Oracle Solaris 11 Advanced System Administration Ed 3 (Student Guide Volume 1)

User Manual:

Open the PDF directly: View PDF .
Page Count: 480

Download
Open PDF In Browser	View PDF

b
a
r
e
f

an
r
t
n

no
a
Oracle Solaris
s 11 Advanced
a
h
) Administration
ฺ
e
System
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this Student Guide - Volume I
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

D72965GC30
Edition 3.0
March 2013
D81023

Author

Vijetha M Malkai

Disclaimer

Technical Contributors
and Reviewers
Tammy Shannon
Anies Rahman
Rosemary Martinak

Editors
Malavika Jinka

This document contains proprietary information and is protected by copyright and
other intellectual property laws. You may copy and print this document solely for your
own use in an Oracle training course. The document may not be modified or altered
in any way. Except where your use constitutes "fair use" under copyright law, you
may not use, share, download, upload, copy, print, display, perform, reproduce,
publish, license, post, transmit, or distribute this document in whole or in part without
the express authorization of Oracle.
The information contained in this document is subject to change without notice. If you
find any problems in the document, please report them in writing to: Oracle University,
500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.

Aju Kumar

Restricted Rights Notice

Smita Kommini

If this documentation is delivered to the United States Government or anyone using
the documentation on behalf of the United States Government, the following notice is
applicable:

Graphic Designer
Seema Bopaiah

U.S. GOVERNMENT RIGHTS
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or
disclose these training materials are restricted by the terms of the applicable Oracle
license agreement and/or the applicable U.S. Government contract.

Cic

an
s
ha ฺ
Jayanthy Keshavamurthy
)
Veena Narasimhan
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
R
ero
Publishers

an
r
t
n

b
a
r
e
f

Trademark Notice

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names
may be trademarks of their respective owners.

Contents

Preface
1

e
Cic

Introduction
Overview 1-2
Course Goals 1-3
Course Agenda: Day 1 1-4
Course Agenda: Day 2 1-5
Course Agenda: Day 3 1-6
Course Agenda: Day 4 1-7
Course Agenda: Day 5 1-8
Introductions 1-9
Your Learning Center 1-10
Your Lab Environment 1-11

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t and Packages
o
2 Managing the Image Packaging
System
(IPS)
S
d
l
s
na thi
Objectives 2-2
o
r
ฺ
o 2-3 use
Workflow Orientation
r
e
ic 2-4 e to
c
Lesson Agenda
(
ns with a Plan 2-5
do oficWorking
Importance
l
e
a
l
n
RoPlanning for IPS and Package Management 2-6

Identifying IPS Server System Requirements 2-7
Planning for Boot Environment Management 2-8
Implementing the IPS and Package Management Plan 2-9
Quiz 2-10
Lesson Agenda 2-12
Configuring a Local IPS Package Repository 2-13
Creating a ZFS File System to Hold the Repository 2-14
Obtaining Software Packages from the Oracle Solaris Download Site 2-15
Making the Repository File Contents Available 2-16
Configuring the Repository Server Service 2-18
Starting the Repository Service 2-19
Setting the Local IPS Publisher 2-20
Testing IPS on the Local Server 2-21
Practice 2-1 Overview: Configuring a Local IPS Package Repository 2-22
Lesson Agenda 2-23

iii

Configuring Network Client Access to the Local IPS Server 2-24
Determining the Client Host and Domain Names 2-25
Checking Network Connectivity 2-26
Setting the Local IPS Publisher 2-27
Testing Client Access to the Local IPS Server 2-28
Practice 2-2 Overview: Configuring Network Client Access to the Local IPS
Server 2-29
Lesson Agenda 2-30
Introducing Signed Packages 2-31
Installing Signed Packages 2-32
Identifying Image Properties for Signed Packages 2-33
Configuring Image Properties for Signed Packages 2-35
Identifying Publisher Properties for Signed Packages 2-36
Configuring Publisher Properties for Signed Packages 2-37
Quiz 2-38
Introducing Variants and Facets 2-40
Displaying and Changing Variants and Facets 2-41
Managing Package History 2-42
Lesson Agenda 2-43
Managing Package Publishers 2-44
Displaying Publisher Information 2-45
Specifying Publisher Rankings 2-46
Specifying Publisher Stickiness 2-47
Setting the Publisher Search Order 2-48
Disabling and Enabling a Publisher 2-49
Changing a Publisher Origin URI 2-50
Quiz 2-51
Lesson Agenda 2-53
Managing Multiple Boot Environments 2-54
Listing the Boot Environments on the System 2-55
Mounting an Inactive Boot Environment 2-56
Installing a Package on an Inactive, Mounted Boot Environment 2-57
Uninstalling a Package on an Inactive, Mounted Boot Environment 2-58
Unmounting an Inactive Boot Environment 2-59
Creating a Backup of a Boot Environment 2-60
Creating a Boot Environment from an Existing Backup 2-61
Practice 2-3 Overview: Managing Multiple Boot Environments 2-62
Summary 2-63

R
o
r
ce

Installing Oracle Solaris 11 on Multiple Hosts
Objectives 3-2
iv

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

b
a
r
e
f

Workflow Orientation 3-3
Lesson Agenda 3-4
Reviewing Your Company’s Plan for an Oracle Solaris 11 Implementation 3-5
Planning for an Oracle Solaris 11 AI Installation 3-6
Automated Installation: Overview 3-7
Automated Installation Process 3-8
How the AI Works 3-9
Quiz 3-10
Lesson Agenda 3-11
Installing Oracle Solaris 11 by Using the AI 3-12
Reviewing AI Installation Server Requirements 3-13
Verifying AI Install Server Software Requirements 3-14
Verifying the Static IP Address 3-15
Verifying That DNS Is Operational 3-16
Verifying That IPS Is Available Locally 3-17
Verifying That the DHCP Server Is Enabled 3-18
Practice 3-1 Overview: Verifying System AI Requirements (Optional) 3-19
Configuring the AI Install Server 3-20
Enabling the DNS Multicast Service 3-21
Installing the AI Installation Tools 3-22
Setting Up the AI Boot Image 3-23
Configuring an AI Install Service 3-24
Verifying the netmasks File Configuration 3-25
Creating an AI Install Service with an ISC DHCP Server Setup 3-26
Creating an AI Install Service Without a DHCP Setup 3-28
Note About the AI SMF Service 3-29
Adding a Client to the AI Install Service 3-30
AI Manifest 3-31
Identifying the Types of AI Manifests 3-32
Reviewing the Default AI Manifest (default.xml) 3-33
System Configuration Profiles (SC Profiles) 3-34
Adding an SC Profile to an Install Service 3-38
Creating a Custom AI Manifest 3-39
Selecting the AI Manifest 3-40
Criteria File: Examples 3-42
Adding Installation Criteria to an AI Manifest 3-43
Practice 3-2 Overview: Configuring the AI Server 3-44
Configuring the Client System 3-45
Identifying Client System Requirements 3-46
Using Secure Shell to Remotely Monitor an Installation 3-47
Implementing the Configuration 3-48

R
o
r
ce

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

b
a
r
e
f

Reviewing Client Installation Messages 3-49
Practice 3-3: Deploying the OS on the Network Client 3-51
Lesson Agenda 3-52
Introducing the Distribution Constructor 3-53
Identifying System Requirements for Using the Distribution Constructor 3-54
Using Distribution Constructor Manifest Files 3-55
Building an Image 3-56
Quiz 3-57
Summary 3-60
4

Managing Business Application Data
Objectives 4-2
Workflow Orientation 4-3
Lesson Agenda 4-4
Planning for Data Storage Configuration and Backup 4-5
Determining Storage Pool Requirements 4-6
Mirrored Storage Pool Data Redundancy Features 4-7
Mirrored Storage Pool Configuration 4-8
Self-Healing Data 4-9
Dynamic Striping 4-10
Dynamic Striping in a Mirrored Pool 4-11
Determining File System Requirements 4-12
Identifying Your Data Backup and Restore Strategy 4-13
Determining Ways to Save Data Storage Space 4-14
Implementing the Data Storage Configuration and Backup Plan 4-15
Quiz 4-16
Lesson Agenda 4-18
Managing Data Redundancy with Mirrored Storage Pools 4-19
Creating a Mirrored Storage Pool 4-20
Adding Log Devices to a Storage Pool 4-21
Adding Cache Devices to a Storage Pool 4-22
Managing Devices in ZFS Storage Pools 4-23
Adding Devices to a Storage Pool 4-24
Attaching Devices to a Storage Pool 4-25
Taking Devices Offline in a Storage Pool 4-27
Detaching Devices from a Storage Pool 4-28
Bringing Devices Online in a Storage Pool 4-29
Replacing Devices in a Storage Pool 4-30
Designating Hot Spares in a Storage Pool 4-31
Removing Hot Spares in a Storage Pool 4-35
Practice 4-1 Overview: Managing Data Redundancy with a ZFS Mirrored Pool 4-36

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

b
a
r
e
f

Lesson Agenda 4-37
Backing Up and Recovering Data with ZFS Snapshots 4-38
Creating and Destroying a ZFS Snapshot 4-39
Holding a ZFS Snapshot 4-40
Renaming a ZFS Snapshot 4-46
Displaying a ZFS Snapshot 4-48
Snapshot Space Accounting 4-51
Rolling Back a ZFS Snapshot 4-53
Identifying ZFS Snapshot Differences 4-54
Creating and Destroying a ZFS Clone 4-56
Replacing a ZFS File System with a ZFS Clone 4-57
Sending ZFS Snapshot Data 4-60
Receiving ZFS Snapshot Data 4-62
Remote Replication of ZFS Snapshot Data 4-65
Practices 4-2 and 4-3 Overview: Using ZFS Snapshots for Backup and Recovery
and Using a ZFS Clone 4-66
Lesson Agenda 4-67
Managing Data Storage Space with ZFS File System Properties 4-68
Setting ZFS Properties 4-69
Inheriting ZFS Properties 4-70
Querying ZFS Properties 4-74
Mounting and Sharing ZFS File Systems 4-80
Overriding Default ZFS Mount Points 4-81
Introducing the mountpoint Property 4-82
Automatic Mount Point Behavior 4-83
Legacy Mount Point Behavior 4-84
Managing Legacy Mount Points 4-85
share.nfs Property: Introduction 4-86
Setting the share.nfs Property 4-87
Unsharing ZFS File Systems 4-88
Sharing ZFS File Systems 4-89
Setting ZFS Quotas and Reservations 4-90
Introducing the quota, reservation, refquota, and used Properties 4-91
Setting Quotas for ZFS File Systems 4-92
Setting a User Quota on a ZFS File System 4-94
Setting a Group Quota on ZFS File System 4-95
Displaying User and Group Space Usage 4-96
Identifying User and Group Space Usage 4-97
Removing User and Group Quotas 4-98
Identifying Reservation Restrictions 4-99
Setting Space Reservation on a Data Set and Snapshot 4-100

R
o
r
ce

vii

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

b
a
r
e
f

Setting Space Reservation on a Data Set 4-101
Displaying Reservation Values 4-102
Practice 4-4 Overview: Configuring ZFS Properties 4-103
Lesson Agenda 4-104
Troubleshooting ZFS Failures 4-105
Identifying Problems in ZFS 4-106
Troubleshooting in ZFS: Overview 4-107
Basic Recovery Process 4-108
Configuring syslog for FMD Messages 4-109
Determining Problems in a ZFS Storage Pool 4-110
Interpreting zpool status Output 4-111
Determining Problems in a ZFS Storage Pool 4-114
Repairing a Damaged ZFS Configuration 4-115
Repairing a Missing Device 4-116
Reattaching a Device 4-118
Repairing a Missing Device 4-119
Repairing a Damaged Device 4-120
Determining the Cause of Device Failure 4-121
Clearing Transient Errors 4-124
Replacing a Device in a ZFS Storage Pool 4-125
Viewing Resilvering Status 4-127
Scrubbing 4-128
Repairing Damaged Data 4-129
Data Corruption: Overview 4-130
Identifying the Type of Data Corruption 4-131
Repairing a Corrupted File or Directory 4-133
Repairing ZFS Storage Pool–Wide Damage 4-134
Practice 4-5 Overview: Troubleshooting ZFS Failures 4-135
Summary 4-136

Configuring Network and Traffic Failover
Objectives 5-2
Workflow Orientation 5-3
Lesson Agenda 5-4
Planning for Network and Traffic Failover 5-5
Configuring a Host For TCP/IP 5-6
Configuring Network Services 5-7
Reactive Network Configuration 5-8
Network File System Servers and Clients 5-9
Network Performance Concepts 5-10
Link Aggregation 5-11
viii

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Load Balancing and Aggregation Policies 5-12
Aggregation Modes and Switches 5-13
IPMP: Introduction 5-14
IPMP Components 5-16
Comparing Link Aggregation and IPMP 5-18
Implementing the Network and Traffic Failover Plan 5-19
Quiz 5-20
Lesson Agenda 5-24
Configuring Systems on a Local Network 5-25
Configuring a Physical Network Interface Manually 5-26
Configuring a Physical Network Interface Manually: Example 5-27
Deleting a Physical Network Interface Manually 5-28
Deleting a Physical Network Interface Manually: Example 5-29
Displaying TCP/IP Network Information 5-30
Displaying the Status of Network Interfaces 5-31
Displaying the Routing Table 5-32
Capturing Packets from the Network 5-33
Lesson Agenda 5-34
Configuring a Reactive Network 5-35
Creating a Network Configuration Profile 5-36
Creating a Location Profile 5-37
Listing a Location Profile 5-38
Modifying Profiles 5-39
Listing Reactive Network Profiles 5-40
Enabling and Disabling Reactive Network Profiles 5-41
Displaying Profile States 5-42
Displaying Profiles and Their Auxiliary States 5-43
Creating a Backup of a Profile 5-44
Removing Reactive Network Profiles 5-45
Practice 5-1 Overview: Managing a Reactive Network 5-46
Lesson Agenda 5-47
Configuring Network File System (NFS) 5-48
Configuring the NFS Server 5-49
Checking the NFS Services Status 5-50
Configuring the NFS Client 5-51
Selecting a Different Version of NFS on a Server 5-52
Enabling the Automounter 5-53
Displaying NFS Server and Client Statistics 5-54
Practice 5-2 Overview: Configuring the Network File System 5-55
Lesson Agenda 5-56
Preparing for Link Aggregation 5-57

Creating Link Aggregation 5-58
Modifying Link Aggregation 5-59
Deleting Link Aggregation 5-60
Practice 5-3 Overview: Configuring a Link Aggregation 5-61
Lesson Agenda 5-62
Configuring an IPMP Group 5-63
Creating an IPMP Group 5-64
Adding IP Addresses to an IPMP Group 5-65
Moving an Interface from One IPMP Group to Another Group 5-66
Deleting or Disabling an IPMP Group 5-67
Lesson Agenda 5-68
Implementing Link Failover by Using IPMP 5-69
Configuring an Active-Active IPMP Group 5-70
Assigning Test Addresses 5-71
Configuring an Active-Standby IPMP Group 5-72
Lesson Agenda 5-73
Monitoring an IPMP Group 5-74
Displaying IPMP Group Information 5-75
Obtaining IPMP Address Information 5-76
Verifying IPMP Interface Information 5-77
Obtaining Probe Target Information 5-78
Checking Probe Information 5-79
Practice 5-4 Overview: Configuring IPMP 5-80
Summary 5-81

Objectives 6-2
Workflow Orientation 6-3
Lesson Agenda 6-4
Planning for a Virtual Network and Zones 6-5
Network Virtualization and Virtual Networks 6-6
Virtual Network Components 6-7
Introducing Zone Configuration by Using VNICs 6-8
Allocating System Resources to a Zone 6-9
Managing System Resource Allocation to a Zone 6-10
Resource Pool Allocation 6-12
How Resource Pools Work 6-13
Memory Resource Capping 6-14
Specifying Resource Capping Within a Zone 6-15
Implementing Controls on Network Resources 6-16
Managing Virtual Network Resources by Using Flows 6-17
x

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
6 Configuring Zones and the Virtual Network
o
r
ce

b
a
r
e
f

Creating Flows and Selecting Flow Properties 6-18
Implementing the Virtual Network and Zones Plan 6-19
Quiz 6-20
Lesson Agenda 6-23
Creating a Virtual Network 6-24
Creating a Virtual Network Switch 6-25
Creating the Virtual Network Interfaces 6-26
Displaying the Virtual Network Configuration 6-27
The Virtual Network Configuration So Far 6-28
Quiz 6-29
Practice 6-1 Overview: Creating an Oracle Solaris 11 Virtual Network 6-31
Lesson Agenda 6-32
Configuring Zones to Use VNICs 6-33
Zone Configuration Process: Overview 6-34
Planning the Zone Strategy 6-35
Creating a ZFS File System for Zones in rpool 6-36
Configuring the Zone 6-37
Verifying, Committing, and Exiting the New Zone Configuration 6-39
Displaying a Zone Configuration 6-40
Verifying That a Zone Is in configured State 6-42
Gathering Information for the System Configuration Profile 6-43
Creating the System Configuration Profile 6-44
Installing the Zone 6-45
Booting the Zone 6-46
Checking the Virtual Network Configuration in a Zone 6-47
Verifying That a Zone’s Virtual Network Interface Connection Is Operational 6-48
Virtual Network Configuration 6-49
Removing the Virtual Network Without Removing the Zones 6-50
Verifying the State of the Configured Zones 6-51
Halting the Exclusive IP Zones 6-52
Verifying That the Zones Have Been Halted 6-53
Listing the VNICs That Were Configured for the Halted Zones 6-54
Deleting the VNICs 6-55
Quiz 6-56
Practice 6-2: Creating Two Zones by Using VNICs 6-59
Lesson Agenda 6-60
Allocating and Managing System Resources in a Zone 6-61
Allocating and Managing CPU Resources with Resource Pools 6-62
Enabling Services for Resource Pools 6-63
Configuring a Persistent Resource Pool 6-64
Displaying the Resource Pool Configuration File 6-65

R
o
r
ce

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

b
a
r
e
f

Modifying the Resource Pool Configuration File 6-67
Displaying and Committing the Modified Resource Pool Configuration File 6-69
Displaying the Resource Pool Configuration That Is Currently in Use 6-72
Displaying all Active Resource Pools 6-73
Binding the Zone to a Persistent Resource Pool 6-75
Listing the Current State of the Zones 6-76
Allocating the Pool to the Zone and Confirming the Allocation 6-77
Rebooting the Zone to Activate the Resource Pool Binding 6-78
Confirming the Availability of the Resource Pool 6-79
Removing the Resource Pool Configuration 6-81
Removing the Pool Configuration from the Zone 6-82
Rebooting the Zone 6-83
Checking the Resource Pool Configuration for the Zone 6-84
Deleting the Resource Pool 6-86
Displaying all Active Resource Pools 6-87
Allocating and Managing Physical Memory Resources with Resource Capping 6-88
Practice 6-3 Overview: Allocating Resources to Zones 6-89
Lesson Agenda 6-90
Managing Resources on the Virtual Network 6-91
Determining the Configured VNIC States 6-92
Creating and Adding a Flow 6-93
Displaying Flow Controls 6-94
Setting Flow Properties 6-95
Displaying Flow Control Properties 6-96
Setting a Priority Property 6-97
Practices 6-4 and 6-5 Overview: Managing the Virtual Network Data Flow and
Removing Part of the Virtual Network 6-98
Summary 6-99

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Managing Services and Service Properties
Objectives 7-2
Workflow Orientation 7-3
Lesson Agenda 7-4
Planning for Services Configuration 7-5
SMF Advanced Features 7-6
SMF Profiles 7-7
SMF Profile: Example 7-8
When SMF Profiles Are Applied 7-9
SMF Manifests 7-10
SMF Manifest: Example 7-12
Service Configuration Repository 7-16
xii

b
a
r
e
f

SMF Administrative Layers 7-17
Introducing SMF Repository Backups 7-19
Introducing SMF Repository Snapshots 7-20
Creating New Service Scripts 7-21
Implementing the Services Administration Plan 7-22
Quiz 7-23
Lesson Agenda 7-27
Configuring SMF Services 7-28
Creating and Exporting a Service 7-29
Creating and Exporting a Service: Example 7-30
Creating and Importing a Service: Example 7-33
Creating and Exporting a Service: Example 7-34
Modifying a Service’s Manifest 7-35
Modifying a Service’s Manifest: Example 7-36
Changing an Environment Variable for a Service 7-37
Changing an Environment Variable for a Service: Example 7-38
Changing a Property for an inetd-Controlled Service 7-39
Changing a Property for an inetd-Controlled Service: Example 7-40
Creating and Applying an SMF Profile 7-43
Creating and Applying an SMF Profile: Example 7-45
Changing Services and Their Configurations by Using the netservices
Command 7-46
Practice 7-1 and Practice 7-2 Overview: Configuring SMF Services and Working with
Service Profiles 7-47
Lesson Agenda 7-48
Troubleshooting SMF Services 7-49
Debugging a Service That Is Not Starting 7-50
Restoring a Service in Maintenance State 7-52
Restoring a Service in Maintenance State: Example 7-53
Reverting to an SMF Snapshot 7-55
Reverting to an SMF Snapshot: Example 7-56
Configuration Repository Failed Integrity Check Process 7-57
Repairing a Corrupt Repository 7-58
Repairing a Corrupt Repository: Example 7-61
Debugging the Services During a System Boot 7-63
Addressing system/filesystem/local:default Service Failures During Boot 7-64
Practice 7-3 Overview: Restoring and Recovering a Service 7-65
Summary 7-66

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Configuring Privileges and Role-Based Access Control
Objectives 8-2
xiii

b
a
r
e
f

Workflow Orientation 8-3
Lesson Agenda 8-4
Planning for User Privileges and Roles Assignments 8-5
Process Rights Management and Privileges 8-6
Displaying Privilege Descriptions 8-7
Implementing Privileges 8-8
Role-Based Access Control (RBAC) 8-10
Roles 8-11
Rights Profile 8-12
Basic Solaris User Rights Profile 8-13
Interpreting the /etc/security/policy.conf File 8-14
Authorizations and Privileges 8-15
Security Attributes 8-16
Key RBAC Files 8-17
Interpreting the user_attr File 8-18
Interpreting the auth_attr File 8-19
Interpreting the exec_attr File 8-21
Interpreting the prof_attr File 8-23
Relationship Among the Four RBAC Files 8-25
Profile Shells 8-27
Implementing the Assigning User Privileges and Roles Plan 8-28
Quiz 8-29
Lesson Agenda 8-33
Configuring and Managing Privileges 8-34
Examining Process Privileges 8-35
Determining the Privileges Available to the Shell 8-36
Determining the Process Privileges to a Shell 8-38
Determining the Privileges on a Process 8-39
Displaying the Description of a Privilege 8-40
Managing User Privileges 8-41
Determining the Privileges Directly Assigned to You 8-42
Determining the Privileged Commands That You Can Use 8-43
Assigning Privileges to a User or Role 8-44
Limiting Privileges of a User or Role 8-45
Determining Privileges Needed by a Program Using the ppriv Debugging
Command 8-46
Using the ppriv Debugging Command to Examine Privilege Use in a Profile
Shell 8-47
Using the truss Command to Examine Privilege Use in a Regular Shell 8-48
Practice 8-1 Overview: Delegating Privileges to Users and Processes 8-49
Lesson Agenda 8-50

R
o
r
ce

xiv

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

b
a
r
e
f

Configuring and Using RBAC 8-51
Creating a Role 8-52
Creating a Rights Profile 8-54
Creating a Rights Profile: Example 8-55
Cloning and Modifying a Rights Profile 8-56
Creating or Changing a Rights Profile: Example 8-57
Assigning a Rights Profile to a Role 8-58
Assigning a Role to a User 8-59
Assigning a Role to a User: Example 8-60
Assuming a Role 8-61
Restricting an Administrator to Explicitly Assigned Rights 8-62
Assigning the Rights Profile to a User 8-63
Delegating an Authorization to a User 8-64
Delegating an Authorization to a User: Example 8-65
Assigning Authorization to a Role 8-66
Modifying a System-wide RBAC Policy 8-67
Practice 8-2 Overview: Configuring Role-Based Access Control
Summary 8-69

e
Cic

an
r
t
n

an
s
ha 8-68
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
@ Oracle
9 Securing System Resources byo
Using
tuSolaris Auditing
S
d
l
s
Objectives 9-2
na thi
o
r
ฺ
Workflow Orientation
o 9-3 use
r
e
ic 9-4 e to
Lesson Agenda
c
(
s Auditing 9-5
Planning
nSolaris
dofor Oracle
l
e
c
a
li
n
RoOracle Solaris Auditing 9-6
Interpreting the /etc/security/audit_event File 9-10
Event Types 9-12
Interpreting the /etc/security/audit_class File 9-13
Displaying the /etc/security/audit_class File 9-15
Audit Class Preselection 9-17
Audit Records and Audit Tokens 9-18
Audit Plug-in Modules 9-20
Storing and Managing the Audit Trail 9-21
Audit Remote Server (ARS) 9-22
Audit Policies 9-23
Implementing the Oracle Solaris Auditing Plan 9-24
Quiz 9-25
Lesson Agenda 9-31
Configuring Oracle Solaris Auditing 9-32
Configuring the Audit Service 9-33
Determining Audit Service Defaults 9-34

b
a
r
e
f

Determining Audit Service Defaults: Example 9-35
Preselecting Audit Classes 9-37
Configuring a User’s Audit Characteristics 9-38
Modifying the Audit Policy 9-40
Modifying the Audit Policy: Example 9-41
Specifying the Audit Warning Destination Email 9-42
Adding an Audit Class 9-43
Changing an Audit Event’s Class Membership 9-44
Configuring Audit Logs 9-45
Creating ZFS File Systems for Audit Files 9-46
Allocating Audit Space for the Audit Trail 9-47
Sending Audit Files to a Remote Repository 9-48
Configuring the System Log as the Audit Message Destination 9-49
Configuring the Audit Service in Zones 9-50
Configuring All Zones Identically for Auditing 9-51
Configuring All Zones Identically for Auditing: Example 9-52
Specifying Per-Zone Auditing 9-53
Specifying Per-Zone Auditing: Example 9-54
Lesson Agenda 9-55
Administering the Audit Service 9-56
Enabling the Audit Service 9-57
Disabling the Audit Service 9-58
Refreshing the Audit Service 9-59
Practice 9-1 Overview: Configuring and Administering Oracle Solaris Auditing
Lesson Agenda 9-61
Managing Audit Records on Local Systems 9-62
Displaying Audit Record Definitions 9-63
Merging Audit Files 9-64
Selecting Audit Events to Examine 9-66
Viewing Contents of Binary Audit Files 9-67
Practice 9-2 Overview: Managing Audit Records on Local Systems 9-68
Summary 9-69

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

10 Managing Processes and Priorities
Objectives 10-2
Workflow Orientation 10-3
Lesson Agenda 10-4
Planning Process Execution in an Appropriate Scheduling Class 10-5
Process Scheduler 10-6
Process Priority 10-7
Process Scheduling Classes 10-8
xvi

b
a
r
e
f

9-60

Priority Ranges for Scheduling Classes 10-9
Combining FSS with Other Scheduling Classes 10-10
Using CPU Shares with the FSS 10-12
Scheduling Class on a System with Zones Installed 10-14
Implementing the Process Execution in an Appropriate Scheduling Class
Plan 10-15
Quiz 10-16
Lesson Agenda 10-20
Managing Process Scheduling Priority 10-21
Displaying Processes with the top Command 10-22
Displaying Process Class Information 10-24
Determining the Global Priority of a Process 10-25
Designating a Process Priority 10-27
Modifying a Process Priority 10-29
Lesson Agenda 10-30
Configuring the Fair Share Scheduler (FSS) 10-31
Making FSS the Default Scheduling Class 10-32
Manually Moving Processes from Other Classes into the FSS Class 10-33
Manually Moving the init Process into the FSS Class 10-35
Manually Moving a Project’s Processes into the FSS Class 10-36
Tuning Scheduler Parameters 10-37
Practice 10-1 Overview: Modifying Process Scheduling Priority 10-38
Lesson Agenda 10-39
Managing the Scheduling Class of Zones 10-40
Configuring CPU Shares Configuration in a Non-Global Zone 10-41
Configuring CPU Shares in a Non-Global Zone: Example 10-42
Measuring CPU Performance in the Zones 10-43
Assigning CPU Shares to the Global Zone 10-44
Removing the CPU Shares Configuration from a Zone 10-45
Removing the CPU Shares Configuration from a Zone: Example 10-46
Practice 10-2 Overview: Configuring FSS in an Oracle Solaris Zone 10-47
Summary 10-48

R
o
r
ce

11 Evaluating System Resources
Objectives 11-2
Workflow Orientation 11-3
Lesson Agenda 11-4
Planning for Resource Allocation and System Performance Evaluation 11-5
Resource Management 11-6
Resource Management Control Mechanisms 11-7
Projects and Tasks 11-9
xvii

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

b
a
r
e
f

Project/Task/Process Relationship 11-10
Resource Controls 11-11
Resource Control Values 11-12
Privilege Levels of Resource Controls 11-13
Enforcing Multiple Resource Controls 11-14
Setting Resource Controls 11-15
Default /etc/project File 11-16
Setting Zone-Wide Resource Controls 11-18
Monitoring Resource Consumption 11-19
Implementing the Resource Allocation and System Performance Evaluation
Plan 11-20
Quiz 11-21
Lesson Agenda 11-26
Configuring and Administering System Resources 11-27
Administering Projects and Tasks 11-28
Displaying the Default Projects in the System 11-29
Default /etc/project File 11-30
Defining a Project 11-31
Obtaining Project Membership Information 11-32
Modifying a Project 11-33
Adding Attributes and Attribute Values to a Project 11-34
Substituting Attributes and Attribute Values for a Project 11-35
Removing Attributes or Attribute Values from a Project 11-36
Displaying Currently Running Processes and Projects 11-37
Creating a New Task 11-38
Moving a Running Process into a New Task 11-39
Deleting a Project 11-40
Administering Resource Controls and Attributes 11-41
Displaying the Default Resource Controls 11-42
Displaying Current Resource Control Settings 11-43
Displaying Information About a Given Resource Control 11-44
Enabling Global Resource Control Monitoring 11-45
Practice 11-1 Overview: Managing Resource Controls in Global and Non-Global
Zones 11-46
Lesson Agenda 11-47
Monitoring System Performance 11-48
Displaying Virtual Memory Statistics and Information 11-49
Displaying Virtual Memory Statistics 11-50
Displaying System Event Information 11-52
Displaying Swapping Statistics 11-53
Displaying Disk Usage Information 11-54

R
o
r
ce

xviii

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

b
a
r
e
f

Displaying General Disk Usage Information 11-55
Displaying Disk Space Information 11-56
Monitoring System Activities 11-57
Checking File Access Operation Statistics 11-58
Checking Buffer Activity 11-59
Checking System Call Statistics 11-60
Checking Disk Activity 11-61
Checking Unused Memory 11-62
Setting Up Automatic Data Collection 11-63
System Monitoring Commands: Summary 11-64
Practice 11-2 Overview: Evaluating System Performance Levels
Summary 11-66

11-65

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

xix

an
r
t
n

12 Monitoring and Troubleshooting Software Failures
Objectives 12-2
Workflow Orientation 12-3
Lesson Agenda 12-4
Planning System Messaging and Diagnostic Facilities Implementation 12-5
Configuring the /etc/syslog.conf File 12-6
Stopping and Starting the syslogd Daemon 12-8
TCP Tracing 12-9
TCP Tracing: Example 12-10
Logger Command 12-11
/etc/dumpadm.conf File 12-13
/etc/coreadm.conf File 12-15
Core File Paths 12-17
Implementing the System Messaging and Diagnostic Facilities Implementation
Plan 12-18
Quiz 12-19
Lesson Agenda 12-23
Configuring System Messaging 12-24
Setting Up Message Routing 12-25
Setting Up Message Routing: Example 12-26
Logging a Message by Using TCP Trace 12-27
Monitoring a syslog File in Real Time 12-28
Practice 12-1 Overview: Setting Up System Messaging 12-29
Lesson Agenda 12-30
Configuring System Crash Facilities 12-31
Displaying the Current Crash Dump Configuration 12-32
Modifying the Crash Dump Configuration 12-33
Saving the Crash Dump File 12-35

b
a
r
e
f

Uncompressing the Crash Dump File 12-36
Displaying the Crash Dump File Contents 12-37
Displaying the Crash Dump File Contents: Example 12-38
Lesson Agenda 12-39
Configuring Dump Facilities for Business Application Failure 12-40
Displaying the Current Core Dump Configuration 12-41
Modifying the Core Dump Configuration 12-42
Setting a Core File Name Pattern 12-44
Enabling a Core File Path 12-45
Displaying the Contents of the Core Dump File 12-46
Displaying the Core Dump File Contents: Example 12-47
Practice 12-2 Overview: Configuring System and Application Crash Facilities 12-48
Summary 12-49

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

b
a
r
e
f

Preface

b
a
r
e
f

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce
an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
an
r
t
n
b
a
r
e
f

Profile
Before You Begin This Course

Before you begin this course, you should be able to perform basic Oracle Solaris 11
system administration tasks.
How This Course Is Organized
Oracle Solaris 11 Advanced System Administration is an instructor-led course
featuring lectures and hands-on exercises. Online demonstrations and written
practice sessions reinforce the concepts and skills that are introduced.

b
a
r
e
f

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Related Publications
Oracle Publications
Additional Publications

• System release bulletins
• Installation and user’s guides
• read.me files
• International Oracle User’s Group (IOUG) articles
• Oracle Magazine

b
a
r
e
f

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

Typographic Conventions
The following two lists explain Oracle University typographical conventions for
words that appear within regular text or within code samples.

1. Typographic Conventions for Words Within Regular Text
Convention

Object or Term

Example

Courier New

User input;
commands;
column, table, and
schema names;
functions;
PL/SQL objects;
paths

Use the SELECT command to view
information stored in the LAST_NAME
column of the EMPLOYEES table.

Triggers;
Assign a When-Validate-Item trigger to
user interface object the ORD block.
names, such as
button names
Click the Cancel button.

hostname is the host on which the
password is to be changed.

Quotation marks

Lesson or module
titles referenced
within a course

This subject is covered in Lesson 3,
“Working with Objects.”

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
tu information on the subject see
o@ ForSmore
Italic
Titles of
d
l
s
na thiOracle SQL Reference
coursesoand
r
ฺ
se Manual
o
manuals;
r
u
e
ic emphasized
to
c
(
e
ns or phrases; Do not save changes to the database.
do icewords
l
a
l placeholders or
on
R
variables
Enter hostname, where
ro
Initial cap

Cic

Enter 300.

2. Typographic Conventions for Words Within Code Samples
Object or Term

Example

Uppercase

Commands,
functions

SELECT employee_id
FROM employees;

Lowercase,
italic

Syntax variables

CREATE ROLE role;

Initial cap

Forms triggers

Form module: ORD
Trigger level: S_ITEM.QUANTITY
item
Trigger name: When-Validate-Item
. . .

Lowercase

Column names,
table names,
filenames,
PL/SQL objects

. . .
OG_ACTIVATE_LAYER
(OG_GET_LAYER ('prod_pie_layer'))
. . .

an
r
t
n

b
a
r
e
f

n
a
s
SELECT last_namea
) h eฺ
FROM
employees;
m
id
co scott
u
ฺ
l
i
G
Bold
Text that must
CREATE
USER
t tiger;
ma denBY
be entered by a
IDENTIFIED
g
o@ Stu
user
d
l
a this
n
o
oฺr use
r
e
ic e to
c
(
do icens
l
a
l
on
R
ro

Cic

Convention

I t d ti
Introduction

b
a
r
e
f

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

Overview
•
•
•
•
•

Course goals
Course agenda
Introductions
Your learning center
Your lab environment

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l Solaris 11 Advanced System Administration course. This course is
Welcome
onto the Oracle
R
designed
to teach more advanced skills to system administrators who are able to perform
ro
icebasic Oracle Solaris 11 system administration tasks.

Oracle Solaris 11 Advanced System Administration 1 - 2

Course Goals
The goals of this course are to:
• Enable you to perform advanced Oracle Solaris 11 system
administration tasks successfully and efficiently
• Present tasks that cover a variety of advanced system
administration responsibilities:
–
–
–
–
–

•

OS installation by using AI
ble
a
IPS and package management
r
fe
s
n
Network, zones, and RBAC configuration
a
r
t
on
Business applications
applications, services
services, and process management
n
a
s
System evaluation, monitoring, and troubleshooting
a
h

)
nt G

ฺ

e
m idopportunities
Provide numerous and meaningful
u
ฺcopractice

ail
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 1 - 3

Course Agenda: Day 1
•
•

Lesson 1: Introduction
Lesson 2: Managing the Image Packaging System (IPS)
and Packages
– Configuring a Local IPS Package Repository
– Managing Packages and Package Publishers

•

Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts

ble

– Planning for an Oracle Solaris 11 OS Installation by Using fera
s
the Automated Installer
ran

n
o
n

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n 11 Advanced
Oracle o
Solaris
System Administration consists of five days of lecture and
R
practices.
ro
ice

On the first day, in addition to the Course Introduction, you cover Lesson 2. You learn how to
configure a local IPS repository, as well as how to perform advanced package management
and how to manage package publishers.
You also start Lesson 3, in which you learn how to plan for an Oracle Solaris 11 installation by
using the Automated Installer (AI).
Note: Each lesson begins with a discussion of how to plan for a specific task.

Oracle Solaris 11 Advanced System Administration 1 - 4

Course Agenda: Day 2
•

Lesson 3: Installing Oracle Solaris 11 on Multiple Hosts
(continued)
– Installing Oracle Solaris 11 by Using the Automated Installer
– Configuring
g
g Oracle Solaris Images
g

•

Lesson 4: Managing Business Application Data
–
–
–
–

Planning for Data Storage Configuration and Backup
ble
a
Managing Data Redundancy with Mirrored Storage Pools
r
fe
s
n
Backing Up and Recovering Data with ZFS Snapshotstra
n
o
Managing Data Storage Space with ZFS File System
an
s
Properties
a

Cic

) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n day, lyou conclude Lesson 3 by looking at how to perform the automated
On the o
second
R
You also learn how to configure Oracle Solaris images. As part of Lesson 3, you
ro
einstallation.
perform an automated installation.

Lesson 4 is about managing business application data. You begin this lesson with a
discussion of how to plan for data storage configuration and backup, and then look at how to
manage data redundancy with mirrored ZFS storage pools. You then learn how to perform
more advanced ZFS tasks, such as backing up and recovering data with ZFS snapshots and
managing data storage space with ZFS file system properties.

Oracle Solaris 11 Advanced System Administration 1 - 5

Course Agenda: Day 3
•

Lesson 4: Managing Business Application Data
(continued)
– Troubleshooting ZFS Failures

•

Lesson 5: Configuring Network and Traffic Failover
– Configuring Systems on a Local Network
– Configuring a reactive network, NFS, and Link Aggregation
– Using IPMP

•

Lesson 6: Configuring Zones and the Virtual Networktran
– C
Configuring
fi i Vi
Virtual
t lN
Network
t
kC
Components
t
a
s
a
– Configuring Zones with VNICs
) h eฺ
m
– Allocating System Resources to ฺZones
co
uid

n
o
n

ail nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n day, youl conclude Lesson 4 by learning about how to troubleshoot ZFS failures.
On the o
third
R
ro then cover two more lessons.
eYou

Cic

In Lesson 5, you configure network and traffic failover. You learn how to configure systems on
a local network and how to configure a reactive network, Network File System (NFS), and link
aggregation. You also focus on how to use IP multi-pathing (IPMP).

As part of each lesson, you apply what you have learned in a series of hands-on practices.
Lesson 6 is about configuring zones and the virtual network. You are introduced to the
components of a virtual network and you learn how to configure those components. You also
learn how to configure zones with virtual network interfaces (VNICs) and how to allocate
system resources to zones.

Oracle Solaris 11 Advanced System Administration 1 - 6

b
a
r
e
f

Course Agenda: Day 4
•

Lesson 7: Managing Services and Service Properties
– Configuring SMF Services
– Troubleshooting SMF Services

•

Lesson 8: Configuring Privileges and Role
Role-Based
Based Access
Control
– Configuring and Managing Privileges
– Configuring and Using RBAC

•

b
a
r
e
f

Lesson 9: Securing System Resources by Using Oracle
an
r
t
Solaris Auditing
non

a
s
a
h ฺ
ide
u
G

– Configuring Oracle Solaris Auditing
)
m
– Administering Oracle Solaris Auditing
o
c

Cic

ailฺ nt
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l cover Lessons 7, 8, and 9.
n day, you
On the o
fourth
R
ro 7 focuses on the Service Management Facility (SMF) services, where you learn how
eLesson
to configure and troubleshoot SMF services.

Lesson 8 is about setting up and maintaining privileges and role-based access control
(RBAC). You learn how to configure and manage privileges, as well as how to configure and
use RBAC.
Lesson 9 is about securing system resources by using Oracle Solaris Auditing. You learn how
to configure the audit services and audit logs, as well as how to administer the audit services
and how to manage audit records.
As with the previous lessons, you practice each of the tasks presented in these two lessons.

Oracle Solaris 11 Advanced System Administration 1 - 7

Course Agenda: Day 5
•

Lesson 10: Managing Processes and Priorities
–
–
–
–

•

Managing System Processes
Managing Process Scheduling Priority
Managing the Scheduling Class of a Zone
Monitoring and Configuring the FSS

Lesson 11: Evaluating System Resources

– Configuring System Resources
– Monitoring System Performance

•

b
a
r
e
f

an
r
t
n

Lesson 12
L
12: M
Monitoring
it i and
dT
Troubleshooting
bl h ti S
Software
ftno
a
Failures
has

)

ฺ

– Configuring System Messaging ฺcom uide
l
G Facilities
aiCore
t
– Configuring System Crashgm
and
Dump
n
e

Cic

@ Stud
o
d
al this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n and finall day, you cover the last three lessons.
On the o
fifth
R
eInroLesson 10, you learn how to manage processes and priorities. You learn how to manage

system processes, process scheduling priority, and the scheduling class of a zone. You also
look at how to monitor and configure the Fair Share Scheduler (FSS).
In Lesson 11, you learn how to configure system resources and monitor system performance.
In Lesson 12, you learn how to configure system messaging and configure system crash and
core dump facilities.
Note: The class starts at 9 AM and ends at 5 PM each day. There are several short breaks
throughout the day, with an hour for lunch.

Oracle Solaris 11 Advanced System Administration 1 - 8

Introductions
•
•
•
•
•
•

Name
Company affiliation
Title, function, and job responsibility
Experience related to the topics presented in this course
Reasons for enrolling in this course
Expectations for this course

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 1 - 9

Your Learning Center
•

Logistics
– Restrooms
– Break rooms and designated smoking areas

•
•
•
•
•

Cafeterias and restaurants in the area
Emergency evacuation procedures
Instructor contact information
Cell phone usage
Online course attendance confirmation form

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 1 - 10

Your Lab Environment

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l you practice, in a lab environment, what you learned during the
As part o
ofneach lesson,
R
ro The lab environment that you use in this course is based on the Oracle VM VirtualBox
electure.
virtualization software (an example of which is shown in the slide). VirtualBox is a crossplatform virtualization application. It extends the capabilities of your existing computer so that
it can run multiple operating systems (inside multiple virtual machines) simultaneously.
Open your Activity Guide to “Practices for Lesson 1: Introduction.” Your instructor will walk
you through the material, and you will have a chance to familiarize yourself with the lab
environment configuration and setup.

Oracle Solaris 11 Advanced System Administration 1 - 11

R
o
r
ce
an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
an
r
t
n
b
a
r
e
f

M
Managing
i
the
th Image
I
Packaging
P k i
System
S t
(IPS)
and Packages

b
a
r
e
f

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
e
sOracle
o © 2013,
r
u
Copyright
and/or its affiliates. All rights reserved.
e
o
c
i
t
c
o ( ense
d
l
lic
ona

Objectives
After completing this lesson, you should be able to:
• Implement a plan for the Image Packaging System (IPS)
and package management
• Configure a local IPS package repository
• Configure network client access to a local IPS server
• Manage signed packages and package properties
ble
a
r
• Manage package publishers
fe
s
n
a
r
t
• Manage multiple boot environments
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 2 - 2

Workflow Orientation

IPS

AI INSTALL
MONITORING

DATA
STORAGE

RESOURCE
EVALUATION

NETWORK
CONFIGURATION

PROCESSES

ENTERPRISE
DATA CENTER

b
a
r
e
f

an
r
t
n

no
a
sNETWORK
AUDITING
a
h
) VIRTUALIZATION
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
SERVICES
PRIVILEGES @
tu
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
This course
on presentsl each of the primary system administration tasks in the context of a
R
workflow.
Use the graphic shown in the slide at the beginning of each lesson to orient yourself
ro
icein the workflow environment. You look at why certain tasks precede or follow other tasks and
the importance of each task as it pertains to the system administrator’s job.

As indicated in the graphic, you start with how to manage the Image Packaging System (IPS)
to facilitate software package installation and updates, as well as how to manage business
application data in a data storage environment, followed by installation. You then continue
with network and zones configuration, followed by how to configure and manage services and
privileges. After that, you look at how to use Oracle Solaris auditing, manage processes and
priorities and evaluate system resources.
priorities,
resources Your final tasks are monitoring and troubleshooting
system failures.
The IPS provides you with a comprehensive delivery framework that spans the complete
software life cycle, addressing software installation, updates, system upgrades, and the
removal of software packages. From the perspective of keeping system software up to date,
the IPS framework greatly simplifies software maintenance, application service availability,
and data center security.
In this lesson, you learn how to set up a local IPS repository and manage it.

Oracle Solaris 11 Advanced System Administration 2 - 3

Lesson Agenda
•
•
•
•
•
•

Planning for IPS and Package Management
Configuring a Local IPS Package Repository
Configuring Network Client Access to the Local IPS Server
Managing Signed Packages and Package Properties
Managing Package Publishers
Managing Multiple Boot Environments

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 2 - 4

b
a
r
e
f

Importance of Working with a Plan
Implementing tasks in accordance with a plan ensures that the
tasks are:
• Assigned to the appropriate personnel
• Completed as required
• Completed on schedule

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l of task you are performing, you should execute the task based on a
Regardless
on of the type
R
plan,
ro especially for key tasks such as installation. In a large data center environment where
icesystem administration responsibilities are distributed among multiple administrators, it is even
more important that you understand what your responsibilities are, and why and when you
perform them. Often, you will be given directions or a plan by a senior member and asked to
execute that plan. In some data centers, the plan is referred to as a “run book.”

In this course, you are given a plan at the start of each major task, and then you are asked to
implement the task as outlined in the plan.

Oracle Solaris 11 Advanced System Administration 2 - 5

Planning for IPS and Package Management
•
•

As part of the Oracle Solaris 11 implementation plan, your
company wants to set up a local IPS repository.
A local IPS repository provides the following benefits:
– Performance
– Security
– Replication

Oracle’s
Default
Repository

Server

Local
Repository

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
Client
h
)
ฺ
e
m
d
o
i
CLI:
pkg
(1)
c Desktop:
u
ฺ
l
i
G
Package
Manager
a nt
m
Update
Manager
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n companies,
As witho
many
your company is concerned about performance and security. In
R
for the Oracle Solaris 11 implementation, the Server Implementation team has
ro
epreparation

been asked to set up a local IPS repository as part of the operating system test environment.
A local IPS repository provides the following benefits to the company:
• Performance: Having a local package repository provides client access to packages at
local network speeds.
• Security: You might not want your client systems to have access to the Internet.
• Replication: You want to make sure that an installation that you perform next year is
exactly
y the same as the installation you
y perform today.
y

Oracle Solaris 11 Advanced System Administration 2 - 6

Identifying IPS Server System Requirements
Hardware/Software

Requirement

System

x86 or SPARC

Operating system

Oracle Solaris 11

Disk space

13 GB of free space

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The other
onmemberslof your team have selected the system to host the local IPS repository
R
based
ro on the system requirements shown in the slide. They have also selected the client
icesystems that will be networked to the local IPS server to verify that the IPS is functioning
correctly.

Oracle Solaris 11 Advanced System Administration 2 - 7

Planning for Boot Environment Management

beadm /
Package Manager

Client

Current Boot
Environment
Inactive Boot
Environment

create
activate

New Boot
Environment

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
Backup
Boot
u
beadm
ilฺc t G
Environment
a
m den
backup
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
In addition
onto settingl up a local IPS repository, your company wants you to test the Oracle
R
ro 11 boot environment (BE) technology. Given your company’s service-level
eSolaris

agreements, having multiple BEs to manage and maintain operating system images will be a
critical part of the system administrator’s day-to-day tasks in the new Oracle Solaris 11
environment. The BEs play an important role in the company’s data backup strategy.

The part of the plan that you will help to implement requires testing of the BE creation and
backup functionality by using the beadm command, Package Manager, and the ZFS snapshot
functionality.
Note: From having taken the Oracle Solaris 11 System Administration course (or from your
own on-the-job
th j b experience),
i
) you should
h ld b
be ffamiliar
ili with
ith b
basic
i BE administration
d i i t ti and
d with
ith b
both
th
the beadm command and the Package Management GUI. In this course, you build on these
basic skills by learning how to manually create a new and complete BE based on the current
BE, as well as how to create a snapshot of the BE that will be used as a backup.

Oracle Solaris 11 Advanced System Administration 2 - 8

Implementing the IPS and
Package Management Plan
Your assignment is to:
• Configure a local IPS package repository
• Configure network client access to the local IPS server
• Test the BE creation and backup functionality

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
As a member
on of the lServer Implementation team, you have the task of configuring the local
R
IPS
ro repository on an x86 system. After configuring the repository, your next task is to
iceconfigure network client access to the IPS server for the client systems in the test
environment. Finally, you ensure that the repository server is functioning as it should by
running a series of package-management commands from one of the client systems.
After you verify that the local IPS repository is functioning correctly, you test the Oracle
Solaris 11 BE technology by creating both new and backup BEs.
You learn how to configure the local IPS repository in the next few slides.

Oracle Solaris 11 Advanced System Administration 2 - 9

Quiz
What benefits does a local IPS repository provide?
a. Greater capacity for more packages in the repository
b. Automatically created backup BEs
c Increased performance for package retrieval
c.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Answer:ocn
R
ro
ice

Oracle Solaris 11 Advanced System Administration 2 - 10

Quiz
Which utility is used to manage BEs in Oracle Solaris 11?
a. luupgrade
b. beadm
c BE Manager
c.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Answer:obn
R
ro
ice

Oracle Solaris 11 Advanced System Administration 2 - 11

Lesson Agenda
•
•
•
•
•
•

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
You know
plan is to manage the IPS by using a local IPS repository. So
onthat the company’s
R
you
ro should now look at what you need to do to configure a local IPS package repository on
iceone of your local systems.

Oracle Solaris 11 Advanced System Administration 2 - 12

b
a
r
e
f

Configuring a Local IPS Package Repository
Required tasks:
1. Creating a ZFS file system to hold the repository
2. Obtaining software packages from the Oracle Solaris
download site
3. Making the contents of the repository available
4. Configuring the repository server service
ble
a
r
5. Starting the repository service
fe
s
n
a
r
t
6. Setting the local IPS publisher
on
n
7. Testing IPS on the local server
sa

ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To configure
on a locallIPS package repository, you must complete the tasks shown in the slide,
R
ro are covered in this section.
ewhich

Cic

Oracle Solaris 11 Advanced System Administration 2 - 13

Creating a ZFS File System
to Hold the Repository
Create a ZFS file system for the local package repository in the
root pool.
# zfs create rpool/export/IPS
# zfs list
NAME
rpool
rpool/ROOT
rpool/ROOT/solaris
rpool/ROOT/solaris/var
rpool/dump
p
/
p
rpool/export
rpool/export/IPS
rpool/export/home
rpool/export/home/oracle
/export/home/oracle
rpool/swap

USED
9.94G
2.13G
2.13G
507M
1.03G
5.74G
5.74G
212K
34K

AVAIL
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G
21.3G

REFER
39K
31K
1.58G
505M
1.00G
33K
5.74G
37K
34K

MOUNTPOINT
/rpool
legacy
/
/var
/export
/export/IPS
/export/home

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
1.03G
@ 21.3G
u 1.00G t
o
S
d
al this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l a ZFS file system for your local package repository. Using a
Your first
ontask is to create
R
separate
ro ZFS file system for your repository enables you to:
ice • Achieve
c e e bette
better performance
pe o a ce
• Set separate file system characteristics
• Recover specified file systems
A recommended practice is to create the new ZFS file system within rpool. You can then run
the zfs list command to verify that the file system is created, as shown in the example in
the slide.

Oracle Solaris 11 Advanced System Administration 2 - 14

Obtaining Software Packages from
the Oracle Solaris Download Site
1. Go to the Oracle Solaris download site:
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html

2. Download the Oracle Solaris 11 Repository Image:
– Download Part A SPARC, x86 ((3.3 GB))
– Download Part B SPARC, x86 (3.1 GB)

3. Copy the files to the ZFS repository file system.
4. Uncompress the files.
5. Concatenate the files.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the ZFS file system to hold your local package repository, you are
After you
onhave created
R
ready
ro to download the Oracle Solaris 11 Repository Image from the Oracle Solaris download
icesite: http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html.
# unzip sol-11_1-repo-full.iso-a.zip
# unzip sol-11_1-repo-full.iso-b.zip
# cat sol-11_1-repo-full.iso-a sol-11-1-repo-full.iso-b > sol11_1-repo-full.iso
# ls /export/IPS
sol-11_1-repo-full.iso

The repository image provides you with a complete archive of software packages to allow you
to set up a local network IPS repository that client systems can connect to.
The repository image is divided into two files:
• Download Part A SPARC, x86 (3.3 GB)
• Download Part B SPARC, x86 (3.1 GB)
Copy both files to the ZFS repository file system,
system uncompress them
them, and concatenate them
them,
as shown in the example in the slide. You can then run the ls command for the ZFS file
system to see the concatenated ISO file.

Oracle Solaris 11 Advanced System Administration 2 - 15

Making the Repository File Contents Available
Make the contents of the repository .iso file available to the
depot server.
# lofiadm –a sol-11_1-repo-full.iso
# mount –F
F hsfs /dev/lofi/1 /mnt
# rsync –aP /mnt/repo /export/IPS

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l repository ISO image is in the ZFS repository file system, you need to
n
After the
oconcatenated
R
make
ro the contents of the file system available to the depot server (pkg.depotd), as shown in
icethe example in the slide.
Note: A depot server is a collection of one or more package repositories. The depot server is
typically run as a service on the system by pkg.depotd(1m). The pkg.depotd service is
managed by the service management facility, smf(5), under the service identifier:
svc:/application/pkg/server.
To perform this task, you use the lofiadm -a command, which enables you to associate a
file with a block device (in this example, the block device is /dev/lofi/1). The file can then
b accessed
be
d th
through
h th
the bl
block
kd
device.
i
Thi
This iis useful
f l when
h th
the fil
file contains
t i an iimage off a fil
file
system (for example, the repository ISO image), because you can then use the block device
with normal system utilities for mounting, checking, or repairing the file system.
Note: A block device is a storage device that supports the reading and writing of data in fixedsized blocks.

Oracle Solaris 11 Advanced System Administration 2 - 16

Next you mount the device by using the mount -F hsfs command. The -F option specifies
the file system type on which to operate. In this example, the file system type is specified as
an ISO 9660 file system (hsfs). The High Sierra file system, hsfs, is a draft predecessor to ISO
9660, so the name reflects the file system’s history.
Finally, run the rsync program. This program enables you to transfer only the differences
between the two sets of files across local disks, directories, or network connection very
quickly.
Note: Be sure to specify /mnt/repo and not /mnt/repo/ if you want to copy the repo
directory and not just the files and subdirectories in the repo directory. For more information
about the rsync command, see the rsync(1) man page.
The package repository is very large (approximately 6 GB). Depending on the speed of your
host machine, the rsync program will take about two to three hours to complete.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 2 - 17

Configuring the Repository Server Service
Use the SMF svccfg command to configure the repository
server service.
# svccfg –s application/pkg/server setprop pkg/inst_root=/export/IPS/repo
# svccfg –s application/pkg/server setprop pkg/readonly=true
# svcprop -p pkg/inst_root application/pkg/server
/export/IPS/repo

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l repository server service by using the SMF svccfg -s command, as
You now
onconfigure the
R
shown
ro in the example in the slide.
iceIn the first command, the -ss option specifies the start method for the service and associates
the local repository file system as the application package server. The setprop
subcommand sets the name property of the pkg property to the ZFS file system where the
repository files reside.
The second svccfg -s command specifies that the read-only property should be set to
true.
You can verify that the local repository file system is now specified as the package server by
using the svcprop -p command, as shown in the example. The svcprop utility with the
-p option prints values of properties in the service configuration repository.
Note: As an alternative, you can also use an NFS share for your IPS repository, as the
following example commands show:
# zfs set share.nfs=on /export/IPS name=repoSolaris11,path/export/IPS,prot=nfs
# dfshares s11-ss
RESOURCE

SERVER

ACCESS TRANSPORT

solaris:/export/IPS solaris -

Oracle Solaris 11 Advanced System Administration 2 - 18

Starting the Repository Service
Use the SMF svcadm command to start the repository service.
# svcadm refresh application/pkg/server
# svcadm enable application/pkg/server
# svcs application/pkg/server
STATE STIME
FMRI
online 17:00:56
svc:/application/pkg/server:default

b
a
r
e
f

s
n
Use the pkgrepo refresh command to refresh the package
a
r
-t
n
o
repository
repository.
n

a
s
a
# pkgrepo refresh –s /export/IPS/repo
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
After you
server service configured, you can start it by using the SMF
onhave the repository
R
svcadm
ro command. You first refresh the service and then enable it, as shown in the example
icein the slide. You can verify that the service is enabled by running the svcs
application/pkg/server command.

Also keep in mind that when you create a new package repository, you must refresh the
repository catalog by using the pkgrepo refresh command so that the package search
operations work correctly.

Oracle Solaris 11 Advanced System Administration 2 - 19

Setting the Local IPS Publisher
Use the pkg set-publisher command to set the publisher to
the local IPS repository.
# pkg publisher
PUBLISHER
solaris

TYPE
STATUS URI
origin online http://pkg.oracle.com/solaris/release

# pkg set-publisher –G ‘*’ –g http://server.mydomain.com/ solaris
# pkg publisher
PUBLISHER
solaris

TYPE
origin

STATUS URI
online http://server.mydomain.com/

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The default
on publisherl for Oracle Solaris 11 systems is solaris, and the default origin for that
R
publisher
is http://pkg.oracle.com/solaris/release. The publisher’s origin is identified by its
ro
iceuniversal resource identifier (URI). This is the location of a machine or resource on the
Internet.

To enable your clients to retrieve packages from your local repository, you need to reset the
origin for the solaris publisher (as shown in this example) for each client.
The uppercase -G option with the pkg set-publisher command specifies the origin of the
publisher to be removed. The -g option specifies the origin of the publisher to be added. In
the example, you are removing the origin for the solaris publisher and adding the origin for
a solaris
l i publisher that is on the local IPS server (http://server
(http://server.mydomain.com/).
mydomain com/)

Oracle Solaris 11 Advanced System Administration 2 - 20

Testing IPS on the Local Server
You can test that your IPS server is set up correctly by
searching for a package.
# pkg search entire
INDEX
ACTION
pkg.fmri
k f i
set

VALUE
solaris/entire
l i /
i

PACKAGE
pkg:/entire@0.5.11-0.175.1.0.0.24.2
k /
i

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Your final
onIPS serverl configuration task is to test that the server is set up correctly. You can
R
do
rothis by searching for a package. In this example, you are looking for the entire package.
iceIf the search returns the package information, your local IPS server has been configured
correctly.

Oracle Solaris 11 Advanced System Administration 2 - 21

Practice 2-1 Overview:
Configuring a Local IPS Package Repository
This practice covers the following topics:
• Verifying that the /export/IPS file system has been
configured on the system
• Determining whether the IPS service is available
• Setting up the application/pkg/server service
•
•
•

Refreshing the package repository
Adding a new publisher
Testing IPS on the local server

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The practices
on for thisl lesson are designed to reinforce the concepts that have been presented
R
inro
the lecture portion. These practices cover the following tasks:
ice • Practice
act ce 2-1: Co
Configuring
gu g a local
oca IPS
S pac
package
age repository
epos to y

•
•

Practice 2-2: Configuring network client access to the local IPS server
Practice 2-3: Managing multiple boot environments

You will find Practice 2-1 in your Activity Guide. This practice should take about 45 minutes to
complete.

Oracle Solaris 11 Advanced System Administration 2 - 22

Lesson Agenda
•
•
•
•
•
•

Planning for IPS and Package Management
Configuring a Local IPS Package Repository
Configuring Network Client Access to the Local IPS
Server
Managing Signed Packages and Package Properties
Managing Package Publishers
Managing Multiple Boot Environments

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 2 - 23

b
a
r
e
f

Configuring Network Client Access
to the Local IPS Server
This section covers the following topics:
• Determining the client host and domain names
• Checking network connectivity
• Setting the local IPS publisher
• Testing client access to the local IPS server

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 2 - 24

Determining the Client Host and Domain Names
Use hostname and domainname to identify the client
machine.
# hostname
client1
# domainname
mydomain.com

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Your first
the client machine’s host and domain names. To do this, run the
ontask is to identify
R
hostname
and domainname commands, as shown in the slide.
ro
ice

Oracle Solaris 11 Advanced System Administration 2 - 25

Checking Network Connectivity
Verify DNS service access and connectivity with the local IPS
server.
# nslookup server
Server:
192.168.0.100
Address:
192.168.0.100#53
Name:
Address:

server.mydomain.com
192.168.0.100

# ping server
server is alive

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l that the client machine can access DNS services and that it can
Next, you
onwant to verify
R
connect
ro to the local IPS server.
iceFirst, run the nslookup command with the name of the local IPS server. In the example in
the slide, the local IPS server host name is server.
Then verify that the client can talk with the local IPS server by running the ping command, as
shown in the example.

Oracle Solaris 11 Advanced System Administration 2 - 26

Setting the Local IPS Publisher
Use the pkg set-publisher command to set the publisher to
the local IPS repository.
# pkg publisher
PUBLISHER
TYPE
solaris
origin

STATUS URI
online http://pkg.oracle.com/solaris/release

# pkg set-publisher –G ‘*’ –g http://server.mydomain.com/ solaris
# pkg publisher
PUBLISHER
TYPE
solaris
origin

STATUS URI
online http://server.mydomain.com/

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l network connectivity between the client and the local IPS server, you
After you
onhave verified
R
need
ro to set the publisher to the local IPS publisher, just as you did when you configured the
icelocal IPS server.
First, check the current publisher. Next, set the publisher to the local IPS repository, and then
verify that the publisher is now the local IPS publisher.
Make a note of the local publisher’s URI; you will need it to complete the next task.

Oracle Solaris 11 Advanced System Administration 2 - 27

Testing Client Access to the Local IPS Server
To test client access to the IPS server, open the local publisher
URI in a browser.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the client machine’s access to the local IPS server. To do this, open
The final
ontask is to test
R
the
rolocal publisher’s URI in a browser. If a page is returned that reads “package repository,”
iceyou have successfully configured the client’s access to the IPS server. You can now use your
local IPS repository to manage your company’s software package needs.

Note: In this example, the URI would be http://s11-server1.mydomain.com.

Oracle Solaris 11 Advanced System Administration 2 - 28

Practice 2-2 Overview: Configuring Network
Client Access to the Local IPS Server
This practice covers the following topics:
• Verifying connectivity between the client and the IPS
server
• Removing and adding publishers
• Testing client access to the IPS server
ble
• Searching for packages by using the package repository
a
r
fe
s
browser
n
a

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
This practice
on shouldl take about 15 minutes to complete.
R
ro
ice

tr
n
no

Oracle Solaris 11 Advanced System Administration 2 - 29

Lesson Agenda
•
•
•
•
•
•

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
You have
onset up yourl local package repository and verified that the client systems can access
R
it.ro
You are now ready to manage the packages that you get from the repository. Because you
icealready know how to perform basic package management tasks (such as installing, updating,

and displaying package information), this topic focuses on how to manage signed packages
and package properties. You are introduced to variants and facets, and you learn how to view
and purge operation history.

Oracle Solaris 11 Advanced System Administration 2 - 30

b
a
r
e
f

Introducing Signed Packages
Signed packages contain digital signatures that verify that:
• The package came from the entity who signed it
• The entity signed the package
• The package has not been modified
• The entity is trusted

b
a
r
e
f

Digital
Signature

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
u
ilฺc Signed
G
a
Unsigned
t
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Software
onpackages lcan be signed or unsigned. A signed package is identical to an unsigned
R
package,
except that it has a digital signature that verifies the following:
ro
ice • Thee pac
package
age ca
came
e from
o tthe
ee
entity
t ty who
o ssigned
g ed it.
t

•
•
•

The entity indeed signed it.
The package has not been modified since the entity signed it.
The entity who signed it is a trusted entity.

In other words, a signed package provides the reassurance that the package is secure and,
therefore, safe to download and install on your system.

Oracle Solaris 11 Advanced System Administration 2 - 31

Installing Signed Packages
•
•

Configuring image properties for signed packages
Configuring publisher properties for signed packages

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n can installl signed packages on your system, you must set specific properties on
Before o
you
R
both
ro the image and the publisher.
ice

Oracle Solaris 11 Advanced System Administration 2 - 32

Identifying Image Properties for Signed Packages
•

signature-policy: Determines what checks will be
performed on manifests when you install a package into
the operating system image
–
–
–
–

•

ignore
verify
require-signatures
require-names

s
signature-required-names: Defines names thatra
must
n
t
be seen as common names of certificates whilenvalidating
ona
the signatures of a package
s
a
) hthe epath
ฺ name of
trust-anchor-directory: Identifies
m
d
o
i
u
ilฺc anchors
the directory that contains the a
trust
t G for the image

m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l properties for signed packages. These are signature-policy,
n three image
You canoset
R
signature-required-names,
and trust-anchor-directory.
ro
iceThe signature
signature-policy
policy property, along with one of its values, determines the checks that

are performed on manifests when installing a package into the operating system image. You
can use the following values with this property:
• ignore: Directs the image to ignore signatures for all manifests
• verify: Directs the image to verify that all manifests with signatures are validly signed,
but does not require all installed packages to be signed
• require-signatures: Directs the image to require that all newly installed packages
have at least one valid signature
Note: The pkg fix and pkg verify commands also present a warning if an installed
package does not have a valid signature.
• require-names: Directs the image not only to require that all newly installed packages
have at least one valid signature (as with the require-signatures property) but also
to require that the strings listed in the signature-required-names image property
appear as common names of the certificates used to verify the chains of trust of the
signatures

Oracle Solaris 11 Advanced System Administration 2 - 33

b
a
r
e
f

The next property, signature-required-names, defines a list of names that must be seen
as common names of certificates while validating the signatures of a package. It is used only
when the signature policy is require-names.

property,
p y, trust-anchor-directory,
y, identifies the path
p
name of the directoryy that
The last p
contains the trust anchors for the image. This path is relative to the operating system image.
The final policy that is applied to a package depends on the combination of image policy and
publisher policy. The combination will be at least as strict as the stricter of the two policies
taken individually.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 2 - 34

Configuring Image Properties
for Signed Packages
Use pkg with the following subcommands to configure package
signature properties for an image:
• set-property
• add-property-value
add property value
• remove-property-value
• unset-property
Examples:

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l properties for signed packages, you use the pkg command with the
To configure
on the image
R
roof subcommands presented in the slide. As you can see from the list of subcommands,
elist
#
#
#
#

pkg
pkg
pkg
pkg

set
set-property
property signature
signature-policy
policy verify
add-property-value signature-require-names trustedname
remove-property-value signature-require-names trustedname
unset-property signature-policy

you can set, add, remove, and unset properties.

Under “Examples” in the slide, the first command shows how to configure an image to verify
all signed packages by setting the verify value for the signature-policy property.
The second command is an example of how to add the string trustedname to the image’s
list of common names that must be seen in a signature’s chain of trust for it to be considered
valid.
The third command is an example of how to remove the string trustedname from the
image’s list of common names.
The fourth command shows how to restore the signature-policy property to its default
value.

Oracle Solaris 11 Advanced System Administration 2 - 35

b
a
r
e
f

Identifying Publisher Properties
for Signed Packages
•

•

signature-policy: Determines the checks that will be
performed on manifests when installing a package into the
image from a specified publisher
signature-required-names:
g
q
Defines names that must
be seen as common names of certificates while validating
the signatures of a package from a specified publisher

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l properties that you can set to use signed packages from a specific
There are
ontwo publisher
R
publisher:
signature-policy and signature-required-names.
ro
iceThe signature
signature-policy
policy property is identical to the function of the signature
signature-policy
policy

image property, except that this property applies only to packages from a specified publisher.
The signature-required-names property is identical to the function of the signaturerequired-names image property, except that this property applies only to packages from a
specified publisher.

Oracle Solaris 11 Advanced System Administration 2 - 36

b
a
r
e
f

Configuring Publisher Properties
for Signed Packages
Use pkg set-publisher with the following subcommands to
configure package signature properties for a publisher:
• --set-property
• --add-property-value
add property value
• --remove-property-value
• --unset-property
Examples:

an
r
t
n

# pkg set-publisher --set-property signature-policy=requiresignatures whoisit
whoisit.com
com
# pkg set-publisher --add-property-value signature-requirenames=trustedname whoisit.com
# pkg set-publisher --remove-property-value signature-requirenames=trustedname whoisit.com
# pkg set-publisher --unset-property signature-policy
whoisit.com

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l properties for signed packages, you use the pkg set publisher
To configure
on publisher
R
with the list of subcommands presented in the slide. As with image properties, you
ro
ecommand

Cic

can set, add, remove, and unset properties. Note that the subcommands are the same as
those used for configuring image properties, with one exception: each subcommand is
preceded by a double dash (--).

Under “Examples” in the slide, the first command shows how to configure an operating
system image to require that all packages installed from the publisher whoisit.com must be
signed.
The second command is an example of how to add the string trustedname to the
whoisit.com
h i it
publisher’s
publisher
s list of common names that must be seen in a signature’s
signature s chain of
trust for it to be considered valid.
The third command is an example of how to remove the string trustedname from the
whoisit.com publisher’s list of common names.
The fourth command shows how to unset the signature-policy property that requires that
all packages installed from the publisher whoisit.com must be signed.

Oracle Solaris 11 Advanced System Administration 2 - 37

b
a
r
e
f

Quiz
Which command enables you to configure your current image
to ensure that all manifests with signatures are validly signed?
a. # pkg set-property signature-policy verify
b # pkg set-property
b.
set property signature-policy
signature policy
require-names
c. # pkg set-property signature-policy
require-signature

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Answer:oan
R
ro
ice

Oracle Solaris 11 Advanced System Administration 2 - 38

b
a
r
e
f

Quiz
What pkg subcommand or option of the set-publisher
subcommand is used to configure publisher properties for
signed packages?
a. set-property
p p
y
b. set-publisher
c. set-publisher property
d. --set-publisher

an
r
t
n

Oracle Solaris 11 Advanced System Administration 2 - 39

b
a
r
e
f

Introducing Variants and Facets
•

Variant: Mutually exclusive component of a package
– Appears as a tag on IPS actions
– Affects whether an IPS action is installable

•

Facet: Optional component of a package
– Appears as a tag on IPS actions
– Affects whether an IPS action is installable

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n that thel IPS allows you to manage your packages, regardless of whether they
Anotheroway
R
are
rosigned or unsigned, is through the use of variants and facets. A variant is a mutually
iceexclusive component of a package, such as architecture. Variants appear as tags on IPS
actions and affect whether that action is installable. If an action has any variant tags, all
variant tags must match the selection criteria to install the action.

Note: An action is defined in the IPS as an installable object, such as a file, directory, link, or
dependency. Actions are described in the manifest of a package. Every action consists
primarily of its name and a key attribute. Together, these refer to a unique object as it follows
a version history.
A facet
f
t is
i an optional
ti
l componentt off a package,
k
such
h as a locale.
l
l F
Facets
t appear as tags
t
on
IPS actions and affect whether that action is installable. If an action has any facet tags, at
least one facet tag must match the selection criteria to install the action.

Oracle Solaris 11 Advanced System Administration 2 - 40

Displaying and Changing Variants and Facets
Variants
• To display the values of all variants, use pkg variant.
• To display specific variants, use pkg variant
variant spec
variant_spec.
• To change a variant, use pkg change-variant
--accept variant_spec=instance.
Facets
s
n
a
r
• To display the current values of all facets defined in-the
t
n
o
currentt image,
i
use pkg
k facet.
f
an
s
• To display specific facets, use pkg facet
hafacet_spec.
)
ฺ
e
m
d
o
i
c G
• To change the current value of ailฺfacet,
use
u pkg changea
t
facet --accept facet_spec=True|False|None.
gm den

o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n andl change the current values for both variants and facets. To display the
You canodisplay
R
values
ro of all the variants of an image, you can use the pkg variant command. To display
icespecific variants, use the pkg variant command with a variant specification

(variant_spec). You can specify multiple variant specifications.

To change a specific variant, use the pkg change-variant command, followed by
––accept and the variant specification (variant_spec=instance). If you want to see
what will change without actually implementing the change, you can use the -n option as in
this example: # pkg change-variant -n --accept variant.debug=false.
To display all the facets in the current image, use pkg facet. To display specific facets, use
the pkg
k facet
f
t command with a facet specification (f
(facet_spec).
t
) You can specify multiple
facet specifications. To change a specific facet, use the pkg change-facet command,
followed by ––accept (to automatically accept all package licenses without interruption to
the update process) and the facet specification (facet_spec=True|False|None). Again,
you can use the -n option to see what changes will occur without actually making the change.

Oracle Solaris 11 Advanced System Administration 2 - 41

b
a
r
e
f

Managing Package History
•

To view package history, run pkg history.

•

To view more verbose package history information, run
pkg history -l.

•

To specify the number of the most recent package history
operations to display, use the -n option.

•

To display log records for a comma-separated list of
ble
a
timestamps, use the –t option.
r
fe
s
n
To purge package history, run pkg purge-history.
tra

•

n
o
n

a
OUTCOME
s
a
) h eSucceeded
ฺ
Succeeded
m
d
o
i
ilฺc t Gu Succeeded
a
m den
# pkg purge-history
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l command that enables you to see all the package operations that
IPS hasoanpkg history
R
have
ro been performed on an image, as shown in the example in the slide.
iceUse the -ll option if you want to display more information, including the outcome of the
$ pkg history
START
2012-09-19T20:12:54
2012-09-19T20:12:54
2012-09-19T19:47:54

OPERATION
update-publisher
refresh-publishers
install

CLIENT
transfer module
transfer module
transfer module

command, the time the command completed, the version and name of the client used, the
name of the user who performed the operation, and any errors encountered while executing
the command.
If you want to display only the most recent operations, use the -n option to specify the
number of operations that you want to view by.
To display log records for a comma-separated list of time stamps, use the -t option and a
hyphen (-) between a start and finish time stamp. The keyword now can be used as an alias
for the current time.
Use the pkg purge-history command to purge the history. However, you need root
privileges to perform this action.
For more information, see man pkg(1).

Oracle Solaris 11 Advanced System Administration 2 - 42

Lesson Agenda
•
•
•
•
•
•

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n havingl set the publisher when you configured both the local IPS server and the
You willorecall
R
client
ro machines, and when you configured the publisher properties for signed packages. In
icethis topic, you take a brief look at the other management tasks that you can perform on

package publishers.

Oracle Solaris 11 Advanced System Administration 2 - 43

b
a
r
e
f

Managing Package Publishers
This section covers the following topics:
• Displaying publisher information
• Specifying publisher stickiness
• Setting the publisher search order
• Disabling or enabling a publisher
• Changing a publisher origin URI

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l to perform several of the package publisher management tasks.
You already
on know how
R
You
ro know how to display the current publisher (pkg publisher), add a publisher (pkg seticepublisher -g), and remove a publisher (pkg set-publisher -G).
The additional tasks listed in the slide are covered in this section.

Oracle Solaris 11 Advanced System Administration 2 - 44

Displaying Publisher Information
•

To display only the highest-ranked publisher in the search
order, run pkg publisher -P.
$ pkg publisher -P
PUBLISHER
solaris

•

TYPE
origin

STATUS
online

URI
http://pkg.oracle.com/solaris/release
//
/
/

To display information about a specific publisher,
run pkg publisher publisher_name.
$ pkg publisher solaris
P blisher solaris
Publisher:
Alias:
Origin URI: http://pkg.oracle.com/solaris/release
SSL Key: None
SSL Cert: None
Client UUID: ddee2130-0292-11e2-b9e5-80144f013e20
Catalog Updated: September 27, 2012 10:22:59 PM
Enabled: Yes

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If you are
oninterestedlin seeing information only about the highest-ranked publisher in the
R
search
ro order, you can run the pkg publisher command with the uppercase -P option, as
iceshown in the first example in the slide. You can see the publisher name, type, status, and
URI.

If you have multiple publishers and you want to see information about a particular publisher,
you can use the pkg publisher command with the publisher name. As shown in the second
example, this command displays the publisher’s name, an alias if one has been assigned, the
origin URI, the publisher’s SSL keys and certificates information if there are any, the client’s
universally unique identifier (UUID), the date the publisher’s catalog was last updated, and
whether the publisher is enabled
enabled.
Note: For information about specifying SSL keys and certificates for a publisher, see the
Image Packaging System man pages.

Oracle Solaris 11 Advanced System Administration 2 - 45

Specifying Publisher Rankings
To set a publisher to be the highest-ranked publisher in the
search order, run pkg set-publisher -P publisher_name
or the --search-first option.
# pkg publisher
PUBLISHER
TYPE
solaris
origin
whoisit.com (non-sticky) origin

STATUS
online
online

URI
http://server.mydomain.com
http://pkg.example.com/release

b
a
r
e
f

# pkg set-publisher -P whoisit.com
# pkg publisher
PUBLISHER
TYPE
whoisit.com
origin
g
solaris
(non-sticky) origin

STATUS
online
online

URI
http://pkg.example.com/release
p://p g
p
/
http://server.mydomain.com

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l you first looked at the publisher information while configuring the
n recall, when
As you o
may
R
ro IPS server, the publisher was the default solaris publisher from Oracle. You then
elocal

removed the default publisher origin for the solaris publisher and added a new origin to it.
The solaris publisher then became the highest-ranked publisher in the search order
(primarily because it was the only publisher at that point).
Assume that you have since added several publishers to your local IPS server and you want
to specify a different publisher as the highest-ranked publisher. To make this change, you use
the -P option with the pkg set-publisher command, followed by the publisher’s name, as
shown in the example, where you make the whoisit.com publisher the highest-ranked
publisher Note how the specified publisher moves to the top of the search order when you
publisher.
run the pkg publisher command again. (The “non-sticky” specification is discussed on the
next page.)
Note: You can specify the -P option when you add a publisher or when you modify an
existing publisher. Also, you can choose to use the --search-first option to search the
higher-ranked publisher.

Oracle Solaris 11 Advanced System Administration 2 - 46

Specifying Publisher Stickiness
To make a publisher sticky, run pkg set-publisher
--sticky publisher_name.
# pkg set-publisher --sticky example.com

To make a publisher non-sticky, run pkg set-publisher
--non-sticky publisher_name.
# pkg set-publisher --non-sticky example.com

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To make
onsure that al package that was installed from one publisher cannot be updated by
R
ro publisher, you can make the publisher “sticky.” To do this, you use the pkg seteanother

publisher --sticky command, followed by the publisher’s name (as shown in the first
example in the slide). A newly added publisher is sticky by default.

Conversely, if you want to allow a package that was installed from one publisher to be
updated by another publisher (that is, so that publishers that are ranked higher than the
specified publisher can provide updates to packages originally installed from the specified
publisher), you can use the pkg set-publisher command with the --non-sticky option
(as shown in the second example).

Oracle Solaris 11 Advanced System Administration 2 - 47

Setting the Publisher Search Order
To move a publisher higher in the search order, run pkg setpublisher --search-before publisher_name
publisher_name.
# pkg set-publisher -–search-before example1.com example2.com

To move a publisher lower in the search order, run pkg setble
publisher --search-after publisher_name
a
r
fe
s
n
publisher_name.
ra

n
o
n

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The publisher
on searchl order is used to find packages to install. The publisher search order is
R
also
ro used to find packages to update if the publisher that the package was originally installed
icefrom is non-sticky.
# pkg set-publisher -–search-after example1.com example2.com

The high ranked publisher is first in the search order. A newly added publisher is last in the
search order by default.
To move a publisher higher in the search order, use the pkg set-publisher --searchbefore command, followed by the name of the publisher that you want to be demoted in the
search order, and then the name of the publisher that you want to be promoted in the search
order (as shown in the first example in the slide).
To move a publisher lower in the search order, use the pkg set-publisher --searchafter command, followed by the name of the publisher that you want to be searched first,
and then the name of the publisher that you want to be searched thereafter (as shown in the
second example).

Oracle Solaris 11 Advanced System Administration 2 - 48

Disabling and Enabling a Publisher
To disable a publisher, run pkg set-publisher -d
publisher_name.
# pkg set-publisher –d solaris.com

To enable a publisher, run pkg set-publisher –e
publisher_name.
# pkg set-publisher –e solaris.com

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
There may
on be timeslwhen you need to disable a publisher temporarily. Suppose you have a
R
planned
ro server or network outage. To minimize client down time to other publishers, you
icedecide to temporarily disable your publisher. After the planned down-time window is past, you

can enable the publisher again.
To disable a publisher, use the pkg set-publisher command with the -d option, followed
by the publisher’s name, as shown in the first example in the slide. A disabled publisher is not
used in package operations, such as list and install. However, you can still modify the
properties of a disabled publisher.
Note: The highest-ranked publisher cannot be disabled.
Use the -e option with the pkg set-publisher command to enable a publisher, as shown
in the second example.
Note: To see the disabled or enabled status of a publisher, you can run the pkg publisher
command with the publisher’s name.

Oracle Solaris 11 Advanced System Administration 2 - 49

Changing a Publisher Origin URI
To change a publisher origin URI, run pkg set-publisher
-g newpublisher_URI -G oldpublisher_URI
newpublisher.
# pkg set-publisher -g http://pkg.example.com/support \
-G http://pkg.example.com/release solaris

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
There may
on be timeslwhen you want or need to change a publisher’s origin URI. For example,
R
you
ro want to switch pkg.example.com/release to pkg.example.com/support. The
icecommand to change a publisher’s origin URI is very similar to the command that you used to
add a new publisher to the local IPS server and remove the default solaris publisher. To
change the origin URI for a publisher, you add the new URI by using the -g option and
remove the old URI by using the -G option, as shown in the example in the slide.

Oracle Solaris 11 Advanced System Administration 2 - 50

Quiz
You want to set mypublisher.com as the highest-ranked
publisher for your local IPS repository. Which command would
you use to execute this task?
a. p
pkg
g publisher
p
–P mypublisher.com
yp
b. pkg publisher –n mypublisher.com
c. pkg set-publisher -P mypublisher.com
le
b
a
r
d. pkg set-publisher -e mypublisher.com
fe

an
r
t
n

Oracle Solaris 11 Advanced System Administration 2 - 51

Quiz
You have three publishers listed in the following order:
mypublisher.com (the highest-ranked publisher), solaris,
and whoisit. For search-order purposes, you want to move
the whoisit publisher before the solaris publisher. Which
command would you use to execute this task?
a. pkg set-publisher --search-before solaris
whoisit
ble
a
r
b. pkg set-publisher --search-after solaris nsfe
a
r
t
whoisit
on
n
awhoisit
c. pkg set-publisher --search-before
s
a
h ฺ
solaris
e
m)

co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Answer:oan
R
ro
ice

Oracle Solaris 11 Advanced System Administration 2 - 52

Lesson Agenda
•
•
•
•
•
•

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
As a system
an important part of your job is to manage multiple boot
on administrator,
R
environments
(BEs), which includes making a backup of the BEs. You learn how to do this in
ro
icethe next few slides.

Oracle Solaris 11 Advanced System Administration 2 - 53

b
a
r
e
f

Managing Multiple Boot Environments
This section covers the following topics:
• Mounting an inactive boot environment
• Installing a package on an inactive, mounted boot
environment
• Uninstalling a package on an inactive, mounted boot
environment
le
b
a
r
• Unmounting an inactive boot environment
fe
s
n
a
r
• Creating a snapshot of a boot environment
t
non
• Creating a boot environment from an existingasnapshot

s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l environments is part of a system administrator’s responsibility. Being
Managing
onmultiple boot
R
able
ro to create multiple BEs not only provides you with a full backup of your operating system
iceimage but also gives you the flexibility to create other BEs in which to install and test new
packages with your current applications before introducing them into the production
environment.

Oracle Solaris 11 Advanced System Administration 2 - 54

Listing the Boot Environments on the System
To list the boot environments on a system, run beadm list.
# beadm list
BE
Active
------solaris
NR
solaris-1 -

Mountpoint Space
---------- ----/
2.38G
169.0K

Policy
-----static
static

Created
------2012-11-08 03:50
2012-12-10 22:14

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n beforel you make any changes to the boot environments on your system, the
As you o
know,
R
ro thing that you should do is to determine the boot environments that exist on the system
efirst
by running the beadm list command, as shown in the example in the slide.

The environment presented here has two BEs, with the active or current BE being the
solaris BE.

Oracle Solaris 11 Advanced System Administration 2 - 55

Mounting an Inactive Boot Environment
To mount an inactive boot environment, run beadm mount
beName mountpoint.
# beadm mount solaris-1 /solaris-1
# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
NR
/
2.38G
static 2012-11-08 03:50
solaris-1 /solaris-1 169.01M
static 2012-12-10 22:14

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l been asked to install and test several new packages on the operating
Suppose
onthat you have
R
system.
ro You do not want to impact the production environment, so you decide to mount an
iceexisting inactive BE that is a copy of the existing active BE and use that for testing. To do this,
you must first mount the inactive BE.
To mount an existing inactive BE, you must run the beadm mount command followed by the
name of the inactive BE and the location of the mount point, as shown in the example in the
slide, where you are mounting the solaris-1 inactive BE to /solaris-1.

Note: If the directory for the mount point does not exist, the beadm utility creates the directory
and then mounts the boot environment on that directory. If the boot environment is already
mounted the beadm
mounted,
b d mount
t command fails and does not remount the boot environment at the
newly specified location.
To verify that the inactive BE is mounted, run the beadm list command again, as shown in
the example. As you can see, the boot environment is mounted but remains inactive.

Oracle Solaris 11 Advanced System Administration 2 - 56

Installing a Package on an Inactive,
Mounted Boot Environment
To install a package on an inactive boot environment,
run pkg –R mountpoint install packagename.
# pkg –R /solaris-1 install newpkg
Creating plan...
Packages to install:
Create boot environment:
Create backup boot environment:
DOWNLOAD
Completed
PHASE
Installing
I
t lli
new actions
ti
Updating package state database
Updating image state
Creating fast lookup database

1
No
No
PKGS
1/1

FILES
3/3
ITEMS
19/19
Done
Done
Done

XFER(MB)
0.1/0.1

SPEED
43.8k/s

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l inactive BE is mounted, you can install one or more packages by using
After verifying
on that the
R
the
ropkg install command with the uppercase -R option, the mount point location, and the
icepackage name, as shown in the example in the slide.
Note: The uppercase -R option specifies an alternate root to be used to identify the specific
packages to be installed or updated.

Oracle Solaris 11 Advanced System Administration 2 - 57

Uninstalling a Package on an Inactive,
Mounted Boot Environment
To uninstall a package on an inactive boot environment,
run pkg –R mountpoint uninstall packagename.
# pkg –R /solaris-1 uninstall newpkg

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l a package from an inactive mounted boot environment, the command
If you want
on to uninstall
R
isro
basically the same as that for the installation. But instead of using pkg install, you use
icepkg uninstall with the uppercase -R option, the mount point location, and the package
name, as shown in the example in the slide.

Oracle Solaris 11 Advanced System Administration 2 - 58

Unmounting an Inactive Boot Environment
To unmount an inactive boot environment,
run beadm unmount beName.
# beadm unmount solaris-1
# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
NR
/
2.38G
static 2012-11-08 03:50
solaris-1 170.01M
static 2012-12-10 22:14

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l BE, you must unmount it. To unmount an inactive BE, run the beadm
n reboot the
Before o
you
R
unmount
command, followed by the name of the inactive BE, as shown in the example in the
ro
iceslide.
Note: You cannot unmount the BE that is currently booted.
To verify that the inactive BE is unmounted, run the beadm list command again, as shown
in the example. As you can see, the boot environment is now unmounted.
From this point, you can activate the inactive boot environment by using the beadm
activate command, and then reboot the system.

Oracle Solaris 11 Advanced System Administration 2 - 59

Creating a Backup of a Boot Environment
To create a backup of the boot environment,
run beadm create BEname@snapshotdescription.
# beadm create solaris@backup
# beadm list –a solaris
BE/Dataset/Snapshot
------------------solaris
rpool/ROOT/solaris
rpool/ROOT/solaris/var
rpool/ROOT/solaris/var@2012-10-29-12:17:23
rpool/ROOT/solaris/var@backup
rpool/ROOT/solaris/var@install
rpool/ROOT/solaris@2012-10-29-12:17:23
rpool/ROOT/solaris@backup
rpool/ROOT/solaris@install
p
/
/

Active Mountpoint Space
------ ---------- -----

Policy Created
------ -------

NR
-

static
static
static
static
static
static
static
static

/
/var
-

2.27G
112.37M
760.5K
24.0K
18.86M
50.27M
0
53.28M

2012-10-29
2012-10-29
2012-10-29
2012-10-29
2012-10-29
2012-10-29
2012-10-29
2012-10-29

11:32
11:32
17:47
18:06
11:37
17:47
18:06
11:37

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To create
ona backup lof the boot environment, use the beadm create command followed by
R
roBE name and a backup description. In the example in the slide, you are creating a backup
ethe

Cic

of the solaris BE.

To verify that the backup was created, you can run beadm list -a followed by the BE name,
as shown in the example.

Oracle Solaris 11 Advanced System Administration 2 - 60

b
a
r
e
f

Creating a Boot Environment
from an Existing Backup
To create a boot environment from an existing backup, run
beadm create -e BEname@snapshotdescription
beName.
# beadm
b d create
t –e solaris@backup
l i @b k
solaris-2
l i 2
# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
NR
/
2.38G static 2012-11-08
solaris-1 170.01M static 2012-12-10
solaris-2 28.0K static 2012-12-10
# beadm activate solaris-2
# beadm list
BE
Active Mountpoint Space Policy Created
------- ---------- ----- ------ ------solaris
N
/
2.38G static 2012-11-08
solaris-1 170.01M static 2012-12-10
solaris-2 R
28.0K static 2012-12-10
# init 6

03:50
22:14
22:59

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
) 03:50
ฺ
e
m
d
o
i
22:14
ilฺc t Gu22:59
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
A backup
is not bootable. However, you can create a new boot
onof a boot environment
R
from an existing backup, and then activate and boot the new boot environment.
ro
eenvironment

To create a boot environment from a backup, use the beadm create -e
e command followed
by the backup description and a new BE name. In the example in the slide, you are creating a
new BE called solaris-2 from the backup solaris@backup.

To verify that the backup was created, run beadm list (as shown in the example). You can
see that solaris-2 is created.
To make the new BE the current boot environment, you must activate it and then reboot the
system, as shown in the example. Note that if you run the beadm list command again, you
can see that solaris-2 is now the BE that is active on reboot as designated by the R in the
Active column.

Oracle Solaris 11 Advanced System Administration 2 - 61

Practice 2-3 Overview:
Managing Multiple Boot Environments
This practice covers the following topics:
• Creating a new full BE based on the current BE
• Mounting and updating an inactive BE
• Creating a snapshot of a BE
• Deleting a BE
• Renaming a BE

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
This practice
on shouldl take about 30 minutes to complete.
R
ro
ice

Oracle Solaris 11 Advanced System Administration 2 - 62

Summary
In this lesson, you should have learned how to:
• Implement a plan for the Image Packaging System (IPS)
and package management
• Configure a local IPS package repository
• Configure network client access to a local IPS server
• Manage signed packages and package properties
ble
a
r
• Manage package publishers
fe
s
n
a
r
t
• Manage multiple boot environments
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 2 - 63

R
o
r
ce
an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
an
r
t
n
b
a
r
e
f

I t lli
Installing
Oracle
O
l Solaris
S l i 11 on Multiple
M lti l Hosts
H t

b
a
r
e
f

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
e
sOracle
o © 2013,
r
u
Copyright
and/or its affiliates. All rights reserved.
e
o
c
i
t
c
o ( ense
d
l
lic
ona

Objectives
After completing this lesson, you should be able to:
• Implement a plan for an Oracle Solaris 11 operating
system installation
• Install the Oracle Solaris 11 operating system by using the
Automated Installer
• Verify an Oracle Solaris 11 operating system installation
le
b
a
r
• Build an Oracle Solaris image by using the distribution
fe
s
n
constructor
-tra

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
This lesson
on explainsl how to perform an installation of the Oracle Solaris 11 operating system
R
on
romultiple hosts by using the Automated Installer (AI).
ice
It begins by discussing the importance of planning for the OS installation, including an
introduction to the automated installation method.

Next, you focus on how to install Oracle Solaris 11 by using the automated installation
method, and then how to verify the installation.
The lesson concludes by discussing how to build an Oracle Solaris image for distribution by
using a technology called the “distribution constructor.”

Oracle Solaris 11 Advanced System Administration 3 - 2

Workflow Orientation
AI INSTALL

IPS

MONITORING

DATA
STORAGE

RESOURCE
EVALUATION

NETWORK
CONFIGURATION

PROCESSES

ENTERPRISE
DATA CENTER

b
a
r
e
f

an
r
t
n

no
a
sNETWORK
a
h
VIRTUALIZATION
)
ฺ
e
m
d
o
i
AUDITING
ilฺc t Gu
a
n
e
gmSERVICES
d
PRIVILEGES @
tu
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n begin thel lesson, take a moment to orient yourself in the job workflow. So far, you
Before o
you
R
have
ro successfully set up a local IPS repository. The Automated Installer (AI) requires client
iceaccess to this IPS software package repository to install the OS on multiple client systems in
a network. The AI enables you to perform a hands-free installation of both SPARC and x86
systems.

Oracle Solaris 11 Advanced System Administration 3 - 3

Lesson Agenda
•
•

Planning for Oracle Solaris 11 Operating System
Installations by Using the Automated Installer
Installing Oracle Solaris 11 by Using the Automated
Installer
Building an Oracle Solaris Image

•

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 3 - 4

Reviewing Your Company’s Plan for an
Oracle Solaris 11 Implementation
Implementation plan review:
• Update all Solaris x86/64 machines to Oracle Solaris 11.
• Use the Automated Installer (AI) to install the operating
system.
system

•

– Allows flexible configuration for disk layout, users,
provisioning of zones, and software selection
ble
– Supports unattended installation on multiple machines
a
r
fe
s
n
– Saves significant installation time
ra

-t

on Solaris
Evaluate by using distribution constructor for future
n
a
s
image deployments.
a
h

)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
You may
onrecall fromlthe introductory practice orientation that your company is planning to
R
upgrade
ro all its Solaris x86/64 machines to Oracle Solaris 11. As part of that planning effort,
icethe company tests Oracle Solaris 11 functionality. After reviewing the installation method
options for Oracle Solaris 11 (LiveCD, text installer, and Automated Installer), the planning
committee decides that, because of the number of machines that your company needs to
upgrade, the Automated Installer (AI) will be used to perform the installation.

The benefit of using the AI is that you can install and configure the operating system ISO on
one server (either x86 or SPARC) and do not have to replicate the same installation effort on
other hosts. The AI provides you with flexible configuration for disk layout, users, provisioning
of zones
zones, and software selection
selection. Using AI
AI, the operating system can be installed on client
hosts unattended and without any manual intervention. This method saves significant
installation time and, therefore, is used widely in the industry.
In addition, the team also wants to evaluate using the distribution constructor for deploying
Solaris images.

Oracle Solaris 11 Advanced System Administration 3 - 5

Planning for an Oracle Solaris 11 AI Installation
The AI installation testing activities include:
• Identifying AI requirements
• Configuring the AI installation server
• Configuring the client system
• Implementing the configuration
• Verifying the installation

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
As part o
ofnthe Serverl Implementation team, you are responsible for completing many of the
R
eAIroinstallation testing activities, including those listed in the slide.
Note: Another team has been assigned the responsibility of evaluating the use of the
distribution constructor. However, you will be given an overview later in this lesson of how
Solaris images are built by using the distribution constructor.

Oracle Solaris 11 Advanced System Administration 3 - 6

Automated Installation: Overview
•
•

•

The AI automates the installation of the OS on one or more
SPARC and x86 systems over a network.
The installations differ in architecture, software packages,
disk capacity,
p
y, network configuration,
g
, and other
parameters.
Automated installation requires the following components:

n
thi
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
ld lice
a
n
The Automated
Installer is used to automate the installation of the Oracle Solaris 11 OS on
o
R
one
ro or more SPARC and x86 systems over a network. The installations can differ in
icearchitecture, software packages installed, disk capacity, network configuration, and other

b
– AI server: Provides the install service that contains the
a
r
e
sf
installation instructions for the client system
n
a
tr
n
– Client system to be installed: Accesses the IP address
no
a
information from the DHCP server
s
a
h
)
ฺ and boot
– DHCP server: Provides the initial IPm
addresses
e
d
o
i
information
ilฺc t Gu
a
n packages that are
m software
e
– IPS repository: Providesgthe
d
@ Stuto the client system
identified in the AIamanifest
ldo s file

parameters.

For an automated installation to run, the components presented in the slide are required.

Oracle Solaris 11 Advanced System Administration 3 - 7

Automated Installation Process

AI Server
Install Service
Manifests
M

...

Boot Image
DHCP
Server

IPS
Repository

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
1
ilฺc t3Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l illustrates the automated installation process:
The graphic
on in the slide
R
r1.o A client system boots and gets IP and boot information from the DHCP server.
ice

b
a
r
e
f

2 The client contacts an install service on the AI server and accesses the boot image and
2.
the AI manifest that contains the installation instructions.
3. The client is installed with the operating system, pulling packages from the IPS
repository that is specified in the installation instructions.

Oracle Solaris 11 Advanced System Administration 3 - 8

How the AI Works
Client uses HTTP to
download installation
programs from AI
image.

Boot client from
network.

Client contacts DHCP
server, gets IP
address and location
of boot program.

Client identifies
installation services
and chooses
matching service.

Client contacts
installation service
and gets installation
manifest.

Installation
successful?

User examines logs
and error messages
and determines
course of action.

Yes
Automatic
reboot set in
manifest?

User can examine logs
and reboot manually.

b
a
r
Yes
e
Hands-free client
sf SC
n
configuration;
uses
a
r
System reboots.
tdetermined
profiles
by
n
criteria
io i keywords
k
d in
i the
h
n
Client downloads
Automated installer
a
AI service
s
boot archive and
installs client from
a
h
loads kernel.
IPS repository
) Yes eฺ Hands-on client system
SC profiles
m
specified in manifest
o
determined
uses the
c Guid configuration;
and configures
ฺ
l
i
for
client?
administrator’s
a
t
system for use.
m den
responses in the
g
interactive system
@
u
t
No
configuration tool
do is S
l
a
n
h
ฺro use t
o
r
Copyright
Oracle and/or its affiliates. All rights reserved.
e © t2013,
o
c
i
c
o ( ense
d
l
a you have
lic set up an installation server with one or more installation services.
nthat
Suppose
o
R
You
have customized the installation specifications for the installation services to suit your
o
r
iceneeds. Now you are ready to install the Oracle Solaris 11 OS on the client systems on the
Client gets boot
program and loads it.

network. You need only to boot the client; the process runs to completion without further input
from you.

The flowchart in the slide illustrates how a client system is installed. The client browses for
available installation services, seeking a service where the installation criteria in the service’s
manifest file matches the characteristics of the client system. When a match is found, the
installation is performed on the client system by using a boot image, and the manifest and SC
profile specifications provided by the install service
service.

Oracle Solaris 11 Advanced System Administration 3 - 9

Quiz
Which AI component provides installation instructions to the
client system?
a. AI server
b DHCP server
b.
c. IPS repository

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 3 - 10

Lesson Agenda
•
•

Planning for Oracle Solaris 11 Operating System
Installations by Using the Automated Installer
Installing Oracle Solaris 11 by Using the Automated
Installer
Building a Solaris Image

•

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 3 - 11

Installing Oracle Solaris 11 by Using the AI
This section covers the following topics:
• Reviewing AI installation server requirements
• Configuring an AI installation server
• Configuring the client system
• Implementing the configuration
• Verifying the installation

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 3 - 12

Reviewing AI Installation Server Requirements
Hardware

Requirement

Disk space

Approximately 0.75 GB additional disk space for each
AI installation service after Oracle Solaris 11 OS has
been installed

Memory

Recommended minimum: 1 GB

Software

Requirement

Operating system

Oracle Solaris 11 must be installed.

IP address

A static IP address must be used.

Router

The default route must be set.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
DHCP
DHCP must be set up.lฺc
u
i
G
a
t
m bedsetenup locally.
g
IPS repository
The repository
must
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n start to configure
Before o
you
a server as your AI installation server, you must check whether
R
the
roserver meets the minimum hardware and software requirements to be an AI server.
ice
Starting with the hardware requirements, you must allow additional disk space for each AI
installation service that you need. The disk space requirement presented in the slide is in
addition to the disk space that you need for the Oracle Solaris 11 operating system. The
minimum requirement to operate an AI installation server is 1 GB of memory.

To meet the AI installation server software requirements, you must have the Oracle Solaris 11
release installed. You also need to configure the AI server to use a static IP address. If the
reactive network configurations are currently being used, it can be configured for static IP
addressing.
dd
i
AI clients
li t rely
l on DHCP tto obtain
bt i th
their
i iinitial
iti l IP addresses
dd
and
db
boott fil
files. Y
You can
configure the AI server to be the DHCP server by using the installadm command, or you
can use a DHCP server that is already set up in this network.
A local IPS repository needs to be properly configured on your AI server to install the Oracle
Solaris 11 OS on multiple network clients.

Oracle Solaris 11 Advanced System Administration 3 - 13

Verifying AI Install Server Software Requirements
Check the following to verify that the server is ready to be
configured as an AI server:
• Static IP address configuration
• Operational DNS
• IPS configured and available from the AI server
• Enabled DHCP server

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n that youl have selected the server that you want to use as your AI server and
Assumeonow
R
that
ro it meets the AI installation server disk space and memory hardware requirements.
ice

You have installed the Oracle Solaris 11 operating system and are now ready to verify that
the server meets the remaining software requirements. You do this by performing a series of
checks. You ensure that the system has been configured with a static IP address and that the
DNS is operational. You also ensure that an IPS repository and an IPS service are properly
configured and available locally from this AI server. Finally, you ensure that DHCP server is
enabled.

Oracle Solaris 11 Advanced System Administration 3 - 14

Verifying the Static IP Address
To verify that the operating system is configured with a static
IP address, run svcs network/physical, followed by ipadm

show-addr.
# svcs network/physical:default
STATE
STIME
FMRI
online
15:02:57 svc:/network/physical:default
# ipadm show-addr
ADDROBJ
TYPE
…
net0/v4
/
static
i
…
#

STATE

ADDR

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To verify
system is configured with a static IP address (that is, an IP
onthat the operating
R
ro that has been created manually and not dynamically through the reactive network
eaddress
ok
k

192.168.0.112/24
/

configuration or DHCP, for example), you first run the svcs network/physical:default
command to verify that the physical network connection has been manually configured. In the
example, you can see that the network that has been set up manually is online.
Next, you run the ipadm show-addr command to see the IP address information. In the
example, you can see that you have a static network connection for IP address
192.168.0.112/24, and that the state of the connection is ok.

Oracle Solaris 11 Advanced System Administration 3 - 15

Verifying That DNS Is Operational
To verify that the DNS is operational, run nslookup server
domain name.
# nslookup server1.mydomain.com
Server:
192.168.0.100
Address:
192.168.0.100#53

Name:
server1.mydomain.com
Address: 192.168.0.100

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l that the DNS is operational. To verify this, run the nslookup
Next, you
onwant to check
R
command
followed by the server’s domain name. In the example, you can tell from the output
ro
icethat the DNS is operational on this server.

Oracle Solaris 11 Advanced System Administration 3 - 16

Verifying That IPS Is Available Locally
To verify that the correct local IPS repository is available to
your server, run pkg publisher.
# pkg publisher
PUBLISHER
TYPE
solaris
origin

STATUS
online

URI
http://server1.mydomain.com

To test IPS on the local server by searching for the entire
package, run pkg search entire.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l it needs the Image Packaging System (IPS) to be configured correctly
For AI to
onwork properly,
R
and
ro to be available from the AI server. To verify that a local IPS repository is available to the
iceAI server, run the pkg publisher command and verify its URI.
# pkg
k search
h entire
i
INDEX
ACTION
pkg.fmri
set

VALUE
solaris/entire

PACKAGE
pkg:/entire@0.5.11-0.175.1.0.0.24.2

To test that the IPS service is available, search for a given package by using the pkg search
command. Searching for a package is a quick way of determining whether the IPS service is
available. Refer to the lesson titled “Managing the Image Packaging System (IPS) and
Packages,” which covers IPS-related tasks in greater detail.

Oracle Solaris 11 Advanced System Administration 3 - 17

Verifying That the DHCP Server Is Enabled
To verify that the DCHP server is enabled, run svcs -a |
grep dhcp.
# svcs -a | grep dhcp
disabled
0:37:40
disabled
0:37:40
disabled
0:37:40
online
1:05:06

svc:/network/dhcp/relay:ipv6
svc:/network/dhcp/server:ipv6
svc:/network/dhcp/relay:ipv4
svc:/network/dhcp/server:ipv4

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The final
oncheck that lyou must make to verify that the server is ready to be configured as an AI
R
server
ro is to make sure that the DHCP server is up and running. To do this, you run the svcs
ice–a | grep dhcp command, as shown in the example. The DHCP server should be in the
enabled state.

Oracle Solaris 11 Advanced System Administration 3 - 18

Practice 3-1 Overview:
Verifying System AI Requirements (Optional)
This practice takes you through the steps for checking the
existing version of Oracle Solaris 11 to verify the system
requirements for the AI installation.
Note: This p
practice is optional
p
and needs to be completed
p
only
y
if you have not completed the Practice 2 tasks.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The practices
on for thisl lesson are designed to reinforce the concepts that have been presented
R
inro
the lecture portion. These practices cover the following tasks:
ice • Practice
act ce 3
3-1: Verifying
e y g AI syste
system requirements
equ e e ts (opt
(optional)
o a)

•
•

Practice 3-2: Configuring the AI server
Practice 3-3: Deploying the OS on the network client

Practice 3-1 should take you about 15 minutes to complete.

Oracle Solaris 11 Advanced System Administration 3 - 19

Configuring the AI Install Server
1. Enable the DNS multicast service.
2. Create a directory for the AI service.
3. Verify the netmasks file configuration.
4 Create an AI installation service:
4.
–
–

With a DHCP setup
Without a DHCP setup

5. Review the default installation instructions.
6. Add installation criteria to an AI service.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l server meets the AI software requirements, you are ready to configure
After verifying
on that the
R
the
roAI install server. As discussed in the topic on planning for the installation, the AI server is
iceused to store an AI install image and contains the AI service. The AI service specifies the
installation instructions for installing the Oracle Solaris 11 OS on a client. To set up the AI
install server, you must complete the steps listed in the slide.

Oracle Solaris 11 Advanced System Administration 3 - 20

Enabling the DNS Multicast Service
To enable the DNS multicast service, run svcadm enable
svc:/network/dns/multicast.
# svcadm enable svc:/network/dns/multicast
# svcs network/dns/multicast
STATE
STIME
FMRI
online
1:32:27 svc:/network/dns/multicast:default

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the AI install server, you want to ensure that the DNS multicast service
As part o
ofnconfiguring
R
eisroenabled. To enable the DNS multicast service (svc:/network/dns/multicast) on the
AI server, run the following command:
# svcadm enable svc:/network/dns/multicast:default

You can then verify that the service is enabled by running the svcs
network/dns/multicast command as shown in the code example. As you can see in the
output, the DNS multicast service is now online.

Oracle Solaris 11 Advanced System Administration 3 - 21

Installing the AI Installation Tools
To install the AI installation tools, run pkg install
install/installadm.
# pkg install install/installadm

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l multicast service, your next task is to download the AI installation
After enabling
on the DNS
R
tools
ro package.
ice

Note: In this course, you do not perform this step in the practice; it is already done for you.
This package (the install/installadm package) contains the installadm utility that
enables you to perform the following:
• Create and enable install services.
• Set up and update a DHCP server.
• Add custom client installation and configuration instructions.
• Set criteria for clients to use custom installation and configuration instructions.
instructions
To install the AI installation tools, run the following command:
# pkg install install/installadm
In this example, by default, the install/installadm package is being downloaded from
the preferred publisher, which, on this system (as you might recall), is the solaris publisher.
Note: In the Oracle Solaris 11.1 release, installadm supports three new options to improve
fl ibili ffor administrators
flexibility
d i i
who
h maintain
i i a set off iinstallation
ll i services:
i
update-service,
update-profile, and set-service. For information, refer to the installadm (1M) man
page.
Oracle Solaris 11 Advanced System Administration 3 - 22

Setting Up the AI Boot Image
Download the AI boot image from:
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html

BOOT
IMAGE

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
c G
u
ilฺsame
Note: The AI ISO image must be the
version
as the
a
t
n
m
gto install
Oracle Solaris OS that you plan
de on the client.
@
u
t
o
ld is S
a
n
th
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
ld lice
a
n
Next, you
set
o up the AI boot image. AI uses this boot image to boot the client.
R
ro
iceNote: In this course, you do not perform this step in the practice; it is already done for you.
To download the AI boot image
image, go to the following site:

http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html
Be sure to download the Automated Install image and not the LiveCD image or the text install
image to the ZFS root pool file system that you created earlier.
The AI ISO image must be the same version as the Oracle Solaris OS that you plan to install
on the client.
Conversely, download the Oracle Solaris 11 SPARC Automated Install image for SPARC
clients or the Oracle Solaris 11 x86 Automated Install image for x86 clients. For x86, be sure
to download the .iso file and not the .usb file. The .usb file is not suitable for creating an
install service.

Oracle Solaris 11 Advanced System Administration 3 - 23

Configuring an AI Install Service
The AI install service:
• Associates an install image with a named install service
• Enables client systems to use the install service name to
find the correct install image
• Is associated with only one boot image
• Can be created with or without a DHCP setup

b
a
r
e
f

INSTALL
IMAGE

an
r
t
n

no
a
s
a
h
)
ฺ Client
Install Service
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n ready tol configure the AI install service.
You areonow
R
ro
iceThe AI install service associates an install image with a named install service. Client systems
use the install service name to find the correct install image.

An AI install server can have multiple install services. Each install service is associated with
only one boot image. To install both SPARC and x86 clients, for example, you need one
install service with a SPARC boot image and a second install service with an x86 boot image.
You can create an AI install service with or without a DHCP setup. The process is the same
for both x86 and SPARC clients.
Note: Oracle Solaris 11.1 has added support for a new set of role-based
role based authentication
control (RBAC) profiles and authorizations for managing the Automated Install service,
including the profile Install Service Management. If you have the Install Service Management
rights profile, you can use the pfexec command to create install services and add system
configuration profiles to an install service.

Oracle Solaris 11 Advanced System Administration 3 - 24

Verifying the netmasks File Configuration
To verify the netmasks file configuration, run getent
netmasks IP_Address.
# getent netmasks 192.168.0.0

If a network mask entry for the local subnet does not exist in
/etc/netmasks, update the file.
# vi /etc/netmasks
…
192 168 0 0 255
192.168.0.0
255.255.255.0
255 255 0

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n create thel AI service, you first need to verify that the netmasks file configuration
Before o
you
R
for
rothe DHCP service has been configured correctly. To do this, use the getent netmasks
icecommand followed by the IP address, as shown in the first example in the slide.
DHCP requires that the network mask for the local subnet should be configured in the
/etc/netmasks file. If an entry does not exist, you must update the netmasks file now, as
shown in the second example.

Oracle Solaris 11 Advanced System Administration 3 - 25

Creating an AI Install Service
with an ISC DHCP Server Setup
To create an AI install service with ISC DHCP server setup, run
installadm create-service, followed by the service
name, the path to the ISO image, the IP address range, and the
path to where the ISO image should be unpacked.
# installadm create-service -n basic_ai \
-s /opt/ora/course_files/sol-11_1-ai-x86.iso \
-i 192.168.0.130 -c 5 -d /export/ai/basic_ai
Creating service from: /opt/ora/course_files/sol-11_1-ai-x86.iso
Setting up the image ...
Creating service: basic_ai

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
Arch
Image
Path
o
i
ilฺc t Gu
------------a
n
x86gm /export/ai/basic_ai
e
d
x86
/export/ai/basic_ai
tu
o@
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l service with an ISC DHCP server setup, use the installadm
To create
onthe AI install
R
command as shown in the example.
ro
ecreate-service
Image path: /export/ai/basic_ai

# installadm list
Service Name Alias Of
Status
------------ ------------basic_ai
on
default-i386 basic_ai
on

Note: In this example, the DHCP service is already set up on the server and you are only
updating the DHCP with the new IP addresses for the named AI service.
As part of the installadm create-service command, you want to:
• Use the -n option to specify the service name (as shown in the code example)
• Use the -s option to specify the path to the AI ISO image file that is to be used to create
the service (as shown in the example)
service.
• Update the ISC DHCP server with the new IP addresses for the named AI service
In this example, the install service serves five IP addresses (-c), starting from
192.168.0.130 (-i).
•

Specify the path where you want the AI ISO image unpacked. The path where the ISO
image is unpacked is also called the target or net image. In this example, you unpack
the AI ISO image in /export/ai/basic_ai.

Note: When you create the AI install service, its directory is automatically created for you.

Oracle Solaris 11 Advanced System Administration 3 - 26

During the service creation process, the system displays a number of messages that verify
the creation of the target image, the DHCP server setup, the creation of the network table,
and the copy of the boot file. An example of the output is provided here:
_
Creating service: basic_ai
Setting up the target image at /export/ai/basic_ai ...
Refreshing install services
Creating default-i386 alias.
Setting the default PXE bootfile in the local DHCP configuration to
'default-i386/boot/grub/pxegrub'
Refreshing install services
You can verify your AI install service creation by using the installadm list command as
shown in the second example.
To remove an AI install service, use installadm delete-service svcname.
Note: You can also create the x86 AI install service from the net IPS package
pkg:/install-image/solaris-auto-install instead of an ISO. The following
command illustrates doing so without any options specified:

an
r
t
n

Cic

no
a
s
a
h
Creating service from: pkg:/install-image/solaris-auto-install
)
ฺ
e
m
d
o
i
Download: install-image/solaris-auto-install
uDone
ilฺc t...
G
a
Install Phase ... Done
m den
g
tu
Package State Update Phase ...
Done
o@
S
d
l
s
a Done
I
Image
State
St t Update
U d t Phase
Ph on...
D thi
r
ฺ
e
s
Reading Existing e
Index
ro ...
uDone
o
c
i
t
Indexing Packages
(c n...
e Done
s
o
ldservice:
e default_ai
Creating
c
a
i
l
n
o path: /export/auto_install/default_ai
Image
R
o
er
# installadm create-service -n basic_ai -y

Oracle Solaris 11 Advanced System Administration 3 - 27

b
a
r
e
f

Creating an AI Install Service
Without a DHCP Setup
To create an AI install service without a DHCP setup, run
installadm create-service, followed by the service
name, the path to the ISO image, and the path to where the
ISO image should be unpacked.
# installadm create-service -n s11-sparc \
-s /var/tmp/images/sparc/sol-11_1-ai-sparc.iso -d /install/images/s11-sparc
Creating service: s11-sparc
Setting up the target image at /install/images/s11-sparc ...
Service discovery fallback mechanism set up
Creating SPARC configuration file
Refreshing install services

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Now, you
onlook at howl to create an AI install service without a DHCP setup. In this example,
R
an
roAI install service is being set up for a SPARC client. DHCP is already set up on a different
iceserver or will be set up later.
Creating default
default-sparc
sparc alias
alias.

No local DHCP configuration found. This service is the default alias
for all SPARC clients. If not already in place, the following should be added to the DHCP
configuration:
Boot file : http://10.80.238.5:5555/cgi-bin/wanboot-cgi
Service discovery fallback mechanism set up
Creating SPARC configuration file
Refreshing install services

Again, you use the installadm create-service command, followed by the service
name, the path to the ISO image, and the path to where the ISO image should be unpacked.
If the create-service command does not detect DHCP on the AI install server, the
command output displays instructions for adding the boot file information to the DHCP
configuration table, dhcptab(4). For more information about how to create the DHCP
macro, see Installing Oracle Solaris 11 Systems.

Oracle Solaris 11 Advanced System Administration 3 - 28

Note About the AI SMF Service
•
•

Represents the overall state of the AI server application
and all the install services
Is enabled when installadm create-service is run

To enable the AI SMF service manually:

b
a
r
e
f

# svcadm enable svc:/system/install/server:default

To disable the AI SMF service manually:

an
r
t
n

Cic

no
a
s
a
# svcadm disable svc:/system/install/server:default
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
On the o
AInserver, thel SMF service svc:/system/install/server:default represents
R
rooverall state of the AI server application and all the install services.
ethe

The AI SMF service is enabled when you run the installadm create
create-service
service command.
The AI SMF service is also enabled when you run any other installadm command that
affects the existing install services.
You can manually enable and disable the AI SMF service by running the commands shown in
the examples in the slide. However, you should not disable the AI SMF service if any AI install
service is still enabled.

Oracle Solaris 11 Advanced System Administration 3 - 29

Adding a Client to the AI Install Service
To add a client to the AI install service, run installadm
create-client -c, followed by the client MAC address and
the AI install service name.
# installadm create-client -e 08:00:27:85:C7:D6 -n basic_ai
# installadm list -c
Service Name
Client Address
------------------------basic_ai
08:00:27:85:C7:D6

Arch
---i386

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
After creating
on the AIlinstall service and setting up DHCP, you are ready to add the client to the
R
AI
roinstall service. To do this, use the installadm create-client command, followed by
icethe client MAC address (specified by the -e option) and the AI install service name (specified

by the -n option), as shown in the example. This command tells a client exactly which install
service to use.

Note: A client can be associated with only one install service.
You can use the installadm list command with the -c option to verify that the client was
added to the AI install service, as shown in the code example.
To delete a client from an install service, use installadm delete-client, followed by the
client MAC address.

Oracle Solaris 11 Advanced System Administration 3 - 30

b
a
r
e
f

Image Path
---------/export/ai/default_ai

AI Manifest
•
•
•
•

Part of the AI install service
XML file that contains installation and configuration
instructions for one or more clients
Default manifest included in each boot image
Unpacked along with other files in the image

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n
As waso
discussed
inl the topic on planning for the installation, the AI install service provides
R
and configuration instructions that can be used for one or more clients. These
ro
einstallation
instructions are contained in an XML file called an AI manifest.

Each boot image includes a default AI manifest that can be used for clients of any install
service that is created by using this boot image.
The manifest is unpacked along with the other files in the image.

Oracle Solaris 11 Advanced System Administration 3 - 31

Identifying the Types of AI Manifests
•
•
•

Default AI manifest: Is an installation manifest that has no
criteria associated with it
Custom AI manifest: Provides installation criteria for a
specific
p
client
Criteria file: Allows client-specific installation instructions
to be associated with AI services

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
AI has three
on types ofl manifests:
R
r•o Default AI manifest: A default AI manifest is an installation manifest that has no criteria
ice assoc
associated
ated with
t it.
t The
e de
default
au t AI manifest
a est is
s used by cclients
e ts when
e no
o ot
other
e installation
sta at o

•

manifest’s criteria match the client.
Custom AI manifest: To perform different installations on different clients by using the
same install image, you provide customized AI manifests for that install service. Clients
that do not match the criteria specified to use any custom manifest are installed by using
the instructions in the default manifest.
Criteria file: The criteria file allows you to associate client-specific installation
i t ti
instructions
with
ith AI services.
i
When
Wh th
the client
li t matches
t h th
the criteria
it i th
thatt are specified
ifi d ffor a
criteria file, the client uses the associated manifest.

You now take a closer look at each manifest type, beginning with the default AI manifest.

Oracle Solaris 11 Advanced System Administration 3 - 32

b
a
r
e
f

Reviewing the Default AI Manifest (default.xml)

/publisher

(XML comments omitted)

pkg:/entire@0.5.11-0.175.1
pkg:/group/system/solaris-large-server

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
lfile of the default AI manifest provides a generic configuration that is
The default.xml
on
R
applicable
to most clients. You want to review this default manifest to determine whether it
ro
icemeets the needs of all the clients that use an install service based on this image.
This slide shows the default.xml file. The block defines the location of the
IPS origin as well as the software packages to install and uninstall. The entire package is
required so that the system is updated coherently when it is patched or upgraded in the future;
it should not be removed during or after system installation. The solaris-large-server
package is a group package of tools and device drivers that you might want in most
environments that you install. This package installs many network and storage drivers, Python
libraries Perl,
libraries,
Perl and much more
more.

Oracle Solaris 11 Advanced System Administration 3 - 33

System Configuration Profiles (SC Profiles)

i
'1 0'?

(comments omitted)

p p
type=“astring”
yp
g name="description"
p
value="default_user"/>

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
This slide
onshows thel beginning of a sample SC profile. Here you see the setup for the initial
R
user
ro (default is Jack) and the root role setup. A simple method for setting passwords is to
icecopy the passwords from the /etc/shadow file of the user records and add that information
into the password values in the profile.

Note: The system configuration profile (SC profile) specifies client system configuration as a
set of configuration parameters in the form of an SMF profile. The SC profile sets SMF
properties for appropriate SMF (Service Management Facility) services.
An SMF profile that contains the system configuration is applied during the first boot of the
system after installation. The SMF services that are responsible for particular configuration
areas process the
th SMF properties
ti and
d configure
fi
th
the system
t
accordingly.
di l
You can specify configuration of anything that is configurable via smf(5) properties. For
example, the SC profile can configure a root account, an initial user, keyboard layout, terminal
type, an IPv4 network interface (static or DHCP) and default route, an IPv6 network interface
(static or addrconf) and default route, and DNS (nameserver list, search list, and domain).
You can specify multiple sets of system configuration instructions (SC profiles) for each install
service. Multiple SC profiles can be associated with each client
service
client.

Oracle Solaris 11 Advanced System Administration 3 - 34

System Configuration Profiles (SC Profiles)

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l in the slide, you can see the type tags for the nodename, console
In the example
on shown
R
terminal
ro type, and keyboard.
ice

Oracle Solaris 11 Advanced System Administration 3 - 35

System Configuration Profiles (SC Profiles)

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the time zone and the locale type tags.
In this section,
on you see
R
ro
ice

Oracle Solaris 11 Advanced System Administration 3 - 36

System Configuration Profiles (SC Profiles)

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l file sets up key mapping and network configuration, which are invoked
The final
onportion of the
R
by
ronetwork configuration profiles (NCPs). NCPs can be set to Active or DefaultFixed,
icerespectively, depending on whether the network configuration should be automatic or manual.
Another option is being able to configure so that an interactive system configuration tool is
launched during the first reboot of an installed system. Note that, in this example, the active
NCP is set to “Automatic.”
Now that you are more familiar with the contents of the default.xml file and SC profiles,
you will look at what you must do to use this file and create a custom AI manifest to perform
different installations on different clients by using the same install image.

Oracle Solaris 11 Advanced System Administration 3 - 37

Adding an SC Profile to an Install Service
Use the installadm create-profile command to add the
profile_filename SC profile to the svcname install service.
# installadm create-profile
p
-n svcname -f p
profile_filename

Use the installadm validate command to validate SC
profiles for syntactic correctness.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n profiles lcan be specified in one create-profile command because a single
MultipleoSC
R
client
ro can use multiple SC profiles. The same client selection criteria, or overlapping criteria,
iceor no criteria can be specified for multiple profiles. When no criteria are specified, the profile is
# installadm validate -n svcname -p profile_name

used by all clients that use this install service.
You can use the installadm create-profile command to add the profile_filename SC
profile to the svcname install service.
Note: By adding the -c option followed by a criteria range to the create-profile
command, you can specify client selection criteria on the command line.
To validate that an SC profile is syntactically correct, you can use the install validate –n
svcname command, as shown in the second example in the slide. The -p option is used to
validate profiles that have already been added to the svcname install service by using the
create-profile subcommand.
Note: You can use the -P option followed by profile_name to validate profiles that have not
been added to the install service. profile_filename is a full path name to the file.

Oracle Solaris 11 Advanced System Administration 3 - 38

Creating a Custom AI Manifest
To create and apply a custom AI manifest, perform the
following steps:
1. Create a directory to store your manifest files.
2 Copy the default.xml
2.
default xml file to the basic_ai.xml
basic ai xml file.
file
3. Modify the basic_ai.xml file.
4. Add the new custom AI manifest to the appropriate AI
le
b
a
r
install service.
fe
s
n
5. Add the criteria file to associate the client host.
-tra

Cic

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To create
onand applyla custom AI manifest, you first create a directory to store your manifest
R
ro /var/tmp/manifests.
efiles:

Then you copy the default AI manifest to the /var/tmp/manifests/basic_ai.xml
/var/tmp/manifests/basic ai.xml file.
A copy of the default.xml file is located at
/export/ai/basic_ai/auto_install/manifest/default.xml or in the AI install
image at /auto_install/default.xml, where is the
directory reported in the installadm list output.
Next you modify the basic_ai.xml file. Be sure to reference the Oracle Solaris 11 AI
documentation for how to add tags and values to the new manifest file.
Note: There are tag requirements for every AI manifest, with options to add more tags.
For example, every manifest must have the following:
• Unique manifest name
• At least one IPS package repository specified
• The entire package installed

For more information about the optional tags, such as the and
tags and examples on how to use them
tags,
them, see the Oracle Solaris AI documentation.
documentation
When you finish your modifications, you can add the new custom AI manifest to the
appropriate install service. You need to specify the criteria that define the clients that should
use these installation instructions.
Oracle Solaris 11 Advanced System Administration 3 - 39

Selecting the AI Manifest
•
•

•

The criteria file associates installation instructions with the
client.
The AI manifest selection algorithm is as follows:
– The client does not match the criteria for any manifest: The
client uses the default manifest.
– The client matches the criteria for a single manifest: The
client uses that manifest.
ble
a
r
e
– The client matches the criteria for multiple manifests: Thensf
a
r
t
criteria are evaluated based on ordering.
n

The criteria file uses multiple non-overlapping
s acriteria.

ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l created an AI manifest. You can now create specific installation
Suppose
onthat you have
R
instructions
by client type by using a criteria file. The criteria file allows you to associate clientro
icespecific installation instructions with AI services. When the client matches the criteria that are
specified for a criteria file, the client uses that manifest.

An AI manifest is selected for a client according to the following algorithm:
• If custom manifests are defined for this install service but the client does not match the
criteria for any manifest, the client uses the default manifest.
• If the client matches the criteria that are specified for a single manifest, the client uses
that manifest.

Oracle Solaris 11 Advanced System Administration 3 - 40

•

If client characteristics match multiple manifests, the client characteristics are evaluated
in the following order:
- mac
- ipv4
- platform
- arch
- cpu
- network
- mem
- zonename
- hostname
For example, if one criteria specification matches the client’s MAC address and another
criteria specification matches the same client’s IP address, the manifest associated with
the MAC address criteria specification is used, because mac is higher priority for
selection than ipv4.

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

For more information about selection criteria
criteria, see the section titled “Selection
Selection Criteria”
Criteria in
Installing Oracle Solaris 11 Systems.

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 3 - 41

b
a
r
e
f

Criteria File: Examples
•

arch criteria
it i manifest
if t file:
fil

i86pc

•

mac criteria manifest file:

0:14:4F:20:53:94

ipv4 criteria manifest file:

192.168.0.114

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The slide
of the arch, mac, and ipv4 criteria files.
onshows examples
R
ro
ice
•

b
a
r
e
f

Oracle Solaris 11 Advanced System Administration 3 - 42

Adding Installation Criteria to an AI Manifest
To create a manifest for a service and associate it with
installation criteria, run installadm create-manifest,
followed by the service name, the manifest’s file path name,
and the criteria file’s path name.
# installadm create-manifest –n basic_ai \
-f /var/tmp/manifests/basic_ai.xml \
-C /var/tmp/manifests/criteria_ai.xml
# installadm list -m
Service Name
Manifest
------------------basic_ai
basic_ai
orig_default
default-i386
orig_default

Status
------

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
# installadm list -m -n basic_ai
e
m
d
o
i
Manifest
Status
Criteria
ilฺc t Gu
a
-------------------m den
g
basic_ai
mac = 08:00:27:85:C7:D6
tu
orig_default
Default None o@
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l created both a new custom AI manifest and a criteria file that specifies
Suppose
onthat you have
R
the
roMAC installation criteria. To add the installation criteria to the AI manifest, use the
iceinstalladm create-manifest command, followed by the AI service name using the -n
Default
Default

option, the -f option and the path name of the custom AI manifest file, and the -C option and
the path name of the criteria file.
In this example, when a client meets the criteria identified in the criteria_ai.xml criteria
file, basic_ai.xml is applied to that client.

To verify that the manifests have been added to the AI service, use the installadm list m command, as shown in the example in the slide. First, you run the command to list the
service
i name and
d th
the name off th
the custom
t
manifest,
if t and
d th
then you run th
the command
d again
i
with the service name to see the installation criteria associated with that manifest.
Note: You can also specify the criteria on the command line, as in the following example:
# installadm create-manifest -n basic_ai \
-f /var/tmp/manifests/basic_ai.xml \
-c mac=08:00:27:85:C7:D6-08:00:27:85:C7:D7
You can also use set-criteria to modify the criteria after the manifest has been created.

Oracle Solaris 11 Advanced System Administration 3 - 43

Practice 3-2 Overview:
Configuring the AI Server
This practice covers the following topics:
• Enabling the DNS multicast service
• Verifying the netmasks file configuration
•
•
•
•

Creating an AI install service with a DHCP setup
Adding installation criteria to an AI service
Creating a directory to store the AI manifest files
Modifying the AI manifest files

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 3 - 44

Configuring the Client System
This section covers the following topics:
• Identifying the client system requirements
• Using Secure Shell to remotely monitor an installation

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
After completing
thel install server configuration management tasks, you are ready to
on
R
configure
the client system. First, you must identify the client system requirements. After
ro
iceidentifying the requirements, you create a customer system configuration (SC) profile. You
use Secure Shell to monitor the installation remotely, and then you review the client
installation messages to verify that the installation went smoothly.

Oracle Solaris 11 Advanced System Administration 3 - 45

Identifying Client System Requirements
Client System

Requirement

Disk space

Recommended minimum: 13 GB

Memory

Recommended minimum: 1 GB

Architectures

• X86: 64-bit only
• SPARC: Oracle Solaris M-series and T-series systems
only

Network access

• DHCP server that provides network configuration information
• AI install server
• IPS repository that contains the packages to be installed on the
client system

an
r
t
n

no
a
s
a
Additional SPARC client system requirements:
h
)
ฺ
e
m
d
o
i
• WAN boot support
ilฺc t Gu
a
n
m deversion
• Firmware that includes thegcurrent
of the OBP that
@
u
t
contains the latest WAN
Ssupport
do boot
l
s
a
i
n
h
ฺro use t
o
r
Copyright
Oracle and/or its affiliates. All rights reserved.
e © t2013,
o
c
i
c
o ( ense
d
l
lic over the network, SPARC and x86 client systems must meet the
na installation
For automated
o
R
requirements
listed in the table in the slide. Any system that meets these requirements can be
o
r
e

Cic

used as an AI install client, including laptops, desktops, virtual machines, and enterprise
servers.

There are two additional SPARC client system requirements: WAN boot support and firmware
that has been updated to include the current version of the Open Boot PROM (OBP) that
contains the latest WAN boot support.
Note: The recommended minimums are subject to change with the final release of the
software. See the release notes for final disk space and memory recommendations.

Oracle Solaris 11 Advanced System Administration 3 - 46

b
a
r
e
f

Using Secure Shell to Remotely
Monitor an Installation
•

For x86 client installations, the menu.lst file is located in:
– /etc/netboot/menu.lst.01MAC_address if
installadm create-client was used
_
if
– /etc/netboot//menu.lst
installadm create-client was not used

•

For SPARC client installations, system.conf and
wanboot.conf are in:

s
n
a
r
-tfiles
For the default-sparc
p
service,, symlinks
y
to these
n
o
an
are in /etc/netboot.
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n
You canoremotely
monitor
an installation in progress by using Secure Shell. You can do this
R
by
rosetting the livessh option to enable in the installation configuration file. After enabling
iceaccess, you can log in to the AI client by using jack for both the username and password.
– /etc/netboot/

For x86 client systems, the menu.lst configuration file is created in the /etc/netboot/
directory with one of the following file name formats:
• If you used the installadm create-client command, the file name is
/etc/netboot/menu.lst.01MAC_address, where MAC_address is the MAC
address that was specified in the installadm create-client command.
• If you did not use the installadm create-client command, the file name is
/
/etc/netboot/menu.lst,
/
/
i
where
h
service_name
i
i th
is
the iinstall
t ll
service name that was specified in the installadm create-service command.
For SPARC client systems, the system.conf and wanboot.conf files are located in
/etc/netboot/ if you have created an install service by using the
installadm create-service command. For the default-sparc service, symlinks to
these files are in /etc/netboot.

Oracle Solaris 11 Advanced System Administration 3 - 47

b
a
r
e
f

Implementing the Configuration
•

To boot a SPARC client and start an installation, use the
following command from the OBP prompt:
OK boot net:dhcp - install

•

To boot an x86 client from the network
network, from the GNU
GRUB menu, select the Oracle Solaris 11 11/11
Text Installer and command line boot option.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l install server, you created at least one install service for each client
When you
onset up your
R
architecture
and each version of the Oracle Solaris OS that you plan to install. When you
ro
icecreated each install service, you created customized installation instructions and post-

installation configuration instructions for different clients as needed. You are now ready to
implement the configuration. To start the automated installation, you only need to boot the
client.
The boot instructions for the SPARC and x86 clients are presented in the slide. Provide the
configuration information when prompted.
Note: If you select the second install option shown in the GRUB menu, the AI installation
starts
t t automatically.
t
ti ll

Oracle Solaris 11 Advanced System Administration 3 - 48

Reviewing Client Installation Messages
If the client install is successful, you see the following:
• Automated Installation started message
Automated Installation started
The progress of the Automated Installation will be output to
the console
Detailed logging is in the logfile at
/system/volatile/install_log
Press RETURN to get a login prompt at any time.

•

Automated Installation succeeded message

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If the client
on is able tol successfully boot and download the install files, you see the
R
“Automated
Installation started” message. You can log in as the root user with
ro
icethe password solaris to monitor the progress of the installation via the installation log, by
Automated Installation finished successfully
The system can be rebooted now
Please refer to the /system/volatile/install_log file for
details
After reboot it will be located at
/var/sadm/system/logs/install_log

using tail -f /system/volatile/install_log.
Note: To stop the tail –f command, press Ctrl + C.

After the installation has completed successfully, you see the “Automated Installation
finished successfully” message. You have the option of rebooting at this time. The
client does not automatically reboot after a successful installation. You do, however, have the
option of setting up an automatic reboot in the AI manifest. To enable the automatic reboot,
you set the auto_reboot
t
b t attribute of the
i i t
tag to true.
t
To reboot manually
manually,
run the init 6 command.
If a client installation fails, there are several actions that you can take based on the kind of
errors you see:
• Check the installation logs located at /system/volatile/install_log.
•

Check the connection to the IPS repository. If a client cannot resolve the name of the
IPS repository during installation,
installation an error is generated.
generated For this type of error
error, see if the
client can ping the repository. If you get no response, you may have a connectivity
problem. If the ping comes back as not having recognized the host, you may have a
DNS problem.
Oracle Solaris 11 Advanced System Administration 3 - 49

•

Check whether DNS is configured on your client. You can do this by verifying that a nonempty /etc/resolv.conf file exists. If this file does not exist or is empty, check that
your DHCP server is providing the DNS server information to the client by running
/sbin/dhcpinfo DNSserv. If this command returns nothing, the DHCP server is not
set up properly. You need to contact your DHCP administrator to correct the problem.
Check client boot errors. There are a number of possible causes for networking boot
errors to occur on both SPARC and x86 systems, such as timing out issues or boot load
failures. For more information about the types of errors that may occur and the possible
causes of these errors, as well as suggested solutions, see Installing Oracle Solaris 11
Systems.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 3 - 50

Practice 3-3:
Deploying the OS on the Network Client
This practice covers deploying the Oracle Solaris 11 operating
system on a network client.

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 3 - 51

Lesson Agenda
•
•
•

Planning for Oracle Solaris 11 Operating System
Installations by Using the Automated Installer
Installing Oracle Solaris 11 by Using the Automated
Installer
Building an Oracle Solaris Image

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l how to build an Oracle Solaris image by using a technology called the
This topic
onbriefly covers
R
“distribution
constructor.”
ro
ice

Oracle Solaris 11 Advanced System Administration 3 - 52

Introducing the Distribution Constructor
•

Is a command-line tool that is used to build:
– Preconfigured custom Oracle Solaris images
– An ISO image based on the XML manifest file

•

Allows creation of the following Oracle Solaris image types:
–
–
–
–

x86 or SPARC Oracle Solaris text installer image
Oracle Solaris x86 live CD image
ble
a
x86 or SPARC ISO Image for Automated Installations
r
fe
s
n
x86 Oracle Solaris Virtual Machine
tra

n
o
• Is
I distributed
di t ib t d iin th
the di
distribution-constructor
t ib ti
t t package,
which
hi h
a kn
s
contains:
ha ฺ
)
deits files
– The distro_const command-line
utilityuand
om
i
c
ฺ
l
ai nt G
– Sample manifest files
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The distribution
is a command-line tool for building preconfigured Oracle Solaris
on constructor
R
images.
ro These images can be used to install the Oracle Solaris software on individual
icesystems and multiple systems that run the Oracle Solaris 11 operating system.

The distribution constructor takes an XML manifest file as input and builds an ISO image that
is based on the parameters specified in the manifest file.
Using the distribution constructor, you can create the following types of Oracle Solaris
images:
• x86 or SPARC Oracle Solaris text installer image
g
• Oracle Solaris x86 live CD image
• x86 or SPARC ISO Image for Automated Installations
The distribution constructor is distributed in the distribution-constructor package. The
distribution-constructor package contains the distro_const command-line utility for
building custom Oracle Solaris images. It also contains sample manifest files that are used to
build the various image types.

Oracle Solaris 11 Advanced System Administration 3 - 53

Identifying System Requirements for
Using the Distribution Constructor
Requirement

Description

Disk space

Recommended minimum: 8 GB

Oracle Solaris release

• SPARC or x86 Oracle Solaris 11 operating system
(OS) must be installed.
• Network access to the IPS repositories specified in
the manifest file is required.
• SPARC images can be created only on a SPARC
system.
• X86 images can be created only on an x86 system.
• The Oracle Solaris release version must match the
release
l
version
i off th
the iimage tto b
be b
built
ilt with
ith th
the
distribution constructor.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
) package
ฺ must be
Required packages
The distribution-constructor
e
m
d
o
i
installed.
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
This slide
onshows thel system requirements to use the distribution constructor. The
R
recommended
minimum disk space for the distribution constructor workspace is 8 GB.
ro
ice

You must have the SPARC or x86 Oracle Solaris 11 operating system (OS) installed on your
system. Your installed Oracle Solaris system must have network access. Because the
distribution constructor accesses the Image Packaging System (IPS) repositories that are
available on the network to retrieve packages for the ISO image, you must have network
access to the repositories that you specify in the manifest file. When using the distribution
constructor, you can create SPARC images only on a SPARC system. And you can create
x86 images only on an x86 system. In addition, the Oracle Solaris release version on your
system must be the same as the release version of the image that you use with the
distribution constructor.
Note: To run the distribution constructor on your system, you must assume the root role by
executing the su - command.
You must have the distribution-constructor package installed on your system.
Note: You can use the Package Manager tool to install the required package, or you can use
IPS commands to install this package:
# pkg install distribution-constructor

Oracle Solaris 11 Advanced System Administration 3 - 54

Using Distribution Constructor Manifest Files
Manifest File

Manifest Type

Description

dc_text_x86.xml

x86 text installer ISO image

Used to create an ISO image that you can
boot to initiate a text installation of the
Oracle Solaris OS on x86 machines

dc_text_sparc.xml
p

SPARC text installer ISO
image

Used to create an ISO image that you can
boot to initiate a text installation of the
Oracle Solaris OS on SPARC machines

dc_livecd.xml

x86 live CD ISO image

Used to create an ISO image that is
comparable to the Oracle Solaris live CD

b
a
r
dc_ai_sparc.xml
e
SPARC AI ISO image
Used to create a SPARC AI ISO image forf
s
n
automated installations of the Oracle
a
r
Solaris OS to SPARC clients n-t
o
dc_ai_x86.xml
x86 AI ISO image
Used to create an x86
AIn
ISO image for
a
s of the Oracle
automated installations
a
h
Solaris OS)to x86 clients
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l manifest files that are shipped with the distribution-constructor
This slide
onlists the default
R
package.
After you install the distribution-constructor package, you can locate these manifest
ro
icefiles in the /usr/share/distro_const directory.
You can create your own custom scripts. If you do create new scripts, you must edit the
manifest files to point to these new scripts. See Creating a Custom Oracle Solaris 11
Installation Image for more information about creating custom scripts.
Note: To see the list of checkpoints, you can run:
# distro_const build -l manifest

Oracle Solaris 11 Advanced System Administration 3 - 55

Building an Image
•

The build can be performed in one step:
– distro_const build manifest

•
•

Checkpointing is enabled by default.
The build can be stopped and resumed at a specific
checkpoint (step):
– distro_const build -p step manifest
– distro_const build -r step manifest

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n an OSl in one step or in stages. To build an image in one step, use the
You canobuild
R
distro_const
build manifest command without any options. manifest is the name of
ro
icethe manifest file that you want to use as the blueprint for your image.
To build an image in stages, use the options provided in the distro_const command to
stop and restart the build process at various steps in the image generation process. This
approach enables you to check and debug your selection of files, packages, and scripts for
the image that is being built. This process of stopping and restarting during the build process
is called checkpointing, and it is enabled by default in the manifest file.
To stop and resume at a specific checkpoint, use the following commands:
• distro_const
di
build
b ild -p step manifest
if
• distro_const build -r step manifest

Oracle Solaris 11 Advanced System Administration 3 - 56

Quiz
The distribution constructor is used to create only Oracle
Solaris SPARC text installer images.
a. True
b False
b.

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 3 - 57

Quiz
Which command enables you to build an OS image in one
step?
a. distro_const
b distro_const
b.
distro const build
c. distro_const build manifest

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 3 - 58

Quiz
The process of stopping and restarting during the image build
process is called ________.
a. checking
b checkpointing
b.
c. spotcheck

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 3 - 59

Summary
In this lesson, you should have learned how to:
• Implement a plan for an Oracle Solaris 11 operating
system installation
• Install the Oracle Solaris 11 operating system by using the
Automated Installer
• Verify an Oracle Solaris 11 operating system installation
le
b
a
r
• Build an Oracle Solaris image by using the distribution
fe
s
n
constructor
-tra

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
In this lesson,
how to set up an AI server and use the Automated Installer to
on you learned
R
install
ro the Oracle Solaris 11 OS on multiple hosts in accordance with an operating system
iceinstallation plan.
You then learned how to build a Solaris image by using the distribution constructor.

Oracle Solaris 11 Advanced System Administration 3 - 60

M
Managing
i
Business
B i
Application
A li ti
Data
D t

b
a
r
e
f

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

Objectives
After completing this lesson, you should be able to:
• Implement a plan for data storage configuration and
backup
• Manage data redundancy with a mirrored storage pool
• Configure data backup and restore by using ZFS
snapshots
le
b
a
r
• Manage data storage space by using ZFS file system
fe
s
n
a
properties
r
t
on
n
• Troubleshoot
T bl h t ZFS issues
i
a

s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l how to use the many powerful features of ZFS to manage your
This lesson
on discusses
R
business
application data.
ro
ice

Oracle Solaris 11 Advanced System Administration 4 - 2

Workflow Orientation
IPS

AI INSTALL
MONITORING

RESOURCE
EVALUATION

DATA
STORAGE

NETWORK
CONFIGURATION

PROCESSES

ENTERPRISE
DATA CENTER

b
a
r
e
f

an
r
t
n

no
a
sNETWORK
a
h
VIRTUALIZATION
)
ฺ
e
m
d
o
i
AUDITING
ilฺc t Gu
a
n
e
gmSERVICES
d
PRIVILEGES @
tu
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n begin thel lesson, take a moment to orient yourself in the job workflow. You have
Before o
you
R
successfully
installed the operating system by using AI and you have created a local IPS
ro
icerepository. Your next task is to set up and manage storage for your company’s business
application data, such as customer and product information. Providing an environment in
which data is readily accessible while at the same time secure is an important aspect of a
system administrator’s day-to-day responsibilities.

Oracle Solaris 11 Advanced System Administration 4 - 3

Lesson Agenda
•
•
•
•
•

Planning for Data Storage Configuration and Backup
Managing Data Redundancy with Mirrored Storage Pools
Backing Up and Recovering Data with ZFS Snapshots
Managing Data Storage Space with ZFS File System
Properties
Troubleshooting ZFS Failures

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 4

b
a
r
e
f

Planning for Data Storage
Configuration and Backup
•
•

Ensure that critical business application data is protected,
backed up, recoverable, and accessible.
The decision has been made to support the business
applications
pp
by:
y
–
–
–
–

Providing data redundancy by using mirrored storage pools
Setting up file systems to store the data
ble
Backing up the file systems by using snapshots
a
r
e
f
s
n
Minimizing storage space by using the ZFS file systemra
t
p
property
p
p y
compression
on-

Cic

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
As parto
ofnthe Oraclel Solaris 11 implementation plan, your company wants to ensure that its
R
ro application data is protected, backed up regularly, and easily recoverable. At the same
ecritical
time, your company wants to ensure that the data remains highly accessible to its users. And,
where possible, it wants to minimize data storage space requirements. The implementation
planning committee has decided to use the power and flexibility of ZFS to meet these
objectives by:
• Providing data redundancy by using mirrored storage pools
• Setting up file systems to store the data
• Backing up the file systems that store the data by using the ZFS snapshot technology
• Minimizing the amount of file system space that is needed to store the data by using the
ZFS compression property

Oracle Solaris 11 Advanced System Administration 4 - 5

Determining Storage Pool Requirements
As part of planning, the following storage pool requirements
should be identified:
• Devices

•

– Disks that are at least 128 MB in size
– Not in use by other parts of the operating system
– Individual slices on a preformatted disk or entire disks
ble
formatted as a single, large slice
a
r
fe
– Use of log and cache devices for improved performanceans

Level of data redundancy option

– Non-redundant (striped) configurations as
) h eฺ
m
– Mirrored
co Guid
ฺ
l
i
– RAID-Z
ma nt

tr
n
no

g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n up thel data storage environment, the ZFS storage pool requirements need to
Before o
setting
R
be
roidentified. First, the devices that will be used to store the company’s data need to be
iceidentified. The devices that are selected must meet the following criteria:
•
•
•
•

They must be disks that are at least 128 MB in size.
They must not be in use by other parts of the operating system.
The devices can be individual slices on a preformatted disk, or they can be entire disks
that ZFS formats as a single, large slice.
You also want to decide whether to include cache and log devices in the storage pool or
not. Because ZFS processes synchronous transactions by allocating space from the
main storage pool, having a separate device for the intent log on a Solid State Drive
(SSD) or a dedicated disk may improve performance for some workloads. Cache
devices provide an additional layer of caching between the main memory and disk.
Using cache devices provides the greatest performance improvement for random readworkloads of mostly static content.

The level of redundancy is another storage requirement that should be addressed during
planning. The level of redundancy determines the types of hardware failures the pool can
planning
withstand. ZFS supports non-redundant (striped) configurations, as well as mirroring and
RAID-Z (a variation on RAID-5 and RAID-6). As you know, your company has decided to use
mirrored storage pools.
Oracle Solaris 11 Advanced System Administration 4 - 6

Mirrored Storage Pool Data Redundancy Features
•

Data redundancy features
– Mirrored storage pool configuration options
– Self-healing data

•

Dynamic striping

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
In ZFS,o
an
mirrored storage
pool provides data redundancy through its configuration options
R
ro self-healing data features. ZFS also supports dynamic striping in a mirrored storage pool.
eand

Cic

Oracle Solaris 11 Advanced System Administration 4 - 7

Mirrored Storage Pool Configuration
•
•
•

At least two disks are required.
Many disks can be used.
Multiple mirrors can be created in each pool.
Mirror Device

Mirror Device

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
c1t0d0 c2t0d0
u c5t0d0 c6t0d0
c1t0d0 c2t0d0 lc3t0d0
i ฺc t Gc4t0d0
a
m den
g
Simple Mirrored
Complex
@ Stu Mirrored Configuration
o
Configuration
d
al this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l configuration requires at least two disks, preferably on separate
A mirrored
onstorage pool
R
Many disks can be used in a mirrored configuration. In addition, you can create
ro
econtrollers.
multiple mirrors in each pool.

The graphic on the left shows an example of a simple mirrored configuration. The storage
pool contains one mirror with two disks. In this example, you can lose only one disk before
you start losing data.
An example of a more complex mirrored configuration is shown in the graphic on the right.
Here the storage pool contains two mirrors with three disks each.
With the more complex mirrored configuration example, you can lose up to two disks in each
mirror and not lose any data.

Oracle Solaris 11 Advanced System Administration 4 - 8

Self-Healing Data
•
•

This is supported in a mirrored or RAID-Z configuration.
When a bad data block is detected:
– Correct data is fetched from another replicated copy
– Bad data is repaired by replacement with the good copy

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
ZFS provides
data in a mirrored or RAID-Z configuration. When a bad data
on for self-healing
R
block
ro is detected, not only does ZFS fetch the correct data from another replicated copy, but it
icealso repairs the bad data by replacing it with the good copy.

Oracle Solaris 11 Advanced System Administration 4 - 9

Dynamic Striping
•
•
•

Data is dynamically striped across all top-level virtual
devices.
Data placement is done at write time.
When a new virtual device is added
added, data is gradually
allocated to the new device.

b
a
r
e
f

Note: Although ZFS supports combining different
s
n
a
types of virtual devices within the same pool, -the
r
t
on
recommended practice is to use top
top-level
levelnvirtual
s a redundancy
devices of the same type with the hsame
a
level in each virtual device. om) ideฺ

ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l data across all top-level virtual devices. The decision about where to
ZFS dynamically
stripes
on
R
place
ro data is done at write time, so no fixed-width stripes are created at allocation time. When
icenew virtual devices are added to a pool, ZFS gradually allocates data to the new device to
maintain performance and space allocation policies.

Note: Although ZFS supports combining different types of virtual devices within the same
pool, this practice is not recommended. This is because your fault tolerance is only as good
as your worst virtual device. The recommended practice is to use top-level virtual devices of
the same type with the same redundancy level in each virtual device.

Oracle Solaris 11 Advanced System Administration 4 - 10

Dynamic Striping in a Mirrored Pool

Stripe 1

Data

Mirror Device

Stripe 2

Mirror Device

b
a
r
e
f

an
r
t
n

no
a
has 36ฺ GB
36 GB
36 GB
36)GB
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l shows how data is striped across mirrored top-level virtual devices. In
The graphic
on in the slide
R
this
ro configuration, you have two top-level mirrored virtual devices, each containing two disks
iceof 36 GB. This configuration provides data redundancy. You can lose a disk in either mirrored
Mirrored Devices

set and still not suffer any loss of data.

Note: A virtual device is a logical device in a pool that can be disks, disk slices, or files. A
pool can have any number of virtual devices at the top of the configuration, known as top-level
virtual devices or top-level vdevs. You can configure these virtual devices to stand alone
within a pool (referred to as an unreplicated or non-redundant configuration) or combine them
into a mirror or RAID-Z virtual device to provide data redundancy. Disks, disk slices, or files
that are used in pools outside of mirrors and RAID-Z
RAID Z virtual devices function as top
top-level
level
virtual devices themselves.

Oracle Solaris 11 Advanced System Administration 4 - 11

Determining File System Requirements
•

Determine how to set up your file systems to:
– Store business application data efficiently
– Facilitate data backup and restore operations

•

One recommended approach is to:
– Create one file system for the main application
– Create sub–file systems for each of the sub-applications

•

This approach ensures the ease of:
–
–
–
–

b
a
r
e
f

an
Backing up the entire file system
r
t
on
n
B ki up th
Backing
the d
data
t on each
h off th
the sub–file
b fil systems
t
a
s
a
Restoring the entire file system
) h eฺ
m
idlevel and having
Setting file system properties atlthe
cohighest
u
ฺ
i
G
a nvalues
t
sub–file systems inherit them
property

g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l requirements have been identified, the next thing that needs to be
n
After the
pool
ostorage
R
determined
is the file system requirements. Generally, you create a file system for each
ro
icebusiness application that is running on the system. Within that file system, you create sub–file
systems to support each of the main application’s sub-applications. For example, suppose
that your company uses the Oracle Customer Relationship Management (CRM) application.
To support this application, you create a file system in your mirrored storage pool for this
application. You then create sub–file systems for each of the Oracle CRM sub-applications,
such as Finance, Marketing, and HR.

The benefits of this approach are that because one business application can be stored in one
file system,
system the file system can be backed up easily in one command by creating a ZFS
snapshot. In addition, every application can have its data backed up separately. Conversely,
when you need to restore the entire file system (that is, the whole application), you can do so
easily with one command by using the ZFS rollback snapshot feature.
Other benefits of this approach are that ZFS file system properties can be managed at the
highest level and sub–file systems can inherit the property values.

Oracle Solaris 11 Advanced System Administration 4 - 12

Identifying Your Data Backup
and Restore Strategy
As part of planning, you should identify your data backup and
restore strategy:
• Use ZFS snapshots to create file system backups.
• Use send and receive commands to save incremental
changes between snapshots or for remote replication.

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n saw, yourl data backup and restore strategy should be a part of your file system
As you o
just
R
ro requirements discussion. Your strategy should clearly indicate how you intend to back
elayout

up and restore application data. Having a strategy in place for backing up and restoring critical
application data is crucial to the success of any company.
Through its snapshot technology, ZFS provides a fast and easy way to not only back up data
but also to recover data. Knowing how snapshots work and how they consume space as they
change is important when you formulate your backup and restore strategy. Your strategy
should also include naming conventions for snapshots, how often snapshots are taken, and
how they are maintained. You will be able to create initial backups of your file systems by
using snapshots
snapshots. For backing up data
data, you use the ZFS send/receive functionality that allows
you to save incremental changes between snapshots or to replicate a ZFS file system in a
remote location. You can copy the file system from one system to another system. You learn
how to use the send/receive functionality later in this lesson.

Oracle Solaris 11 Advanced System Administration 4 - 13

Determining Ways to Save Data Storage Space
As part of planning, you should determine ways to save data
storage space.
ZFS offers a file system compression property that:
•
•

Is used to enable or disable compression for a file system
Compresses only new data on an existing file system if it is
enabled after file system creation

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l concerned about having enough space to store their data. Finding ways
Many companies
are
on
R
toro
minimize the amount of data storage space used in the data storage environment is always
icea challenge. Fortunately, ZFS offers a file system compression property that you can use to

enable or disable compression for a file system. Enabling compression on a file system with
existing data compresses only new data. Existing data remains uncompressed.
You learn how to use this property later in this lesson.

Oracle Solaris 11 Advanced System Administration 4 - 14

b
a
r
e
f

Implementing the Data Storage
Configuration and Backup Plan
Your assignment is to:
• Configure and test the functionality of
a mirrored storage pool
• Create snapshots of the file systems
within the mirrored storage pool to
use as backups
• Set and test the ZFS compression
property on the file systems
• Troubleshoot ZFS device and data
issues

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Now that
onyou have al better understanding of what is involved in planning for data storage
R
configuration
and backup, you are ready to receive your assignment. Your assignment
ro
iceconsists of three tasks. The first task is to configure a mirrored storage pool. You then create
snapshots of the file systems within the pool to use as backups. You also set the ZFS
compression property on the file systems to test how to best minimize the amount of data
storage space that your business application data is using. Finally, you troubleshoot several
ZFS failures related to device and data issues.

In the next section, you learn how to accomplish the first task, which is to configure a mirrored
storage pool.

Oracle Solaris 11 Advanced System Administration 4 - 15

Quiz
ZFS supports data redundancy in a mirrored storage pool
configuration, but it does not support dynamic striping in a
mirrored storage pool configuration.
a. True
b. False

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 4 - 16

Quiz
ZFS enables you to minimize the amount of data storage space
used within a storage pool by using a file system property
called ______________.
a. minimize
b. restrictsize
c. compressratio
le
b
a
r
d. compression
fe

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Answer:odn
R
ro
ice

Oracle Solaris 11 Advanced System Administration 4 - 17

Lesson Agenda
•
•
•
•

Planning for Data Storage Configuration and Backup
Managing Data Redundancy with Mirrored Storage
Pools
Backing Up and Recovering Data with ZFS Snapshots
Managing Data Storage Space with ZFS File System
Properties

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
You know
wants to store its data assets. Now you learn how to configure
onhow the company
R
the
rodata storage environment to ensure data redundancy.
ice

Oracle Solaris 11 Advanced System Administration 4 - 18

Managing Data Redundancy with
Mirrored Storage Pools
This section covers the following topics:
• Creating a mirrored storage pool
• Adding log and cache devices to a storage pool
• Managing devices in a ZFS storage pool

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 19

Creating a Mirrored Storage Pool
To create a new ZFS mirrored storage pool, use zpool
create followed by the pool name, the mirror keyword, and
the storage devices that will compose the mirror.
# zpool create hrpool mirror c1t0d0 c2t0d0 mirror c3t0d0 c4t0d0

Data is:
• Dynamically striped across both mirrors
• Redundant between each disk within a mirror

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To create
ona mirroredl storage pool, you use the zpool create command followed by the pool
R
ro the mirror keyword, and the storage devices that will compose the mirror. Multiple
ename,
mirrors can be specified by repeating the mirror keyword on the command line.

The command shown in the example creates a pool called hrpool with two 2-way mirrors.
The first mirror contains the devices c1t0d0 and c2t0d0, and the second mirror contains the
devices c3t0d0 and c4t0d0.
Data is dynamically striped across both mirrors, with data being redundant between each disk
within a mirror.

Oracle Solaris 11 Advanced System Administration 4 - 20

Adding Log Devices to a Storage Pool
A log device:
• Can be added as part of, or after, pool creation
• Can be removed
• Is designated by the keyword log

# zpool create datapool mirror c1t1d0 c1t2d0 log mirror
c1t5d0 c1t8d0

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n a separate
You canospecify
log device when a pool is created or add it after the pool is
R
created.
ro You can also remove a log device from a pool. The keyword log is used to
icedesignate a device as the log device.
In the code example in the slide, a mirrored storage pool called datapool is created that
consists of two virtual devices. The first virtual device contains the disks c1t1d0 and
c1t2d0. The second virtual device, which is the log device, contains the disks c1t5d0 and
c1t8d0.

Oracle Solaris 11 Advanced System Administration 4 - 21

Adding Cache Devices to a Storage Pool
•
•
•
•

Can be added as part of, or after, pool creation
Can be removed
Cannot be mirrored or be a part of a RAID-Z configuration
Are designated with the keyword cache

# zpool create appool mirror c0t2d0 c0t4d0 cache c0t0d0

Note: You can monitor cache statistics with zpool iostat.
ns

a
r
t
on

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l pool with one or more cache devices to cache storage pool data.
n a storage
You canocreate
R
You
ro can remove cache devices from the pool after the pool is created. However, cache
icedevices cannot be mirrored or be part of a RAID-Z configuration. The keyword cache is used

to designate a cache device.
In the code example in the slide, a mirrored pool called appool is created that consists of two
disks: c0t2d0 and c0t4d0. By using the keyword cache, you have designated the device
c0t0d0 in the pool for the cache.
Note: Cache statistics can be monitored by using the zpool iostat command.

Oracle Solaris 11 Advanced System Administration 4 - 22

b
a
r
e
f

Managing Devices in ZFS Storage Pools
The tasks that you can perform with the devices in a pool
include:
• Adding top-level virtual devices
• Attaching and detaching devices
• Taking a device offline
• Bringing a device online
• Designating hot spares

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l a pool, there are several tasks that you can perform to manage the
After you
onhave created
R
physical
ro devices within the pool, such as adding top-level virtual devices, attaching and
icedetaching devices, taking a device offline, bringing a device online, and designating hot
spares.

You now take a closer look at each of these tasks, beginning with how to add a device to a
storage pool.

Oracle Solaris 11 Advanced System Administration 4 - 23

Adding Devices to a Storage Pool
To add a new virtual device to a pool, use the zpool add
command.
# zpool add appool mirror c2t1d0 c2t2d0

By adding a new top-level virtual device, space is:
• Dynamically added to the pool
ble
a
r
• Immediately available to all the data sets within the pool sfe
an
r
t
Note: A data set is a generic name for the following ZFS
on
n
entities: file systems, snapshots, or volumes.
a

Cic

s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To add o
an
new virtuall device to a pool, use the zpool add command. By adding a new topR
ro virtual device, space is dynamically added to the pool. This space is immediately
elevel
available to all the data sets within the pool.

Note: A data set is a generic name for the following ZFS entities: file systems, snapshots, or
volumes.
In the code example in the slide, you are adding a mirrored device to an existing pool called
appool. The mirror consists of two disks: c2t1d0 and c2t2d0.
Note: Use zpool status to determine the disks that are currently configured for a storage
pool. Then, before adding a device to the pool, you must execute the format command to
identify any additional disks configured in the system.

Oracle Solaris 11 Advanced System Administration 4 - 24

Attaching Devices to a Storage Pool
To attach a new device to an existing mirrored or non-mirrored
pool, use the zpool attach command.
# zpool
p
attach appool
pp
c1t1d0 c2t1d0

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l attach command to attach a new device to an existing mirrored or
n the zpool
You canouse
R
non-mirrored
virtual device (vdev). With this command, you can transform a two-way mirrored
ro
iceconfiguration into a three-way mirrored configuration, for example, or convert a non-redundant
storage pool into a redundant storage pool.
In the example in the slide, a new device, c2t1d0, is being attached to an existing device,
c1t1d0, to create either a mirrored pool or a three-way mirror in an already mirrored pool.

Oracle Solaris 11 Advanced System Administration 4 - 25

Attaching Devices to a Storage Pool
# zpool attach appool c1t1d0 c2t1d0
# zpool status
pool: appool
state: ONLINE
scrub: resilver completed after 0h0m with 0 errors on Tue Dec
13 14:11:33 2011
config:
NAME
STATE
READ
WRITE CKSUM
appool
ONLINE
0
0
0
mirror-0
ONLINE
0
0
0
c0t1d0
ONLINE
0
0
0
c1t1d0
ONLINE
0
0
0
c2t1d0
2t1d0
ONLINE
0
0
0 73.5K
73 5K resilvered
il
d

an
r
t
n

no
a
s
a
h
) from
ฺ one device
e
Resilvering: The process of transferring
data
m
d
o
i
ilฺc t Gu
to another device
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l status command to verify that the device is attached successfully.
n the zpool
You canorun
R
Inro
the example in the slide, you can see that the c2t1d0 device has been attached to the
icemirrored pool named appool. You can also see that the new device has already been

resilvered. In ZFS, the new device begins to resilver immediately.

Note: Resilvering is the process of transferring data from one device to another device.

Oracle Solaris 11 Advanced System Administration 4 - 26

b
a
r
e
f

Taking Devices Offline in a Storage Pool
To take a device offline, use zpool offline followed by the
pool name and the device name.
# zpool offline hrpool c1t0d0
b i i
bringing
d
device
i
c1t0d0
1 0d0 offline
ffli

When a device is offline:
ble
a
r
• ZFS does not send it any requests
fe
s
n
a
r
t
• It remains offline after a system reboot
on
n
a offline
Note: Use zpool offline -t to take a device
s
a
temporarily.
) h eฺ
m
copoolGuid
ฺ
l
i
• It is not detached from the storage
a
t

m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
When hardware
or not functioning properly, ZFS continues to read or write data
on is unreliable
R
toro
the device, assuming that the condition is only temporary. If the condition is not temporary,
iceyou can instruct ZFS to ignore the device by taking it offline. You can take a device offline by
using the zpool offline command followed by the pool name and the device name. In the
code example in the slide, the c1t0d0 device is taken offline. This device is located in the
pool named hrpool.

When a device is taken offline, ZFS does not send any requests to that device.
By default, the offline state is persistent; consequently, the device remains offline even after
the system is rebooted. If you want to take a device offline temporarily and have it
automatically returned to the ONLINE state after the system is rebooted,
rebooted use the zpool
l
offline -t command instead.
When a device is taken offline, it is not detached from the storage pool. This means that you
cannot use the device in another pool.

Oracle Solaris 11 Advanced System Administration 4 - 27

Detaching Devices from a Storage Pool
To detach a device from a mirrored storage pool, use the
zpool detach command.
# zpool detach appool c2t1d0

Note: This operation is refused if there are no other valid
replicas of the data.

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l a mirrored storage pool, you can use the zpool detach command.
To detach
ona device from
R
ro The device should already be offline.
eNote:

For example
example, if you want to detach the c2t1d0 device that you just attached to the mirrored
pool appool, you can do so by entering the command zpool detach appool c2t1d0 as
shown in the code example. You can verify that the device has been detached by running the
zpool status command again.
Note: This operation is refused if there are no other valid replicas of the data.

Oracle Solaris 11 Advanced System Administration 4 - 28

Bringing Devices Online in a Storage Pool
To bring a device online, use zpool online followed by the
pool name and the device name.
# zpool online hrpool c1t0d0
b i i
bringing
d
device
i
c1t0d0
1 0d0 online
li

When a device is brought back online, data that was added to
le
b
a
r
the storage pool while the device was offline resilvers to the fe
s
n
a
device.
r
-t
n
o
nk
N t You
Note:
Y cannott use zpool
l online
li to
t replace
l
a
disk.
a di

Cic

s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l online, use the zpool online command followed by the pool name
n a device
To bringoback
R
ro the device name.
eand

Data that was added to a storage pool when a device was offline resilvers to the device after it
is brought back online.

Note: You cannot use device onlining to replace a disk. If you take a device offline, replace
the drive, and try to bring it online, it remains in the faulted state.

Oracle Solaris 11 Advanced System Administration 4 - 29

Replacing Devices in a Storage Pool
To replace a failed device with another device in the same
location, use zpool replace followed by the pool name and
the device name.
.
# zpool replace hrpool c1t1d0

If the device is in a different location, specify both devices.

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
u than or equal to
lฺc greater
ibe
Note: The replacement device must
G
a
t
nconfiguration.
m in dthe
e
g
the minimum size of all the devices
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l why you may want or need to replace a device. You may want to
There are
ontwo reasons
R
ro a device with a larger device, or you may need to replace a failing or failed device.
ereplace
# zpool
l replace
l
hrpool
h
l c1t1d0
d c1t2d0
d

To replace a device, use the zpool replace command followed by the pool name and the
device name.
If you are physically replacing a device with another device in the same location in a
redundant pool, you need to identify only the replaced device. ZFS recognizes that it is a
different disk in the same location. In the first example in the slide, you are replacing disk
c1t1d0 in the pool named hrpool.
If you are replacing a device in a storage pool with a disk in a different location, you must
specify both devices. This is shown in the second example, where you are replacing disk
c1t1d0 in the pool named hrpool with disk c1t2d0.
Note: For the replacement operation to be successful, the replacement device must be
greater than or equal to the minimum size of all the devices in a mirror or RAID-Z
configuration.

Oracle Solaris 11 Advanced System Administration 4 - 30

Designating Hot Spares in a Storage Pool
With the ZFS hot spares feature, you can:
• Identify disks to replace a failed or faulted device in one or
more storage pools
• Designate these devices as hot spares:
– When you create the pool (zpool create)
– After you have created a pool (zpool add)

Note: The designated device must be equal to or larger
s
n
a
than the size of the largest disk in the pool.
r
-t
n
o
Aft a failed
After
f il d device
d i has
h been
b
replaced
l
d and
d resilvered,
il a n d th
the
s
spare is automatically detached and made available.
ha ฺ
)
mcanceled.
de
obe
i
An in-progress spare replacement can
c
u
ฺ
l
ai nt G
m
If the faulted device is detached,
the
e assumes its place
g udspare
@
t
o
and is removed from the
list of all active pools.
sS
aldspare’s

n
thi
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
ld lice
a
n
The ZFS
hot
o spares feature enables you to identify disks that can be used to replace a failed
R
or
rofaulted device in one or more storage pools. Designating a device as a hot spare means
icethat the device is not an active device in a pool, but if an active device in the pool fails, the hot

spare automatically replaces the failed device.
You can designate devices as hot spares with the zpool create command when you are
creating a pool or with the zpool add command if the pool has already been created.

Note: The device or devices that you designate as a spares must be equal to or larger than
the size of the largest disk in the pool.
After a failed device has been replaced and resilvered, the spare is automatically detached
and made available. An in-progress spare replacement can be canceled by detaching the
spare. If the original faulted device is detached, the spare assumes its place in the
configuration and is removed from the spare’s list of all active pools.
You now look at some examples of how to designate hot spares, beginning with how to
designate a hot spare when you are creating a pool.

Oracle Solaris 11 Advanced System Administration 4 - 31

b
a
r
e
f

Designating Hot Spares in a Storage Pool
To designate hot spares to a pool that you are creating, use
zpool create followed by the pool name, the configuration,
the keyword spare, and the names of the spares.
# zpool create appool mirror c1t1d0 c2t1d0 spare c1t2d0 c2t2d0
# zpool status appool
pool: appool
state: ONLINE
scrub: none requested
config:
NAME
STATE
READ
WRITE CKSUM
appool
pp
ONLINE
0
0
0
mirror-0 ONLINE
0
0
0
c1t1d0 ONLINE
0
0
0
c2t1d0 ONLINE
0
0
0
spares
c1t2d0
AVAIL
c2t2d0
AVAIL

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l to a pool that you are creating, use zpool create followed by the
To designate
on hot spares
R
ro name, the configuration, the keyword spare, and the names of the spares. In the
epool

Cic

example in the slide, a pool called appool is being created. Within this pool is a mirror that
contains two disks: c1t1d0 and c2t1d0. Two spares, c1t2d0 and c2t2d0, have been
designated.
If you look at the status of appool, you can see that the spares are part of the pool and that
they have a status of available.
In this scenario, if either or both of the mirrored disks were to fail, ZFS automatically replaces
them with one or both of the available spares.
Now you look at how to add spares to an existing pool.

Oracle Solaris 11 Advanced System Administration 4 - 32

b
a
r
e
f

Designating Hot Spares in a Storage Pool
To add hot spares to an existing pool, use zpool add followed
by the pool name, the keyword spare, and the name of the hot
spares.
# zpool add appool spare c1t3d0 c2t3d0
# zpool status appool
pool: appool
state: ONLINE
scrub: none requested
config:
NAME
STATE
READ
WRITE
appool
pp
ONLINE
0
0
mirror-0
ONLINE
0
0
c1t1d0
ONLINE
0
0
c2t1d0
ONLINE
0
0
spares
c1t3d0
AVAIL
c2t3d0
AVAIL

CKSUM
0
0
0
0

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l by adding them to a pool after the pool is created, use the zpool
To designate
on hot spares
R
ro command followed by the pool name, the keyword spare, and the name of the disks that
eadd
you want to designate as hot spares.
In the example in the slide, you have designated disks c1t3d0 and c2t3d0 as the spares
and are adding them to the pool named appool.

Then, you run the zpool status command for the pool to verify that the spares have been
added successfully and they have. Notice that both spares have a status of available
(AVAIL).
Again, as you saw in the previous example, if either or both of the mirrored disks were to fail,
ZFS automatically replaces them with one or both of the available spares.
Next, you look at an example in which one of the active devices in appool has faulted and
ZFS has automatically replaced the faulted device with one of the available spares.

Oracle Solaris 11 Advanced System Administration 4 - 33

Designating Hot Spares in a Storage Pool

Example of a hot spare replacing a faulted device:
# zpool status appool
pool: appool
state: DEGRADED
status: One or more devices could not be opened. Sufficient replicas
exist
i
for the pool to continue
i
functioning
i i
in
i a degraded state.
action: Attach the missing device and online it using 'zpool online'.
see: http://www.sun.com/msg/ZFS-8000-2Q
scrub: resilvered completed 0h12m with 0 errors on Tue Dec 13 14:16:04
2011
config:
NAME
STATE
READ
WRITE
CKSUM
appool
DEGRADED
0
0
0
mirror 0
mirror-0
DEGRADED
0
0
0
c1t1d0
ONLINE
0
0
0
spare-1
UNAVAIL
0
0
0
c2t1d0
UNAVAIL
0
0
0 cannot open
c1t3d0
ONLINE
0
0
0 58.5K resilvered
spares
c1t3d0
INUSE
currently in use
c2t3d0
AVAIL

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
In this example,
on diskl c2t1d0 has faulted and is replaced automatically by the hot spare
R
c1t3d0,
ro which has been resilvered and now appears as an active device in the mirrored
icepool. Notice also that the status of the hot spare c1t3d0 has changed from available (AVAIL)

to in use (INUSE).

Next, you look at how to return a hot spare to the spares set after a failed device is replaced
and is back online.

Oracle Solaris 11 Advanced System Administration 4 - 34

b
a
r
e
f

Removing Hot Spares in a Storage Pool
To remove a hot spare, use zpool remove followed by the
pool name and the name of the hot spare.
# zpool remove appool c1t2d0
# zpool status appool
pool: appool
(output omitted)
spares
c1t3d0
AVAIL

b
a
r
e
f

an
r
t
n

a being
Note: You cannot remove a hot spare if it is currently
s
a
h ฺ
used by the storage pool as an active device.
e
m)

Cic

co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l from a storage pool, use the zpool remove command followed by the
To remove
on a hot spare
R
ro name and the name of the hot spare. In this example, you are removing the hot spare
epool
c1t2d0 from the pool named appool, leaving just one hot spare in the pool: c1t3d0.

As you can see in this example, after it is removed, the hot spare no longer appears in the
spares set.
Note: You cannot remove a hot spare if it is being used by the storage pool as an active
device.

Oracle Solaris 11 Advanced System Administration 4 - 35

Practice 4-1 Overview:

Managing Data Redundancy with a ZFS Mirrored Pool
This practice covers the following topics:
• Creating ZFS mirrored pools
• Adding disks to a ZFS storage pool
• Adding a cache device to a ZFS storage pool
• Destroying a ZFS storage pool

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The practices
on for thisl lesson are designed to reinforce the concepts that have been presented
R
inro
the lecture portion. These practices cover the following tasks:
ice • Practice
act ce 4-1: Managing
a ag g data redundancy
edu da cy with
t a ZFS
S mirrored
o ed poo
pool

•
•
•
•

Practice 4-2: Using ZFS snapshots for backup and recovery
Practice 4-3: Using a ZFS clone
Practice 4-4: Configuring ZFS properties
Practice 4-5: Troubleshooting ZFS failures

Practice 4-1 should take about 30 minutes to complete.

Oracle Solaris 11 Advanced System Administration 4 - 36

Lesson Agenda
•
•
•
•
•

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 37

b
a
r
e
f

Backing Up and Recovering Data
with ZFS Snapshots
This section covers the following topics:
• Creating and destroying ZFS snapshots
• Holding ZFS snapshots
• Renaming,
Renaming displaying
displaying, and rolling back ZFS snapshots
• Determining ZFS snapshot differences
• Creating and destroying ZFS clones
• Sending and receiving ZFS snapshot data

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 38

b
a
r
e
f

Creating and Destroying a ZFS Snapshot
To create a snapshot, use zfs snapshot followed by the
snapshot name.
# zfs snapshot hrpool/home/qarpt@friday

To destroy a snapshot, use zfs destroy followed by the
snapshot name.
# zfs destroy hrpool/home/qarpt@friday

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n the zfsl snapshot command to create a snapshot, which takes as its only
You canouse
R
argument
the name of the snapshot that you want to create.
ro
iceIn the example in the slide, you are creating a snapshot of hrpool/home/qarpt that is
named friday.
Note: To create a recursive snapshot, use zfs snapshot -r and the snapshot name (for
example, zfs snapshot -r hrpool/home@now).
To destroy a ZFS snapshot, use the zfs destroy command followed by the snapshot name.
In the example in the slide, you are destroying the snapshot named
hrpool/home/qarpt@friday.
There are several things that you must keep in mind when attempting to destroy a ZFS
snapshot.
• A data set cannot be destroyed if snapshots of the data set exist.
• If clones have been created from a snapshot, they must be destroyed before the
snapshot can be destroyed.
p
Now yyou take a look at how to hold ZFS snapshots.

Oracle Solaris 11 Advanced System Administration 4 - 39

Holding a ZFS Snapshot
•

The snapshot hold feature:
– Prevents a snapshot from being destroyed by using zfs
destroy
– Allows a snapshot
p
with clones to be deleted p
pending
g the
removal of the last clone by using zfs destroy -d

•

The snapshot user-reference count:
–
–
–
–

ble
Is initialized to zero
a
r
fe
s
Increases by one whenever a hold is put on the snapshot
n
a
r
t
Decreases by one whenever a hold is released on
an
Must be at zero before the snapshot can be
destroyed
s
a

) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l ZFS data sets can result in different automatic snapshot policies on the
n
Remoteoreplication
of
R
two
ro sides of a replication pair. For example, the sending side may want to keep five
icesnapshots at one-minute intervals, whereas the receiving side may want to keep 10
snapshots at one-minute intervals. This can result in the older snapshots being destroyed
inadvertently by zfs receive because they no longer exist on the sending side. The ZFS
snapshot hold feature addresses this issue. Holding a snapshot (zfs hold) prevents it from
being destroyed. If a hold exists on a snapshot, you will not be able to destroy it by using the
zfs destroy command. You will look at the two options that you have for destroying a held
snapshot in the following slides.

In addition,
addition the snapshot hold feature allows a snapshot with clones to be deleted pending the
removal of the last clone by using the zfs destroy -d command. You take a closer look at
how this is done in subsequent slides.
Each snapshot has an associated user-reference count, which is initialized to zero. This count
increases by one whenever there is a hold on the snapshot and decreases by one whenever
the hold is released. As discussed, a snapshot can be destroyed only if it has no clones. In
the Oracle Solaris 11 release, the snapshot must also have a zero user-reference count
b f
before
it can b
be d
destroyed.
t
d

Oracle Solaris 11 Advanced System Administration 4 - 40

Holding a ZFS Snapshot
To hold a snapshot or set of snapshots, use zfs hold keep
followed by the snapshot name.
# zfs hold keep hrpool/home/report@snap1

To recursively hold the snapshots of all descendant file
systems, use zfs hold with –r, followed by keep and the
snapshot name.
# zfs hold –r keep hrpool/home@now

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Note: Each snapshot has its own tag namespace,
and tags
)
ฺ
e
m
iad tag.
must be unique within that space. keep
cois only
u
ฺ
l
i
G
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To holdoansnapshot lor set of snapshots, use the zfs hold keep command followed by the
R name. In the first example, a hold tag (keep) is being put on
snapshot
o
r
icehrpool/home/report@snap1.
You can use the -r option with the zfs hold command and the keep hold tag to recursively
hold the snapshots of all descendant file systems, as shown in the second example. Here,
you are holding the snapshots of all the descendant file systems of hrpool/home@now.
Note: Each snapshot has its own tag namespace, and tags must be unique within that space.
In this example, keep is a user-defined tag.

Oracle Solaris 11 Advanced System Administration 4 - 41

Holding a ZFS Snapshot
To display a list of held snapshots, use zfs holds followed by
the snapshot name.
# zfs holds hrpool/home@now
NAME
TAG
TIMESTAMP
hrpool/home@now keep Mon Dec 10 12:40:12 2012

To display a recursive list of held snapshots, use zfs holds
with –r, followed by the snapshot name.

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n the zfsl holds command followed by the snapshot name to display a list of held
You canouse
R
snapshots.
In the first example, snapshot holds are being displayed for hrpool/home@now.
ro
iceNotice that the output returns the name of the snapshot, the tag name (in this case, keep),
# zfs holds -r hrpool/home@now
NAME
TAG
TIMESTAMP
hrpool/home/report@now keep Mon Dec 10 12:40:12 2012
hrpool/home/jjones@now keep Mon Dec 10 12:40:12 2012
hrpool/home@now
keep Mon Dec 10 12:40:12 2012

and the time stamp.
You can use the -r option with the zfs holds command and the snapshot name to get a
recursive list, as illustrated in the second example.

Oracle Solaris 11 Advanced System Administration 4 - 42

b
a
r
e
f

Holding a ZFS Snapshot
Two options to destroy a held ZFS snapshot:
1. Use zfs destroy –d, followed by the snapshot name,
and then release the snapshot hold, which removes the
snapshot.
p
2. Release the held snapshot, and then destroy it by using
zfs destroy.
ble
a
To release a held snapshot or set of snapshots, use zfs
r
fe
release –r followed by keep and the snapshot name. rans

n
o
n

Cic

a
s
a
) h eฺ
m
id
Note: –r enables a recursive releaselฺof
cotheGhold.
u
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
As mentioned
on before,l if a hold exists on a snapshot, you will not be able to destroy it by using
R
rozfs destroy command. To destroy the snapshot, you have two options:
ethe
# zfs release -r keep hrpool/home@now

•

p
by
y using
g the zfs destroy
y -d command followed by
y
You can destroyy the held snapshot
the snapshot name, and then release the snapshot hold, which removes the snapshot.
You can release the snapshot and then destroy it by using the zfs destroy command
without the -d option.

Note: If a held snapshot has associated clones, you must destroy the clones first before you
can destroy the held snapshot.
To release a hold on a snapshot
p
or set of snapshots,
p
use the zfs release command with
the -r option, followed by the hold tag keep and the snapshot name. -r enables a recursive
release of the hold and is optional. In the example in the slide, you are releasing the recursive
hold on the hrpool/home@now snapshot.
This snapshot can be destroyed if all the holds have been released.

Oracle Solaris 11 Advanced System Administration 4 - 43

Holding a ZFS Snapshot
Snapshot hold properties:
• defer_destroy: Set to on if the snapshot has been
marked for deferred destruction by using the zfs
destroy
y -d command.
• Userrefs: Set to the number of holds on the snapshot.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The snapshot
is identified through two properties:
on hold information
R
r•o The defer_destroy property is on if the snapshot has been marked for deferred
ice destruction byy usingg the zfs destroyy -d command. Otherwise,, the property
p p y is off.
•

The userrefs property is set to the number of holds on this snapshot, which is also
referred to as the user-reference count.

Oracle Solaris 11 Advanced System Administration 4 - 44

Holding a ZFS Snapshot
To view the ZFS snapshot hold properties, use zfs get -r
defer_destroy,userrefs followed by the file system
name.
# zfs
f get
t -r defer_destroy,userrefs
d f
d t
f hrpool/home
h
l/h
NAME
PROPERTY
VALUE
hrpool
defer_destroy hrpool
userrefs
hrpool/home
defer_destroy hrpool/home
userrefs
hrpool/home/report@now defer_destroy off
hrpool/home/report@now userrefs
1
hrpool/home/jjones@now defer_destroy off
hrpool/home/jjones@now userrefs
1
hrpool/home@now
defer_destroy off
hrpool/home@now
userrefs
1

SOURCE
-

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n these lproperties by using the zfs get -r command followed by the commaYou canoview
R
separated
property name and the file system name.
ro
iceIn the example in the slide, the defer_destroy
defer destroy and userrefs properties for
hrpool/home are displayed. As you can see from the output, each of the @now snapshots
has the defer_destroy property set to off, which is the default, and a value of 1 for the
userrefs property, which indicates that each of these snapshots has one hold on it.

Oracle Solaris 11 Advanced System Administration 4 - 45

Renaming a ZFS Snapshot
To rename a snapshot, use zfs rename followed by the
snapshot name.
# zfs rename hrpool/home/report@121011 hrpool/home/report@today

Note: Snapshots must be renamed within the same pool and
data set from which they were created.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n
You canorename
a snapshot
by using the zfs rename command followed by the snapshot
R
name.
ro In the example in the slide, the snapshot report@121011that resides in
icehrpool/home is renamed to report@today.
Note: Snapshots must be renamed within the same pool and data set from which they were
created.

Oracle Solaris 11 Advanced System Administration 4 - 46

Renaming a ZFS Snapshot
To recursively rename snapshots, use zfs rename –r
followed by the snapshot name.
# zfs list
NAME
USED
users
270K
users/home
76K
users/home@yesterday
0
users/home/jjones
18K
users/home/jjones@yesterday
0
# zfs rename -r users/home@yesterday
# zfs list -r users/home
NAME
USED
users/home
76K
users/home@2daysago
0
users/home/jjones
18K
users/home/jjones@2daysago
0

AVAIL REFER
16.5G
22K
16.5G
22K
22K
16.5G
18K
18K
@2daysago

MOUNTPOINT
/users
/users/home
/users/home/jjones
-

s
n
a
r
t
AVAIL REFER
MOUNTPOINT no
16.5G
22K
/users/home
an
22K
-as
16.5G
18K ) h/users/home/jjones
ฺ
m
18K
- ide
o
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
lrename snapshots with the zfs rename -r command followed by the
n
You canorecursively
R
snapshot
name.
ro
iceIn the example in the slide, only those snapshots that are named @yesterday are renamed

to @2daysago.
You can see a before-and-after picture with the list of file systems before the zfs rename -r
command is run in the first half of the example, and then the change that has occurred in the
second half of the example. In short, any snapshot with the @yesterday name was changed
to @2daysago after the rename command was run.
Next, you look at how to display and access ZFS snapshots.

Oracle Solaris 11 Advanced System Administration 4 - 47

b
a
r
e
f

Displaying a ZFS Snapshot
To display only snapshots, use zfs list -t snapshot.
# zfs list –t snapshot
NAME
hrpool/home/qarpt@tuesday
hrpool/home/qarpt@wednesday
/
/
hrpool/home/qarpt@thursday

USED AVAIL REFER
18K
21K
19K
280K
0
538K

MOUNTPOINT
-

The listsnapshots pool property is:
•
•
•

Used to enable or disable the display of snapshots
s
n
a
r
-t
y default
Disabled by
n
o
an
Enabled by using zpool set listsnapshot=on
s
ha ฺ
)

e
m

co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n the zfsl list -t snapshot command to display snapshots as shown in this
You canouse
R
example.
ro
iceYou can enable or disable the display of snapshot listings in the zfs list output by using

the listsnapshots pool property. This property is disabled by default.
To enable this property, use zpool set listsnapshots=on, followed by the pool name.
Note: If you disable this property, you must use the zfs list -t snapshot command to
display snapshot information.

Oracle Solaris 11 Advanced System Administration 4 - 48

b
a
r
e
f

Displaying a ZFS Snapshot
To list the snapshots created for a specific file system, enter
zfs list -r -t snapshot followed by the file system name.
# zfs list -r -t snapshot -o
NAME
hrpool/home/qarpt@tuesday
hrpool/home/qarpt@wednesday
hrpool/home/qarpt@thursday
hrpool/home/bonus@now

name,creation hrpool/home
CREATION
Tue Dec 11 10:03 2012
Wed Dec 12 10:03 2012
Thu Dec 13 10:03 2012
Fri Dec 14 11:04 2012

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n the snapshots
You canolist
that were created for a particular file system by using the zfs
R
list
ro command with the -r and -t snapshot options, followed by the file system name.
iceIn the example in the slide, the snapshots created for the file system hrpool/home are
listed. This information is displayed by using the name and creation properties.

Oracle Solaris 11 Advanced System Administration 4 - 49

Displaying a ZFS Snapshot
The snapshots of file systems are accessible in the .zfs/
snapshot directory within the root of the file system.
# ls /home/qarpt/.zfs/snapshot
tuesday wednesday thursday

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The snapshots
on of filel systems are accessible in the .zfs/snapshot directory within the root
R
ofro
the file system. For example, if hrpool/home/qarpt is mounted on /home/qarpt, the
icehrpool/home/qarpt@thursday snapshot data is accessible in the

/home/qarpt/.zfs/snapshot/thursday directory, as shown in the example in the slide.
Now you take a quick look at snapshot space accounting.

Oracle Solaris 11 Advanced System Administration 4 - 50

Snapshot Space Accounting
•

When a snapshot is created, its space is:
– Initially shared between the snapshot and the file system
– Possibly shared with previous snapshots

•

As the file system changes
changes, the previously shared space:
– Becomes unique to the snapshot
– Is counted in the snapshot’s used property

Cic

b
• Deleting snapshots can increase the amount of space thatfera
s
n
is unique for use by other snapshots.
a
r
-t
n
o
Note The value
Note:
al e for a snapshot’s space referenced
f
propert
a nd property
s
is the same as that for the file system when the
was
ha snapshot
)
ฺ
created.
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n
When aosnapshot
islcreated, its space is initially shared between the snapshot and the file
R
ro and possibly with previous snapshots.
esystem,
As the file system changes, space that was previously shared becomes unique to the
snapshot, and thus is counted in the snapshot’s used property.

Additionally, deleting snapshots can increase the amount of space that is unique for use by
other snapshots.
Note: The value for a snapshot’s space referenced property is the same as that for the file
system when the snapshot was created.

Oracle Solaris 11 Advanced System Administration 4 - 51

Snapshot Space Accounting
To display the amount of space consumed by snapshots and
descendant file systems, use zfs list -o space.
$ zfs list -o space -r rpool
NAME
AVAIL
rpool
59.1G
rpool@snap1
rpool/ROOT
59.1G
rpool/ROOT@snap1
rpool/ROOT/solaris1
59.1G
rpool/ROOT/solaris1@snap1
rpool/dump
59.1G
rpool/dump@snap1
rpool/export
59.1G
rpool/export@snap1
l/
t@
1
rpool/export/home
59.1G
rpool/export/home@snap1
rpool/swap
61.2G
rpool/swap@snap1
-

USED
7.84G
21K
4.78G
0
4.78G
15.6M
1.00G
16K
99K
18K
49K
18K
2.06G
0

USEDSNAP
21K
0
15.6M
16K
18K
18K
0
-

USEDDS
109K
31K
4.76G
1.00G
32K
31K
16K
-

USEDREFRESERV
0
0
0
0
0
0
2.06G
-

USEDCHILD
7.84G
4.78G
0
0
49K
0
0
-

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n thelamount of space that is consumed by snapshots and descendant file
You canodisplay
R
systems
ro by using the zfs list -o space command (as in the slide example).
ice

From this output, you can see the amount of space that is:
• Available on each file system
• Being used
• Being consumed by snapshots of each data set (USEDSNAP)
• Being used by the data set itself (USEDDS)
• Being used by a refreservation set on the data set (USED REFRESERV)
• Being
B i used
db
by th
the children
hild
off this
thi d
data
t sett (USEDCHILD)
Now you look at how to roll back a ZFS snapshot.

Oracle Solaris 11 Advanced System Administration 4 - 52

b
a
r
e
f

Rolling Back a ZFS Snapshot
To discard all the changes made since a specific snapshot,
enter zfs rollback followed by the snapshot name.
# zfs rollback hrpool/home/qarpt@thursday

By default, zfs rollback rolls back only to the most recent
snapshot.
le
b
a
r
To destroy more recent snapshots, enter zfs rollback
fe
s
n
with –r, followed by the snapshot name.
tra

n
o
n

a
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n the zfsl rollback command followed by the snapshot name to discard all the
You canouse
R
changes
ro made since a specific snapshot.
iceThe zfs rollback command causes the file system to revert to its state at the time the
# zfs rollback -r hrpool/home/qarpt@tuesdays

snapshot was taken.
In the example in the slide, the hrpool/home/qarpt file system is rolled back to the
thursday snapshot.
By default, the zfs rollback command cannot roll back to a snapshot other than the most
recent snapshot.
To roll back to an earlier snapshot, you must destroy all intermediate snapshots. To do this,
you must specify the -r option with the zfs rollback command followed by the snapshot
name, as shown in the second example. Here, the hrpool/home/qarpt file system is rolled
back to the tuesday snapshot. For this operation to take place, the wednesday and
thursday snapshots must be destroyed.
Now that you have an idea of how to work with ZFS snapshots, you turn your attention to ZFS
clones.

Oracle Solaris 11 Advanced System Administration 4 - 53

Identifying ZFS Snapshot Differences
To determine ZFS snapshot differences, use zfs diff
followed by the snapshot names.
# zfs snapshot datapool/hrdata@before
# touch /datapool/hrdata/newfile
# zfs snapshot datapool/hrdata@after
# zfs list -r -t snapshot -o name,creation
NAME
CREATION
datapool/hrdata@before
Thu Dec 13 14:54 2012
datapool/hrdata@after
Thu Dec 13 14:59 2012
rpool/ROOT/solaris@install
Tue Dec 18 22:33 2012
# zfs diff datapool/hrdata@before datapool/hrdata@after
M
/datapool/hrdata/
+
/datapool/hrdata/newfile
#

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To determine
between ZFS snapshots, you can use the zfs diff command.
on the differences
R
ro output of this command provides a high-level description of the differences between a
eThe

snapshot and a descendant data set. The descendant can be either a snapshot of the data
set or the current data set. For each file that has undergone a change between the original
snapshot and the descendant, the type of change is described along with the name of the file.
In the case of a rename, both the old and new names are shown. The type of change follows
any time stamp displayed and is described with a single character. The definition of each of
these characters is provided in the next slide.
In the example, a before snapshot of the datapool/hrdata ZFS file system was taken.
A new file (newfile) was then created in /datapool/hrdata
/datapool/hrdata. Then another snapshot
(after) of the same ZFS file system was taken. The zfs list command is used to list the
snapshots based on name and creation date. The zfs diff command is then run to
determine the differences between the before and after snapshots. The M in the zfs
diff command output indicates that the /datapool/hrdata/ directory has been modified,
and the + indicates that a file /datapool/hrdata/newfile exists in the later snapshot.

Oracle Solaris 11 Advanced System Administration 4 - 54

Identifying ZFS Snapshot Differences

File or Directory Change

Identifier

File or directory is modified, or file or directory link has changed.

Fil or di
File
directory iis present iin the
h older
ld snapshot
h b
but not iin the
h newer
snapshot.

File or directory is present in the newer snapshot but not in the older
snapshot.

File or directory is renamed.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The table
onin this slidel summarizes the file or directory changes that are identified by the zfs
R
diff
ro command. For more information about the zfs diff command, see zfs(1M).
ice

Oracle Solaris 11 Advanced System Administration 4 - 55

Creating and Destroying a ZFS Clone
To create a clone, enter zfs clone followed by the snapshot
name from which the clone is to be created, and the name of
the new file system or volume.
# zfs snapshot hrpool/ws/gate@yesterday
# zfs clone hrpool/ws/gate@yesterday hrpool/home/qarpt/summary

b
a
r
e
f

To destroy a clone, use zfs destroy followed by the clone
s
n
a
name.
r
-t

on
n
a
# zfs destroy hrpool/home/qarpt/summary
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Now you
onswitch yourl focus to ZFS clones, beginning with a brief review of how to create and
R
destroy
ro ZFS clones.
iceTo create a clone, use the zfs clone command, specifying the snapshot from which to
create the clone and the name of the new file system or volume.
In the example in the slide, a clone named hrpool/home/qarpt/summary is created with
the same initial contents as the snapshot hrpool/ws/gate@yesterday.
The new file system or volume can be located anywhere in the ZFS hierarchy.
The type of the new data set (for example, file system or volume) is the same as the snapshot
from which the clone was created.
Note: You cannot create a clone of a file system in a pool that is different from where the
original file system snapshot resides.
To destroy a ZFS clone, use the zfs destroy command followed by the clone name. In the
example in the slide, the clone named hrpool/home/qarpt/summary is destroyed.
Remember that clones must be destroyed before the parent snapshot can be destroyed.
Now you look at how to replace a ZFS file system with a ZFS clone
clone.

Oracle Solaris 11 Advanced System Administration 4 - 56

Replacing a ZFS File System with a ZFS Clone
With the clone replacement process, you can:
• Clone and replace file systems so that the original file
system becomes the clone of the newly created file system
• Destroy the file system from which the clone was originally
created
Note: Without clone promotion, you cannot destroy the original
ble
a
file system of active clones.
r
e

s
n
a
r
-t

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
ZFS uses
ona processl called clone replacement (or promotion), which enables you to replace
R
an
roactive ZFS file system with a clone of that file system. This process facilitates the ability to
iceclone and replace file systems so that the original file system becomes the clone of the newly
created file system. In addition, this process makes it possible to destroy the file system from
which the clone was originally created.
Note: Without clone promotion, you cannot destroy the original file system of active clones.
This feature is good to have if, for some reason, you absolutely need to modify production
data. (Under normal circumstances, you would not use this method. Instead, you would
introduce the modifications through databases and other tools.) To accommodate this special
situation,
it ti
create
t a clone
l
from
f
the
th file
fil system’s
t ’ snapshot.
h t This
Thi clone
l
iis nothing
thi b
butt a copy off
the production file system; however, it is writeable and editable. So now a programmer (or
system administrator) can open it like any other file system, modify the data and, considering
it as a newer copy of the file system, overlay the production file system with it. Because you
do not want to modify production data directly, being able to use clones is useful.

Oracle Solaris 11 Advanced System Administration 4 - 57

Replacing a ZFS File System with a ZFS Clone
To replace an active ZFS file system with a clone of that file
system, use zfs promote followed by the clone name.
# zfs snapshot hrpool/reviews/q4@today
# zfs clone hrpool/reviews/q4@today
p
/
/q
y hrpool/reviews/q4sum
p
/
/q
# zfs list -r hrpool/reviews
NAME
USED
AVAIL
REFER
MOUNTPOINT
hrpool/reviews
314K
8.24G
25.5K
/hrpool/reviews
hrpool/reviews/q4
288K
8.24G
288K
/hrpool/reviews/q4
hrpool/reviews/q4@today
0
288K
hrpool/reviews/q4sum
0
8.24G
288K
/hrpool/reviews/q4sum

b
a
r
e
f

an
r
t
n

no
a
s
a
h
REFER
MOUNTPOINT
)
ฺ
e
m
d
27.5K
/hrpool/reviews
o
i
u
ilฺc t/hrpool/reviews/q4
288K
G
a
n /hrpool/reviews/q4sum
m 288K
e
g
d
o@ Stu288K d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l process is a two-step operation. First, you replace an active ZFS file
The clone
onreplacement
R
system
ro by promoting the clone.
iceIn the first example, you can see from the zfs list output that the hrpool/reviews/q4
# zfs promote hrpool/reviews/q4sum
# zfs list -r hrpool/reviews
NAME
USED
AVAIL
hrpool/reviews
316K
8.24G
hrpool/reviews/q4
0
8.24G
hrpool/reviews/q4sum
288K
8.24G
hrpool/reviews/q4@today
0
-

file system has been cloned by using the hrpool/review/q4@today snapshot.
In the second example, the original hrpool/reviews/q4 file system is replaced with the
cloned file system, hrpool/reviews/q4sum, by promoting the clone.
In the zfs list output, you can see that the storage used by the original q4 file system has
been replaced with the q4sum file system.

Oracle Solaris 11 Advanced System Administration 4 - 58

Replacing a ZFS File System with a ZFS Clone
To rename the promoted file systems to the original name, use
zfs rename followed by the current file system name and a
new file system name.
# zfs rename hrpool/reviews/q4 hrpool/review/q4legacy
# zfs rename hrpool/reviews/q4sum hrpool/reviews/q4
# zfs list -r hrpool/reviews
NAME
USED AVAIL
REFER
MOUNTPOINT
hrpool/reviews
316K 8.24G
27.5K
/hrpool/reviews
hrpool/reviews/q4
288K 8.24G
288K
/hrpool/reviews/q4
hrpool/reviews/q4@today
0
288K
hrpool/reviews/q4legacy
0 8.24G
288K
/hrpool/reviews/q4legacy

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the original ZFS file system with the clone, you will want to complete
After you
onhave replaced
R
the
rosecond and final step of the process by renaming the file systems.
iceTo do this, use the zfs rename command followed by the current file system name and a
new file system name.
In the example in the slide, you renamed the original hrpool/reviews/q4 file system to
hrpool/reviews/q4legacy and the original clone file system, hrpool/reviews/q4sum,
to hrpool/reviews/q4, which was the name of the original file system.
In the zfs list output, you can see that the name changes have taken effect.
The original file system and snapshot can be deleted.
Now you turn your attention to the last topic in this lesson: sending and receiving ZFS data. It
begins by discussing how to send ZFS data.

Oracle Solaris 11 Advanced System Administration 4 - 59

Sending ZFS Snapshot Data
The zfs send command:
•
•

Is used to send ZFS snapshot data for backup purposes
Sends a copy of a snapshot to another pool:
– On the same system
– On a different system

•

Creates a stream representation of a snapshot that is
written to standard output

b
a
r
e
f

an
– By default, a full stream is generated.
r
t
n
– The
Th output
t t can b
be redirected
di t d tto a fil
file, to
t a different
diff a no
t system,
t
s
or to a device.
ha

)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l snapshot data by using the zfs send command. With this command,
n your ZFS
You canosend
R
you
ro can send a copy of a snapshot to another pool on the same system or to a pool on a
icedifferent system that is used to store backup data.
The zfs send command creates a stream representation of a snapshot that is written to
standard output. By default, a full stream is generated. You can redirect the output to a file, to
a different system, or to a device (for example, a mag tape).

Oracle Solaris 11 Advanced System Administration 4 - 60

Sending ZFS Snapshot Data
To send a ZFS snapshot, enter zfs send followed by the
snapshot name and destination.
# zfs send hrpool/data@snap1

To send incremental ZFS snapshot data, use zfs send –i.

b
a
r
e
f

# zfs send -i hrpool/data@snap1 hrpool/data@snap2

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l use the zfs send command followed by the snapshot name and
To sendoanZFS snapshot,
R
as shown in the first example.
ro
edestination,

You can also send incremental data by using the -i
i option with the zfs send command, as
shown in the second example.
Note that the first argument is the earlier snapshot (snap1) and the second argument is the
later snapshot (snap2).
Now you look at how to receive ZFS snapshot data.

Oracle Solaris 11 Advanced System Administration 4 - 61

Receiving ZFS Snapshot Data
The zfs receive command:
•
•

Is used to receive ZFS snapshot data
Receives the snapshot from:
– Another pool:
—
—

On the same system
On a different system

– A file or device

•
•

b
a
r
e
f

Creates a snapshot whose contents are specified in tthe
an
r
on
stream that is provided on standard input
n
a
s
Has an alias, recv
a
h

)

ฺ

m system
de is created
ofile
i
Note: If a full stream is received, a new
c
u
ฺ
l
ai nt G
as well.
m
e
g

@ Stud
o
d
al this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l data by using the zfs receive command. This command receives
n
You canoreceive
ZFS
R
snapshot
data from another pool on the same system or from another pool on a different
ro
icesystem. It can also receive snapshot data from a file or device.
The zfs receive command creates a snapshot whose contents are specified in the stream
that is provided on standard input.
Note: If a full stream is received, a new file system is created as well.

Oracle Solaris 11 Advanced System Administration 4 - 62

Receiving ZFS Snapshot Data
Keep the following key points in mind when you receive a file
system snapshot:
• The snapshot and the file system are received.
• The file system and all the descendant file systems are
unmounted.
• The file systems are inaccessible while they are being
ble
a
received.
r
fe
s
n
a
• The original file system to be received must not exist-trwhile
on
it is being transferred
transferred.
n
a
s
a
• If a conflicting file system name exists, zfs
rename
can
h ฺ
)
m ide
be used to rename the file system.
u
ฺco

ail nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 63

Receiving ZFS Snapshot Data
To receive a ZFS file system snapshot, use zfs receive
followed by the snapshot name and the location from which you
want to retrieve the file system.
#
#
#
#

zfs
zfs
zfs
zfs

send hrpool/jobdesc@1215 > /bkups/jobdesc.121511
receive hrpool/jobdesc2@today < /bkups/jobdesc.121511
rename hrpool/jobdesc hrpool/jobdesc.old
rename hrpool/jobdesc2 hrpool/jobdesc

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To receive
ona ZFS filel system snapshot, use the zfs receive command followed by the
R
name and the location from which you want to retrieve the file system.
ro
esnapshot

In the example in the slide, the hrpool/jobdesc@0930 snapshot of the hrpool/jobdesc
file system is sent to the destination backup system called /bkups/jobdesc.093011.
Next, the hrpool/jobdesc2@today snapshot of the hrpool/jobdesc2 file system is
retrieved from the backup system. Then the hrpool/jobdesc file system is renamed to
hrpool/jobdesc.old and the hrpool/jobdesc2 file system is renamed to
hrpool/jobdesc.

Oracle Solaris 11 Advanced System Administration 4 - 64

Remote Replication of ZFS Snapshot Data
To remotely copy snapshot data from one system to another
system, use zfs send and zfs receive.
# zfs send hrpool/report@today | ssh newsys zfs recv sandbox/restfs

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n the zfsl send and zfs receive commands to remotely copy (replicate) a
You canouse
R
snapshot
stream representation from one system to another system.
ro
iceIn the example in the slide, the hrpool/report@today snapshot data is sent, and it is
received in the sandbox/restfs file system. This command also creates a restfs@today
snapshot on the newsys system. In this example, the user has been configured to use ssh
on the remote system.
ZFS also supports sending and receiving complex snapshot streams. For more information
about remote replication of ZFS snapshot data and about sending and receiving ZFS data in
general, see the appropriate sections of Oracle Solaris Administration: ZFS File Systems.

Oracle Solaris 11 Advanced System Administration 4 - 65

Practices 4-2 and 4-3 Overview:
Using ZFS Snapshots for Backup and Recovery
and Using a ZFS Clone
These practices cover the following topics:
• Creating and destroying ZFS snapshots
• Rolling back ZFS snapshots
• Restoring ZFS snapshots
• Sending and receiving ZFS snapshot data
• Creating and destroying ZFS clones

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l take about one hour to complete.
These practices
on should
R
ro
ice

Oracle Solaris 11 Advanced System Administration 4 - 66

Lesson Agenda
•
•
•
•
•

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 67

b
a
r
e
f

Managing Data Storage Space
with ZFS File System Properties
This section covers the following topics:
• Setting ZFS properties
• Inheriting ZFS properties
• Querying ZFS properties
• Mounting and sharing ZFS file systems
• Setting ZFS quotas and reservations

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 68

Setting ZFS Properties
To modify any settable data set property, use zfs set followed
by property=value and the data set name.
# zfs set atime=off hrpool/home

Note: Only one property can be set or modified during each
zfs set invocation.

b
You can also set a property during the creation of a data set byfera
s
n
using zfs create.
a
r
-t
n
o
an
# zfs create -o atime=off hrpool/home
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l data set property, use the zfs set command followed by
To modify
onany settable
R
property=value
and a data set name. In the example in the slide, the atime property is
ro
iceset to off for hrpool/home.
Note: Only one property can be set or modified during each zfs set invocation.
You can also use the zfs create command to set properties when you are creating the file
system. In this example, you are setting the atime property to off as you create the file
system hrpool/home.
Now you look at how ZFS property inheritance works.

Oracle Solaris 11 Advanced System Administration 4 - 69

Inheriting ZFS Properties
•
•

All settable properties inherit their values from their
parents.
All inheritable properties have an associated source.

S
Source
Value

Definition
f

default

The property setting was not inherited or set locally.

local

b
a
r
e
f

an
r
t
n

The property was explicitly set on the data set by using the
zfs set command.

no
a
s
hanamed
The property was inherited from )the
ancestor.
inherited from
ฺ
e
m
dataset-name
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l except for quotas and reservation properties, inherit their values from
All settable
on properties,
R
their
ro parents.
ice

All inheritable properties have an associated source. The source indicates how a property
was obtained. The source of a property can have the following values:
• default: The property setting was not inherited or set locally. This source is a result of
no ancestor having the property as source local.
• local: The property was explicitly set on the data set by using the zfs set command
• inherited from dataset-name: The property was inherited from the named ancestor

If no ancestor has an explicit value set for an inherited property
property, the default value for the
property is used.

Oracle Solaris 11 Advanced System Administration 4 - 70

Inheriting ZFS Properties

# zfs list
NAME
USED
datapool
176K
datapool/software
65K
datapool/software/solaris
42K
datapool/software/solaris/ar 21K

AVAIL
1.95G
1.95G
1.95G
1.95G

# zfs get -r compression datapool
NAME
PROPERTY
datapool
compression
datapool/software
compression
datapool/software/solaris
compression
datapool/software/solaris/ar
p
/
/
/
compression
p

REFER
23K
23K
21K
21K

VALUE
off
off
off
off

MOUNTPOINT
/export/share
/export/share/software
/export/share/software/solaris
/export/share/software/solaris/ar

SOURCE
default
default
default
default

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l an example of how ZFS property inheritance works.
You now
onwalk through
R
ro you run the zfs list command to see the file system hierarchy, as shown in the first
First,
ice

output in the slide.
Next, you run the zfs get -r command for the compression property, as shown in the
second output. Here you can see that the compression property is set to off, which is the
default, for all the file systems.

Oracle Solaris 11 Advanced System Administration 4 - 71

Inheriting ZFS Properties

# zfs set compression=on datapool/software/solaris
# zfs get -r compression datapool
NAME
PROPERTY
VALUE
datapool
compression off
datapool/software
compression off
datapool/software/solaris
compression on
datapool/software/solaris/ar compression on

SOURCE
default
default
local
inherited from datapool/software/solaris

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Next, you
property to on for the datapool/software/solaris file
onset the compression
R
system.
ro
iceIf you run the zfs get -rr compression command for datapool, you can see how the
child file system inherits the ZFS property. Note that the compression value for
datapool/software/solaris is now set to on and the SOURCE has changed from
default to local.
You can also see how datapool/software/solaris/ar has inherited the compression
property value of on from its parent file system.

Oracle Solaris 11 Advanced System Administration 4 - 72

Inheriting ZFS Properties
To clear a property setting and have the setting inherited from
the parent, use zfs inherit followed by the property name
and the system file name path.
# zfs inherit compression datapool/software/solaris
# zfs get -r compression datapool
NAME
PROPERTY
VALUE
datapool
compression off
datapool/software
compression off
datapool/software/solaris
compression off
datapool/software/solaris/ar
p
/
/
/
compression
p
off

SOURCE
default
default
default
default

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If you want
on to returnlthe datapool/software/solaris file system’s compression value to
R
off,
ro you can do so by using the zfs inherit command. This command clears a property
icesetting, thereby causing the setting to be inherited from the parent.
In the example in the slide, zfs inherit is used to unset the compression property,
thereby causing the property to inherit the default setting of off. Because neither datapool
nor datapool/software has the compression property set locally, the default value is
used. If both datapool and datapool/software have compression on, the value set in
the most immediate ancestor is used.
Now you look at how to query ZFS properties.

Oracle Solaris 11 Advanced System Administration 4 - 73

Querying ZFS Properties
You can query property values with:
• zfs list
• zfs get
– Complex queries
– Scripting
– Any data set property

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The simplest
on way tolquery property values is by using the zfs list command. However, for
R
complex
ro queries and for scripting, you can use the zfs get command to obtain more detailed
iceinformation in a customized format. The zfs list command is covered in detail in the Oracle
Solaris 11 System Administration course. This course focuses on using the zfs get
command for querying ZFS properties.

Oracle Solaris 11 Advanced System Administration 4 - 74

Querying ZFS Properties
To retrieve any data set property, use zfs get followed by the
property name and the data set name.
# zfs g
get checksum hrpool/ws
p
NAME
PROPERTY
hrpool/ws
checksum

VALUE
on

SOURCE
default

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n the zfsl get command to retrieve any data set property, followed by the property
You canouse
R
name
ro and the data set name. In the example in the slide, the zfs get command is used to
iceretrieve the checksum property value for hrpool/ws. As you can see, the VALUE is set to
on and the SOURCE is default.

Oracle Solaris 11 Advanced System Administration 4 - 75

Querying ZFS Properties
The source values in zfs get are shown in the following table:
Source Value

Definition

default

The property setting was not inherited or set locally.

local

The property was explicitly set on the data set by using the
zfs set command.

inherited from
dataset-name

The property was inherited from the named ancestor.

an
r
t
n

Cic

no
a
s
a
h
) Its evalue
ฺ is generated
This property is a read-onlyo
property.
m
- (none)
d
i
by ZFS.
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
In addition
local, and inherited from data set–name source values that
onto the default,
R
ro have already seen, you may see two other source values in the zfs get output:
eyou
t
temporary

•

This property value was set by using the zfs
f mount
t -o
option and is valid only for the lifetime of the mount.

temporary:
p
y Is set byy using
g the zfs mount -o option
p
and is valid only
y for the lifetime of
the mount
- (none: Is a read-only property with a value that is generated by ZFS

Oracle Solaris 11 Advanced System Administration 4 - 76

b
a
r
e
f

Querying ZFS Properties
To retrieve all properties for the specified data set, use
zfs get all followed by the data set name.
# zfs get all hrpool
NAME
PROPERTY
hrpool
type
hrpool
creation
hrpool
used
hrpool
available

VALUE
filesystem
Tue Dec 18 9:33 2012
72K
66.9G

SOURCE
-

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l all keyword to retrieve all data set properties. The example in the
n the special
You canouse
R
slide
ro uses the all keyword to retrieve all existing data set properties for the hrpool file
icesystem.

Oracle Solaris 11 Advanced System Administration 4 - 77

Querying ZFS Properties
To specify the property types to display, use zfs get –s
followed by the source value and the data set name.
# zfs get -s local all hrpool
NAME
PROPERTY
VALUE
hrpool
compression
on

SOURCE
local

With the -s option, you can:

b
a
r
e
• Specify the desired source types with a comma-separated
sf
n
a
list
tr
n
no
• Use the following source types: default, local,
a
s
inherited, temporary, and none ) ha ฺ
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n the -s loption with the zfs get command to specify, by source value, the type of
You canouse
R
properties
to display.
ro
ice
This option takes a comma-separated
comma separated list that indicates the desired source types. Only
properties with the specified source type are displayed. The valid source types are default,
local, inherited, temporary, and none.
In the example in the slide, you have specified to show all properties with a local source
value for the file system hrpool. Only the compression property met the specified criteria,
and has been retrieved.

Oracle Solaris 11 Advanced System Administration 4 - 78

Querying ZFS Properties
The following zfs get options are designed for scripting:
• -H
– Omits header information
– Presents all white space as tabs

•

-o
– Allows customization of output
le
b
a
r
– Takes a comma-separated list of literal fields to display,
fe
s
n
together with a separate list of properties
tra

n
o
n

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l supports the -H and -o options, which are designed for scripting.
The zfs
onget command
R
ro -H option omits any header information and presents all white spaces as tabs.
The
ice
# zfs get -H -o value compression hrpool/home
on

You can use the -o
o option to customize the output.
output This option takes a comma
comma-separated
separated list
of literal fields (name, value, property, and source) to be output, followed by a space and
an argument, which is a comma-separated list of properties.
The example shows how to retrieve a single value by using the -H and -o options with zfs
get. In the example, you are retrieving the hrpool/home compression property value. The
value returned is on.
This concludes our discussion of setting, inheriting, and querying ZFS properties. Next, you
briefly look at mounting and sharing ZFS file systems.

Oracle Solaris 11 Advanced System Administration 4 - 79

Mounting and Sharing ZFS File Systems
This section covers the following topics:
• Overriding a default ZFS mount point
• Managing legacy mount points
• Sharing and unsharing ZFS file systems

b
a
r
e
f

an
r
t
n

Note

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

The basics of mounting and unmounting ZFS file systems are covered in the Oracle Solaris
11 Fundamentals for System Administrators course.
course If you are not familiar with how to perform
these tasks, see Oracle Solaris Administration: ZFS File Systems for details.

Oracle Solaris 11 Advanced System Administration 4 - 80

Overriding Default ZFS Mount Points
•

By default, all ZFS file systems are mounted:
– By ZFS at boot by using an SMF service
– Under /path, where path is the name of the file system

•

The default mount point can be overridden by setting the
mountpoint property to a specific path by using zfs
set.

•

When a default mount point is overridden, ZFS
automatically:
– Creates the mount point if needed
a
– Mounts the file system to the new mount point
as

b
a
r
e
f

an
r
t
n

)h
ilฺ t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l systems are mounted by ZFS at boot by using the Service
By default,
on all ZFS file
R
Facility’s (SMF) svc://system/filesystem/local service. File systems
ro
eManagement
c
are mounted under /path, where path is the name of the file system.
i
C
ฺ file.
Note: There is no need to edit thec/etc/vfstab
om ide

You can override the default mount point by setting the mountpoint property to a specific
path by using the zfs set command. ZFS automatically creates this mount point, if needed,
and automatically mounts the associated file system. ZFS file systems are automatically
mounted at boot time without requiring you to edit the /etc/vfstab file.

Oracle Solaris 11 Advanced System Administration 4 - 81

Introducing the mountpoint Property
The mountpoint property:
•
•
•

Is inherited
Can be set to none to prevent the file system from being
mounted automatically
Can be set to legacy to manage through legacy mount
interfaces

ble

– This setting prevents ZFS from automatically mounting and fera
s
n
managing the file system.
a
r
-t
n
o
– The file system must be managed by using legacy
tools
an
(mount, umount) and /etc/vfstab.
s
a

)can beeฺmounted,
Note: To determine whether a file system
m
o
uidthe
ilฺc t G
check the value of the canmount a
property
and
m den
g
mountpoint property.
@ tu

do is S
l
a
n
th
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
ld lice
a
n
The mountpoint
property is inherited. For example, if pool/home has mountpoint set to
o
R
/export/stuff,
then pool/home/user inherits /export/stuff/user for its
ro
icemountpoint property.
You can set the mountpoint property to none to prevent the file system from being mounted
automatically.
If you prefer, you can explicitly manage file systems through legacy mount interfaces by
setting the mountpoint property to legacy. However, doing so prevents ZFS from
automatically mounting and managing this file system. If you decide to take this approach,
you must manage the file systems by using legacy tools (including the mount and umount
commands) and the /etc/vfstab
/ t / f t b file.
file
Note: To determine whether a file system can be mounted, check the value of the canmount
property and the mountpoint property.

Oracle Solaris 11 Advanced System Administration 4 - 82

Automatic Mount Point Behavior
•

When changing from a legacy or none mount point, ZFS
automatically mounts the file system.
• If ZFS is managing the file system but is currently
unmounted,, and the mountpoint
p
property
p
p y is changed,
g ,
the file system remains unmounted.
• When the mountpoint property is changed, ZFS
ble
automatically reassigns the mount point.
a
r
fe
s
n
• Mount point directories are created as needed.
a
r
t
n
olegacy
• Any data set whose mountpoint property is not
is
n
a
s
managed by ZFS.
a
h
)by using
ฺ zpool
e
m
Note: A default mount point can be created
d
o
i
ilฺc t Gu
a
create –m.
n
m

g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l (automatic or legacy) determines how the mount point behaves.
The type
onof mount point
R
ro
iceFor example, automatic mount points exhibit the following behaviors:
•

•
•
•
•

When changing from a legacy or none mount point
point, ZFS automatically mounts the file
system.
If ZFS is managing the file system but is currently unmounted and the mountpoint
property is changed, the file system remains unmounted.
When the mountpoint property is changed, ZFS automatically unmounts the file
system from the old mount point and remounts it to the new mount point.
Mount point directories are created as needed. If ZFS is unable to unmount a file system
because it is active, an error is reported and a forced manual unmount is necessary.
Any data set whose mountpoint property is not legacy is managed by ZFS.

Note: You can set the default mount point for the root data set at creation time by using the
zpool create -m option.

Oracle Solaris 11 Advanced System Administration 4 - 83

Legacy Mount Point Behavior
•

Legacy file systems must be managed by using the mount
and umount commands and the /etc/vfstab file.

•

ZFS does not automatically mount legacy file systems on
boot.
The ZFS mount and unmount commands do not operate
on legacy file systems.
le
To automatically mount a legacy file system on boot, you erab
sf
n
must add an entry to the /etc/vfstab file.
a
r

•
•

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n pointsl exhibit the behaviors outlined in the slide:
Legacyo
mount
R
ro
ice

n
o
n

Oracle Solaris 11 Advanced System Administration 4 - 84

Managing Legacy Mount Points
To manage ZFS file systems with legacy tools, use zfs set
followed by mountpoint=legacy and the file system name.
# zfs set mountpoint=legacy hrpool/home/reports

To mount the file system, use mount –F followed by the file
system type, the file system name, and a mount point.

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
As stated
onpreviously,l you can manage ZFS file systems with legacy tools by setting the
R
property to legacy.
ro
emountpoint
# mount -F zfs hrpool/home/reports
/
/
/
/mnt

To set up and manage a ZFS file system in legacy mode, use the zfs set command
followed by the mountpoint=legacy property and the file system name, as shown in the
first example in the slide.
You can then mount the file system by using the Solaris legacy mount command mount with
the -F option, followed by the file system type, the file system name, and a mount point, as
illustrated in the second example.
Now that you know how to manage a legacy mount point in ZFS, you will look at how to share
and unshare ZFS file systems.

Oracle Solaris 11 Advanced System Administration 4 - 85

share.nfs Property: Introduction
•
•

ZFS automatically shares file systems by using the
share.nfs property.
The share.nfs property is a comma-separated list of
options
p
to p
pass to the share command.
—

The value on:
—

Is an alias for the default share options
Provides read/write permissions to anyone

Cic

ab
The value off indicates that the file system is not managed by fer
s
n
ZFS.
a
r
-t
n
o
• All file systems whose share.nfs
h
f property is not
ff are
a n off
s
shared during boot.
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l release, the share.nfs property replaces the sharenfs property to
In Oracle
onSolaris 11.1
R
ro and publish an NFS share. Similar to directories, ZFS can automatically share file
edefine
—

—

systems by using the share.nfs property. If you use this method, you do not have to modify
the /etc/dfs/dfstab file when a new file system is added.
The share.nfs property is a comma-separated list of options to pass to the share
command. The value on is an alias for the default share options, which provides read/write
permissions to anyone. The value off indicates that the file system is not managed by ZFS.
All file systems whose share.nfs property is not off are shared during boot.

Oracle Solaris 11 Advanced System Administration 4 - 86

Setting the share.nfs Property
To share a new file system, use the zfs set syntax similar to
what is shown in the following example:
# zfs set share.nfs=on hrpool/home/reports

•
•

The share.nfs property is inherited.
Setting share.nfs to off:

– Prevents a file system from automatically being shared
s
n
a
r
– Allows the file system to be shared by using legacy methods
-t

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
By default,
are unshared. To share a new file system, use the zfs set syntax
on all file systems
R
ro to what is shown in the example in the slide). In the example shown, the share.nfs
e(similar

Cic

property is set to on for the hrpool/home/reports file system.

The share.nfs property is inherited, and file systems that are created or exist below a
shared file system are automatically shared.
Setting the share.nfs property to off prevents a file system from being automatically
shared and allows the file system to be shared by using legacy methods.

Oracle Solaris 11 Advanced System Administration 4 - 87

b
a
r
e
f

Unsharing ZFS File Systems
To explicitly unshare a file system, use zfs unshare followed
by the file system name or mount point.
# zfs unshare hrpool/home/reports

To unshare all ZFS file systems, use zfs unshare with the -a
option.
# zfs unshare -a

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Although
are automatically shared and unshared during boot, creation, and
onmost file systems
R
destruction,
file systems sometimes need to be explicitly unshared. To do so, use the zfs
ro
iceunshare command followed by the file system name or mount point. In the first example in

the slide, the hrpool/home/reports file system is being unshared.

To unshare all ZFS file systems on the system, you can use the -a option, as shown in the
second example.
Note: zfs unshare is a temporary unshare. It does not change the share.nfs property of
the file system (or its children).

Oracle Solaris 11 Advanced System Administration 4 - 88

b
a
r
e
f

Sharing ZFS File Systems
To share a file system, use zfs share followed by the file
system name.
# zfs share hrpool/home/reports

To share all ZFS file systems, use zfs share with the -a
option.
# zfs share -a

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n time, thel automatic behavior of ZFS—sharing on boot and creation—is sufficient
Most ofo
the
R
for
ronormal operation. If, for some reason, you unshare a file system, you can share it again by
iceusing the zfs share command. In the first example in the slide, the
hrpool/home/reports file system is being shared.

You can also share all ZFS file systems on the system by using the -a option, as shown in
the second example.

Oracle Solaris 11 Advanced System Administration 4 - 89

Setting ZFS Quotas and Reservations
This section covers the following topics:
• Setting quotas on ZFS file systems
– User quotas
– Group quotas

•
•
•

Displaying user and group space usage
Removing user and group quotas
Setting reservations on ZFS file systems

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 90

Introducing the quota, reservation, refquota,
and used Properties
•
•
•
•

Use the quota property to set a limit on the pool space
used by a file system.
Use the reservation property to guarantee a specified
amount of space
p
for a file system
y
from a p
pool.
Use the refquota property on a data set to limit the
amount of disk space that a data set can consume.
le
The amount of space used by a file system is reported by erab
sf
n
the used property.
a
r

n
o
n

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l property to set a limit on the amount of space that a file system can
n the quota
You canouse
R
use.
ro In addition, you can use the reservation property to guarantee that some amount of
icespace is available to a file system. Both properties apply to the data set on which they are set
and to all descendants of that data set.
For example, if a quota is set on the hrpool/home data set, the total amount of space used
by hrpool/home and all of its descendants cannot exceed the quota. Similarly, if
hrpool/home is given a reservation, hrpool/home and all of its descendants draw from
that reservation.
To limit the amount of disk space that a data set can consume, you can use the refquota
property Unlike the quota
property.
t and reservation
ti properties,
properties this property does not include the
disk space that is consumed by descendants.
The amount of space used by a data set and all of its descendants is reported by the used
property.

Oracle Solaris 11 Advanced System Administration 4 - 91

Setting Quotas for ZFS File Systems
To set a quota on a file system, use zfs set followed by
quota=, the space amount, and the file system name.
# zfs set quota=10g hrpool/home/reports

To display the quota setting for a file system, use zfs get
followed by quota and the file system name.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
c current
u data set
ilฺthe
Note: The quota cannot be less than
G
a
t
m den
g
usage.
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l and displayed by using the zfs set and zfs get commands.
ZFS quotas
on can be set
R
Inro
the first example in the slide, you are setting a quota of 10 GB on
icehrpool/home/reports.
To do this, you use the zfs set command followed by
# zfs g
get q
quota hrpool/home/reports
p
/
/ p
NAME
PROPERTY
VALUE
hrpool/home/reports
quota
10.0G

SOURCE
local

quota=10g and the file system name.
In the second example, you are displaying the values of the quota property. To do this, you
use the zfs get command followed by the property name quota and the file system name.
Note: You cannot set a quota to an amount that is less than what is currently being used by a
data set.

Oracle Solaris 11 Advanced System Administration 4 - 92

Setting Quotas for ZFS File Systems
To limit the amount of disk space that a data set can consume,
use zfs set followed by refquota=, the space amount, and
the data set name.
# zfs set refquota=10g
refquota 10g hrstaff/tsmith
# zfs list -t all -r hrstaff
NAME
USED AVAIL
hrstaff
150M 66.8G
hrstaff/tsmith
150M 9.85G
hrstaff/tsmith@yesterday
0
# zfs snapshot hrstaff/tsmith@today
# zfs list -t all -r hrstaff
hrstaff
150M 66.8G
hrstaff/tsmith
150M 9.90G
hrstaff/tsmith@yesterday
50.0M
hrstaff/tsmith@today
0
-

REFER
32K
150M
150M

MOUNTPOINT
/hrstaff
/hrstaff/tsmith
-

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l on a file system to limit the amount of disk space that a data set can
n a refquota
You canoset
R
consume.
As was mentioned previously, this hard limit does not include the disk space that is
ro
iceconsumed by descendants.
32K
100M
150M
100M

/hrstaff
/hrstaff/tsmith
-

In the example, you are setting a refquota of 10 GB on hrstaff/tsmith. To do this, you
use the zfs set command followed by refquota=10g and the file system name. You then
run the zfs list command with the -t option to see the snapshots associated with the
hrstaff data set. Then you create a new snapshot of hrstaff/tsmith and call it
hrstaff/tsmith@today. When you run the zfs list -t command again, you will see
that tsmith’s 10 GB quota is not affected by the space that is consumed by the snapshots.

Oracle Solaris 11 Advanced System Administration 4 - 93

Setting a User Quota on a ZFS File System
To set a user quota on a file system, use zfs set followed by
userquota@=, the space amount, and the file system
name.
# zfs create finance/tax
/
# zfs set userquota@rsmart=10g finance/tax

To display the user quota setting for a file system, use zfs get
le
followed by userquota@ and the file system name. erab

s
n
a
r
-t

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n user or lgroup quota on the amount of space consumed by the files that are
You canoset
R
owned
ro by a particular user or group.
iceYou can set a user quota by using the zfs set userquota command followed by the
# zfs get userquota@rsmart finance/tax
NAME
PROPERTY
VALUE
finance/tax
userquota@rsmart
10g

SOURCE
local

username, the amount of space that you want to allocate to the user, and the file system
name. In the first example in the slide, you first create the file system finance/tax. Then
you set the user quota to 10 GB for the username rsmart.
To display the current user quota, use the zfs get command followed by the userquota
(userquota@) command and the file system name.

Oracle Solaris 11 Advanced System Administration 4 - 94

Setting a Group Quota on ZFS File System
To set a group quota on a file system, use zfs set followed by
groupquota@=, the space amount, and the file
system name.
# zfs create finance/ar
# zfs set groupquota@ar=20GB finance/ar

To display the group quota setting for a file system, use zfs
le
get followed by groupquota@ and the file system erab
sf
n
name.
a
r

n
o
n

a
s
SOURCE
a
) h elocal
ฺ
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To set group
on quota, luse the zfs set groupquota command followed by the amount of
R
space
ro that you want to allocate to the group and the file system name. In the first example in
icethe slide, you first create the file system finance/ar. Then you set the group quota to 20
# zfs get groupquota@staff finance/ar
NAME
PROPERTY
finance/ar
groupquota@ar

VALUE
20G

GB for the group ar.

To display the current group quota, use the zfs get command followed by the groupquota
(groupquota@) command and the file system name.
Note: Enforcement of user or group quotas might be delayed, which means that users might
exceed their quota before the system notices that they are over quota and refuses additional
writes.

Oracle Solaris 11 Advanced System Administration 4 - 95

Displaying User and Group Space Usage
To display general user space usage, use zfs userspace
followed by the file system name.
# zfs userspace finance/tax
TYPE
NAME
USED
POSIX User
root
227M
POSIX User
rsmart
455M

QUOTA
none
10g

b
a
r
e
To display general group space usage, use zfs groupspacesf
an
r
followed by the file system name.
t
on
n
a
# zfs groupspace finance/ar
s
a
TYPE
NAME
USED
QUOTA
) h eฺ
m
POSIX Group root
217M
none
co Guid
ฺ
l
i
POSIX Group ar
217M
20G
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l user and group space usage by using the zfs userspace and zfs
n general
You canodisplay
R
subcommands, respectively, as illustrated in the examples in the slide.
ro
egroupspace

Cic

Oracle Solaris 11 Advanced System Administration 4 - 96

Identifying User and Group Space Usage
To identify individual user space usage, use zfs
userused@ followed by the file system name.
# zfs get userused@rsmart finance/tax
NAME
PROPERTY
finance/tax
userused@rsmart

VALUE
455M

SOURCE
local

To identify group space usage, use zfs groupused@
le
b
a
r
followed by the file system name.
fe

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n individual
You canoidentify
user space usage by using the zfs get command followed by
R
userused@
and the file system name, as shown in the first example in the slide.
ro
iceHere, you want to identify the space used by rsmart in the file system finance/tax. You
# zfs g
get g
groupused@ar
p
finance/ar
NAME
PROPERTY
finance/ar
groupused@ar

VALUE
217M

SOURCE
local

can see that 455 MB of space is being used.
Similarly, you can identify group space usage by using the zfs get command followed by
groupused@ and the file system name, as shown in the second example. Here, you
want to identify the space used by the group ar in the finance/ar file system. You can see
that 217 MB of space is being used.
Note: The user and group quota properties are not displayed by using the zfs get all
d t
dataset
t command
d th
thatt di
displays
l
a lilisting
ti off allll fil
file system
t
properties.
ti

Oracle Solaris 11 Advanced System Administration 4 - 97

Removing User and Group Quotas
To remove a user quota, use zfs set
userquota@=none followed by the file system name.
# zfs set userquota@rsmart=none finance/tax

To remove a group quota, use zfs set
groupquota@=none followed by the file system
name.
# zfs set groupquota@staff=none finance/ar

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l or group quota by using the zfs set command to set the user or
n
You canoremove
a user
R
group
ro quota property to none, as illustrated in the examples in the slide.
ice
Now you look at how to set reservations on ZFS file systems.

Oracle Solaris 11 Advanced System Administration 4 - 98

Identifying Reservation Restrictions
•
•

A ZFS reservation is an allocation of space from the pool
that is guaranteed to be available to a data set.
Space cannot be reserved for a data set if that space is not
currently
y available in the pool.
p
The total amount of all outstanding unconsumed
reservations cannot exceed the amount of unused space
ble
in the pool.
a
r
fe
s
n
A data set can use more space than it has reserved if:ra

•

– Unreserved space is available in the pool
– Its current usage is below its quota
has

n
o
n

•

a
eฺ
m)is reserved
A data set cannot consume spacecthat
for
d
o
i
u
ฺ
l
i
G
another data set.
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 99

Setting Space Reservation
on a Data Set and Snapshot
To set a space reservation on a data set and snapshot, use
zfs set followed by reservation, the space amount, and
the file system name.
# zfs set reservation=20g
# zfs list
NAME
USED
finance
20.0G
finance/ap
10g

finance/ap
AVAIL
13.2G
33.2G

REFER
19K
18K

MOUNTPOINT
/finance
/finance/ap

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To guarantee
on spacel allocation on a data set and snapshot, you can set ZFS reservations by
R
ro the zfs set reservation= command.
eusing
Regular reservations are accounted for in the parent’s
parent s used space.
In the example in the slide, you are setting the reservation value of the finance/ap file
system to 20 GB from 10 GB.

Note: A reservation on a file system is shared with its descendants.
If you run the zfs list command, you can see that the smaller of the two quotas (10 GB
versus 20 GB) that you just set for finance/ap is displayed.
Notice also that the increase in reserved space is reflected in the USED and AVAIL space
columns of the parent (finance). The amounts have changed from 10 GB to 20 GB in the
USED column and from 23.2 GB to 13.2 GB in the AVAIL column.

Oracle Solaris 11 Advanced System Administration 4 - 100

Setting Space Reservation on a Data Set
To set a space reservation on a specific data set, use zfs set
followed by refreservation=, the space amount, and the
file system name.
# zfs set refreservation=10g finance/ap
# zfs list
NAME
USED
AVAIL
REFER
finance
10.0G
23.2G
19K
finance/ap
10g
33.2G
18K

•
•

MOUNTPOINT
/finance
/finance/ap

b
a
r
e
f

an
r
t
n

The space consumed by descendants, snapshots,
a n and
s
ha ฺ
clones is not included.
)
e
dset’s
omdata
i
c
u
The setting counts against the parent
quotas
ฺ
l
ai nt G
m
and reservation.
g
de

o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n a reservation
You canouse
property called refreservation to set a space reservation on a
R
specific
ro data set that does not include the space consumed by descendants, snapshots, and
iceclones.
The refreservation value is accounted for in the parent data set’s space used, and
counts against the parent data set’s quotas and reservations.
To set this property, use the zfs set command followed by refreservation=, the amount
of space that you want to allocate, and the file system name. In this example, you are
reserving 10 GB of space for the file system finance/ap. Notice how this is reflected in the
AVAIL column.

Oracle Solaris 11 Advanced System Administration 4 - 101

Displaying Reservation Values
To see the values of both reservations, use zfs get followed
by reservation, refreservation, and the file system
name.
# zfs get reservation,refreservation finance/ap
/
NAME
PROPERTY
VALUE
SOURCE
finance/ap
reservation
20G
local
finance/ap
refreservation 10g
local

b
a
r
e
f

a if
r
Note: If refreservation is set, a snapshot is allowed-only
t
n
otto
n
enough
h ffree pooll space exists
i t outside
t id thi
this reservation
ti
a
s
a
accommodate the current number of referenced
bytes
h ฺ in the
)
m ide
data set.
u
ฺco

Cic

ail nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n values ofl both reservations for the finance/ap file system, you can use the zfs
To see o
the
R
ro command followed by the reservation and refreservation property names
eget

(separated by a comma) and the file system name, as shown in the example in the slide. In
the example, both the reservation and refreservation property values are displayed
for the finance/ap file system. With this view, you can see that the reservation property
is set to 20 GB and the refreservation property is set to 10 GB.

Note: If refreservation is set (as it is in this example), a snapshot is allowed only if
enough free pool space exists outside this reservation to accommodate the current number of
referenced bytes in the data set.
N
Now
th
thatt you have
h
ab
better
tt understanding
d t di off how
h
tto sett quotas
t and
d reservations
ti
on ZFS fil
file
systems, you can practice what you have learned.

Oracle Solaris 11 Advanced System Administration 4 - 102

Practice 4-4 Overview:
Configuring ZFS Properties
This practice covers the configuration of:
• Quota and reservation properties
• The share property
• ZFS compression

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 4 - 103

Lesson Agenda
•
•
•
•
•

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
You now
onlook at howl to troubleshoot several different types of ZFS failures, including ZFS
R
device
ro and data issues.
ice

Oracle Solaris 11 Advanced System Administration 4 - 104

b
a
r
e
f

Troubleshooting ZFS Failures
•
•
•
•
•

Identifying problems in ZFS
Repairing a damaged ZFS configuration
Repairing a missing device
Repairing a damaged device
Repairing damaged data

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l shown how to identify and recover from ZFS failure modes.
In this section,
on you are
R
Information
about preventing failures is provided as well.
ro
ice

Oracle Solaris 11 Advanced System Administration 4 - 105

Identifying Problems in ZFS
This section covers the following topics:
• Overview of troubleshooting in ZFS
• The basic recovery process
• Configuring syslog for FMD messages
•
•

Determining problems in a ZFS storage pool
Interpreting zpool status output

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 106

Troubleshooting in ZFS: Overview
The zpool status command is central to ZFS
troubleshooting. This command does the following:
• Analyzes various failures in the system
• Identifies the most severe problem
• Presents a suggested action
• Presents a link to a knowledge article for more information
ble
a
r
• Presents only a single problem
sfe

a
r
t
on

Cic

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l is centered on the zpool status command. This command
n
All ZFSotroubleshooting
R
various failures in the system and identifies the most severe problem, presenting
ro
eanalyzes

you with a suggested action and a link to a knowledge article for more information. Note that
zpool status identifies only a single problem with a pool, although multiple problems can
exist.

Oracle Solaris 11 Advanced System Administration 4 - 107

Basic Recovery Process
The basic recovery process is as follows:
1. Identify errors through the Fault Management Daemon
(FMD) messages displayed on the system console or in
/
/var/adm/messages.
/
/
g
2. Find further repair instructions in zpool status -x.
3. Repair the failures:

ble

– Replace the faulted or missing device and bring it online. fera
s
n
a
– Restore the faulted configuration or corrupted data from
a
r
-t
n
o
backup.
backup
n

a
)
ฺ
e
m
d
o
5. Back up the restored configuration,
if
applicable.
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l steps that you should perform to recover from ZFS problems.
The slide
onlists the basic
R
ro
iceNote: You see and interpret FMD messages during the practice that follows this lecture.
4. Verify the recovery by using zpool status
has -x.

Oracle Solaris 11 Advanced System Administration 4 - 108

Configuring syslog for FMD Messages
1. Create a new file named /var/adm/messages.fmd for
Fault Management Daemon to log the device-related
messages.
2. Back up
p the current /
/etc/syslog.conf
/ y
g
file.
3. Edit the /etc/syslog.conf file by entering a new line
below the existing line as follows:
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
daemon.err
/var/adm/messages.fmd

s
n
a
r
-t to
4. Restart the syslog service for the new configuration
n
o
take effect by using svcadm restart system-log.
an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on
R
ro

Cic

Oracle Solaris 11 Advanced System Administration 4 - 109

b
a
r
e
f

Determining Problems in a ZFS Storage Pool
•
•

Use zpool status -x to determine if a known problem
exists.
If no bad pools exist, the “all pools are healthy” status is
returned.

# zpool status -x
all pools are healthy

•

Without the -x flag, the status of all pools (regardless of
s
n
a
health) is displayed.
r
-t

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The easiest
if a known problem exists on a system is to use the zpool
on way to determine
R
status
ro -x command. This command displays only pools that exhibit problems.
iceIf no bad pools exist on the system, the command displays a simple “all
all pools are

b
a
r
e
f

healthy” message, as shown in the example in the slide.
Without the -x flag, the command displays the complete status for all pools (or the requested
pool, if specified on the command line), even if the pools are otherwise healthy.
You now look at an example of a zpool status output.

Oracle Solaris 11 Advanced System Administration 4 - 110

Interpreting zpool status Output
Header section
# zpool
pool:
state:
status:
t t

status hrpool
hrpool
DEGRADED
O
One or more d
devices
i
has
h
been
b
taken
t k
offline
ffli
b
by th
the
administrator. Sufficient replicas exist for the pool to
continue functioning in a degraded state.
action: Online the device using ’zpool online’ or replace the
device with ’zpool replace’.
scrub: none requested
config:
NAME
STATE
READ
WRITE CKSUM
hrpool
DEGRADED
0
0
0
mirror-0
DEGRADED
0
0
0
c1t0d0
ONLINE
0
0
0
c1t1d0
OFFLINE
0
0
0
errors: No known data errors

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The header
on section lin the zpool status output (as highlighted in the example in the slide)
R
contains
ro the following fields, some of which are displayed only for pools that exhibit problems:
ice • ppool: Name of the ppool

•
•
•
•
•

•

state: Current health of the pool
status: Description of what is wrong with the pool
action: Recommended action for repairing the errors
see: Reference to a knowledge article that contains detailed repair information
(displayed only when a pool is exhibiting problems; see slide 116 for an example)
scrub: Current status of a scrub operation
operation. This information is distinct from whether any
errors are detected on the system, although this information can be used to determine
the accuracy of the data corruption error reporting. If the last scrub ended recently, it is
likely that any known data corruption has been discovered.
errors: Known data errors or the absence of known data errors. ZFS maintains a
persistent log of all data errors associated with the pool. This log is rotated whenever a
complete scrub of the system finishes. Data corruption errors are always fatal.

Oracle Solaris 11 Advanced System Administration 4 - 111

b
a
r
e
f

Interpreting zpool status Output
Configuration (config) field: first section
# zpool
pool:
state:
status:
t t

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
errors: No known data errors
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The configuration
(config)
field in the zpool status output, which is highlighted in the
on
R
example
ro in the slide, describes the configuration layout of the devices comprising the pool,
icetheir state, and any errors generated from the devices.

The state can be one of the following: ONLINE, DEGRADED, FAULTED, OFFLINE, REMOVED,
or UNAVAIL.
If the state is anything but ONLINE, the fault tolerance of the pool has been compromised.

Oracle Solaris 11 Advanced System Administration 4 - 112

b
a
r
e
f

Interpreting zpool status Output
Configuration (config) field: second section
# zpool
pool:
state:
status:
t t

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
errors: No known data errors
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The second
on section lof the configuration output, which is highlighted in the example in the
R
slide,
ro displays error statistics (that is, the number of errors). These errors are divided into
icethree categories:

•
•
•

READ: The I/O error occurred while issuing a read request.
WRITE: The I/O error occurred while issuing a write request.
CKSUM: Checksum error. The device returned corrupted data as the result of a read
request.

These errors can be used to determine if the damage is permanent.

Oracle Solaris 11 Advanced System Administration 4 - 113

b
a
r
e
f

Determining Problems in a ZFS Storage Pool
ZFS displays syslog messages for the following:
•
•
•

Device state transition
Data corruption
Pool failures and device failures

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l keeping track of errors within the pool, ZFS also displays syslog
In addition
onto persistently
R
when events of interest occur.
ro
emessages
The following scenarios generate events to notify the administrator:
• Device state transition
• Data corruption
• Pool failures and device failures

Oracle Solaris 11 Advanced System Administration 4 - 114

Repairing a Damaged ZFS Configuration
•

ZFS maintains a cache of active pools and their
configuration on the root file system in
/etc/zfs/zpool.cache.

•

To recover the configuration,
g
, you
y can:
– Export the pool (if it is visible at all)
– Re-import it

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l of active pools and their configurations on the root file system in
ZFS maintains
on a cache
R
/etc/zfs/zpool.cache.
ro
ice

If this file is corrupted or somehow becomes out of sync with what is stored on disk, the pool
can no longer be opened.
ZFS tries to avoid this situation, although arbitrary corruption is always possible.
This situation typically results in a pool disappearing from the system when it should
otherwise be available. This situation can also occur as a partial configuration that is missing
an unknown number of top-level virtual devices.
In either case, you can recover the configuration by exporting the pool (if it is visible at all) and
re-importing it.

Oracle Solaris 11 Advanced System Administration 4 - 115

Repairing a Missing Device
If a device cannot be opened, UNAVAIL is displayed in the
zpool status output.
# zpool status hrpool
pool: hrpool
p
p
state: DEGRADED
status: One or more devices could not be opened. Sufficient replicas exist for
the pool to continue functioning in a degraded state.
action: Attach the missing device and online it using 'zpool online'.
see: http://www.sun.com/msg/ZFS-8000-2Q
scrub: none requested
config:
NAME
hrpool
mirror-0
c1t0d0
c1t1d0

STATE
READ WRITE CKSUM
DEGRADED
0
0
0
DEGRADED
0
0
0
ONLINE
0
0
0
UNAVAIL
0
0
0 cannot open

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
errors: No known data errors
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If a device
oncannot bel opened, it appears as UNAVAIL in the zpool status output, as
R
in the example in the slide.
ro
ehighlighted

Cic

Oracle Solaris 11 Advanced System Administration 4 - 116

b
a
r
e
f

Repairing a Missing Device
•

An UNAVAIL status means that:
– The device could not be opened when the pool was first
accessed
– The device has since become unavailable

•
•

If the device causes a top-level virtual device to be
unavailable, nothing in the pool can be accessed.
ble
To restore normal operation, reattach the device to the
a
r
fe
s
system.
n
a

tr
n
no

Cic

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
An UNAVAIL
on status lmeans that ZFS was unable to open the device when the pool was first
R
or that the device has since become unavailable.
ro
eaccessed,

If the device causes a top-level
top level virtual device to be unavailable, nothing in the pool can be
accessed. This is to avoid the possibility of the fault tolerance of the pool being compromised.
In either case, the device simply needs to be reattached to the system to restore normal
operation. You now look at how this can be done.

Oracle Solaris 11 Advanced System Administration 4 - 117

Reattaching a Device

Device Type

Action

Network-attached drive

Restore connectivity.

USB or other removable
media

R
Reattach
h to the
h system.

Local disk

Determine if it is a disk or controller problem.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l device is reattached depends on the device in question:
n a missing
Exactlyo
how
R
r•o If the device is a network-attached drive, connectivity should be restored.
ice
•
•

If the device is a USB or other removable media
media, it should be reattached to the system
system.
If the device is a local disk, a controller may have failed resulting in the device being no
longer visible to the system. In this case, the controller should be replaced, at which
point the disks will be available again.

Oracle Solaris 11 Advanced System Administration 4 - 118

Repairing a Missing Device
•

ZFS may not automatically detect device availability if:
– The pool was degraded
– The device was replaced while the system was up

•

Use zpool online to notify ZFS that the device is now
available and ready to be reopened.

b
a
r
e
f

# zpool online hrpool c0t1d0

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
After a device
to the system, ZFS may or may not automatically detect its
on is reattached
R
availability.
ro
ice

If the pool was previously faulted, or the system was rebooted as part of the attach procedure,
ZFS automatically rescans all devices when it tries to open the pool.
However, if the pool was degraded and the device was replaced while the system was up,
you must notify ZFS that the device is now available and ready to be reopened by using the
zpool online command, as shown in the example in the slide, where you are bringing
device c0t1d0 back into the pool named hrpool.

Oracle Solaris 11 Advanced System Administration 4 - 119

Repairing a Damaged Device
This section covers the following topics:
• Determining the cause of device failure
• Clearing transient errors
• Replacing a device in a ZFS storage pool
• Viewing resilvering status

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 120

Determining the Cause of Device Failure
Possible causes of device failure
• Bit rot
• Misdirected reads or writes
• Administrator error
• Temporary outage
• Bad or flaky hardware
• Offlined device

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If you have
on a devicelfailure, the first thing that you must do is to determine what caused the
R
device
ro to fail. The damage to the device could have been caused by a several possible
icesituations:
• Bit rot
• Misdirected reads or writes
• Administrator error
• Temporary outage
• Bad or flaky hardware
• Offlined device
So how do you determine what caused the damage?

Oracle Solaris 11 Advanced System Administration 4 - 121

Determining the Cause of Device Failure
Use zpool status –v to examine the error counts.
# zpool
pool:
state:
status:
action:

status -v
hrpool
UNAVAIL
One or more devices are faulted in response to IO failures.
Make sure the affected devices are connected, then run 'zpool
clear'.
see: http://www.sun.com/msg/ZFS-8000-HC
scrub: scrub completed after 0h0m with 0 errors on Tue Oct 4 13:08:42 2011
config:
NAME
hrpool
c1t0d0
c1t1d0

STATE
UNAVAIL
ONLINE
UNAVAIL

READ WRITE CKSUM
0
0
0
0
0
0
4
1
0

insufficient replicas

b
a
r
e
f

an
r
t
n

no
a
errors: Permanent errors have been detected in the following files:
s
a
h
)
ฺ
/hrpool/data/aaa
e
m
d
o
i
/hrpool/data/bbb
ilฺc t Gu
/hrpool/data/ccc
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n is to examine
The firstostep
the error counts in the zpool status output by using the zpool
R
status
ro –v command, as shown in the example in the slide.
ice
cannot open
p

The errors are divided into I/O errors and checksum errors, both of which may indicate the
possible failure type.

A typical operation predicts a very small number of errors (just a few over long periods of
time).
If you are seeing large numbers of errors, the situation probably indicates impending or
complete device failure.
Also
so ta
take
e some
so e time
t e to read
ead the
t e knowledge
o edge a
article
t c e tthat
at is
s referenced
e e e ced in tthe
e see sect
section
o of
o the
t e
zpool status output. It contains detailed repair information that you might find useful.

Oracle Solaris 11 Advanced System Administration 4 - 122

Determining the Cause of Device Failure
Check the system log:
• A large number of SCSI or fibre channel driver messages
indicates serious hardware problems.
• If no syslog messages are generated,
generated damage is likely to
be transient.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The other
onsource of linformation is the system log. If the log shows a large number of SCSI or
R
fibre
ro channel driver messages, the situation probably indicates serious hardware problems.
iceIf no syslog messages are generated, the damage is likely to be transient.

The question to ask is: Is another error likely to occur on this device?
If the answer to this question is “No,” you can clear the transient errors. You now take a brief
look at how to do this.

Oracle Solaris 11 Advanced System Administration 4 - 123

Clearing Transient Errors
•

To clear the error counters for RAID-Z or mirrored devices
and to clear any errors associated with the device, use
zpool clear poolname devicename.

# zpool
l clear
l
hrpool
h
l c1t0d0
1t0d0

•

To clear all errors associated with the virtual devices in the
e
pool and to clear any data error counts associated with the rabl
e
pool, use zpool clear poolname.
nsf

a
r
t
on

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l deemed to be transient (that is, if they are unlikely to affect the future
If the device
on errors are
R
health
ro of the device), the device errors can be safely cleared to indicate that no fatal error
iceoccurred.
# zpool clear hrpool

To clear the error counters for RAID-Z or mirrored devices, use the zpool clear command
followed by the device name, as shown in the first example in the slide. This syntax clears any
errors associated with the device.
To clear all errors associated with the virtual devices in the pool and to clear any data error
counts associated with the pool, use the zpool clear command followed by the pool name.
This is shown in the second example, where the transient errors are being cleared from the
h
hrpool
l pool.
pool

Oracle Solaris 11 Advanced System Administration 4 - 124

Replacing a Device in a ZFS Storage Pool
•
•

•

For a device to be replaced, the device must be part of a
replicated configuration.
The disk is part of a replicated configuration; therefore,
sufficient replicas
p
from which to retrieve g
good data must
exist.
A device cannot be safely replaced if:

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If you determine
thatl the damage to the device is permanent or that permanent damage is
on
R
likely
ro in the future, you must replace the device. Whether the device can be replaced depends
iceon the configuration. The device must be part of a replicated configuration. The disk is part of

b
– The loss of a device causes the pool to become faulted
a
r
e
sf
n
– The device contains too many data errors in an unreplicated
a
tr
n
configuration
o

a replicated configuration; therefore, sufficient replicas from which to retrieve good data must
exist.
If the loss of a device causes the pool to become faulted, or if the device contains too many
data errors in an unreplicated configuration, the device cannot safely be replaced.

Oracle Solaris 11 Advanced System Administration 4 - 125

Replacing a Device in a ZFS Storage Pool
•

Use zpool replace poolname devicename to replace
a device with a new device in the same location.

# zpool replace hrpool c1t0d0

•

To replace a damaged device with a different device, use
zpool replace poolname devicename devicename.

# zpool replace hrpool c1t0d0 c2t0d0

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l command followed by the pool and device names to replace a
n replace
Use theozpool
R
device
ro with a new device in the same location. This is shown in the first example, where you
iceare replacing the device c1t0d0 in the pool named hrpool.

Or, if the autoreplace property is set, you can physically replace the device in the same
location.
If you are replacing the damaged device with a different device, use the zpool replace
command followed by the pool name, the name of the device that you are replacing, and the
name of the device that is replacing the damaged device. This is shown in the second
example, where you are replacing the damaged device c1t0d0 in the pool named hrpool
with the device c2t0d0.
2t0d0

Oracle Solaris 11 Advanced System Administration 4 - 126

b
a
r
e
f

Viewing Resilvering Status
Resilvering:
• Is the process of moving data from one device to another
• Is monitored by using zpool status
•
•

Resilvers only the minimum amount of necessary data
Is interruptible and safe

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l a drive can take an extended period of time, depending on the size
The process
on of replacing
R
ofro
the drive and the amount of data in the pool.
ice

The process of moving data from one device to another is known as resilvering and can be
monitored by using the zpool status command. ZFS resilvers only the minimum amount of
necessary data. Resilvering is interruptible and safe.

Oracle Solaris 11 Advanced System Administration 4 - 127

Scrubbing
•

•

Examines all data to discover silent errors due to hardware
faults or disk failure
Supports automatic repair of any damage discovered
during
g the scrub
Is monitored by using zpool status

•

Cannot be run if:

•

– Another scrub is already in progress
– A resilver is in progress

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l are very similar operations. The difference is that resilvering
Scrubbing
onand resilvering
R
examines
only data that ZFS knows to be out of date (for example, when attaching a new
ro
icedevice to a mirror or replacing an existing device), whereas scrubbing examines all data to
•

I begun
Is
b
by
b using
i zpool
l scrub
b pool
l

discover silent errors due to hardware faults or disk failure.

The scrub examines all data in specified pools to verify that it checksums correctly. For
replicated (mirror or raidz) devices, ZFS automatically repairs any damage discovered during
the scrub. The zpool status command reports the progress of the scrub and summarizes
the results of the scrub after completion.
Because scrubbing and resilvering are I/O-intensive operations, ZFS allows only one at a
time If a scrub is in progress,
time.
progress a subsequent zpool
l scrub
b returns an error,
error with the advice to
use zpool scrub -s to cancel the current scrub. If a resilver is in progress, ZFS does not
allow a scrub to be started until the resilver completes.
To begin the scrub operation, you use zpool scrub pool.

Oracle Solaris 11 Advanced System Administration 4 - 128

Repairing Damaged Data
This section covers the following topics:
• Data corruption overview
• Identifying the type of data corruption
• Repairing a corrupted file or directory
• Repairing ZFS storage pool–wide damage

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 4 - 129

Data Corruption: Overview
•

Data corruption can occur if:
– The pool is not replicated
– Corruption occurred while the pool was degraded
– An unlikely series of events conspired to corrupt multiple
copies of a piece of data

•

Two basic types of data can be corrupted:
– Pool metadata
– Object data

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
ZFS uses
replication, and self-healing data to minimize the chances of data
onchecksumming,
R
corruption.
ZFS verifies data during normal operation, as well as through scrubbing.
ro
ice
Nonetheless, data corruption can occur if the pool is not replicated, if corruption occurred
while the pool was degraded, or if an unlikely series of events corrupted multiple copies of a
piece of data.
Two basic types of data can be corrupted:
• Pool metadata
• Object data

Oracle Solaris 11 Advanced System Administration 4 - 130

Identifying the Type of Data Corruption
Use zpool status –v poolname to identify the type of
data corruption.
Object data corruption example:
# zpool
pool:
state:
status:

status hrpool -v
hrpool
ONLINE
One or more devices has experienced an error resulting in data
corruption. Applications may be affected.
action: Restore the file in question if possible. Otherwise restore
the entire pool from backup.
see: http://www.sun.com/msg/ZFS
http://www sun com/msg/ZFS-8000-8A
8000 8A

errors: Permanent errors have been detected in the following files:
/hrpool/data/abc
/hrpool/data/def.txt
/hrpool/data/ghi.txt

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The zpool
on statusl -v command shows that corruption has occurred; it also shows where
R
the
rocorruption occurred.
ice

The code output in the slide is an example of object data corruption. Notice that the state of
the pool called hrpool is ONLINE but the status reveals that “One or more devices has
experienced an error resulting in data corruption.” Notice also that the
errors section lists several files in which errors have been detected.

Oracle Solaris 11 Advanced System Administration 4 - 131

Identifying the Type of Data Corruption
Pool metadata corruption example:
# zpool status -v sales
pool: sales
id: 1422736890544688191
state FAULTED
state:
status: The pool metadata is corrupted.
action: The pool cannot be imported due to damaged devices or data.
see: http://www.sun.com/msg/ZFS-8000-72
config:
sales FAULTED corrupted data
c1t1d0 ONLINE

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If the data
oncorruptionl is in pool-wide metadata, the output is slightly different, as shown in this
R
example.
Notice that the state of the pool called sales is FAULTED and the status is “The
ro
icepool metadata is corrupted.”

Oracle Solaris 11 Advanced System Administration 4 - 132

Repairing a Corrupted File or Directory
•
•
•
•
•

The system may still be able to function.
Any damage is effectively unrecoverable.
No good copies of the data exist anywhere on the system.
If the data is valuable
valuable, restore the affected data from
backup.
If the damage is within a file data block, remove the file.

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If a file or
ondirectory isl corrupted, the system may still be able to function, depending on the
R
type
ro of corruption.
ice

Any damage is effectively unrecoverable. No good copies of the data exist anywhere on the
system.
If the data is valuable, your only choice is to restore the affected data from backup.
If the damage is within a file data block, the file can safely be removed, thereby clearing the
error from the system.

Oracle Solaris 11 Advanced System Administration 4 - 133

b
a
r
e
f

Repairing ZFS Storage Pool–Wide Damage
If you cannot open or import a pool because of damage to the
pool metadata, you must perform either of the following:
• Attempt to recover the pool by using zpool clear –F
poolname or zpool
p
p
import
p
–F p
poolname.
– An attempt is made to roll back to an operational state.
– To review a damaged pool and see recommended recovery
steps, use zpool status.

•

Restore the pool and all its data from a backup copy.

an
r
t
n

– Save the pool configuration as displayed in zpoolostatus.
status
n
a
– Destroy the pool by using zpool destroy
as-f poolname.

) property
ฺ settings.
e
– Keep a file of the data set layout and
local
m
d
o
i
lฺc t Gu
iconfiguration.
a
– Reconstruct the complete pool
m den
g
@ thetubackup / restore strategy.
– Populate the data by ousing

ld is S
a
n
th
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
ld lice
a
n
If the damage
o is in pool metadata, and if that damage prevents the pool from being opened or
R
imported,
you have two options.
ro
ice • You can attemptp to recover the ppool byy usingg the zpool
p
clear -F command or the

zpool import -F command followed by the pool name. These commands attempt to
roll back the last few pool transactions to an operational state. You can use the zpool
status command to review a damaged pool and the recommended recovery steps.
•

If the pool cannot be recovered by the pool recovery method, you must restore the pool
and all its data from a backup copy. The approach that you use to restore the pool
varies widely depending on the pool configuration and backup strategy. First, save the
configuration as displayed by the zpool status command so that you can re-create it
after the pool is destroyed. Then use the zpool destroy -f command to destroy the
pool. In addition, you should keep a file that describes the layout of the data sets and the
various locally set properties in a safe place, because this information becomes
inaccessible if the pool is ever rendered inaccessible. With the pool configuration and
data set layout, you can reconstruct your complete configuration after destroying the
pool. You can then populate the data by using whatever backup or restoration strategy
you use.
use

Oracle Solaris 11 Advanced System Administration 4 - 134

b
a
r
e
f

Practice 4-5 Overview:
Troubleshooting ZFS Failures
This practice covers the troubleshooting of:
• ZFS device issues
• ZFS data errors in a mirror pool

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 4 - 135

Summary
In this lesson, you should have learned how to:
• Implement a plan for data storage configuration and
backup
• Manage data redundancy with a mirrored storage pool
• Configure data backup and restore by using ZFS
snapshots
le
b
a
r
• Manage data storage space by using ZFS file system
fe
s
n
a
properties
r
t
on
n
• Troubleshoot
T bl h t ZFS issues
i
a

s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l shown how to implement a plan for data storage configuration and
In this lesson,
on you were
R
backup.
ro You learned how to provide data redundancy for your company’s business
iceapplication data by configuring a mirrored storage pool. You were also taught how to use

snapshots to back up and recover data. You were shown how to manage data storage space
by using several ZFS file system properties. Finally, you were shown how to troubleshoot
several ZFS issues that have to do with devices and data.

Oracle Solaris 11 Advanced System Administration 4 - 136

C fi
Configuring
i
Network
N t
k and
d Traffic
T ffi Failover
F il

b
a
r
e
f

an
r
t
n

R
o
r
ce

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
e
sOracle
o © 2013,
r
u
Copyright
and/or its affiliates. All rights reserved.
e
o
c
i
t
c
o ( ense
d
l
lic
ona

Objectives
After completing this lesson, you should be able to:
• Implement a plan for network and traffic failover
configuration
• Configure the following:
–
–
–
–
–

Systems on a local network
A reactive network
Network File System
Link aggregation
A IPMP group
An

b
a
r
e
f

an
r
t
n

no
a
• Implement link failover by using IPMP ) has
ฺ
e
m
d
o
i
• Monitor an IPMP group
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l how to configure and monitor an IP multipathing (IPMP) group on an
In this lesson,
on you learn
R
existing
ro local network for traffic failover in accordance with a plan. In addition, you are
iceintroduced to and shown how to configure a reactive network and Network File System (NFS).

Oracle Solaris 11 Advanced System Administration 5 - 2

Workflow Orientation

IPS
AI INSTALL
MONITORING

DATA
STORAGE

RESOURCE
EVALUATION

PROCESSES
NETWORK
CONFIGURATION

ENTERPRISE
DATACENTER

an
r
t
n

enterprise environment, as a general practice, the client and server machines are all
networked together. The application data is transmitted over the network to the data storage
medium, such as databases. The users interact with the database for query and update
purposes. If network connectivity is not working optimally, the whole data transmission
operation is affected. As a system administrator, it is your responsibility to ensure the network
is configured appropriately and is always operational.

Oracle Solaris 11 Advanced System Administration 5 - 3

b
a
r
e
f

Lesson Agenda
•
•
•
•
•
•
•
•

Planning for Network and Traffic Failover
Configuring Systems on a Local Network
Configuring a Reactive Network
Configuring Network File System
Configuring Link Aggregation
Configuring an IPMP Group
Implementing Link Failover by Using IPMP
g an IPMP Group
p
Monitoring

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 4

Planning for Network and Traffic Failover
Network and traffic failover planning is required to ensure that:
• Network needs of the business and the user community
are supported
• Network communications remain uninterrupted
• Network performance is good

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Your company
on wantsl assurance that the new operating system will support the user
R
community’s
needs. Given the amount of network traffic your company has on a daily basis,
ro
iceand the number of transactions that occur over the network—both internal and external to the
company—the business cannot afford unplanned network down time. As part of your
company’s predeployment testing plan, your group will be focused on testing network
connectivity functionality and performance with the goal of ensuring that when the operating
system is deployed, the network configuration supports both uninterrupted network
communications and good network performance.
In this topic you are introduced to several key Oracle Solaris 11 network features that will
enable you to meet your company’s
company s network connectivity requirements
requirements.

Oracle Solaris 11 Advanced System Administration 5 - 5

Configuring a Host For TCP/IP
Network configuration checklist:






IP addresses
Netmask
Domain name
Name service
Default router

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
After a network
in place, the network configuration process involves configuring
on is physically
R
the
ronetwork interfaces and associated IP addresses. Daemons and services that implement
icethe TCP/IP protocol are made available to the system based on this configuration or acquired
from the network configuration server, known as network client mode.

A typical TCP/IP network configuration requires the following information:
• IP address of each network interface on every system. The address scheme can be IP
version 4 (IPv4) or IP version 6 (IPv6) and it may include subnet addressing.
• Netmask in use on each system’s network and subnetmask, if applicable
• Name service or directoryy service that yyour network uses, such as NIS, LDAP, or DNS
• Domain name for your network, such as oracle.com
• Default router addresses

Oracle Solaris 11 Advanced System Administration 5 - 6

Configuring Network Services
•
•
•
•

RARP/ARP
TFTP
NFS
Name service

TCP/IP
Server

– NIS, LDAP, DNS

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
tu
Network
Client
Network Client
o@ S
d
l
s
a
i
n
th
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
e
ald lichost
If there o
isn
at least one
configured as a network client, then there must be at least one
R
machine,
usually configured locally, that supplies the TCP/IP configuration information and
o
cer

other directory services and acts as a server for the clients. The server can be configured with
different protocols, such as:
• Reverse Address Resolution Protocol (RARP): Maps Ethernet addresses to IPv4
addresses and is the reverse of ARP. Clients obtain their IP addresses by using this
service.
• Trivial File Transfer Protocol (TFTP): An application that allows for the transfer of files
between systems
• Network
N t
k Fil
File Servers
S
(NFS):
(NFS) Enables
E bl clients
li t tto ttransparently
tl access d
data
t ffrom a fil
file
server. You will configure an NFS server later in this lesson.
• Name services: For example, NIS, LDAP, and DNS

Oracle Solaris 11 Advanced System Administration 5 - 7

Reactive Network Configuration
Reactive network configuration consists of:
•
•
•
•
•

Network Configuration Profiles (NCPs)
Location profile
Network Configuration Units (NCUs)
External Network Modifiers (ENMs)
Known WLANs

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l NWAM has been renamed to reactive network configuration. You can
In Oracle
onSolaris 11.1,
R
ro network configuration automatically using the reactive network configuration feature.
emanage

Reactive network configuration works according to the default policy rules defined by the
system, or you can customize it using Network Configuration Profiles (NCPs). It is dynamic in
design, so it can respond to a system’s changing configuration. For example, if a laptop is
unplugged from an Ethernet cable, reactive network configuration can automatically connect
to a wireless network. Therefore, location profiles are another big component of reactive
network configuration. They house the systemwide network configuration in both systemdefined and user-defined locations.

Network Configuration Units (NCUs) are containers that store all the individual configuration
objects that make up an NCP. Each object correlates to an individual link or interface in the
system.
External Network Modifiers (ENMs) are profiles to manage external applications, such as a
virtual private network (VPN) application.
All the known wireless local area networks (WLANs) to your system are contained in a list that
g
maintains ((and can reference)) to help determine the order in
reactive network configuration
which connections to available wireless networks are attempted.

Oracle Solaris 11 Advanced System Administration 5 - 8

Network File System
Servers and Clients
•
•

Server versus client roles
Advantages of NFS:
–
–
–
–
–
–
–

Accesses the same data
Reduces storage costs
Provides data consistency and reliability
Provides transparency
Reduces administration overhead
Provides heterogeneous environments
Enables automatic file sharing

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The terms
onclient andl server are used to describe the roles that a computer assumes when
R
sharing
ro file systems over a network. The computers that access the files are called clients and
icethe computers that share their files are called servers. The Network File System (NFS) is a
service that provides file sharing. Any computer can access any other computer’s file systems
as well as its own. A computer can assume the role of a client or server or both at any time.
Clients access the files on the server by mounting the shared file system, thereby accessing it
directly and transparently, just like any other local mount on their system.
The advantages of NFS are numerous. Because multiple computers can access the same
files and the same data, it reduces the storage costs because clients don’t need local disk
space to have copies of the file
file. Sharing the files by using NFS is also transparent to the user
and provides data consistency and reliability throughout all the applications. This reduces the
time that system administrators need to maintain the system. NFS also supports
heterogeneous environments, which is pertinent in today’s multiplatform world, and with NFS
the file sharing can be automatic.

Oracle Solaris 11 Advanced System Administration 5 - 9

Network Performance Concepts
•
•
•
•

Bandwidth: Bit rate for sending or receiving data over a
network
Failover: Ability to substitute a backup component for one
that becomes unavailable
Load balancing: Distribution of workload to achieve
optimal utilization
ble
a
Resource management: Setting of bandwidth and
r
fe
s
n
resource limits for OS-forced network sharing policiesra

n
o
n

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
When planning
on yourl network configuration, there are several key performance concepts that
R
you
ro need to take into consideration:
ice • Bandwidth:
a d dt Increasing
c eas g ba
bandwidth
d dt is
s a never-ending
e e e d g tas
task for
o tthe
e network
et o ad
administrator
st ato

•

and there are many methods to achieve this, some of which are discussed in this
lesson.
Failover: When a server, system, or network goes down, the ability to automatically
switch over to a redundant or standby service is called an automatic failover. In
networking, failover can be achieved with link aggregation. Also, through the Oracle
Solaris IPMP functionality, you can combine multiple network connections in parallel to
provide failover and increase network throughput
throughput.
Load balancing: Another way to maximize throughput and minimize response time may
entail load balancing, which simply means to distribute the workload across multiple
networking resources, as can be achieved with the integrated load balancer in Oracle
Solaris.
Resource management: Using virtual network interface cards (VNICs), users can
consolidate server workloads, establish flows, and better enforce resource limits, which
means more efficient handling of network traffic and the ability to offer a better QoS
without adding overhead.

Oracle Solaris 11 Advanced System Administration 5 - 10

Link Aggregation
•
•
•

Provides performance advantages
Links must be of the same speed, full duplex, and point-topoint.
Utilizes the dladm command

external
internal

aggr1
192.168.50.21

b
a
r
e
f

net0

an
r
t
n

no
a
s
full duplex, p2p,
net1
a
h
)
ฺ
samem
speed
e
d
o
i
net2
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l link aggregation consists of two or more IP interfaces on a system,
Also called
on “trunking,”
R
which
ro are combined to form a single, logical unit for the purposes of increasing bandwidth or
iceachieving automatic failover, load balancing, and redundancy. Having one IP address for all

aggregated interfaces instead of one per interface is also easier to administer in many
respects, and is less demanding on the network address pool. For systems that run an
application with heavy queries, a link aggregation can be dedicated to that application’s traffic
for ease of administration. For sites that do not want to expose their internal interfaces for
security purposes, link aggregation ensures the interfaces are hidden from external
applications. In this example, a link aggregation named aggr1 has an exposed IP address of
192.168.50.21, but the internal interfaces net0, net1, and net2 are not seen externally.
The Link Aggregation Standard states that all links must be full-duplex, point-to-point links that
operate at identical speeds.
You can create, modify, and delete link aggregations by using the dladm command. You
learn how to perform these tasks later in this lesson.

Oracle Solaris 11 Advanced System Administration 5 - 11

Load Balancing and Aggregation Policies
In policy making, determination of the outgoing link is done by
hashing the specific header of each packet:
• L2 (Networking): MAC header
• L3 (Addressing): IP header
• L4 (Communication): TCP/UDP or other ULP header

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l link aggregation, it is best to define a policy for outgoing traffic to
When planning
on to use
R
establish
load balancing. A policy can specify how packets are distributed across the
ro
iceavailable links. These are the possible layer specifiers for the aggregation policy. The

default—as shown in the dladm man page—is L4, but any combination of these policies is
valid.
Note: ULP stands for Upper Layer Protocol.

Oracle Solaris 11 Advanced System Administration 5 - 12

Aggregation Modes and Switches
LACP switch modes:
• Off: Default mode, no LACPDUs
• Active: LACPDUs at specified, regular intervals
• Passive: LACPDUs only when received from switch

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
If the aggregation
topology
is connected through a switch and supports the link aggregation
on
R
control
ro protocol (LACP), you can configure LACP for the switch and the aggregation by using
iceone of these modes. The LACP packets are called LACP Data Units or (LACPDUs). If the
switch and the aggregation are both configured in passive mode, then they cannot exchange
LACPDUs.

Oracle Solaris 11 Advanced System Administration 5 - 13

IPMP: Introduction
•

Performance advantages
–
–
–
–

•

Fault tolerance
Load spreading
Increased bandwidth
Transparent redundancy

LAN

IPMP groups
– Active-active
– Active-standby

b
a
r
e
f

net0
net1
net2

an
r
t
n

no
a
s
a
h
Server
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
Client
d
l
s
a
i
n
th
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
d ice
l Solaris feature that provides physical interface failure detection, packet
nal Oracle
Anotherouseful
R
load
ro balancing, and transparent redundancy is IP multipathing (IPMP). IPMP makes it
icepossible to assign an IP address to a group of network interfaces. If the IP is bound to an NIC
net3

in an IPMP group and the NIC fails, the group can bind the IP address to another NIC in the
group. As a result, a client that uses the IP to contact a service does not experience a loss of
service.
This means any port, NIC, cable, or switch failures don’t impact any connections because
IPMP assigns interfaces to an IP address while continually monitoring the underlying
interfaces to ensure a connection is maintained. If IPMP detects that the IP interface being
used has failed
failed, it swaps it to a working IP interface
interface. Applications do not need to be aware
that they are running on a system managed by IPMP. IPMP can be configured for both IPv4
and IPV6.

Oracle Solaris 11 Advanced System Administration 5 - 14

The IPMP load-spreading feature increases bandwidth by spreading the outbound load
between two or more physical NICs on the same system to the same IPMP group. An IPMP
group is represented as an IPMP interface, which is treated like any other interface on the IP
layer. These interfaces can belong to an IPMP group in either an active-active or activestandby configuration.
Active-active configuration means all the underlying interfaces are ready and currently
available for use by the IPMP group. An active-standby configuration means that at least one
interface is in standby mode but can be automatically deployed in the case of a failed
interface.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 15

IPMP Components
•
•
•
•
•

IPMP daemon: in.mpathd
IPMP service: svc:/network/ipmp
Configuration file: /etc/default/mpathd
IPMP administration command: ipadm
IPMP display information command: ipmpstat

•
•

Customized IPMP interface names
Dynamic Host Control Protocol

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
IPMP consists
on of thel following components:
R
r•o IPMP daemon (in.mpathd): Detects failure by sending ICMP echo probes through the
ice interface and also monitors the RUNNING flagg on the interface. If a failure is detected

•
•

•

from one of these methods, the daemon chooses the standby IP address or next
appropriate IP address and failover occurs.
IPMP service (svc:/network/ipmp): Sets IPMP properties, such as enabling or
disabling transitive probing
Configuration file (/etc/default/mpathd): Is used to specify the daemon’s default
behavior. This file can be used to set parameters, such as specifying which interfaces to
probe
b ffor failure
f il
and
d th
the time
ti
duration.
d ti
This
Thi fil
file can also
l b
be used
d tto specify
if what
h t th
the
status of a failed interface should be after it is repaired, or whether to monitor all
interfaces, including those not belonging to an IPMP group.
IPMP administration command (ipadm): Is used to administer IP interfaces that are
part of an IPMP group

Oracle Solaris 11 Advanced System Administration 5 - 16

•

IPMP display information command (ipmpstat): Provides information about the
IPMP configuration, such as the underlying IP group interfaces, the test and data IP
addresses in use, the types of failure detection being used, and interfaces that have
failed (if applicable)
Customized IPMP interface names: With the ability to customize link names, link
configuration is no longer bound to the physical NIC, which means greater flexibility in
administering IP interfaces and IPMP itself. For example, if a failover occurs, the new
NIC can be given the same name as the failed one, provided they are of the same type.
The same configuration files can then be used, thus saving valuable administration time.
Dynamic Host Control Protocol: Used by IPMP to create and assign IP addresses

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 17

Comparing Link Aggregation and IPMP

Aggregated Links
IPMP Group

aggr1
192.168.50.21

net0
net1

net0

net2
net3

net1
Server

net2

aggr2
192.168.50.22

Switch

VERSUS

b
a
r
e
f

net4
net5
net6

an
r
t
n

Switch

no
a
s
net3
a
h
Server
)
ฺ
e
m
d
o
i
net4
ilฺc t Gu LAN Switch
a
m den
g
net5
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l incoming traffic is spread over the multiple links that comprise the
In link aggregations,
on
R
aggregation.
Thus, networking performance is enhanced as more NICs are installed to add
ro
icelinks to the aggregation. IPMP’s traffic uses the IPMP interface’s data addresses as they are
net7

bound to the available active interfaces. If, for example, all the data traffic is flowing between
only two IP addresses but not necessarily over the same connection, then adding more NICs
will not improve performance with IPMP because only two IP addresses remain usable.

The two technologies complement each other and can be deployed together to provide the
combined benefits of network performance and availability. For example, except where
proprietary solutions are provided by certain vendors, link aggregations currently cannot span
multiple switches.
switches Thus,
Thus a switch becomes a single point of failure for a link aggregation
between the switch and a host. If the switch fails, the link aggregation is likewise lost, and
network performance declines. IPMP groups do not face this switch limitation. Thus, in the
scenario of a LAN using multiple switches, link aggregations that connect to their respective
switches can be combined into an IPMP group on the host. With this configuration, both
enhanced network performance as well as high availability are obtained. If a switch fails, the
data addresses of the link aggregation to that failed switch are redistributed among the
remaining link aggregations in the group
group.

Oracle Solaris 11 Advanced System Administration 5 - 18

Implementing the Network and
Traffic Failover Plan
Your assignment is to:
• Test the reactive network configuration and NFS
• Configure link aggregation
• Configure link failover by using IPMP

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 19

Quiz
What is the default policy for link aggregation?
a. L2 (Networking): MAC header
b. L3 (Addressing): IP header
c L4 (Communication): TCP/UDP or other ULP header
c.

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 5 - 20

Quiz
IPMP can be configured for both IPv4 and IPv6.
a. True
b. False

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 5 - 21

Quiz
Which IPMP component is responsible for detecting failures?
a. IPMP daemon
b. IPMP service
c DHCP
c.

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 5 - 22

Quiz
Link aggregation and IPMP cannot be deployed together.
a. True
b. False

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 5 - 23

Lesson Agenda
•
•
•
•
•
•
•
•

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 24

Configuring Systems on a Local Network
This section covers the following topics:
• Configuring a physical network interface manually
• Deleting a physical network interface manually
• Displaying TCP/IP network information

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 25

Configuring a Physical Network
Interface Manually
1. Check the current status of the
network/physical:default service by using svcs
network/physical. If the service is not up and running,
enable it by using svcadm enable
network/physical:default.
2. Create the network interface by using ipadm create-ip
interface.
ble
a
r
3. Specify the IP address by using ipadm create-addrns–fe
a
r
t
T static -a addrobj.
j
on
n
a ipadm
4. Verify the network interface configuration a
bys using
) h eฺ
show-if.
m
id
co using
u
ฺ
l
i
G
5. Verify the IP address information
by
ipadm showa nt
m
addr.
@g tude

Cic

do is S
l
a
n
th
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
ld lice
a
n
To configure
o a physical network interface manually (as opposed to having it done
R
for you by the reactive network configuration), you complete the steps listed in
ro
eautomatically

the slide.
Notes for step 2: The ipadm command is used to configure and manage IP network
interfaces, addresses, and TCP/IP protocol properties. The create-ip subcommand
creates an IP interface that handles both IPv4 and IPv6 packets. The address of the IPv4
interface will be set to 0.0.0.0 and the address of the IPv6 interface will be set to ::. This
subcommand, by default, causes the information to persist, so that on the next reboot this
interface will be instantiated.
Notes for step 3: The create-addr
t
dd subcommand
b
d with
ith th
the -T
T static
t ti -a option
creates a static IPv4 or IPv6 address on the specified interface. If the interface on which the
address is created is not plumbed, this subcommand will implicitly plumb the interface. By
default, a configured address will be marked up, so that it can be used as a source or
destination of or for outbound and inbound packets.
Notes for step 4: The show-if subcommand displays network interface configuration
g
on the system,
y
including
g the ones
information, either for all the network interfaces configured
that are only in the persistent configuration, or for the specified network interface.

Oracle Solaris 11 Advanced System Administration 5 - 26

Configuring a Physical
Network Interface Manually: Example
# svcs network/physical
STATE
STIME
FMRI
online
9:34:40 svc:/network/physical:default
# ipadm
p
create-ip
p net0
# ipadm create-addr –T static -a 192.168.0.112/24 net0/v4add1
# ipadm show-if
IFNAME
CLASS
STATE
ACTIVE OVER
lo0
loopback ok
yes
-net0
ip
ok
yes
-# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
net0/v4add1
static
ok
192.168.0.112/24
lo0/v6
static
ok
::1/128

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The example
on in the lslide presents the steps for configuring a physical network interface
R
manually.
First, you check if the network/physical:default service is online and find
ro
icethat it is. You then create the network interface net0 and specify the IP address. To verify
that your network interface is working, use the ipadm show-if command. Here you can
see that net0 is in the ok state and active. The final step is to verify the IP address for the
new network interface by using the ipadm show-addr command.

Oracle Solaris 11 Advanced System Administration 5 - 27

Deleting a Physical Network Interface Manually
1. Delete the IP address by using ipadm delete-addr
addrobj.
2. Delete the network interface by using ipadm delete-ip
interface.
3. Verify that the network interface has been deleted by using
ipadm show-if.

4. Verify that the IP address information has been deleted by erab
sf
n
using ipadm show-addr.
a
r

n
o
n

Cic

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To delete
ona physicall network interface manually, you complete the steps listed in the slide.
R
ro for step 1: The delete-addr subcommand deletes all the addresses identified for
eNotes

the specified interface. It also removes these addresses from the persistent data store. This
means these addresses will not be instantiated on reboot.
If the address object is a DHCP-controlled address, delete-addr removes the address from
the system without notifying the DHCP server, and records the current lease for later use.
Notes for step 2: The delete-ip subcommand deletes the interface from active
configuration. All addresses configured on the interface will be torn down. Further, all the
persistent information related to the interface will be removed from the persistent data store
and, for this reason, the interface is not to be instantiated on reboot. To disable an interface
from active configuration (rather than delete the interface), you can use the disable-if
subcommand.
Note: If you use the ipadm delete-ip interface command first, you do not need
to use the ipadm delete-addr addrobj command because the former
automatically removes all IP addresses associated with the specified interface.

Oracle Solaris 11 Advanced System Administration 5 - 28

Deleting a Physical
Network Interface Manually: Example
# ipadm
# ipadm
# ipadm
IFNAME
lo0
# ipadm
ADDROBJ
lo0/v4
lo0/v6

delete-addr 192.168.0.112/24 net0/v4add1
delete-ip net0
show-if
CLASS
STATE
ACTIVE OVER
loopback ok
yes
-show-addr
TYPE
STATE
ADDR
static
ok
127.0.0.1/8
static
ok
::1/128

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The example
on in the lslide presents the steps for deleting a physical network interface
R
manually.
In this case, you first delete the IP address associated with the network interface
ro
icenet0 and then the interface itself. To verify that the network interface has been deleted, use

the ipadm show-if command. Here, you can see that net0 is no longer part of the
configuration. The final step is to verify that the IP address has been deleted as well, by using
the ipadm show-addr command.

Oracle Solaris 11 Advanced System Administration 5 - 29

Displaying TCP/IP Network Information
This section covers the following topics:
• Displaying the status of network interfaces
• Displaying the routing table
• Capturing packets from the network

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 30

Displaying the Status of Network Interfaces
To display the status of the network interfaces, use
netstat -i.
# netstat -i
Name Mtu Net/Dest
/
Address
Ipkts
p
Ierrs Opkts
p
Oerrs Collis Queue
Q
lo0 8232 software localhost 1280
0
1280
0
0
0
net0 1500 loopback khan
1628480 0
347070 16
39354 0

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The main
network statistics is netstat. The netstat -i command
onutility for displaying
R
shows
ro the state of the interfaces that are used for IP traffic. The output includes names of the
icephysical interfaces, counts for input and output packets (Ipkts and Opkts) plus additional
information, such as counts for input and output errors (Ierrs and Oerrs) and Collisions
(Collis). You can study these stats to determine the health of the network.

Oracle Solaris 11 Advanced System Administration 5 - 31

Displaying the Routing Table
To display known routes, use netstat -r.
# netstat -r
Routing Table: IPv4
Destination
Gateway
-----------------localhost
localhost
earth
pluto
default
tothestars
. . . . .

Flags
----UH
U
UG

Ref
--0
2
0

Use
---2817
14293
14142

Interface
--------lo0
net0

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The netstat
shows the routing tables for either IPv4 or IPv6. In this example,
on -r command
R
the
roUH flags mean the route is up through a host, as opposed to UG, which is through a
icegateway. The Ref column shows the current number of routes that share the same link layer,
and the Use column indicates the number of packets sent.

Note: If you set the DEFAULT_IP=VERSION4 in the /etc/default/inet_type file, the
IPv6 statistics will be omitted from the netstat displays.

Oracle Solaris 11 Advanced System Administration 5 - 32

Capturing Packets from the Network
To capture packets, use snoop.
# snoop -v
Using device net0 (promiscuous mode)
ETHER: ----- Ether Header -----

ETHER: Packet
k
1 arrived
i d at 13:52:2.50694
ETHER: Packet size = 106 bytes
ETHER: Destination = 0:7:e9:24:45:93,
ETHER: Source
=
0:3:ba:45:a6:d4,
ETHER: Ethertype = 0800 (IP)
. . . . .
IP:
----- IP Header -----

b
a
r
e
f

an
r
t
n

no
a
IP:
Version = 4
s
a
IP:
Header length = 20 bytes
h
)
ฺ
IP:
Type of service = 0x00
e
m
d
o
i
IP:
xxx. .... = 0 (precedence)
ilฺc t Gu
IP:
...0 .... = normal delay
a
n
IP:
.... 0... = normal throughput m
e
g
d
. . . . .
o@ Stu
^C
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l is a useful troubleshooting or informational tool. It captures packets
The snoop
on command
R
from
ro a datalink or IP interface and displays their content. If a datalink or IP interface is not
icespecified on the command line, then snoop will pick a datalink to use based on ones that

have been configured for IP traffic. It can display packets in a single-line summary form or in
verbose multiline forms. The output mode runs until a Ctrl + C character is entered. The
captured packets can also be saved to a file by using snoop.

This example shows a truncated output that uses the multiline verbose mode.

Oracle Solaris 11 Advanced System Administration 5 - 33

Lesson Agenda
•
•
•
•
•
•
•
•

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 34

Configuring a Reactive Network
This section covers the following topics:
• Configuring a reactive network profile
• Creating a location profile
• Activating and deactivating profiles
• Querying the profile information
• Removing NCPs
ble
a
r
• Working with the reactive network service through SMFnsfe
a
r
t
y g the reactive network configuration
g
• Modifying
on

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 35

Creating a Network Configuration Profile
To create an NCP, use the netcfg utility.
# netcfg
netcfg> create ncp my_profile
netcfg:ncp:my_profile> create ncu phys net1
Created ncu 'net1'. Walking properties …
activation-mode
i
i
d (
(manual)
l) [manual|prioritized]>
[
l| i i i d] manual
l
link-mac-addr>
link-autopush>
link-mtu>
netcfg:ncp:my_profile:ncu:net1> list
ncu:net1
type
link
class
phys
parent
”my
my_profile
profile”
activation-mode
manual
enabled
true
netcfg:ncp:my_profile:ncu:net1> end
Committed changes
netcfg:ncp:my_profile> list
NCUs:
phys
net1

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Using the
oninteractivel netcfg tool, you can create a Network Configuration Profile (NCP) and
R
any
ro Network Configuration Units (NCUs) within it.
ice
Note: You will recall from the first topic that NCUs are containers that store all the individual
configuration objects that make up an NCP. Each object correlates to an individual link or
interface in the system.

When creating the NCU, the system will interactively walk you through the creation process of
setting properties. You can use the defaults by pressing Enter or by entering the desired
configuration for each step. In this example, the activation mode is set to manual by typing it
in when prompted and all the default link properties are selected by pressing Enter. When you
are done,
d
you can lilistt th
the NCU tto di
display
l th
the configuration.
fi
ti
Note that after the end command commits the changes to the NCU, you can enter another
list command at the profile level to list all the NCUs contained within the profile.

Oracle Solaris 11 Advanced System Administration 5 - 36

Creating a Location Profile

Use the netcfg utility:
# netcfg
netcfg> create loc office
Created loc ’office'. Walking properties ...
activation-mode (manual) [manual|conditional-any|conditional-all]>
conditional-all
conditions "system-domain
conditions>
"system domain is mydomain
mydomain.com”
com”
nameservices (dns) [dns|files|nis|ldap]> dns
nameservices-config-file ("/etc/nsswitch.dns")>
dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual
dns-nameservice-domain> "mydomain.com”
dns-nameservice-servers> "192.168.0.100”
dns-nameservice-search>
dns-nameservice-sortlist>
p

dns-nameservice-options>
nfsv4-domain>
ipfilter-config-file>
ipfilter-v6-config-file>
ipnat-config-file>
ippool-config-file>
ike-config-file>
ipsecpolicy-config-file>
netcfg:loc:office> list

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n createla location profile in interactive mode by using netcfg. Much like in the
You canoalso
R
previous
ro slide, the system will walk you through setting the properties of your location profile
iceand then enable you to list them. In this example, a location profile called office is created.

When entering the conditional-all property, the next prompt asks you to state the
conditions. In this case, the system domain is set to the domain name. When a name service
(such as DNS) is selected, the properties for that name service appear so that you can set
them. Again, you can accept the default setting by pressing Enter or by entering the desired
setting.
Note: The output continues in the next slide.

Oracle Solaris 11 Advanced System Administration 5 - 37

Listing a Location Profile

netcfg:loc:office> list
loc:office
activation-mode
conditions
mydomain.com”
d
i
”
enabled
nameservices
nameservices-config-file
dns-nameservice-configsrc
dns-nameservice-domain
dns-nameservice-servers
netcfg:loc:office>
f l
ffi
verify
if
All properties verified
netcfg:loc:office> commit
Committed changes
netcfg:loc:office> end
netcfg> exit

conditional-all
"system-domain is
false
dns
"/etc/nsswitch.dns”
manual
"mydomain.com
"192.168.0.100”

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The list
oncommandl (at the location profile level within the netcfg command) lists the
R
properties
of the office location profile that was just created in the previous slide. The
ro
iceverify command then verifies all the properties, and the commit command commits the
changes. The location profile creation process is complete after you exit the command.

Oracle Solaris 11 Advanced System Administration 5 - 38

Modifying Profiles
# netcfg
netcfg> select ncp my_profile
netcfg:ncp:my_profile> select ncu net1
netcfg:ncp:my_profile:ncu:net1>list
ncu:net1
type
link
class
phys
parent
“my_profile”
activation-mode
manual
enabled
true
netcfg:ncp:my_profile:ncu:net1>set activation-mode=prioritized
netcfg:ncp:my_profile:ncu:net1>list
ncu:net1
t
type
li k
link
class
phys
parent
“my_profile”
activation-mode
prioritized
enabled
true

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To modify
ona profile, luse the netcfg utility. First, select the profile and then the NCU. You can
R
ro set a different property by using the set subcommand and the syntax of
ethen

Cic

property=value.

In this example, the activation mode is changed from manual to prioritized. Some
properties (such as type, class, and enabled) are read-only and cannot be modified.

Oracle Solaris 11 Advanced System Administration 5 - 39

b
a
r
e
f

Listing Reactive Network Profiles
Use the netcfg utility to list all the NCPs and locations:
# netcfg list
NCPs:
Automatic
my_profile
start_state
Locations:
aces
Automatic
classroom
NoNet
User

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n the netcfg
You canouse
list command to list all the current NCPs and location profiles on
R
the
rosystem, which includes the system-defined profiles and locations, such as Automatic,
iceNoNet, and User. Any custom NCPs and locations created also appear, such as the
my_profile profile and office location.

Oracle Solaris 11 Advanced System Administration 5 - 40

Enabling and Disabling Reactive Network Profiles
Use the netadm utility to enable and disable an NCP or
location profile.
• To enable the newly created profiles:
# netadm
d
Enabling
# netadm
Enabling

•

enable
bl office
ffi
loc ‘office’
enable my_profile
ncp ‘my_profile’

To disable the newly created profiles:

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l profiles are created and verified, you can use the netadm enable
n
After the
network
oreactive
R
command
to enable the profiles. When enabling or disabling profiles, if the profile name is not
ro
iceunique, the profile type (NCU/loc/NCP) must be specified with the -p option. To disable a
# netadm disable office
Disabling loc ‘office’
# netadm enable -p ncp Automatic
Enabling ncp ‘Automatic’

location profile, use the netadm disable command. To disable an NCP, enable another
one in its place. You cannot disable an NCP with the netadm disable command.

Profiles are also automatically enabled according to the policies set, or when an event occurs
such as switching from an Ethernet cable to a wireless connection.

Oracle Solaris 11 Advanced System Administration 5 - 41

Displaying Profile States
To list reactive network profiles and their current states, use the
netadm utility.
# netadm list
TYPE
PROFILE
ncp
Automatic
ncp
start_state
ncu:phys
net0
ncu:ip
net0
loc
aces
loc
Automatic
loc
NoNet
loc
User

STATE
disabled
online
online
online
online
offline
offline
disabled

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The states
onreported lare online, offline, disabled, initialized, or uninitialized.
R
ro
ice

Oracle Solaris 11 Advanced System Administration 5 - 42

Displaying Profiles and Their Auxiliary States
To list reactive network profiles and their auxiliary states, use
netadm list -x.
# netadm list -x
TYPE
PROFILE
ncp
Automatic
ncp
start_state
ncu:phys net0
ncu:ip
net0
loc
aces
loc
Automatic
loc
NoNet
loc
User

STATE
disabled
online
online
online
online
offline
offline
disabled

AUXILIARY STATE
disabled by administrator
active
interface/link is up
interface/link is up
active
conditions for activation are unmet
conditions for activation are unmet
disabled by administrator

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 43

b
a
r
e
f

Creating a Backup of a Profile
To create a backup of a reactive network profile, use netcfg
export –f profile.
# netcfg export -f oracle_ncp_backup ncp my_profile
# ls *backup
oracle_ncp_backup

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To create
ona backup lof a profile, use the netcfg export -f command followed by the
R
ro of the backup file and the profile. In the example, a backup called
ename

oracle_ncp_backup is being created for the my_profile profile. You can verify that the
backup has been created by using the ls *backup command. The backup is listed.

Oracle Solaris 11 Advanced System Administration 5 - 44

Removing Reactive Network Profiles
To remove a profile, use netcfg destroy.
# netcfg destroy loc office
# netcfg destroy ncp my_profile

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 45

Practice 5-1 Overview:
Managing a Reactive Network
This practice covers the following topics:
• Assessing the current reactive network configuration
• Creating and deploying a reactive network profile

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The practices
on for thisl lesson are designed to reinforce the concepts that have been presented
R
inro
the lecture portion. These practices cover the following tasks:
ice • Practice
act ce 5
5-1: Managing
a ag g reactive
eact e network
et o

•
•
•

Practice 5-2: Configuring the Network File System
Practice 5-3: Configuring a link aggregation
Practice 5-4: Configuring IP multipathing

Practice 5-1 should take you about 30 minutes to complete.

Oracle Solaris 11 Advanced System Administration 5 - 46

Lesson Agenda
•
•
•
•
•
•
•
•

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 47

Configuring Network File System (NFS)
This section covers the following topics:
• Configuring the NFS server
• Checking the NFS services status
• Configuring the NFS client
• Selecting a different version of NFS on a server
• Enabling the automounter service
• Displaying NFS server and client statistics

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 48

Configuring the NFS Server
1. Create a ZFS file system for the files you want to share.
2. To share the file system:
a. Set the ZFS share property.
b Set the ZFS sharenfs property to on.
b.
on
3. Use the share command to verify what is being shared.

an
r
t
n

# zfs create rpool/export/home/docs
# zfs set share_name=docs,path=/export/home/docs,prot=nfs \
rpool/export/home/docs
name=docs,path=/export/home/docs,prot=nfs
# zfs set sharenfs=on rpool/export/home/docs
# zfs set compression=on rpool/export/home/docs
# share
docs
/export/home/docs nfs sec=sys,rw

b
a
r
e
f

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l server by creating a file system for the files you want to share and
You configure
on the NFS
R
then
ro setting the sharenefs property for that file system, as shown in the steps in the slide.
iceNotes for step 2a: The share property shares ZFS file systems that have the sharenfs or
sharesmb property set. Sharing a file system with the NFS or SMB protocol means that the
file system data is available over the network. ZFS file systems that have the sharenfs or
sharesmb property set are automatically shared when a system is booted.
Notes for step 2b: The sharenfs property controls whether a file system is available over
NFS and what options are used. If set to on, the zfs share command is invoked with no
options.
In the example, a ZFS file system called rpool/export/home/docs is created. In the next
two steps, you share the file system, specifying the NFS protocol (prot=nfs). As a best
practice, you set the compression property to on. The final step is to verify that the
/export/home/docs is being shared―and it is.

Oracle Solaris 11 Advanced System Administration 5 - 49

Checking the NFS Services Status
To check the status of the NFS services, use svcs –a |
grep nfs.
# svcs -a | grep nfs
disabled
7:01:37 svc:/network/nfs/cbd:default
disabled
7:01:37 svc:/network/nfs/client:default
online
16:30:02 svc:/network/nfs/status:default
online
16:30:05 svc:/network/nfs/mapid:default
online
16:30:07 svc:/network/nfs/rquota:default
online
16:30:08 svc:/network/nfs/nlockmgr:default
online
17:21:32 svc:/network/nfs/server:default

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 50

b
a
r
e
f

Configuring the NFS Client
1. Verify that you can view the shared resource by using
dfshares server.
2. Create a directory to use as the mount point.
3 Specify the resource to be mounted by using mount -F
3.
F
nfs -o ro server:resource /directory.
4. Verify that the files within the shared resource can be
shared.
# dfshares server1
RESOURCE
SERVER
ACCESS
server1:/export/home/docs
server1
# mkdir /docs
# mount -F nfs -o ro server1:/export/home/docs /docs
# cd /docs
server1:/docs# ls
assetlist

b
a
r
e
f

an
r
t
n

TRANSPORT
no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l client by ensuring that you can see the shared resource and then
You configure
on the NFS
R
specifying
the resource to be mounted, as shown in the steps in the slide.
ro
ice

Notes for step 3: To unmount a directory, you use the following command:
# unmount /directory

In the example, you first verify that you can view the shared resource /export/home/docs
on server1. Next, you create a directory called /docs to use at the mount point. You then
specify the resource to be mounted in the directory that you just created. The final step is to
verify that the file within the shared resource /export/home/docs can be shared, and it
can.

Oracle Solaris 11 Advanced System Administration 5 - 51

Selecting a Different Version of NFS on a Server
To select a different version of NFS on a server or client, use
the sharectl set command.
Example:
p
To set a server or client to provide only NFS version 3:

Server:
# sharectl set -p server_versmax=3 nfs
# sharectl set -p server_versmin=3 nfs

b
a
r
e
f

an
r
t
n

no
a
s
# sharectl set -p client_versmax=3 nfs
a
h
)
ฺ
# sharectl set -p client_versmin=3 nfs
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Although
onthere havel been previous versions of the NFS protocol in use, NFS version 4
R
(NFSv4)
ro has more features than the previous versions and is the most widely used version to
icedate. It is also now the default version in Oracle Solaris. To select different versions of NFS
Client:

on a server or client, use the sharectl set command as shown in this example.
See the documentation for more detailed information about NFS version 2 or 3.

Oracle Solaris 11 Advanced System Administration 5 - 52

Enabling the Automounter
To enable or disable the automounter service, use the svcadm
command.
Enable service:
# svcadm enable autofs

Mount file system:
# cd /net/server1/export/share/local

Disable service:
# svcadm disable autofs

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the file systems automatically during boot time or on demand using
In addition
onto mounting
R
rocommand line, you can also mount the file systems with the automounter (autofs). The
ethe
automounter provides advantages over the other two methods; however, in many situations,
all three methods are used. The automounter uses the /net file system. After the autofs
service is enabled, you can change the directory using the /net path from the client.
The automounter can be customized using specific SMF properties and by editing the
automounter maps.

Oracle Solaris 11 Advanced System Administration 5 - 53

Displaying NFS Server and Client Statistics
To display statistics about the NFS service on the client or
server, use the nfsstat command.
# nfsstat -c
Client rpc:
Connection oriented:
calls
badcalls badxids timeouts newcreds
1595799 1511
59
297
0
cantconn nomem
interrupts
1198
0
7
Connectionless:
calls
badcalls badxids timeouts newcreds
1595799 1511
59
297
0
. . . . .
Client nfs:
calls
badcalls clgets
cltoomany
1640097 3112
1640097 0
. . . . .
Client nfs_acl:
Version 2: (3105 calls)
null
getacl
setacl
getattr
access
0 0%
0 0 %
0 0%
3105 100% 0 0%

badverfs
0

timers
0

badverfs
0

timers
0

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To display
about the Remote Procedure Calls (RPC) and NFS data, use
onuseful information
R
ronfsstat command. This example is for the client, using the -c option but similar
ethe

information is displayed when using the -s option for the server. The ouptput for the client
uses the following stats:
• calls: Total number of RPC calls made
• badcalls: Total number of calls rejected by the RPC layer
• badxids: Number of times a reply from a server was received that didn’t correspond to
a call
• timeouts: Number of times a call timed out while waiting for a reply from the server
• newcreds: Number of times authentication information had to be refreshed
• badverfs: Number of times the call failed due to a bad verifier in the response
• timers: Number of times the calculated time-out value was greater than or equal to the
minimum specified timeout value for a call
• clgets: Number of times the CLIENT handle was received
• cltoomany:
y Number of times the CLIENT handle cache had no unused entries

Oracle Solaris 11 Advanced System Administration 5 - 54

Practice 5-2 Overview:
Configuring the Network File System
This practice covers the configuration of the following:
• NFS server
• NFS client

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
This practice
on shouldl take you about 15 minutes to complete.
R
ro
ice

Oracle Solaris 11 Advanced System Administration 5 - 55

Lesson Agenda
•
•
•
•
•
•
•
•

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 56

Preparing for Link Aggregation
Before configuring the link aggregation:
1. Make sure the links are to specification.
2. Set switch LACP mode.
3 Use the dladm show
3.
show-link
link command to verify state
state.
You may need to delete the interface first.
# dladm show-link
LINK
CLASS
net0
phys
net1
phys
net2
phys

MTU
1500
1500
1500

STATE
unknown
unknown
unknown

OVER
----

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l aggregation, you need to make sure the links to be combined are fulln
Before o
configuring
link
R
duplex
ro and point-to-point, and that they operate at identical speeds. If using a switch,
iceconfigure the ports to be used as an aggregation. If the switch supports LACP, configure it for
active or passive mode. Use the dladm show-link command to display the data links and
VLANs on the system and their state. If the link is in use, plumbed, or up, then the link should
be deleted first with the ipadm delete-if command.

Oracle Solaris 11 Advanced System Administration 5 - 57

Creating Link Aggregation
The following commands are used to create and display link
aggregation:
• dladm create-aggr
• dladm show-aggr
show aggr
# dladm create-aggr -l net0 -l net1 aggr1
# dladm show-link
LINK
CLASS
MTU STATE
OVER
net0
phys
1500 up
-net1
phys
1500 up
-net2
phys
1500 up
-net3
phys
1500 up
-aggr1
aggr
1500 up
-net0 net1
# dladm show-aggr
LINK
POLICY ADDRPOLICY
LACPACTIVITY
LACPTIMER
aggr1 L4
auto
off
short

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
FLAGS
ilฺc t Gu
a
n
m
----g ude
@
t
do is S
l
a
n
th
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
ld lice
a
n
To create
a
link
aggregation, you use the dladm create-aggr command as seen here.
o
R
ro the newly created aggregated link by using the show-link subcommand or display
eDisplay

aggregations separately using the show-aggr subcommand. In the example, notice that the
policy defaulted to L4 and that the LACP switch mode is in the default off setting.
After creating a static address for the new interface aggr1 and rebooting the system, the
aggregated link will be configured.

Oracle Solaris 11 Advanced System Administration 5 - 58

Modifying Link Aggregation
The following commands are used to modify link aggregation:
• dladm modify-aggr
• dladm add-aggr
• dladm remove
remove-aggr
aggr
# dladm modify-aggr --policy=L3 aggr1
# dladm add-aggr -l net2 -l netg3 aggr1
# dladm remove-aggr -l net0 aggr1

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To modify
of the specified link aggregation, use the dladm modify-aggr
onthe parameters
R
For example, if you want a policy for managing data that is based on the
ro
ecommand.

addressing (IP, layer 3) instead of the communication protocol (TCP/UDP, layer 4), enter the
top command in this example. To add links to the specified aggregation, use the add-aggr
subcommand or, to remove links, use the remove-addr subcommand as seen in the bottom
two lines of this example.

Oracle Solaris 11 Advanced System Administration 5 - 59

Deleting Link Aggregation
The following command is used to delete aggregation:
dladm delete-aggr
# dladm delete-aggr aggr1

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 60

Practice 5-3 Overview:
Configuring a Link Aggregation
This practice covers the following topics:
• Creating a link aggregation
• Removing a link aggregation

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 5 - 61

Lesson Agenda
•
•
•
•
•
•
•
•

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 62

Configuring an IPMP Group
This section covers the following topics:
• Creating an IPMP group
• Adding IP addresses to an IPMP group
• Moving an interface from one IPMP group to another
• Deleting or disabling an IPMP group

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 63

Creating an IPMP Group
1. Create IP interfaces for the data links to use in the IPMP
group by using the ipadm create-ip command.
2. Create the IPMP group by using the ipadm createipmp
p p command.
# ipadm create-ip link0_ipmp0
# ipadm create-ip link1_ipmp0
# ipadm create-ipmp ipmp0
# ipadm add-ipmp –i link0_ipmp0 –i link1_ipmp0 ipmp0
# ipmpstat –g
GROUP
GROUPNAME STATE
FDT
INTERFACES
ipmp0
ipmp0
ok
-link1_ipmp0 link0_ipmp0

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To create
follow the steps listed in the slide. In this example, create two IP
onan IPMP group,
R
are being created for the data links net0 and net1.
ro
einterfaces
Note: Before creating IP interfaces for the data links shown in the example, you renamed
data links net0 and net1 to link0_ipmp0 and link1_ipmp0, respectively, using the
dlamd rename-link command.

You then create an IPMP group called ipmp_group0 with the ipadm create-ipmp
command. Finally, you add the specified network interfaces to the IPMP group that you just
created. You run the ipmpstat -g command to display the group information.

Oracle Solaris 11 Advanced System Administration 5 - 64

Adding IP Addresses to an IPMP Group
1. Add addresses to an IPMP group by using the ipadm
create-addr command.
2. Verify the results with the ipadm show-addr command.
# ipadm create-addr -T static -a 192.168.0.112/24 ipmp0/v4add1
# ipadm create-addr -T static -a 192.168.0.113/24 ipmp0/v4add2
# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
ipmp0/v4add1
static
ok
192.168.0.112/24
ipmp0/v4add2
static
ok
192.168.0.113/24

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n type addresses
To add o
static
to the IPMP interfaces, use the ipadm create-addr
R
as seen in this example, and then display the results with the ipadm show-addr
ro
ecommand
command.

Oracle Solaris 11 Advanced System Administration 5 - 65

Moving an Interface
from One IPMP Group to Another Group
1. Remove the interface from the IPMP group by using the
ipadm remove-ipmp command.
2. Add it to another group by using the ipadm add-ipmp
command.
# ipadm remove-ipmp -i link0_ipmp0 ipmp0
# ipadm add-ipmp -i link0_ipmp0 ipmp1

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To move
onan interfacel from one IPMP group to another group, you remove the interface from
R
rofirst group and add it to another group. The steps for completing this task are presented in
ethe
the slide.
In this example, the link0_ipmp0 interface is removed from ipmp0 with the ipadm
remove-ipmp command. It is then added to the ipmp1 group by using the ipadm addipmp command.

Oracle Solaris 11 Advanced System Administration 5 - 66

Deleting or Disabling an IPMP Group
To delete an IPMP group, use the ipadm delete-ip
command.
# ipadm delete-ipmp ipmp0

To disable an IPMP group, use the ipadm disable-if
command.
# ipadm disable-if -t ipmp0

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To delete
you use the ipadm delete-ipmp command. This means all
onan IPMP group,
R
configured on this interface will be torn down and all the persistent information will
ro
eaddresses

be removed. If there are any underlying interfaces, the -f option is used to force the deletion.
As an alternative, you can also disable the IPMP group from active configuration by using the
disable-if subcommand.
Note: The –t option makes the operation temporary. See man ipadm(1M) for more details.

Oracle Solaris 11 Advanced System Administration 5 - 67

Lesson Agenda
•
•
•
•
•
•
•
•

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 68

Implementing Link Failover by Using IPMP
This section covers the configuration of:
• An active-active IPMP group
• An active-standby IPMP group

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 69

Configuring an Active-Active IPMP Group
1. Create IP interfaces by using ipadm.
2. Create an IPMP group and add the interfaces to the group.
3. Create static IP addresses for data access.
# dladm
dl d rename-link
li k net0
t0 link0_ipmp0
li k0 i
0
# dladm rename-link net1 link1_ipmp0
# ipadm create-ip link0_ipmp0
# ipadm create-ip link1_ipmp0
# ipadm create-ipmp ipmp0
# ipadm add-ipmp –i link0_ipmp0 –i link1_ipmp0 ipmp0
# ipadm create-addr –T static –a 192.168.0.112/24 ipmp0/v4add1
# ipadm create-addr –T static –a 192.168.0.113/24 ipmp0/v4add2
# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
ipmp0/v4add1
static
ok
192.168.0.112/24
ipmp0/v4add2
static
ok
192.168.0.113/24
lo0/v6
static
ok
::1/128
link0_ipmp0/_a
static
ok
fe80::a00:27ff:fec0:b88a/10
link1_ipmp0/_a
static
ok
fe80::a00:27ff:fe35:4321/10

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
IPMP groups
as either active-active or active-standby configurations. In an
on are configured
R
active-active
IPMP group configuration, all underlying interfaces are active, which means they
ro
iceare currently available for use by the IPMP group. This is the default setting when adding the

interfaces to the IPMP group.
In this example, you first create IP interfaces for the net0 and net1 datalinks after renaming
these datalinks link0_ipmp0 and link1_ipmp0 respectively. Then you create an IPMP
group called ipmp_group0 and the interfaces are added to that group. After you assign static
addresses to be used for data access, you display the IPMP group address information by
using the ipadm show-addr command. All the interfaces are currently available for use. So
this is an active
active-active
active configuration
configuration.

Oracle Solaris 11 Advanced System Administration 5 - 70

Assigning Test Addresses
To assign test addresses to an IPMP sub-interface, use ipadm
create-addr –T static –a IP_address link/test.
# ipadm create-addr –T static –a 192.168.0.142/24 link0_ipmp0/test
# ipadm create
create-addr
addr –T
T static –a
a 192.168.0.143/24 link1_ipmp0/test
link1 ipmp0/test
# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
link0_ipmp0/test static
ok
192.168.0.142/24
link1_ipmp0/test static
ok
192.168.0.143/24
ipmp0/v4add1
static
ok
192.168.0.112/24
ipmp0/v4add2
static
ok
192.168.0.113/24
lo0/v6
static
ok
::1/128
link0_ipmp0/_a
static
ok
fe80::a00:27ff:fec0:b88a/10
link1_ipmp0/_a
static
ok
fe80::a00:27ff:fe35:4321/10

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l that you assign a static IP address to each IPMP subinterface to be
It is highly
onrecommended
R
used
ro for link testing. This is done using the ipadm create-add -T static -a command
icethat was used to assign an IP address to the IPMP group to be used for data access.
In the example, you assign static addresses to link0_ipmp0 and link1_ipmp0 to be used
for link testing. Next, you display the IPMP group address information by using the ipadm
show-addr command. Here you can see that the two test addresses are currently available
for use.

Oracle Solaris 11 Advanced System Administration 5 - 71

Configuring an Active-Standby IPMP Group
1. Set at least one interface’s property to standby by using
the ipadm set-ifprop command.
2. Confirm the results.
# ipadm show-ifprop -p standby link2_ipmp0
IFNAME
PROPERTY PROTO PERM CURRENT
PERSISTENT
link2_ipmp0 standby
ip
rw
off
-# ipadm set-ifprop -p standby=on -m ip link2_ipmp0
# ipadm show-ifprop -p standby link2_ipmp0
IFNAME
PROPERTY PROTO PERM CURRENT
PERSISTENT
link2_ipmp0 standby
ip
rw
on
on

DEFAULT POSSIBLE
off
on,off

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l IPMP group configuration, at least one interface is configured to be on
In an active-standby
on
R
standby.
ro The reserve interface is idle but if it supports link-failure notification, then it could
icebecome active. The multipathing daemon monitors all the standby interfaces and is aware of
their availability. If a link failure occurs, then the reserve interface springs into action and
failover occurs. The multipathing daemon also uses probe-based failure detection if a link is
configured with a test address. The daemon sends probes to the link to keep constant watch
for any failures and the standby interface is automatically deployed as needed.
In this example, the current standby setting is displayed for the net2 interface, which you
have renamed to link2_ipmp0. Note that standby is currently set to off. Then the
standby property is set by using the ipadm set
set-ifprop
ifprop command,
command and the results are
displayed.

Oracle Solaris 11 Advanced System Administration 5 - 72

Lesson Agenda
•
•
•
•
•
•
•
•

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 73

Monitoring an IPMP Group
This section covers the following topics:
• Displaying IPMP group information
• Obtaining IPMP address information
• Verifying IPMP interface information
• Obtaining probe target information
• Checking probe information

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 74

Displaying IPMP Group Information
To display IPMP group information, use ipmpstat -g.
# ipmpstat -g
GROUP GROUPNAME STATE FDT
INTERFACES
ipmp0 ipmp0
ok
10.00s link1_ipmp0 link0_ipmp0 (link2_ipmp0)

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
As shown
the output from this command displays the IPMP group information,
onin the example,
R
ro as group name, state, failed detection time (FDT), and interface names. If probe-based
esuch
failure detection is disabled, the FDT filed is empty. Note that interface link2_ipmp0 is in
parentheses, indicating that it is in standby mode.

Oracle Solaris 11 Advanced System Administration 5 - 75

Obtaining IPMP Address Information
To display IPMP address information, use ipmpstat -an.
# ipmpstat -an
ADDRESS
::
192.168.0.113
192.168.0.112

STATE
down
up
up

GROUP
ipmp0
ipmp0
ipmp0

INBOUND
-link1_ipmp0
link0_ipmp0

OUTBOUND
-link1_ipmp0 link0_ipmp0
link1_ipmp0 link0_ipmp0

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The output
displays the address information for the IPMP, the state, the
on for this command
R
group,
ro and the inbound and outbound links.
ice

Note, in this example, that the inbound traffic is restricted to one interface depending on which
IP address is used, and the outbound traffic is spread across both the interfaces.

Oracle Solaris 11 Advanced System Administration 5 - 76

Verifying IPMP Interface Information
To verify IPMP interface information, use ipmpstat -i.
# ipmpstat -i
INTERFACE
ACTIVE
link2_ipmp0 yes
link1 ipmp0 yes
link1_ipmp0
link0_ipmp0 no

GROUP
ipmp0
ipmp0
ipmp0

FLAGS
-s------mbM--------

LINK
up
up
up

PROBE
ok
ok
failed

STATE
ok
ok
failed

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The output
displays the interface, whether the link is active or not, the IPMP
on for this command
R
group,
ro flags, the link status, the probe status, and the state of the interface.
iceIn this example, both link1_ipmp0
link1 ipmp0 and link2_ipmp0
link2 ipmp0 are active, up, and in the ipmp0
IPMP group. The third link in the group, link2_ipmp0, is active and up, but in standby
mode.
The flags in this output are defined as:
• i: Unusable due to being INACTIVE
• s: Masked STANDBY
• m: Nominated to send/receive IPv4 multicast for its IPMP group
• b: Nominated to send/receive IPv4 broadcast for its IPMP group
• M: Nominated to send/receive IPv6 multicast for its IPMP group
• d: Unusable due to being down
• h: Unusable due to being brought OFFLINE by in.mpathd (IPMP daemon) because of
a duplicate hardware address

Oracle Solaris 11 Advanced System Administration 5 - 77

Obtaining Probe Target Information
To display information about test address targets, use
ipmpstat -nt.
# ipmpstat -nt
INTERFACE
MODE
link1_ipmp0 multicast
link0_ipmp0 multicast

TESTADDR
192.168.0.143
192.168.0.142

TARGETS
192.168.0.100 192.168.0.111
192.168.0.100 192.168.0.111

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
The output
presents the interface, mode, test address, and targets for each
on for this command
R
probe,
ro as shown in the example.
iceThe TARGETS column shows the host name or IP address of the target to which an ICMP
probe is sent in firing order for each interface.

Oracle Solaris 11 Advanced System Administration 5 - 78

Checking Probe Information
To check probe information, use ipmpstat –pn.
# ipmpstat –pn
TIME
INTERFACE
0.06s
link2_ipmp0
0 90s
0.90s
link1_ipmp0
link1 ipmp0
0.92s
link2_ipmp0
0.49s
link0_ipmp0
-0.49s
link0_ipmp0
2.52s
link2_ipmp0
2.74s
link1_ipmp0
3.69s
link1_ipmp0
2.31s
link0_ipmp0
…
…
…

PROBE
i163
i162
i164
i161
i160
i165
i163
i164
i162

NETRTT
0.26ms
0.26ms
0 26ms
0.19ms
--0.23ms
0.24ms
0.25ms
--

RTT
0.49ms
0.39ms
0 39ms
0.36ms
--0.39ms
0.38ms
0.45ms
--

RTTAVG
0.33ms
0.31ms
0 31ms
0.34ms
--0.34ms
0.32ms
0.34ms
--

TARGET
192.168.0.100
192.168.0.100
192 168 0 100
192.168.0.100
192.168.0.100
192.168.0.100
192.168.0.100
192.168.0.100
192.168.0.100
192.168.0.100

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l information about the probes being sent by in.mpathd. Unlike the
The probe
onmode displays
R
other
ro output modes, this mode runs until you terminate it with Ctrl + C.
ice
The output shows a table of times that includes the following columns:
• NETRTT: Network round-trip time for the probe
• RTT: Total round-trip time for the probe. Spikes in the total RTT that are not present in
the NETRTT indicate that the local system is overloaded.
• RTTAVG: Average round-trip time to TARGET over INTERFACE. If there is not sufficient
data to calculate the average, the field will be empty.

Oracle Solaris 11 Advanced System Administration 5 - 79

Practice 5-4 Overview:
Configuring IPMP
This practice covers the following topics:
• Configuring an active-active IPMP configuration
• Configuring an active-standby IPMP configuration
• Removing the IPMP configuration

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 5 - 80

Summary
In this lesson, you should have learned how to:
• Implement a plan for network and traffic failover
configuration
• Configure the following:
–
–
–
–
–

Systems on a local network
A reactive network
Network File System
Link aggregation
A IPMP group
An

an
r
t
n

an
s
Implement link failover by using IPMP ) ha
ฺ
e
m
d
o
i
Monitor an IPMP group
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
on

•
•

b
a
r
e
f

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 5 - 81

R
o
r
ce
an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
an
r
t
n
b
a
r
e
f

C fi
Configuring
i
Zones
Z
and
d the
th Virtual
Vi t l Network
N t
k

b
a
r
e
f

an
r
t
n

R
o
r
ce

Objectives
After completing this lesson, you should be able to:
• Implement a plan to configure Oracle Solaris zones with a
virtual network
• Create a virtual network
• Configure Oracle Solaris zones to use VNICs
• Allocate resources to an Oracle Solaris zone
ble
a
r
• Manage virtual network resources
sfe

a
r
t
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 2

Workflow Orientation

IPS
AI INSTALL
MONITORING

DATA
STORAGE

RESOURCE
EVALUATION

PROCESSES

ENTERPRISE
DATACENTER

NETWORK
CONFIGURATION

b
a
r
e
f

an
r
t
n

no
a
s NETWORK
a
h
)
ฺ
VIRTUALIZATION
e
m
d
o
i
AUDITING
ilฺc t Gu
a
gm uden
PRIVILEGES @
SERVICES
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n begin thel lesson, orient yourself in the job workflow. You have successfully
Before o
you
R
installed
ro the operating system by using AI, created a local IPS repository, set up the storage
iceenvironment for your company’s business application data, and configured the physical
network. Now you are ready to enter the world of virtualization. An increasing number of
companies are benefiting from the cost savings that virtualization offers. As a system
administrator, you will be expected to know how to support your company’s virtualization
needs and requirements, including setting up virtual networks and zones.

Oracle Solaris 11 Advanced System Administration 6 - 3

Lesson Agenda
•
•
•
•
•

Planning for a Virtual Network and Zones
Creating a Virtual Network
Configuring Zones to Use VNICs
Allocating and Managing System Resources in a Zone
Managing Resources on the Virtual Network

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 4

Planning for a Virtual Network and Zones
•

Identify the virtual network configuration:
– Virtual switch or etherstub
– Number of VNICs and name assignments

•

Identify the zone configuration:
– Number of zones
– Zone configuration details
– Zone and VNIC assignments

•
•

b
a
r
e
f

an
Identify the requirements for allocating system resources
r
t
on
to zones.
zones
n
a
s
a
Identify the requirements for managing)virtual
h ฺnetwork
m ide
resources.
u
ฺco

ail nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Your company
ways to improve system and network efficiency and performance.
on is exploring
R
They
ro have heard of the cost-saving benefits of using Oracle Solaris zones to consolidate
icemultiple applications that are running on many systems to a single system, and using the
virtual network technology to expand a single system’s network interface capacity. Your
company now wants to test configuring zones on a virtual network.

The plan for implementing a virtual network includes identifying the virtual network
configuration, including whether to create the virtual network with a virtual switch or etherstub,
how many virtual network interfaces (VNICs) to create, and what to call each VNIC. The plan
also identifies how many zones to configure, how to configure the zones, and what the zoneto-VNIC
to
VNIC assignments are
are.
In addition, your company wants to investigate allocating system resources, such as CPUs
and memory, to the zones that use the Oracle Solaris 11 resource control features,
specifically resource pools and resource capping. Finally, the plan identifies the requirements
for implementing virtual network resource management. As part of the network efficiency and
performance initiative, your company wants to be able to control and manage its virtual
network resources. They are specifically interested in testing the use of flows. In the following
slides,
lid
you are iintroduced
t d
d tto virtual
i t l networks
t
k and
dh
how tto configure
fi
zones tto use a virtual
it l
network. You are also introduced to resource pools and capping, and how to manage virtual
network resources by using flows.
Oracle Solaris 11 Advanced System Administration 6 - 5

Network Virtualization and Virtual Networks
•

Network virtualization
– Is the process of combining hardware network resources and
software network resources
– Provides efficient, controlled, and secure sharing
g of network
resources

•

Virtual networks

ble
– External networks: Several local networks administered by
a
r
fe
software as a single entity
s
n
a
r
t
– Internal networks: One system using virtual machines
or
on
n
zones that are configured over at least one pseudonetwork
a
s
a
interface
)h

ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Planning
onfor Oraclel Solaris Zones
R
ro
iceNetwork virtualization is the process of combining hardware network resources and software
network resources into a single administrative unit
unit. The goal of network virtualization is to
provide systems and users with efficient, controlled, and secure sharing of the networking
resources.

The end product of network virtualization is the virtual network. Virtual networks are classified
into two broad types: external and internal. External virtual networks consist of several local
networks that are administered by software as a single entity. The building blocks of classic
external virtual networks are switch hardware and VLAN software technology. Examples of
external
t
l virtual
i t l networks
t
k iinclude
l d llarge corporate
t networks
t
k and
dd
data
t centers.
t
An internal virtual network consists of one system using virtual machines or zones that are
configured over at least one pseudonetwork interface. These containers can communicate
with each other as though they are on the same local network, thus providing a virtual network
on a single host. The building blocks of the virtual network are virtual network interface cards
or virtual NICs (VNICs) and virtual switches. Oracle Solaris network virtualization provides the
internal virtual network solution,, which will be in focus in this course.

Oracle Solaris 11 Advanced System Administration 6 - 6

Virtual Network Components

System
Zone 1

Zone 2

Zone 3

VNIC 1

VNIC 2

VNIC 3

Virtual Switch

NIC

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
Internet
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
An internal
built on Oracle Solaris consists of the following components:
on virtual network
R
er•o At least one network interface card (NIC)
Switch

•

A virtual NIC (VNIC),
(VNIC) which is configured on top of the network interface
interface. The VNIC is a
virtual network device with the same datalink interface as a physical interface.
A virtual switch, which is configured at the same time as the first VNIC on the interface.
The virtual switch provides the same connectivity between VNICs on a virtual network
that switch hardware provides for the systems connected to a switch’s ports.
A container, such as a zone or virtual machine, which is configured on top of the VNIC

The graphic in the slide shows these components and how they fit together on a single
system. The single system has one NIC. The NIC is configured with three VNICs. Each VNIC
supports a single zone. Therefore, Zone 1, Zone 2, and Zone 3 are configured over VNIC 1,
VNIC 2, and VNIC 3, respectively. The three VNICs are virtually connected to one virtual
switch. This switch provides the connection between the VNICs and the physical NIC upon
which the VNICs are built. The physical interface provides the system with its external
network connection.
Alternatively,
Alternati
el you
o can create a virtual
irt al network
net ork based on the etherst
etherstub.
b Etherst
Etherstubs
bs are p
purely
rel
software and do not require a network interface as the basis for the virtual network. In this
lesson, you learn how to create a virtual network by using an etherstub.
Oracle Solaris 11 Advanced System Administration 6 - 7

Introducing Zone Configuration by Using VNICs
•

•
•

Step 1: Create the
virtual switch or
etherstub.
Step
p 2: Create the
VNICs.
Step 3: Configure the
zones to use the
VNICs.

System
Zone 1

Zone 2

Zone 3

VNIC 1

VNIC 2

VNIC 3

Virtual Switch

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To configure
on zones lto use a virtual network, the first step is to create your virtual network by
R
ro the virtual switch or etherstub. The second step is to create the VNICs over the
ecreating
switch or etherstub. After you have the VNICs created, the third step is to configure your
zones to use the VNICs.

Oracle Solaris 11 Advanced System Administration 6 - 8

Allocating System Resources to a Zone
To allocate system resources to a zone, perform the following
steps:
• Specify a subset of the system’s processors that should be
dedicated to a zone while it is running.
g
• Limit the amount of CPU resources that can be consumed
by a zone.
le
• Control the allocation of available CPU resources among erab
sf
n
zones, based on their importance.
a
tr
n
• Limit the amount of physical memory
memory.
no

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the zone and the applications that are running within it consume a
After a zone
on is running,
R
percentage
of the system’s CPU, physical memory, and process resources. The resource
ro
iceusage by a zone is based on its workload. The workload can increase or decrease based on

several factors. By monitoring zone resource usage, a system administrator can determine if a
zone is utilizing too much of a system’s resources, the type of resource being used, and when
the impact to the system is occurring, that is, on a regular basis or on a periodic basis.
As a system administrator, if you know where, when, and why the resource impacts are
happening, you can allocate or control the system resources that are being used by doing the
following:
• Specify a subset of the system
system’ss processors that should be dedicated to a zone while it
is running.
• Limit the amount of CPU resources that can be consumed by a zone.
• Control the allocation of available CPU resources among zones, based on their
importance.
• Limit the amount of physical memory.

Oracle Solaris 11 Advanced System Administration 6 - 9

Managing System Resource Allocation to a Zone
System resource allocation to a zone can be controlled by:
• Resource pools: Used primarily to manage CPU usage
• Resource capping: Used to regulate physical memory
consumption
• Process scheduling: Used to control the allocation of
available CPU resources to processes

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l to manage the allocation of system resources to a zone. For example,
There are
onvarious ways
R
you
ro can use resource pools to manage CPU usage, resource capping to regulate physical
icememory consumption, and process scheduling to control the allocation of available CPU
resources to processes.

Note: Process scheduling is controlled by the process scheduler. The scheduler supports the
use of scheduling classes, which, in turn, are used to define a scheduling policy that is used
to schedule processes with a scheduling class. In the Oracle Solaris operating system, the
default TimeSharing scheduler (TS) tries to give every process relatively equal access to the
available CPUs. However, you can specify that certain processes should be given more
resources than others by using the fair share scheduler (FSS)
(FSS), which controls the allocation of
the available CPU resources among workloads, based on their importance. This importance
is expressed by the number of shares of CPU resources that you assign to each workload.
This lesson focuses on using resource pools and resource capping to manage zone resource
allocation. Process scheduling is presented in detail in the lesson titled “Managing Processes
and Priorities.”

Oracle Solaris 11 Advanced System Administration 6 - 10

As part of planning, the resource allocations for each zone should be identified, along with
how the resource allocations will be managed (for example, through resource pools or
resource capping). If resource allocations for the zones cannot be determined at the time of
planning (primarily because of insufficient zone resource usage statistics), they can be set at
a later time.
Now you take a closer look at how you can use resource pools and resource capping to
manage your zone’s resource allocations.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 11

Resource Pool Allocation
•

SMF supports two resource pool services:
– Default resource pool service
svc:/system/pools:default
– Dynamic
y
resource p
pool service
svc:/system/pools/dynamic:default

•
•

Resource pool services are disabled by default.
To allocate a resource pool to a zone, you must:

s
– Enable the two resource pool services
n
a
r
t
– Create a pool configuration file and save it in thendefault
onconfiguration file /etc/pooladm.conf s a
ha

) a esubset
ฺ
– Modify the pool configuration file to specify
of the
m
d
o
i
c
u
system’s processors that should
to a zone
G
ailฺbe ndedicated
t
m
– Bind the resource pool@
to g
the zone
ude

t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l you to separate workloads so that workload consumption of certain
Resource
onpools enable
R
resources
does not overlap. This resource reservation helps to achieve predictable
ro
iceperformance on systems with mixed workloads. There are two types of resource pool services

in the Oracle Solaris service management facility (SMF) that reside on the system: the default
resource pool service (svc:/system/pools:default), and the dynamic resource pool
service (svc:/system/pools/dynamic:default), which is dependent on the default
pool service. By default, neither of these services is active.

To allocate a resource pool to a zone, you must first enable these services and create a pool
configuration file for the current pool configuration that you save in the default
/etc/pooladm conf configuration file
/etc/pooladm.conf
file. This file
file, which is in XML format
format, contains a
description of the pools to be created on the system and the elements that can be
manipulated: system, pool, pset (processor set) and cpu. This configuration file is referred to
as the static configuration file. After you have created and saved the pool configuration file,
you can modify it to specify a subset of the system’s processors that should be dedicated to a
zone while it is running. The static configuration file now matches the current dynamic
configuration that represents the way you want the system to be configured with respect to
how the resource pool or pools will function
function. After you have modified the pool configuration file
and saved the changes, you must allocate or bind the zone to the resource pool.

Oracle Solaris 11 Advanced System Administration 6 - 12

b
a
r
e
f

How Resource Pools Work
•
•
•
•
•

Oracle Solaris software boots.
The initialization SMF service checks for the
/etc/pooladm.conf file.
If the file exists,
exists pooladm makes the configuration the
active pools’ configuration.
The system creates the dynamic configuration.
le
b
a
r
Resources are allocated and monitored by the pools’
fe
s
n
resource controller (poold).
tra

n
o
n

a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l software boots, an SMF service checks to see if the
When the
onOracle Solaris
R
/etc/pooladm.conf
file exists. If this file is found and the pools are enabled, the pooladm
ro
icecommand is invoked to make this configuration the active pools’ configuration. The system
creates a dynamic configuration to reflect the organization that is requested in
/etc/pooladm.conf, and the machine’s resources are allocated accordingly.

Note: The pooladm command is used to activate and deactivate the resource pools facility.
The pools resource controller, poold, is started with the dynamic resource pools facility. This
system daemon should always be active when dynamic resource allocation is required. The
poold resource controller identifies available resources and monitors workloads to determine
when
h system
t
usage objectives
bj ti
are no llonger b
being
i met.
t Th
The controller
t ll th
then considers
id
alternative configurations in terms of the objectives, and remedial action is taken. If possible,
the resources are reconfigured so that the objectives can be met. If this action is not possible,
the daemon logs that the user-specified objectives can no longer be achieved. Following a
reconfiguration, the daemon resumes monitoring workload objectives.
Now that you have a better idea of how resource pools are used to control zone resource
y resource capping.
g
allocations, yyou will look at memory

Oracle Solaris 11 Advanced System Administration 6 - 13

Memory Resource Capping
•
•
•
•

Resource capping is controlled by the rcapd daemon.
The rcapd daemon repeatedly samples the resource
utilization of projects that have physical memory caps.
The sampling interval is specified by the administrator
administrator.
When physical memory utilization thresholds are
exceeded, the daemon reduces the resource consumption
ble
a
with memory caps.
r
e

s
n
a
r
-t

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If there o
isn
a memorylresource conflict with the zones on your system, you can control the
R
amount
o of memory that is allocated to each zone with resource capping. Resource capping is
cer

controlled by the rcapd daemon. The rcapd daemon repeatedly samples the resource
utilization of projects in zones that have physical memory caps. The sampling interval that is
used by the daemon is specified by the administrator. When the system’s physical memory
utilization exceeds the threshold for cap enforcement, and when other conditions are met, the
daemon takes action to reduce the resource consumption of projects with memory caps to
levels at or below the caps.
Note: You can use the rcapadm command without arguments to display the current status of
the resource capping daemon.
daemon
For more information about resource capping and the rcapd daemon, see “Administering the
Resource Capping Daemon” in the Oracle Solaris Administration: Oracle Solaris Zones,
Oracle Solaris 10 Zones, and Resource Management guide.

Oracle Solaris 11 Advanced System Administration 6 - 14

Specifying Resource Capping Within a Zone
•
•
•

The capped-memory resource sets limits for physical,
swap, and locked memory.
At least one limit must be set.
The rcapd daemon and rcap service must be up and
running.

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l amount of memory that can be consumed by a specified zone and
To allocate
on the maximum
R
ro it as a persistent cap, you can use the capped-memory resource. This resource sets
ehave

limits for physical, swap, and locked memory. Each limit is optional, but at least one must be
set.
Note: You can specify a temporary resource cap for a zone by using the rcapadm command;
however, this setting lasts only until the next reboot. For example, to set a maximum memory
value of 512 MB for the hrzone zone, you use the following command:
# rcapadm -z hrzone -m 512M

To use the capped-memory resource, the rcapd daemon and its associated service (rcap)
must be up and running. These system facilities provide the capability to use the cappedmemory option.
In this lesson, you learn how to set a persistent cap for a zone. In the lesson titled “Evaluating
System Resources,” you learn how to configure resources at the system level.

Oracle Solaris 11 Advanced System Administration 6 - 15

Implementing Controls on Network Resources
•

•

Increase the efficiency of
virtual networks with
resource controls.
Use resource controls to:
– Share bandwidth among
VNICs
– Customize link properties
– Create flows

System
Global Zone
hrzone

itzone

Exclusive IP

192.168.3.20

192.168.3.22
Packets

vnic1

vnic2

192.168.3.20

192.168.3.22

Virtual Switch

an
r
t
n

o Packets
n
a
e1000g0
s
a
h ฺ
)192.168.3.70
m
de
o
i
c
u
ฺ
l
ai nt G
m
e network 192.168.3.0
g udLocal
@
t
o
ld is S
a
n
th
o
r
ฺ
e
s and/or its affiliates. All rights reserved.
uOracle
Copyright
ero © t2013,
o
c
i
(c nse
o
d ice
l is configured, a zone sends traffic to an external host in the same
nal network
When aovirtual
R
fashion
ro as a system without a virtual network. Traffic flows from the zone, through the VNIC to
icethe virtual switch, and then to the physical interface, which sends the data out onto the

network.

To increase efficiency on your virtual network, you can implement controls to determine how
resources are being used by the networking processes. Resource control is the process of
allocating a system’s resources in a controlled fashion. The resource control features of
Oracle Solaris enable bandwidth to be shared among the VNICs on a system’s virtual
network. Link properties that are specifically related to network resources, such as rings,
CPUs and so on
CPUs,
on, can be customized to process network packets
packets. In addition
addition, you can also
create flows to manage network usage.

Oracle Solaris 11 Advanced System Administration 6 - 16

b
a
r
e
f

Managing Virtual Network Resources
by Using Flows
•
•
•
•
•

Flows are created on a per-VNIC basis.
Flows are used to categorize network packets.
Flows define and isolate packets with similar
characteristics.
characteristics
Flows can be assigned specific resources.
Bandwidth is assigned based on the usage policy for the
system.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l for the virtual network involves creating flows on a per-VNIC basis.
Resource
onmanagement
R
Aro
flow is a customized way of categorizing network packets to further control how resources
iceare used to process these packets. These flows define and isolate packets with similar

characteristics, such as the port number or IP address of the sending host. Packets that share
an attribute constitute a flow and are labeled with a specific flow name. Specific resources can
then be assigned to the flow. You assign bandwidth based on the usage policy for the system.

Oracle Solaris 11 Advanced System Administration 6 - 17

Creating Flows and Selecting Flow Properties
•
•
•

Flows are created according to attributes.
Attributes are classifications that are used to organize
network packets into a flow.
Flows use properties to control resources:
– maxbw: Maximum amount of a link’s bandwidth that packets
identified with this flow can use
– priority: Priority given to the packets in a flow:
—

Options: high, medium, or low
Default: medium

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
n Implementing
Creatingoand
Flows
R
o
r
iceFlows are created according to the attribute that you determined for each flow. An attribute is
—

a classification that you use to organize network packets into a flow
flow. For example
example, an IP
address or transport protocol, such as TCP, can be used as an attribute. When you create a
flow, you identify an attribute as well as a name for the flow.

Flows also have properties that are used to control resources. Currently, there are only two
flow properties that can be set:
• Maxbw: The maximum amount of the link’s bandwidth that packets identified with this
flow can use. The value you set must be within the allowed range of values for the link’s
bandwidth.
• Priority: The priority given to the packets in this flow. The possible values are high,
medium, and low; medium is the default value.
In the section titled “Allocating and Managing System Resources in a Zone,” which will be
covered later in this lesson, you learn how to manage virtual network resources by using a
flow.

Oracle Solaris 11 Advanced System Administration 6 - 18

b
a
r
e
f

Implementing the Virtual Network and Zones Plan
Your assignment is to:
• Create a virtual network
• Configure zones to use VNICs
• Allocate resources to a zone
• Manage network resources by using flows

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l Storage Management Plan
Implementing
on the Data
R
ro
iceIt is now time to test the virtual network functionality in Oracle Solaris 11. Your assignment is

to create a virtual network,
network and then configure zones to use the virtual network interfaces that
you have created as part of the virtual network. Next, you allocate resources to a zone by
using resource pools. Your last task is to test managing the network resources by using flows.
In the sections that follow, you learn the commands that you need to perform these tasks.

Oracle Solaris 11 Advanced System Administration 6 - 19

Quiz
A VNIC is a virtual network device with the same datalink
interface as a physical interface.
a. True
b False
b.

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 20

Quiz
In which order is a virtual network created?
a. Virtual switch, VNICs, zones
b. Zones, VNICs, virtual switch
c VNICs,
c.
VNICs virtual switch
switch, zones

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 21

Quiz
Which two properties do flows use to control resources?
a. speed and mtu
b. maxbw and priority
c flowctrl and threshold
c.

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 22

Lesson Agenda
•
•
•
•
•

Planning for a Virtual Network and Zones
Creating a Virtual Network
Configuring Zones to Use VNICs
Allocating and Managing System Resources in a Zone
Managing Resources on the Virtual Network

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 23

Creating a Virtual Network
This section covers the following topics:
• Creating a virtual network switch
• Creating the virtual network interfaces
• Displaying the virtual network configuration

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 24

Creating a Virtual Network Switch
To create an etherstub, use dladm create-etherstub
etherstub.
# dladm create-etherstub stub0

To verify the creation of the etherstub, use dladm show
link.
# dladm show-link
LINK
CLASS
net0
phys
net1
phys
net2
phys
net3
phys
stub0
etherstub

MTU
1500
1500
1500
1500
9000

STATE
BRIDGE
up
-unknown -- s a
ha ฺ
unknown -)
om-- uide
unknown
c
ฺ
l
i
unknown
ma nt--G

b
a
r
e
f

a
r
OVER
t
non------

Cic

g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
An ethernet
on stub canl be used instead of a physical NIC to create VNICs. VNICs that are
R
ro on an etherstub will appear to be connected through a virtual switch, allowing
ecreated

complete virtual networks to be built without physical hardware. The VNICs over an etherstub
become independent of the physical NICs in the system. You can use etherstubs to isolate
the virtual network from the rest of the virtual networks in the system, as well as the external
network to which the system is connected.
You cannot use an etherstub just by itself. Instead, you use VNICs with an etherstub to create
the private or isolated virtual networks. You can create as many etherstubs as you require.
You can also create as many VNICs over each etherstub as required.
To create an etherstub
etherstub, use the dladm
dl d create-etherstub
t
th
t b command followed by the
etherstub name. In the example, you are creating the etherstub stub0.
To confirm the creation of the etherstub, you can use the dladm show-link command, as
shown in the example in the slide. Here, you can see that stub0 has been created and that
its current state is unknown.

Oracle Solaris 11 Advanced System Administration 6 - 25

Creating the Virtual Network Interfaces
To create a VNIC and attach it to the etherstub, use dladm
create-vnic –l etherstub vnic.
# dladm create-vnic -l stub0 vnic0
# dladm
dl d create-vnic
t
i -l
l stub0
t b0 vnic1
i 1
# dladm create-vnic -l stub0 vnic2

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the etherstub, you can create the VNICs and attach them to the
After you
onhave created
R
etherstub
by using the dladm create-vnic command followed by the -l option, the
ro
iceetherstub name, and the VNIC name, as shown in the first example in the slide. The -l option
precedes the link, which can be either a physical link or an etherstub.
Note: vnic0 is required for the virtual switch. The other VNICs (vnic1 and vnic2) are for
use with the zones that will be created.

Oracle Solaris 11 Advanced System Administration 6 - 26

Displaying the Virtual Network Configuration
To display the virtual network configuration, use dladm showvnic.
# dladm show-vnic
LINK
OVER
vnic0
stub0
vnic1
stub0
vnic2
stub0

SPEED
0
0
0

MACADDRESS
2:8:20:70:d0:f8
2:8:20:80:65:0
2:8:20:1f:c5:bd

MACADDRTYPE
random
random
random

VID
0
0
0

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l are created and to display the virtual network configuration, you can
To verify
onthat the VNICs
R
ro the dladm show-vnic command, as shown in the example in the slide. The dladm
euse

Cic

show-vnic command is used to show the VNIC configuration information for all VNICs, all
VNICs on a link, or only a specified vnic-link. The output for this command displays the
name of the link (LINK), the name of the physical link over which the VNIC is configured
(OVER), the maximum speed of the VNIC [in megabits per second (SPEED)], the MAC address
of the VNIC (MACADDRESS), the MAC address type of the VNIC (MACADDRTYPE) that can be
either a random address assigned to the VNIC (random) or a factory MAC address used by
the VNIC (factory), and the VLAN identifier (VID). The etherstub or virtual switch uses the
packet to.
VLAN identifier to determine the interface to send a data p
In this example, all the VNICs have been configured over etherstub stub0. Currently, there is
no data passing through the links, so there is no speed being recorded. The MAC addresses
are present for each VNIC and they have all been randomly assigned. There is one VLAN
and it is identified with VID 0.

Oracle Solaris 11 Advanced System Administration 6 - 27

b
a
r
e
f

The Virtual Network Configuration So Far

System

VNIC 1

VNIC 2

Etherstub

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l illustrates what the virtual network configuration looks like so far.
The graphic
on in the slide
R
There
ro is the etherstub, and two VNICs connected to the switch.
ice

Now that you have created the network, you are ready to configure your zones on top of this
network. You will look at how to do this in the subsequent slides.

Oracle Solaris 11 Advanced System Administration 6 - 28

Quiz
Which utility is used to create virtual switches and VNICs?
a. lnkadm
b. dladm
c vniccfg
c.
d. dlcfg

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 29

Quiz
You have created an etherstub called stub2. You now want to
create vnic1 and attach it to stub2. Which set of commands
do you use to do this?
a. # dladm create-vnic1
b. # dladm create-vnic -l vnic1
c. # dladm create-vnic -l stub2 vnic0
le
b
a
r
d. # dladm create-vnic -l stub2 vnic1
fe

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 30

Practice 6-1 Overview:
Creating an Oracle Solaris 11 Virtual Network
This practice covers the following topics:
• Creating a virtual network switch
• Creating the virtual network interfaces
• Displaying the virtual network configuration

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
The practices
on for thisl lesson are designed to reinforce the concepts that have been presented
R
inro
the lecture portion. These practices cover the following tasks:
ice • Practice
act ce 6
6-1: C
Creating
eat g a
an O
Oracle
ac e So
Solaris
a s 11 virtual
tua network
et o

•
•
•
•

Practice 6-2: Creating two zones by using VNICs
Practice 6-3: Allocating resources to zones
Practice 6-4: Managing the virtual network data flow
Practice 6-5: Removing part of the virtual network

Practice 6-1 should take about 10 minutes to complete.

Oracle Solaris 11 Advanced System Administration 6 - 31

Lesson Agenda
•
•
•
•
•

Planning for a Virtual Network and Zones
Creating a Virtual Network
Configuring Zones to Use VNICs
Allocating and Containing System Resources to a Zone
Managing Resources on the Virtual Network

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 32

Configuring Zones to Use VNICs
This section covers the following topics:
• Configuring the zone
• Displaying a zone configuration
• Checking the virtual network configuration for a zone

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 33

Zone Configuration Process: Overview
Start

Plan the zone strategy.

Create a ZFS file system for
the zones in rpool.

Exit the zone configuration
utility.
Install the zone.

Boot the zone.
Configure the zone.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
Verify and commit the zone
)
ฺ
e
m
configuration.
d
o
i
ilฺc t Gu End
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n
Before o
configuring
al zone or zones to use VNICs, you should know what your company’s
R
zone
ro strategy is. That is, how many zones will you create and what type of virtual network
icesetup will you use? You need to create a ZFS file system for the zones in the root file
Complete
C
l t iinitial
iti l internal
i t
l
zone configuration.

system (rpool). You then configure the zone or zones. During zone configuration, you
identify the VNIC that you want to use for the zone. After completing the configuration, you
verify and then commit it. Next, you exit the zone, install it, and boot it. Finally, you return to
the zone, log in, and complete the initial internal zone configuration.
Note: To configure additional zones to use other VNICs, you follow the same basic steps.
You now walk through each of these steps, beginning with planning the zone strategy.

Oracle Solaris 11 Advanced System Administration 6 - 34

Planning the Zone Strategy
•
•
•
•
•

Virtual network configuration: etherstub stub0 with two
VNICs (vnic1 and vnic2)
Two zones: hrzone and itzone
Zone paths: /zones/hrzone; /zones/itzone
IP type: exclusive-IP
VNIC to zone association: vnic1 for hrzone; vnic2 for
itzone

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l been tasked with creating two zones over a virtual network. Your
Suppose
onthat you have
R
strategy
ro is to create the virtual network first, which you have already done, and then create
icethe zones. As part of your zones configuration planning, you have identified the following

information:
• Zone names: The zone name must be unique. You use the names hrzone and
itzone to create your zones.
•

Zone paths: Each zone requires a path to its root directory that is relative to the global
zone’s root directory. You are creating a file system called zones as part of rpool, and
then you create two other file systems under zones, one to contain hrzone and one to
contain itzone.
itzone The two zone paths should look like this
this, respectively:
/zones/hrzone and /zones/itzone.

•
•

IP type: To use VNICs, a zone must be configured as an exclusive IP zone.
Specific VNIC to be associated with the zone: You use vnic1 for hrzone and
vnic2 for itzone.

Now that you know what your zone strategy is, your next step is to create the ZFS file system
structure for your zones.
zones

Oracle Solaris 11 Advanced System Administration 6 - 35

b
a
r
e
f

Creating a ZFS File System for Zones in rpool
To create a ZFS file system for zones in rpool, use zfs
create -o mountpoint=/zones rpool/zones.
# zfs create -o mountpoint=/zones rpool/zones

To verify that the file system exists and that it has been
mounted, use zfs list rpool/zones.
# zfs list rpool/zones
NAME
USED AVAIL
rpool/zones
31K 22.6G

b
a
r
e
f

REFER
31K

MOUNTPOINT
/zones
a

an
r
t
n

s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l that you want to create in rpool is a file system that will contain all
n file system
The firstoZFS
R
the
roindividual zones’ file systems. Typically, this file system is called zones. To create this file
icesystem, use the zfs create command with the -o option (to specify the mountpoint
property), followed by the mountpoint property value (mountpoint=/zones) and the file
system name (rpool/zones), as shown in the first example in the slide.
You can then verify that the file system has been created and mounted by using the zfs
list command followed by the file system name, as shown in the second example.
You will create the zone-specific file system during zone configuration.

Oracle Solaris 11 Advanced System Administration 6 - 36

Configuring the Zone
To configure a zone, use zonecfg -z zonename.
# zonecfg -z hrzone
hrzone: No such zone configured
Use 'create'
create to begin configuring a new zone.
zonecfg:hrzone> create
create: Using system default template ‘SYSdefault’
zonecfg:hrzone> set zonepath=/zones/hrzone
ble
zonecfg:hrzone> set autoboot=true
a
r
fe
s
zonecfg:hrzone> add net
n
a
r
t
zonecfg:hrzone:net> set physical=vnic1
on
n
zonecfg:hrzone:net> end
a
zonecfg:hrzone>
as

) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l is used to create the zone configuration. You must be a superuser or
The zonecfg
on command
R
have
ro the appropriate rights profile to configure a zone. To perform the configuration, use the
icezonecfg command with the -z option to specify the name of the zone, followed by the zone

name, as shown in the example. After you enter the command, and if you are configuring a
new zone, you see the following message: “No such zone configured. Use 'create' to
begin configuring a new zone.”

The next step is to enter create. This enables you to create the new zone configuration by
setting specific properties, such as the zone path, the IP type, and the network type.
Note: The IP type is set to exclusive by default. To set it to shared, use the set ipt
type=shared
h
d command.
command
Then you set the zone path by using the set zonepath= command followed by the zone
name (for example, /zones/hrzone).
Next, you set autoboot to true by using set autoboot=true. This setting indicates that
the zone should be booted automatically at system boot. At this point in the configuration, you
specify that you want to add a network interface to the zone. To do this, use the add net
command.
command

Oracle Solaris 11 Advanced System Administration 6 - 37

Notice, in the example, that the zonecfg prompt for the zone that you are creating has been
modified to include “net”: zonecfg:hrzone:net. Here, you can set the network physical
property to specify the VNIC that you want this zone to use by using set physical=
followed by the VNIC name (for example, set physical=vnic1).

To stop work on the zone’s network configuration, enter the end command. You have
completed the zone configuration.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 38

Verifying, Committing, and Exiting
the New Zone Configuration
# zonecfg -z hrzone
Use 'create' to begin configuring a new zone.
zonecfg:hrzone> create
zonecfg:hrzone> set zonepath=/zones/hrzone
zonecfg:hrzone> set autoboot=true
zonecfg:hrzone> set ip-type=exclusive
zonecfg:hrzone> add net
zonecfg:hrzone:net> set physical=vnic1
zonecfg:hrzone:net> end
zonecfg:hrzone> verify
zonecfg:hrzone> commit
a
zonecfg:hrzone> exit
s
a
#
)h ฺ

b
a
r
e
f

an
r
t
n

om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l zone configuration, you need to verify that all the required information
After you
oncomplete your
R
isro
present. You do this by using the verify command, as shown in the example in the slide.
iceIf all the required information is not present, the system will notify you, in which case you will
need to review your configuration to determine what is missing. If no messages are displayed,
you can continue to the next step, which is to commit the configuration. The commit
command takes the configuration from memory and puts it into permanent storage.

After the zone configuration is committed, you can exit the zone configuration session by
using the exit command.
Note: To configure, verify, commit, and exit itzone as per your zone strategy, you repeat the
steps
t
that
th t you just
j t covered.
d

Oracle Solaris 11 Advanced System Administration 6 - 39

Displaying a Zone Configuration
To display a zone configuration, use zonecfg -z zonename
info.
# zonecfg -z hrzone info
zonename: hrzone
zonepath:
p
/zones/hrzone
brand: solaris
autoboot: true
file-mac-profile:
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
address not specified
allowed-address not specified
physical: vnic1
defrouter not specified

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l your zone configuration, it is a good practice to review your zone
After you
onhave finished
R
configuration
before you install the zone. To display a zone configuration, use the zonecfg ro
icez command followed by the zone name and the info subcommand, as shown in the slide.
Verify that you have set the zone path, IP type, and network interface properties correctly.

Oracle Solaris 11 Advanced System Administration 6 - 40

Displaying a Zone Configuration

anet:
linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
pkey not specified
linkmode not specified

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
This slide
onshows thel continuation of the zonecfg –z hrzone info command example.
R
ro
ice

Oracle Solaris 11 Advanced System Administration 6 - 41

Verifying That a Zone Is in configured State
To list all configured and running zones on the system, use
zoneadm list –cv.
# zoneadm list -cv
ID NAME
STATUS
0 global
running
- hrzone
configured
- itzone
configured

PATH
/
/zones/hrzone
/zones/itzone

BRAND
solaris
solaris
solaris

IP
shared
excl
excl

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n ready tol install the zone. But, before you do that, it is a good idea to confirm that
You areonow
R
the
rozone is in the configured state. You can use the zoneadm list -cv command to see
iceall configured and running zones on a system, as shown in the example in the slide. Both the
zones that you have created, hrzone and itzone, have a status of configured.
You can now install the configured zones.

Oracle Solaris 11 Advanced System Administration 6 - 42

Gathering Information for
the System Configuration Profile
•
•
•
•
•
•
•
•

Computer Name: hrzone
Wired Ethernet Network Configuration: Manually
IP address of the zone: 192.168.1.100
DNS Name service: Do not configure DNS
Alternate Name Service: None
Time Zone, Region, and Location: Use your local region.
ble
a
r
fe
Netmask of the IP address: 255.255.255.0
s
n
a
r
t
p
Users, username, and password
on

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l that the zone is in the configured state, you need to create a system
After you
onhave verified
R
configuration
profile for the zone, which utilizes the System Configuration Tool (sysconfig,
ro
icefor short). The system configuration profile specifies the default locale and time zone, the
zone’s root password, a naming service to use, and other aspects of the application
environment, to include (but not limited to) the following:
• The computer name of the zone (for example, hrzone)
•
•

IP address of the zone, which is based on the IP address of the zone’s VNIC
Netmask of the IP address

gather this information before creating
g the system
y
configuration
g
profile. Most of
You need to g
the information is supplied by selecting from a list of choices. Typically, the default options are
enough unless your system configuration requires otherwise. After you have supplied the
required information for the zone, the zone is restarted.
This slide presents a sample of the type of information that you need to complete the system
configuration profile.

Oracle Solaris 11 Advanced System Administration 6 - 43

Creating the System Configuration Profile
To create the system configuration profile, use sysconfig
create-profile –o pathname.
# sysconfig create-profile –o /opt/ora/data/hrconf.xml

Exiting System Configuration Tool. Log is available at:
/var/tmp/install/sysconfig.log

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To create
profile for a zone, use the sysconfig create-profile –
ona system configuration
R
eorocommand followed by the path name of the location in which you want the profile to reside,
as shown in the example in the slide. Using the configuration information that you gathered
previously, respond to each of the prompts that are presented. When you have finished, you
will be exited from the System Configuration Tool.

Oracle Solaris 11 Advanced System Administration 6 - 44

Installing the Zone
To install a zone, use zoneadm -z zonename install -c
profile_pathname.
# zoneadm -z hrzone install –c /opt/ora/data/hrconf.xml
A ZFS file system has been created for this zone.
Publisher: Using solaris (http://server1.mydomain.com/ ).
Image: Preparing at /zones/hrzone/root.
Sanity Check: Looking for 'entire' incorporation.
...
Done: Installation completed in 356.558 seconds.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the system configuration profile, you are ready to install the zone. To
After you
onhave created
R
install
ro a zone, use the zoneadm -z command followed by the zone name, the install -c
icesubcommand, and the path name to the system configuration profile, as shown in the
example in the slide.

The installation process automatically creates a ZFS file system (data set) for the zone path
when the zone is installed. If the file system cannot be created, the zone is not installed. The
installation process also verifies the specified publisher and downloads the zone installation
packages from IPS. This process normally takes about three to five minutes per zone.

Oracle Solaris 11 Advanced System Administration 6 - 45

Booting the Zone
To list all running and installed zones on the system, use
zoneadm list -iv.
# zoneadm list -iv
ID NAME
STATUS
0 global
running
- hrzone
installed
- itzone
installed

PATH
/
/zones/hrzone
/zones/itzone

BRAND
IP
solaris shared
solaris excl
solaris excl

To boot a zone, use zoneadm -z zonename boot.
# zoneadm -z hrzone boot
# zoneadm
d -z itzone
it
boot
b t
# zoneadm list -v
ID NAME
STATUS
0 global
running
1 hrzone
running
2 itzone
running

b
a
r
e
f

an
r
t
n

no
a
s IP
a
PATH
BRAND
h
) solaris
ฺ shared
/
e
m
d
o
i
/zones/hrzone
solaris
excl
u
ilฺc t Gsolaris
a
/zones/itzone
excl
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the zone. But, before you do that, it is a good idea to confirm that the
The next
onstep is to boot
R
zone
ro is in the installed state. You can use the zoneadm list -civ command to see all
icethe running and installed zones on a system, as shown in the first example in the slide. As
you can see, both hrzone and itzone have a status of installed.

You can now boot the installed zones. To boot a zone, use the zoneadm -z command
followed by the zone name and the boot subcommand, as shown in the second example.
To verify that a zone is in running state, you can run the zoneadm list -v command, as
shown in the second part of the second example. Note that the two non-global zones now
have assigned IDs.

Oracle Solaris 11 Advanced System Administration 6 - 46

Checking the Virtual Network
Configuration in a Zone
To display the network interface address information for a zone,
log in to the zone, and then use ipadm show-addr.
# zlogin hrzone
[Connected to zone 'hrzone' pts/2]
[
p / ]
Oracle Corporation
SunOS 5.11
root@hrzone:~# ipadm show-addr
ADDROBJ
TYPE
STATE
lo0/v4
static
ok
vnic1/v4
static
ok
lo0/v6
static
ok
vnic1/v6
addrconf ok

11.0

November 2011

ADDR
127.0.0.1/8
192.168.1.100/24
::1/128
fe80::8:20ff:fe43:7986/10

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Now you
onlearn how lto check the virtual network configuration in a zone. First, you need to log
R
inro
to the zone. Log in to hrzone. To do this, use the zlogin command again, followed by the
icezone name, as shown in the example in the slide. After you are logged in, you can use the
ipadm show-addr command to see the network interface address information for the zone.
Here, you can see the IP address assignment of 192.168.1.100 that you made for the net0
network interface while creating the system configuration profile. You can also see the type
and state of the interface.

Oracle Solaris 11 Advanced System Administration 6 - 47

Verifying That a Zone’s Virtual Network
Interface Connection Is Operational
To verify that a zone’s virtual network interface connection is
operational, use ping and an IP address.
root@hrzone:~# ping 192.168.1.200
192 168 1 200 is alive
192.168.1.200

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l virtual network interface connection is operational, ping an IP address
To verify
onthat a zone’s
R
ro within the zone. In the example, you are pinging the IP address for the second zone that
efrom

was created, itzone. As you can see from the output, the virtual network that connects these
two zones is operational.

Oracle Solaris 11 Advanced System Administration 6 - 48

Virtual Network Configuration
System
Global Zone
hrzone

itzone

192 168 1 100
192.168.1.100

192 168 1 200
192.168.1.200

vnic1

vnic2

192.168.1.100

192.168.1.200

b
a
r
e
f

Etherstub

an
r
t
n

no
a
s
a
e1000g0
h
)
ฺ
e
m
192.168.0.112
d
o
i
ilฺc t Gu
a
m den
g
Local network
192.168.0.0
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l illustrates what the final virtual network configuration looks like. You
The graphic
on in the slide
R
have
ro two zones, hrzone and itzone, each with a dedicated or exclusive IP address. The
icehrzone zone is using vnic1 as its network interface, and itzone is using vnic2 as its
network interface. The VNICs are using etherstub stub0.

Oracle Solaris 11 Advanced System Administration 6 - 49

Removing the Virtual Network
Without Removing the Zones
1.
2.
3.
4
4.
5.

Verify the state of the configured zones.
Halt the exclusive IP zones.
Verify that the zones have been halted.
List the VNICs that were configured for the halted zones
zones.
Delete the VNICs.

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l to use the zones that you have created in a different configuration, or
If you find
onthat you need
R
ifryou
o need to move the zones to a different zone path or migrate them to another network,
iceyou must disable the zone’s virtual network while keeping the zones intact.
Note: This procedure assumes that you are running a virtual network that consists of
exclusive IP zones.
The steps for removing a virtual network without removing the zones are presented in the
slide. You now take a closer look at how to complete each step, beginning with how to verify
the state of the configured zones.

Oracle Solaris 11 Advanced System Administration 6 - 50

Verifying the State of the Configured Zones
To verify the state of the configured zones, use zoneadm
list –cv.
# zoneadm list -cv
ID NAME
STATUS
0 global
running
- hrzone
running
- itzone
running

PATH
/
/zones/hrzone
/zones/itzone

BRAND
IP
solaris shared
solaris excl
solaris excl

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To verify
onthe state ofl the currently configured zones on the system, use the zoneadm list
R
with the -cv option, as shown in the example in the slide. As you can see, hrzone
ro
ecommand
and itzone are currently running. You can also verify that both zones have exclusive IP
addresses.

Oracle Solaris 11 Advanced System Administration 6 - 51

Halting the Exclusive IP Zones
To halt the exclusive zones, use zoneadm –z zonename
halt.
# zoneadm –z hrzone halt
# zoneadm –z itzone halt

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the status of the zones and that they are exclusive IP zones, you can
After you
onhave verified
R
halt
ro each zone by using the zoneadm -z command followed by the zone name and the halt
icesubcommand, as shown in the example in the slide. When you halt a zone, you remove the
zone’s application environment and terminate several system activities.
Note: You can also use the zoneadm –z zonename shutdown command to cleanly shut
down a zone. Alternatively, for instructions on how to perform the same procedure by using
the zlogin command, refer to the chapter titled “How to Use zlogin to Shut Down a Zone”
in the Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and
Resource Management guide.

Oracle Solaris 11 Advanced System Administration 6 - 52

Verifying That the Zones Have Been Halted
To verify the state of the configured zones, use zoneadm
list –iv.
# zoneadm list -iv
ID NAME
STATUS
0 global
running
- hrzone
installed
- itzone
installed

PATH
/
/zones/hrzone
/zones/itzone

BRAND
IP
solaris shared
solaris excl
solaris excl

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l have been halted, use the zoneadm list -iv command, as shown
To verify
onthat the zones
R
einrothe example in the slide. Include the -i option to see all the installed zones on the system.
As you can see, hrzone and itzone have been returned to the installed state.

Oracle Solaris 11 Advanced System Administration 6 - 53

Listing the VNICs That Were Configured
for the Halted Zones
To list the VNICs that were configured for the halted zones, use
dladm show-vnic.
# dladm show-vnic
LINK
OVER
SPEED
vnic0
stub0 1000 MBps
vnic1
stub0 1000 MBps
vnic2
stub0 1000 MBps

MACADDRESS
2:8:20:70:d0:f8
2:8:20:80:65:0
2:8:20:1f:c5:bd

MACADDRTYPE
random
random
random

VID
0
0
0

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the VNICs that were configured for the halted zones. To do this, use
The next
onstep is to list
R
the
rodladm show-vnic command, as shown in the example in the slide. You will recall that
icevnic0 is for the etherstub; so the two VNICs that you are interested in are vnic1 and

vnic2, which correspond to hrzone and itzone, respectively.

Oracle Solaris 11 Advanced System Administration 6 - 54

b
a
r
e
f

Deleting the VNICs
To delete the VNICs, use dladm delete-vnic vnicname.
# dladm delete-vnic vnic0
# dladm delete-vnic vnic1
# dladm delete
delete-vnic
vnic vnic2

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the VNICs. This is done by using the dladm delete-vnic
The final
onstep is to delete
R
command
followed by the VNIC name, as shown in the example in the slide.
ro
ice

Oracle Solaris 11 Advanced System Administration 6 - 55

Quiz
After you have run the zonecfg -z zonename command,
which command would you use to start the configuration of a
new zone?
a. add zone
b. begin
c. create
d. start

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 56

b
a
r
e
f

Quiz
To use VNICs, which IP type must a zone be configured as?
a. Shared-IP
b. Exclusive-IP
c Either shared or exclusive
c.

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 57

Quiz
You have created the configuration for a new zone. What is the
next step?
a. Boot the new zone.
b Commit the configuration
b.
configuration.
c. Exit the configuration.
d. Verify the configuration.

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 58

b
a
r
e
f

Practice 6-2:
Creating Two Zones by Using VNICs
This practice covers the following topics:
• Configuring two zones by using VNICs
• Displaying the zone configuration, including the interfaces

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 59

Lesson Agenda
•
•
•
•
•

Planning for a Virtual Network and Zones
Configuring a Virtual Network
Configuring Zones to Use VNICs
Allocating and Managing System Resources in a Zone
Managing Resources on the Virtual Network

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 60

Allocating and Managing System
Resources in a Zone
This section covers allocating and managing the following:
• CPU resources with resource pools
• Physical memory resources with resource capping

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 61

Allocating and Managing CPU Resources
with Resource Pools
•
•
•
•

Enabling services for resource pools
Configuring a persistent resource pool
Binding the zone to a persistent resource pool
Removing the resource pool configuration

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To manage
in a zone, you can use a resource pool. To do this, you must
on CPU consumption
R
ro enable pool services, configure the resource pool, and then bind the zone to the pool.
efirst

When you no longer have the need to manage CPU usage in the zone, you can remove the
resource pool. Next, you look at how to perform each of these tasks, beginning with enabling
pool services.
For the purposes of training, assume that you have been monitoring the CPU usage of your
zones and that hrzone is creating a resource conflict. You will create a resource pool that will
control the CPU usage of hrzone.

Oracle Solaris 11 Advanced System Administration 6 - 62

Enabling Services for Resource Pools
To activate the resource pool services, run svcadm enable r pools/dynamic.
# svcadm enable -r pools/dynamic

To verify that the service pools and the poold daemon are up,
run svcs *pools* and pgrep –lf poold, respectively.
# svcs *pools*
STATE
STIME
FMRI
online
16:08:10 svc:/system/pools:default
online
16:08:11 svc:/system/pools/dynamic:default
# pgrep -lf poold
2283 /usr/lib/pool/poold

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
You may
onrecall fromlthe first topic, on planning for a virtual network and zones, that resource
R
pool
ro services are not enabled by default. To activate both resource pool services, you can run
icethe svcadm enable command with the -r option, followed by pools/dynamic, as shown in

the example in the slide.
To verify that the pool services are online, you can run the svcs *pools* command, as
shown in the example. You can also verify that the poold daemon is running.

Oracle Solaris 11 Advanced System Administration 6 - 63

b
a
r
e
f

Configuring a Persistent Resource Pool
To create the pool configuration file, use pooladm -s.
# pooladm –s

To verify that the file has been created
created, use ls –l
l
/etc/pool*.

# ls -l /etc/pool*
-rw-r--r-- 1 root root 1298 Dec 14 16:13 /etc/pooladm.conf
# file /etc/pooladm.conf
/
/etc/pooladm.conf:
/
l d
f
XML document
d

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
After enabling
pool services, you can create the pool configuration file and save
on the resource
R
itrin
o the default configuration file /etc/pooladm.conf. To create the pool configuration file,
iceuse the pooladm command with the -s option, which saves the file.
Note: The pooladm command is used to activate and deactivate the resource pools facility.
To verify that the file is created, you can use the ls –l /etc/pool* command, as shown in
the example in the slide. If you run the file /etc/pooladm.conf command, you can see
that the file is an XML document.
Note: You examine the contents of the XML document during the practice.

Oracle Solaris 11 Advanced System Administration 6 - 64

Displaying the Resource Pool Configuration File
To display the resource pool configuration file, use poolcfg
-c info.
# poolcfg -c info
system default
string system.comment
int
system.version 1
boolean system.bind-default true
string system.poold.objectives wt-load

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l resource pool configuration, you should familiarize yourself with the
n modify the
Before o
you
R
contents
ro of the configuration file. To display the file, use the poolcfg command with the -c
iceoption, followed by the info subcommand, as shown in the example in the slide.
Note:
• The poolcfg utility is used to create and modify the resource pool configuration files.
Due to space constraints in the slide, the full output for the resource pool configuration is
displayed on the next page.
In the output on the next page, notice that the current pool is pool_default and that the
processor set (p
p
(pset)) is p
pset_default. Below that, y
you can see that there are two CPUs
associated with the default pset. The number of CPUs available to the pset is identified in the
pset value uint pset.size 2.
•

Note: A processor set allows the binding of processes to groups of CPUs.
After checking the resource pool configuration and verifying that it is now the default
configuration, you can exit the pool by using the exit command.

Oracle Solaris 11 Advanced System Administration 6 - 65

system default
string

system.comment

int

system.version 1

boolean system.bind
system bind-default
default true

string

system.poold.objectives wt-load

pool pool_default
int

pool.sys_id 0

boolean

pool.active true

boolean

pool.default true

int

pool.importance 1

string

pool.comment

pset

pset_default

b
a
r
e
f

pset pset_default

an
s
boolean
pset.default true
ha ฺ
)
uint
pset.min 1 om
de
i
c
u
ฺ
l
G
ai 65536
uint
pset.max
t
n
m
g udepopulation
string
pset.units
@
t
o
S
d
l
pset.load
p
395
uint
s
a thi
n
o
uint oฺr
se pset.size 2
r
u
e
ic e to
string
pset.comment
c
(
s
ldo licen
a
n
o
cpu
int

R
o
r
ce

pset.sys_id -1

int

cpu.sys_id 1

string

cpu comment
cpu.comment

string

cpu.status on-line

int

cpu.sys_id 0

string

cpu.comment

string

cpu.status on-line

an
r
t
n

cpu

Oracle Solaris 11 Advanced System Administration 6 - 66

Modifying the Resource Pool Configuration File
To create the pset, use poolcfg –c 'create pset
pset_psetname (uint pset.min = x; uint
pset.max = x)'.
# poolcfg -c 'create pset pset_1to2 (uint pset.min = 1; uint
pset.max = 2)'

To create the pool, use poolcfg –c 'create pool
pool_poolname’.
# poolcfg -c 'create pool pool_hrzone'

b
a
r
e
f

an
r
t
n

Cic

no
a
To associate the pset with the pool, use poolcfg
s -c
a
h
)
'associate pool pool_poolname (pset
ฺ
e
m
d
o
i
pset_psetname) '.
ilฺc t Gu
a
gm uden(pset pset_1to2)'
# poolcfg -c 'associate pool @
pool_hrzone
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n ready tol modify the configuration file to control the CPU usage of hrzone. To do
You areonow
R
ro you create a pset, and then you create a pool. You then join or associate the pset with
ethis,
the pool. You now look at each step separately.
Suppose that you have decided to allocate two CPUs to address the workload in hrzone.
This will enable the kernel to use either one or two CPUs to support hrzone’s workload.

To create the pset and define its parameters, use the poolcfg -c command followed by
create pset, the name that you want to give the pset (pset_psetname), and the
unassigned integer (uint) minimum and maximum values, which are the minimum and
maximum numbers of the CPUs that you want allocated to this pset. In the example shown in
th slide,
the
lid you are stating
t ti that
th t a minimum
i i
off one CPU should
h ld b
be used,
d with
ith a maximum
i
off ttwo.
You have named the pset pset_1to2.
Note: The -c option is used to specify a command.

Oracle Solaris 11 Advanced System Administration 6 - 67

To create the pool, use the poolcfg -c command again, followed by create pool and the
name that you want to give the pool (pool_poolname), as shown in the second example. In
the example, because you are creating this pool for hrzone, you have named the pool
pool_hrzone.

To associate the pset with the pool, use the poolcfg -c command followed by 'associate
pool pool_poolname (pset pset_psetname)‘, as shown in the third example.
Note: Psets and pools are created separately to provide flexibility. For example, you could
create another pset and associate it with pool_hrzone if you wanted to do so.

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 68

Displaying and Committing the Modified
Resource Pool Configuration File
To display the modified resource pool configuration,
use poolcfg -c info.
# poolcfg -c info

N t

To validate and commit the modified configuration,
use pooladm -n –c, and then pooladm –c.

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n modifiedl pool configuration, use the poolcfg -c command followed by the info
To viewothe
R
as shown in the first example in the slide.
ro
esubcommand,
# pooladm -n
n –c
c
# pooladm -c

Note: Due to space constraints in the slide, the full output for the resource pool configuration
is presented on the next page.
In the output on the next page, notice that you now have a pool called pool_hrzone and a
pset called pset_1to2 as part of your resource pool configuration.

After viewing the modified pool configuration, you will want to validate and then commit it. To
validate the configuration, use the pooladm command with the -n -c options, as shown in
the second example. After the validation is completed, you can commit the configuration by
using the pooladm -c command. This is your static resource pool configuration file.

Oracle Solaris 11 Advanced System Administration 6 - 69

system default
string

system.comment

int

system.version 1

b l
boolean

system.bind-default
bi d d f l true

string

system.poold.objectives wt-load

pool pool_default
int

pool.sys_id 0

boolean

pool.active true

boolean

pool.default true

int

pool.importance 1

string

pool.comment

pset

pset_default

R
o
r
ce

an
r
t
n

an
s
ha ฺ
boolean
pool.active true
)
de
omfalse
i
boolean
pool.default
c
u
ฺ
l
ai nt GFSS
string
pool.scheduler
m
g ude
@
t
int
pool.importance
1
o
S
d
l
s
a
i
h
stringron
tpool.comment
ฺ
e
pset
ero to us pset_1to2
c
i
(c nse
o
ld pset_default
e
c
a
i
l
pset
n
o
pool pool_hrzone

int

pset.sys_id -1

boolean

pset default true
pset.default

uint

pset.min 1

uint

pset.max 65536

string

pset.units population

uint

pset.load 388

uint

pset.size 2

string

pset.comment

b
a
r
e
f

Oracle Solaris 11 Advanced System Administration 6 - 70

cpu
int

cpu.sys_id 1

string

cpu.comment

string
i

cpu.status on-line
li

int

cpu.sys_id 0

string

cpu.comment

string

cpu.status on
on-line
line

cpu

pset pset_1to2
int

pset.sys_id -2

boolean

pset.default false

uint

pset.min 1

uint

pset.max 2

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
string
pset.units population
)
o0m uide
uint
pset.load
c
ฺ
l
ai 0nt G
uint
pset.size
m
g ude
@
t
string
pset.comment
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 71

Displaying the Resource Pool Configuration
That Is Currently in Use
To display the resource pool configuration that is currently in
use, use poolcfg -dc info.
# poolcfg -dc info
system default
string
int
boolean
string

system.comment
system.version 1
system.bind-default true
system.poold.objectives wt-load

pool pool_hrzone
int
pool.sys_id 1
boolean pool.active true
boolean pool.default false
int
pool.importance 1
string pool.comment
pset
pset_1to2

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n resourcel pool configuration that the system is currently using (that is, the dynamic
To viewothe
R
ro configuration), use the poolcfg command with the -dc option, followed by the info
epool
subcommand, as shown in the example in the slide.
Note: The -d option specifies the dynamic pool configuration—that is, the configuration that
is operating directly on the kernel state.
As you can see in the example, the pool that you just created, pool_hrzone, is the resource
pool configuration that is currently in use.

Oracle Solaris 11 Advanced System Administration 6 - 72

Displaying all Active Resource Pools
To display all the active resource pools on the system,
use poolstat -r all.
# poolstat -r all
pool
id p
1 pool_hrzone
0 pool_default

type
yp rid rset
pset
1 pset_1to2
pset -1 pset_default

min
1
1

max size used load
2
1 0.00 0.00
66K
1 0.00 0.17

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If you want
on to see alll the active resource pools on the system, use the poolstat -r all
R
command,
as shown in the example in the slide.
ro
iceNote: The poolstat utility is used to report statistics on active resource pools.

Here, you can see that there are two active resource pools: the pool that was just created
(pool_hrzone) and the default pool (pool_default).
The output for this command displays the following information:
• Pool ID
• Name of the pool
• Type
T pe of reso
resource
rce set
set. A reso
resource
rce set is a process
process-bindable
bindable resource.
reso rce E
Examples
amples of
resource sets include processor sets and scheduling classes.
• Resource set ID (rid)
• Resource set name (rset)
• Minimum resource set size (min)
• Maximum resource set size (max)

Oracle Solaris 11 Advanced System Administration 6 - 73

•
•

•

Current resource set size (size)
Amount of the resource set currently in use (used). This measure is calculated as the
percentage utilization of the resource set multiplied by its size. If the resource set has
been reconfigured
g
during
g the last sampling
p g interval, this value might
g be not reported
p
((–).
)
Load that is put on the resource set (load). For the definition of this property, see
libpool (3LIB).

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 74

Binding the Zone to a Persistent Resource Pool
This section covers the following steps:
1. Listing the current state of the zones
2. Allocating the pool to the zone and confirming the
allocation
3. Rebooting the zone to activate the resource pool binding
4. Confirming the availability of the resource pool

b
a
r
e
f

an
r
t
n

Note

R
o
r
ce

In this example, you are binding the zone to a persistent resource pool. Persistent resource
pools remain even if the system shuts down and comes back up
up. You can also configure
temporary resource pools. For information about configuring temporary resource pools, see
the section titled “Resource Pools” in the Oracle Solaris Administration: Oracle Solaris Zones,
Oracle Solaris 10 Zones, and Resource Management guide.

Oracle Solaris 11 Advanced System Administration 6 - 75

Listing the Current State of the Zones
To list the current state of the zones on the system,
use zoneadm list –iv.
# zoneadm list -iv
ID NAME
STATUS
0 global
running
1 hrzone
running
2 itzone
running

PATH
/
/zones/hrzone
/zones/itzone

BRAND
solaris
solaris
solaris

IP
shared
excl
excl

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Because
onyou want tol bind a running zone to the resource pool, you verify that the zone is up
R
and
ro running. To do this, use the zoneadm list -iv command, as shown in the example in
icethe slide. As you can see, all zones are up and running.

Oracle Solaris 11 Advanced System Administration 6 - 76

b
a
r
e
f

Allocating the Pool to the Zone
and Confirming the Allocation
To allocate the pool to the zone, use zonecfg –z followed by
the zone name and set pool=pool_poolname.
# zonecfg -z hrzone set pool=pool_hrzone

To confirm that the allocation has been made, use zonecfg le
b
a
r
z zonename info pool.
fe

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
Now that
that the hrzone zone is running, you can allocate the pool to that
onyou have verified
R
zone.
ro To do this, use the zonecfg -z command followed by the zone name and set
icepool=pool_poolname, as shown in the first example in the slide.
# zonecfg
g -z hrzone info | g
grep
p pool
p
pool: pool_hrzone

To confirm that the pool allocation has been included in the zone configuration, use the
zonecfg -z command followed by the zone name, the info subcommand, and | grep
pool, as shown in the second example. In this case, you have confirmation that the resource
pool is part of the zone configuration.

Oracle Solaris 11 Advanced System Administration 6 - 77

Rebooting the Zone to Activate
the Resource Pool Binding
To reboot the zone, use zoneadm -z hrzone shutdown
-r.
# zoneadm -z hrzone shutdown -r

To verify that the zone is back up and running, use zoneadm
list –iv.
# zoneadm list -iv
ID NAME
STATUS
0 global
running
1 hrzone
running
2 itzone
running

b
a
r
e
f

an
r
t
n

no IP
a
s
shared
a
h
)
excl
ฺ
e
m
d
o
i
excl
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the zone to activate the resource pool binding. To do this, use the
The next
onstep is to reboot
R
zoneadm
command followed by the zone name and the shutdown subcommand with the -r
ro
iceoption, as shown in the first example in the slide.
PATH
/
/zones/hrzone
/zones/itzone

BRAND
solaris
solaris
solaris

Note: You can also use init 6 to reboot.
Next, you want to verify that the zone is back up and running. To do this, run the zoneadm
list -iv command again, as shown in the second example. As you can see, hrzone is
back up and running.

Oracle Solaris 11 Advanced System Administration 6 - 78

Confirming the Availability of the Resource Pool
To confirm the availability of the resource pool, log in by using
zlogin zonename, and then use poolcfg -dc info.
# zlogin hrzone
[Connected to zone 'hrzone'
hrzone pts/2]
Oracle Corporation SunOS 5.11 11.0

November 2011

# poolcfg -dc info

# exit
Logout
[Connection to zone 'hrzone' pts/2 closed]

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l that the resource pool is available. To do this, you first log in to the
Now you
onwant to confirm
R
zone
ro by using the zlogin command followed by the zone name. Then use the poolcfg
icecommand with the -dc options, followed by the info subcommand, as shown in the example
in the slide.

Note: Due to space constraints in the slide, the full output for the resource pool configuration
is presented on the next page.
In the output on the next page, notice that you have a pool called pool_hrzone and that its
pset is pset_1to2. Below that, you can see the details for the pset as well as the two CPUs
that you specified.
After you have confirmed the availability of the resource pool and reviewed the resource pool
configuration, you can exit the pool by using the exit command.

Oracle Solaris 11 Advanced System Administration 6 - 79

system default
string

system.comment

int

system.version 1

b l
boolean

system.bind-default
bi d d f l true

string

system.poold.objectives wt-load

pool pool_hrzone
int

pool.sys_id 1

boolean

pool.active true

boolean

pool.default false

int

pool.importance 1

string

pool.comment

pset

pset_1to2

R
o
r
ce

an
r
t
n

an
s
ha ฺ
int
pset.sys_id 1
)
m ide
boolean
pset.default false ฺco
u
l
i
G
a
t
uint
pset.min 1 gm
n
e
d
uint
pset.max
o2@ Stu
d
l
a tpopulation
is
n
h
string
pset.units
o
ฺr use
opset.load
r
uint
24
e
o
c
i
t
c
e
uint
1
o ( enspset.size
d
l
c
a
pset.comment
on stringli

pset pset_1to2

cpu
int

cpu.sys_id 0

string

cpu.comment

string

cpu.status on-line

b
a
r
e
f

Oracle Solaris 11 Advanced System Administration 6 - 80

Removing the Resource Pool Configuration
This section covers the following steps:
1. Removing the pool configuration from the zone
2. Rebooting the zone
3 Checking the resource pool configuration for the zone
3.
4. Deleting the resource pool

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 81

Removing the Pool Configuration from the Zone
To remove the resource pool configuration from the zone,
use zonecfg -z zonename clear pool.
# zonecfg -z hrzone clear pool

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l pool configuration from the zone, use the zonecfg -z command
To remove
on the resource
R
ro by the zone name and the clear pool subcommand, as shown in the example in
efollowed

the slide. This action removes the resource pool configuration that you allocated to the zone
and replaces it with the default resource pool configuration.

Oracle Solaris 11 Advanced System Administration 6 - 82

Rebooting the Zone
To reboot the zone, use zoneadm -z hrzone shutdown
-r.
# zoneadm -z hrzone shutdown -r

To verify that the zone is back up and running, use zoneadm
list –iv.
# zoneadm list -iv
ID NAME
STATUS
0 global
running
1 hrzone
running
2 itzone
running

b
a
r
e
f

PATH
/
/zones/hrzone
/zones/itzone

BRAND
solaris
solaris
solaris

an
r
t
IP
n

no shared
a
excl
s
a
h
excl
)
ฺ
e
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the zone to activate the change. To do this, use the zoneadm
The next
onstep is to reboot
R
command
followed by the zone name and the shutdown subcommand with the -r option, as
ro
iceshown in the first example in the slide.
Next, you want to verify that the zone is back up and running. To do this, run the zoneadm
list -iv command again, as shown in the second example. As you can see, hrzone is
back up and running.

Oracle Solaris 11 Advanced System Administration 6 - 83

Checking the Resource Pool
Configuration for the Zone
To check the resource pool configuration for the zone, log in by
using zlogin zonename, and then use poolcfg -dc info.

# zlogin hrzone
[Connected to zone 'hrzone' pts/2]
Oracle Corporation SunOS 5.11 11.0

November 2011

# poolcfg -dc info

# exit
Logout
s
a
h
[Connection to zone 'hrzone' pts/2 closed]
)

b
a
r
e
f

an
r
t
n

an
ฺ
ide

om u
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l that the resource pool has been removed. To do this, first log in to
Next, you
onwant to check
R
the
rozone by using the zlogin command followed by the zone name. Then use the poolcfg
icecommand with the -dc options, followed by the info subcommand, as shown in the example
in the slide.

Note: Due to space constraints in the slide, the full output for the resource pool configuration
is presented on the next page.
In the output on the next page, notice that only the default resource pool configuration is
available. The only pool that is available is the pool_default pool, and the only pset that is
available is pset_default. Below the default pset, you can see the two CPUs associated
with
ith th
thatt pset.
t
After you have checked the resource pool configuration and verified that it is now the default
configuration, you can exit the pool by using the exit command.

Oracle Solaris 11 Advanced System Administration 6 - 84

system default
string

system.comment

int

system.version 1

boolean

system bind-default
system.bind
default true

string

system.poold.objectives wt-load

pool pool_default
int

pool.sys_id 0

boolean

pool.active true

boolean

pool.default true

int

pool.importance 1

string

pool.comment

pset

pset_default

b
a
r
e
f

pset pset_default

R
o
r
ce

an
s
boolean
pset.default true
ha ฺ
)
uint
pset.min 1
om uide
c
ฺ
l
ai nt G
uint
pset.max 65536
m
g ude
string
pset.units @
population
t
o
S
d
l
pset.load
p
268
uint
s
na thi
o
r
ฺ
uint
se1
opset.size
r
u
e
to
stringcic
pset.comment
(
e
do icens
l
a
on cpu l
int

pset.sys_id -1

int

cpu.sys_id 1

string

cpu comment
cpu.comment

string

cpu.status on-line

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 85

Deleting the Resource Pool
To delete the resource pool, use pooladm –x.
# pooladm -x

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l the resource pool. To do this, use the pooladm command with the
The next
onstep is to delete
R
-x
rooption. The -x option removes the currently active pool configuration, destroys all defined
iceresources, and returns all formerly partitioned components to their default resources.

Oracle Solaris 11 Advanced System Administration 6 - 86

Displaying all Active Resource Pools
To display all the active resource pools on the system,
use poolstat -r all.
# poolstat -r all
id pool
0 pool_default

type rid rset
pset -1 pset_default

min
1

max size used load
66K
2 0.00 0.73

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l that the resource pool that you deleted is no longer active on the
The final
onstep is to verify
R
system.
ro To do this, use the poolstat -r all command, as shown in the example in the
iceslide. You can see that there is now only one active resource pool: the default pool
(pool_default).

Oracle Solaris 11 Advanced System Administration 6 - 87

Allocating and Managing Physical Memory
Resources with Resource Capping
To add a memory cap to a zone, perform the following steps:
1. Configure the zone by using zonecfg –z zone.
2. Add the memory cap resource and set each memory cap
type as appropriate: physical,
physical swap,
swap and locked
locked.
3. Verify, commit, and exit the zone.

# zonecfg -z itzone
zonecfg:itzone> add capped-memory
zonecfg:itone:capped-memory> set physical=50m
zonecfg:itzone:capped-memory> set swap=100m
zonecfg:itzone:capped-memory> set locked=30m
zonecfg:itone:capped-memory> end
zonecfg:itzone> verify
zonecfg:itzone> commit
zonecfg:itzone> exit

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
As mentioned
on in thelfirst topic on planning for a virtual network and zones, you have the
R
ro of setting memory resource capping in a zone. The steps for adding a memory cap are
eoption
listed in the slide.

In the example, you are setting the physical, swap, and locked memory resource caps for the
zone called itzone.
Note: You do not have to set all three limits, but you must set at least one. These settings are
persistent.

Oracle Solaris 11 Advanced System Administration 6 - 88

Practice 6-3 Overview:
Allocating Resources to Zones
This practice covers the following topics:
• Enabling services for resource pools
• Configuring a persistent resource pool
• Binding the zone to a persistent resource pool
• Removing the resource pool configuration

b
a
r
e
f

an
r
t
n

Oracle Solaris 11 Advanced System Administration 6 - 89

Lesson Agenda
•
•
•
•
•

Planning for a Virtual Network and Zones
Configuring a Virtual Network
Configuring Zones to Use VNICs
Allocating and Managing System Resources in a Zone
Managing Resources on the Virtual Network

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 90

Managing Resources on the Virtual Network
This section covers the following topics:
• Determining the configured VNIC states
• Creating and implementing a flow
• Displaying flow controls
• Setting flow properties
• Displaying flow control properties
• Setting a priority property

b
a
r
e
f

an
r
t
n

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 91

Determining the Configured VNIC States
To determine the current state of the VNICs on the system,
use dladm show-link.
# dladm show-link
net1
t1
net2
net0
net3
stub0
vnic0
vnic1
hrzone/vnic1
vnic2
itzone/vnic2
itzone/net0
hrzone/net0

phys
h
1500
unknown
k
-phys
1500
unknown -phys
1500
up
-phys
1500
unknown -ble
a
r
etherstub 9000
unknown -fe
s
n
vnic
9000
up
stub0 ra
-t
n
vnic
9000
up
p
stub0
o
n
vnic
9000
up
a stub0
s
vnic
9000
up) ha
stub0
ฺ
vnic
9000 om
up
de stub0
i
c
u
ฺ
l
G
vnic
1500
net0
ai nup
t
m
g 1500de up
vnic
net0

o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
n create a lflow, you want to determine the current state of the VNICs that you want
Before o
you
R
toro
create the flow for. To do this, use dladm show-link, as shown in the example in the
iceslide. As you can see, the VNICs that you created earlier are up.

Oracle Solaris 11 Advanced System Administration 6 - 92

Creating and Adding a Flow
1. Create a new VNIC by using dladm create-vnic –l
etherstub vnic.
2. Select the attribute on which you want to base the flow.
3 Determine how you want to customize the flow’s
3.
flow s use of the
network resources.
4. Add the VNIC as a flow by using flowadm add-flow -l
ble
a
link -a attribute=value flow.
r
e

s
n
a
r
-t

Cic

on
n
a
s
a
) h eฺ
m
co Guid
ฺ
l
i
ma dent
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
To create
ona flow, youl first create a new VNIC. You then select the attribute that you want to
R
ro the flow on, and then determine how you want to customize the flow’s use of resources
ebase
# dladm create-vnic -l stub0 vnic3
# flowadm add-flow
add flow -l
l vnic3 -a
a transport=tcp,local_port=80
transport tcp local port 80 http1
# flowadm show-flow
FLOW
LINK
IPADDR
PROTO LPORT
RPORT DSFLD
http1
vnic3
-tcp
80
---

by selecting the bandwidth and priority settings for the network resource.
Next, you add the VNIC as a flow by using the flowadm add-flow command followed by
the -l option, the link name, the -a option that specifies the attribute value, the attribute
value, and the flow name.
In this example, you have created a new VNIC, vnic3, to add as a flow. The flow is based on
the TCP transport protocol, which is the attribute. You have defined the transport as local and
assigned it to port 80. The name of the flow is http1.

Oracle Solaris 11 Advanced System Administration 6 - 93

Displaying Flow Controls
To display the flow controls that are currently configured in the
system, use flowadm show-flow.
# flowadm show-flow
FLOW
LINK
http1
vnic3

IPADDR
--

PROTO
tcp

LPORT
--

RPORT
--

DSFLD
--

b
a
r
e
f

an
r
t
n

Cic

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l
To display
that are currently configured in the system, use the flowadm
onthe flow controls
R
command, as shown in the example in the slide. As you can see, there is only
ro
eshow-flow

one flow that is currently configured in the system, and that is the flow that you just created.

Oracle Solaris 11 Advanced System Administration 6 - 94

Setting Flow Properties
To set a flow property, use flowadm set-flowprop –p
property=value flow.
# flowadm set-flowprop -p maxbw=100M http1

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
l use the flowadm set-flowprop command followed by the -p option
n property,
To set aoflow
R
toro
specify the properties that you want to use to control the resources, property values, and
iceflow name.
In the example in the slide, the maximum bandwidth is set to 100 MB per second.
Note: The value that you set for the bandwidth must be within the allowed range of values for
the link’s bandwidth. To display the possible range of values for a link’s bandwidth, check the
POSSIBLE field in the output that is generated by the following command: dladm showlinkprop -p maxbw link.

Oracle Solaris 11 Advanced System Administration 6 - 95

Displaying Flow Control Properties
To display a flow’s control properties, use flowadm showflowprop flow.
# flowadm show-flowprop http1
FLOW
PROPERTY
http1
maxbw

VALUE
100

DEFAULT
--

POSSIBLE
--

b
a
r
e
f

an
r
t
n

no
a
s
a
h
)
ฺ
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
If you want
on to see thel control properties that a flow has, you can do so by using the flowadm
R
show-flowprop
command, as shown in the example in the slide.
ro
ice

Oracle Solaris 11 Advanced System Administration 6 - 96

Setting a Priority Property
To set a link property, use dladm set-linkprop -p
property=high vnic.
# dladm set-linkprop -p priority=high vnic1

To view the priority property for a link, use dladm showlinkproperty –p priority vnic.

b
a
r
e
f

an
r
t
n

no
a
sPOSSIBLE
a
h
)
ฺ
low,medium,high
e
m
d
o
i
ilฺc t Gu
a
m den
g
o@ Stu
d
l
a this
n
o
se and/or its affiliates. All rights reserved.
oฺr© 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
After you
onset the flowl properties, you can also set a priority property on the link. To do so, use
R
the
rodladm set-linkprop command followed by the -p option to specify the priority value,
icethe priority value itself, and the name of the VNIC, as shown in the first example in the slide.
# dladm set-linkprop
set linkprop -p
p priority=high vnic1
# dladm show-linkprop -p priority vnic1
LINK
PROPERTY
PERM VALUE
DEFAULT
vnic1
priority
rw
high
high

The possible priority values are low, medium, and high. In this example, the link priority for
vnic1 is set to high.

To view the priority property for a link, you can use the dladm show-linkprop command
followed by the -p priority subcommand and the name of the VNIC, as shown in the second
example.

Oracle Solaris 11 Advanced System Administration 6 - 97

Practices 6-4 and 6-5 Overview:
Managing the Virtual Network Data Flow and
Removing Part of the Virtual Network
These practices cover the following topics:
• Managing resources on the virtual network by using data
flows
• Dismantling the virtual network and zones

b
a
r
e
f

an
r
t
n

an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se and/or its affiliates. All rights reserved.
o © 2013,uOracle
r
Copyright
e
ic e to
c
(
do icens
l
a
Each practice
on shouldl take about 10 minutes to complete.
R
ro
ice

Oracle Solaris 11 Advanced System Administration 6 - 98

Summary
In this lesson, you should have learned how to:
• Implement a plan to configure Oracle Solaris zones with a
virtual network
• Create a virtual network
• Configure Oracle Solaris zones to use VNICs
• Allocate resources to an Oracle Solaris zone
ble
a
r
• Manage virtual network resources
sfe

a
r
t
on

R
o
r
ce

Oracle Solaris 11 Advanced System Administration 6 - 99

R
o
r
ce
an
s
ha ฺ
)
om uide
c
ฺ
l
ai nt G
m
g ude
@
t
o
S
d
l
s
na thi
o
r
ฺ
se
o
r
u
e
ic e to
c
(
do icens
l
a
l
on
an
r
t
n
b
a
r
e
f

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Encryption                      : Standard V2.3 (128-bit)
User Access                     : Print, Annotate, Extract, Print high-res
Page Count                      : 480
Create Date                     : 2013:03:07 15:01:14+05:30
Producer                        : iText 2.1.3 (by lowagie.com)
Modify Date                     : 2014:07:26 12:33:05-05:00

EXIF Metadata provided by EXIF.tools

Oracle Solaris 11 Advanced System Administration Ed 3 (Student Guide Volume 1)

Navigation menu

Versions of this User Manual:

Views

Navigation