Solaris 10Advanced FeaturesPrepared by Aram Avetisyan

Contents

2

Introduction

Solaris Management Facility (SMF)

IPMP and Link Aggregation

Solaris Zones

Ինչ կստանաք այս դասընթացի արդյունքում

Ինֆորմացիա Solaris10 համակարգի նոր և առաջադեմհնարավորությունների մասին

Նոր փորձ

Նոր ծանոթություններ և ընկերներ

3

Ինչ նոր գիտելիքներ ձեռք կբերեք

SMF ծառայության հիմունքները Solaris10 համակարգում

Ինչպես միացնել, անջատել և վերաբեռնավորել ծառայությունները

IPMP և Link Aggregation տեխնոլոգիաների մասին սկզբնականգիտելիքներ

Որ դեպքերում են օգտագործվում այս տեխնոլոգիաները

Ինչպես կոնֆիգուրացնել IPMP և Link Aggregation տեխնոլոգիաները

Solaris Zone-ի առավելությունները

Ինչ խնդիրների լուծման համար կարող է օգտագործվել

Ինչպես ստեղծել և կոնֆիգուրացնել

4

Contents

5

Introduction

Solaris Management Facility (SMF)

IPMP and Link Aggregation

Solaris Zones

SMF Features

Services are represented as first-class objects that can be viewed and managed.

Failed services are automatically restarted in dependency order.

More information is available about misconfigured or misbehaving services.

Problems during the boot process are easier to debug.

Snapshots of service configurations are taken automatically,.

Services can be enabled and disabled using a supported tool.

Administrators can securely delegate tasks to non-root users more easily.

Large systems boot faster by starting services in parallel according to their dependencies.

6

The process “Refusing to Die”

7

UID PID PPID C STIME TTY TIME CMD root 330 1 0 14:21:05 ? 0:00 /usr/lib/sendmail -bd -q15m

smmsp 331 1 0 14:21:05 ? 0:00 /usr/lib/sendmail -Ac -q15m

UID PID PPID C STIME TTY TIME CMD root 530 1 0 14:51:02 ? 0:00 /usr/lib/sendmail -bd -q15m

smmsp 531 1 0 14:51:02 ? 0:00 /usr/lib/sendmail -Ac -q15m

# ps -fp `pgrep -d, sendmail`

# pkill -9 sendmail

# ps -fp `pgrep -d, sendmail`

Service NamesFMRI (Fault Managed Resource Identifier)

• svc://localhost/system/system-log:default

• svc:/system/system-log:default

• system/system-log:default

• system-log:default

• system-log

8

% svcs -a

STATE STIME FMRI ...online 11:19:35 svc:/network/nfs/status:defaultoffline 18:20:30 svc:/application/print/rfc1179:default maintenance 18:20:26 svc:/network/ntp:default

Enabling and disabling services

Old method SMF method

mv /etc/rc2.d/S75cron /etc/rc2.d/x.S75cron svcadm disable system/cron:default

edit /etc/inet/inetd.conf, uncomment the finger line svcadm enable network/finger:default

9

Stopping, starting, and restarting services

Old method SMF method

/etc/init.d/sshd stop svcadm disable -t network/ssh:default

/etc/init.d/sshd start svcadm enable -t network/ssh:default

/etc/init.d/sshd stop; /etc/init.d/sshd start svcadm restart network/ssh:default

kill -HUP `cat /var/run/sshd.pid` svcadm refresh network/ssh:default

Discovering What's Going Wrong

10

[ network/ntp:default starting (network time protocol (NTP)) ] Oct 25 13:58:42/49 ERROR: svc:/network/ntp:default:

Method "/lib/svc/method/xntp" failed with exit status 96. Oct 25 13:58:42 svc.startd[4]: svc:/network/ntp:default:

Method "/lib/svc/method/xntp" failed with exit status 96. [ network/ntp:default misconfigured (see 'svcs -x' for details) ]

# svcs -x svc:/network/ntp:default (Network Time Protocol (NTP).)

State: maintenance since Mon Oct 18 13:58:42 2004Reason: Start method exited with $SMF_EXIT_ERR_CONFIG.

See: http://sun.com/msg/SMF-8000-KSSee: ntpq(1M) See: ntpdate(1M)See: xntpd(1M)

Impact: 0 services are not running.

Log Files

The log files are located in /var/svc/log/ directory.

The log file name is based on the short form of FMRI, with “/”s replaced by “-”s.

Example:

Log file for the svc:/network/ntp:default is var/svc/log/network-ntp:default

11

Observing Services

12

% svcs -p network/smtp:sendmailSTATE STIME FMRIonline 18:20:30 svc:/network/smtp:sendmail

18:20:30 655 sendmail18:20:30 657 sendmail

% ps –fp 655,657UID PID PPID C STIME TTY TIME CMD

root 655 1 0 18:21:05 ? 0:00 /usr/lib/sendmail -bd -q15m

smmsp 657 1 0 18:21:05 ? 0:00 /usr/lib/sendmail -Ac -q15m

The "-p" option shows all the processes associated with a service:

Observing Services

13

The "-d" option shows what other services this service depends on, and the "-D" option shows

what other services depend on this service:

% svcs -d network/smtp:sendmailSTATE STIME FMRIonline 18:20:14 svc:/system/identity:domainonline 18:20:26 svc:/network/service:defaultonline 18:20:27 svc:/system/filesystem/local:defaultonline 18:20:27 svc:/milestone/name-services:defaultonline 18:20:27 svc:/system/system-log:defaultonline 18:20:30 svc:/system/filesystem/autofs:default

% svcs -D network/smtp:sendmail

STATE STIME FMRIonline 18:20:32 svc:/milestone/multi-user:default

Contents

14

Introduction

Solaris Management Facility (SMF)

IPMP and Link Aggregation

Solaris Zones

IPMP Features

Eliminates a single network adapter as a single point of failure in case of: Network adapter failure

Network link failure

Enables interfaces to fail over within approximately 10

Can be configured by adjusting the parameters in the

/etc/default/mpathd file

Can be configured for use with both IPv4 and IPv6

Enables interfaces to be configured as standby interfaces

15

IPMP Failure Detection

Probe based failure detection: Detects network error by sending ICMP ECHO_REQUEST messages

Link based failure detection: Detects network error by checking the IFF_RUNING

16

Probe Based IPMP Requirements

17

Probe Based IPMP

The Solaris 8 10/00 OS, as a minimum, must be installed.

Unique MAC addresses must be configured on each network interface.

Multiple network adapter interfaces

must be connected on each subnet.

An IPMP group name must be assigned to the

group of interfaces.

A test address is assigned to an

interface.

Additional hosts or devices must exist on

the same subnet.

Configuring Probe-Based IPMP

18

1 • Verify the Solaris OS release.

2 • Configure unique MAC addresses.

3 • Configure IP addresses.

4 • Configure one interface as part of an IPMP group.

5 • Configure a test address for the first interface.

6 • Configure a second interface as part of the same IPMP group.

7 • Configure a test address for the second interface.

8 • View the interface configuration.

Configuring Probe-Based IPMP

19

# cat /etc/release

Solaris 10 11/06 s10s_u3wos_10 SPARCCopyright 2006 Sun Microsystems, Inc. All Rights Reserved.

Use is subject to license terms.Assembled 14 November 2006

# eeprom "localmacaddress?=true”# ifconfig eri0 10.5.0.11 netmask + broadcast + up# ifconfig eri0 group mptest1

# ifconfig eri0 addif 10.5.0.61 netmask + broadcast + -failover deprecated up

# ifconfig qfe2 10.5.0.21 netmask + broadcast + group mptest1 up# ifconfig qfe2 addif 10.5.0.71 netmask + broadcast + -failover deprecated up

# ifconfig -a

Configuring Probe-Based IPMP using configuration files

20

# cat /etc/hostname.eri010.5.0.11 netmask + broadcast + group mptest1 up \addif 10.5.0.61 netmask + broadcast + -failover \deprecated up# cat /etc/hostname.qfe210.5.0.21 netmask + broadcast + group mptest1 up \addif 10.5.0.71 netmask + broadcast + -failover \deprecated up

# init 6

Link-Based IPMP Requirements

21

Link-Based IPMP

Solaris 9 12/02 OS, at a minimum, must be installed.

Network interfaces must use any of the

following drivers: hme, eri, ce, ge, bge, qfe, dmfe

Unique MAC addresses must be configured on each of the interfaces.

An IPMP group name must be

assigned to interfaces

Configuring Link-Based IPMP

22

1 • Verify the Solaris OS release.

2 • Configure unique MAC addresses.

3 • Define IP addresses.

4 • Configure the interfaces.

5 • View the interface configuration

Configuring Link-Based IPMP

23

# cat /etc/release

Solaris 10 11/06 s10s_u3wos_10 SPARCCopyright 2006 Sun Microsystems, Inc. All Rights Reserved.

Use is subject to license terms.Assembled 14 November 2006

# eeprom "localmacaddress?=true”

# ifconfig eri0 10.5.0.11 netmask + broadcast + group lgrp up

# ifconfig hme0 10.5.0.21 netmask + broadcast + group lgrp up

# ifconfig -a

Configuring Link-Based IPMP Using Configuration Files

24

# cat /etc/hostname.eri010.5.0.11 netmask + broadcast + group mptest1 up# cat /etc/hostname.hme010.5.0.21 netmask + broadcast + group mptest1 up# init 6

Configuring IPMP Parameters

25

# cat /etc/default/mpathd#pragma ident "@(#)mpathd.dfl 1.2 00/07/17 SMI"## Time taken by mpathd to detect a NIC failure in ms. The minimum time# that can be specified is 100 ms.#FAILURE_DETECTION_TIME=10000## Failback is enabled by default. To disable failback turn off thisoption#FAILBACK=yes## By default only interfaces configured as part of multipathing groups# are tracked. Turn off this option to track all network interfaces# on the system#TRACK_INTERFACES_ONLY_WITH_GROUPS=yes

Additional Resources

man ifconfig

man in.mpathd

docs.sun.com

26

Features of Link Aggregations

Increased bandwidth – The capacity of multiple links is combined into one logical link

Automatic failover/failback – Traffic from a failed link is failed over to working links in

the aggregation

Load balancing – Both inbound and outbound traffic is distributed according to user

selected load-balancing policies, such as source and destination MAC or IP addresses

Support for redundancy – Two systems can be configured with parallel aggregations.

Improved administration – All interfaces are administered as a single unit

Less drain on the network address pool – The entire aggregation can be assigned

one IP address

27

Link Aggregation Basics

For systems that run an application with distributed heavy traffic

For sites with limited IP address space that nevertheless require large amounts of

bandwidth

For sites that need to hide the existence of internal interfaces

28

You may use link aggregation in the following situations:

Basic Link Aggregation Topology

29

Link Aggregation Topology With a Switch

Back-to-Back Link Aggregations

Policies and Load Balancing

L2 – Determines the outgoing link by hashing the MAC (L2) header of

each packet

L3 – Determines the outgoing link by hashing the IP (L3) header of

each packet

L4 – Determines the outgoing link by hashing the TCP, UDP, or other

ULP (L4) header of each packet

30

Requirements for Link Aggregation

31

Link Aggregation

You must use the dladm command to

configure aggregations.

An interface that has been plumbed

cannot become a member of an aggregation.

Interfaces must be of the GLDv3 type: xge, e1000g, nge, rge, ixrgb and bge. All interfaces in the

aggregation must run at the same

speed and in full-duplex mode.

You must set the value for MAC

addresses to “true” in the EEPROM

parameter local-mac-address?

How to Create a Link Aggregation

32

1• Assume the Primary Administrator role, or become superuser.

2• Determine which interfaces are currently installed on your system.

3• Determine which interfaces have been plumbed.

4• Create an aggregation.

5• Configure and plumb the newly created aggregation.

6• Check the status of the aggregation you just created.

How to Create a Link Aggregation

33

% su root# dladm show-link

ce0 type: legacy mtu: 1500 device: ce0ce1 type: legacy mtu: 1500 device: ce1bge0 type: non-vlan mtu: 1500 device: bge0bge1 type: non-vlan mtu: 1500 device: bge1bge2 type: non-vlan mtu: 1500 device: bge2

# ifconfig -a

lo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu8232 index 1

inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2

inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e

# dladm create-aggr -d bge0 -d bge1 1

# ifconfig aggr1 plumb 192.168.84.14 up

How to Create a Link Aggregation(continuing)

34

# dladm show-aggr

device address speed duplex link statebge0 0:3:ba:7:b5:a7 1000 Mbps full up attached bge1 0:3:ba:8:22:3b 0 Mbps unknown down standby

key: 1 (0x0001) policy: L4 address: 0:3:ba:7:84:5e (auto)

# ifconfig -alo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1

inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2

inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e aggr1: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3

inet 192.168.84.14 netmask ff000000 broadcast 192.255.255.255

ether 0:3:ba:7:84:5e

Contents

35

Introduction

Solaris Management Facility (SMF)

IPMP and Link Aggregation

Solaris Zones

Zones Overview

The Solaris Zones partitioning technology is used to:

• Virtualize operating system services

• Provide an isolated and secure environment for running applications.

A zone is:

• A virtualized operating system environment created within a single instance of the Solaris10 OS.

• An application execution environment in which processes are isolated from the rest of the system.

Isolation prevents processes that are running in one zone from monitoring or affecting processes that are running in other zones.

36

When to Use Zones?

37

Two Types of Zones Global Zone

Is assigned ID 0 by the system

Provides the single instance of the Solaris kernel

Contains a complete installation of the Solaris system software packages

Can contain additional software packages or additional software

Holds configuration information specific to the global zone only

Is the only zone that is aware of all devices and all file systems

Is the only zone with knowledge of non-global zone existence and configuration

Is the only zone from which a non-global zone can be configured, installed,

managed, or uninstalled

38

Two Types of Zones

Non-Global Zone

Is assigned a zone ID by the system when the zone is booted

Shares operation under the Solaris kernel booted from the global zone

Contains an installed subset of the complete Solaris10 OS software

packages

Can contain additional installed software packages

Is not aware of the existence of any other zones

Cannot install, manage, or uninstall other zones, including itself

Has configuration information specific to that non-global zone only

Can have its own time zone setting

39

Creating а New Zone

1• Enter the zone configuration tool by using the zonecfg command.

2• Create a new zone definition with the create command.

3• Assign the zone to a file system, using the set zonepath command.

4• Use set autoboot command to make zone boot automatically.

5• Configure networking parameters, using the add net command and its subcommands.

6• Verify the configuration is syntactically correct, using the verify command.

7• Write the in-memory configuration to stable memory, using the commit command.

8• Install the zone, using the zoneadm command.

9• Boot the zone, using the zoneadm boot command.

10• Log on to the zone Console using the zlogin command

40

Creating а New Zone

41

# zonecfg -z email-zoneemail-zone: No such zone configuredUse 'create' to begin configuring a new zone.zonecfg:email-zone> createzonecfg:email-zone> set zonepath=/export/home/zones/email-zonezonecfg:my-zone> set autoboot=truezonecfg:email-zone> add netzonecfg:email-zone:net> set address=10.0.0.1zonecfg:email-zone:net> set physical=eri0zonecfg:email-zone:net> endzonecfg:email-zone> verifyzonecfg:email-zone> commit

zonecfg:email-zone> exit

# zoneadm -z email-zone install

Preparing to install zone email-zoneCreating list of files to copy from the global zone.[Some output was omitted here for brevity]Zone email-zone is initialized.# zoneadm -z email-zone boot# zlogin -C email-zone

Solaris 10Advanced Features

Prepared by Aram Avetisyan

Thank you...