
shutdown command. The following areas are covered in this practice:
•
•
•
•

Managing roles and profiles
Configuring a rights profile
Working with individual authorizations
Creating a system-wide RBAC policy

le

Task 1: Manage Roles and Profiles
This task covers the following activities:
• Creating a role
• Creating or changing a rights profile
• Assigning a rights profile to a role (added)
• Assigning a role to a user
• Assuming a role
• Restricting an administrator to explicitly assigned rights

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
e
smachine
1. Verify that the Sol11-Server1
is running. If it is not, start it now.
oฺr virtual
r
u
e
o
c
i
t
2. Log in to the Sol11-Server1
(c nse virtual machine as the oracle user. Use the password
o
oracle1.
ld lice
a
n
3. Run
the
o su - command to assume privileges.
R
ro oracle@s11-server1:~$ su -

e

Cic

b
a
r
e
f

Password: oracle1
Oracle Corporation
root@s11-server1:~#
4.

SunOS 5.11

11.1

September 2012

Use the roleadd command to add a role called sdown for shutdown. Using the passwd
command, create a password for the sdown role.
root@s11-server1:~# roleadd -u 3000 -g 10 -m -d \
/export/home/sdown sdown
80 blocks
root@s11-server1:~# passwd sdown
New Password: sdown123
Re-enter new Password: sdown123
passwd: password successfully changed for sdown
A new role is added and the password created. Use the password sdown so it can be
remembered easily.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 15

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

Verify the entries created in various files.
root@s11-server1:~# grep sdown /etc/passwd
sdown:x:3000:10::/export/home/sdown:/usr/bin/pfbash
root@s11-server1:~# getent user_attr | grep sdown
sdown::::type=role;profiles=All;roleauth=role
As you can see, an entry in /etc/passwd was created very much like an entry for a
new user. Notice the default shell.
An entry was also made in /etc/user_attr for sdown, which is marked as a role.

6.

Use the 'profiles' command to create a 'Shut' profile that, when assigned to user, could
shut down a system.
root@s11-server1:~# profiles -p Shut
profiles:Shut> set desc="Able to shutdown the system"
profiles:Shut> add cmd=/usr/sbin/shutdown
profiles:Shut:shutdown> set uid=0
profiles:Shut:shutdown> end
profiles:Shut> commit
profiles:Shut> exit
root@s11-server1:~# getent prof_attr | grep Shut
Shut:::Able to shutdown the system:
root@s11-server1:~# getent exec_attr | grep Shut
Shut:solaris:cmd:::/usr/sbin/shutdown:uid=0

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
Here you created
ic a newe rights
to profile called Shut.
c
(
7. Use the rolemod
ns to assign the profile Shut to the sdown role.
do iccommand
l
e
a
l
n
rolemod -P Shut sdown
oroot@s11-server1:~#
R
ro root@s11-server1:~# getent user_attr | grep sdown

e

Cic

sdown::::type=role;profiles=Shut;roleauth=role
root@s11-server1:~#
Note the profiles entry in the /etc/user_attr file.
8.

Create a user called abell and assign her the sdown role. Create a password. Confirm
that an entry is made in the /etc/user_attr file.
root@s11-server1:~# useradd -u 60020 -g 10 -m –d \
/export/home/abell -s /bin/bash -R sdown -c "anna bell" abell
80 blocks
root@s11-server1:~# passwd abell
New Password: oracle1
Re-enter new Password: oracle1
passwd: password successfully changed for abell
root@s11-server1:~# getent user_attr | grep abell
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 16

le

b
a
r
e
f

abell:::: roles=sdown

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Note the entry in /etc/user_attr for Anna Bell with the sdown role. Why? Because
you assigned her the role sdown.
9.

Now, log in to the abell account and use the shutdown command to reboot the system.
root@s11-server1:~# su - abell
Oracle Corporation
SunOS 5.11
11.1
September 2012
abell@s11-server1:~$ /usr/sbin/shutdown -i 6 -g 0
/usr/sbin/shutdown: Only root can run /usr/sbin/shutdown
As expected, Anna Bell does not have the privileges to shut down the system.

le

10. Execute the profiles and roles commands to determine Anna’s privileges.
abell@s11-server1:~$ profiles
Basic Solaris User
All
abell@s11-server1:~$ roles
sdown

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
c you
ucreated her account
ilฺWhen
Anna has been assigned the sdown role. When?
G
a
t
nto shut down the system.
m
e
g
11. Log in with the sdown role and use the init
command
d
o@ Stu
abell@s11-server1:~$ suld
sdown
a this
n
Password: sdown123
o
se 5.11
oฺr uSunOS
r
Oracle Corporation
11.0
November 2011
e
o
c
i
t
c
( nse id
sdown@s11-server1:~$
o
d
l
e gid=10(staff)
uid=3000(sdown)
c
a
i
l
n
osdown@s11-server1:~$ /usr/sbin/init 6
R
o
r

e

Cic

b
a
r
e
f

init: unable to open /dev/fb to load the shutdown image
bootadm: you must be root to run this command
Must be super-user

Why can’t Anna reboot the system? She is not allowed the privilege of using the init
command.
12. Using the profiles –l command, obtain the privileged commands that Anna can use.
sdown@s11-server1:~$ profiles -l
Shut
/usr/sbin/shutdown
uid=0
Basic Solaris User
auths=solaris.mail.mailq,solaris.network.autoconf.read,sola
ris.admin.wusb.read
profiles=All

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 17

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

/usr/bin/cdrecord.bin
privs=file_dac_read,sys_devices,proc_lock_memory,proc_priocntl,ne
t_privaddr
/usr/bin/readcd.bin
privs=file_dac_read,sys_devices,net_privaddr
/usr/bin/cdda2wav.bin
privs=file_dac_read,sys_devices,proc_priocntl,net_privaddr
All
*
sdown@s11-server1:~$

Does the sdown role have the privilege to execute the init command? No.

le

Can this role execute the shutdown command? Yes, as part of the Shut profile.

b
a
r
e
f

s

an
r
t
n

13. Now use the shutdown command to attempt to bring down the system. To save time,
respond with n when prompted to continue shutting down.

no
a
s
a
h
)
Shutdown started.
Fri Dec 16 05:24:30mAM MDTdeฺ
o
c Gui
ฺ
l
i
a
t
Do you want to continue? (y orgm
n): n en
d s11-desktop Fri Dec 16 20
@(pts/2)
uon
t
o
Broadcast Message from root
S
d
al this
05:24:38...
n
o
False Alarm: The
ses11-server1 will not be brought down.
oฺrsystem
r
u
e
Shutdown aborted.
ic e to
c
(
sdown@s11-server1:~$
do icens
l
a
l
n
Ro
sdown@s11-server1:~$ /usr/sbin/shutdown -i 6 -g 0

o
er14.
c
i
C

Were you able to execute the shutdown command? Yes.

Use the profiles command to display the profiles assigned to the sdown role.
sdown@s11-server1:~$ profiles
Shut
Basic Solaris User
All
The sdown profile has three profiles assigned: Shut, Basic Solaris User, and All.

15. Log out of the sdown role and Anna’s account.
sdown@s11-server1:~$ exit
exit
abell@s11-server1:~$ exit
logout

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 18

16. Now you want to delete the Shut profile from the profiles assigned to the sdown role. Use
the rolemod command to delete the profile.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# rolemod -P "Basic Solaris User,All,Stop" \
sdown
root@s11-server1:~#
Referring to the output in Step 15, by using the Stop profile, you are taking away the
Shut profile from sdown. This command is especially useful if you have many (for
example, 15) profiles assigned to a role and you want to limit the role to only a few
profiles.
17. Log in to Anna Bell’s account, assume the sdown role, and attempt to use the shutdown
command as before.
root@s11-server1:~# su - abell
Oracle Corporation
SunOS 5.11
11.1
September 2012
abell@s11-server1:~$ su sdown
Password: sdown123
sdown@s11-server1:~$ /usr/sbin/shutdown -i 6 -g 0
/usr/sbin/shutdown: Only root can run /usr/sbin/shutdown
sdown@s11-server1:~$ exit
exit

s

an
r
t
n

ro

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
aBell cannot
isissue the shutdown command by using the
You are back to where Anna
n
h
t
o
sdown role. If you display
se profiles assigned to sdown, you see only the
oฺr theucurrent
r
e
remaining profiles.
ic e to
c
(
o ens
d
l
a
abell@s11-server1:~$
profiles
lic
n
o
R
Basic Solaris User
All
Exit Anna Bell’s user account.
abell@s11-server1:~$ exit
logout
root@s11-server1:~#

Task 2: Assign Profiles Directly to a User
1.
2.

Verify that the Sol11-Server1 virtual machine is running. If it is not, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 19

le

b
a
r
e
f

3.

Run the su - command to assume administrator privileges.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

oracle@s11-server1:~$ su Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-server1:~#
4.

11.1

September 2012

Use the usermod command to assign the profile “File System Management” to an
existing user jholt. Verify the entry in the /etc/user_attr file.
root@s11-server1:~# usermod -P "File System Management" jholt
root@s11-server1:~# getent user_attr | grep jholt
jholt::::profiles=File System Management;defaultpriv=basic

Yes, it is there.
5.

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce 6. Using the mkdir command, attempt to create a directory in the root file system.

jholt@s11-server1:~$ mkdir /holtdir
mkdir: Failed to make directory “/holtdir”; Permission denied
Can jholt create a directory in the root file system? No.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 20

le

b
a
r
e
f

Log in to the jholt account. Use the profiles command to display the current profiles
assigned.
root@s11-server1:~# su - jholt
Oracle Corporation
SunOS 5.11
11.1
September 2012
jholt@s11-server1:~$ profiles
File System Management
SMB Management
VSCAN Management
SMBFS Management
Shadow Migration Monitor
ZFS File System Management
Basic Solaris User
All
Along with the File System Management, other dependent profiles are also assigned as
default.

7.

Use the pfexec command to execute the mkdir command. Confirm the directory creation.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

jholt@s11-server1:~$ pfexec mkdir /holtdir
jholt@s11-server1:~$ cd /;ls -l | grep holt
drwxr-xr-x
2 root
staff
2 Dec 16 15:20 holtdir
jholt@s11-desktop:/$ exit
logout
The pfexec command temporarily enables you to assume the privileges in the profile
assigned to you.
This demonstrates the direct assignment of a profile and usage of the profile privileges.

le

Task 3: Assign Authorization Directly to a User
1.
2.

Double-click the Sol11-Server1 icon to launch the Sol11-Server1 virtual machine.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.
Run the su - command to assume administrator privileges.

b
a
r
e
f

s

an
r
t
n

e
Cic

no
a
s
a
h
oracle@s11-server1:~$ su )
ฺ
e
m
d
Password: oracle1
o
i
u September 2012
lฺc 11.1
G
Oracle Corporation
SunOS 5.11 ai
t
m den
g
root@s11-server1:~#
o@ UseSthetucrontab command to determine if you
d
l
4. Temporarily log in to the jmoose
account.
a this
n
o
have the authorization to display
ฺr uthesecrontab contents for the superuser.
o
r
e tosu - jmoose
root@s11-server1:~#
c
i
c
( nse
OracleoCorporation
SunOS 5.11
11.1
September 2012
d
l
e
c
a
jmoose@s11-server1:~$
crontab
-l
root
li
n
ocrontab:
R
you must be super-user to access another user's crontab
ro
3.

file
jmoose@s11-server1:~$ exit
logout
root@s11-server1:~#

As expected, the jmoose account doesn’t have the authorization to list the root’s
crontab file.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 21

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

Using the usermod command, assign Jerry Moose the authorization for job administration.
root@s11-server1:~# usermod -A solaris.jobs.admin jmoose
root@s11-server1:~# getent user_attr |grep jmoose
jmoose::::auths=solaris.jobs.admin
root@s11-server1:~# auths jmoose | grep jobs
solaris.admin.wusb.read,solaris.jobs.admin,solaris.mail.mailq,sol
aris.network.autoconf.read
root@s11-server1:~#
Does Jerry Moose have the right authorizations now? Yes.

6.

Log in as jmoose and issue the crontab command now.
root@s11-server1:~# su - jmoose
Oracle Corporation
SunOS 5.11
11.1
September 2012
jmoose@s11-server1:~$ crontab -l root
#ident
"%Z%%M%
%I% %E% SMI"
#
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# The root crontab should be used to perform accounting data
collection.
#
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 [ -x /usr/lib/fs/nfs/nfsfind ] &&
/usr/lib/fs/nfs/nfsfind
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] &&
/usr/lib/gss/gsscred_clean
jmoose@s11-desktop:~$

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Can Jerry Moose access the crontab file for the root account now? Yes.
7.

Log out of Jerry Moose’s account to return to the superuser account. Take away the
authorization from Jerry Moose. Confirm that he doesn’t have the authorization anymore.
jmoose@s11-server1:~$ exit
logout
root@s11-server1:~# usermod -A "" jmoose
root@s11-server1:~# getent user_attr | grep jmoose
jmoose::::auths=
root@s11-server1:~# su - jmoose
Oracle Corporation
SunOS 5.11
11.1
September 2012
jmoose@s11-server1:~$ crontab -l root
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 22

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

crontab: you must be super-user to access another user's crontab
file
jmoose@s11-server1:~$ exit
logout
Jerry Moose cannot access the superuser’s crontab file.
This task demonstrates the direct assignment of an authorization and usage of that
authorization.

Task 4: Create a System-wide RBAC Policy
1.
2.

Verify that the Sol11-Server1 virtual machine is running. If it is not, start it now.
Log in to the Sol11-Server1virtual machine as the oracle user. Use the password
oracle1.

3.

Run the su - command to assume administrator privileges.

le

b
a
r
e
f

s

an
r
t
n

no
a
s September 2012
11.1 ha
)
ฺ
e
m
d
o
i
u to display the privilege
ฺc command
ilppriv
G
4. Temporarily log in to the jmoose account. Use the
a
t
m den
sets.
g
@
u
root@s11-server1:~# su l-do
jmoose St
s
a th5.11
i
Oracle Corporationron SunOS
11.1
September 2012
ฺ
e
s
o
r
2011jmoose@s11-server1:~$
ppriv
$$
e to u
c
i
c
12687: -bash
( nse
o 
d
l
e
flags
=
c
a
i
l
n
o
E: basic
R
o
r
oracle@s11-server1:~$ su Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-server1:~#

e
Cic

I: basic
P: basic
L: all

5.

Use the ps command to display all the processes.
jmoose@s11-server1:~$ ps -A -o user -o pid -o comm | more
USER
PID COMMAND
root
0 sched
root
5 zpool-rpool
root
1 /usr/sbin/init
root
2 pageout
root
3 fsflush
root
6 intrd
root
7 vmtasks
root
427 /sbin/dhcpagent
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 23

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root
root
daemon
netadm
root
dladm
netcfg
root
oracle
root
daemon
root
oracle

10
12
75
96
114
43
48
2493
2356
119
1840
756
2309

/lib/svc/bin/svc.startd
/lib/svc/bin/svc.configd
/lib/crypto/kcfd
/lib/inet/ipmgmtd
/lib/inet/in.mpathd
/usr/sbin/dlmgmtd
/lib/inet/netcfgd
su
/usr/lib/clock-applet
/usr/lib/pfexecd
/usr/lib/nfs/nfs4cbd
lockd_kproc
nautilus…

…
…
Can you display the processes for any user? Yes.

le

b
a
r
e
f

s

an
r
t
n

e
Cic

no
a
6. Exit the jmoose account and as the administrator, modify the
s
a
h
/etc/security/policy.conf file as indicated below. )
ฺ
e
m
d
o
i
jmoose@s11-server1:~$ exit
lฺc t Gu
i
a
logout
m den
g
root@s11-server1:~# vi /etc/security/policy.conf
@ Stu
oPRIV_DEFAULT
d
l
root@s11-server1:~# grep
/etc/security/policy.conf
a this
n
o
# There are twoodifferent
ฺr usesettings; PRIV_DEFAULT determines the
r
e
default
ic PRIV_DEFAULT=basic,!file_link_any
to
c
(
e
# Similarly,
takes away only
s
o
n
d
l
e
thea
lic
n
o
#PRIV_DEFAULT=basic
ro R
PRIV_DEFAULT=basic,!proc_info,!proc_session
…
…

This file establishes a system-wide policy. You are denying a non-administrative user the
privilege to look at the processes of other users.
Now reboot the system to have the policy take effect.
root@s11-server1:~# init 6
Note: The reboot may take a few minutes to complete.
Log in and assume administrator privileges.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 24

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7.

Log in to the jmoose account and issue the same ps command to access the processes.
root@s11-server1:~# su - jmoose
Oracle Corporation
SunOS 5.11
11.1
September 2012
jmoose@s11-server1:~$ ps -A -o user -o pid -o comm | more
USER
PID COMMAND
jmoose 3691 ps
jmoose 3687 -bash
jmoose@s11-server1:~$
Now you are able to display only your own processes. Would that be true for any user?
Yes.

8.

Exit the jmoose account and then issue the ps command.

le

b
a
r
e
f

s

an
r
t
n

o
nCMD
a
s sched
a
h
)
ฺ zpool-rpool
e
m
d
o
i
/sbin/init
ilฺc t Gu
a
pageout
m den
g
fsflush
o@ Stu
d
l
s
vmtasks
na thi
o
r
ฺ
e
ero to us
c
i
(c nse
?
0:18
o
d
l
e
lic
ona

R
o
r
e

Cic

jmoose@s11-server1:~$ exit
logout
root@s11-server1:~# ps -ef | more
UID
PID PPID
C
STIME
root
0
0
0 07:47:06
root
5
0
0 07:47:03
root
1
0
0 07:47:08
root
2
0
0 07:47:08
root
3
0
0 07:47:08
root
6
0
0 07:47:08
root
135
1
0 07:47:48
/usr/lib/pfexecd
root
9
1
0 07:47:13
/lib/svc/bin/svc.startd
root
11
1
0 07:47:13
/lib/svc/bin/svc.configd
root
374
366
0 07:48:02
daemon
71
1
0 07:47:32
/lib/crypto/kcfd
dladm
43
1
0 07:47:23
root
406
1
0 07:48:05
/usr/sbin/cupsd -C /etc/cups/
cupsd.conf
…
…
…

TTY
?
?
?
?
?
?
?

TIME
0:01
0:12
0:00
0:00
0:18
0:00
0:00

?

0:58

?
?

0:00 hald-runner
0:00

?
?

0:02 /sbin/dlmgmtd
0:00

The administrator account can still access all the processes.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 25

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

9.

Reset the process parameters in /etc/security/policy.conf to the original value.
Display all the processes as Jerry Moose.
root@s11-server1:~# vi /etc/security/policy.conf
root@s11-server1:~# grep PRIV_DEFAULT /etc/security/policy.conf
# There are two different settings; PRIV_DEFAULT determines the
default
# Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only
the
#PRIV_DEFAULT=basic
root@s11-server1:~#
Now reboot the system to have the policy take effect.

le

root@s11-server1:~# init 6

b
a
r
e
f

s

an
r
t
n

Note: The reboot may take a few minutes to complete.

no
a
s
a
h
)
ฺ
e
root@s11-server1:~# su - jmoose
m
d
o
i
c
u September 2012
Oracle Corporation
SunOS 5.11 ailฺ 11.1G
t
n
jmoose@s11-server1:~$ ps -ef |gm
more
e
d
u
tTTY
UID
PID PPID
C o@
STIME
TIME CMD
S
d
l
s
a
i
root
0
?
0:01 sched
th
ro0n 0 07:47:06
root
5 roฺ 0 u0se
07:47:03 ?
0:12 zpool-rpool
e
o
t0 0 07:47:08 ?
root cic 1
0:00 /sbin/init
(
e
s
0:00 pageout
do ice2n 0 0 07:47:08 ?
lroot
a
l
n
3
0
0 07:47:08 ?
0:18 fsflush
Ro root
Log in and assume administrator privileges. Then log in to the jmoose account.

ro

e
Cic

root

6

0

0 07:47:08 ?

0:00 vmtasks

…
…
…
Now Jerry Moose can display the processes for any user.
This completes the system-wide policy configuration for RBAC.
Exit the jmoose account.
jmoose@s11-server1:~$ exit
logout
Now that you have completed this practice, turn off sharing.
root@s11-server1:~# zfs set sharenfs=off rpool/export/home/docs
root@s11-server1:~# exit
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 8: Configuring Privileges and Role Based Access Control
Chapter 8 - Page 26

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 9:
e
m
d
o
i
Securing
u Resources
ilฺc System
G
a
t
n Auditing
m dSolaris
Using
e
g
tu9
o@Chapter
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 1

Practice Overview for Lesson 9

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
In these practices, you will be presented with a plan for auditing various actions taken by users.
When special privileges are used, Oracle Solaris auditing can create complete records that can
be analyzed.
According to the predeployment test plan, you are asked to configure auditing for various
situations. You configure auditing for preselected classes as well as a customized class. You
modify the audit policy and configure the audit logs. The key areas explored in the practices are:
• Configuring the audit service
• Configuring audit logs
• Configuring the audit service per-zone
• Administering the audit service
• Managing audit records on local systems

s

an
r
t
n

Ci

no
a
s
a
h
) and RBAC
ฺ and now you are
e
Check your progress. You just completed the lesson on privileges
m
d
o
i
working with Oracle Solaris auditing.
ilฺc t Gu
a
m den
g
tu
o@
√
Oracle Solaris
11.1 Predeployment
Checklist
S
d
l
s
a
i
n System
th (IPS) and Packages
√
o
r
Managing the Image
Packaging
ฺ
e
ero to us
c
√
i
Installing
Solaris
(c Oracle
e 11.1 on Multiple Hosts
s
o
n
ldManaging
e
√
c
a
i
the Business Application Data
l
n
o
R
√
o
Configuring Network and Traffic Failover
cer
Note: Your command output displays may be different than the displays in the practice.
Some examples are storage data, process IDs, session and system-generated content.

√
√
√

Configuring Zones and the Virtual Network
Managing Services and Service Properties
Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Oracle Solaris Auditing
Managing Processes and Priorities
Evaluating System Resources
Monitoring and Troubleshooting System Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 2

le

b
a
r
e
f

Practice 9-1: Configuring and Administering Oracle Solaris Auditing

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
As part of the predeployment testing plan, you are tasked with configuring and managing the
audit service. In this practice, you will work with the following activities:
• Configuring the audit service
• Configuring audit logs
• Configuring the audit service in zones
- Configure all zones identically for auditing.
• Administering the audit service
- Enable/disable the audit service.
- Refresh the audit service.

s

Note: In many cases, your displays will be different. The reason is that the content, such as
dates, session number, and ZFS overhead, will make your displays unique to you.

an
r
t
n

o

an
s
This task covers the following activities:
ha ฺ
)
• Determining audit service defaults
om uide
c
ฺ
l
• Preselecting audit classes
ai nt G
m
g ude
• Determining a user’s audit attributes
@
t
o
S
d
l
• Modifying a user’s audit attributes
s
na thi
o
r
• Modifying the audit policy
ฺ
se
o
r
u
e
• Specifying the
icaudit warning
to destination email alias
c
(
e
• Addingoan audit class
d icens
l
a
• n
o Changing anl audit event’s class membership
R
ro • Using the newly configured class
Task 1: Configuring the Audit Service

e

Cic

1.
2.

Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.

3.

Run the su - command to assume primary administrator privileges.
oracle@s11-server1:~$ su Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-server1:~#

11.1

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 3

le

b
a
r
e
f

September 2012

4.

Use the auditconfig command to view the attributable classes configured by default.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# auditconfig -getflags
active user default audit flags = lo(0x1000,0x1000)
configured user default audit flags = lo(0x1000,0x1000)
At this time, the audit service is configured for successful and failed login/logout
attempts. Where would you find the lo class? In the etc/security/audit_class
file
5.

Use the auditconfig command to view the non-attributable classes configured by
default.
root@s11-server1:~# auditconfig -getnaflags
active non-attributable audit flags = lo(0x1000,0x1000)
configured non-attributable audit flags = lo(0x1000,0x1000)

le

b
a
r
e
f

s

an
r
t
n

How do you tell the system that you want to display non-attributable flags? By using the
command option getnaflags

6.

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
n
Admin Server Authentication gm
e
d
program
admin (various)
o@ StuSee SMC, WBEM, or AdminSuite
d
l
is AUE_admin_authenticate
event ID
6213 ona
h
t
oฺr use
class
lo
(0x0000000000001000)
r
e
o
c
i
t
header
(c nse
o
subject
ld lice
a
n
[text]
error message
o

Use the auditrecord command to determine the type of records included under the lo
class.
root@s11-server1:~# auditrecord -c lo

Ci

R
o
r
ce

return
FTP server login
program
proftpd
event ID
6165
class
lo
header
subject
[text]
return
…
…
…

See in.ftpd(1M)
AUE_ftpd
(0x0000000000001000)

error message

If you look at the full output display, you will see all the authentication facilities by using
the lo class.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 4

In addition, you can see the record format that will be used to record the auditing events
for respective authentication facilities.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7.

Use the auditconfig -getplugin command to determine which plug-ins are active.
root@s11-server1:~# auditconfig -getplugin
Plugin: audit_binfile (active)
Attributes: p_dir=/var/audit;p_fsize=0;p_minfree=1;
Plugin: audit_syslog (inactive)
Attributes: p_flags=;
Plugin: audit_remote (inactive)
Attributes: p_hosts=;p_retries=3;p_timeout=5;

s
n
a
r
Which plug-ins are active at this time? Only the audit_binfile plug-in. -t
on directory
Where would the auditing records be stored by default? In the /var/audit
n
a
s
a
) h eฺfor the oracle user.
8. Use the userattr command to determine the default audit_flags
m
co Guid
ฺ
l
root@s11-server1:~# who -q
i
ma dent
oracle
g
o@ Stu
# users=1
d
l
a this
n
o
sein at one place. It is the only user logged in at this
oฺris logged
Here, the oracleeuser
r
u
ic e to
time.
c
(
nsdifferent based on how many users or how many logins the
Your ldisplay
be
do may
e
c
a
li has.
n account
ooracle
R
ro

e

Cic

root@s11-server1:~# userattr audit_flags oracle
root@s11-server1:~#
At this time, by default, the oracle user has no specific audit_flags set. This doesn’t
account for systemwide audit_flags.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 5

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

9.

Using the auditconfig command, modify the systemwide attributable and nonattributable flags.
root@s11-server1:~# auditconfig -setnaflags lo,na
non-attributable audit flags = lo,na(0x1400,0x1400)
root@s11-server1:~# auditconfig -setflags lo,ps,fw
user default audit flags = ps,lo,fw(0x101002,0x101002)
Where can you find more information about the na, ps, and fw flags? In the
audit_class file located in /etc/security directory (as demonstrated below)
root@s11-server1:~# cd /etc/security
root@s11-server1:/etc/security# ls
audit_class
auth_attr.d
exec_attr
audit_event
crypt.conf
exec_attr.d
audit_warn
dev
extra_privs
auth_attr
device_policy kmfpolicy.xml

pam_policy
policy.conf
priv_names
prof_attr

le

prof_attr.d
tcsd.conf

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
grep ps audit_class
n
oroot@s11-server1:/etc/security#

root@s11-server1:/etc/security# grep na audit_class
# The "frcp" class is a reserved name. It will force
preselection of
# It must not be renamed. However, the "frcp" value may be
changed in a
#
mask:class name:class description
# Length limits: class name up to 8, class description up to 72
and
0x0000000000000400:na:non-attributed

Ci

R 0x0000000000100000:ps:process
o
r
ce

start/stop

root@s11-server1:/etc/security# grep fw audit_class
0x0000000000000002:fw:file write
root@s11-server1:/etc/security# cd
Now you have it. Try to display the definition of another flag.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 6

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

10. Using the usermod command, set the audit_flags for the user accounts jholt and
sstudent. Verify the results.
root@s11-server1:~#
root@s11-server1:~#
root@s11-server1:~#
lo,fr:no
root@s11-server1:~#
lo,fw:no

usermod -K audit_flags=lo,fr:no jholt
usermod -K audit_flags=lo,fw:no sstudent
userattr audit_flags jholt
userattr audit_flags sstudent

You set the audit_flags for the users not logged in at this time. When they log in, the
specified activities will be monitored and logged.

le

b
a
r
e
f

11. Use the auditconfig -lspolicy command to view the available policy options.

s

root@s11-server1:~# auditconfig -lspolicy

an
r
t
n

description:
halt machine if it can not record an async event
all policies
include exec environment args in audit recs
include exec command line args in audit recs
when no more space, drop recs and keep a cnt
include supplementary groups in audit recs
no policies
allow multiple paths per event
use a separate queue and auditd per zone
audit public files
include a sequence number in audit recs
include trailer token in audit recs
include downgraded window information in audit recs
include upgraded window information in audit recs
include zonename token in audit recs

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

policy string
ahlt
all
arge
argv
cnt
group
none
path
perzone
public
seq
trail
windata_down
windata_up
zonename

If you would like to record auditing the zones separately, which policy would be suitable?
The perzone policy

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 7

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

12. Use the auditconfig –setpolicy command to modify the following policy options.
Display the results.
root@s11-server1:~# auditconfig -setpolicy -cnt
root@s11-server1:~# auditconfig -setpolicy +ahlt
root@s11-server1:~# auditconfig -setpolicy +arge
root@s11-server1:~# auditconfig -setpolicy +argv
root@s11-server1:~# auditconfig -getpolicy
configured audit policies = ahlt,arge,argv
active audit policies = ahlt,arge,argv
Which policy options are being deleted? The cnt policy
Which policy options are being added? ahlt, arge, argv

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
14. Save a copy of the audit_class file. Use the vi leditor
to add
u the pf class to the
i ฺc t G
a
audit_class file. Verify the results.
m den
g
root@s11-server1:~# cd /etc/security
tu
o@ S
d
l
root@s11-server1:/etc/security#
cp
audit_class audit_class.orig
s
a thi
n
o
root@s11-server1:/etc/security#
vi audit_class
oฺr use
r
e
root@s11-server1:/etc/security#
tail audit_class
ic e to
c
(
0x0000000000400000:xa:X
- server access
o ens
d
l
c
a
- privileged/administrative operations
li
n
o0x0000000000800000:xp:X
R
ro 0x0000000001000000:xc:X - object create/destroy

e

Cic

0x0000000002000000:xs:X - operations that always silently fail,
if bad
0x0000000003c00000:xx:X - all X events (meta-class)
0x0000000040000000:io:ioctl
0x0000000080000000:ex:exec
0x0000000100000000:ot:other
0x0010000000000000:pf:profiles command
0x0000000080475080:cusa:common user or role activity and sysadmin
actions (meta-class)
0xffffffffffffffff:all:all classes (meta-class)
What is the purpose of the profiles command? To display assigned profiles.
However, in this context, use pfexec.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 8

le

b
a
r
e
f

13. Use the vi editor to add a line to the aliases file. Add the oracle and root users to the
audit_warn mail alias at the end of the file. Use the grep command to confirm the
results.
root@s11-server1:~# vi /etc/mail/aliases
root@s11-server1:~# grep audit_warn /etc/mail/aliases
audit_warn:
oracle,root

15. Save a copy of audit_event and edit the audit_event file as indicated.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:/etc/security# cp audit_event audit_event.orig
root@s11-server1:/etc/security# vi audit_event
Add pf to the following event row:
root@s11-server1:/etc/security# grep pf audit_event
116:AUE_PFEXEC:execve(2) with pfexec enabled:ps,ex,ua,as,pf
What is the purpose of making this entry? Now the pf class is linked to the
AUE_PFEXEC event, which points to the execve system call.
Every time this system call is made, it is recorded with the pf class usage.

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ubydethe message.
Is it successfully configured? Yes, it’s confirmed
@
t
o
S
d
l
s
na thi
Task 2: Configure Audit Logs
o
r
ฺ
se
o activities:
This task will cover the following
r
u
e
o audit files.
ic systems
tfor
c
• Create ZFS
file
(
e
ns for the audit trail.
doauditicspace
l
e
• Allocate
a
l
n
• o Configure system log as audit message destination.
R
ro

e

Cic

•

1.
2.

Configure all zones identically for auditing.

Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 9

le

b
a
r
e
f

16. Now you can use the pf audit flag with the auditconfig command because the pf audit
flag is fully configured.
root@s11-server1:/etc/security# auditconfig -setflags lo,pf
user default audit flags =
pf,lo(0x10000000001000,0x10000000001000)
root@s11-server1:/etc/security# cd
root@s11-server1:~#

3.

Run the su - command to assume administrator privileges.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

oracle@s11-server1:~$ su Password: oracle1
Oracle Corporation
SunOS 5.11
root@s11-server1:~#
4.

11.1

September 2012

Using the df –h command, determine which disks are mounted. This will help you
discover the available disks for creating a ZFS pool.
root@s11-server1:~# df -h
Available Capacity
20G
8%
0K
0%
0K
0%
0K
0%
0K
0%
0K
0%
1.3G
1%
0K
0%
0K
0%

Mounted on
/
/devices
/dev
/system/contract
/proc
/etc/mnttab
/system/volatile
/system/object
/etc/dfs/sharetab

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
) /lib/libc.so.1
ฺ
20G
8%
e
m
d
o
i
u/dev/fd
lฺc t0%
i0K
G
a
20G
3%
/var
m 1.3Gden 1% /tmp
g
tu
o@ S391G
9%
/opt/ora
d
l
s
a
i
n
h
20G
1%
/export
t
o
r
ฺ
e
20G
23%
/export/IPS
ero to us
c
20G
1%
/export/home
i
c
(
e
s
20G
1%
/export/home/jholt
do icen
l
a
l
on

R
o
r
ce

Ci

Filesystem
Size
Used
rpool/ROOT/solaris
31G
1.6G
/devices
0K
0K
/dev
0K
0K
ctfs
0K
0K
proc
0K
0K
mnttab
0K
0K
swap
1.3G
1.7M
objfs
0K
0K
sharefs
0K
0K
/usr/lib/libc/libc_hwcap1.so.1
22G
1.6G
fd
0K
0K
rpool/ROOT/solaris/var 31G
639M
swap
1.3G
32K
ora
426G
35G
rpool/export
31G
33K
rpool/export/IPS
31G
5.7G
rpool/export/home
31G
41K
rpool/export/home/jholt 31G
35K
rpool/export/home/jmoose
31G
36K
rpool/export/home/oracle
31G
34K
Rpool/export/home/panna 31G
35K
rpool/export/home/sstudent
31G
35K
rpool
31G
39K
ora
426G
35G
…
…
…

20G

1%

/export/home/jmoose

20G
20G

1%
1%

/export/home/oracle
/export/home/panna

20G
20G
391G

1%
1%
9%

/export/home/sstudent
/rpool
/mnt/sf_ora

You are looking for a disk address like c7t2d0 in the first column. There should be no
disks displayed.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 10

Your display will be different based on what file systems are mounted at the time of
display.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Note: If you see a disk on which the GuestAdditions package is mounted, ignore it.
5.

Using the format command, determine the available disks. You will select disks c7t8d0
and c7t9d0.
root@s11-server1:~# format
Searching for disks...done

AVAILABLE DISK SELECTIONS:

-

cyl 1022 alt 2 hd 64 sec 32>

select a disk
select (define) a disk type
select (define) a partition table
describe the current disk
format and analyze the disk
run the fdisk program
repair a defective sector
write label to the disk
surface analysis

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 11

s

an
r
t
n

cyl 1022 alt 2 hd 64 sec 32>

Specify disk (enter its number): 7
selecting c7t8d0
[disk formatted]
No Solaris fdisk partition found.
FORMAT MENU:
disk
type
partition
current
format
fdisk
repair
label
analyze

le

b
a
r
e
f

cyl 4174 alt 2 hd 255 sec 63>

no
a
s
a
h
cyl 1022)alt 2 hd ฺ64 sec 32>
om uide
c
ฺ
l
G
alt 2 hd 64 sec 32>
aicyl 1022
t
n
m
g ude
@
t cyl 1022 alt 2 hd 64 sec 32>
o
S
d
l
s
na thi
o
r
cyl 1022 alt 2 hd 64 sec 32>
ฺ
se
o
r
u
e
ic e to
c
(
cyl 1022 alt 2 hd 64 sec 32>
o ens
d
l
lic
cyl 1022 alt 2 hd 64 sec 32>
ona

R
o
r
ce

Ci

0. c7t0d0 
- execute , then return
quit
format> p
WARNING - This disk may be in use by an application that has
modified the fdisk table. Ensure that this disk is
not currently in use before proceeding to use fdisk.
Please answer with “y” or “n”: y
format> fd
No fdisk table exists. The default partition for the disk is:

le

s

an
r
t
n

ro

e
Cic

no
a
a 100% "SOLARIS System" partition
s
a
h
)
ฺ
e
m
d
o
i
Type "y" to accept the default partition,
otherwise
type
c Gu
ฺ
l
i
edit the partition table.
ma dent
g
y
o@ Stu
format> p
d
l
a this
n
o
oฺr use
r
PARTITION MENU:
e
ic - echange
to `0' partition
0(c
do 1 icens- change `1' partition
l
a
l
n
2
- change `2' partition
Ro

"n" to

3
- change `3' partition
4
- change `4' partition
5
- change `5' partition
6
- change `6' partition
7
- change `7' partition
select - select a predefined table
modify - modify a predefined partition table
name
- name the current table
print - display the current table
label - write partition map and label to the disk
! - execute , then return
quit
partition> p
Current partition table (default):
Total disk cylinders available: 528 + 2 (reserved cylinders)
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 12

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Part
Tag
0 unassigned
1 unassigned
2
backup
3 unassigned
4 unassigned
5 unassigned
6 unassigned
7 unassigned
8
boot
9 unassigned

Flag
wm
wm
wu
wm
wm
wm
wm
wm
wu
wm

Cylinders
0
0
0 - 1020
0
0
0
0
0
0 0
0

Size
0
0
1021.00MB
0
0
0
0
0
1.00MB
0

Blocks
(0/0/0)
0
(0/0/0)
0
(1021/0/0)2091008
(0/0/0)
0
(0/0/0)
0
(0/0/0)
0
(0/0/0)
0
(0/0/0)
0
(1/0/0)
2048
(0/0/0)
0

partition> q

le

-

b
a
r
e
f

s

an
r
t
n

select a disk
select (define) a disk type
select (define) a partition table
describe the current disk
format and analyze the disk
run the fdisk program
repair a defective sector
write label to the disk
surface analysis
defect list management
search for backup labels
read and display labels
save new disk/partition definitions
show disk ID
set 8-character volume name
execute , then return

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

FORMAT MENU:
disk
type
partition
current
format
fdisk
repair
label
analyze
defect
backup
verify
save
inquiry
volname
!
quit
format> q

root@s11-server1:~#
Assumption: You are familiar with the format command and know how to partition the
disk by using the fdisk option. If you are not familiar with this utility, the instructor will
walk you through the steps.
Repeat this step for the c7t9d0 disk.
The purpose of going into this utility is to select two empty disks. Make a note of these
two disks: c7t8d0 and c7t9d0.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 13

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Create a ZFS pool called auditpool and the file systems as indicated. Because you have
created the ZFS pools and the file systems, you are taking quick steps to create the
configuration for auditing.
root@s11-server1:~# zpool create auditpool c7t8d0 c7t9d0
'auditpool' successfully created, but with no redundancy; failure
of one device will cause loss of the pool
You created the auditpool with two available disks as you determined earlier. In case
your business application auditing requires redundancy, you may want to create a mirror
pool. Refer to Lesson 4 for details.
root@s11-server1:~# zpool status auditpool
pool: auditpool
state: ONLINE
scan: none requested
config:

s

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
errors: No known data errors
o@ Stu
d
l
a this
n
o
ฺr zfsuscreate
e
root@s11-server1:~#
-o mountpoint=/audit \
o
r
e
auditpool/auditdir
o
ic e t
c
(
o ens
d
l
a
ic file system with the /audit mount point so you can refer to the file
You
n created lthe
o
R system by using the mount point. This will save you time. Based on the volume of
NAME
auditpool
c7t8d0
c7t9d0

ro

e
Cic

an
r
t
n

STATE
ONLINE
ONLINE
ONLINE

READ WRITE CKSUM
0
0
0
0
0
0
0
0
0

auditing records, you may consider storage saving and limiting actions, for example
configuring compression and quotas.
root@s11-server1:~# zfs create -p \
auditpool/auditdir/s11-server1/files
Why do you create these file systems? For storing auditing records for this host
root@s11-server1:~# zfs list -r /auditpool
NAME
auditpool
auditpool/auditdir
auditpool/auditdir/s11-server1
auditpool/auditdir/s11-server1/files
server1/files

USED
218K
31K
63K
31K

AVAIL
1.94G
1.94G
1.94G
1.94G

REFER
32K
31K
32K
31K

Does the display confirm creation of the files? Yes.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 14

MOUNTPOINT
/auditpool
/audit
/audit/s11-server1
/audit/s11-

le

b
a
r
e
f

7.

Using the auditconfig command, set the p_dir parameter to the file systems.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# auditconfig -setplugin audit_binfile active \
p_dir=/audit/s11-server1/files,/var/audit
You are activating auditing and setting the storage for auditing. What is the primary
storage location? The ZFS file systems you just created.
What is the secondary storage location? /var/audit
The secondary directory is also considered the “directory of last resort.” It means that
you really want the system to write to the primary directory. However, if the system has
to, it will use the secondary directory only when the primary directory is not available.
8.

Using the command auditconfig, activate the syslog plug-in and indicate the audit
flags.
root@s11-server1:~# auditconfig -setplugin audit_syslog active \
p_flags=-lo,-ss,+pf

le

b
a
r
e
f

Cic

e

s
n
a
r
Where can you find the details about these flags? In the audit_class file
-t
n
o
What does the pf flag represent? The pf class (profiles command)
an
s
What is the significance of the minus and plus signs? The minus
represents the
) ha sign
ฺ
failed attempt and the plus sign represents successfulm
attempt.
co Guide file.
9. Using the vi editor, make the following entry in theilฺ/etc/syslog.conf
ma dent
root@s11-server1:~# vi /etc/syslog.conf
g
@ Stu /etc/syslog.conf
root@s11-server1:~# grepdo
audit.notice
l
a this
n
audit.notice
/var/log/auditlog
o
r
ฺ
e
root@s11-server1:~#
us /var/log/auditlog
ero totouch
c
i
c sofedefining this entry in syslog? The file is defined so that the
(purpose
What is
the
o
ld auditing
enrecords will be sent to the /var/log/auditlog directory.
c
a
configured
i
l
n
o
R
10.
Refresh the system-log service and auditing for the new configuration to take effect.
o
r
root@s11-server1:~# svcadm refresh system-log

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 15

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

11. Modify the audit policy to include zone auditing. Verify the results.
root@s11-server1:~# auditconfig -getpolicy
configured audit policies = ahlt,arge,argv
active audit policies = ahlt,arge,argv
At this time the zone auditing is not configured.
root@s11-server1:~# auditconfig -setpolicy +zonename
By adding the zonename policy, the audit records will be tagged with the zone name.
root@s11-server1:~# auditconfig -getpolicy
configured audit policies = ahlt,arge,argv,zonename
active audit policies = ahlt,arge,argv,zonename
Has the zonename policy been added? Yes.

s

an
r
t
n

no
a
s
a
h
)
ฺ
Determine the root directory for the zone grandmazone.
e
m
d
o
i
ilฺc t Gu
a
n info | more
root@s11-server1:~# zonecfg -zgm
grandmazone
e
d
zonename: grandmazone
o@ Stu
d
l
a this
zonepath: /zones/grandmazone
n
o
brand: solaris roฺr
se
u
e
ic e to
autoboot: ctrue
(
bootargs:
do icens
l
a
l
n
Rofile-mac-profile:

12. Copy the modified audit files from the global zone to the zone named grandmazone. Verify
the results.

ro

e
Cic

pool:
limitpriv:
scheduling-class:
ip-type: exclusive
…
…
…
root@s11-server1:~# cp /etc/security/audit_class \
/zones/grandmazone/root/etc/security/audit_class
root@s11-server1:~# cp /etc/security/audit_event \
/zones/grandmazone/root/etc/security/audit_event

Because you are configuring the global and grandmazone identically, you also need the
modified audit files in grandmazone.
root@s11-server1:~# ls -l \
/zones/grandmazone/root/etc/security/audit_*
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 16

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

-rw-r--r-1 root
sys
2437 Dec 16 07:59
/zones/grandmazone/root/etc/security/audit_class
-rw-r--r-1 root
sys
30123 Dec 16 07:59
/zones/grandmazone/root/etc/security/audit_event
-rwxr--r-1 root
sys
7024 Dec 14 07:59
/zones/grandmazone/root/etc/security/audit_warn
How can you tell that the copy action was successful? By the timestamp on the files
13. Use the audit -s command to start the audit service.
root@s11-server1:~# audit –s
Note: If you get an error solaris audit invalid audit flag pf:Invalid
argument, terminate the audit service by using audit –t command and start the service
by using audit –s command. To make sure you can gather records regarding the pf
class, John Holt will be using the pfexec command. You will extract these records from the
auditing log in the next practice.
14. As John Holt, try to access the crontab file of the superuser. Check John’s profiles.

s

an
r
t
n

no
a
11.1 has September 2012
)
ฺ
e
m
d
o
i
c rootGu
jholt@s11-server1:~$ pfexec crontabilฺ-l
a
t another user's crontab
n
mto access
crontab: you must be super-user
e
g
@ Stud
file
o
d
al this
jholt@s11-server1:~$nprofiles
o
File System
se
oฺrManagement
r
u
e
SMB c
Management
ic e to
(
o Management
ns
dVSCAN
l
e
c
a
n SMBFSli Management
Ro
root@s11-server1:~# su - jholt
Oracle Corporation
SunOS 5.11

C

ro
ice

Shadow Migration Monitor
ZFS File System Management
Basic Solaris User
All

Because John does not have the Cron Management profile, he does not have the
privilege to look at the superuser’s crontab file.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 17

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

15. As the superuser, assign the Cron Management profile to John Holt. Verify the result.
jholt@s11-server1:~$ exit
logout
root@s11-server1:~# usermod -P "Cron Management" jholt
root@s11-server1:~# profiles jholt
jholt:
Cron Management
Basic Solaris User
All
Do you think John can display root’s crontab file now? Yes.
16. As John Holt, by using the pfexec command, attempt to display the contents of the
superuser’s crontab file.

le

b
a
r
e
f

s

an
r
t
n

root@s11-server1:~# su - jholt
Oracle Corporation
SunOS 5.11
11.1
September 2012
jholt@s11-server1:~$ pfexec crontab -l root
#ident "%Z%%M% %I%
%E% SMI"
#
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# The root crontab should be used to perform accounting data
collection.
#
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 [ -x /usr/lib/fs/nfs/nfsfind ] &&
/usr/lib/fs/nfs/nfsfind
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] &&
/usr/lib/gss/gsscred_clean
jholt@s11-server1:~$ exit

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce

Make a note of this command. You will be looking for pfexec command in the audit
logs.
17. Using the zoneadm command, verify that the two zones are up and running.
root@s11-server1:~# zoneadm list -civ
ID NAME
0 global
1 grandmazone
2 choczone

STATUS
running
running
running

PATH
/
/zones/grandmazone
/zones/choczone

Are the zones up? Yes.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 18

BRAND
solaris
solaris
solaris

IP
shared
excl
excl

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

18. Log in to both the zones to create some log in/out entries in the audit records.
root@s11-server1:~# zlogin grandmazone
[Connected to zone 'grandmazone' pts/1]
Oracle Corporation
SunOS 5.11
11.1
September 2012
root@grandmazone:~# exit
logout
Repeat this step for the zone named choczone.
19. Check the current auditing configuration.
root@s11-server1:~# auditconfig -getcond
audit condition = auditing
root@s11-server1:~# auditconfig -getpolicy
configured audit policies = ahlt,arge,argv,zonename
active audit policies = ahlt,arge,argv,zonename
root@s11-server1:~# auditconfig -getflags
active user default audit flags =
pf,lo(0x10000000001000,0x10000000001000)
configured user default audit flags =
pf,lo(0x10000000001000,0x10000000001000)
root@s11-server1:~# auditconfig -getnaflags
active non-attributable audit flags = lo,na(0x1400,0x1400)
configured non-attributable audit flags = lo,na(0x1400,0x1400)

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
c e to
idoes
c
(
If your display
not
s match the current audit_flag values, modify them to match
o
n
d
l
e
this display. Refer
lic to the auditconfig command used earlier.
ona

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 19

le

b
a
r
e
f

Practice 9-2: Managing Audit Records on Local Systems

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Your predeployment test plan calls for managing the audit records and the audit trails. You need
to analyze the audit records for multiple events configured by you. In addition, you need to
terminate the audit file used currently.
The following areas will be addressed in this practice:
• Displaying audit record definitions
• Selecting audit events from the audit trail
• Viewing the contents of binary audit files
•

Cleaning up an audit file currently in use (named not_terminated)

Task
1.
2.

Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.
Run the su - command to assume primary administrator privileges.

s

an
r
t
n

e
Cic

no
a
s
a
oracle@s11-server1:~$ su h
)
ฺ
e
m
Password: oracle1
d
o
i
ฺc Gu September 2012
Oracle Corporation
SunOS 5.11 ail 11.1
m dent
g
root@s11-server1:~#
@ anSHTML
tu file containing the full set of all the
ocreate
d
4. Using the auditrecord command,
l
s
a events.
naudit
record formats available forro
the
thi Using the more command, display the
ฺ
e
contents of the file. ro
e to us
c
i
root@s11-server1:~#
(c nse auditrecord -a -h > audit.recfmt.html
o
root@s11-server1:~#
more audit.recfmt.html
ld lice
a
n
o
R
o
r
3.




Audit Record Formats




Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 20

le

b
a
r
e
f

…
…
…

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

Change the permissions on the root directory to rwxr-xr-x so it is accessible by
anyone.
root@s11-server1:~# ls -ld /root
drwx------ 3 root root 10 Dec 16 11:24 /root
root@s11-server1:~# chmod 755 /root
root@s11-server1:~# ls -ld /root
drwxr-xr-x 3 root root 10 Dec 16 11:24 /root
The current permissions allow only the root user access to the directory. Why do you
have to change the permission to x (execute) for the browser? You need this
permission to cd into the directory.

6.

Using the auditrecord command to display all the login formats in use.

no
a
s
a
h
)
terminal login
ฺ
e
m
d
o
i
program
/usr/sbin/login
See
u
lฺc login(1)
i
G
a
t
/usr/dt/bin/dtlogin
dtlogin
n
m See
e
g
d
event ID
6152
o@ StuAUE_login
d
l
class
lo
a this (0x0000000000001000)
n
o
header
oฺr use
r
e
subject
ic e to
c
(
error message
o ens
d[text]
l
c
a
li
n return
Ro
root@s11-server1:~# auditrecord -p login | more

ro

e
Cic

login: logout
program
various
See login(1)
event ID
6153
AUE_logout
class
lo
(0x0000000000001000)
header
subject
[text]
"logout" username
Return
…
…
…
How can you use these record formats? Based on the class, you can use this
information to expect the type of records included in the audit log.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 21

s

an
r
t
n

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7.

Using the auditrecord command, display the record format of the audit records in the pf
class.
root@s11-server1:~# auditrecord -c pf
pfexec
system call pfexec
event ID
116
class
ps,ex,ua,as,pf
header
path
path
[privilege]
inheritable set are changed
[privilege]
inheritable set are changed
[process]
is changed
exec_arguments
[exec_environment]
subject
[use_of_privilege]
return

pathname of the executable
pathname of working directory
privileges if the limit or

le

b
a
r
e
f

privileges if the limit or

s

an
r
t
n

process if ruid, euid, rgid or egid

no
a
s is set
output if arge a
policy
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
@ Stu
dothe
l
Do you remember where youa
used
AUE_PFEXEC
audit event? In the audit_event
is
n
h
t
o
file while configuring the
ฺrpf class
e
s
o
r
u
e
8. Use the cd command
to
ic to go
to/audit/s11-server1/files. Display the current audit
c
(
e
file.
do icens cd /audit/s11-server1/files
l
a
root@s11-server1:~#
l
n
oroot@s11-server1:/audit/s11-server1/files#
R
ls
ro

e

Cic

See execve(2) with pfexec enabled
AUE_PFEXEC
(0x0100000080160000)

20111216140055.not_terminated.s11-server1

Why is this file labeled as not_terminated? Because it is the currently active audit file
Did you create this directory? Yes, in the auditpool.
9.

Use the audit -n command to close out the current audit file. This will automatically start
a new “not_terminated” file.
root@s11-server1:/audit/s11-server1/files# audit -n
root@s11-server1:/audit/s11-server1/files# ls
20111216145549.20111216152447.s11-server1
20111216152447.not_terminated.s11-server1
You may get different output

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 22

10. Using the auditreduce command, filter the records for the lo class.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Caution: Use the audit file (with timestamp) from your display instead of the file in the
following command.
root@s11-server1:/audit/s11-server1/files# auditreduce -c lo \
/audit/s11-server1/files/20111216145549.20111216152447.s11server1 > lofile
root@s11-server1:/audit/s11-server1/files# praudit lofile
file,2011-12-16 08:56:54.000 -06:00,
header,127,2,login - zlogin,,localhost,2011-12-16 08:56:54.832 06:00
subject,oracle,root,root,root,root,9186,3242122680,0 0 localhost
text,zone:global
return,success,0
zone,grandmazone
header,112,2,logout,,localhost,2011-12-16 08:56:56.942 -06:00
subject,oracle,root,root,root,root,9186,3242122680,0 0 localhost
return,success,0
zone,grandmazone
header,107,2,su,,localhost,2011-12-16 09:21:45.718 -06:00
subject,oracle,jholt,staff,jholt,staff,9233,3242122680,0 0
localhost
return,success,0
zone,global
header,107,2,su logout,,localhost,2011-12-16 09:22:01.284 -06:00
subject,oracle,jholt,staff,jholt,staff,9233,3242122680,0 0
localhost
return,success,0
zone,global
file,2011-12-16 09:22:01.000 -06:00,

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce

The lo file displays the login/logout information as indicated in the audit flags.
You may get different output.
11. Using the auditreduce command, create a collection of pf class records. Use the
praudit command to display.
root@s11-server1:/audit/s11-server1/files# auditreduce -c pf \
/audit/s11-server1/files/20111216145549.20111216152447.s11server1 > pffile
root@s11-server1:/audit/s11-server1/files# praudit pffile
file,2011-12-16 09:21:57.000 -06:00,
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 23

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

header,521,2,execve(2) with pfexec enabled,,localhost,2011-12-16
09:21:57.785 -06:00
path,/usr/bin/crontab
attribute,104555,root,bin,65538,59345,18446744073709551615
path,/home/jholt
process,oracle,jholt,staff,jholt,staff,9238,3242122680,0 0
localhost
exec_args,3,crontab,-l,root
exec_env,19,HZ=100,LC_MONETARY=C,SHELL=/bin/bash,TERM=suncolor,LC_NUMERIC=C,LC_ALL=C,MAIL=/var/mail/jholt,PATH=/usr/bin:,L
C_MESSAGES=C,LC_COLLATE=C,PWD=/home/jholt,LANG=C,TZ=localtime,SHL
VL=1,HOME=/home/jholt,LOGNAME=jholt,LC_CTYPE=C,LC_TIME=C,_=/usr/b
in/pfexec
subject,oracle,root,staff,jholt,staff,9238,3242122680,0 0
localhost
return,success,0
zone,global
file,2011-12-16 09:21:57.000 -06:00,

s

an
r
t
n

no
a
s
a
h
)
ฺthem up with the
e
m
Determine the fields of the header and the subject line
by matching
d
o
i
man pages in the next step.
ilฺc t Gu
a
m den
g
@ Stu –l root command issued by
Review the records and attemptd
toofind the crontab
l
aYes. this
John Holt. Was it successful?
n
o
se command to use the Cron Management profile
Why? Because he used
oฺrthe pfexec
r
u
e
ic output
to
You may get
different
c
(
e
do icens
l
a
l
onthe man command
12. Use
to display the audit.log information. Use the find command to
R
o
display
the
header
format.
cer

Ci

root@s11-server1:/audit/s11-server1/files# man audit.log
…
…
…
/header
The expanded header token consists of:
token ID
record byte count
version #
event type
event modifier
address type/length
machine address
address)

1
4
1
2
2
4
4

byte
bytes
byte
[2]
bytes
bytes
bytes
bytes/16 bytes (IPv4/IPv6

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 24

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

seconds of time
nanoseconds of time

4 bytes/8 bytes
4 bytes/8 bytes

(32/64-bits)
(32/64-bits)

…
…
…
Match up the fields with the header line in the previous step. How long is the record?
480 bytes
What is the event type? execve(2) with pfexec enabled
What is execve? The system call to Solaris kernel
Repeat this step for the subject format. Similarly you can find the format of other records
such as the attribute record.
root@s11-server1:/audit/s11-server1/files# auditreduce -z \
grandmazone \
/audit/s11-server1/files/20111216145549.20111216152447.s11server1 > gmfile

s

an
r
t
n

no
a
has ฺ
14. Using the praudit command, browse the gmfile you just)created.
de gmfile
om praudit
root@s11-server1:/audit/s11-server1/files#
i
c
u
ฺ
l
ai nt G
file,2011-12-16 08:56:54.000 -06:00,
m
g ude
header,127,2,login - zlogin,,s11-server1,2011-10-21
08:56:54.832
@
t
o
S
-06:00
d
al this
n
subject,oracle,root,root,root,root,9186,3242122680,0
0 localhost
o
r
ฺ
e
s
o
r
text,zone:global
e to u
c
i
c
return,success,0
o ( ense
d
l
zone,grandmazone
lic
na
o
header,112,2,logout,,s11-server1,2011-12-16
08:56:56.942 -06:00
R
o
r

e
Cic

subject,oracle,root,root,root,root,9186,3242122680,0 0 s11server1
return,success,0
zone,grandmazone
file,2011-12-16 08:56:56.000 -06:00,
As a sample, go over the header for the login - zlogin class:

Refer to step 12 above or pull up the man pages for audit.log and do a find for
header.
header,127,2,login - zlogin,,s11-server1,2011-12-16 08:56:54.832
-06:00
Now you can match up the fields in this raw format with the previous display or with the
format below. You may get expect different output

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 25

le

b
a
r
e
f

13. Use the auditreduce command to create a file for grandmazone. Verify the results.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

An example of matching would be:
Token ID: header
Record byte count: 127
Version #: 2
Event type: login - zlogin
Event Modifier: - (nothing)
Address Type/Length: none specified
Machine address: s11-server1
Remaining fields: 2011-12-16 08:56:54.832 -06:00 – date/timestamp
The expanded header token consists of:
token ID
1 byte
record byte count
4 bytes
version #
1 byte [2]
event type
2 bytes
event modifier
2 bytes
address type/length 4 bytes
machine address
4 bytes/16 bytes (IPv4/IPv6 address)
seconds of time
4 bytes/8 bytes (32/64-bits)
nanoseconds of time 4 bytes/8 bytes (32/64-bits)

le

b
a
r
e
f

s

an
r
t
n

Ci

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
sein three formats: text, raw, or XML format.
oฺr records
You can display theraudit
u
e
o
ic and
tpraudit
15. Use the auditreduce
-x commands to display the output in XML format.
c
(
e
s
o
n
ld lice
root@s11-server1:/audit/s11-server1/files#
praudit -x gmfile
a
n
o
R
o







zone:global



Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 26

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ


…
…
Is there any benefit of using the XML format? Yes, all the fields have the respective tags
translated for me.
16. Use the ls command to confirm the contents of the audit file storage directory.
root@s11-server1:/audit/s11-server1/files# ls
20111216145549.20111216152447.s11-server1
20111216152447.not_terminated.s11-server1
gmfile
lofile
pffile

s
n
a
r
-t
How can you tell that a new audit file has been started? The file has not_terminated
n
o
n hence closed.
in the name. The previous file has the beginning and ending timestamp
a
s
You may get expect different output
ha ฺ
)
om uide
c
ฺ
l
17. Use the command audit –t to terminate the audit
service.
ai nt G
m
root@s11-server1:/audit/s11-server1/files#
g ude audit -t
@
t
o
root@s11-server1:/audit/s11-server1/files#
auditconfig -getcond
S
d
l
s
a
i
n
audit condition = noaudit
th
o
r
ฺ
e
ero to us
c
i
How can you
the
(ctell that
e audit service is stopped? Because in the output, it says
s
o
n
noaudit
ld lice
a
n
o
R
o
r

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 27

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

18. Examine the /var/log/auditlog file for audit messages sent to syslog.
root@s11-server1:~# more /var/log/auditlog
…
…
…
Dec 16 09:44:05 s11-server1 audit: [ID 702911 audit.notice]
screenlock - unlock
failed session 810837356 by oracle as root:staff from s11-server1
Dec 16 10:41:21 s11-server1 audit: [ID 702911 audit.notice]
execve(2) with pfexec enabled ok session 3584330031 by oracle as
root:staff in global from s11-server1 proc_auid oracle proc_uid
jholt obj /home/jholt
Dec 16 10:58:52 s11-server1 last message repeated 1 time
…
…
…
Parts of this display, such as the session number, date, and time may be different for
you.

s

an
r
t
n

ro

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
c is G
You had configured the syslog for the pf class.
theumessage recorded in the
lฺHere
i
a
t
audit.log file.
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
n
Ro

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 9: Securing System Resources Using Solaris Auditing
Chapter 9 - Page 28

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 10:
e
m
d
o
i
Managing
and
u
ilฺc tProcesses
G
a
m den
Priorities
g
tu10
o@Chapter
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 1

Practice Overview for Lesson 10

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
In these practices, you are presented with a plan for managing the Oracle Solaris 11.1
processes, scheduling classes, and process priorities.
According to the predeployment test plan, you are going to evaluate various system processes.
Assume you are supporting Oracle CRM and Financial applications. These applications will
launch multiple processes and you will need to know which processes should run as high or low
priority. Therefore, you are asked to assess the processes, their priorities, and scheduling
classes. You are presented with various situations that will help you evaluate and configure the
facilities. The key areas explored in the practices are:
• Modifying process scheduling priority
• Configuring the fair share scheduler (FSS) in an Oracle Solaris Zone

le

Ci

b
a
r
Note: Your display outputs will be different due to the type of tasks, processes, and users.
e
sf
n
a
r
tnow
n
Check your progress. You just completed the Oracle Solaris auditing lesson and
are
no
working with processes and priorities.
a
s
a
h
)
ฺ
Oracle Solaris 11.1 Predeployment
Checklist
√
e
m
d
o
i
ฺc Gu
l
i
a
√
t
Managing the Image Packaging System (IPS)
n
mand Packages
e
g
@ Hosts
tud
√
oMultiple
Installing Oracle Solaris 11.1 lon
S
d
a this
n
o
√
Managing the Business
se Data
oฺr Application
r
u
e
ic Network
to
√
c
Configuring
and Traffic Failover
(
e
o ens
d
l
a
√
lic Zones and the Virtual Network
n Configuring
o
R
o
r
√
Managing Services and Service Properties
ce
√

Configuring Privileges and Role-Based Access Control

√

Securing System Resources by Using Oracle Solaris Auditing
Managing Processes and Priorities
Evaluating System Resources
Monitoring and Troubleshooting System Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 2

Practice 10-1: Modifying Process Scheduling Priority

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you work with the processes in the following areas:
• Managing scheduling class and process priorities
• Configuring the fair share scheduler

Task 1: Manage Scheduling Class and Process Priorities
This task will cover the following activities:
• Listing the current processes
• Displaying process class information
• Determining the process global priority
• Designating a process priority
• Modifying process scheduling priority
• Changing the scheduling parameters of a timesharing process
1. Verify that the Sol11-Server1 virtual machine is running. If it is not, start it now.
2. Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.
3. Make sure that all other virtual machines are shut down.
4. Run the su - command to assume administrator privileges.

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
tu
oracle@s11-server1:~$ su o
-@
S
d
l
s
Password:
na thi
o
r
ฺ
Oracle Corporation
SunOS
11.1
September
se 5.11
o
r
u
e
o
ic e t
root@s11-server1:~#
c
(
nsto view the top 10 processes at a 10-second interval.
docommand
5. Use the ltop
e
c
a
li
n
oroot@s11-server1:~#
top 10 -s 10
R
o
r

e
Cic

le

b
a
r
e
f

2012

last pid: 1121; load avg: 0.20, 0.14, 0.12; up 0+01:50:30
14:10:30
87 processes: 83 sleeping, 3 running, 1 on cpu
CPU states: 81.8% idle, 5.1% user, 13.1% kernel, 0.0% iowait,
0.0% swap
Kernel: 609 ctxsw, 9 trap, 327 intr, 1935 syscall, 4 flt
Memory: 1024M phys mem, 84M free mem, 977M total swap, 977M free
swap
PID
991
733
929
934
1120
917
913
966

USERNAME NLWP PRI NICE SIZE
RES STATE
oracle
2 59
0
87M
19M sleep
oracle
3 59
0
65M
53M run
oracle
20 59
0 160M 140M run
oracle
1 56
0
12M 5552K run
root
1 59
0 4296K 2480K cpu
oracle
1 49
0 107M
36M sleep
oracle
1 59
0
27M
15M sleep
oracle
2 59
0
26M
12M sleep

TIME
0:11
0:23
2:01
0:06
0:00
0:01
0:01
0:06

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 3

CPU
4.03%
3.82%
1.75%
1.46%
0.25%
0.22%
0.08%
0.07%

COMMAND
gnome-terminal
Xorg
java
xscreensaver
top
nautilus
metacity
nwam-manager

11 root
536 root

18
7

59
59

0
12M
11M sleep
0 9420K 1856K sleep

0:41
0:03

0.06% svc.configd
0.04% VBoxService

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Enter ‘q’ to exit.
In what order is the CPU column sorted? Descending, so that the processes using high
CPU are displayed at the top
Remember: Your display output will differ from the output presented here.
6.

Use the priocntl command to view the configured classes.
root@s11-server1:~# priocntl -l
CONFIGURED CLASSES
==================
SYS (System Class)

le

TS (Time Sharing)
Configured TS User Priority Range: -60 through 60

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
FX (Fixed priority)
u
ilฺc t G
Configured FX User Priority a
Range:n0
through 60
m de
g
@ Stu
obeing
d
l
These are all the classes currently
at this time. For example, the Interactive
a thIA
isused
nconfigured
o
class (IA) is not shown.ฺrThe
user
priority range is -60 through 60.
e
s
o
r
u scheduling class and the priority of the processes
7. Using the ps command,
the
e display
o
c
i
t
c
currently running.
( nse
o
d
l
e
root@s11-server1:~#
ps -ecl | more
c
a
i
l
n
o
F
S
UID
PID
PPID
CLS
PRI
ADDR
SZ
WCHAN TTY TIME CMD
R
o
1 T
0
0
0 SYS 96
?
0
?
0:01 sched
r
SDC (System Duty-Cycle Class)

e

Cic

b
a
r
e
f

1
0
1
1
1
0

S
S
S
S
S
S

0
0
0
0
0
16

5
1
2
3
6
52

0
0
0
0
0
1

SDC
TS
SYS
SYS
SDC
TS

99
59
98
60
99
59

?
?
?
?
?
?

0
688
0
0
0
991

S
S
R
S
S

101
101
0
101
101

934
928
997
973
972

848
1
994
1
1

IA
IA
IA
IA
IA

59
59
19
59
59

?
?
?
?
?

3180
2793
2163
3199
3248

?
?
?
?
?
?

?
?
?
?
?
?

0:03
0:00
0:00
0:05
0:00
0:00

zpool -rp
init
page out
fsflush
vmtasks
ipmgmtd

…
…
…
0
0
0
0
0

? ?
? ?
pts/1
? ?
? ?

…
…
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 4

0:08 xscreens
0:00 gvfsd-tr
0:00 bash
0:00 VBoxClie
0:00 VBoxClie

…

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

What is the highest priority in use? It is 99 for the zpool process.
What is the lowest priority in use? It is 19 for the bash shell.
Refer to the man pages for detailed explanation of the columns.
8.

Use the priocntl command to generate a process in the TS scheduling class with a
specified priority of 60 by using the find command.
root@s11-server1:~# priocntl -e -c TS -m 60 -p 60 find / -name
core -exec ls {} \; > /var/tmp/find 2<>/dev/null&
[1] 1348
root@s11-server1:~#

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
lฺc t Gu
ifind
root@s11-server1:~# ps -ecl | grep
a
m d? en1865
0 S
0 2959 2771
TS 60 g
? pts/1
@
u
t
0:01 find
o
S
ld | grep
s
a
i
root@s11-server1:~# psn-ecl
find
h
ro sTSe t59
0 S
0 2959oฺ2771
?
1961
? pts/1
r
u
e
0:01 find
o
ic e t ps -ecl | grep find
c
(
root@s11-server1:~#
ns 2771 TS 60
do 0 ic2959
e
0 a
Rl
?
1985
? pts/1
n find l
o
0:02
R

Use the ps command to inspect the priority of the find command. Repeat the
command multiple times to check if the specified priority is being used at all times.

ro

e
Cic

Is the designated priority 60 being used at all times? No, but it is used most of the time.
The kernel determines the priority based on what other jobs are running on the CPU;
therefore, you might see a slight variance in the specified priority number.
9.

Create a small program to run for a longer duration, so that you can change its priority. Use
the priocntl command to change the class and specify a time slice or the global priority
of the program modparm.
Create a small script called modparm. Grant the owner the execute permission.
root@s11-server1:~# vi modparm
root@s11-server1:~# cat modparm
#!/bin/bash
find / -name jholt -exec ls{} \; > /var/tmp/jholt 2<>/dev/null
find / -name jmoose -exec ls{} \; > /var/tmp/jmoose 2<>/dev/null
find / -name panna -exec ls{} \; > /var/tmp/panna 2<>/dev/null

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 5

le

b
a
r
e
f

Here you execute the find command with the priority of 60. What is the highest priority
a user can specify for a user-generated process? Refer to Step 6 to determine the
highest priority, which is 60. Refer to man pages for the command options used here.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

find / -name sstudent -exec ls{} \; > /var/tmp/sstudent
2<>/dev/null
find / -name oracle -exec ls{} \; > /var/tmp/oracle 2<>/dev/null
find / -name core -exec ls{} \; > /var/tmp/core 2<>/dev/null
root@s11-server1:~# ls -l modparm
-rw-r--r-- 1 root root 87 Dec 19 08:31 modparm
root@s11-server1:~# chmod 755 modparm
root@s11-server1:~# ls -l modparm
-rwxr-xr-x 1 root root 87 Dec 19 08:31 modparm
root@s11-server1:~# priocntl -e -c RT -t 500 -p 20 /root/modparm
&
[1] 5104

s

an
r
t
n

Here you execute your program in the RT class with a time slice of 500 milliseconds, a
priority of 20 in the RT class, and a global priority of 120.

no
a
s
a
h
)find / e-name
ฺ jholt -exec
root 10270 10269
RT 120 02:08:08 pts/1
0:05
m
d
o
i
ls{}
lฺc t Gu
i
a
root@s11-server1:~# ps -ecf | grep
n
m find
e
g
d
root 10270 10269 33 02:08:08 pts/1
0:25
find
/ -name jholt -exec ls{} ;
@ Stu
o
d
root 10281 1310
0 02:09:33
al pts/1
is 0:00 grep find
n
h
t
o
se
oฺrin theudesignated
r
Is your program running
scheduling class? Yes.
e
o
c
i
t
c
( nse
o
d
l
econtinuation of the commands being run in the modparm script,
Note:
To see ithe
c
a
l
n
Rocontinue to run ps –ecf | grep find.

10. Verify the designated scheduling class and the priority.
root@s11-server1:~# ps -ecf | grep find

o
er11.
c
i
C

Use the priocntl command to change the priority of the running program modparm.
Verify the results.
Note: Make sure you use the process number that appears on your display. Your process
number will be different than the process number (5104) presented in the example.
root@s11-server1:~# priocntl -s -p 30 5104
root@s11-server1:~# ps -ecf | grep find
root 10293 10269
root 10299 1310

RT 120 02:11:43 pts/1 0:09 find / -name sstudent -exec ls{} ;
TS 29 02:12:04 pts/1 0:00 grep find

What are the new RT and the global priorities? They are 30 and 130.
Note that the system added 100 to 30 to come up with the global priority of 130.
Why would you need to change the priority? Based on your business process priority,
you needed to lower the priority of a long running transaction.
12. Copy the modparm program to John Holt’s home directory so that he can run the program
under his privileges. As the administrator, you will change the program’s scheduling class
by using John’s user ID.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 6

le

b
a
r
e
f

As the administrator, execute the following command.
root@s11-server1:~# cp modparm /export/home/jholt

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

As John Holt, execute the following commands.
root@s11-server1:~# su - jholt
Oracle Corporation
SunOS 5.11
11.1
September 2012
jholt@s11-server1:~$ ls modparm
modparm
jholt@s11-server1:~$ cp modparm holtparm
jholt@s11-server1:~$ ls -l holtparm
-rwxr-xr-x
1 jholt
staff
336 Dec 19 15:13 holtparm
Note that by copying, it changed the ownership.

ro

e
Cic

s

an
r
t
n

no
a
Make sure that John has the execute permission on this program.
s If needed, use the
a
h
chmod command as you did before.
)
ฺ
e
m
d
o
i
u
ilฺtoc edittthe
G
a
Before you run the program as jholt, you
need
/var/tmp
file part of the
n
m
e
g
entry in the holtparm file for each user.
The user
jholt does not have the
@
uddoes
t
o
S
d
authorization to overwrite the original
files
but
he
have the authorization to
l
s
a
i
n
h
overwrite the files he himself
has
created.
ฺro use t
o
r
e tovi holtparm
c
i
jholt@s11-server1:~$
c
o ( ense cat holtparm
d
jholt@s11-server1:~$
l
lic
na
o
#!/bin/bash
R
find / -name
find / -name
find / -name
find / -name
2<>/dev/null
find / -name
find / -name

jholt -exec ls{} \; > /var/tmp/holt 2<>/dev/null
jmoose -exec ls{} \; > /var/tmp/moose 2<>/dev/null
panna -exec ls{} \; > /var/tmp/anna 2<>/dev/null
sstudent -exec ls{} \; > /var/tmp/student
oracle -exec ls{} \; > /var/tmp/orcl 2<>/dev/null
core -exec ls{} \; > /var/tmp/cre 2<>/dev/null

As John Holt, run the program by using the following command:
jholt@s11-server1:~$ ./holtparm 2<>/dev/null&
[1] 5130
You will see some “permission denied” error messages, which you can ignore. The only
purpose of the program is to continue running for a while.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 7

le

b
a
r
e
f

13. Now, display the active program as the user John Holt. Next, change the program’s
scheduling class to IA and verify the results. Finally, use the pkill -9 command to
terminate the processes associated with the find command and modparm script. Verify
that all the processes have been terminated.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

jholt@s11-server1:~$ ps -ef | grep holt
jholt 10328
jholt 10329
exec ls{} ;
jholt 10335
jholt 10315
jholt 10334

10315
10328

0 02:17:40 pts/1
22 02:17:40 pts/1

10315
1310
10315

0 02:18:11 pts/1
0 02:14:44 pts/1
1 02:18:11 pts/1

0:00 /bin/bash ./holtparm
0:10 find / -name jholt 0:00 -bash
0:00 -bash
0:00 ps -ef … …

…
…

s

an
r
t
n

no
a
s
a
h
)
ฺ
jholt@s11-server1:~$ exit
e
m
d
o
i
logout
ilฺc t Gu
a
root@s11-server1:~# grep holt /etc/passwd
m den
g
jholt:x:60005:10:john holt:/export/home/jholt:/bin/bash
o@ Stu
d
l
a this
n
o
As the administrator,
se class to IA for all the processes running under
osetฺr the scheduling
r
u
e
John’s useridic
(60005). to
c
(
o ense
d
l
root@s11-server1:~#
priocntl -s -c IA -i uid 60005
lic
na
o
R root@s11-server1:~# ps -ecf | grep holt
Determine John’s userid.

ro

e
Cic

root@s11-server1:~# ps -ecf | grep holt
jholt 6244 6243
jholt -exec ls{} ;
root 6251 6106
jholt 6243
1
./holtparm

IA
TS
IA

50 22:13:06 pts/1
49 22:16:10 pts/1
59 22:13:06 pts/1

2:00 find / -name
0:00 grep holt
0:00 /bin/bash

Here you can see all the processes launched by John that are currently running in the IA
class.
Why would you need to make changes like this? You want to run the job interactively so
that you can get results more quickly.
root@s11-server1:~# pkill -9 find
root@s11-server1:~# ps -ef | grep find
jholt 5143 5130
1 15:18:47 pts/1
exec ls{} ;
jholt 5143 5130
1 15:18:47 pts/1

0:10 find / -name jmoose 0:10 grep find

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 8

le

b
a
r
e
f

When John submitted his job, it ended up in the TS class. Why? The kernel made the
call based on the nature of the program and overall workload.

root@s11-server1:~# pkill -9 modparm
root@s11-server1:~# ps -ef | grep find
root@s11-server1:~#

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

14. Use the ps command to display all the processes running in the TS class.
root@s11-server1:~# ps -ef -o class,zone,fname | grep TS | sort
-k2 | more
TS
global asr-noti
TS
global automoun
TS
global automoun
TS
global bash
TS
global bash
TS
global bash
TS
global bash
TS
global bash
TS
global cron
TS
global cupsd
TS
global dbus-dae
TS
global devchass
TS
global devfsadm
TS
global dhcpagen
TS
global dlmgmtd
TS
global fmd
TS
global hald
TS
global hald-add
TS
global hald-add
TS
global hald-add
TS
global hald-run
TS
global htcachec
TS
global httpd.wo
TS
global httpd.wo
TS
global httpd.wo
TS
global httpd.wo
TS
global httpd.wo
TS
global httpd.wo
TS
global in.mpath
TS
global in.ndpd
TS
global in.route
TS
global inetd
TS
global init
TS
global ipmgmtd
TS
global iscsid
TS
global kcfd

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 9

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
choczone
choczone
choczone
choczone
choczone

login
mountd
named
netcfgd
nfsmapid
nscd
nwamd
pfexecd
picld
pkg.depo
ps
rad
reparsed
rmvolmgr
rpcbind
sshd
sshd
sshd
statd
su
su
svc.conf
svc.star
sysevent
syslogd
ttymon
ttymon
ttymon
ttymon
ttymon
utmpd
vbiosd
VBoxServ
vtdaemon
zoneadmd
zoneadmd
zoneprox
automoun
automoun
cron
dhcpagen
fmd

le

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 10

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

choczone in.mpath
choczone in.ndpd
choczone in.route
choczone inetd
choczone init
choczone ipmgmtd
choczone kcfd
choczone netcfgd
choczone nscd
choczone nwamd
choczone pfexecd
choczone rpcbind
choczone sendmail
choczone sendmail
choczone smtp-not
choczone sshd
choczone svc.conf
choczone svc.star
choczone syslogd
choczone ttymon
choczone utmpd
choczone zoneprox
grandmazone automoun
grandmazone automoun
grandmazone cron
grandmazone dhcpagen
grandmazone fmd
grandmazone in.mpath
grandmazone in.ndpd
grandmazone in.route
grandmazone inetd
grandmazone init
grandmazone ipmgmtd
grandmazone kcfd
grandmazone netcfgd
grandmazone nscd
grandmazone nwamd
grandmazone pfexecd
grandmazone rpcbind
grandmazone sendmail
grandmazone sendmail
grandmazone smtp-not

le

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 11

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

TS grandmazone sshd
TS grandmazone svc.conf
TS grandmazone svc.star
TS grandmazone syslogd
TS grandmazone ttymon
TS grandmazone utmpd
TS grandmazone zoneprox
root@s11-server1:~#
Here you display all the processes running on your system that are in the TS class.

Task 2: Configure the Fair Share Scheduler
This task will cover the following activities:
• Making FSS the default scheduling class
• Moving processes into the FSS class
• Moving a project’s processes into the FSS class
• Tuning scheduler parameters
1. Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
2. Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.
3. Make sure that all other virtual machines are shut down.
4. Run the su - command to assume administrator privileges.

s

an
r
t
n

r5.o

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oracle@s11-server1:~$
oฺr ususer
e
Password: cic
to
(
e
Oracle
SunOS 5.11
11.1
September
ns
doCorporation
l
e
c
a
i
l
n
Roroot@s11-server1:~#

2012

Use the dispadmin command to view and change the default scheduling class to FSS.
Confirm the action.
root@s11-server1:~# dispadmin -d
dispadmin: Default scheduling class is not set
root@s11-server1:~# dispadmin -d FSS
root@s11-server1:~# dispadmin -d
FSS
(Fair Share)
Is the default scheduling class changed for the global zone? Yes.
Does it mean that FSS has become the default scheduling class for all the processes
running on the system? Refer to the display in the next steps.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 12

le

b
a
r
e
f

6.

Use the dispadmin command to view the current scheduling classes being used.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# dispadmin -l
CONFIGURED CLASSES
==================
SYS
TS
SDC
FSS
FX
RT
IA

(System Class)
(Time Sharing)
(System Duty-Cycle Class)
(Fair Share)
(Fixed Priority)
(Real Time)
(Interactive)

s
n
a
r
7. Using the ps command, display the scheduling class of the currently running processes.
-t
n
o
root@s11-server1:~# ps -ef -o class,zone,fname | grep
a n -v CLS |
sort -k2 | more
s
ha ฺ
)
TS
global asr-noti
om uide
TS
global automoun
c
ฺ
l
ai nt G
TS
global automoun
m
g ude
TS
global bash
@
t
o
S
d
l
s
TS
global bash
na thi
o
r
TS
global bash
ฺ
se
o
r
u
e
TS
global
ic bash
to
c
(
e
s
TS oglobal n
bash
d
l
e
c
a
global
li cron
onTS
R
TS
global cupsd
ro
These are all the classes currently being used at this time.

e

Cic

TS
TS
TS
TS
TS
IA
TS
SYS
TS
TS
TS
TS
TS
IA
TS

global
global
global
global
global
global
global
global
global
global
global
global
global
global
global

dbus-dae
devchass
devfsadm
dhcpagen
dlmgmtd
find
fmd
fsflush
hald
hald-add
hald-add
hald-add
hald-run
holtparm
htcachec

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 13

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global

httpd.wo
httpd.wo
httpd.wo
httpd.wo
httpd.wo
httpd.wo
in.mpath
in.ndpd
in.route
inetd
init
intrd
ipmgmtd
iscsid
kcfd
kmem_tas
lockd
lockd_kp
login
mountd
named
netcfgd
nfsd
nfsd_kpr
nfsmapid
nscd
nwamd
pageout
pfexecd
picld
pkg.depo
ps
rad
reparsed
rmvolmgr
rpcbind
sched
sshd
sshd
sshd
statd
su

le

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 14

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
SYS
TS
TS
TS
SDC
FX
SYS
TS
TS
TS
TS
FX
SYS
TS
TS
TS
SYS
TS
TS
TS
TS
TS
TS
TS
TS
SYS
TS
TS
TS
TS
TS

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
global
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone
choczone

su
svc.conf
svc.star
sysevent
syslogd
ttymon
ttymon
ttymon
ttymon
ttymon
utmpd
vbiosd
VBoxServ
vmtasks
vtdaemon
zoneadmd
zoneadmd
zoneprox
zonestat
zpool-au
zpool-rp
automoun
automoun
cron
dhcpagen
fmd
in.mpath
in.ndpd
in.route
inetd
init
ipmgmtd
kcfd
netcfgd
nscd
nwamd
pfexecd
rpcbind
sendmail
sendmail
smtp-not
sshd

le

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 15

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
SYS
TS
TS
TS
TS
FX
SDC
SDC
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

choczone svc.conf
choczone svc.star
choczone syslogd
choczone ttymon
choczone utmpd
choczone zoneprox
choczone zsched
grandmazone automoun
grandmazone automoun
grandmazone cron
grandmazone dhcpagen
grandmazone fmd
grandmazone in.mpath
grandmazone in.ndpd
grandmazone in.route
grandmazone inetd
grandmazone init
grandmazone ipmgmtd
grandmazone kcfd
grandmazone netcfgd
grandmazone nscd
grandmazone nwamd
grandmazone pfexecd
grandmazone rpcbind
grandmazone sendmail
grandmazone sendmail
grandmazone smtp-not
grandmazone sshd
grandmazone svc.conf
grandmazone svc.star
grandmazone syslogd
grandmazone ttymon
grandmazone utmpd
grandmazone zoneprox
grandmazone zsched

le

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 16

an
r
t
n

o

What are some of the classes being used at this time? TS, IA, and SYS

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

b
a
r
e
f

s

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

TS
TS
TS
TS
TS
TS
SYS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
TS
SYS
…
…

8.

Use the priocntl command to move all current processes into the FSS class.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# priocntl -s -c FSS -i all
Why did you have to move all the current processes to the FSS class manually when
you already set the default class to FSS? Because the new default class is effective on
next reboot. It does not affect the currently active processes.
9.

Using the ps command, display the modified scheduling class of the currently running
processes.
root@s11-server1:~# ps -ef -o class,zone,fname | grep -v CLS |
sort -k2 | more
FSS
global asr-noti
FSS
global automoun
FSS
global automoun
FSS
global bash
FSS
global bash
FSS
global bash
FSS
global bash
FSS
global cron
FSS
global cupsd
FSS
global dbus-dae
FSS
global devchass
FSS
global devfsadm
FSS
global dhcpagen
FSS
global dlmgmtd
FSS
global find
FSS
global fmd
SYS
global fsflush
FSS
global grep
FSS
global hald
. . .
FSS
global in.ndpd
FSS
global in.route
FSS
global inetd
TS
global init
SYS
global intrd
FSS
global ipmgmtd
FSS
global iscsid
FSS
global kcfd
SDC
global kmem_tas
FSS
global lockd
SYS
global lockd_kp
FSS
global login
FSS
global more
FSS
global mountd
FSS
global named

s

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 17

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 18

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

FSS
global netcfgd
FSS
global nfsd
SYS
global nfsd_kpr
FSS
global nfsmapid
FSS
global nscd.
FSS
global nwamd
SYS
global pageout
FSS
global pfexecd
FSS
global picld
FSS
global pkg.depo
FSS
global ps
FSS
global rad
FSS
global reparsed
FSS
global rmvolmgr
FSS
global rpcbind
SYS
global sched
FSS
global sort
FSS
global sshd
FSS
global sshd
FSS
global sshd
FSS
global statd
FSS
global su
FSS
global su
FSS
global svc.conf
FSS
global svc.star
FSS
global sysevent
FSS
global syslogd
FSS
global ttymon
FSS
global ttymon
FSS
global ttymon
FSS
global ttymon
FSS
global ttymon
FSS
global utmpd
FSS
global vbiosd
FSS
global VBoxServ
SYS
global vmtasks
FSS
global vtdaemon
FSS
global zoneadmd
FSS
global zoneadmd
FSS
global zoneprox
FSS
global zonestat
SDC
global zpool-au
SDC
global zpool-rp
FSS choczone automoun
FSS choczone automoun

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

choczone cron
choczone dhcpagen
choczone fmd
choczone in.mpath
choczone in.ndpd
choczone in.route
choczone inetd
choczone init
choczone ipmgmtd
choczone kcfd
choczone netcfgd
choczone nscd
choczone nwamd
choczone pfexecd
choczone rpcbind
choczone sendmail
choczone sendmail
choczone smtp-not
choczone sshd
choczone svc.conf
choczone svc.star
choczone syslogd
choczone ttymon
choczone utmpd
choczone zoneprox
choczone zsched
grandmazone automoun
grandmazone automoun
grandmazone cron
grandmazone dhcpagen
grandmazone fmd
grandmazone in.mpath
grandmazone in.ndpd
grandmazone in.route
grandmazone inetd
grandmazone init
grandmazone ipmgmtd
grandmazone kcfd
grandmazone netcfgd
grandmazone nscd
grandmazone nwamd
grandmazone pfexecd
grandmazone rpcbind
grandmazone sendmail
grandmazone sendmail

le

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 19

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
SYS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS
FSS

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

FSS grandmazone smtp-not
FSS grandmazone sshd
FSS grandmazone svc.conf
FSS grandmazone svc.star
FSS grandmazone syslogd
FSS grandmazone ttymon
FSS grandmazone utmpd
FSS grandmazone zoneprox
SYS grandmazone zsched
root@s11-server1:~#
Are all the processes using FSS? No; however, most of the processes are using FSS.
Why are some of the processes in the TS,SDC and SYS classes? The classes remain
unchanged for these processes based on the nature of the processes. For example, the
zsched daemon normally runs in the SYS class because of its scope.

s

an
r
t
n

10. Using the ps command, display all the init processes.

no
a
s
a
h
)
ฺ
e
m
d
o
i
lฺc t Gu
i
a
Why are there so many init processes? m
One for each
n zone. Refer to the display in
e
g
d
Step 9.
Stuof the init process to the FSS
do@theisclass
l
11. Using the priocntl command,achange
n
h
o
scheduling class. Display ฺthe
classeseoftall the init processes to confirm the change.
r
us -s -c FSS -i pid 1
ero topriocntl
root@s11-server1:~#
c
i
(c nse ps -ef -o class,zone,fname | grep init
root@s11-server1:~#
o
ld global
e init
c
a
FSS
i
l
n
o FSS choczone init
R
o
r
root@s11-server1:~# ps -ecf | grep init
root
root
root

e

Cic

1
2487
2491

0
1562
1406

TS
FSS
FSS

59 10:54:11 ?
59 11:00:37 ?
59 11:00:37 ?

0:00 /usr/sbin/init
0:00 /usr/sbin/init
0:00 /usr/sbin/init

FSS grandmazone init

Did you change the classes for all the init processes? No, only for the global zone
because you specified the PID 1.
12. Now change a project’s scheduling class. First, by using the ps command, find the current
class for the current projects.
root@s11-server1:~# ps -o user,pid,uid,projid,project,class
USER
PID PROJID PROJECT CLS
root 1309
1 user.root
TS
root 1310
1 user.root
TS
root 10415
1 user.root
TS
Since you changed the scheduling class for all the processes, the user.root project
and its processes are running in the FSS class. So, where can you find the definition of
this project? The definition can be found in the /etc/project file.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 20

le

b
a
r
e
f

Note: The project topic is covered here only in the context of a scheduling class. This
topic will be covered in greater detail in Lesson 11: Evaluating System Resources.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# grep user.root /etc/project
user.root:1::::
root@s11-server1:~# priocntl -s -c TS -i projid 1
root@s11-server1:~# ps -o user,pid,uid,projid,project,class
USER
PID
UID PROJID PROJECT CLS
root 5142
0
1 user.root
TS
root 5189
0
1 user.root
TS

le

b
a
r
e
f

Did you change the scheduling class for all the processes? No.
How would you confirm that? Refer to the commands in the previous steps.
What would prompt this action of changing the project class? You want to change the
scheduling class based on the importance of a project.

s

an
r
t
n

Cic

e

no
a
s
a
h
13. Using the dispadmin command, inspect the current scheduler
parameter
quantum value.
)
ฺ
e
m
Modify the value and verify the change.
co Guid
ฺ
l
i
Refer to Task1, Step 9 where you used -t 500
at quantum value for the task. In
ma to esetnto,
the following steps, you change the timegquantumdunit
for example, one-tenth and
@
u
t
o
one-hundredth of a second.
ld is S
a
n
th
o
r
ฺ
e
root@s11-server1:~#
-c FSS -g
ro odispadmin
us
e
c
i
t
#
(c nse
o
# Fair
Share
ld liceScheduler Configuration
a
n
o#
R
ro RES=1000
#
# Time Quantum
#
QUANTUM=110
Currently, the quantum values are specified in 1/1000th of a second. You can change it
to 1/100th of a second.
root@s11-server1:~# dispadmin -c FSS -g -r 100
#
# Fair Share Scheduler Configuration
#
RES=100
#
# Time Quantum
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 21

#
QUANTUM=11

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Why would you need to change these values? When you want to work with smaller digits
(specifying 10 is a lot easier than 100000 for quantum values).
Now reboot s11-server1 to make your changes effective.
root@s11-server1:~# init 6

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 22

Practice 10-2: Configuring the FSS in an Oracle Solaris Zone

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Your predeployment test plan calls for configuring the CPU shares and the scheduling class
FSS for the grandmazone and the choczone non-global zones. This practice will demonstrate
the effect of using CPU shares in an attempt to constrain the resources.
The tasks are covered in this practice:
• Configuring CPU shares and the FSS
• Monitoring the FSS in two zones
• Removing the CPU shares configuration

Task 1: Configure the CPU Shares and the FSS
1.
2.

Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use the password
oracle1.

3.

Run the su - command to assume administrator privileges.

s

no
a
s
a
h
)
ฺ
e
m
11.1
September
d
o
i
ilฺc t Gu
a
n
mconfigured
e
g
d
4. Use the zoneadm list command to view
the
zones.
@ Stu
o
d
root@s11-server1:~# zoneadm
al thlist
is -civ
n
o
ID NAME
BRAND
se PATH
oฺrSTATUS
r
u
0 global
running
/
solaris
e
o
c
i
t
c
1 grandmazone
running
/zones/grandmazone
solaris
( nse
o
2 lchoczone
solaris
d ice running /zones/choczone
a
l
n
o
R
If you recall, you had configured these zones earlier in the class.
o
r
oracle@s11-server1:~$ su Password:
Oracle Corporation
SunOS 5.11
root@s11-server1:~#

e 5.

Cic

an
r
t
n

2012

IP
shared
excl
excl

Use the zonecfg command to add the CPU shares to grandmazone. Display the results
to confirm the action.
root@s11-server1:~# zonecfg -z grandmazone
zonecfg:grandmazone> set cpu-shares=80
zonecfg:grandmazone> exit
root@s11-server1:~# zonecfg -z grandmazone info | more
zonename: grandmazone
zonepath: /zones/grandmazone
brand: solaris
autoboot: true
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 23

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

ip-type: exclusive
hostid:
fs-allowed:
[cpu-shares: 80]
net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic1
defrouter not specified
anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
auto-mac-address: 2:8:20:7b:1a:a1
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
rctl:
name: zone.cpu-shares
value: (priv=privileged,limit=80,action=none)

le

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Notice the CPU shares–related entries.
6.

Repeat step 6 for the second zone, namely, choczone.
root@s11-server1:~# zonecfg -z choczone
zonecfg:choczone> set cpu-shares=10
zonecfg:choczone> exit
root@s11-server1:~# zonecfg -z choczone info | more
zonename: choczone
zonepath: /zones/choczone
brand: solaris
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 24

s

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

autoboot: true
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
[cpu-shares: 10]
net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic2
defrouter not specified
anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
auto-mac-address: 2:8:20:56:b5:ad
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
rctl:
name: zone.cpu-shares
value: (priv=privileged,limit=10,action=none)

le

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce

Notice the number of CPU shares allocated to this zone.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 25

s

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

7.

Use the zlogin command to cleanly reboot both the zones. Verify that they are back up
and running.
root@s11-server1:~# zlogin grandmazone init 6
root@s11-server1:~# zlogin choczone init 6
root@s11-server1:~# zoneadm list -civ
ID
0
2
3

NAME
global
grandmazone
choczone

STATUS
running
running
running

PATH
/
/zones/grandmazone
/zones/choczone

BRAND
solaris
solaris
solaris

IP
shared
excl
excl

How can you tell they have been rebooted? The zone IDs are different.
8.

Now examine the effect of CPU share assignment. Log in to each zone and create the
tasks as indicated.
root@s11-server1:~# zlogin grandmazone
[Connected to zone 'grandmazone' pts/1]
Oracle Corporation
SunOS 5.11
11.1
September 2012
root@grandmazone:~# newtask dd if=/dev/zero of=/dev/null &
[1] 7949
root@grandmazone:~# ps -ef | grep 7949
root 7949 7945 34 03:12:42 pts/2
0:21 dd
if=/dev/zero of=/dev/null
root 7953 7945
0 03:13:55 pts/2
0:00 grep 7949
root@grandmazone:~# exit
logout

s

an
r
t
n

o

ro

e
Cic

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
[Connection
do icetonszone 'grandmazone' pts/1 closed]
l
a
l
n
Ro
Start a similar task in choczone.

root@s11-server1:~# zlogin choczone
[Connected to zone 'choczone' pts/2]
Oracle Corporation
SunOS 5.11
11.1
September 2012
root@choczone:~# newtask dd if=/dev/zero of=/dev/null &
[1] 7959
root@choczone:~# ps -ef | grep 7959
root 7959 7955
8 03:15:12 pts/2
0:08 dd
if=/dev/zero of=/dev/null
root 7961 7955
0 03:15:14 pts/2
0:00 grep 7959
root@choczone:~# exit
logout
[Connection to zone 'choczone' pts/2 closed]
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 26

le

b
a
r
e
f

The newtask command starts a task that is an infinite loop. These tasks will be used to
demonstrate the CPU resource utilization by the Oracle Solaris kernel.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

9.

Use the ps command from the global zone to verify that the task from choczone is running
in the FSS class.
root@s11-server1:~# ps -ecf | grep 7949
root 7967 3467 FSS 59 03:16:04 console
0:00 grep 7949
root 7949
1 FSS
1 03:12:42 ?
2:31 dd
if=/dev/zero of=/dev/null
root@s11-server1:~# ps -ecf | grep 7959
root 8430
1 FSS
1 03:15:01 ?
0:11 dd
if=/dev/zero of=/dev/null
root@s11-server1:~# ps -ecf | grep 7959
root 8430
1 FSS
6 03:15:01 ?
0:13 dd
if=/dev/zero of=/dev/null
root@s11-server1:~# ps -ecf | grep 7959
root 8430
1 FSS
1 03:15:01 ?
0:16 dd
if=/dev/zero of=/dev/null

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
Is the task running in the FSS zone? Yes.
ilฺc t Gu
a
How and why? Because earlier you set g
the
n to FSS for the whole system
mdefaultdclass
e
@ running
Check the scheduling class for theotask
tuin grandmazone.
S
d
l
s
a t-Z
10. From the global zone, use then
prstat
hicommand to measure the CPU performance.
o
r
ฺ
e
root@s11-server1:~#
ro oprstat
us –Z
e
c
i
t
PID USERNAME
SIZE
RSS STATE PRI NICE
TIME CPU PROCESS/NLWP
(c 1700K
e 1036K
s
o
8183droot
run
15
0
0:03:12 37% dd/1
n
l root lice1720K 836K run
a
8430
1
0
0:00:14 4.1% dd/1
n
o 8130 root
R
12M
11M run
58
0
0:00:08 0.9% svc.configd/21
ro

e

Cic

5
7188
2384
1121
8128
8705
8780
517
8815
8811
7186
8817
8505
8803
3466
8618
8765
ZONEID

root
root
pkg5srv
root
root
root
root
root
root
root
root
root
root
root
root
root
root
NPROC

0K
13M
4496K
31M
11M
4500K
2108K
46M
4224K
5560K
11M
4428K
5064K
4356K
1732K
17M
3948K
SWAP

0K
12M
3200K
9036K
8116K
3232K
1328K
16M
2380K
2504K
7884K
3396K
3272K
2212K
1040K
8880K
1788K
RSS

sleep
sleep
sleep
run
sleep
sleep
sleep
sleep
sleep
sleep
sleep
cpu1
sleep
sleep
run
sleep
sleep
MEMORY

99
1
60
59
59
59
59
59
60
59
59
59
59
59
59
59
59

-20
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
TIME

0:01:19 0.7%
0:00:16 0.6%
0:00:10 0.4%
0:00:07 0.2%
0:00:01 0.1%
0:00:00 0.1%
0:00:00 0.1%
0:00:02 0.1%
0:00:00 0.0%
0:00:00 0.0%
0:00:01 0.0%
0:00:00 0.0%
0:00:00 0.0%
0:00:00 0.0%
0:00:00 0.0%
0:00:00 0.0%
0:00:00 0.0%
CPU ZONE

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 27

zpool-rpool/136
svc.configd/22
htcacheclean/1
pkg.depotd/64
svc.startd/16
inetd/6
ttymon/1
poold/9
configCCR.bin/1
svc-ocm/1
svc.startd/14
prstat/1
nscd/37
net-iptun/1
script/1
fmd/11
syslogd/10

le

b
a
r
e
f

3
4
0

32
16
80

132M
59M
438M

76M
37M
236M

7.4%
3.6%
23%

0:03:29 38% grandmazone
0:00:23 5.2% choczone
0:02:01 1.4% global

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

…
…


In order to get a true picture, you need to watch the dynamic display for a few minutes.
You will see it getting close and closer to the ratio you specified. (Recall from the lecture
the difference between the CPU shares and the CPU percentage.)
Convert the CPU shares to percentages and compare with the average CPU utilization
here.

le

What column do we need to watch? The CPU column

b
a
r
e
f

s

an
r
t
n

Note that there’s more CPU utilization by grandmazone as compared to choczone.
Why? This is the effect of the CPU shares allocation.

no
a
s -i zone global
a
h
root@s11-server1:~# prctl -n zone.cpu-shares -v
40
-r
)
ฺ
e
m
d
o
i
u
ilฺc zone
G
Note that you can modify the attributes of thea
global
too.
t
n
m
e
g
d
12. Refer to step 9 and start a new task from
the
global
zone.
tu
o@dd if=/dev/zero
S
d
l
root@s11-server1:~# newtask
of=/dev/null&
s
a thi
n
o
[1] 10444
oฺr use
r
e
13. Observe the results
o prstat command.
ic running
tthe
c
(
e
o ens prstat -Z
root@s11-server1:~#
d
l
a
TIME CPU PROCESS/NLWP
lic SIZE RSS STATE PRI NICE
nPID USERNAME
o
R
8183 root
1700K 1036K run
1
0
0:07:22 33% dd/1
ro
11. Use the prctl command to assign 40 CPU shares to the global zone.

e

Cic

10444
8430
2384
5
1121
517
10445
3466
8130
9377
8418
3467
2399
349
178
112
159
47

root
root
pkg5srv
root
root
root
root
root
root
root
daemon
root
root
root
root
root
root
netcfg

1720K
1720K
4896K
0K
31M
46M
4428K
1732K
13M
17M
7608K
3388K
11M
4420K
0K
2848K
7012K
3780K

1088K
836K
3600K
0K
9036K
17M
3316K
1040K
12M
8856K
4528K
2720K
5920K
1592K
0K
1052K
3096K
2588K

run
run
sleep
sleep
sleep
sleep
cpu1
run
sleep
sleep
sleep
sleep
sleep
sleep
sleep
sleep
sleep
sleep

58
1
60
99
59
59
59
59
59
54
55
59
59
53
99
59
29
29

0
0
0
-20
0
0
0
0
0
0
0
0
0
0
-20
0
0
0

0:00:05
0:00:53
0:00:12
0:01:29
0:00:08
0:00:02
0:00:00
0:00:00
0:00:11
0:00:00
0:00:00
0:00:00
0:00:00
0:00:00
0:00:00
0:00:00
0:00:00
0:00:00

7.6%
5.3%
0.8%
0.4%
0.2%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 28

dd/1
dd/1
htcacheclean/1
zpool-rpool/136
pkg.depotd/64
poold/9
prstat/1
script/1
svc.configd/21
fmd/12
kcfd/3
bash/1
httpd.worker/1
net-physical/1
zpool-auditpool/136
in.mpathd/1
syseventd/18
netcfgd/4

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

82 daemon
8000K 5048K sleep
ZONEID
NPROC SWAP
RSS MEMORY
3
30 128M
74M
7.3%
0
81 440M 238M
23%
4
29 125M
70M
6.8%

29

0
0:00:00 0.0% kcfd/4
TIME CPU ZONE
0:07:39 33% grandmazone
0:02:19 9.1% global
0:01:05 5.3% choczone

…
…

Repeat the analysis you did in Step 10, but this time pay attention to the global zone
CPU consumption. Remember to observe the changing CPU utilization for a few minutes
to obtain an approximate average.
Compare the shares allocation and the percentages.
14. Abort all the infinite processes.
root@s11-server1:~# pkill -9 dd
root@s11-server1:~# pkill -9 find

s

an
r
t
n

no
a
s
a
h
Task 2: Remove the CPU shares configuration
)
ฺ
e
m
d
o
1. Verify that the Sol11-Server1 virtual machine is running.
If
it
is
not
running,
start it now.
i
c Gu
ฺ
l
i
2. Log in to the Sol11-Server1 virtual machine as the
t user. Use the password
n
ma oracle
e
g
oracle1.
@ Stud
o
d
3. Run the su - command to assume
al administrator
is privileges.
n
h
t
o
oracle@s11-server1:~$
ฺr ususeo
r
e
Password: ic
to
c
(
e
OracleoCorporation
SunOS 5.11
11.1
September 2012
ns
d
l
e
c
a
root@s11-server1:~#
li
n
o
R
4. Use the zonecfg command to view the current CPU shares configuration of the zone
ero named grandmazone.

Cic

root@s11-server1:~# zonecfg -z grandmazone info
zonename: grandmazone
zonepath: /zones/grandmazone
brand: solaris
autoboot: true
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
[cpu-shares: 80]
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 29

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic1
defrouter not specified
anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
auto-mac-address: 2:8:20:7b:1a:a1
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified

le

s

Ci

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
rctl:
a
l
on

R
o
r
ce

name: zone.cpu-shares
value: (priv=privileged,limit=80,action=none)

Notice the CPU configuration.
5.

Use the zonecfg command to delete the CPU configuration. Verify the action.
root@s11-server1:~# zonecfg -z grandmazone clear cpu-shares
root@s11-server1:~# zonecfg -z grandmazone info
zonename: grandmazone
zonepath: /zones/grandmazone
brand: solaris
autoboot: true
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 30

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

Notice that the cpu-shares entry is deleted.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 31

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

ip-type: exclusive
hostid:
fs-allowed:
net:
address not specified
allowed-address not specified
configure-allowed-address: true
physical: vnic1
defrouter not specified
anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
auto-mac-address: 2:8:20:34:6e:84
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
pkey not specified
linkmode not specified

6.

Repeat Step 5 for the second zone, namely, choczone.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# zonecfg -z choczone clear cpu-shares
root@s11-server1:~# zonecfg -z choczone info | grep cpu-shares
To make the configuration effective, do you need to reboot the zones? Yes.
The zones will be rebooted as part of step 8.
7.

Reset the system default scheduling class by using the dispadmin command. Verify the
change.
root@s11-server1:~# dispadmin -d
FSS (Fair Share)
root@s11-server1:~# dispadmin -d TS
root@s11-server1:~# dispadmin -d
TS
(Time Sharing)
root@s11-server1:~# priocntl -s -c TS -i all

s

an
r
t
n

no
a
Have you verified that all system processes have been moved to
s the TS class? Yes.
a
h
)
ฺ
e
m
d
o
i
8. Reboot the system by using the init 6 command.lฺBy
rebooting
u the entire system, the
ithecglobal
G
a
t
global CPU share property is cleared. In addition,
zone
the new default
n rebootedhasautomatically
m deare
g
scheduling class (TS). As part of the reboot,
the zones
so their
@
u
t
o
CPU share properties are also cleared.
ld AfteristheS reboot is completed, the new configuration
a
will be in place.
n
th
o
r
ฺ
e
ero to us
c
i
(c nse
o
ld lice
a
n
o
R
o
r

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 10: Managing Processes and Priorities
Chapter 10 - Page 32

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 11:
e
m
d
o
i
Evaluating
u
ilฺc t System
G
a
m den
Resources
g
tu11
o@Chapter
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 1

Practice Overview for Lesson 11

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
In these practices, you are presented with a plan for configuring resource controls and
assessing system performance.
According to the predeployment test plan, you need to evaluate various system resource
controls. As a standard practice, you will be required to conserve resources, such as system
memory, CPU time, and data storage. You are asked to control the CPU resource for your CRM
project with the objective that other projects should also be able to share the CPU resources.
Then you evaluate the memory, CPU, and disk usage by using many system utilities. Based on
your evaluation of the resources, you will be able to allocate appropriate resources to various
projects. The key areas explored in the practices are:
• Managing resource controls in global and non-global zones
• Evaluating system performance levels
Check your progress. You just completed Lesson 10: Managing Processes and Priorities and
are now working with system resource evaluation.

s

o

an
r
t
n

an
s
ha ฺ
)
Managing the Image Packaging System (IPS) and Packages
om uide
c
ฺ
l
ai nt G
Installing Oracle Solaris 11.1 on Multiple
Hosts
m
g ude
@
t
o
Managing the Business Application
Data
S
d
l
s
na thi
o
r
ฺ
Configuring Network
and
Traffic
se Failover
o
r
u
e
ic Zoneseand
tothe Virtual Network
c
Configuring
(
do icens
l
a
l Services and Service Properties
on Managing

√
√
√
√
√
√
√

Ci

R
o
√
r
ce
√
√

Oracle Solaris 11.1 Predeployment Checklist

Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Oracle Solaris Auditing
Managing Processes and Priorities
Monitoring the System Resources
Monitoring and Troubleshooting System Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 2

le

b
a
r
e
f

Practice 11-1: Managing Resource Controls in Global and Non-Global
Zones

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you will work with the resource controls in the following areas:
• Administering projects and tasks
• Configuring resource controls and attributes
Note: Your displays will be different from those presented in this guide due to the dynamic
nature of the contents displayed.

Task

le

This task will cover the following activities:
• Creating a resource pool
• Defining a project
• Obtaining project membership information
• Editing and validating project attributes
• Binding the resource pool to a project
• Creating a new task
• Moving a running process into a new task
• Monitoring resource control events globally
• Displaying information about a given resource control
• Setting resource controls
• Deleting a project

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
1. Verify
virtual machine is running. If it is not running, start it now.
on that the Sol11-Server1
R
r2.o Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the

e

Cic

b
a
r
e
f

3.

password.
Run the su - command to assume administrator privileges.
oracle@s11-server1:~$ su Password:
Oracle Corporation
SunOS 5.11
root@s11-server1:~#

4.

11.1

September 2012

Use the projects command to view the default projects in the system.
root@s11-server1:~# projects -l
system
projid : 0
comment: ""
users : (none)
groups : (none)
attribs:
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 3

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

user.root
projid : 1
comment: ""
users : (none)
groups : (none)
attribs:
noproject
projid : 2
comment: ""
users : (none)
groups : (none)
attribs:
default
projid : 3
comment: ""
users : (none)
groups : (none)
attribs:
group.staff
projid : 10
comment: ""
users : (none)
groups : (none)
attribs:
root@s11-server1:~# cat /etc/project
system:0::::
user.root:1::::
noproject:2::::
default:3::::
group.staff:10::::

You are viewing this default project information so that you are aware of the default
entries in the project file. In addition, when you make changes in the following steps, you
will be able to recognize the changes.
In this display (project context), what is 10 in the group.staff project? Project ID
Check in the /etc/group file if the staff group is defined. What is its numeric ID? It is
10.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 4

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

5.

Use the projadd command to create a project and assign it to John Holt. Verify that an
entry has been made in /etc/project file by using the projects –l command.
root@s11-server1:~# projadd -U jholt -p 4000 s11deploy
root@s11-server1:~# /usr/bin/id -ap jholt
uid=60005(jholt) gid=10(staff) groups=10(staff)
projid=10(group.staff)
Verify John Holt’s group membership.

le

Has the project been added? Yes
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 5

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

root@s11-server1:~# projects -l
system
projid : 0
comment: ""
users : (none)
groups : (none)
attribs:
user.root
projid : 1
comment: ""
users : (none)
groups : (none)
attribs:
noproject
projid : 2
comment: ""
users : (none)
groups : (none)
attribs:
default
projid : 3
comment: ""
users : (none)
groups : (none)
attribs:
group.staff
projid : 10
comment: ""
users : (none)
groups : (none)
attribs:
s11deploy
projid : 4000
comment: ""
users : jholt
groups : (none)
attribs:

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Use the projmod command to add the staff group to the project membership.
root@s11-server1:~# projmod -G staff -c 'Oracle Solaris 11.1
deployment' s11deploy
root@s11-server1:~# projects -l | tail
comment: ""
users : (none)
groups : (none)
attribs:
s11deploy
projid : 4000
comment: "Oracle Solaris 11.1 deployment"
users : jholt
groups : staff
attribs:

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
Note: You are going to bind the s11deploy project to the resource
pool
pool_gmzone
) Network.
ฺ
e
m
that you created in Practice 6: Configuring Zones and the
Virtual
id
co configuration
u
ฺ
l
i
G
7. Enable the pools service and create the default
pool
file.
a nt
m
g system/pools:default
de
root@s11-server1:~# svcadm @
enable
u
t
o
S
root@s11-server1:~# poolcfg
ld -cisdiscover
a
n
h
ฺro use t
o
r
e configuration.
8. Verify the pool and
pset
c
i
to
c
(
e
root@s11-server1:~#
do icens poolcfg -c info | more
l
a
l
n
osystem
R
default
ro

What is the significance of group membership in the project? The staff group has an
entry in the project file for accounting purposes.

e

Cic

string
int
boolean
string

system.comment
system.version 1
system.bind-default true
system.poold.objectives wt-load

…
…
…
pool pool_gmzone
int
pool.sy_id1
boolean
pool.active true
boolean
pool.default false
string
pool.scheduler FSS
int
pool.importance 1
string
pool.comment
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 6

pset

pset_1to2

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

…
…
…
pset pset_1to2
int
boolean
uint
uint
string
uint
uint
string

pset.sys_id 1
pset.default false
pset.min 1
pset.max 2
pset.units population
pset.load 0
pset.size 0
pset.comment

You have a pool with 1–2 CPUs.
Your output may differ.

s

an
r
t
n

no
a
s
a
h
root@s11-server1:~# projmod -s -K project.pool=pool_gmzone
\
)
ฺ
e
m
s11deploy
co Guid
ฺ
l
i
Here you bind pool_gmzone to the s11deploy
nt
ma dproject.
e
g
What is the main purpose of this binding?
So that
tu you can allocate one to two CPUs to
o@ was
S
d
l
the s11deploy project. An assumption
made
that this project can possibly
s
a thi
n
o
consume up to two CPUs
at
times.
ฺr use
o
r
e
10. Verify the pool binding
ic to eyourtoproject.
c
(
root@s11-server1:~#
o ens projects -l | tail
dcomment:
l
a
""
n userslic : (none)
o
ro R
9.

e

Cic

le

b
a
r
e
f

Use the projmod command to assign the pool to the s11deploy project.

groups :
attribs:
s11deploy
projid :
comment:
users :
groups :
attribs:

(none)

4000
"Oracle Solaris 11.1 deployment"
jholt
staff
project.pool=pool_gmzone

As you can see, an attribute called project.pool has been added and it is pointing to
pool_gmzone.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 7

11. By using the newtask command, create a task under the s11deploy project.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# newtask -p s11deploy dd if=/dev/zero \
of=/dev/null&
[1] 2954
root@s11-server1:~# newtask -p s11deploy dd if=/dev/zero
of=/dev/null&
[1] 2955
For training purposes, you are creating two infinite tasks. Note down the task numbers
displayed; you will need them subsequently. On your job, you may be running a different
program, such as a program to create reports.
12. Use the prstat command to display all currently running processes and projects. Let this
command run to view the dynamically changing CPU usage.
root@s11-server1:~# prstat -JR
…
…
…
PROJID
NPROC SWAP
RSS MEMORY
TIME CPU PROJECT
4000
2 312K 7328K
0.7%
2:35:44 50% s11deploy
1
3 2912K
17M
1.6%
0:00:00 0.3% user.root
0
99 142M 170M
17%
0:00:47 0.0% system
10
1
10M
0K
0.0% 0:00:00 0.0% group.staff
3
2
10M 1164K
0.0% 0:00:14 0.0% default
Notice the value for your s11deploy project in the NPROC column. What is the project
ID displayed? It is 4000.
Is this ID the same as that defined in the /etc/project file? Yes

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

RCreate a new task and associate it with your project.
o
13.
r
ce

Ci

root@s11-server1:~# newtask dd if=/dev/zero of=/dev/null&
[1] 2980
For training purposes, you are creating an infinitely running job. On your job, it may be
related to the supported business application.
root@s11-server1:~# newtask -v -p s11deploy -c 2980
250
Here you associate the process ID 2980 with your s11deploy project. Did it create a
new task? Yes, 250
How many other processes are associated with process ID 250? Two processes
What are their process IDs? They are 2954 and 2955.
Your output may differ.
Example:
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 8

le

b
a
r
e
f

root@s11-server1:~# prstat –JR | grep dd

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

PID USERNAME
2980 root
2954 root

SIZE
RSS STATE PRI NICE
7156K 1316K cpu0
59
7156K 1316K cpu1
59

0
0

TIME CPU PROCESS/NLWP
1:36:13 25% dd/1
1:55:55 25% dd/1

Here you can associate the PIDs 2980 and 2954 with the dd programs that are running.
14. Associate another attribute with your project. Verify the result.
root@s11-server1:~# projmod -a -K "task.max-lwps=(priv,100,deny)"
s11deploy
For training purposes, you are configuring a ceiling for the maximum number of
lightweight processes (LWPs) to be 100. The assumption is that you determined that
your project can consume significant resources sometimes and you want to limit the
LWPs.

s

root@s11-server1:~# projects -l | tail
users : (none)
groups : (none)
attribs:
s11deploy
projid : 4000
comment: "Oracle Solaris 11.1 deployment"
users : jholt
groups : staff
attribs: project.pool=pool_gmzone
task.max-lwps=(priv,100,deny)

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l if the number of processes exceeds 100? The Oracle Solaris kernel
n will happen
oWhat

R will not start the 101st task because the ceiling is defined as 100.
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 9

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

15. Use the projmod command to remove the pool configuration from your project. Verify the
results.
root@s11-server1:~# projmod -r -K project.pool s11deploy
root@s11-server1:~# projects -l | tail
comment: ""
users : (none)
groups : (none)
attribs:
s11deploy
projid : 4000
comment: "Oracle Solaris 11 deployment"
users : jholt
groups : staff
attribs: task.max-lwps=(priv,100,deny)

le

b
a
r
e
f

Cic

e

s
n
a
r
t one to
-use
Because you configured a limit of 100 for LWPs, it does not make sense to
n
o
two CPUs. So assume that you determined that the CPU pool is not needed
a n any more.
Is the pool showing up in the project file? No
s
ha ฺ
)
Note: Test the LWPs limit in the next few steps.
demanageable three.
om to aumore
i
c
16. Use the projmod command to modify the maximum
LWPs
ฺ
l
ai nt G
Verify the results.
m
g ude
root@s11-server1:~# projmod
-K 'task.max-lwps=(priv,3,deny)'
\
@
t
o
S
d
l
s11deploy
s
a thi
nprojects
o
root@s11-server1:~#
r
ฺ
e -l | tail
s
o
r
u
e
comment:
ic ""e to
c
(
s
o e:n(none)
dusers
l
c
a
groups
:
(none)
li
on attribs:
R
ro
s11deploy
projid :
comment:
users :
groups :
attribs:

4000
"Oracle Solaris 11.1 deployment"
jholt
staff
task.max-lwps=(priv,3,deny)

What will happen if an attempt is made to start the fourth process? The Oracle Solaris
kernel will not start it.
How can you tell? The deny directive in the command

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 10

17. Use the newtask command to create a task called bash for the project s11deploy.
root@s11-server1:~# newtask -p s11deploy bash

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Because your default shell for launching processes is bash, you create a new task for
your s11deploy project.
root@s11-server1:~# prctl -n task.max-lwps $$
process: 3220: bash
NAME
PRIVILEGE
task.max-lwps
usage
privileged
system

VALUE

FLAG

3
3
2.15G

max

ACTION

RECIPIENT

deny
deny

-

le

b
a
r
e
f

This verifies the LWPs setting for your default shell.
root@s11-server1:~# id -p
uid=0(root) gid=0(root) projid=4000(s11deploy)

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
o monitor as well as log the tasks that cross the
icyou can
tglobally
c
Using this utility,
(
e
ns you set the syslog priority level to notice so that a log entry
threshold.
case,
do In this
l
e
c
a
li
n
Rocan be generated in the /var/adm/messages file. You will learn more about syslog

18. Using the rctladm command, enable global monitoring on the lightweight processes. Verify
the results.
root@s11-server1:~# rctladm -e syslog task.max-lwps
root@s11-server1:~# rctladm | grep max-lwps
task.max-lwps
syslog=notice [ count ]
project.max-lwps
syslog=off
[ no-basic count ]
zone.max-lwps
syslog=off
[ no-basic count ]

C

ro
ice 19.

in Lesson 12: Monitoring and Troubleshooting Software Failures.

Create multiple bash processes and test the limit.
root@s11-server1:~# ps -o project,taskid -p $$
PROJECT TASKID
s11deploy
256
The current task ID of the bash process is 256.
root@s11-server1:~# bash
root@s11-server1:~# bash
root@s11-server1:~# bash
bash: fork: retry: Resource temporarily unavailable
…
…
…
You may see this message being displayed repetitively. Use Ctrl + C to stop the display.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 11

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Press Enter and then exit from one of the bash processes in order to receive the
command prompt. Verify by using the ps command that you now have only three bash
processes running.
root@s11-server1:~# ps
PID TTY
TIME
3352 console
0:00
2923 console
0:00
2962 console
0:00
2962 console
0:00

CMD
ps
bash
bash
bash

le

b
a
r
e
f

How many bash processes are running currently? Three

s

Now exit two bash process.
root@s11-server1:~# exit
root@s11-server1:~# exit

o

an
s
ha ฺ
)
de
om
20. Use the prctl command to display the current resource
controls.
i
c
u
ฺ
l
ai nt G
root@s11-server1:~# prctl $$
m
g ude
process: 2974: bash
@
t
o
d
NAME
PRIVILEGE
VALUE
FLAG S
ACTION
l
s
a thi
process.max-port-eventson
r
ฺ
se - deny
privilegedro
65.5K
u
e
ic e to2.15G max deny
system
c
(
process.max-msg-messages
ns
doprivileged
l
e
c
a
8.19K
deny
li
on system
4.29G
max
deny
R
ro

e

Cic

an
r
t
n

RECIPIENT
-

…
…
…

task.max-lwps
usage
system
…
…
…
project.max-tasks
usage
system
project.max-processes
usage
system
…
…
…

3
2.15G

max

deny

6
2.15G

max

deny

-

39
2.15G

max

deny

-

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 12

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

zone.cpu-shares
usage
privileged
system

1
1
65.5K

max

none
none

-

Notice the first column for various types of global resource controls. Some levels to note
are project, task, process, and zone.
21. Using the tail command, view the error messages in the /var/adm/messages file.
root@s11-server1:~# tail /var/adm/messages
Dec 19 13:39:17 s11-serv1 genunix: [ID 748619 kern.notice]
privileged rctl task.max-lwps (value 3) exceeded by process 3492
in task 256.
Dec 19 13:39:18 s11-serv1 genunix: [ID 748619 kern.notice]
privileged rctl task.max-lwps (value 3) exceeded by process 3494
in task 256.
Dec 19 13:39:18 s11-serv1 genunix: [ID 748619 kern.notice]
privileged rctl task.max-lwps (value 3) exceeded by process 3495
in task 256.ps

s

an
r
t
n

ro

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
…
ilฺc t Gu
a
…
m den
g
…
o@ Stu
d
l
a this
n
o
Can you match the task
e is reported here with the task ID in step 21? Yes
oฺrID 256usthat
r
e
Note that the threshold
o and other related information are also listed.
ic eoftthree
c
(
Each time
nsis made to cross the threshold, an entry is made in this log.
do an iattempt
l
e
c
a
l
n
RoKill the infinitely running processes.
root@s11-server1:~# pkill -9 dd
root@s11-server1:~#

22. Using the projdel command, delete the s11deploy project. Confirm the results.
root@s11-server1:~# projdel s11deploy
root@s11-server1:~# projects -l
system
projid : 0
comment: ""
users : (none)
groups : (none)
attribs:
user.root
projid : 1
comment: ""
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 13

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

users :
groups :
attribs:
noproject
projid :
comment:
users :
groups :
attribs:
default
projid :
comment:
users :
groups :
attribs:
group.staff
projid :
comment:
users :
groups :
attribs:

ro

e
Cic

(none)
(none)

2
""
(none)
(none)

3
""
(none)
(none)

le

an
r
t
n

s

no
a
10
s
a
h
""
)
ฺ
e
m
d
o
i
(none)
ilฺc t Gu
a
(none)
m den
g
o@ Stu
d
l
a this
n
o
You are deleting the project
e demonstration purposes. On the job, you will, of
sfor
roฺronlyoonly
u
course, delete acproject
when
the project is not needed anymore.
e
i
t
c
If this project
sein subsequent practices, you will create it.
o ( is needed
n
d
l
e
lic
na
o
R

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 14

b
a
r
e
f

Practice 11-2: Evaluating System Performance Levels

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
Your predeployment test plan calls for evaluating system performance. This practice will cover
monitoring the memory, CPU, and disk usage. Multiple system utilities will be used to assess
system performance. The following topics will be addressed in this practice:
•

Displaying virtual memory statistics (vmstat)

•
•

Displaying disk usage information
Monitoring system activities

•

Collecting system activity data automatically (sar)

•

Setting up automatic data collection (sar)

le

b
a
r
e
f

Task 1: Displaying Virtual Memory Statistics
Virtual memory statistics (vmstat)

•

System event information (vmstat -s)

•

Swapping statistics (vmstat -S)

s

an
r
t
n

no
a
s
a
h
1. Verify that the Sol11_Server1 virtual machine is running. If it)is not running,
ฺ start it now.
e
m
d
o
Double-click the Sol11-Desktop icon to launch the Sol11-Desktop
virtual
machine.
i
c Gu
ฺ
l
i
a oracle
2. Log in to the Sol11-Desktop virtual machine as
t user. Use oracle1 as the
n
mthe
e
g
password.
@ Stud
o
d
3. Right-click the desktop background
and
a terminal window.
l open
s
a
i
n
h
t
o su s- ecommand
4. In the terminal window, run
to assume administrator privileges.
ฺrthe
o
r
e to usu oracle@s11-desktop:~$
c
i
c
Password:
o ( ense
d
l
Oracle
SunOS 5.11
11.1
September 2012
lic
na Corporation
o
ro R root@s11-desktop:~#

e 5.

Cic

•

Use the newtask command to create an infinitely running task.

root@s11-desktop:~# newtask dd if=/dev/zero of=/dev/null&
[1] 3462
This task is created to generate some workload for training purposes. On the job, you
will have your application and system processes. While these tasks are running, as a
system administrator, you would like to monitor their impact on system resources,
especially the memory and CPU.
root@s11-desktop:~# vmstat 5
kthr
r b w
0 0 0
0 0 0
0 0 0
0 0 0
0 0 0

memory
swap free
948016 53556
930388 33940
930284 33844
930284 33856
930284 33856

re
4
3
0
0
0

mf
32
12
0
0
0

page
disk
pi po fr de sr s0 s1 s2 s3
0 0 0 0 21 1 3 -1 -1
0 0 0 0 0 9 0 0 0
0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 15

faults
cpu
in
sy
cs us sy
794 733327 451 5 15
683 87963 555 8 18
637 88670 461 8 18
663 89500 465 8 18
649 88298 466 8 18

id
80
74
74
74
74

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

0
0
0
0
0
0
0
11
0
0

0
0
0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0

930284
930276
930276
930276
930276
930276
930276
932936
961508
961508

33856
33844
33844
33844
33844
33844
33844
36496
65076
65076

0
0
0
0
0
0
0
0
0
0

0
1
0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0

0
0
8
0
0
0
0
0
3
0

0
0
0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0
0
0

0 642 87486 465
0 638 87308 457
0 657 88708 500
0 635 88078 459
0 794 87826 461
0 646 87986 462
0 643 86883 463
0 2771 83461 450
0 656 88659 532
0 967 87164 503

8
8
8
8
8
8
8
8
8
8

18
18
18
18
18
18
19
20
18
18

74
74
74
74
74
74
73
72
74
74

Some points to note are:
a. For example, take the last two lines. When the system is consuming less CPU (sy
under the CPU column), more memory is available. In addition, the last column (id under
the CPU column) shows more idle time.
b. As another example, take the third line from the bottom. Currently, the system is not
using the CPU for a longer time (sy under the CPU column), so there is more CPU idle
time (id under the CPU column) and less memory available.

s

an
r
t
n

no
a
s last reboot.
6. Use the vmstat -s command to display the system events since
the
a
h
)
ฺ
root@s11-desktop:~# vmstat -s | more
e
m
d
o
i
0 swap ins
ilฺc t Gu
a
m den
0 swap outs
g
0 pages swapped in
o@ Stu
d
l
a outthis
0 pages swapped
n
o
ฺr ustrans.
e
875033 total
faults taken
oaddress
r
e
o
ic ins
t
6 cpage
(
e
s
ldo69 lipage
enouts
c
a
n
32 pages paged in
o
R
948 pages paged out
ro

e

Cic

110830
110830
0
875033
5
207486
217129
464034
2
3777
2356

total reclaims
reclaims from free list
micro (hat) faults
minor (as) faults
major faults
copy-on-write faults
zero fill page faults
pages examined by the clock daemon
revolutions of the clock hand
pages freed by the clock daemon
forks

…
…
…
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 16

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

So, what can you take away from here? Although some of the display items are common
with the previous display (pages swapped in and swapped out), consider the highlighted
items:
a. 110830 reclaims from free list: Displays how many free pages of memory
were reclaimed, which indicates how quickly the system was running out of memory.
Because the memory is used for programs, it explains the load on the system memory.
b. 2356 forks: Tells you how many processes are launching subprocesses. These
processes create the workload that requires memory and CPU resources.
7.

Use the vmstat –S command to display system memory pages swapping in and swapping
out.
root@s11-desktop:~# vmstat -S
kthr
memory
r b w
swap free si
0 0 0 1024800 150444 0

page
disk
so pi po fr de sr s0 s1 s2 s3
0 0 1 6 0 298 8 0 -2 -2

faults
cpu
in
sy
cs us sy id
719 7142 1157 1 2 97

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
Task 2: Displaying Disk Usage Information
ilฺc t Gu
a
m den
This task covers the following activities:
g
o@ Stu
• Displaying general disk usage d
data
l
a -xtc)
is
n
h
• Extending disk statisticso(iostat
t
se (df -h)
oฺrinformation
r
• Displaying disk e
space
u
ic e to
c
(
o Sol11-Serve1
ns virtual machine is running. If it is not running, start it now.
dthe
l
e
1. Verify a
that
c
li
on
Double-click
the Sol11-Desktop icon to launch the Sol11-Desktop virtual machine.
R
ro

e
Cic

Here you can check the swapping activity, for example, memory pages swapped in (pi)
and pages swapped out (po). This demonstrates the workload created by one job
running in the background.

2.

3.
4.

Log in to the Sol11-Desktop virtual machine as the oracle user. Use oracle1 as the
password.
Right-click the desktop background and open a terminal window.
In the terminal window, run the su – command to assume administrator privileges.
oracle@s11-desktop:~$ su Password:
Oracle Corporation
SunOS 5.11
root@s11-desktop:~#

5.

11.1

September 2012

Use the iostat command to check the input/output activity on your disks and CPU.
root@s11-desktop:~# iostat 5
tty
sd0
tin tout kps tps serv
0
3 138
4
51
0
47
0
0
0
0
16 50 18
3
0
16
0
0
0

sd1
kps tps serv
1
0
7
0
0
0
0
0
0
0
0
0

sd2
kps tps serv
0
0
0
0
0
0
0
0
0
0
0
0

sd3
kps tps serv
0
0
0
0
0
0
0
0
0
0
0
0

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 17

us
4
8
8
8

cpu
sy wt
10 0
18 0
18 0
18 0

le

b
a
r
e
f

id
86
74
74
74

Here you can inspect the service time for transactions by using the sd1 disk, which is 7
milliseconds. Compare that to the 51 milliseconds service time for transactions on the
sd0 disk. Generally speaking, it shows you which disk is taking more time in servicing
your transaction. However, you need to keep in mind the nature of the transactions too.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Use the iostat –xtc command to obtain extended input/output statistics for the disks.
root@s11-desktop:~# iostat -xtc
extended device statistics
tty
device
id
sd0
84
sd1
sd2
sd3
sd4
sd5

cpu
r/s

w/s

kr/s

kw/s wait actv

2.4

1.4

92.9

21.9

0.1

0.1
0.0
0.0
0.0
0.0

0.0
0.0
0.0
0.0
0.0

0.4
0.0
0.0
0.0
0.0

0.0
0.0
0.0
0.0
0.0

0.0
0.0
0.0
0.0
0.0

svc_t

%w

%b

0.0

48.6

3

4

0.0
0.0
0.0
0.0
0.0

6.9
0.0
0.0
0.0
0.0

0
0
0
0
0

0
0
0
0
0

tin tout
0

9

us sy wt
5 11

0

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
ฺr usystem
7. Use the df command toodisplay
se memory pages swapping in and swapping out.
r
e
ic e todf -h | more
root@s11-desktop:~#
c
(
Filesystem
Size Used Avail Use% Mounted on
do icens
l
a
l
n
13G 4.5G 8.5G 35% /
orpool/ROOT/solaris
R
907M 460K 906M
1% /system/volatile
ro swap

This display can help you to understand I/O activity. For example, consider the reads
and writes of the sd0 disk: 92.9 kilobytes worth of data read per second; 21.9 kilobytes
worth of data written per second. The svc_t column shows the service time in
milliseconds. Look at 48.6 milliseconds of average service time for the sd0 disk.
Compare this disk to the other disks.
Why is its service time so high? The answer is because, in the current environment, you
have the default ZFS file system on this disk.

e

Cic

/usr/lib/libc/libc_hwcap1.so.1
13G 4.5G
swap
907M
56K
ora
209G 118G
rpool/export
8.5G
32K
rpool/export/home
8.5G
37K
rpool/export/home/jholt
8.5G
40K
rpool/export/home/oracle
8.5G 807K

8.5G
906M
92G
8.5G
8.5G

35%
1%
57%
1%
1%

/lib/libc.so.1
/tmp
/opt/ora
/export
/export/home

8.5G

1% /export/home/jholt

8.5G

1% /export/home/oracle

…
…

This command is very useful because it presents the used and available storage
information for all mounted file systems. For example, here you can see that the ZFS
root file system has used up 4.5G out of 13G.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 18

Task 3: Monitoring System Activities

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

The following activities are covered in this task:

1.
2.
3.
4.

•

Checking file access (sar –a)

•

Checking buffer activity (sar –b)

•

Checking system call statistics (sar –c)

•

Checking disk activity (sar –d)

•

Checking unused memory (sar –r)

•

Setting up automatic data collection

Verify that the Sol11-Server1 virtual machine is running. If it is not running, start it now.
Double-click the Sol11-Desktop icon to launch the Sol11-Desktop virtual machine.
Log in to the Sol11-Desktop virtual machine as the oracle user. Use oracle1 as the
password.
Right-click the desktop background and open a terminal window.
In the terminal window, run the su – command to assume administrator privileges.

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
11.1
September
m
d
o
i
ilฺc t Gu
a
n on file access.
m todcheck
e
g
5. In the terminal window, use the sar –a command
tu
o@
root@s11-desktop:~# sarld
-a
5 2s S
na thi
o
r
ฺ
se i86pc 12/16/2012
o 5.11u11.1
r
SunOS s11-desktop
e
ic e to
c
(
ns namei/s dirbk/s
do iiget/s
l
e
16:07:28
c
a
l
n
o16:07:33
0
2
0
R
ro
oracle@s11-desktop:~$ su Password:
Oracle Corporation
SunOS 5.11
root@s11-desktop:~#

e

Cic

16:07:38

0

6

0

Average

0

4

0

2012

You ran the command for two displays every 5 seconds. On an average, the system
could not find one file (under column namei/s). At the system level, if this number is
high, you need to be concerned.
6.

Use the sar –b command to check on buffer activity.
root@s11-desktop:~# sar -b 2 2
SunOS s11-desktop 5.11 11.1 i86pc

12/16/2012

16:42:45 bread/s lread/s %rcache bwrit/s lwrit/s %wcache pread/s pwrit/s
16:42:47
0
0
100
0
0
100
0
0
16:42:49
0
0
100
0
0
100
0
0

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 19

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Average

0

0

100

0

0

100

0

0

This command displays the reads from the buffer and writes to the buffer. At a glance,
you can see 100% reads from the buffer and 100% writes to the buffer. You are looking
for any anomalies. Here things are running smoothly as far as buffer activity is
concerned.
7.

Use the sar –c command to check on system call activity.
root@s11-desktop:~# sar -c 2 2
SunOS s11-desktop 5.11 11.1
16:50:29 scall/s sread/s swrit/s
16:50:31 1473382 736337 736318
16:50:33 1360794 680028 680012

fork/s
0.00
0.00

12/16/2012
exec/s rchar/s wchar/s
0.00 376991964 376989750
0.00 348160177 348160229

e

…
…
…
Average

1417088

708182

708165

0.00

0.00 362576070 362574990

sd0,q

0

0.0

0

0

0.0

0.0

sd0
sd0,a
sd0,c
sd0,i
sd0,q

2
2
0
0
0

0.0
0.0
0.0
0.0
0.0

19
19
0
0
0

79
79
0
0
0

0.0
0.0
0.0
0.0
0.0

1.3
1.3
0.0
0.0
0.0

…
…
…

This command displays disk-related activity, for example, reads and writes as shown in
the r+w/s column, average wait time, and average service time in milliseconds. How
can you use this information? If any of these numbers are too high for your application,
there may be a disk issue.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 20

le

b
a
r
e
f

s
n
a
r
-t call
This command displays system calls for reads, writes, forks, and other system
n
o
n or want to use
information. This information is useful when you are developing metrics
a
s
dtrace to track down a very high number of system calls. a
) h eฺ
8. Use the sar -d command to check on disk activity.
m
co Guid
ฺ
l
root@s11-desktop:~# sar -d 2 2
i
ma dent
g
SunOS s11-desktop 5.11 11.1@i86pctu 12/16/2012
do is S
l
a
n%busy tavque
h r+w/s blks/s avwait avserv
o
16:56:15
device
r
ฺ
e
ero to us
c
i
c se
16:56:17 (sd0
0
0.0
0
0
0.0
0.0
o
n
0
0.0
0
0
0.0
0.0
ld sd0,a
e
c
a
i
l
n
sd0,c
0
0.0
0
0
0.0
0.0
o
R
sd0,i
0
0.0
0
0
0.0
0.0
ro
Average

Cic

i86pc

9.

Use the command sar –r to check on available physical and swap memory.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-desktop:~# sar -r 2 2
SunOS s11-desktop 5.11 11.1
17:07:08 freemem freeswap
17:07:10
8215 1853912
17:07:12
8222 1853912
Average

8218

i86pc

12/16/2012

1853912

This command displays the physical and swap memory available. The benefit of tracking
these numbers is that you will be able to take corrective action if you are running out of
memory. For example, if very little swap memory is left, you can increase the swap
memory allocation.

s

an
r
t
n

10. Use the crontab command to edit the system cron file. Uncomment the last entry to run
the system script sa2. Exit edit mode.

no
a
s
a
…
h
)
ฺ
…
e
m
d
o
i
…
ilฺc t Gu
a
#0 * * * 0-6 /usr/lib/sa/sa1
m den
g
#20,40 8-17 * * 1-5 /usr/lib/sa/sa1
o@ Stu
d
l
a this-s 8:00 -e 18:01 -i 1200
#5 18 * * 1-5 /usr/lib/sa/sa2
n
o
ฺr use
o
r
e
root@s11-desktop:/etc/cron.d#
crontab -e sys
ic e to
c
(
…
o ens
… ald
lic
n
o
…
R
root@s11-desktop:/etc/cron.d# crontab -l sys

ro

e
Cic

-A

#0 * * * 0-6 /usr/lib/sa/sa1
#20,40 8-17 * * 1-5 /usr/lib/sa/sa1
5 18 * * 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A
This entry will run the sa2 script every day Monday through Friday at 6:05 PM. The
monitoring start time is at 8 AM and it ends at 6:01 PM. The performance data interval is
every 1200 seconds (every 20 minutes) and you are collecting all statistics, for example,
memory, CPU, and disk usage.

11. Shut down the Sol11-Desktop virtual machine.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 21

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 11: Evaluating System Resources
Chapter 11 - Page 22

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

le

s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Practices for
) Lesson
ฺ 12:
e
m
d
o
i
Monitoring
u
ilฺc t and
G
a
m den
Troubleshooting
Software
g
@
u
t
S
do Failures
l
s
a
i
n
h
ฺro use t Chapter 12
o
r
e to
c
i
c
o ( ense
d
l
lic
ona

R
o
r
ce

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 1

Practice Overview for Lesson 12

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Practices Overview
In these practices, you will be presented with a plan for viewing and exploring various
configurations of system messaging. In addition, you will inspect the current system and
application dump facilities, which are beneficial when debugging system or application
problems. The following activities are covered:
• Setting up system messaging
• Configuring system and application crash facilities

Scenario
Your company would like to evaluate the system messaging and debugging facilities. Because
your company also plans to utilize ZFS, you are asked to create disk and data failures and
correct the problems.

s

Check your progress. You have completed evaluating system resources.
√

an
Oracle Solaris 11.1 Predeployment Checklist
s
ha ฺ
)
m ide
Managing the Image Packaging System (IPS) andoPackages
c
u
ฺ
l
i
G
a
t
Installing Oracle Solaris 11.1 on Multiple
mHostsden
g
o@DataStu
d
Managing the Business Application
l
a this
n
o
Configuring Network
se Failover
oฺr anduTraffic
r
e
ic Zoneseand
tothe Virtual Network
c
(
Configuring
do icens
l
a
l Services and Service Properties
on Managing

√
√
√
√
√
√

R
o
r
√
ce

Ci

√
√
√

o

Configuring Privileges and Role-Based Access Control
Securing System Resources by Using Oracle Solaris Auditing
Managing Processes and Priorities
Evaluating System Resources
Monitoring and Troubleshooting System Failures

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 2

an
r
t
n

le

b
a
r
e
f

Practice 12-1: Setting Up System Messaging

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you work with system messaging facilities. You configure message routing on
Sol11-Desktop as well as on the message destination host Sol11-Server1. This practice will
include the following activities:
• Setting up message routing
• Using TCP trace to log a message
Note: The contents of your display may be different from the displays in this practice.

Task 1: Setting up message routing
The following activities are covered in this task:
• Determining the type and destination of messages
• Setting up message routing

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
u
ilฺc machines
G
a
1. Verify that the Sol11-Server1 and Sol11-Desktop
virtual
are running. If the virtual
t
m den
machines are not running, start them now. g
o@ asSthetuoracle user. Use oracle1 as the
2. Log in to the Sol11-Desktop virtualld
machine
a andthopen
is a terminal window. Assume administrator
n
password. Right-click on the
desktop
o
oฺr use
privileges.
r
e
ic e to su oracle@s11-desktop:~$
c
(
do icens
Password:
l
a
l
n
oOracle
Corporation
SunOS 5.11
11.1
September 2012
R
o
root@s11-desktop:~#
r

e

Cic

le

b
a
r
e
f

3.

•

Restarting the message logging daemon (syslogd)

•
•

Adding one-line entries to a system log file
Monitoring the message logging in real time

Copy the /etc/syslog.conf file and then use the more command to display the
contents of the file.
root@s11-desktop:~# cp /etc/syslog.conf /etc/syslog.conf.orig
root@s11-desktop:~# more /etc/syslog.conf
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice
/dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit
/var/adm/messages
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 3

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

*.alert;kern.err;daemon.err
*.alert

operator
root

What does the configuration kern.debug mean? It means that the message source
facility is defined as kernel and the severity as debug. Debug means that messages of
any severity should be recorded in the /var/adm/messages file.
Can you break down the configuration set daemon.err? Yes.
4.

Using the vi editor, modify /etc/syslog.conf to add the local0.notice entry as
indicated.
root@s11-desktop:~# vi /etc/syslog.conf

le

b
a
r
e
f

Add the following entry at the end of the file.

s

an
r
t
n

root@s11-desktop:~# grep local0.notice /etc/syslog.conf
local0.notice
@s11-server1
root@s11-desktop:~#

no
a
s
a
h
)
ฺ
e
m
d
o
i
Caution: After local0.notice, you need to use
(one
or
more)
tabs.
These are not
c Gu
ฺ
l
i
spaces.
ma dent
g
tu to record messages.
o@ forSusers
dreserved
l
What is the local0 facility? a
It is
s
n
hi
o
r
5. Use the svcadm command
to restartethet syslogd daemon so that the new configuration is
ฺ
activated.
ero to us
c
i
(c nse svcadm refresh system/system-log
root@s11-desktop:~#
o
ld lice
a
n
oNow your syslog configuration is in effect.
R
o
r

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 4

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Display detailed information about the telnet service package, install the package, and then
verify that the telnet service is online.
root@s11-desktop:~# pkg info -r *telnet* | more
Name: network/telnet
Summary: Telnet client command
Description: The telnet(1) utility communicates with another
host using the
legacy Telnet protocol (RFCs 727, 854, 1073,
1096, 1408, 1510,
1571, 1572, 2941, 2942, 2946, and 2952).
Category: Applications/System Utilities
State: Installed
Publisher: solaris
Version: 0.5.11
Build Release: 5.11
Branch: 0.175.1.0.0.24.2
Packaging Date: September 19, 2012 06:44:32 PM
Size: 237.29 kB
FMRI: pkg://solaris/network/telnet@0.5.11,5.110.175.1.0.0.24.2:20120
919T184432Z
Name: service/network/telnet
Summary: Telnet service
Description: Provides server support for the legacy Telnet
protocol (RFCs
727, 854, 1073, 1096, 1408, 1510, 1571, 1572,
2941, 2942, 2946,
and 2952).
Category: System/Services
State: Not installed
Publisher: solaris
Version: 0.5.11
Build Release: 5.11
Branch: 0.175.1.0.0.24.2
Packaging Date: September 19, 2012 06:45:51 PM
Size: 80.77 kB
FMRI:
pkg://solaris/service/network/telnet@0.5.11,5.11-0.175.1.0.0.24
.2:20120919T184551Z
root@s11-desktop:~#

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce

Install the telnet package if, it’s not installed.
root@s11-desktop:~# pkg install service/network/telnet
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 5

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Packages to install: 1
Create boot environment: No
Create backup boot environment: No
Services to change: 1
DOWNLOAD
XFER (MB)
SPEED
Completed
0.0/0.0 69.4k/s

PKGS

FILES

1/1

10/10

PHASE
ITEMS
Installing new actions
32/32
Updating package state database
Done
Updating image state
Done
Creating fast lookup database
Done
root@s11-desktop:~#
root@s11-desktop:~# svcs –a | grep telnet
online
8:14:18 svc:/network/telnet:default

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m deusen the command “svcadm enable
In case the telnet service is installed asgdisabled,
o@ Stu
network/telnet” to bring itld
online.
a the netservices
is
n
h
t
7. Switch to the s11-server1.
Use
open command to ensure that all
o
ฺrmessage
e
s
o
r
services are open and
the
can
be
received
from
s11-desktop.
e to u
c
i
root@s11-server1:~#
(c nse netservices open
o
ld lice
a
n
oIgnore any error messages.
R
o
r

e 8.

Cic

le

b
a
r
e
f

On s11-server1, by using the touch command, create the /var/log/local0.log
file.
root@s11-server1:~# touch /var/log/local0.log

9.

On s11-server1, by using the vi editor, modify the /etc/syslog.conf file by adding
the entry as indicated.
root@s11-server1:~# vi /etc/syslog.conf
root@s11-server1:~# grep local0 /etc/syslog.conf
local0.notice
/var/log/local0.log
On s11-server1, what is the destination file of the message? The
/var/log/local0.log file.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 6

10. On the s11-server1 host, by using the svcadm command, restart the system-log
service. Use the tail command to monitor the messages being written to the log.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# svcadm refresh system-log
root@s11-server1:~# tail -f /var/log/local0.log
Now if any message is written to this log, it will be displayed under the above command.
11. Switch to the s11-desktop host and by using the logger command, record a message
to the log.
root@s11-desktop:~# logger -p local0.notice hello from s11desktop

le

b
a
r
e
Why? Because you configured the destination of local0.notice to s11-server1.
sf
n
a
tr
n
12. Switch to the s11-server1 host and view the message.
no
a
s
root@s11-server1:~# tail -f /var/log/local0.log
a
h
) local0.notice]
ฺ
Dec 20 08:07:58 s11-desktop oracle: [ID m
702911
e
d
o
i
hello from s11-desktop
ilฺc t Gu
a
m den
g
Use CTRL + C key to exit.
o@ Stu
d
l
a thcome
is from? From s11-desktop.
So here it is. Where did thisnmessage
o
ฺr use
o
r
e
Task 2: Using TCP iTrace
c eto Log
to a Message
c
(
This task coversothe following
ns activity:
d
l
e
c
a
i to log a message
• n
Using TCP ltrace
o
R
• Verifying the message in the log
ero
Where would this message be displayed? On the s11-server1 host.

Cic

Note: In this task, you will be working with both the hosts: Sol11-Desktop and Sol11Server1. You can determine the host by the command prompt in the displays.
1.
2.

Verify that the Sol11-Server1 and Sol11-Desktop virtual machines are running. If the virtual
machines are not running, start them now.
Log in to both virtual machines as the oracle user. Use oracle1 as the password.
Assume administrator privileges.
oracle@s11-desktop:~$ su Password:
Oracle Corporation
SunOS 5.11
root@s11-desktop:~#

11.1

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 7

September 2012

3.

Use the man command to find the facility and the message severity level used by the
inetd daemon.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

After the man pages are displayed, do a find on tcp_trace, which will take you to the
desired information directly.
root@s11-desktop:~# man inetd
…
…
…
/tcp_trace
…
…
…
tcp_trace

le

b
a
r
e
f

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
nands severity level does inetd use? daemon.notice
do code
l
e
What
facility
c
a
li
on

If true, and this is a nowait-type service, inetd logs
the client's IP address and TCP port number, along with
the name of the service, for each incoming connection,
using the syslog(3C) facility. inetd uses the syslog
facility code daemon and notice priority level. See
syslog.conf(4) for a description of syslog codes and
severity levels. This logging is separate from the logging done by the TCP wrappers facility.

4. R
o Using the grep command, display the daemon.notice entry in syslog.
r
e
root@s11-desktop:~# grep daemon.notice /etc/syslog.conf
c

Ci

*.err;kern.debug;daemon.notice;mail.crit

/var/adm/messages

When a daemon needs to send a notice, where would it send it? To the
/var/adm/messages file
5.

Open another terminal window on S11-Desktop. In the new window, use the tail –f
command to monitor the messages file.
oracle@s11-desktop:~$ su Password:
Oracle Corporation
SunOS 5.11
11.1
September 2012
root@s11-desktop:~# tail –f /var/adm/messages
…
…
…
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 8

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Dec 20 02:48:40 s11-desktop gnome-session[2745]: [ID 702911
daemon.warning] WARNING: IceListenForConnections returned 2 nonlocal listeners: inet/s11-desktop:47263,inet6/s11-desktop:33256
Dec 20 02:48:44 s11-desktop genunix: [ID 127566 kern.info] device
pciclass,030000@2(display#0) keeps up device
scsiclass,05@1,0(cdrom#1), but the former is not power managed
You will need to monitor this log for any new messages being written when you use the
telnet command.
Your output may differ.
6.

Switch to the s11-server1 host and use the telnet command to connect to the s11desktop host.
Check to see if the telnet service is enabled. If it is not, enable it.
root@s11-server1:~# svcs telnet
STATE
STIME
FMRI
disabled
10:12:24 svc:/network/telnet:default
root@s11-server1:~# svcadm enable telnet
root@s11-server1:~# svcs telnet
STATE
STIME
FMRI
online
11:03:04 svc:/network/telnet:default

ro

e
Cic

le

b
a
r
e
f

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
a ts11-desktop
root@s11-server1:~# n
telnet
hi
o
r
ฺ
e
Trying 192.168.0.111...
ro o us
es11-desktop.
c
i
Connected cto
t
(
e
s
Escape
n is '^]'.
docharacter
l
e
c
a
i
l
n
login: oracle
Ro

Password: oracle1
Last login: Sat Oct 22 10:48:48 on rad/0
Oracle Corporation
SunOS 5.11
11.1
September 2012
oracle@s11-desktop:~$ ls
Desktop
Documents Downloads Public
oracle@s11-desktop:~$ pwd
/home/oracle
oracle@s11-desktop:~$ exit
logout
Connection to s11-desktop closed by foreign host.
root@s11-server1:~#
What is the purpose of this telnet connection to the desktop? To verify that the system
writes the connection information in the log

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 9

7.

Switch to the s11-desktop host and go to the window that is running the tail command.
root@s11-desktop:~# tail –f /var/adm/messages
…

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

…
…

Dec 13 22:14:32 s11-desktop pulseaudio[1695]: [ID 295310
user.error] [(null)] module.c: Failed to load module "module-oss"
(argument: "device="/dev/dsp" sink_name=output
source_name=input"): initialization failed.
Dec 13 22:14:32 s11-desktop pulseaudio[1695]: [ID 295310
user.error] [(null)] main.c: Module load failed.
Dec 13 22:14:32 s11-desktop pulseaudio[1695]: [ID 295310
user.error] [(null)] main.c: Failed to initialize daemon.
Dec 13 22:14:32 s11-desktop pulseaudio[1693]: [ID 295310
user.error] [(null)] main.c: Daemon startup failed.

s

…

no
a
s No.
a
Do you see any new entry being written for the telnet command?
h
)
eฺ
m
8. On the s11-desktop host, in the other window, usecthe
inetadm
command
to check
d
o
i
u
ฺ
l
i
G
whether tracing is enabled.
ma dent
root@s11-desktop:~# inetadm –lg telnet
@ Stu
SCOPE
NAME=VALUE ldo
a this
n
name=”telnet”
o
oฺr use
r
endpoint_type=”stream”
e
ic e to
c
…
(
…
do icens
l
a
l
o…n
R
ro default bind_addr=""
root@s11-desktop:~#

e

Cic

an
r
t
n

default
default
default
default
default
default
default
default
default
default
default
default

bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=FALSE
tcp_wrappers=FALSE
connection_backlog=10
tcp_keepalive=FALSE

Is tcp_trace enabled? No
How can you tell? The tcp_trace is set to FALSE in the display.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 10

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

9.

On the s11-desktop host, use the inetadm command to enable tcp_trace.
root@s11-desktop:~# inetadm –m telnet tcp_trace=true
root@s11-desktop:~# inetadm –l telnet
SCOPE
NAME=VALUE
name=”telnet”
endpoint_type=”stream”
…
…
…
default
bind_addr=""
default
bind_fail_max=-1
default
bind_fail_interval=-1
default
max_con_rate=-1
default
max_copies=-1
default
con_rate_offline=-1
default
failrate_cnt=40
default
failrate_interval=60
default
inherit_env=TRUE
tcp_trace=TRUE
default
tcp_wrappers=FALSE
default
connection_backlog=10
default
tcp_keepalive=FALSE

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
Is tcp_trace enabled
se
oฺrnow? uYes.
r
e
10. Switch to s11-server1
ic andetelnet
to to s11-desktop. Then return to s11-desktop, in the
c
(
monitoring o
look
nsfor any new message written to the log.
dwindow,
l
e
c
a
li
telnet s11-desktop
n
oroot@s11-server1:~#
R
ro Trying 192.168.0.111...

e

Cic

le

b
a
r
e
f

Connected to s11-desktop.
Escape character is '^]'.
login: oracle
Password: oracle1
Last login: Sat Oct 22 10:48:48 on s11-server1.myd
Oracle Corporation
SunOS 5.11
11.1
September 2012
oracle@s11-desktop:~$ ls
Desktop
Documents Downloads Public
oracle@s11-desktop:~$ pwd
/home/oracle
oracle@s11-desktop:~$ exit
logout
Connection to s11-desktop closed by foreign host. root@s11server1:~#

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 11

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Now switch to s11-desktop and look for any new messages regarding telnet.
root@s11-desktop:~# tail –f /var/adm/messages
…
…
…
Dec 13 22:14:32 s11-desktop pulseaudio[1695]: [ID 295310
user.error] [(null)] module.c: Failed to load module "module-oss"
(argument: "device="/dev/dsp" sink_name=output
source_name=input"): initialization failed.
Dec 13 22:14:32 s11-desktop pulseaudio[1695]: [ID 295310
user.error] [(null)] main.c: Module load failed.
Dec 13 22:14:32 s11-desktop pulseaudio[1695]: [ID 295310
user.error] [(null)] main.c: Failed to initialize daemon.
Dec 13 22:14:32 s11-desktop pulseaudio[1693]: [ID 295310
user.error] [(null)] main.c: Daemon startup failed.
Dec 16 09:44:39 s11-desktop inetd[1018]: [ID 317013
daemon.notice] telnet[2726] from 192.168.0.100 54587
. . .
root@s11-desktop:~#

s

an
r
t
n

ro

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
Do you see a new log entry? Yes.
o@ Stu
Can you identify the fields in this
message?
d
l
a process
is name (PID), Message ID,
n
h
t
Date/time stamp, local host
name,
o
se PPID, IP address of the source host, and port
oฺr urequest,
facility.level,
incoming
r
e
to
number. (cic
e
do icens
l
a
l
n
Ro

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 12

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

11. Return to the other s11-desktop terminal window and by using the inetadm command,
disable tcp_trace.
root@s11-desktop:~# inetadm -m telnet tcp_trace=FALSE
root@s11-desktop:~# inetadm –l telnet
SCOPE
NAME=VALUE
name=”telnet”
endpoint_type=”stream”
…
…
…
default
bind_addr=""
default
bind_fail_max=-1
default
bind_fail_interval=-1
default
max_con_rate=-1
default
max_copies=-1
default
con_rate_offline=-1
default
failrate_cnt=40
default
failrate_interval=60
default
inherit_env=TRUE
tcp_trace=FALSE
default
tcp_wrappers=FALSE
default
connection_backlog=10
default
tcp_keepalive=FALSE

le

o

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
Is tcp_trace
o disabled?
ns Yes.
d
l
e
c
a
12. Shutndown the Sol11-Desktop
virtual machine.
li
o
R
ro

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 13

s

b
a
r
e
f

Practice 12-2: Configuring System and Application Crash Facilities

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Overview
In this practice, you work with the configuration of dump facilities. In case of system failures, you
need to inspect the system facilities that are causing system crashes. Similarly, if your
supported business applications fail, you can check the process that is failing. This information
is helpful for an application analyst. This practice includes the following activities:
• Configuring system crash facilities
• Configuring dump facilities for business application failure
Note: The contents of your display may be different from the displays in this practice.

Task 1: Configuring System Crash Facilities
The following activities are included in this task:
• Displaying system dump configuration
• Determining the location of the dump device
• Changing the dump device
• Creating a system dump
• Analyzing and displaying the dump files
• Resetting the dump device to a ZFS device

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
nIf the virtual machine is not
m
1. Verify that the Sol11-Server1 virtual machine
is running.
e
g
d
running, start it now.
o@ Stu
d
l
a machine
2. Log in to the Sol11-Server1 virtual
isas the oracle user. Use oracle1 as the
n
h
t
o
password. Assume administrator
se
oฺr uprivileges.
r
e
oracle@s11-server1:~$
ic e to su c
(
Password:
o ens
d
l
a
Oracle
Corporation
SunOS 5.11
11.1
September 2012
lic
n
o
R
ro root@s11-server1:~#

e 3.

Cic

le

b
a
r
e
f

Use the dumpadm command to display the system dump configuration.
root@s11-server1:~#
Dump content:
Dump device:
Savecore directory:
Savecore enabled:
Save compressed:

dumpadm
kernel pages
/dev/zvol/dsk/rpool/dump (dedicated)
/var/crash
yes
on

Where is the dump device pointing to? The default rpool
Can you display the device? Yes, by using the zfs list command.
root@s11-server1:~# zfs list rpool/dump
NAME
USED AVAIL REFER MOUNTPOINT
rpool/dump 1.03G 20.3G 1.00G -

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 14

Which pool does this dump device belong to? It belongs to rpool.
How much space is allocated to the dump device? 1.03 GB.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

4.

Use the format command to partition c7t5d0 and allocate 800 MB to slice 3.
root@s11-server1:~# format
Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c7t0d0 
cyl 1022 alt 2 hd 64 sec 32>
cyl 1022 alt 2 hd 64 sec 32>

le

cyl 1022 alt 2 hd 64 sec 32>

b
a
r
e
f

s

an
r
t
n

cyl 1022 alt 2 hd 64 sec 32>

no
a
s
a
h
)alt 2 hdeฺ64 sec 32>
cyl 1022
m
o
c Guid
ฺ
l
i
t alt 2 hd 64 sec 32>
1022
n
ma cyl
e
g
@ Stud
o
d
al this cyl 1022 alt 2 hd 64 sec 32>
n
o
oฺr use
r
e
ic (enter
toits number): 4
Specify disk
c
(
e
do icens
l
a
n yourlinstructor if you need assistance in formatting the disk.
oConsult
cyl 1022 alt 2 hd 64 sec 32>

Ci

R
o
r
5.
ce Use the dumpadm command to change the dump device to the /dev/dsk/c7t5d0s3 slice
that you just formatted.
root@s11-server1:~#
Dump content:
Dump device:
Savecore directory:
Savecore enabled:
Save compressed:

dumpadm -d /dev/dsk/c7t5d0s3
kernel pages
/dev/dsk/c7t5d0s3 (dedicated)
/var/crash
yes
on

What is the purpose of changing the dump device? Because you want to use another
location (in this case, slice 3 on the c7t5d0 disk) on a dedicated basis.
One reason can be that your existing dump device is running out of space and you have
storage space available on another disk or slice.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 15

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

6.

Check whether the specified savecore directory exists. If not, create it by using the mkdir
command.
root@s11-server1:~# ls /var/crash

7.

Use the savecore command to dump the current system state, essentially the memory
contents.
root@s11-server1:~# savecore -L
dumping to /dev/dsk/c7t5d0s3, offset 65536, content: kernel
0:04 100% done
100% done: 103879 pages dumped, dump succeeded
savecore: System dump time: Tue Dec 20 10:23:31 2012
savecore: Saving compressed system crash dump in
/var/crash/vmdump.0
savecore: Decompress the crash dump with
'savecore -vf /var/crash/vmdump.0'
root@s11-server1:~# ls /var/crash
bounds
vmdump.0

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
Note there are only two files in your directory.
d
o
i
u
lฺc Grecently
What are the contents of the vmdump.0 file? a
It icontainst the
created dump in
m den
g
compressed format.
tu command.
o@the savecore
S
8. Uncompress the vmdump.0 file byld
using
s
a thi
nsavecore
o
root@s11-server1:~#
-vf /var/crash/vmdump.0
r
ฺ
se Tue
o dump utime:
r
e
savecore: System
Dec 20 10:23:31 2012
o
c
i
t
c
o ( ense
d
l
savecore:
system crash dump in /var/crash/{unix,vmcore}.0
c
lisaving
na
o
Constructing namelist /var/crash/unix.0
ro R

e

Cic

le

b
a
r
e
f

Constructing corefile /var/crash/vmcore.0
0:24 100% done: 103879 of 103879 pages saved
2266 (2%) zero pages were not written
0:24 dump decompress is done

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 16

9.

Use the cd command to switch to the crash directory. Analyze the newly created files.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

root@s11-server1:~# cd /var/crash
root@s11-server1:/var/crash# ls
bounds
unix.0
vmcore.0 vmdump.0
When vmdump.0 was uncompressed, it created the vmcore.0 file.
root@s11-server1:/var/crash# file bounds
bounds:
ascii text
Because bounds is a text file, you can use the cat command to look at it.
root@s11-server1:/var/crash# cat bounds
1

ro

s

an
r
t
n

no
a
s
a
h
ฺ
root@s11-server1:/var/crash# file unix.0m)
e
d
o
i
u Version 1,
unix.0:
ELF 64-bit LSB executable
AMD64
lฺc t G
i
a
statically linked, not stripped,
information
n
mno debugging
e
g
d
available
o@ Stu
d
l
a this
n
o
The executable and linking
refers to this file as being an executable binary,
ฺr format
se(ELF)
r
so you cannot open
itowith theucat
or more commands.
e
ic e to
c
(
o ecommand.
ns
dstrings
l
Trya
the
Sometimes, it can convert the encoding.
c
li
n
o
R
Can you guess what 1 represents? Dump number 1.

e
Cic

le

b
a
r
e
f

root@s11-server1:/var/crash# strings unix.0
No luck! The strings command cannot convert this binary executable.

10. Now analyze the vmcore dump file.
root@s11-server1:/var/crash# file vmcore.0
vmcore.0: SunOS 5.11 11.1 64-bit Intel live dump from 's11server1'
This is your uncompressed dump file. Use the strings command to display its
contents.
root@s11-server1:/var/crash# strings vmcore.0 | more
SunOS
s11-server1
5.11
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 17

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

11.1
i86pc
i86pc
aefffed4-f452-6dbc-f11e-cdb35c1bc0a2
.symtab
.strtab
.shstrtab
_END_
_START_
__return_from_main
__unsupported_cpu
.dtrace_induced
dtrace_badflags
dtrace_badtrap
_lwp_rtt
freq_tsc_loop
freq_tsc_perf_loop
freq_tsc_increase_count
freq_tsc_pit_did_not_wrap
…
…
…
What do the contents represent? The processes that are running in memory currently

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
11. Analyze the vmdump
ic file. e to
c
(
root@s11-server1:/var/crash#
file vmdump.0
do icens
l
a
l
vmdump.0:
SunOS
5.11
11.1
64-bit
Intel compressed live dump from
n
o's11-server1'
R
o root@s11-server1:/var/crash/s11-server1# strings vmdump.0 | more
cer

Ci

SunOS
s11-server1
5.11
11.1
i86pc
i86pc
aefffed4-f452-6dbc-f11e-cdb35c1bc0a2
.symtab
.strtab
.shstrtab
_END_
_START_
__return_from_main
__unsupported_cpu
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 18

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

.dtrace_induced
dtrace_badflags
dtrace_badtrap
_lwp_rtt
freq_tsc_loop
freq_tsc_perf_loop
freq_tsc_increase_count
freq_tsc_pit_did_not_wrap
…
…
…
Does it look like a copy of the vmcore.0 file? Yes.

s
n
a
r
root@s11-server1:/var/crash# dumpadm -d /dev/zvol/dsk/rpool/dump
-t
n
o
n
Dump content: kernel pages
a
s
Dump device: /dev/zvol/dsk/rpool/dump a
(dedicated)
h
)
ฺ
Savecore directory: /var/crash
e
m
d
o
i
Savecore enabled: yes
ilฺc t Gu
a
m den
Save compressed: on
g
u
do@useistheStZFS
l
Recommended best practice:aAlways
pool dump device. The reason is that
n
h
t
you will have all the system-critical
files
in
one
place,
in rpool.
o
ฺr use
o
r
e to
c
i
c
root@s11-server1:/var/crash#
cd
( nse
o
d
l
e
root@s11-server1:~#
lic
na
o
R

12. Now use the dumpadm command to set the dump device back to the ZFS volume.

o
erTask
c
2: Configuring Dump Facilities for Business Application Failure
i
C
Task 2A: Configuring the Global File Path Pattern
The following activities are covered in this task:
• Displaying the current dump configuration
• Specifying the global file path pattern
• Generating the core dump
• Displaying the core dump
1.

Verify that the Sol11-Server1 virtual machine is running. If the virtual machine is not
running, start it now.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 19

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

2.

Log in to the Sol11-Server1 system as the oracle user. Use oracle1 as the password.
Assume administrator privileges.
oracle@s11-server1:~$ su Password:
Oracle Corporation
SunOS 5.11
11.1
September 2012
root@s11-server1:~#

3.

Use the coreadm command to display the current default dump configuration for the
applications.
root@s11-server1:~# coreadm
global core file pattern:
global core file content: default
init core file pattern: core
init core file content: default
global core dumps: disabled
per-process core dumps: enabled
global setid core dumps: disabled
per-process setid core dumps: disabled
global core dump logging: disabled
root@s11-server1:~#

le

s

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ubusiness application
lฺc t For
ienabled?
G
Why is the per-process core dumps option
a
n to capture the critical
m youdewant
g
processes. In case they terminate abnormally,
tu
information in the core dump. do@
S
l
s
na option
thidisabled? You do not want to create a global
o
r
Why is the global core
dumps
ฺ
e
usprocess fails.
eanroapplication
dump every time
o
c
i
t
(c command,
4. Using the mkdir
se create the /var/core directory.
o
n
d
l
e
root@s11-server1:~#
mkdir /var/core
lic
na
o
R
ro

e

Cic

b
a
r
e
f

You are creating this directory for the global dump location.

5.

Use the coreadm command to enable global logging and configure the global core file
pattern. Verify the results.
root@s11-server1:~# coreadm -e log
root@s11-server1:~# coreadm -e global -g /var/core/core.%f.%p
root@s11-server1:~# coreadm
global core file pattern: /var/core/core.%f.%p
global core file content: default
init core file pattern: core
init core file content: default
global core dumps: enabled
per-process core dumps: enabled
global setid core dumps: disabled
per-process setid core dumps: disabled
global core dump logging: enabled
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 20

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

You enabled global core dump logging to generate a message when the system creates
a global core file.
How would you interpret the global core file pattern? The directory is specified as
/var/core. The dump files will be named core.%f.%p (%f for the file or the program
being executed, %p for the process ID).
6.

Create a dumpdir in the /var/tmp directory. Then cd to /var/tmp/dumpdir.
root@s11-server1:~# mkdir /var/tmp/dumpdir
root@s11-server1:~# cd /var/tmp/dumpdir
root@s11-server1:/var/tmp/dumpdir#
You are creating this directory for the system to create a core file in it.

7.

s

root@s11-server1:/var/tmp/dumpdir# ps
PID TTY
TIME CMD
3811 pts/1
0:00 bash
3833 pts/1
0:00 ps
root@s11-server1:/var/tmp/dumpdir# kill -8 3811
Arithmetic Exception (core dumped)

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
@ Stu
doprocess
l
Normally, this would kill your a
shell
is and your terminal window would disappear.
n
h
t
o
However, you are logged
to theeroot account by using the su command. Therefore,
oฺr inwill
r
ubes terminated and you will go back to the oracle user.
your invoked shelleprocess
o
c
i
t
c generated
(system
8. Verify that the
se a core file in the dumpdir directory.
o
n
d
l
e
oracle@s11-server1:~$
su –
lic
na
o
R
ro Password:

e

Cic

an
r
t
n

Oracle Corporation
root@s11-server1:~#

SunOS 5.11

11.1

September 2012

Switch to /var/tmp/dumpdir if the system takes you out of this directory.
root@s11-server1:~# cd /var/tmp/dumpdir
root@s11-server1:/var/tmp/dumpdir# ls
core
root@s11-server1:/var/tmp/dumpdir# file core
core:
ELF 32-bit LSB core file 80386 Version 1, from 'bash'
The system has created the core file in the “current directory,” meaning the current
directory at the time of dump creation.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 21

le

b
a
r
e
f

Using the ps command, display the process ID of the current shell process. Use the kill
-8 command to kill the shell process.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

9.

Use the cd command to switch to the /var/core directory and examine the dump created
when you killed the bash process.
root@s11-server1:/var/tmp/dumpdir# cd /var/core
root@s11-server1:/var/core# ls
core.bash.3811
root@s11-server1:/var/core# file core*
core.bash.3811: ELF 32-bit LSB core file 80386 Version 1, from
'bash'
root@s11-server1:/var/core# strings core.bash.3811 | more
CORE
pMNDbash
-bash
CORE
i86pc
CORE
CORE
CORE
CORE
pMNDbash
-bash
CORE
CORE
i86pc
CORE
CORE
SunOS
s11-server1
5.11
11.1

s

an
r
t
n

o

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Ci

R
o
r
ce

The strings command was able to convert the encoded contents to some extent.
However, this file will be analyzed by the dump analyzing utilities. Dump analysis is
covered in courses such as Oracle Solaris 11 Workshop.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 22

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

10. Use the tail command to view the dump creation message in syslog.
root@s11-server1:~# tail /var/adm/messages
Dec 20 09:46:56 s11-server1 genunix: [ID 665016 kern.notice]
^M100% done: 102515 pages dumped,
Dec 20 09:46:56 s11-server1 genunix: [ID 851671 kern.notice] dump
succeeded
Dec 20 09:59:58 s11-server1 genunix: [ID 603404 kern.notice]
NOTICE: core_log: bash[3275] core dumped:
/var/core/core.bash.3275
Dec 20 10:18:00 s11-server1 genunix: [ID 454863 kern.info] dump
on /dev/dsk/c7t5d0s3 size 800 MB
Dec 20 10:23:31 s11-server1 genunix: [ID 111219 kern.notice]
dumping to /dev/dsk/c7t5d0s3, offset 65536, content: kernel
Dec 20 10:23:36 s11-server1 genunix: [ID 100000 kern.notice]
Dec 20 10:23:36 s11-server1 genunix: [ID 665016 kern.notice]
^M100% done: 103879 pages dumped,
Dec 20 10:23:36 s11-server1 genunix: [ID 851671 kern.notice] dump
succeeded
Dec 20 10:49:28 s11-server1 genunix: [ID 454863 kern.info] dump
on /dev/zvol/dsk/rpool/dump size 511 MB
Dec 20 14:09:34 s11-server1 genunix: [ID 603404 kern.notice]
NOTICE: core_log: bash[3811] core dumped:
/var/core/core.bash.3811

s

an
r
t
n

ro

e
Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
Did you configure the dump
se to include this message here? Yes, by using the
oฺr facilities
r
u
coreadm –e logecommand.
ic e to
c
(
do icens
l
a
l
n
Ro

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 23

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

Task 2B: Configuring the Per-Process File Path Configuration
The following activities are covered in this task:
• Enabling per-process dump generation
• Specifying per-process generation
1.
2.

3.

Verify that the Sol11-Server1 virtual machine is running. If the virtual machine is not
running, start it now.
Log in to the Sol11-Server1 virtual machine as the oracle user. Use oracle1 as the
password. Assume administrator privileges.
oracle@s11-server1:~$ su Password:
Oracle Corporation
SunOS 5.11
11.1
September 2012
root@s11-server1:~#

s

an
r
t
n

Use the coreadm command to display the current dump configuration for the applications.
root@s11-server1:~# coreadm
global core file pattern:
global core file content:
init core file pattern:
init core file content:
global core dumps:
per-process core dumps:
global setid core dumps:
per-process setid core dumps:
global core dump logging:

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
core dumps option is disabled, perform step 4 to enable it;
oIfnthe per-process
/var/core/core.%f.%p
default
core
default
enabled
enabled
disabled
disabled
enabled

R otherwise, skip step 4. The disable setting means that for individual processes, no
o
r
ce
dumps will be generated.

Ci

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 24

le

b
a
r
e
f

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

4.

Using the coreadm command, enable the per-process dump configuration. Verify the
results.
root@s11-server1:~# coreadm -e process
root@s11-server1:~# coreadm
global core file pattern: /var/core/core.%f.%p
global core file content: default
init core file pattern: core
init core file content: default
global core dumps: enabled
per-process core dumps: enabled
global setid core dumps: disabled
per-process setid core dumps: disabled

le

b
a
r
e
f

global core dump logging: enabled.
Is the per-process core dumps option enabled? Yes, it is.

s

an
r
t
n

no
a
s
root@s11-server1:~# su - jholt
a
h
)
ฺ
Oracle Corporation
SunOS 5.11
11.1
September
2012
e
m
d
o
i
c
u
jholt@s11-server1:~$
ilฺ t G
a
n
m
6. Create a directory called corefiles in your
home directory.
e
g
d
tu
o@
jholt@s11-server1:~$ mkdir
corefiles
S
d
l
s
na thi
o
r
ฺ
odirectoryuforsethe system to create a core file in it.
r
You are creating e
this
ic display
to the process ID of the current shell process. Use the
c
7. Using the ps command,
(
e
s the per-process file for John.
o etondisplay
dcommand
coreadm
l
c
a
li
n
ojholt@s11-server1:~$
ps
R
o
r
5.

e
Cic

Using the su command, log in to John Holt’s account.

PID TTY
TIME CMD
3936 pts/1
0:00 bash
3950 pts/1
0:00 ps
jholt@s11-server1:~$ coreadm 3936
3936: core default

Currently, if any of the processes created by John are aborted, the default core file will
be created.
8.

Use the coreadm command to configure the per-process file path.
jholt@s11-server1:~$ coreadm -p $HOME/corefiles/%f.%p $$
jholt@s11-server1:~$ coreadm 3936
3936: /export/home/jholt/corefiles/%f.%p
default
Has the display changed? Yes, now the new per-process file path pattern has taken
effect.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 25

9.

Use the kill command to kill the bash process.

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ

jholt@s11-server1:~$ kill -8 3936
Arithmetic Exception (core dumped)
root@s11-server1:/var/core#
Because John’s bash process is killed, you are back to the root role. Log in to John’s
account again.
root@s11-server1:~# su - jholt
Oracle Corporation
SunOS 5.11
jholt@s11-server1:~$

11.1

September 2012

10. After switching to the corefiles directory, use the file command to display the type of
dump file created for John.
jholt@s11-server1:~$ cd corefiles
jholt@s11-server1:~/corefiles$ file bash*
bash.3936: ELF 32-bit LSB core file 80386 Version 1, from 'bash'

s

an
r
t
n

no
a
s
a
h
How can you display the contents of this dump file? By using
command as
) the estrings
ฺ
m
d
o
i
in the previous task
ฺc Gu
ilhave
a
t
11. Shut down the Sol11-Server1 virtual machine.
You
completed
this practice and thus
n
m
e
g
the final practice for this course. Congratulations!
@ Stud
o
d
al this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
on
R
ro

e

Cic

Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 12: Monitoring and Troubleshooting Software Failures
Chapter 12 - Page 26

le

b
a
r
e
f

Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Encryption                      : Standard V2.3 (128-bit)
User Access                     : Print, Annotate, Extract, Print high-res
Page Count                      : 306
Create Date                     : 2013:03:07 15:01:12+05:30
Producer                        : iText 2.1.3 (by lowagie.com)
Modify Date                     : 2014:07:26 12:33:59-05:00

EXIF Metadata provided by EXIF.tools







 



Navigation menu




Upload a User Manual




Versions of this User Manual:

Wiki Guide
 HTML
 Mobile
 Download & Help





Views

User Manual
Discussion / Help







Navigation







© 2024 UserManual.wiki


Contact Us
DMCA









Event Name
Event ID
Event Class
Mask