introduction to operating systems - solaris

8/9/2019 Introduction to Operating Systems - Solaris

1/128

Introduction to OperatingSystems: A Hands-OnApproach Using theOpenSolaris Project

Instructor Guide

Sun Microsystems,Inc.4150NetworkCircleSantaClara, CA 95054U.S.A.

PartNo:819558012August,2007


2/128

Copyright2007 SunMicrosystems,Inc. 4150 NetworkCircle,SantaClara,CA 95054U.S.A. Allrightsreserved.

SunMicrosystems,Inc.has intellectualproperty rightsrelatingto technologyembodiedin theproductthat isdescribedin thisdocument.Inparticular,andwithoutlimitation, theseintellectualpropertyrightsmay includeone ormore U.S.patentsor pending patentapplications inthe U.S.and inothercountries.

U.S.Government Rights Commercialsotware. Governmentusersare subject to theSun Microsystems,Inc. standardlicenseagreementandapplicableprovisionso theFARand itssupplements.

Thisdistributionmay include materialsdeveloped by thirdparties.

Parts o theproductmay be derivedrom BerkeleyBSD systems,licensedromthe Universityo Caliornia. UNIXis aregisteredtrademarkin theU.S.andother countries,exclusivelylicensedthroughX/OpenCompany,Ltd.

Sun,Sun Microsystems,the Sunlogo, theSolarislogo, theJavaCofee Cuplogo, docs.sun.com, Java, andSolarisare trademarksor registeredtrademarkso SunMicrosystems,Inc.in theU.S. andother countries.All SPARCtrademarksare usedunderlicenseand aretrademarksor registeredtrademarksoSPARCInternational, Inc.in theU.S. andother countries.Productsbearing SPARCtrademarksare baseduponan architecture developedby SunMicrosystems,Inc.

TheOPENLOOKandSunTM GraphicalUserInteracewasdevelopedby SunMicrosystems,Inc.or itsusersand licensees.Sunacknowledges thepioneeringefortso Xeroxin researching anddevelopingthe concept o visualor graphicaluserinteraces orthe computerindustry.Sun holdsanon-exclusive license romXeroxto theXerox GraphicalUserInterace, whichlicensealsocoversSun's licenseeswho implementOPENLOOK GUIsandotherwisecomplywith Sun'swrittenlicenseagreements.

Productscoveredby andinormationcontainedin thispublicationare controlledby U.S.ExportControllaws andmay be subject to theexport orimportlawsin othercountries.Nuclear,missile,chemicalor biologicalweaponsor nuclearmaritimeend usesor endusers,whether direct or indirect,arestrictlyprohibited.Export orreexportto countriessubjectto U.S.embargoor to entitiesidentiedon U.S.exportexclusionlists,including,but notlimited to,the deniedpersons andspecially designatednationalslists isstrictlyprohibited.

DOCUMENTATIONIS PROVIDEDAS ISAND ALLEXPRESSOR IMPLIEDCONDITIONS,REPRESENTATIONS ANDWARRANTIES,INCLUDINGANYIMPLIEDWARRANTYOF MERCHANTABILITY,FITNESS FORA PARTICULARPURPOSEOR NON-INFRINGEMENT,AREDISCLAIMED,EXCEPTTOTHE EXTENT THAT SUCHDISCLAIMERSARE HELDTO BELEGALLY INVALID.

Copyright2007 SunMicrosystems,Inc. 4150 NetworkCircle,SantaClara,CA 95054U.S.A. Tousdroitsrservs.

SunMicrosystems,Inc.dtientles droitsde propritintellectuellerelatis latechnologieincorporedans leproduitqui estdcritdans cedocument.Enparticulier,et cesans limitation,cesdroits depropritintellectuellepeuventinclureun ou plusieursbrevetsamricainsou desapplicationsdebreveten attente auxEtats-Uniset dansd'autrespays.

Cettedistributionpeut comprendredes composantsdveloppspar destiercespersonnes.

Certainescomposants dece produit peuventtre drivesdu logicielBerkeleyBSD, licencispar l'Universitde Caliornie.UNIXest unemarquedpose auxEtats-Unis etdans d'autrespays; elleest licencieexclusivementparX/Open Company,Ltd.

Sun,Sun Microsystems,le logoSun, lelogo Solaris,le logoJavaCofee Cup,docs.sun.com,Javaet Solarissont desmarquesde abriqueou desmarquesdposesde SunMicrosystems,Inc.aux Etats-Uniset dansd'autrespays.Toutesles marques SPARCsont utilisessous licenceet sontdes marquesdeabriqueou desmarquesdposesde SPARCInternational, Inc.auxEtats-Unis et dansd'autres pays.Lesproduitsportantles marquesSPARCsontbasssurune architecturedveloppepar SunMicrosystems,Inc.

L'interace d'utilisationgraphiqueOPENLOOK etSun a tdveloppeparSun Microsystems,Inc. pourses utilisateurs et licencis.Sunreconnatlesefortsde pionniersde Xeroxpour larechercheet ledveloppementdu concept desinteracesd'utilisationvisuelleou graphiquepour l'industrie del'inormatique.Sun dtient unelicencenon exclusivede Xeroxsur l'interace d'utilisationgraphiqueXerox,cette licencecouvrantgalement leslicencisde Sunqui mettent enplace l'interaced'utilisationgraphiqueOPENLOOK etqui, enoutre, seconormentauxlicencescritesde Sun.

Lesproduitsqui ontl'objetde cettepublicationet lesinormationsqu'il contientsont rgisparla legislationamricaineen matirede contrle desexportationset peuventtre soumis audroit d'autrespays dansle domainedes exportationset importations.Les utilisations nales, ouutilisateursnaux,pourdes armesnuclaires,des missiles,des armeschimiquesou biologiquesou pourle nuclairemaritime,directement ou indirectement,sontstrictementinterdites.Les exportations ou rexportationsvers despays sousembargodes Etats-Unis, ou versdesentitsgurantsur leslistesd'exclusiond'exportationamricaines, y compris,mais demanirenon exclusive,la listede personnesqui ontobjet d'unordrede nepas participer,d'uneaondirecteou indirecte,aux exportations desproduitsou desservicesquisont rgisparla legislationamricaineen matirede contrledesexportationset laliste de ressortissantsspciquementdesigns,sont rigoureusementinterdites.

LADOCUMENTATIONESTFOURNIE"EN L'ETAT" ETTOUTESAUTRESCONDITIONS, DECLARATIONS ETGARANTIESEXPRESSESOUTACITESSONTFORMELLEMENTEXCLUES,DANSLA MESURE AUTORISEE PAR LALOI APPLICABLE,Y COMPRISNOTAMMENTTOUTEGARANTIEIMPLICITERELATIVEA LAQUALITEMARCHANDE, AL'APTITUDEA UNEUTILISATIONPARTICULIEREOU AL'ABSENCEDE CONTREFACON.

070816@18135


3/128

Contents

1 Whatis theOpenSolarisProject? ............................................................................................. 7

Country Portals ............................................................................................................................9

Web Resources or OpenSolaris ..............................................................................................10

Discussions .................................................................................................................................10

Communities .............................................................................................................................10

Projects ........................................................................................................................................11

Source Repositories ...................................................................................................................12

OpenGrok ...................................................................................................................................12

2 OpenSolarisAdvocacy .............................................................................................................13

Why Use OpenSolaris? ..............................................................................................................14

Price .............................................................................................................................................14

Innovative Core Features ..........................................................................................................14

Backward Compatibility ...........................................................................................................15

Hardware Platorm Neutrality .................................................................................................15

Development Tools ...................................................................................................................16

Acknowledgments .....................................................................................................................17

3 Planningthe OpenSolarisEnvironment ............................................................................... 19

Development Environment Conguration ............................................................................20

Networking .................................................................................................................................21

Network Auto-Conguration Daemon ..................................................................................23

Zone Overview ...........................................................................................................................24

Zones Administration ...............................................................................................................25

Getting Started With Zones Administration ..................................................................26

3

I n s t r u c t o r N o t e s


4/128

Web Server Virtualization With Zones ...................................................................................29

Creating Non-Global Zones ..............................................................................................30

Creating ZFS Storage Poolsand File Systems .........................................................................34

Creating a Mirrored ZFS Storage Pool ....................................................................................35

Creating ZFS File Systems as HomeDirectories ....................................................................37

Creating a RAID-Z Conguration ..........................................................................................40

4 UserlandConsolidations .........................................................................................................43

Userland Consolidations and Descriptions ...........................................................................44

5 CoreFeatureso theSolaris OS ............................................................................................... 45

Development Process and Coding Style .................................................................................46

Overview .....................................................................................................................................49

FireEngine ..................................................................................................................................49Least Privilege ............................................................................................................................51

Packet Filtering ..........................................................................................................................52

Zones ...........................................................................................................................................54

Branded Zones (BrandZ) ..........................................................................................................55

Zones Networking .....................................................................................................................56

Predictive Sel-Healing ..............................................................................................................58

Dynamic Tracing (DTrace) ......................................................................................................59

Modular Debugger (MDB) .......................................................................................................60

ZFS File System ..........................................................................................................................60Services Management Facility (SMF) ......................................................................................61

6 ProgrammingConcepts ...........................................................................................................63

Process and System Management ............................................................................................64

Threaded Programming ...........................................................................................................64

CPU Scheduling .........................................................................................................................67

Kernel Overview ........................................................................................................................69

Process Debugging ....................................................................................................................72

Contents

Contents 4



5/128

7 Getting StartedWithDTrace ................................................................................................... 75

Enabling Simple DTrace Probes ..............................................................................................76

Listing Traceable Probes ...........................................................................................................79

Programming in D .....................................................................................................................82

8 Debugging ApplicationsWithDTrace ................................................................................... 85

Enabling User Mode Probes .....................................................................................................86

DTracing Applications ......................................................................................................87

9 Debugging C++ApplicationsWithDTrace ........................................................................... 91

UsingDTrace to Proleand DebugA C++ Program ............................................................92

10 ManagingMemorywithDTrace and MDB .......................................................................... 103

Sotware Memory Management ............................................................................................104UsingDTrace and MDB to Examine Virtual Memory .......................................................105

11 Debugging DriversWithDTrace ...........................................................................................117

Porting the smbfs Driverrom Linuxto the SolarisOS ......................................................118

A OpenSolarisResources ..........................................................................................................127

Contents

5



6/128

6


7/128

What is the OpenSolaris Project?

Objectives

Theobjective o this courseis to learn about operatingsystem computingby

using the Solaris

TM

OperatingSystem source code that is reely availablethroughthe OpenSolaris project.

Tip To receive a reeOpenSolaris Starter Kit that includestrainingmaterials,source code, and developertools, register online athttp://get.opensolaris.org.

We'llstartby showing youthe user groups, portals, anddocumentationyou willuseto getstarted with UNIX computing. Next,we'llshow youwhere to go toaccess the code, communities, discussions, projects, and source browser or the

OpenSolarisproject. Then, we'll give youstepsto congure zones,ZFS,networking, and the environment. Finally, we'll demonstrate debuggingprocesses, applications, page aults, anddevice drivers with DTracein thelabexercises.

TheOpenSolaris project was launched on June 14, 2005to createa communitydevelopment efort using theSolaris OS code as a startingpoint. Itis a nexus oracommunity development efort where contributors rom Sun and elsewhere cancollaborate on developing and improvingoperatingsystem technology. TheOpenSolarissource code will nda variety o uses, includingbeing thebasisoruture versions o the Solaris OS product, otheroperating systemprojects,

1M O D U L E 1

7



8/128

third-party products and distributions o interest to the community.TheOpenSolaris project is currentlysponsoredby Sun Microsystems, Inc.

In the rst two years, over 60,000 participants have become registered members.The engineering communityis continually growing and changingto meet theneeds o developers,systemadministrators, and endusers o theSolaris

Operating System.

Teachingwith the OpenSolaris project provides the ollowingadvantages overinstructional operating systems:

Access to code orthe revolutionary technologiesin theSolaris 10operatingsystem

Access to code ora commercial OS that is used in many environmentsandthat scalesto large systems

Superior observability and debugging tools

Hardware platorm support including SPARC,x86 and x64 architectures

Leadership on 64bit computing

$0.00 or innite right-to-use

Free, exciting,innovative, complete, seamless, and rock-solid codebase

Availabilityunder the OSI-approved Common Development andDistribution License (CDDL) allows royalty-ree use, modication, andderived works

Whatis theOpenSolarisProject?

Module 1 What is the OpenSolaris Project? 8



9/128


10/128

Web Resources or OpenSolaris

Youcan download theOpenSolaris source, view thelicense terms andaccessinstructions or buildingsource and installingthe pre-built archives at:http://www.opensolaris.org/os/downloads .

Theicons in theupper-right o theOpenSolaris web pages link youtodiscussions, communities, projects, downloads, and source browser resources.

Inaddition, theOpenSolaris web site provides searchacross allo thesite contentand aggregated blogs.

Discussions

Discussionsprovide youwith accessto theexperts whoare working on newopensource technologies. Discussions also provide an archive o previous

conversations that youcan reerence oranswersto your questions. Seehttp://www.opensolaris.org/os/discussions orthe complete list o orumsto which youcan subscribe.

Communities

Communities provide connections to otherparticipants with similar interests inthe OpenSolaris project. Communities ormaround interest groups,technologies, support, tools,and user groups, or example:

Academicand

Researchhttp://www.opensolaris.org/os/community/edu

DTrace http://www.opensolaris.org/os/community/dtrace

ZFS http://www.opensolaris.org/os/community/zfs

Networking http://www.opensolaris.org/os/community/networking

Zones http://www.opensolaris.org/os/community/zones

Documentation http://www.opensolaris.org/os/community/documentation

Device Drivers http://www.opensolaris.org/os/community/device_drivers

WebResourcesor OpenSolaris


http://www.opensolaris.org/os/community/eduhttp://www.opensolaris.org/os/community/dtracehttp://www.opensolaris.org/os/community/zfshttp://www.opensolaris.org/os/community/networkinghttp://www.opensolaris.org/os/community/zoneshttp://www.opensolaris.org/os/community/documentationhttp://www.opensolaris.org/os/community/device_drivershttp://www.opensolaris.org/os/community/device_drivershttp://www.opensolaris.org/os/community/documentationhttp://www.opensolaris.org/os/community/zoneshttp://www.opensolaris.org/os/community/networkinghttp://www.opensolaris.org/os/community/zfshttp://www.opensolaris.org/os/community/dtracehttp://www.opensolaris.org/os/community/edu


11/128

Tools http://www.opensolaris.org/os/community/tools

Advocates http://www.opensolaris.org/os/community/advocacy

Security http://www.opensolaris.org/os/community/security

Perormance http://www.opensolaris.org/os/community/performance

Storage http://www.opensolaris.org/os/community/storage

System Administrators http://www.opensolaris.org/os/community/sysadmin

These are only a ewo 30communitiesactivelyworkingon OpenSolaris. See

http://www.opensolaris.org/os/communities orthe complete list.

Projects

Projectshosted on the http://www.opensolaris.org/ web site are collaborative

eforts that produce objects such as code changes, documents, graphics, or

joint-authored products.Projects have coderepositories and committers and

may live within a community or independently.

Newprojects are initiatedby participants by request on the discussions. Projects

that aresubmitted and accepted by at least oneotherinterested participant in the

sponsoring communityare given space on theprojectspage to getstarted.See

http://www.opensolaris.org/os/projects orthe current list o newprojects.

Chime Visualization

Toolor DTrace

http://www.opensolaris.org/os/project/dtrace-chime

Google Summer oCode

http://www.opensolaris.org/os/project/powerPC

Indiana http://www.opensolaris.org/os/project/indiana

OpenGrok http://www.opensolaris.org/os/project/opengrok

ProgrammingContest http://www.opensolaris.org/os/project/contest

Starter Kit http://www.opensolaris.org/os/project/starterkit

Solaris iSCSITarget http://www.opensolaris.org/os/project/iscsitgt




Sunintends to havenon-Suncontributorsand wants

to oster collaborations across industrialand academic

afliations.

TheOpenSolaris project willempowerand expand the

existing Solaris community.

TheOpenSolaris project willallow or the creationo

entirely new communities.

Projectsgiveyou theopportunityto shareles,disk

space, andan email alias.

You can collaborate withother engineers across the

globeto work ona newtechnology oran

improvement to existing technology.
http://www.opensolaris.org/os/community/toolshttp://www.opensolaris.org/os/community/advocacyhttp://www.opensolaris.org/os/community/securityhttp://www.opensolaris.org/os/community/performancehttp://www.opensolaris.org/os/community/storagehttp://www.opensolaris.org/os/community/sysadminhttp://www.opensolaris.org/os/communitieshttp://www.opensolaris.org/http://www.opensolaris.org/os/projectshttp://www.opensolaris.org/os/project/dtrace-chimehttp://www.opensolaris.org/os/project/powerPChttp://www.opensolaris.org/os/project/indianahttp://www.opensolaris.org/os/project/opengrokhttp://www.opensolaris.org/os/project/contesthttp://www.opensolaris.org/os/project/starterkithttp://www.opensolaris.org/os/project/iscsitgthttp://www.opensolaris.org/os/project/iscsitgthttp://www.opensolaris.org/os/project/starterkithttp://www.opensolaris.org/os/project/contesthttp://www.opensolaris.org/os/project/opengrokhttp://www.opensolaris.org/os/project/indianahttp://www.opensolaris.org/os/project/powerPChttp://www.opensolaris.org/os/project/dtrace-chimehttp://www.opensolaris.org/os/projectshttp://www.opensolaris.org/http://www.opensolaris.org/os/communitieshttp://www.opensolaris.org/os/community/sysadminhttp://www.opensolaris.org/os/community/storagehttp://www.opensolaris.org/os/community/performancehttp://www.opensolaris.org/os/community/securityhttp://www.opensolaris.org/os/community/advocacyhttp://www.opensolaris.org/os/community/tools


12/128

Source Repositories

Centralized and distributed source repositories are hosted on theopensolaris.org web site. The centralized source management model uses theSubversion(SVN) source control management program. Repositories managedin a distributed ashion use the Mercurial (hg)source control management

program.

Thecreation o a sourcerepositoryon opensolaris.org is completedby aProject Leader by using theProjectweb pages. Developers with commitrightsaccess repositories through theiropensolaris.org accounts. Commit rights aremanaged by Project Leaders.I youneed an account, youmay sign up to acquireone. Additionally, youwill have to provide a Secure Shell (SSH) publickey. Reerto thetools community orthe most recentsource control inormation,downloads and instructions http://opensolaris.org/os/community/tools

OpenGrokOpenGrokTM is theast and usablesource code searchand cross reerence engineusedin OpenSolaris. See http://cvs.opensolaris.org/source totryitout!

Therst project to be hostedon opensolaris.org was OpenGrok. Seehttp://www.opensolaris.org/os/project/opengrok to nd out about theongoing development project.

Take an onlinetour o thesource andyou'll discover cleanly written,extensivelycommented code that reads like a book. Iyou're interested in working on an

OpenSolarisproject, youcan download thecompletecodebase. Iyou just need toknow howsome eatures work in theSolaris OS,the sourcecodebrowserprovides a convenient alternative. OpenGrokunderstands various program leormats andversioncontrol historieslike SCCS, RCS, andCVS,so that youcanbetter understand the open source.



http://opensolaris.org/os/community/toolshttp://cvs.opensolaris.org/sourcehttp://www.opensolaris.org/os/project/opengrokhttp://www.opensolaris.org/os/project/opengrokhttp://cvs.opensolaris.org/sourcehttp://opensolaris.org/os/community/tools


13/128

OpenSolaris Advocacy

Objectives

TheAdvocates Community exists to help peoplearound theworld getinvolvedin the OpenSolaris Community. We welcome participation rom people o alllanguages and cultures and people with all levels o technical and non-technicalskills. Everyone has something to contribute.

See http://opensolaris.org/os/community/advocacy/

In the Advocates communityyou will nd independent usergroup projects,presentations, news, articles, blogs, technical & non-technical content, videosand podcasts, events and conerences, community metrics, swag, badges,buttons, and a variety o otherpromotional projects.

2M O D U L E 2

13

http://opensolaris.org/os/community/advocacy/http://opensolaris.org/os/community/advocacy/


14/128


15/128

Backward Compatibility

Allo these eatures build on what long-time Solaris OS users have come to

expect: rock-solid stability, hugescalability, high perormance, and guaranteed

backwards compatibility. The last o theseis especiallyimportant to commercial

sotware developers, because maintenance is usually the largest expense

associatedwith a piece o sotware. Withits backwards compatibility guarantee,

sotware vendors knowthat (providedthey use only publishedAPIs) sotware

built orSolaris N will runcorrectly on Solaris N+1and subsequent versions.

(Contrast this with some otheroperating systems, where incompatible changes to

systemcomponents -- orexample, libraries -- aremadewithout regardto the

efect on applications. The net efect is application breakage, resultingin

increased maintenance costs and rustration or application vendors and users.)

Hardware Platorm NeutralityThe preceding paragraphs give some reasons why we should developorthe

Solaris OS,but there areadditionalreasons to develop on theSolaris platorm.

One is that Solaris is a multi-OSOplatormOS, supporting both SPARC andx86

architectures (a community-driven port to Power is in the works, too). Although

there wasan issue a ewyears agowith theSolaris OSor x86 platorms, theact

that Sun has introduced a range o AMD-basedservers and workstations

demonstrates the company'scommitment to x86 technology.

From the developer's perspective, the Solaris versions or SPARC and x86

platorms have thesame eature setand APIs. This meansthat developers canconcentrate on the otherissues endemic to cross-platormdevelopment, like

CPU endianness. The SPARC platorm is big-endian and x86 is little-endian, so

an application that is developedand testedon theSolaris platorm hasa high

probability o beingree romendian-related problems. The Solaris OS also

supports both 32-bit and 64-bit applicationson both platorms, thus helping to

eliminatebugs due to assumptions about word size.

Perhapsthe most compelling reasonto develop sotware on theSolaris OS is the

wealth o proessional-grade development tools available or it.

WhyUse OpenSolaris?

Module 2 OpenSolaris Advocacy 15



16/128

DevelopmentTools

One o themost importanteatureso an OSrom a developer'spointo view isthevariety and quality o thedevelopmenttools available. Compilersanddebuggersare themost obvious examples o these tools, butotherexamplesinclude code checkers(to ensurethat ourcode is ree rom subtleerrors the

compiler might not catch), cross-reerence generators (to see which unctionsreerence otherunctions and variables), and perormance analyzers.

TheSun Studio suite is theproduct o choiceor Solaris OS developers. Availableas a ree download rom the http://developers.sun.com website,Sun Studiosotware is a collectiono proessional-gradecompilers and tools. It includes C,C++, and FORTRANcompilers, codeanalysis tools, an integrated developmentenvironment (IDE), the dbx source-level debugger, and editors. Other toolsincludedwith Studio sotware are cscope (an interactive source browser),ctrace(a tool to generate a sel-tracingversion o ourprograms), cxref (a C programcross-reerencer),dmake (or distributed parallel makes), and lint (theC

program checker).

TheSolaris OS ships with theGNU C compiler,gcc, andits companionsource-level debugger, gdb. TheSolaris OS also ships with thevery powerulmodular debugger, mdb. However, mdb is nota source-level debugger. Itis mostuseul whenwe are debugging kernel code, or perorming post-mortem analysison programs orwhich thesource is notavailable. Seethe Solaris ModularDebuggerGuide and Solaris Perormance and Tools by McDougall, Mauro, andGregg or more inormation about mdb.

WhyUse OpenSolaris?




17/128

Acknowledgments

The ollowingmembers o the OpenSolaris Community reviewed and providedeedbackon this document:

Boyd Adamson

PradhapDevarajan AlanCoopersmith Brian Gupta Rainer Heilke EricLowe Ben Rockwood Cindy Swearingen

The ollowingOpenSolaris community members provided excellentnewcontent:

Dong-Hai Han Narayana Janga Shivani Khosa RichTeer Sunay Tripathi Yian Xu

Many thanks also go to StevenCogorno,DavidComay, TeresaGiacomini,Stephen Hahn, Patrick Finch, andSue Weberor their work to make theinitialversion possible.

To participate in uturereviewso this document,use theinstructions at the

ollowing URL:

http://www.opensolaris.org/os/community/documentation/reviews

Acknowledgments


http://www.opensolaris.org/os/community/documentation/reviewshttp://www.opensolaris.org/os/community/documentation/reviews


18/128

18


19/128

Planning the OpenSolaris Environment

Objectives

Theobjective o this moduleis to understand thesystem requirements, supportinormation, and documentation availableor the OpenSolaris project

installation and conguration.

Additional Resources Solaris Express DeveloperEdition InstallationGuide: Laptop Installations. Sun

Microsystems, Inc., 2007.

Resourcesor RunningSolaris OSona Laptop:

http://www.sun.com/

bigadmin/features/articles/laptop_resources.html

OpenSolaris LaptopCommunity:http://opensolaris.org/os/community/laptop

OpenSolaris Starter Kit: http://opensolaris.org/os/project/starterkit

SystemAdministrationGuide: IP Services, Sun Microsystems, Inc., 2007

OpenSolaris Networking Community athttp://www.opensolaris.org/os/community/networking

ZFSAdministrationGuide and man pages:http://opensolaris.org/os/community/zfs/docs

3M O D U L E 3

19

http://www.sun.com/bigadmin/features/articles/laptop_resources.htmlhttp://www.sun.com/bigadmin/features/articles/laptop_resources.htmlhttp://opensolaris.org/os/community/laptophttp://opensolaris.org/os/project/starterkithttp://www.opensolaris.org/os/community/networkinghttp://opensolaris.org/os/community/zfs/docshttp://opensolaris.org/os/community/zfs/docshttp://www.opensolaris.org/os/community/networkinghttp://opensolaris.org/os/project/starterkithttp://opensolaris.org/os/community/laptophttp://www.sun.com/bigadmin/features/articles/laptop_resources.htmlhttp://www.sun.com/bigadmin/features/articles/laptop_resources.html


20/128

Development Environment Confguration

There is no substitute orhands-on experience with operatingsystem code anddirect access to kernel modules. The unique challenges o kernel developmentandaccess to root privileges ora systemare made simpler by thetools, orums,and documentationprovidedor the OpenSolaris project.

Tip To receive an OpenSolaris Starter Kit that includes training materials, sourcecode, and developertools, go to http://get.opensolaris.org .

Consider the ollowingeatureso OpenSolaris as you plan your developmentenvironment:

TABLE 31 CongurableLab ComponentSupport

ConfgurableComponent SupportFromthe OpenSolarisProject

Hardware OpenSolarissupportssystemsthatusetheSPARCandx86amilies oprocessorarchitectures:UltraSPARC,SPARC64,AMD64, Pentium,and Xeon EM64T.

Forsupported systems,see theSolarisOSHardwareCompatibilityListat

http://www.sun.com/bigadmin/hcl .

Source les See http://opensolaris.org/os/downloads ordetailedinstructionsabout

howto buildrom source.

Installimages Pre-built OpenSolarisdistributionsarelimitedto theSolarisExpress:

CommunityEdition[DVDVersion], Build32 or newer, Solaris Express:DeveloperEdition, Nexenta, Schillix,Martuxand Belenix.

Forthe OpenSolaris kernel withthe GNUuser environment,try

http://www.gnusolaris.org/gswiki/Download-form .

BFU archives The on-bfu-DATE.PLATFORM.tar.bz2 leis providedi you areinstallingrom

pre-built archives.

Build tools The SUNWonbld-DATE.PLATFORM.tar.bz2 leis providedi youbuild rom

source.

Compilersand tools SunStudio 11compilersand toolsare reely availableor useby OpenSolaris

developers. See

http://www.opensolaris.org/os/community/tools/sun_studio_tools/ orinstructions about howto downloadand install thelatest versions.Also, reer to

http://www.opensolaris.org/os/community/tools/gcc orthegcc

community.

Development EnvironmentConguration

Module 3 Planning the OpenSolaris Environment 20


TheOpenSolaris 64-bit kernel is seamless:32-bit

applications run unmodiedon it.

Onemay alternatebetween the32-bit and64-bit

kernelwithonly a reboot.

All o the architectures supported by the OpenSolarisproject arebuilt rom thesourcecodebasis.The 64-bit

kernelisn'ta separate versionor variant othe system.

32-bit and 64-bit applications and libraries coexist

seamlessly.
http://get.opensolaris.org/http://get.opensolaris.org/http://www.sun.com/bigadmin/hclhttp://www.sun.com/bigadmin/hclhttp://opensolaris.org/os/downloadshttp://www.gnusolaris.org/gswiki/Download-formhttp://www.gnusolaris.org/gswiki/Download-formhttp://www.opensolaris.org/os/community/tools/sun_studio_tools/http://www.opensolaris.org/os/community/tools/gcchttp://www.opensolaris.org/os/community/tools/gcchttp://www.opensolaris.org/os/community/tools/sun_studio_tools/http://www.gnusolaris.org/gswiki/Download-formhttp://opensolaris.org/os/downloadshttp://www.sun.com/bigadmin/hclhttp://get.opensolaris.org/


21/128

TABLE 31 CongurableLab Component Support (Continued)

ConfgurableComponent SupportFromthe OpenSolarisProject

Memory/DiskRequirements

Memory requirement: 256M minimum (textinstalleronly), 1GB recommended

Memory Requirement: 768M minimum Solaris ExpressDeveloper Edition installer.

Diskspace requirement: 350M bytes

Virtual OS

environments

Zones andBrandedZonesin OpenSolaris provideprotected andvirtualized

operatingsystemenvironmentswithinan instanceo Solaris,allowingone or

moreprocesses to runin isolationrom otheractivity on thesystem.

OpenSolaris supports Xen,an open-sourcevirtualmachinemonitordevelopedby theXen teamat theUniversity o CambridgeComputer Laboratory. See

http://www.opensolaris.org/os/community/xen/ ordetailsandlinksto the

Xenproject.

OpenSolaris is alsoa VMWareTM guest, see

http://www.opensolaris.org/os/project/content ora recent article

describinghow to getstarted.

Reerto Module 4 ormore inormation about howZones andBrandedZonesenable kernel and user modedevelopment o Solaris and Linux applicationswithout impactingdevelopers in separate zones.

Participationin the OpenSolaris project can improve overall perormance acrossyournetwork withthe latest technologies. Yourlab environment becomessel-sustaining whenhosted on OpenSolaris because you are always running thelatest and greatest environment, empoweredto update it yoursel.

Networking

The OpenSolaris project meets uture networking challenges by radicallyimprovingyour network perormance without requiring changes to yourexistingapplications.

Speeds application perormance by about 50 percent by using an enhancedTCP/IP stack

Supportsmany o thelatest networking technologies, such as 10 GigabitEthernet, wireless networking, and hardware ooading




Problem:machines are underutilized; utilization can

be increasedthrough virtualization with Zones. Each

zone looks,eels,and smellslikeits own machine,you

can evenrebootthem!

Mostother virtualization technologies virtualizeat the

hardware layer.

Zonesare a newacilityin OpenSolaristhat instead

virtualizesat the operatingsystem layer.
http://www.opensolaris.org/os/community/xen/http://www.opensolaris.org/os/project/contenthttp://www.opensolaris.org/os/project/contenthttp://www.opensolaris.org/os/community/xen/


22/128

Accommodates high-availability, streaming, and Voice over IP (VoIP)networking eatures through extended routing and protocol support

Supports current IPv6 specications

Find out more about ongoing networking developments romthe OpenSolarisNetworking Community:

http://www.opensolaris.org/os/community/networking .



http://www.opensolaris.org/os/community/networkinghttp://www.opensolaris.org/os/community/networking


23/128

Network Auto-Confguration Daemon

The Solaris Express DeveloperEdition 5/07release booting process runs thenwamd daemon. This daemon implements an alternateinstance o theSMFservice, svc:/network/physical, which enables automatednetworkconguration withminimal intervention.

The nwamd daemon monitors the Ethernet port and automatically enables DHCPon theappropriateIP interace. Ino cable is plugged into a wired network, thenwamd daemonconducts a wireless scan andsends queries to theuser ora WiFiaccesspoint to connect to.

Youdon't need to spend extensiveamounts o time manuallyconguringtheinteraces on yoursystems. Automatic conguration also aids you inadministration, because you can recongure network addresses withminimalintervention.

To view your NWAM status, type theollowing command in a terminal window.

# svcs nwam

STATE STIME FMRI

online 11:29:50 svc:/network/physical:nwam

The OpenSolaris NetworkAuto-Magic Phase 0 page and nwamd man pagecontainurther details, includinginstructions or turning of the nwamd daemon, ipreerred. For more inormation anda link to the nwamd(1M) man page, seehttp://www.opensolaris.org/os/project/nwam .

Network Auto-CongurationDaemon


http://www.opensolaris.org/os/project/nwamhttp://www.opensolaris.org/os/project/nwamhttp://www.opensolaris.org/os/project/nwam


24/128

Zone Overview

A zone canbe thought o as a containerin whichone or more applicationsrunisolated rom allotherapplications on thesystem. Most sotware that runs onOpenSolariswill run unmodied in a zone. Since zones do notchange theOpenSolaris Application Programming Interace (APIs) or Application Binary

Interace (ABI),recompilingan application is notnecessary in order to runitinsidea zone.

ZoneOverview




25/128

Zones Administration

Zone administrationconsists o the ollowingcommands:

zonecfg Creates zones, congures zones (addresources and properties).Storesthe congurationin a private XML leunder /etc/zones.

zoneadm Perorms administrative steps orzones such as list, install,(re)boot, and halt.

zlogin Allowsuser to login to thezone to perorm maintenancetasks.

zonename Displays thecurrentzone name.

The ollowingglobal scope properties are usedwith zones:

zonepath Path in theglobal zone to theroot directoryunder whichthe zonewillbe installed

autoboot Tobootor not tobootwhen globalzone boots

pool Resource pools to which zones shouldbe boundResources mayincludeany o theollowing types:

fs lesystem

Inherit-pkg-dir Directory that has its associatedpackages inheritedrom theglobal zone

net Network device

device Devices

Zones Administration




26/128

Getting StartedWith Zones Administration

This labexercisewill introduceyou to creatingzones.

Summary

This exercise uses detailedexamples to help youunderstand theprocess ocreating, installing, and booting a zone.

Note This procedure does notapplyto anlx branded zone.

Getting StartedWith ZonesAdministration




27/128

To Create, Install, and Boot a Zone

Usethe ollowing example toconfgureyournew zone:

Note Theollowing example uses a shared-IPstack, whichis thedeaultor a

zone.

# zonecfg -z Apache

Apache: No such zone configured

Use create to begin configuring a new zone.

zonecfg:Apache> create

zonecfg:Apache> set zonepath=/export/home/Apache

zonecfg:Apache> add net

zonecfg:Apache:net> set address=192.168.0.50

zonecfg:Apache:net> set physical=bge0

zonecfg:Apache:net> end

zonecfg:Apache> verify

zonecfg:Apache> commit

zonecfg:Apache> exit

Use theollowing example toinstall andbootyournew zone:

# zoneadm -z Apache install

Preparing to install zone .

Creating list of files to copy from the global zone.

Copying files to the zone.

Initializing zone product registry.

Determining zone package initialization order.

Preparing to initialize packages on the zone.

Initialized packages on zone.

Zone is initialized.

Installation of these packages generated warnings: ....

The file

contains a log of the zone installation.

Thenecessary directories arecreated. Thezone is ready orbooting.

Viewthe directories:

# ls /export/home/Apache/root

bin etc home mnt platform sbin

tmp var dev export lib opt

proc system usr

1

2

3





28/128

Packages are not reinstalled.

# /etc/mount

/export/home/Apache/root/lib on /lib read only

/export/home/Apache/root/platform on /platform read only

/export/home/Apache/root/sbin on /sbin read only

/export/home/Apache/root/usr on /usr read only

/export/home/Apache/root/proc on procread/write/setuid/nodevices/zone=Apache

Bootthe zone.

# ifconfig -a

lo0: flags=2001000849

mtu 8232 index 1 inet 127.0.0.1 netmask ff000000

bge0: flags=1004803 mtu 1500 index 2

inet 192.168.0.4 netmask ffffff00 broadcast 192.168.0.255

ether 0:c0:9f:61:88:c9

# zoneadm -z Apache boot

# ifconfig -a

lo0: flags=2001000849mtu 8232 index 1 inet 127.0.0.1 netmask ff000000

lo0:1: flags=2001000849

mtu 8232 index 1 zone Apache inet 127.0.0.1

bge0: flags=1004803 inet 192.168.0.4 netmask ffffff00 broadcast

192.168.0.255 ether 0:c0:9f:61:88:c9

bge0:1: flags=1000803mtu 1500 index 2 zone Apache inet

192.168.0.50 netmask ffffff00 broadcast 192.168.0.255

Confgurethe zone andlogin:

# zlogin -C Apache

[Connected to zone Apache pts/5]

# ifconfig -alo0:2: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1

netmask ff000000

bge0:2: flags=1000803 inet 192.168.0.50 netmask ffffff00

broadcast 192.168.0.255

# ping -s 192.168.0.50

64 bytes from 192.168.0.50: icmp_seq=0. time=0.146 ms

# exit

[Connection to zone Apache pts/5 closed]

4

5





29/128

Web ServerVirtualizationWith Zones

Each zone has its own characteristics, or example, zonename, IP addresses,hostname,naming services,root andnon-root users.By deault, theOS runs in aglobal zone.The administrator can virtualize the executionenvironment bydening oneor more non-global zones.Networkservicescan be runlimiting the

damage possible in theevento securityviolation. Since zones are implementedin sotware, they aren't limited to granularity dened by hardwareboundaries.Instead zones ofersub-CPU granularity.

WebServerVirtualizationWithZones




30/128

Creating Non-Global Zones

This labexercisewill demonstratehow to support twodiferent sets o web serveruser groupson onephysicalhost.

SummarySimultaneousaccess to both webservers will be conguredso that each webserver and systemwill be protectedshould one become compromised.

Creating Non-GlobalZones




31/128

Creating Two Non-Global Zones

Create non-global zoneApache1:

# zonecfg -z Apache1 info

zonepath: /export/home/Apache1

autoboot: false

pool:inherit-pkg-dir: dir: /lib

inherit-pkg-dir: dir: /platform

inherit-pkg-dir: dir: /sbin

inherit-pkg-dir: dir: /usr

net: address: 192.168.0.100/24

physical: bge0

Create non-global zoneApache2:

# zonecfg -z Apache2 info

zonepath: /export/home/Apache2

autoboot: false

pool:

inherit-pkg-dir: dir: /lib

inherit-pkg-dir: dir: /platform

inherit-pkg-dir: dir: /sbin

inherit-pkg-dir: dir: /usr

net: address: 192.168.0.200/24

physical: bge0

Log in toApache1and installthe application:

# zlogin Apache1

# zonename

Apache1

# ls /Apachedir

apache_1.3.9 apache_1.3.9-i86pc-sun-solaris2.270.tar

#cd /Apachedir/apache_1.3.9 ; ./install-bindist.sh /local

You now have successfully installed the Apache 1.3.9 HTTP server.

Log in toApache2and installthe application:

# zlogin Apache2

# zonename

Apache2

# ls /Apachedir

httpd-2.0.50 httpd-2.0.50-i386-pc-solaris2.8.tar

# cd /Apachedir/httpd-2.0.50; ./install-bindist.sh /local

You now have successfully installed the Apache 2.0.50 HTTP server.

1

2

3

4

CreatingNon-Global Zones




32/128

Startthe Apache1 application:

# zonename

Apache1

# hostname

Apache1zone

# /local/bin/apachectl start

/local/bin/apachectl start: httpd started

Startthe Apache2 application:

# zonename

Apache2

# hostname

Apache2zone

# /local/bin/apachectl start

/local/bin/apachectl start: httpd started

Inthe globalzone, edit /etc/hosts fle:

# cat /etc/hosts

## Internet host table

#

127.0.0.1 localhost

192.168.0.1 loghost

192.168.0.100 Apache1zone

192.168.0.200 Apache2zone

Open a webbrowser andnavigate tothe ollowingURL:

http://apache1zone/manual/index.html

TheApache1 web serveris up andrunning.

Open a webbrowser andnavigate tothe ollowingURL:

http://apache2zone/manual/

TheApache2 web serveris up andrunning.

5

6

7

8

9

10

Creating Non-GlobalZones




33/128

Discussion

Theend user sees each zone as a diferent system. Each web serverhas it's ownnameservice:

/etc/nsswitch.conf

/etc/resolv.conf

A maliciousattack on oneweb serveris containedto that zone. Port conicts areno longera problem!

CreatingNon-Global Zones




34/128

Creating ZFS Storage Pools and File Systems

Each ZFSstorage pool is comprisedo oneor more virtual devices, whichdescribe the layout o physical storage and its ault characteristics.

In this module, we'll start by learningabout mirrored storage pool conguration.

Then we'll show youhow to createa RAID-Z conguration.

CreatingZFS StoragePoolsand FileSystems



Themost basicbuildingblock or a storage poolis a

pieceo physical storage.Thiscan beany blockdevice

oat least 128Mbytesin size.Typically, this is a hard

drivethat isvisibleto thesystem inthe /dev/dsk

directory.

A storage device canbe a wholedisk (c0t0d0)oranindividualslice (c0t0d0s7).The recommended mode

ooperation isto usean entiredisk,in whichcase the

disk does notneedto bespecially ormatted. ZFS

ormats thedisk using anEFI labelto contain a single,

largeslice.

ZFSusesthe concept ostoragepoolsto manage

physicalstorage.Historically, le systems were

constructed on top o a single physicaldevice.To

address multiple devices and provide ordata

redundancy, the concept o a volume manager wasintroduced toprovidethe image oa singledevice so

that lesystemswouldnot have tobe modied to

take advantage o multiple devices.This designadded

another layer o complexityand ultimatelyprevented

certain le system advances,because the le system

hadno controloverthe physical placemento data on

the virtualizedvolumes.

Applicationissues a read.ZFS mirrortriesthe rst disk.

Checksumrevealsthat theblock iscorrupt ondisk.ZFS

triesthe seconddisk.

Checksumindicatesthat the block is good. ZFS returns

good data tothe applicationand repairs thedamaged

block onthe rst disk.


35/128

Creating a Mirrored ZFS Storage Pool

Theobjective o this labexerciseis to create and list a mirrored storage pool usingthe zpool command.

Forinormation aboutdetermining whether a ZFS mirrored storage pool

conguration or a RAID-Z storage pool congurationis right oryourenvironment, go to: http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide

Summary

ZFS iseasy, so let's get onwith it! It's timeto createyourrst pool:

Creatinga MirroredZFS StoragePool


http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guidehttp://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guidehttp://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guidehttp://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide


36/128

To CreateMirrored Storage Pools

Opena terminal window.

Create a mirroredstoragepool namedtank. Then,displayinormation aboutthe

pool.

# zpool create tank mirror c1t1d0 c2t2d0

# zpool status tank

pool: tank

state: ONLINE

scrub: none requested

config:

NAME STATE READ WRITE CKSUM

tank ONLINE 0 0 0

mirror ONLINE 0 0 0

c1t1d0 ONLINE 0 0 0

c2t2d0 ONLINE 0 0 0

errors: No known data errors

Thecapacity o the c1t1d0 and c2t2d0 disks is 36 Gbyteseach.Because thedisksaremirrored, thetotalcapacityo thepool reects theapproximatesize o oneothedisks. Pool metadata consumes a small quantity o disk space.For example:

# zpool list

NAME SIZE U SED AVAIL CAP HEALTH ALTROOT

tank 33.8G 89K 33.7G 0% ONLINE -

1

2

Creatinga MirroredZFS Storage Pool




37/128

Creating ZFS File Systems as Home Directories

The objective othislabexerciseis to learn how to set upZFSle systems asseveral home directories.

By using ZFSle systemeatures, availablein theOpenSolaris project, youmight

be able to simpliy your kernel development environment by implementingsnapshots and theirrollbackeatures.

Summary

Inthis lab, we'll usethe zfs command to createa lesystemand setitsmountpoint.

CreatingZFS FileSystemsasHome Directories




38/128

To CreateZFS File Systems as Home Directories

Display thedeaultZFS flesystem that iscreatedautomaticallywhen thestorage

poolis created.

# zfs list

NAME USED AVAIL REFER MOUNTPOINT

ta nk 8 6K 3 3.2 G 24 .5K / tan k

Create the tank/home fle system:

# zfs create tank/home

Then, setthe mountpointorthe tank/home fle system:

# zfs set mountpoint=/export/home tank/home

Finally, create tank/home flesystemsor allo your developers:

# zfs create tank/home/developer1

# zfs create tank/home/developer2

# zfs create tank/home/developer3# zfs create tank/home/developer4

The mountpoint property is inheritedas a pathname prex.That is,tank/home/developer1 is automatically mounted at /export/home/developer1because tank/home is mounted at /export/home.

Confrm that theZFS flesystemsare created:

# zfs list


tank 246K 33.2G 26.5K /tank

tank/home 128K 33.2G 29.5K /export/home

tank/home/developer1 24.5K 33.2G 24.5K /export/home/developer1tank/home/developer2 24.5K 33.2G 24.5K /export/home/developer2

tank/home/developer3 24.5K 33.2G 24.5K /export/home/developer3

tank/home/developer4 24.5K 33.2G 24.5K /export/home/developer4

Take a recursivesnapshoto the tank/home fle system.Then, display the

snapshot inormation:

# zfs snapshot -r tank/home@today

# zfs list


tank 252K 33.2G 26.5K /tank

tank/home 128K 33.2G 29.5K /tank/home

1

2

3

4

5

6





39/128

tank/home@today 0 - 29.5K -

tank/home/developer1 24.5K 33.2G 24.5K /tank/home/developer1

ta nk/ hom e/d eve lop er1 @t oda y 0 - 2 4. 5K -







Formore inormation, see zs.1m.





40/128

Creating a RAID-Z Confguration

Theobjective o this labexerciseis to introduceyou to theRAID-Z conguration.

Summary

Youmight want to createa RAID-Z conguration as an alternative to a mirroredstorage pool conguration i youneedto maximize disk space.

Creatinga RAID-Z Conguration




41/128

To Createa RAID-Z Confguration

Opena terminal window.

Createa pool with a singleRAID-Z deviceconsistingo 5 disks.Then, display

inormation aboutthe storage pool.

# zpool create tank raidz c1t1d0 c2t2d0 c3t3d0 c4t4d0 c5t5d0

# zpool status tank

pool: tank

state: ONLINE

scrub: none requested

config:

NAME STATE READ WRITE CKSUM

tank ONLINE 0 0 0

raidz1 ONLINE 0 0 0

c1t1d0 ONLINE 0 0 0

c2t2d0 ONLINE 0 0 0

c3t3d0 ONLINE 0 0 0c4t4d0 ONLINE 0 0 0

c5t5d0 ONLINE 0 0 0

errors: No known data errors

Disks canbe specied by using their shorthandnameor theull path. Forexample, /dev/dsk/c4t4d0 is identical to c4t4d0.

Itis possible to usediskslices orboth mirrored andRAID-Z storage poolcongurations, but thesecongurations are not recommended or productionenvironments. Formore inormation about using ZFS in productionenvironments, go to: http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide .

1

2

Creatinga RAID-ZConguration


http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guidehttp://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guidehttp://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guidehttp://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guidehttp://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide


42/128

42

I N


43/128

Userland Consolidations

Objectives

Theobjective o this moduleis to introduce youto theuserlandconsolidations oOpenSolaris. In general, you can thinko userlandconsolidations as existing

outside o thekernel andas components with which users interact.Each o theollowingconsolidations deliver source les to the opensolaris.org web siteordownload center. To access each consolidation, reer to the ollowingURL:http://opensolaris.org/os/downloads/

4M O D U L E 4

43


U l dC lid ti d D i ti I t t N t
http://opensolaris.org/os/downloads/http://opensolaris.org/os/downloads/


44/128

Userland Consolidations and Descriptions

ApplicationServer TheGlassshApplicationServer

DeveloperProduct Tools(DevPro) Thesystemmath library,the medialibrary, themicrotasking

library,SCCS andmake andC++ runtime libraries.

Documentation (Docs) Developerandadministration technicaldocumentation.

GlobalizationSupport(G11N) Internationalization andlocalizationsupport.

Installation Support (Install) Installation support andpackagingtools.

JavaDesktop(JDS) Asecureandcomprehensive enterprisedesktopsotwaresolution.

Java Platorm,Standard Edition

(Java SE)

Binariesor theJava Development Kit(JDK) andJavaRuntime

Environment (JRE)are available.

Man ualP ag es Sou rce c ode t o t he SunOSR eerenc e Manu alP age s.

Message Q ueue The S un J ava S ystem Message Q ueue.

Network Storage(NWS) Networkstoragedevicesupport.

SFW(Solaris FreeWare) Opensource sotwarethatis bundled with Solaris/OpenSolaris.

SPARC GraphicsSupport TheSPARC graphicsconsolidationhas drivers available inbinaryorm.

Test OpenSolaris Test Suites and Test Tools.

X W in do w Sys tem( X11) X11 s ot ware.

UserlandConsolidations and Descriptions

Module 4 Userland Consolidations 44


I t t N t


45/128

Core Features o the Solaris OS

Objectives

Theobjective o this moduleis to describe thecore eatures o theSolaris OS andhow the eatures have undamentallychanged operatingsystem computing.

Additional Resources

OpenSolarisDevelopment Process;http://www.opensolaris.org/os/community/onnv/os_dev_process/

C Style andCoding Standardsor SunOS; http://www.opensolaris.org/os/community/documentation/getting_started_docs/

5M O D U L E 5

45


Development ProcessandCodingStyle I n s t r u c t o r N o t e s
http://www.opensolaris.org/os/community/onnv/os_dev_process/http://www.opensolaris.org/os/community/documentation/getting_started_docs/http://www.opensolaris.org/os/community/documentation/getting_started_docs/http://www.opensolaris.org/os/community/documentation/getting_started_docs/http://www.opensolaris.org/os/community/documentation/getting_started_docs/http://www.opensolaris.org/os/community/onnv/os_dev_process/


46/128

Development Process and Coding Style

Thedevelopment process steps andthe codingstylethat is used by theOS/Netconsolidation (ON) are used to deliver thecore OperatingSystem andNetworking components to Solaris. ONcontainsthe sourceor thekernel and allplatorms(on all architectures), the bulko the drivers, lesystems, corelibraries,

andbasic commands that you'd expectto ndon a Solaris system.Thedevelopment process or the OpenSolaris project ollows the ollowinghigh-levelsteps:

1. Idea

First, someone has an idea oran enhancementor hasa gripe about a deect.Searchor an existing bugor lea newbug or request orenhancement (RFE)by usingthe http://bugs.opensolaris.org/ web page. Next,announce it tootherdevelopers on the appropriate E-mail list. The announcement has theollowing benets:

Precipitate discussiono the change or enhancement Determine the complexityo the proposed change(s) Gauge communityinterest Identiy potential team members

2. Design

TheDesign phase determines whether or nota ormaldesign reviewis evenneeded. I a ormalreview is needed, complete theollowing next steps:

Identiy design and architecturalreviewers Write a design document Writea test plan

Conduct design reviews and get the appropriate approvals3. Implementation

The Implementation phaseconsists o the ollowing:

Writing o theactual code in accordance with policies and standards

DownloadC Style andCoding Standardsor SunOShere:http://www.opensolaris.org/

os/community/documentation/getting_started_docs/ .

Writing the test suites

Passing various unit and pre-integration tests

Development ProcessandCodingStyle

Module 5 Core Features o the Solaris OS 46


DevelopmentProcessand Coding Style I n s t r u c t o r N o t e s
http://bugs.opensolaris.org/http://www.opensolaris.org/os/community/documentation/getting_started_docs/http://www.opensolaris.org/os/community/documentation/getting_started_docs/http://www.opensolaris.org/os/community/documentation/getting_started_docs/http://www.opensolaris.org/os/community/documentation/getting_started_docs/http://bugs.opensolaris.org/


47/128

Writing or updating the userdocumentation, i needed

Identiying codereviewers in preparation or integration

4. Integration

Integration happens aterall reviews have beencompletedand permission tointegrate has beengranted.

TheIntegration phase is to make sure everything that wassupposedto be donehas in act beendone, which means conducting reviews or code, documentation,and completeness.

The ormal process document or OpenSolaris describes the previous steps ingreater detail, with ow charts that illustratethe development phases. Thatdocument also details theollowing design principles andcorevalues that aretobe applied to source codedevelopment or the OpenSolaris project:

Reliability OpenSolaris must perorm correctly, providingaccurateresultswith no data loss or corruption.

Availability Services must be designed to be restartable in theevento anapplication ailure andOpenSolaris itselmust be able to recover romnon-atal hardwareailures.

Serviceability Itmust be possible to diagnose both atal andtransient issuesand wherever possible, automate the diagnosis.

Security OpenSolaris security must be designedinto the operating system,with mechanisms in place in order to auditchangesdone to thesystem andbywhom.

Perormance Theperormance o OpenSolaris must be secondto none

whencompared to otheroperating systems running on identicalenvironments.

Manageability Itmust allow orthe management o individual components,sotware or hardware, in a consistent and straightorward manner.

Compatibility New subsystems and interaces must be extensible andversioned in order to allowor uture enhancements and changes withoutsacricing compatibility.

Maintainability OpenSolaris must be architected so that commonsubroutines arecombined into libraries or kernelmodulesthat canbe used byan arbitrary number o consumers.

DevelopmentProcessand Coding Style



Sometimes, the integratedchange needsto be

communicatedby sending heads-up messages to

appropriate communities and possiblypresenting a

transer o inormation (TOI)to a support organization

tohelp them understand thechange.

Development ProcessandCodingStyle I n s t r u c t o r N o t e s


48/128

PlatormNeutrality OpenSolaris must continue to be platorm neutral andlower level abstractions must be designedwith multiple and uture platormsin mind.

Reer to http://www.opensolaris.org/os/community/onnv/os_dev_process/ormoredetailedinormationaboutthe process that is used orcollaborativedevelopment o OpenSolaris code.

Like manyprojects, OpenSolaris enorces a coding style on contributed code,regardless o its source. This style is described in detail athttp://opensolaris.org/os/community/onnv/ .

Two tools orchecking many elements o thecoding style areavailable as part othe OpenSolaris distribution. Thesetools are cstyle(1) or veriying complianceo C code with most style guidelines,and hdrchk(1) orcheckingthe style o Cand C++ headers.

Development ProcessandCodingStyle



This coding style isvery similar tothat used bythe

Linuxkernel,BSD systems, and manyother non-GNU

projects(the GNUprojectusesits own uniquecoding

style).Also, examine thelesin

usr/src/prototypes; these provide exampleso the

correct general layoutand style or most typeso

source les.

Thereare style mistakesthat cannotbe caughtby any

reasonable tool,and othersthat cannotbe caughtby

the particularimplementations.

Improving the accuracy and completeness o these

tools isan ongoing task.

Overview I n s t r u c t o r N o t e s
http://www.opensolaris.org/os/community/onnv/os_dev_process/http://opensolaris.org/os/community/onnv/http://opensolaris.org/os/community/onnv/http://opensolaris.org/os/community/onnv/http://www.opensolaris.org/os/community/onnv/os_dev_process/


49/128

Overview

Nowthat you have considered the development environment, processes, and

values applied to engineering by OpenSolaris developers, let'sdiscuss in moredepth, eatures o the operating systemthat exempliyperormance, security,serviceability, and manageability:

Perormance

FireEngine Nemo Crossbow

Security

Least Privilege Packet Filtering Zones Branded Zones (BrandZ)

Serviceability

Predictive Sel-Healing Dynamic Tracing Facility (DTrace) Modular Debugger (MDB)

Manageability

Services Management Facility(SMF) ZFS

FireEngine

The "FireEngine" approach in Solaris 10 mergesall protocol layers into one

STREAMS module that is ully multithreaded. Inside the merged module, insteado per-datastructure locks, a per-CPU synchronization mechanismcalled

"vertical perimeter" is used. The"vertical perimeter" is implemented using aserialization queue abstraction called "squeue." Eachsqueue isbound toa CPU,andeachconnectionis in turn bound to a squeuethat provides any

synchronization and mutual exclusion needed or the connection-specic datastructures.

Overview





50/128

Synchronization

Since the stackis ullymultithreaded (barringthe per-CPU serialization enorcedby theverticalperimeter),it uses a reerence-basedscheme to ensure that theconnection instance is available whenneeded.For an established TCPconnection,threereerencesare guaranteed to be on it. Each protocol layer hasareerence on theinstance(one each orTCP andIP) andthe classieritsel has a

reerence since it is an established connection. Each time a packet arrives ortheconnection and the classierlooks up the connection instance, an extrareerenceis placed, whichis dropped when theprotocollayernishesprocessing thatpacket.

TCP, IP, and UDP

TheSolaris 10 OS provides thesame view orTCP as previous releases -- that is,TCP appears asa clone devicebut it isactuallya composite,withtheTCPandIPcode mergedinto a singleD_MPSTREAMS module. Theoperationalpart oTCPis ully protectedby theverticalperimeter that entered through thesqueue

primitives. FireEngine changes the interace between TCP and IP rom theexisting STREAMS-based message passing interace to a unctional call-basedinterace, both in thecontrol and data paths.

There is a ully multithreaded UDP modulerunningunder thesame protectiondomainas IP. Though UDP andIP arerunningin thesame protection domain,they are still separate STREAMS modules. Thereore, STREAMS plumbing iskept unchanged anda UDP moduleinstanceis alwayspushed above IP. TheSolaris 10 platorm allows or the ollowing plumbing modes:

Normal IP is rst openedand later UDP is pusheddirectly on top. This is the

deault actionthat happens when a UDP socketor device is opened. SNMP UDP is pushedon top o a moduleotherthanIP. When this happens,

only SNMPsemantics will be supported.

GLDv3

Solaris 10 sotware introduces a new device driver ramework called GLDv3along with thenew stack.Mosto themajordevice drivers were portedto thisramework, andall uture and10Gbdevice drivers will be based on thisramework. This ramework also provided a STREAMS-based DLPI layerorbackward compatibility (to allowexternal, non-IP modules to continue to work).





51/128

GLDv3architecturevirtualizes Layertwo o the network stack. A one-to-one

correspondence between network interaces and devices no longer exists.

Reerto theNemoProjecthosted on opensolaris.org or moreinormation

about the ramework, the MAC services module, and the Data-LinkServices

module.

Virtualization

Project Crossbow creates virtual stacks around any service (HTTP, HTTPS, FTP,

NFS, etc.), protocol (TCP, UDP, SCTP, etc.), or Solaris Containerstechnology.

Thevirtual stacks are separated by means o a H/Wclassicationengine such that

trac orone stack does notimpact other virtual stacks. Each virtual stack canbe

assigned itsown priority andbandwidth on a sharedNIC without causing

perormance degradation to the system or the service/container. The architecture

dynamically manages priority and bandwidth resources, and can provide better

deense against denial-o-service attacks directed at a particular service orcontainerby isolatingthe impactto just that service or container.

Least Privilege

UNIX has historically had an all-or-nothing privilege model that imposes the

ollowing restrictions:

Nowayto limit root userprivileges

No way or non-root users to perorm privilegedoperations

Applicationsneedingonly a ew privilegedoperations must run as root

Very eware trusted with root privileges andvirtually no students areso

trusted

Inthe Solaris OS we'vedevelopedfne-grainedprivileges. Fine-grained privileges

allowsapplications andusers to run with just theprivileges they need. The least

privilegeallows students to be granted theprivileges that they need to complete

their coursework, participate in research,and maintain a portion o thecampus

or department inrastructure.





52/128

Packet Filtering

Solaris IP Filter provides stateul packet ltering and network address translation(NAT).Solaris IP Filter is derived rom theopen sourceIP Filter sotware.IPFilter canlterby IP address, port, protocol,or network interaceaccordingtolterrules.

IP Filter

The Packet Filtering Hooks (PFHooks)API has been introduced since Solaris 10Update4, to replace theSTREAMS-basedimplementationo IP Filter. Using thePFHooks ramework, the perormance o rewall sotware like IP Filter issignicantly improved. PFhooks also provides the ability to intercept loopbackand inter-zone trac. Third-party rewall sotware is developed and registeredwith the PFHooks API using the net_register_hook(info, event, hook);hook.

Enabling Simple PacketFilters

Theobjective o this exercise is to learn about packet ltering.Solaris IP Filter isinstalled with the Solaris operatingsystem. However, packet ltering is notenabled by deault. IP Filter canlter by IP address, port, protocol, or networkinteraceaccording to lterrules. Following is an example lterrule:

block in on ce0 proto tcp from 192.168.0.0/16 to any port = 23

To useSolaris IP Filter, simplyenteryourlterrulesin the /etc/ipf/ipf.confle. Then, enableand restart the svc:network/ipfilter service by using thesvcadm command.

Note You can alsouse the ipf command to work with therulesets.

Solaris IP Filter can perorm network address translation (NAT) or a sourceaddress or a destination address accordingto NAT rules. Following is an exampleo a NAT rule:

map ce0 192.168.1.0/24 -> 10.1.0.0/16





53/128

To usenetworkaddresstranslation, enteryour NAT rulesin the/etc/ipf/ipnat.conf le. Then, enableand restart thesvc:/network/ipfilter service by using the svcadm command.

Note You can alsouse the ipnat command to work with rule sets.

SamplePacketFiltering Rules

This section includes various examples o ltering rule syntax. Invoke therules byadding them to the /etc/ipf/ipf.conf le. Then, enableSolaris IP Filter andreboot your machine as detailed in thepreviousexercise.

Logall inbound packets on le0 which hasIP options present.

log in on le0 from any to any with ipopts

Block anyinbound packets on le0 whichare ragmented andtoo short on whichto do any meaningul comparison. This actually only applies to TCPpackets

whichcan be missing theags/ports (depending on whichpart o theragmentyou see).

block in log quick on le0 from any to any with short frag

Logall inbound TCPpacketswith theSYN ag(only) set.

Note Iit was aninboundTCPpacket withtheSYN ag set and ithadIP optionspresent, this rule andthe above rule would cause it to be loggedtwice.

log in on le0 proto tcp from any to any flags S/SA

Blockand log any inbound ICMP unreachables.

block in log on le0 proto icmp from any to any icmp-type unreach

Block andlog any inbound UDP packets on le0which aregoing to port 2049 (theNFS port).

block in log on le0 proto udp from any to any port = 2049

Quickly allow any packets to/rom a particular pair o hosts





54/128

pass in quick from any to 10.1.3.2/32

pass in quick from any to 10.1.0.13/32

pass in quick from 10.1.3.2/32 to any

pass in quick from 10.1.0.13/32 to any

Block (and stop matching) anypacket with IP options present.

block in quick on le0 from any to any with ipopts

Allowany packet through

pass in from any to any

Blockany inbound UDPpackets destined or thesesubnets.

block in on le0 proto udp from any to 10.1.3.0/24



Block anyinbound TCPpackets with only theSYN agset that aredestinedor

thesesubnets.

block in on le0 proto tcp from any to 10.1.3.0/24 flags S/SA



Blockany inbound ICMP packets destined or thesesubnets.

block in on le0 proto icmp from any to 10.1.3.0/24



Zones

A zone is a virtual operatingsystem abstraction that provides a protectedenvironment in which applications run. The applications are protected romeachother to provide sotware ault isolation. To ease thelaboro managingmultipleapplications and theirenvironments, they co-exist within one operating systeminstance,and are usually managed as oneentity.

A small numbero applicationswhich are normally run as root or with certainprivileges maynot run insidea zone i they rely on being able to accessor change





55/128

some globalresource. An example might be theability to change thesystem'stime-o-day clock. Theew applicationswhich all into this categorymay needapplicationsto runproperly insidea zone or in some cases,should continue to beused withinthe globalzone.

Here are some guidelines:

Anapplicationwhich accesses thenetworkand les, andperorms no otherI/O, should workcorrectly.

Applicationswhich require direct access to certain devices, or example, a diskpartition, will usually work i thezone is congured correctly. However, insome cases this may increase security risks.

Applications whichrequire direct accessto these devices mayneedto bemodied to workcorrectly. Forexample, /dev/kmem, or a network device.Applications shouldinstead useone o themany IP services.

Zones can be combined with the resource management acilities which arepresent in OpenSolaris to provide morecomplete, isolated environments. While

thezone supplies thesecurity, name space and ault isolation, theresourcemanagement acilities canbe used to prevent processesin onezonerom usingtoomuch o a systemresourceor to guarantee them a certain service level.Together,zones and resource management are otenreerred to as containers.

See http://opensolaris.org/os/community/zones/faq oranswersto a largenumber o commonquestions about zones andlinks to thelatest administrationdocumentation.

Zones provide protected environments or Solaris applications.Separate andprotectedrun-timeenvironments are available through the OpenSolaris project,

by using BrandZ.

Branded Zones (BrandZ)BrandZ is a ramework that extends the zones inrastructure to create BrandedZones, which are zones that contain non-native operatingenvironments.Abranded zone maybe as simpleas an environmentwhere thestandardSolarisutilitiesare replaced by their GNUequivalents, or as complex as a completeLinux user space.

BrandZ extends theZonesinrastructure in user space in theollowing ways:


Super-user ina zone can't aect orobtain privileges in

otherzones.

This allows students a sae sandbox in whichto

experiment.

Zonescan beused asinstructional tool orinrastructure component

For example,you canallocateeachstudent anIP

address anda zone andallowthemall tosaely share

one machine.

http://opensolaris.org/os/community/zones/faqhttp://opensolaris.org/os/community/zones/faq


56/128

A brandis an attributeo a zone, setat zone conguration time.

Each brand provides itsown installationroutine, whichallows us to install anarbitrary collectiono sotware in the branded zone.

Each brand mayprovide pre-boot andpost-boot scripts that allow us to doany nal boot-time setupor conguration.

The zonecfg and zoneadm tools canset and reporta zone'sbrand type.

BrandZ provides a seto interposition pointsin thekernel:

These pointsare ound in the syscall path, process loading path, threadcreation path,etc.

These interposition pointsare only applied to processesin a branded zone.

At each o these points, a brand maychoose to supplement or replace thestandardbehavior o theSolaris OS.

Fundamentally diferentbrands may require new interposition points.

The lx brand enables Linux binary applications to run unmodied on Solaris,

withinzones that are running a complete Linux user space.The lx brand enablesuser-level Linux sotware to runon a machine with a OpenSolaris kernel, andincludes thetoolsnecessary to install a CentOS or RedHat Enterprise Linuxdistributioninside a zone on a Solaris system. The lx brand will run on x86/x64systems bootedwitheither a 32-bitor 64-bit kernel. Regardless o theunderlyingkernel, only 32-bit Linux applicationsare able to run. This eature is onlyavailableor x86 andAMDx64 architectures at this time. However,porting toSPARC might be an interesting communityproject because BrandZ lx is still verymuch a work in progress.

Reer to http://opensolaris.org/os/community/brandz/install orthe

installation requirements and instructions.

The OpenSolaris project addresses the unique challenges o operatingsystemdevelopment and testing or application perormance usingeatures likezones.

Zones NetworkingSolaris zones canbe designated as oneo theollowing:

Exclusive-IPzone Shared-IPzone


http://opensolaris.org/os/community/brandz/installhttp://opensolaris.org/os/community/brandz/install


57/128

Exclusive-IPzones have their ownIP stacks andmay have their ownphysicalinteraces. Anexclusive-IP zone mayalso have itsown VLAN interaces. Theconguration o exclusive-IPzones is thesame as that o a physical machine.

Shared-IPzones share theIP stack with theglobal zone, so shared-IPzones areshielded rom theconguration details ordevices, routing and so on.Eachshared-IP zonecan be assigned IPv4/IPv6addresses. Each shared-IP zonealso

hasits ownport space.Applications canbindto INADDR_ANY andwillonlyreceive trac orthat zone.

Bothtype o zones cannotsee thetraco other zones.Packetscoming rom azone have a sourceaddressbelonging to that zone. A shared-IP zone canonlysend packets on an interaceon whichit hasan address. A shared-IP zone canonly usea deault routeri it is directly reachable rom thezone.The deaultrouterhas tobe inthe sameIP subnetas the zone.

Shared-IP zones cannot change theirnetworkcongurationor routing tableandcannotsee theconguration o other zones. /dev/ip isnot present inthe

shared-IP zone. SNMPagents must open /dev/arp instead. Multiple shared-IPzones canshare a broadcastaddressand mayjoin thesame multi-cast group.

Shared-IP zones have the ollowingnetworking limitations:

Cannot puta physical interaceinside a zone IPFilterdoes not workbetween zones NoDHCPor Zones IP addresses No Dynamic Routing

Exclusive-IPzones do nothave theabovelimitations, andcan changetheirnetwork conguration or routing tableinside the zone. /dev/ip is present in the

exclusive-IPzone.

Zones Identity, CPUVisibility, and Packaging

Each zone controls itsnode name, timezone,and namingserviceslike LDAP andNIS. The sysidtool canset this up.Separate /etc/passwd les mean that rootprivileges canbe delegated to thezone.User IDs maymap to diferentnameswhendomains difer.

By deault, allzonessee allCPUs. Restricted view is enabled automatically whenre

introduction to operating systems - solaris

Documents