solaris 10 advanced features
TRANSCRIPT
Solaris 10Advanced FeaturesPrepared by Aram Avetisyan
Contents
2
Introduction
Solaris Management Facility (SMF)
IPMP and Link Aggregation
Solaris Zones
Ինչ կստանաք այս դասընթացի արդյունքում
Ինֆորմացիա Solaris10 համակարգի նոր և առաջադեմհնարավորությունների մասին
Նոր փորձ
Նոր ծանոթություններ և ընկերներ
3
Ինչ նոր գիտելիքներ ձեռք կբերեք
SMF ծառայության հիմունքները Solaris10 համակարգում
Ինչպես միացնել, անջատել և վերաբեռնավորել ծառայությունները
IPMP և Link Aggregation տեխնոլոգիաների մասին սկզբնականգիտելիքներ
Որ դեպքերում են օգտագործվում այս տեխնոլոգիաները
Ինչպես կոնֆիգուրացնել IPMP և Link Aggregation տեխնոլոգիաները
Solaris Zone-ի առավելությունները
Ինչ խնդիրների լուծման համար կարող է օգտագործվել
Ինչպես ստեղծել և կոնֆիգուրացնել
4
Contents
5
Introduction
Solaris Management Facility (SMF)
IPMP and Link Aggregation
Solaris Zones
SMF Features
Services are represented as first-class objects that can be viewed and managed.
Failed services are automatically restarted in dependency order.
More information is available about misconfigured or misbehaving services.
Problems during the boot process are easier to debug.
Snapshots of service configurations are taken automatically,.
Services can be enabled and disabled using a supported tool.
Administrators can securely delegate tasks to non-root users more easily.
Large systems boot faster by starting services in parallel according to their dependencies.
6
The process “Refusing to Die”
7
UID PID PPID C STIME TTY TIME CMD root 330 1 0 14:21:05 ? 0:00 /usr/lib/sendmail -bd -q15m
smmsp 331 1 0 14:21:05 ? 0:00 /usr/lib/sendmail -Ac -q15m
UID PID PPID C STIME TTY TIME CMD root 530 1 0 14:51:02 ? 0:00 /usr/lib/sendmail -bd -q15m
smmsp 531 1 0 14:51:02 ? 0:00 /usr/lib/sendmail -Ac -q15m
# ps -fp `pgrep -d, sendmail`
# pkill -9 sendmail
# ps -fp `pgrep -d, sendmail`
Service NamesFMRI (Fault Managed Resource Identifier)
• svc://localhost/system/system-log:default
• svc:/system/system-log:default
• system/system-log:default
• system-log:default
• system-log
8
% svcs -a
STATE STIME FMRI ...online 11:19:35 svc:/network/nfs/status:defaultoffline 18:20:30 svc:/application/print/rfc1179:default maintenance 18:20:26 svc:/network/ntp:default
Enabling and disabling services
Old method SMF method
mv /etc/rc2.d/S75cron /etc/rc2.d/x.S75cron svcadm disable system/cron:default
edit /etc/inet/inetd.conf, uncomment the finger line svcadm enable network/finger:default
9
Stopping, starting, and restarting services
Old method SMF method
/etc/init.d/sshd stop svcadm disable -t network/ssh:default
/etc/init.d/sshd start svcadm enable -t network/ssh:default
/etc/init.d/sshd stop; /etc/init.d/sshd start svcadm restart network/ssh:default
kill -HUP `cat /var/run/sshd.pid` svcadm refresh network/ssh:default
Discovering What's Going Wrong
10
[ network/ntp:default starting (network time protocol (NTP)) ] Oct 25 13:58:42/49 ERROR: svc:/network/ntp:default:
Method "/lib/svc/method/xntp" failed with exit status 96. Oct 25 13:58:42 svc.startd[4]: svc:/network/ntp:default:
Method "/lib/svc/method/xntp" failed with exit status 96. [ network/ntp:default misconfigured (see 'svcs -x' for details) ]
# svcs -x svc:/network/ntp:default (Network Time Protocol (NTP).)
State: maintenance since Mon Oct 18 13:58:42 2004Reason: Start method exited with $SMF_EXIT_ERR_CONFIG.
See: http://sun.com/msg/SMF-8000-KSSee: ntpq(1M) See: ntpdate(1M)See: xntpd(1M)
Impact: 0 services are not running.
Log Files
The log files are located in /var/svc/log/ directory.
The log file name is based on the short form of FMRI, with “/”s replaced by “-”s.
Example:
Log file for the svc:/network/ntp:default is var/svc/log/network-ntp:default
11
Observing Services
12
% svcs -p network/smtp:sendmailSTATE STIME FMRIonline 18:20:30 svc:/network/smtp:sendmail
18:20:30 655 sendmail18:20:30 657 sendmail
% ps –fp 655,657UID PID PPID C STIME TTY TIME CMD
root 655 1 0 18:21:05 ? 0:00 /usr/lib/sendmail -bd -q15m
smmsp 657 1 0 18:21:05 ? 0:00 /usr/lib/sendmail -Ac -q15m
The "-p" option shows all the processes associated with a service:
Observing Services
13
The "-d" option shows what other services this service depends on, and the "-D" option shows
what other services depend on this service:
% svcs -d network/smtp:sendmailSTATE STIME FMRIonline 18:20:14 svc:/system/identity:domainonline 18:20:26 svc:/network/service:defaultonline 18:20:27 svc:/system/filesystem/local:defaultonline 18:20:27 svc:/milestone/name-services:defaultonline 18:20:27 svc:/system/system-log:defaultonline 18:20:30 svc:/system/filesystem/autofs:default
% svcs -D network/smtp:sendmail
STATE STIME FMRIonline 18:20:32 svc:/milestone/multi-user:default
Contents
14
Introduction
Solaris Management Facility (SMF)
IPMP and Link Aggregation
Solaris Zones
IPMP Features
Eliminates a single network adapter as a single point of failure in case of: Network adapter failure
Network link failure
Enables interfaces to fail over within approximately 10
Can be configured by adjusting the parameters in the
/etc/default/mpathd file
Can be configured for use with both IPv4 and IPv6
Enables interfaces to be configured as standby interfaces
15
IPMP Failure Detection
Probe based failure detection: Detects network error by sending ICMP ECHO_REQUEST messages
Link based failure detection: Detects network error by checking the IFF_RUNING
16
Probe Based IPMP Requirements
17
Probe Based IPMP
The Solaris 8 10/00 OS, as a minimum, must be installed.
Unique MAC addresses must be configured on each network interface.
Multiple network adapter interfaces
must be connected on each subnet.
An IPMP group name must be assigned to the
group of interfaces.
A test address is assigned to an
interface.
Additional hosts or devices must exist on
the same subnet.
Configuring Probe-Based IPMP
18
1 • Verify the Solaris OS release.
2 • Configure unique MAC addresses.
3 • Configure IP addresses.
4 • Configure one interface as part of an IPMP group.
5 • Configure a test address for the first interface.
6 • Configure a second interface as part of the same IPMP group.
7 • Configure a test address for the second interface.
8 • View the interface configuration.
Configuring Probe-Based IPMP
19
# cat /etc/release
Solaris 10 11/06 s10s_u3wos_10 SPARCCopyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.Assembled 14 November 2006
# eeprom "localmacaddress?=true”# ifconfig eri0 10.5.0.11 netmask + broadcast + up# ifconfig eri0 group mptest1
# ifconfig eri0 addif 10.5.0.61 netmask + broadcast + -failover deprecated up
# ifconfig qfe2 10.5.0.21 netmask + broadcast + group mptest1 up# ifconfig qfe2 addif 10.5.0.71 netmask + broadcast + -failover deprecated up
# ifconfig -a
Configuring Probe-Based IPMP using configuration files
20
# cat /etc/hostname.eri010.5.0.11 netmask + broadcast + group mptest1 up \addif 10.5.0.61 netmask + broadcast + -failover \deprecated up# cat /etc/hostname.qfe210.5.0.21 netmask + broadcast + group mptest1 up \addif 10.5.0.71 netmask + broadcast + -failover \deprecated up
# init 6
Link-Based IPMP Requirements
21
Link-Based IPMP
Solaris 9 12/02 OS, at a minimum, must be installed.
Network interfaces must use any of the
following drivers: hme, eri, ce, ge, bge, qfe, dmfe
Unique MAC addresses must be configured on each of the interfaces.
An IPMP group name must be
assigned to interfaces
Configuring Link-Based IPMP
22
1 • Verify the Solaris OS release.
2 • Configure unique MAC addresses.
3 • Define IP addresses.
4 • Configure the interfaces.
5 • View the interface configuration
Configuring Link-Based IPMP
23
# cat /etc/release
Solaris 10 11/06 s10s_u3wos_10 SPARCCopyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.Assembled 14 November 2006
# eeprom "localmacaddress?=true”
# ifconfig eri0 10.5.0.11 netmask + broadcast + group lgrp up
# ifconfig hme0 10.5.0.21 netmask + broadcast + group lgrp up
# ifconfig -a
Configuring Link-Based IPMP Using Configuration Files
24
# cat /etc/hostname.eri010.5.0.11 netmask + broadcast + group mptest1 up# cat /etc/hostname.hme010.5.0.21 netmask + broadcast + group mptest1 up# init 6
Configuring IPMP Parameters
25
# cat /etc/default/mpathd#pragma ident "@(#)mpathd.dfl 1.2 00/07/17 SMI"## Time taken by mpathd to detect a NIC failure in ms. The minimum time# that can be specified is 100 ms.#FAILURE_DETECTION_TIME=10000## Failback is enabled by default. To disable failback turn off thisoption#FAILBACK=yes## By default only interfaces configured as part of multipathing groups# are tracked. Turn off this option to track all network interfaces# on the system#TRACK_INTERFACES_ONLY_WITH_GROUPS=yes
Additional Resources
man ifconfig
man in.mpathd
docs.sun.com
26
Features of Link Aggregations
Increased bandwidth – The capacity of multiple links is combined into one logical link
Automatic failover/failback – Traffic from a failed link is failed over to working links in
the aggregation
Load balancing – Both inbound and outbound traffic is distributed according to user
selected load-balancing policies, such as source and destination MAC or IP addresses
Support for redundancy – Two systems can be configured with parallel aggregations.
Improved administration – All interfaces are administered as a single unit
Less drain on the network address pool – The entire aggregation can be assigned
one IP address
27
Link Aggregation Basics
For systems that run an application with distributed heavy traffic
For sites with limited IP address space that nevertheless require large amounts of
bandwidth
For sites that need to hide the existence of internal interfaces
28
You may use link aggregation in the following situations:
Basic Link Aggregation Topology
29
Link Aggregation Topology With a Switch
Back-to-Back Link Aggregations
Policies and Load Balancing
L2 – Determines the outgoing link by hashing the MAC (L2) header of
each packet
L3 – Determines the outgoing link by hashing the IP (L3) header of
each packet
L4 – Determines the outgoing link by hashing the TCP, UDP, or other
ULP (L4) header of each packet
30
Requirements for Link Aggregation
31
Link Aggregation
You must use the dladm command to
configure aggregations.
An interface that has been plumbed
cannot become a member of an aggregation.
Interfaces must be of the GLDv3 type: xge, e1000g, nge, rge, ixrgb and bge. All interfaces in the
aggregation must run at the same
speed and in full-duplex mode.
You must set the value for MAC
addresses to “true” in the EEPROM
parameter local-mac-address?
How to Create a Link Aggregation
32
1• Assume the Primary Administrator role, or become superuser.
2• Determine which interfaces are currently installed on your system.
3• Determine which interfaces have been plumbed.
4• Create an aggregation.
5• Configure and plumb the newly created aggregation.
6• Check the status of the aggregation you just created.
How to Create a Link Aggregation
33
% su root# dladm show-link
ce0 type: legacy mtu: 1500 device: ce0ce1 type: legacy mtu: 1500 device: ce1bge0 type: non-vlan mtu: 1500 device: bge0bge1 type: non-vlan mtu: 1500 device: bge1bge2 type: non-vlan mtu: 1500 device: bge2
# ifconfig -a
lo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu8232 index 1
inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e
# dladm create-aggr -d bge0 -d bge1 1
# ifconfig aggr1 plumb 192.168.84.14 up
How to Create a Link Aggregation(continuing)
34
# dladm show-aggr
device address speed duplex link statebge0 0:3:ba:7:b5:a7 1000 Mbps full up attached bge1 0:3:ba:8:22:3b 0 Mbps unknown down standby
key: 1 (0x0001) policy: L4 address: 0:3:ba:7:84:5e (auto)
# ifconfig -alo0: flags=2001000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000 ce0: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.84.253 netmask ffffff00 broadcast 192.168.84.255 ether 0:3:ba:7:84:5e aggr1: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.84.14 netmask ff000000 broadcast 192.255.255.255
ether 0:3:ba:7:84:5e
Contents
35
Introduction
Solaris Management Facility (SMF)
IPMP and Link Aggregation
Solaris Zones
Zones Overview
The Solaris Zones partitioning technology is used to:
• Virtualize operating system services
• Provide an isolated and secure environment for running applications.
A zone is:
• A virtualized operating system environment created within a single instance of the Solaris10 OS.
• An application execution environment in which processes are isolated from the rest of the system.
Isolation prevents processes that are running in one zone from monitoring or affecting processes that are running in other zones.
36
When to Use Zones?
37
Two Types of Zones Global Zone
Is assigned ID 0 by the system
Provides the single instance of the Solaris kernel
Contains a complete installation of the Solaris system software packages
Can contain additional software packages or additional software
Holds configuration information specific to the global zone only
Is the only zone that is aware of all devices and all file systems
Is the only zone with knowledge of non-global zone existence and configuration
Is the only zone from which a non-global zone can be configured, installed,
managed, or uninstalled
38
Two Types of Zones
Non-Global Zone
Is assigned a zone ID by the system when the zone is booted
Shares operation under the Solaris kernel booted from the global zone
Contains an installed subset of the complete Solaris10 OS software
packages
Can contain additional installed software packages
Is not aware of the existence of any other zones
Cannot install, manage, or uninstall other zones, including itself
Has configuration information specific to that non-global zone only
Can have its own time zone setting
39
Creating а New Zone
1• Enter the zone configuration tool by using the zonecfg command.
2• Create a new zone definition with the create command.
3• Assign the zone to a file system, using the set zonepath command.
4• Use set autoboot command to make zone boot automatically.
5• Configure networking parameters, using the add net command and its subcommands.
6• Verify the configuration is syntactically correct, using the verify command.
7• Write the in-memory configuration to stable memory, using the commit command.
8• Install the zone, using the zoneadm command.
9• Boot the zone, using the zoneadm boot command.
10• Log on to the zone Console using the zlogin command
40
Creating а New Zone
41
# zonecfg -z email-zoneemail-zone: No such zone configuredUse 'create' to begin configuring a new zone.zonecfg:email-zone> createzonecfg:email-zone> set zonepath=/export/home/zones/email-zonezonecfg:my-zone> set autoboot=truezonecfg:email-zone> add netzonecfg:email-zone:net> set address=10.0.0.1zonecfg:email-zone:net> set physical=eri0zonecfg:email-zone:net> endzonecfg:email-zone> verifyzonecfg:email-zone> commit
zonecfg:email-zone> exit
# zoneadm -z email-zone install
Preparing to install zone email-zoneCreating list of files to copy from the global zone.[Some output was omitted here for brevity]Zone email-zone is initialized.# zoneadm -z email-zone boot# zlogin -C email-zone
Solaris 10Advanced Features
Prepared by Aram Avetisyan
Thank you...