1 Hands On Lab
Oracle Solaris 11
Implementation Specialist
Bootcamp
Student Lab Guide
Version 2 January 2013
Oracle Corporation
Page 1 of 147
2 System Requirements
Hardware requirements:
Page 2 of 147
VirtualBox 4.2
VirtualBox 4.2 Extension Pack
Oracle Solaris 11.1 Text Install ISO
Oracle Solaris 11.1 Virtual Box pre-configured image ISO
Oracle Solaris 11.1 Repository ISO
Note 1: Please download and install VirtualBox and the extensions on your system
prior to attending the lab. We cant guarantee the speed or availability of the internet
connection at the training venue. The Instructor will provide several flash disks with
the necessary files on them prior to class so students can download and install if
necessary. But it will be much easier if you already have the application loaded and
running.
3 Pre-requisites
Page 3 of 147
1 Contents
Page 4 of 147
1 Introduction
Participants will gain example-led awareness and understanding of the following
technical facilities:
- Automated Installation
- System Configuration Profiles and Service Management Facility
- Jumpstart to Automated Installation conversion
- Distribution constructor
- Boot environments
- Integration with Solaris Zones
- Image packaging system
We examine each of the enhancements and demonstrate how, jointly, they make it
easier to deploy Oracle Solaris 11 technology in the enterprise. Upon completion of
this lab, participants will have learned how to begin addressing business
requirements with Oracle Solaris 11 provisioning and packaging technology, and get
comfortable with methodologies that are available to aid in the process.
2 Overview
There are three significant steps involved in the installation process:
1) Assignment of a network identity for the system being installed
2) Contacting the automated installation service to download a small boot
image over the network with a description of how to provision a system
3) Actual provisioning of the system over the network, including software and
system configuration
Each of the above can be provided by services residing on the same physical or
virtual system, or they could also be on separate systems. In our lab we will
provision these services on the same system, provided by the following
components:
Page 5 of 147
In the diagram above, our first system, depicted on the left, will be our Automated
Install Server and will provide IPS, AI, and DHCP services . The second system,
depicted on the right, is a client that we will provision automatically.
3 Pre-requisites
This lab requires the use of the following elements:
A current laptop with at least 2GB memory and 100GB free disk space
Oracle VirtualBox Software (4.2.x with Extension Pack 4.2 installed)
Oracle Solaris 11.1 Base Text Image (sol-11_1-text-x86.iso)
Oracle Solaris IPS Repository (sol-11_1-repo-full.iso)
The following assumptions have been made regarding the environment where this
lab is being performed:
1. Network connectivity to the Internet is not necessary
2. The server system will be configured with a static IP address that will act as
a DHCP server.
3. The Client will be configured as a DHCP client
Page 6 of 147
5 Exercises
Page 7 of 147
Page 8 of 147
Page 9 of 147
Page 10 of 147
Page 11 of 147
Page 12 of 147
Page 13 of 147
Page 14 of 147
Page 15 of 147
Page 16 of 147
Select the
appropriate date and
time then select F2.
Complete your
configuration by
entering a root
password, your
name, username and
user password.
For example:
Real name: LabUser
Username: labuser
Password: solaris11
Page 17 of 147
Page 18 of 147
Page 19 of 147
1) Login with the username credentials you created during the configuration
dialogue.
Page 20 of 147
5.4 Configure the IPS Repository for local use by the Server
After youve logged in:
Assume the root role
# su
# password:
Turn off sendmail service to prevent errors from being printed on your screen:
# svcadm disable sendmail
# svcadm disable sendmail-client
If the text install boot image is still mounted, eject it at this time. (Oracle Text install
boot image, sol11_1-text-x86.iso this was the boot image that we used to install our
server)
# eject
For the first lesson in our lab, well need a copy of the Solaris Repository. This file
comes as a two part download from Oracle.com that must be concatenated together
before use. Youll probably have two files, sol-11_1-repo-full.iso-a and sol-11_1repo-full.iso-b. For Windows users youll need to use the DOS copy command to
join the two files together. Heres the syntax and an example:
C:\<file location\copy /b file1 + file2 targetfile
C:\mydocuments\sol-11_1-repo-full.iso-a + sol-11_1-repo-full.iso-b sol-11_1-
Page 21 of 147
Mount the latest Repository ISO file on your server system. On the bottom bar of
your VirtualBox window, in the right corner area, position the mouse above the CD
image, click and select to Choose a virtual CD/DVD disk file and select the sol11_1-repo-full.iso file.
Or locate the Oracle VM Virtualbox Manager window,
Choose the AI Server instance
Page 22 of 147
To verify type ls /media in your terminal window and you should see
SOL_11_1_REPO_FULL
To configure the IPS repository locally we need to change the publisher. Well
remove the default solaris publisher which points to the
http://pkg.oracle.com/solaris/release/ publisher location.
Use the pkg command to see the default publisher for Oracle Solaris 11
# pkg publisher
Page 23 of 147
This allows us to run pkg commands to perform updates to our server without
having to connect to the network and allows us a faster way to access the repository
without installing it just yet. This does not yet make the IPS Repository service
available on the network for your clients. We will do this as a separate exercise.
5.5 Perform an Installation of Software that was not in the base image
When we installed Solaris using the Text-based interactive Installer, we ended up
with a collection of software packages known as a solaris-large-server package. You
can verify this by running:
# pkg list |grep group
The large server package contains many programs but there are still a lot of
available software packages that are located in the repository and available for
download whenever we need to obtain them.
For an example, we will add the VIM editor which is not included in the large server
package by default. Type the following command to install the vim package.
# pkg install editor/vim
Page 24 of 147
Lets try another example. Well install the NVDAgraphics driver package.
First lets look at our boot environments. Why will become clear in a moment. But
remember that making backups of the Oracle Solaris 11 Operating System is as easy
as a result of the ZFS snapshot and clone utilities.
# beadm list
Note that theres a single solaris instance. Lets install the NVDA graphics package.
# pkg install NVDAgraphics
This package will have 16 other packages as dependencies, all of which will
automatically be calculated and installed.
Note: The NVDAgraphics will most likely throw an error on installation as
referenced by the below screen shot. This is a normal part of the lab.
Page 25 of 147
The pkg install service has automatically created a backup boot environment named
solaris-backup-1.
Check the state of the boot environments
# beadm list
Verify that the solaris-backup-1 boot environment exists
Page 26 of 147
Select solaris-backup-1 and hit [Enter]. This is the backup environment that was
created automatically by the pkg command.
Login as labuser and then su to root
In this environment we have a state of the machine before the installation of the
NVDAgraphics package. The boot image called Oracle Solaris 11 11/11 contains the
defective graphics driver. This is just an example of a safe roll-back capability that
Solaris provides out-of-the-box and eases elements of software and system
management.
Since weve now booted into the backup environment the beadm command output
will show that the solaris-backup-1 environment is active Now and the solaris
environment will be active on Reboot
# beadm list
Page 27 of 147
Boot environments are useful and easy to create. Lets create one now.
Run the following command
# beadm create beforeUpdate
# beadm list
You have just created a boot environment called beforeUpdate and verified that it
exists.
Assume that we made a mistake and we dont like the name beforeUpdate, we want
to make it beforeChange instead. Lets rename it and call it beforeChange
# beadm rename beforeUpdate beforeChange
Check your output with the screen below:
You can activate the beforeChange boot environment to be the default boot
environment which will become available the next time the system boots. Verify
your changes and note the R and N in the table below.
# beadm activate beforeChange
# beadm list
Page 28 of 147
Notice how (in the Active column) the R and N values move between different
boot environments. R indicates that the boot environment will be active on
Reboot, and N means the boot environment active Now.
You can also mount boot environments and interrogate them to look for files or
troubleshoot a boot instance.
Heres an example of mounting a boot environment.
Create a mount point:
# beadm mount beforeChange /mnt
# ls /mnt
You can navigate the beforeChange file system to make changes and interrogate the
system.
Unmount the boot environment
# beadm unmount beforeChange
Now lets do a little clean up and return our system to a good stable state. Well
rename beforeChange to something that makes more sense and well get rid of the
defective environment that contains the errored out NVDAgraphics driver
Activate our backup environment because we cant rename an active boot
environment.
# beadm activate solaris-backup-1
Page 29 of 147
Upon reboot solaris11 should be the default environment in the Grub menu
boot into the solaris11 environment. Once your system has finished booting, login
and su to root. Confirm solaris11 is the active environment and you still have an
existing backup
# beadm list
Page 30 of 147
Note: dladm and ipadm are new commands available to manage network
configuration in Oracle Solaris 11.
In this portion of the lab we will take the IPS repository contents from an ISO file
and make it persistently accessible through a service, this ensures it will be
available even after a reboot of the server.
Note: For a typical customer installation we would copy the contents of the ISO to a
file system for faster access. But since this is a lab running on virtual servers and in the
interest of time well just mount it. Instructions on copying the repo directly to hard
disk are available in the Solaris 11 documentation
Note: In the VirtualBox setup at the beginning of the lab we mounted the sol-11-1111repo-full.iso file to the virtual CD drive. This ISO file should be available to your system
under the /media directory. If its not mounted go back and use the instructions to
mount the ISO to your system in order to complete this lab.
We will instantiate the repo as a properly configured service. We will use SMF
(Service Management Facility) to get this done.
su to the root role and execute the following commands:
# svccfg s application/pkg/server setprop \
pkg/inst_root=/media/SOL_11_1_REPO_FULL/repo
# svccfg s application/pkg/server setprop \
pkg/readonly=true
# svcadm refresh application/pkg/server
# svcadm enable application/pkg/server
Page 31 of 147
The next step is to configure the system to use a locally configured IPS repository.
We do so by changing the default publisher from pkg.oracle.com/solaris/release to
the publisher weve set up on our own system. In a normal environment your
publisher might be on its own server.
Type the following commands:
# pkg unset-publisher solaris
# pkg set-publisher g http://192.168.1.222 solaris
Verify that your publisher has been changed to the new local resource
# pkg publisher
Add another package as a test, to make sure our repository is properly configured
and accessible via the network. Well add the developer package for the vala
language.
# pkg install developer/vala
Verify your package is installed properly:
# pkg info developer/vala
Page 32 of 147
This will create a service named s11x86service and serve up DHCP clients starting
with 192.168.1.110. The c argument specifies that 20 IP addresses should be
allocated.
When prompted about using the default image path, answer y for yes.
Page 33 of 147
Page 34 of 147
AIClient
Solaris
Oracle Solaris 11 (64 bit)
1536 MB
Dynamically allocated storage
16 GB Virtual disk file allocation
Page 35 of 147
Page 36 of 147
Next you will see a GRUB menu with a timer. The default selection highlights the
Text Installer and command line option but we need use the Automated Install
selection. Press the up or down arrow keys to stop the timer and select the
Automated Install and press enter.
What follows is the continuation of a networked boot from the Automated Install
server, where the client downloads a mini-root (a small set of files in which to
successfully run the installer), identifies the location of the Automated Install
manifest on the network, retrieves the said manifest and then processes it to
identify the address of the IPS repository where to obtain images from.
Page 37 of 147
As you watch the screen youll see how pkg.oracle.com is the default address of the
IPS repository. In our case, however, we had previously created a local IPS
repository so we need to make sure that it is our local IPS repository that is being
contacted to install the client system.
Page 38 of 147
Some valuable information on the screen will be the location of log files and the
XML manifest being used for this installation, such as shown on the above image.
The default IPS repository hard-coded in the default Automated Install manifest is
hosted by Oracle and the XML code <origin name=> is pointing at pkg.oracle.com.
If your system were able to reach the Internet, you would see a successful
installation process on your screen.
However, since were only using an internal network we will not be able to reach the
internet and the DNS resolution being done in the mini-root will fail. We will
therefore be unable to contact the default IPS repository located at pkg.oracle.com.
As a result, our installation will fail with the message below.
This isnt a big deal for our lab and most customer enterprise installations will
already have internal IPS repositories (like weve previously created in this lab) as
using an internet based repository takes a lot of bandwidth and isnt the most
efficient way of getting your packages. In the next section, we will alter the default
manifest to point to our own internal IPS repository.
Page 39 of 147
Next, well probe the s11x86service and the default manifest associated with it. The
m switch reflects the name of the manifest associated with a service. We want to
alter the manifest and well use the default as a template. Well capture the output
into a file. Below is the command to redirect our manifest output to a file that we
can edit by using the command below:
# installadm export n s11x86service m orig_default >
/var/tmp/orig_default.xml
Create a backup copy of this file under a different name and work on the copy, lets
call it orig-default2.xml
# cp /var/tmp/orig_default.xml /var/tmp/orig_default2.xml
Page 40 of 147
Since we are working with the very first instance of an AI service, we must use the
default service name when referencing modifications to the service.
# installadm update-manifest n default-i386 m \
orig_default f /var/tmp/orig_default2.xml
5.11 Booting the Client with the modified Automated Install (AI) manifest
Boot the AI Client virtual machine again, and as you do, youll see a process similar
to what youve previously seen, but now it will not stop with a DNS error. Instead, it
will proceed towards contacting the local IPS repository for packages. The process
begins to look like the image below, notice the address in the origin line on the
Page 41 of 147
It can take between 15 and 30 minutes to install the packages from the AI Origin. Be
patient and let the installation complete.
The installation should complete with output similar to the following.
Page 42 of 147
Prior to rebooting the client, you may want to login and explore the system and
examine the log files, such as the Installation log file (/system/volatile/install_log) or
the Automated Install manifest that was used to install the system
(/system/volatile/ai.xml)
To login to the system use the default Automated Install image username root and
the password solaris
There are many additional customizations that can be done to the Automated Install
manifest. The guiding principles in instituting these changes are to follow the
process outlined above and remember to refer to appropriate install service names.
Page 43 of 147
Installation parameter
solaris
Manual Networking
192.168.1.215
255.255.255.0
192.168.1.1
Do Not Configure
None
Your choice
Your choice
Your choice
Current Date / Time
solaris11
Labuser1
labuser1
solaris11
Press F2 to push through the
support choices and get to
the final review. Press F2 to
apply the changes to the
file. The resulting output
profile can be validated by
running it against the
install service and
specifying the profile
filename.
IP Address
Netmask
Router:
DNS
Alternate Name Service
Time Zone Regions
Locations
Time Zone
Date
Root Password
Your real name:
Username:
User password:
Page 44 of 147
Verify that the install service contains a custom system configuration profile
associated with it.
# installadm list p
When we reboot our client from the network we will witness a complete hands-off
process of installing and configuring the system. We can then login with credentials
configured in the system configuration profile, such as username jack (password:
jack), and we can elevate privileges by assuming the root role (password: solaris)
Page 45 of 147
7 Lab Summary
In this document you learned how to create, install, boot and configure a system
using the Automated Installer. You learned how an Automated Install manifest can
be modified and modifications be put into effect automatically for you. You also
learned how to add a local IPS repository to help avoid unnecessary traffic on your
network as well as to provide security.
One of the benefits of Automated Installer is its level of integration with other
utilities in Oracle Solaris 11, and the ability to automate most of the tough
provisioning tasks so that the installation service is ultimately capable of doing
more to get your systems closer to an application-ready state. Oracle Solaris 11
tools offer a very fast, consistent, and scalable provisioning experience.
8 References
For more information and next steps, please consult additional resources: Click the
hyperlinks to access the resource.
Oracle Solaris 11 Technology Spotlights
Page 46 of 147
Page 47 of 147
1 Introduction
Oracle Solaris ZFS is a revolutionary file system that changes the way we manage
storage. Participants in this lab will gain awareness through example of devices,
storage pools, and performance and availability. We will learn about the various
types of ZFS datasets and when to use each type. We will examine snapshots,
cloning, allocation limits, and recovering from common errors.
We will cover the following areas around ZFS:
-
Zpools
Vdevs
ZFS datasets
Snapshots / Clones
ZFS properties
ZFS updates
These exercises are meant to provide a primer into the value and flexibility of Oracle
Solaris 11 ZFS for the enterprise. Upon completion of this lab, the learner will
understand the simplicity and power of the ZFS file system and how it can help
address business requirements with Oracle Solaris 11 storage technology and will
be well on their way to mastering this powerful technology.
2 Overview
ZFS is the default file system in Oracle Solaris 11. This lab will follow the basic
system administration duties revolving around storage in a basic system. As in any
installation or implementation well follow a basic path for building our storage
infrastructure
4) Hardware setup and initial storage connection and assignment. (VirtualBox,
virtual disks, and files)
5) Creating pools. Storage devices in ZFS are grouped into pools. A pool
provides all of the storage allocations that are used by the file systems and
volumes that an installation will require.
6) Creating file systems which can be assigned to users and applications and
manipulated to fit the needs of each.
Page 48 of 147
3 Pre-requisites
This lab requires the use of the following elements:
A current laptop with at least 3GB memory and 30 GB free disk space
Oracle VirtualBox Software (4.2 with Extension Pack installed)
Oracle Solaris 11.1 VM for Oracle VM VirtualBox
The following assumptions have been made regarding the environment where this
lab is being performed:
4. Network connectivity to the Internet is not necessary
5. We will only work with a single Solaris 11 Virtual Instance
4 Lab Setup
4.1 Oracle VirtualBox Hypervisor Software basics
Your system should already have Oracle VirtualBox hypervisor software installed
and ready to use. For this lab we will require a GUI interface and will be using the
pre-built Oracle Solaris 11.1 VM image. We only need to acquire it and import it to
get running quickly.
Download Virtual Box
VirtualBox Notes:
Make sure that you have the Oracle Solaris 11.1 VM Image copied to your
laptop hard disk.
For Oracle employees and authorized partners only. Do
not distribute to third parties.
2011 Oracle Corporation
Page 49 of 147
Page 50 of 147
Page 51 of 147
Page 52 of 147
Page 53 of 147
Page 54 of 147
Page 55 of 147
Page 56 of 147
Page 57 of 147
Page 58 of 147
Page 59 of 147
Page 60 of 147
Page 61 of 147
Note from this output that the pool named datapool has a single ZFS virtual device
(vdev) called raidz1-0. That vdev is comprised of our four disks.
The RAIDZ1-0 type vdev provides single device parity protection, meaning that if
one device develops an error, no data is lost because it can be reconstructed using
the remaining disk devices. This organization is commonly called a 3+1, 3 data disks
plus one parity.
ZFS provides additional types of availability: raidz2 (2 device protection), raidz3 (3
device protection), mirroring and none. We will look at some of these in later
exercises.
Before continuing, let's take a look at the currently mounted file systems.
# zfs list
Page 62 of 147
One thing to notice in the ZFS makes things easier category is that when we created
the ZFS pool with one simple command, ZFS also created the first file system and
also mounted it. The default mountpoint is derived from the name of the pool but
can be changed easily.
Note:
Things we no longer have to do with ZFS are
Create a filesystem
Make a directory to mount the filesystem
Add entries to /etc/vfstab
Weve decided that we need a different type of vdev for our datapool example. Lets
destroy this pool and create another.
# zpool destroy datapool
# zfs list
Page 63 of 147
All file systems in the pool have been unmounted and the pool has been destroyed.
The devices in the vdev have also been marked as free so they can be used again.
Notice how easy it is to destroy and theres no destroy? Are you sure? warning.
Next, lets create a simple pool using a 2 way mirror instead of raidz.
# zpool create datapool mirror c8t0d0 c8t1d0
Now the vdev name has changed to mirror-0 to indicate that data redundancy is
provided by mirroring (redundant copies of the data).
What happens if you try to use a disk device that is already being used by another
pool?
# zpool create datapool2 mirror c8t0d0 c8t1d0
The usage error indicates that /dev/dsk/c8t0d0 has been identified as being part of
an existing pool called datapool. The -f flag to the zpool create command can
override the failsafe in case datapool is no longer being used, but use that option
with caution.
Page 64 of 147
Note that a second vdev (mirror-1) has been added to the pool.
To see if your pool has actually grown, do another # zfs list command.
# zfs list datapool
Page 65 of 147
As before, we have created a simple mirrored pool of two disks. We've told ZFS to
use the entire disk (no slice number was included) and if the disk was not labeled,
ZFS will write a default label.
ZFS Storage pools can be exported in order to migrate them easily to other systems.
Storage pools should be explicitly exported to indicate that they are ready to be
migrated. This operation flushes any unwritten data to disk, writes data to the disk
indicating that the export was done, and removes all knowledge of the pool from the
system.
Lets export pool2 so that another system can use it somewhere else.
# zpool list
Page 66 of 147
Note that our pool, pool2 is no longer in our list of available pools.
The next step will be to import the pool, again showing how easy ZFS is to use.
# zpool import pool2
# zpool list
Notice that we didn't have to tell ZFS where the disks were located. All we told ZFS
was the name of the pool. ZFS looked through all of the available disk devices and
reassembled the pool, even if the device names had been changed.
If you dont know the name of the pool ZFS will provide the names of available
pools.
# zpool export pool2
# zpool import
Page 67 of 147
Without an argument, ZFS will look at all of the disks attached to the system and will
provide a list of pool names that it can import. If it finds two pools of the same name,
the unique identifier can be used to select which pool you want imported.
Page 68 of 147
Pool properties are described in the zpool(1M) man page. Pool properties provide
information about the pool, effect performance, security, and availability. To set a
pool property, use zpool set. Note that not all properties can be changed (ex.
version, free, allocated).
Set the listsnapshot property to on. The listsnapshot (also listsnaps) controls
whether information about snapshots is displayed when the zfs list command is
run without the t option. The default value is off.
# zpool set listsnapshots=on pool2
# zpool get listsnapshots pool2
Page 69 of 147
When you patch or upgrade Oracle Solaris, a new version of zpool may be available.
It is simple to upgrade or downgrade an existing pool. Well create a pool using an
older version number, and then upgrade the pool.
# zpool destroy pool2
# zpool create -o version=17 pool2 mirror c8t0d0 c8t1d0
# zpool get version pool2
Page 70 of 147
Its that simple. Now you can use features provided in the newer zpool version, like
log device removal (19), snapshot user holds (18), etc.
This concludes the section on pools. There is a wealth of features that we havent
explored yet. Check out the man page for many other features that you can take
advantage of.
Lets do a little clean up and destroy pool2 to free up our disks for the next lab.
# zpool destroy pool2
Page 71 of 147
Remember that our pool is automatically mounted so lets go ahead and create some
data and store it in the resulting file system.
# ps fe > /pool3/psfile.txt
# ls l /pool3
First lets check the status of the file system for size and then lets split the pool and
create our instant backup copy. We will provide a name for the resulting second
pool and call it pool4.
#
#
#
#
Page 72 of 147
Note that our pool now only contains a single disk but the size is still the same. And
running the ls command shows that our file is still there and has not come to any
harm.
Our new pool doesnt show up in the list because it still needs to be imported. Lets
do that now.
# zpool import pool4
# zpool status pool3 pool4
Page 73 of 147
That confirms our split pools. Now lets verify that our file has been duplicated in
the filesystem.
# ls l /pool3
# ls l /pool4
Now just for the heck of it, lets put the mirror back together. If this were a
production system you would ensure that complete and proper backups were done
before playing with splits and joins like this in a filesystem no matter how
trustworthy the software may be.
First well need to destroy pool4 because it has the disk we want to put back into the
mirror. Then well use the attach subcommand to bring a new disk into our
nonredundant single disk pool as a mirror. With the attach command you need to
list the existing device first and then the device you wish to join into the mirror.
#
#
#
#
zpool
zpool
zpool
zpool
destroy pool4
status pool3 pool4
attach pool3 c4t2d0 c4t3d0
status pool3
Page 74 of 147
The mirrored pool is now back to normal and the file it contained is still intact.
# ls l /pool3
Page 75 of 147
By using zfs list -r datapool, we are listing all of the datasets in the pool
named datapool. As in the earlier exercise, all of these datasets (file systems) have
been automatically mounted.
If this was a traditional file system, you might think there was 19.55 GB (3.81 GB x
5) available for datapool and its 4 datasets, but the 4GB in the pool is shared across
all of the datasets. To see an example of this behavior, type the following
commands:
# mkfile 1024m /datapool/bob/bigfile
# zfs list -r datapool
Page 76 of 147
zfs
zfs
zfs
zfs
create
create
create
create
datapool/fred/documents
datapool/fred/documents/pictures
datapool/fred/documents/video
datapool/fred/documents/audio
Page 77 of 147
As you can see, there are many dataset properties that can be set. For a complete
explanation of each property, consult the zfs(1M) man page. Well outline a few
examples in the following exercise.
Page 78 of 147
The first thing to notice is that the available space for datapool/fred and all of its
children is now 2GB, which was the quota we set with the command above. Also
notice that the quota is inherited by all of the children.
The reservation is a bit harder to see.
Original pool size 3.91GB
In use by datapool/bob 1.0GB
Reservation by datapool/fred 1.5GB
So, datapool/joe should see 3.91GB - 1.0GB - 1.51 GB = 1.41GB available.
With ZFS it can be done with a single command. In the next example, let's move
For Oracle employees and authorized partners only. Do
not distribute to third parties.
2011 Oracle Corporation
Page 79 of 147
Notice that not only did the command change datapool/fred, but also all of its
children, in one single command.
Page 80 of 147
In this example, rpool/dump is the dump device for Solaris and its about 1.5g.
rpool/swap is the swap device and it is 4g. As you can see, you can mix files and
devices within the same pool.
Unlike a file system dataset, you must specifically designate the size of the device
when you create it, but you can change it later if needed. It's just another dataset
property. Create a volume.
# zfs create -V 500m datapool/vol1
This creates two device nodes: /dev/zvol/dsk/datapool/vol1 (cooked) and
/dev/zvol/rdsk/datapool/vol1 (raw). These can be used like any other raw or
cooked device. We can even put a UFS file system on it.
# newfs /dev/zvol/rdsk/datapool/vol1
Expanding a volume is just a matter of setting the dataset property volsize to a new
value. Be careful when lowering the value as this will truncate the volume and you
could lose data. In this next example, let's grow our volume from 500MB to 1GB.
Since there is a UFS file system on it, we'll use growfs to make the file system use the
new space.
# zfs set volsize=1g datapool/vol1
For Oracle employees and authorized partners only. Do
not distribute to third parties.
2011 Oracle Corporation
Page 81 of 147
Page 82 of 147
We can use our point in time snapshots to create new datasets called clones Clones
are datasets, just like any other, but start off with the contents from the snapshot.
Clones and snapshots make efficient use of storage. Clones only require space for
the data that's different than the snapshot. That means that if 5 clones are created
from a single snapshot, only 1 copy of the common data is required.
Remember that datapool/bob has a 1GB file in it? Let's take a snapshot of the
datapool and then create some clones.
#
#
#
#
#
zfs
zfs
zfs
zfs
zfs
snapshot datapool/bob@original
clone datapool/bob@original datapool/newbob
clone datapool/bob@original datapool/newfred
clone datapool/bob@original datapool/newpat
clone datapool/bob@original datapool/newjoe
We can see that there's a 1GB file in datapool/bob. Right now, that's the dataset
being charged with the copy, although all of the clones can use it.
Now let's delete it in the original file system, and all of the clones, and see what
For Oracle employees and authorized partners only. Do
not distribute to third parties.
2011 Oracle Corporation
Page 83 of 147
Notice that the 1GB has not been freed (avail space is still 382M), but the USEDSNAP
value for datapool/bob has gone from 0 to 1GB, indicating that the snapshot is now
holding that 1GB of data. To free that space you will have to delete the snapshot. In
this case you would also have to delete any clones that are derived from it.
# zfs destroy datapool/bob@original
# zfs destroy R datapool/bob@original
Page 84 of 147
The 1GB file that we deleted has been freed because the last snapshot holding it has
been deleted.
You can also take a snapshot of a dataset and all of its children. A recursive
snapshot is atomic, meaning that it is a consistent point in time picture of the
contents of all of the datasets. Use -r for a recursive snapshot.
# zfs snapshot -r datapool/fred@now
# zfs list -r -t all datapool/fred
The last item well cover is a new command in Oracle Solaris 11, the ZFS diff
command. The diff command enables a system administrator to determine the
differences between different ZFS snapshots.
Lets start by creating some snapshots and adding files to a users home directory.
Assuming you have the labuser in your Solaris instance lets use that home
Page 85 of 147
Page 86 of 147
The output on the diff command indicates that the file or directory has been
modified with the M at the left side. The - indicates that the file or directory is
present in the older snapshot but not in the newer one. The + sign indicates that
the file or directory is present in the more recent snapshot but not in the older
snapshot. You might also see an R indicating that a file has been renamed in
between snapshots.
6.8 Compression
Compression is a useful feature integrated with the ZFS file system. ZFS allows both
compressed and noncompressed data to coexist. By turning on the compression
property, all new blocks written will be compressed while the existing blocks will
remain in their original state.
Lets create a 500MB file we can do some compression on. Type the following
commands:
# zfs list datapool/bob
# mkfile 500m /datapool/bob/bigfile
# zfs list datapool/bob
Now let's turn on compression for datapool/bob and copy the original 500MB file.
Verify that you now have 2 separate 500MB files when this is done.
Type the following commands:
Page 87 of 147
There are now 2 different 500MB files in /datapool/bob, but the ls command only
says 500MB is used. It turns out that mkfile creates a file filled with zeroes. Those
compress extremely well - too well, as they take up no space at all.
That concludes this lab on the ZFS File system, run this command to clean up the
work we did during the course of the lab.
# zpool destroy f datapool
7 Summary
In this lab you learned about the power of the ZFS File System in Oracle Solaris 11.
We discussed and performed exercises to familiarize you with zpools and virtual
devices (vdevs). We learned about ZFS datasets like snapshots and clones. You
were also exposed to the myriad of ZFS properties and ways that ZFS can easily be
updated.
The exercises were meant to provide initial exposure to these features and
hopefully a basis for continued learning and eventual expertise in this powerful
storage technology thats an integral part of Oracle Solaris 11.
Page 88 of 147
Page 89 of 147
IPS Basics
V2 January 2013
1 Introduction
Oracle Solaris 11 takes a new approach to lifecycle and package management to
greatly simplify the process of managing system software helping to reduce the
inherent risks of operating system maintenance, including reducing unplanned and
planned downtime. With the Image Packaging System (IPS), administrators can
install and update software from local or remote software package repositories
using a more efficient and modernized process.
Participants in this lab will gain example-led awareness and understanding of the
following technical facilities:
We will go on a brief tour of the new IPS feature and help the learner gain
confidence in this new technology to be able to take their expertise to the next step.
2 Overview
IPS automates the management of system software on Oracle Solaris 11 by replacing
patching with package updates. IPS is an efficient and network-centric approach
that includes automatic software dependency checking and validation. IPS builds on
the foundation of ZFS and utilizes its powerful snapshot and clone features which
help reduce risk by creating instant backups and near instant roll-backs in case
issues arise. Using IPS, administrators can easily and reliably install or replicate an
exact set of software package versions across many different client machines.
Working with IPS involves these simple steps
10)Configuration of the repository, either local or remote, or both
For Oracle employees and authorized partners only. Do
not distribute to third parties.
2011 Oracle Corporation
Page 90 of 147
3 Pre-requisites
This lab requires the use of the following elements:
A current laptop with at least 3GB memory and 30GB free disk space
Oracle VirtualBox Software (4.2 with Extension Pack installed)
Oracle Solaris 11.1 Base Text Image (sol-11_1-text-x86.iso)
Oracle Solaris IPS Repository (sol-11_1-repo-full.iso)
Successful completion of lab #4 Advanced Installation where you installed
the repository and made it available via the internal VirtualBox network.
The following assumptions have been made regarding the environment where this
lab is being performed:
6. Network connectivity to the Internet is not necessary
7. The server system will be configured with a static IP address that will act as
a DHCP server.
8. The VM Instance name is AIserver
9. The repository has already been configured with the parameters laid out in
Mod 4 Advanced Installation
Page 91 of 147
Page 92 of 147
Administrators can quickly see what configuration a system has by using the pkg
publisher command:
# pkg publisher
We can quickly query some basic information about this repository using the
pkgrepo info command, or they can load the repository URL into their Web browser:
# pkgrepo info s http://192.168.1.222
You can see that our repository currently has 4401 packages, is online, and was last
updated on September, 27th of 2012.
Page 93 of 147
For a dry run (no changes have been made to the system), we used the nv switch.
We learn from this output that this package
Note: A boot environment is one that is created and set Active on next reboot in order
to make it the default environment. A Backup boot environment is one that is created
and not set to active so that you may boot into it if necessary.
Lets go ahead and install this package.
# pkg install gcc-3
Page 94 of 147
Note the other information available such as the description, state, publisher,
version, build release, etc.
Even if a package doesnt require a new boot environment or at least a backup, you
can create one yourself on installation of any package using the below command.
Lets uninstall gcc-3 and try again in a new boot environment.
# pkg uninstall gcc-3
Page 95 of 147
Note: In the above output, the Create boot environment: field now says Yes. Also the
screen informs us that the clone has been updated, activated, and will be the default
boot environment on next boot.
Confirm this with the beadm command:
# beadm list
Set the active boot environment back to our default solaris11 instance.
Note: Your instance could have another name. Just use the default solaris instance
Page 96 of 147
This lab has attempted to illustrate how easy it is to create backup boot
environments and how few resources they need. Its recommended that systems
administrators use them as their day to day best practices when administering and
maintaining systems.
The output above shows us the tail end of the pkg list command with no
arguments. It basically lists out every package on the system. The second package
list command we give with a specific package to show the information that can be
obtained from the command. The columns will list the name, version and an IFO
column.
There is also an IFO column which tell us
Page 97 of 147
For example:
# pkg list af *toolkit@latest
The -af option lists all matching packages, including those that cant be installed in
this image. @latest lists only the newest packages. This output indicates that
Page 98 of 147
To list the contents of a package and the paths and files that are installed use the
contents subcommand.
# pkg contents gzip
Page 99 of 147
Another powerful feature of IPS is the ability to search for specific things about the
packages, like the name of a package that a file might belong to. Use the command
below to search the repository for a file called stdio.h and the output will tell you
which applications the file belongs to.
# pkg search stdio.h
Page 100 of
147
You can also update specific packages by specifying them on the command line.
# pkg update vim@latest
Our lab environments are very up to date so we wont encounter any updates during
the lab.
If you need to back an update out youd use the revert command.
# pkg revert vim
Page 101 of
147
Description
require
This dependency is required. A package cannot be installed if any of its required dependencies
cannot be satisfied.
optional
If this dependency is present on the system already then it must be at a specified version level
or greater.
exclude
This dependency enforces a restriction such that a package cannot be installed if the specified
package is present at the specified version level or greater.
incorporate This dependency is optional, but the version range has both a lower and an upper bound,
allowing only further dot-separated integers to be added to the existing sequences.
conditional This dependency is required only if another predicate package is installed on the system. This is
often used to allow packages to provide support for features (such as X11 or language bindings)
only if the features are already present on the system.
group
This dependency is required unless the package is on the avoid list, in which case, the system
will try to avoid installing this package. However, if another package requires this dependency,
it will be installed regardless of whether it is on the avoid list.
parent
This dependency is used to ensure that global zones and non-global zones are kept in sync for
all kernel components and any software that spans the zone boundary.
We can see how these relationships are managed by taking a look at the manifest of
a particular package through the pkg command. A package manifest describes how
a package is assembled and provides basic information about the package (such as
the name, version, description, categorization, and so on), what files the package
includes, and what other packages or services the package relies on to meet its
dependencies. While many package commands filter this information into a
presentable form, it is sometimes useful to look at the package manifest directly
using the pkg contents m command.
Each line within the manifest is called an action. Actions describe a small part of the
overall package. The first part of each line describes the action type: set, license,
depend, dir, file, and so on. Lets take a look at an example of the package manifest
using the grep command on the gzip package.
Take a look at variables that are set on installation of the gzip package.
# pkg contents m gzip | grep set
Page 102 of
147
Here well take a look at the dependencies of the gzip package. You can see that it
depends on library and bash.
# pkg contents m gzip | grep depend
5 Lab Summary
In this document you practiced some package management commands and learned
how to administer packages in Oracle Solaris 11. We did some basic repository
configuration as a follow up to one of the earlier labs. We also installed and
uninstalled packages and practiced obtaining detailed information about packages.
The Oracle Solaris 11 Image Packaging System is a major advancement in software
management providing an integrated user experience and improved safety for
system updates. IPS takes much of the complexity out of managing Oracle Solaris by
providing improved automation and auditing, allowing administrators to flexibly
manage multiple application environments across virtualized and non-virtualized
instances of the operating system.
Page 103 of
147
Page 104 of
147
Network Configuration
V2 January 2013
1 Introduction
Participants will gain example-led awareness and understanding of how network
configuration is accomplished in Oracle Solaris 11.
With a few basic exercises we will introduce the learner to some new ways to
administer network properties in Oracle Solaris 11. Upon completion of this lab,
participants will have learned how to do some basic configuration and setup and be
prepared to explore more detailed and expand their knowledge into the powerful
Solaris network abilities.
2 Overview
In this lab well be practicing with some of the new Oracle Solaris 11 network
commands. Well briefly review basic network planning and then execute setup of
our network links and ip addressing. Well also review the updated method for
configuring name service mapping in the Solaris 11 operating system.
Some of the commands and concepts well review are listed below.
Page 105 of
147
A current laptop with at least 3GB memory and 30GB free disk space
Oracle VirtualBox Software (4.2 with Extension Pack installed)
Oracle Solaris 11.1 VirtualBox prebuilt image.
o Provided by instructor or downloaded on your own
o Oracle Solaris VM for Oracle VM VirtualBox
The following assumptions have been made regarding the environment where this
lab is being performed:
10. Network connectivity to the Internet is not necessary
11. 4 virtual network interfaces will be created in the VirtualBox environment
(instructions below)
12. Your Oracle Solaris 11 VirtualBox instance has been installed and youve
assigned a normal user/password and a root password.
a. The recommended user name is labuser
b. The recommended password is solaris11
c. The recommended root password is solaris11
Page 106 of
147
Page 107 of
147
Page 108 of
147
9 - Select Adapter 2,
click on the check box to
Enable Network
Adapter and make sure
the drop down is
selected as NAT
Network Address
Translation
Do the same thing for
Adapter 3 and Adapter 4
so all 4 virtual network
adapters are enabled.
Click OK
10 - If you scroll down in
the Details section of the
VB interface, your
Network properties
should show all 4
adapters enabled and set
for NAT
Page 109 of
147
12 - The System
Configuration Tool
should start. Configure
your system according
to the below
instructions. If you need
further assistance please
see lab # 2 Advanced
Installation for help
with the system
configuration utility
13 - Recommended
settings for lab use are
listed below:
System Name:
bootcamp1
Full Name: Lab User
Username: labuser
User password:
solaris11
Root password:
solaris11
Local Time: Your choice
Network
Configuration:
Automatic
Page 110 of
147
5 Lab Exercises
5.1 Planning the network deployment
This section is a very brief review of what you may encounter when configuring a
system for a customers network. Review the checklist and proceed on to the
exercises, keep in mind that were working with a very simple network model in our
lab exercise but that in a customer environment things could get more complicated.
Task
Description
Page 111 of
147
For more information on network planning see the Oracle Solaris 11 System
Administration Guide: IP Services
Note: In this lab, were only using the terminal window. You can eliminate the GUI
interface on a Windows system by pressing the Host Key (right control usually) and the
L key to enter seamless mode and use just the terminal window on your desktop.
Page 112 of
147
As you can see from the output the Automatic NCP is enabled and active. We will
need to switch to the DefaultFixed NCP in order to complete the rest of the lab.
Lets familiarize ourselves with the new network commands and see what our
Page 113 of
147
Now lets look at the ip layer and see whats going on.
# ipadm show-if (this will show us the existing interfaces on the system)
# ipadm show-addr
Now lets switch to manual mode in order to see whats involved in manual network
configuration.
# netadm enable p ncp DefaultFixed
# netadm list
Page 114 of
147
We can easily switch back to the Automatic NCP using the following command:
# netadm enable -p ncp Automatic
# netadm list
It might take a few minutes for your instance to regain its network information but
soon you will be back to your original state.
Now that weve gone back to the manual network profile, lets look at our interfaces
again and see whats happened.
Page 115 of
147
# ipadm show-if
# ipadm show-addr
None of the interfaces should be configured. Now we have some work to do.
Page 116 of
147
Now lets assign an IP address to our interface with the following command:
# ipadm create-addr T static a local=10.9.8.7/24 \
net0/v4static
# ipadm show-addr
The -T option can be used to specify three address types: static, dhcp, and
addrconf (for auto-configured IPv6 addresses). In this example, the system is
configured with a static IPv4 address. Use the same syntax to specify a static IPv6
address with our second virtual interface.
#
#
#
#
ipadm
ipadm
ipadm
ipadm
create-ip net1
create-addr T addrconf net1/v6auto
show-if
show-addr
For Oracle employees and authorized partners only. Do
not distribute to third parties.
2011 Oracle Corporation
Page 117 of
147
Now lets create an ipv4 dhcp interface using the same commands and use our 3rd
interface.
#
#
#
#
ipadm
ipadm
ipadm
ipadm
create-ip net2
create-addr T dhcp net2/v4auto
show-if
show-addr
If an interface has already been configured and you want to change the address or
type, you will need to remove it and then re-add it. Execute the following
commands to change the address on net0 from 10.9.8.7 to 10.9.8.4. Then type the
ipadm show-addr command to verify your changes.
# ipadm delete-ip net0
# ipadm create-ip net0
# ipadm create-addr T static a local=10.9.8.4/24 \
net0/v4static
# ipadm show-addr
Page 118 of
147
Display a datalink name, its device name, and its location in this manner:
# dladm show-phys L net0
Page 119 of
147
Since we dont have net3 configured at this time lets rename the link using the
following commands:
# dladm rename-link net3 onboard3
# dladm show-phys
Page 120 of
147
Files
Description
svc:/system/name-service/switch:default
/etc/nsswitch.conf
svc:/system/nameservice/cache:default
/etc/nscd.conf
svc:/network/dns/client:default /etc/resolv.conf
svc:/network/nis/domain:default /etc/defaultdomain
/var/yp/binding/$DOMAIN/*
svc:/network/nis/client:default N/A
svc:/network/ldap/client:default /var/ldap/*
svc:/network/nis/server:default N/A
svc:/network/nis/passwd:default N/A
svc:/network/nis/xfr:default
N/A
svc:/network/nis/update:default N/A
svc:/system/nameservice/upgrade:default
N/A
138.2.202.15
Name Server:
138.2.202.25
Page 121 of
147
files dns
DNS Search
us.company.com, eu.company.com.,
companya.com, company.com,
company.com
Execute the following command sequence to configure the name services on our lab
instance.
# svccfg
svc:> select dns/client
svc:/network/dns/client> setprop config/search = astring: \
("us.company.com" "eu.company.com" "companya.com"
"companyb.com" "company.com)
svc:/network/dns/client> setprop config/nameserver =
net_address: \
( 138.2.202.15 138.2.202.25 )
svc:/network/dns/client> select dns/client:default
svc:/network/dns/client:default> refresh
svc:/network/dns/client:default> validate
svc:/network/dns/client:default> select name-service/switch
svc:/system/name-service/switch> setprop config/host =
astring: "files dns"
svc:/system/name-service/switch> select system/nameservice/switch:default
svc:/system/name-service/switch:default> refresh
svc:/system/name-service/switch:default> validate
svc:/system/name-service/switch:default> end
Now well need to enable the service, refresh the database and then well confirm
our work and make sure the files have been changed for us.
# svcadm enable dns/client
Page 122 of
147
6 Lab Summary
In this lab you learned about the new networking commands, dladm and ipadm.
You practiced using network configuration profiles and we created ip interfaces and
assigned them to different IP protocols. We renamed links and took our first look at
configuring name services through the SMF facility. Theres a ton more to
networking in Oracle Solaris 11. Its a very powerful feature that allows complete
networks to be set up in the box including switches, routers, and bridges. See the
references section below on how to go deeper in your knowledge and discover all
the powerful network features of Oracle Solaris 11.
7 References
For more information and next steps, please consult additional resources: Click the
hyperlinks to access the resource.
Oracle Solaris 11 General Cheatsheet (includes networking commands)
Networking Command Quick Reference
Documentation: Configuring an IP Interface
Documentation: How to rename a Datalink
Oracle Solaris 11 Technology Spotlights
Oracle Solaris 11 Information Library
Oracle Solaris 11 Product Documentation
Page 123 of
147
1 Introduction
This lab will introduce us to the basics of Oracle Solaris 11 virtualization, also
known as Zones. You will become familiar with the basic operations of Oracle
Solaris Zone configuration and management in Oracle Solaris 11.
In Oracle Solaris 10, zones technology gave us the ability to create different isolated
environments to suit the needs of particular applications, all running on the same
instance of Oracle Solaris. Instead of running and managing multiple operating
systems to host multiple applications on multiple systems, you could run and
manage only one OS and place each application inside a zone, so instead of having to
spend time and resources managing multiple OSs on different machines, all you
needed to do was manage multiple zones on one system which resulted in a much
simpler management experience.
Oracle Solaris 11 places Zones technology at its core, integrating Oracle Solaris
Zones with key Solaris 11 features like tight integration with the new software
management architecture which makes deployment of Oracle Solaris 11 and Oracle
Solaris Zones easy.
Oracle Solaris Zones let you separate one application from others on the same OS
allowing you to create isolated environments where users can log in and do what
they want without affecting anything outside that zone. In addition, Oracle Solaris
Zones also are secure from external attacks and internal malicious programs. Each
Oracle Solaris Zone contains a complete resource-controlled environment that
allows you to allocate resources such as CPU, memory, networking, and storage.
Administrators can choose to closely manage all the Oracle Solaris Zones or they can
assign rights to other administrators for specific Oracle Solaris Zones. This
flexibility lets us tailor an entire computing environment to the needs of a particular
application, all within the same OS.
2 Overview
In this how-to guide, we will set up three Oracle Solaris Zones in a simulated real
world environment. This lab is meant to loosely represent a fictitious customer
that runs a production web sales application and has an in-house development team
working on that sales application. The first zone represents the developers
For Oracle employees and authorized partners only. Do
not distribute to third parties.
2011 Oracle Corporation
Page 124 of
147
Each zone will have its file system placed on the /zones ZFS data set and an
exclusive network connection through the physical data link (net0/e1000g0). The
Web zones will also have the Apache Web server application installed.
Note: "Global zone" refers to the default zone for the system, which is also used for
system-wide administrative control.
3 Pre-requisites
This lab requires the use of the following elements:
Page 125 of
147
Oracle Solaris AI Server VirtualBox instance that has been set up earlier in
Lab #4 Advanced Installation with accessible repository.
The following assumptions have been made regarding the environment where this
lab is being performed:
13. Network connectivity to the Internet is not necessary
14. The AIServer instance will be configured with a static IP as will the zone
systems we will set up.
4 Exercises
4.1 Create testzone
Before we begin with the first zone configuration lets make sure that zones havent
been configured on our system yet and that no virtual network devices exist.
Remember that were using the aiserver Oracle Solaris 11 VirtualBox instance that
we created for lab #4.
Login to the AIserver VirtualBox instance as root to begin. Then type the following
commands.
# zfs list | grep zones
# dladm show-link
At this point there shouldnt be any ZFS data sets associated with zones and no
virtual NICs.
Follow the configuration flow below using the zonecfg command line tool to create
the testzone.
# zonecfg z testzone
An interactive configuration screen will prompt you through a few configuration
questions. We will set the default zonepath, autoboot to true and enable verbose
booting where we can watch all the messaging. Enter the below options and follow
along with the screen shot below.
# zonecfg:testzone> create
Page 126 of
147
zonecfg:testzone>
zonecfg:testzone>
zonecfg:testzone>
zonecfg:testzone>
zonecfg:testzone>
zonecfg:testzone>
set zonepath=/zones/testzone
set autoboot=true
set bootargs=-m verbose
verify
commit
exit
Type the following command to verify the zone weve created and check its status.
# zoneadm list cv
Now its time to install the zone. Be sure to keep in mind that Zones in Oracle Solaris
11 are enabled by using IPS. When running the installation it will utilize IPS to
download the install image. In this case we have configured (in an earlier lab) the
IPS Repository locally on the aiserver itself and changed the publisher to reflect this.
Verify that the publisher is still set to the local repo by typing in the following
command and noting the output.
# pkg publisher
Page 127 of
147
# zoneadm list iv
Page 128 of
147
Note: There are two switches you can use with the zoneadm list command, -i
lists all installed zones, and -c lists all configured zones. See the man page for more
information.
The zonepath must be on a ZFS data set. Its created automatically as part of the
zoneadm install command. We can check if our file system has been created with
the zfs list command.
# zfs list | grep zone
Note that the /zones and /zones/testzone data sets have been created
automatically. ZFS functionality is critical in providing snapshots and clones for
Oracle Solaris Zones which well see later on in the lab.
Also take note that our zone is only 335MB as indicated in the output above. Zones
are very lightweight and have a minimal footprint on system resources like storage.
And the final step in getting our testzone instance up and running is to boot and
complete the system configuration. Run the following command to boot the zone
and access the system console. z specifies the zone name and C allows us to login
to the console once its booted.
# export TERM=vt100
Page 129 of
147
Youll see the verbose option that we set when we created the zone and in a
moment youll see the SCI Tool (System Configuration) start so we can begin
configuring our zone.
Carefully follow the prompts and enter the basic system information listed in the
table below.
Parameter
Computer Name:
Wired Network Configuration:
IP Address:
Netmask:
Information
testzone
Manually
192.168.1.118
255.255.255.0
Page 130 of
147
192.168.1.1
Do Not Configure DNS
None
UTC/GMT
solaris11
Zone User
zoneuser
solaris11
You should see some more verbose messaging and then in a matter of moments be
presented with a login to our newly created testzone.
We dont need to login to the zone just yet so lets exit the testzone console. You
can exit a console by pressing the ~ and . in sequence <shift>~. This will close the
connection for us.
Page 131 of
147
Once back at the global zone lets check the status of testzone. Use the zoneadm list
command.
# zoneadm list -v
Run the dladm command to see whats happened to our network interfaces.
# dladm show-link
There in the listing is the VNIC that was created for us when we created the testzone
zone.
Lets login to our zone and check things out.
Run these commands and compare them to the output of the below screen shot.
#
#
#
#
zlogin testzone
uname a
ipadm show-addr
dladm show-link
We can see that testzone is a fully functional Oracle Solaris 11 machine with a
configured IPv4 NIC called net0/v4, and we have a network link called net0. Lets
Page 132 of
147
The zfs list command shows the ZFS dataset that the zone is running on. Note that
we cant see the global zfs file system.
At this point the testzone instance is up and running. We could configure users,
delegate administration, and anything that we would normally do to set up servers
to start doing useful work.
Exit testzone (~.)
New in Oracle Solaris 11 zones is that theyre automatically created with exclusive
IP resources by default. This means that a Solaris Zone has access to a complete
network stack which allows flexibility and performance in zone networking that
didnt exist before. Lets take a look at the zone networking properties with the
info switch to our zonecfg command.
From the global zone run this command.
# zonecfg z testzone info
Page 133 of
147
The anet device is configured automatically. This resource is created and destroyed
automatically when the zone is brought up and shut down respectively. Lets take
a closer look.
Important information in this output is
mac address is set to = random
linkname is = net0
link-protection is set to mac-nospoof
ip-type = exclusive
autoboot = true
# ipadm show-addr
# dladm show-link
Page 134 of
147
Page 135 of
147
This example shows how quick and easy it is to setup zones in Solaris 11. The next
step will be to install the zone. Our packages are coming from our internal
repository so give this lab a few minutes to complete.
# zoneadm -z webzone-1 install
Page 136 of
147
For the next step well boot and do our initial configuration.
# export TERM=vt100
# zoneadm z webzone-1 boot; zlogin C webzone-1
Once webzone-1 finishes booting and brings up the system configuration tool. Enter
the following information:
Parameter
Computer Name:
Wired Network Configuration:
IP Address:
Netmask:
Router:
Name Service Configuration:
Other Name Service Configuration:
Region:
Root password:
Real Name
Username:
Information
webzone-1
Manually
192.168.1.119
255.255.255.0
192.168.1.1
Do Not Configure DNS
None
UTC/GMT
solaris11
Zone User
zoneuser
Page 137 of
147
solaris11
Page 138 of
147
We supply the -r switch to look into the remote repository for information. And
there it is so lets go ahead and install it
# pkg install /web/server/apache-22
We see that IPS downloads all the related files we need and there is no need for us
to figure out the dependencies. In this case, three packages were installed. We can
check the status of the Apache Web server by using the pkg info command again, as
shown below.
# pkg info /web/server/apache-22
Page 139 of
147
Information
webzone-2
Manually
192.168.1.120
255.255.255.0
192.168.1.1
Do Not Configure DNS
None
UTC/GMT
solaris11
Zone User2
zoneusr2
solaris11
Page 140 of
147
Type ls to verify your template file has been created and log out of the zone:
# ls
# exit
Note: When using the sysconfig tool on the webzone-1 instance, were not allowed to
use existing user names in the user account section. In this case, we could not use the
user name zoneuser so we chose zoneusr2 instead.
Now well create the zone profile. From the global zone we need to halt webzone-1.
Its not recommended to clone a running zone. Then use zoneadm list to verify that
the zone is shut down.
Page 141 of
147
Next well need to capture the zone configuration and use it as a profile template for
any other zones we want to create. In this case well use it to create webzone-2.
# zonecfg z webzone-1 export f /zones/webzone-2-profile
In the next step well edit the webzone-2-profile in order to add our specific zone
information. Use vi or your favorite editor to edit webzone-2-profile and make
these changes.
Change set zonepath=/zones/webzone-1 to set zonepath=/zones/webzone-2
Change set autoboot=false to set autoboot=true
Page 142 of
147
Our clone only took about 4 seconds to create. The clone command takes
advantage of the ZFS snapshot capability to produce near instant zone
environments. Another benefit of clone technology is that it doesnt use up our
storage resources. Do a quick diskspace check with the zfs list command:
#
Page 143 of
147
Even after we added the Apache Web server, webzone-1 is only 390 MB. Even
better, webzone-2, an exact copy of webzone-1, is only 342 K, providing a huge
savings on disk space.
Finally, boot webzone-2 and watch the console. Occasionally, you will see the
system configuration being applied. You can see below that the host name has been
set for us from the template.
# zoneadm z webzone-2 boot; zlogin C webzone-2
Note that our hostname has been set via the template that we edited. Keep in mind
that we could easily edit and create more templates to quickly deploy lots of zones
quickly and easily.
Exit the console. (~.)
Lets verify that our clone is intact and different than a normal installation.
# zlogin webzone-2
Page 144 of
147
The Apache web server package is included in this clone as you can see. Cloning is
frequently used when a master zone is created with all the additional necessary
packages and configurations in place. The master is simply cloned as new
environments are required.
As a final check, lets make sure our IP addressing was applied properly.
# ipadm show-addr
Note: For future reference and even faster and more efficient installations, Oracle
Solaris Automated Installer also provides a method for creating zones as part of the
system install service.
Page 145 of
147
Use the zoneadm command with the z uninstall option to remove the zone
webzone-1. Well also use the F to force the removal in case there are issues.
Note: Remember this action cant be undone.
# zoneadm z webzone-1 uninstall F
For further cleanup we need to also remove the zone configuration. Type the
following command:
# zonecfg z webzone-1 delete F
# zoneadm list -iv
Run a zfs list and grep for webzone-1 to verify the filesystem has been removed.
# zfs list |grep webzone-1
Page 146 of
147
5 Lab Summary
This lab has given you the opportunity to configure Oracle Solaris Zones technology
utilizing several methods to see how easy and efficient installing and running zones
can be. You observed the tight integration with the operating system. We installed
3 zones, one from the command line, one with an application, and the final zone by
taking advantage of the clone feature of the ZFS file system.
Oracle Solaris Zones is a powerful application that allows us to separate one
application from others on the same system creating a powerful, secure, and flexible
computing environment.
6 References
For more information and next steps, please consult additional resources: Click the
hyperlinks to access the resource.
Oracle Solaris 11 Technology Spotlights
Oracle Solaris 11 Information Library
Oracle Solaris 11 Product Documentation
Oracle Solaris 11 Documentation: Zones Administration
How to Set Up Load Balanced Application across Oracle Solaris Zones
How to Restrict Traffic Using Virtualization and Resource Management
Page 147 of
147