1)What can I do if Solaris won't boot?
You need to boot from your install CD. Insert the Solaris Software CD in your CDROM drive. If your CDROM drive/BIOS isn't bootable, first insert the "Device Configuration Assistant" (DCA) diskette. At the "Boot Solaris" menu, choose "CD."
At the "Type of Installation: Interactive or JumpStart" menu, type "b -s"
Or, after the video configuration, network, time and date you'll notice one of the menu's has a button: [Exit] Select Exit and, when it asks you again "do you want to exit?," just say yes.
Once you're at the UNIX root prompt #, you can mount the boot drive with "mount /dev/dsk/c0t0d0s0 /mnt"" and view anything wrong with the boot drive (omit the "t0" for ATAPI).
2)How do I restore the Solaris boot block without reinstalling?
This may happen when installing a boot manager that comes with another operating system (such as LILO from Linux) or an after-market multi-OS boot manager. These sometimes trample's active partition, which in our case is Solaris. Also, moving the Solaris partition with a partition manager program such as Partition Magic requires reinstalling the Solaris boot block. Before taking these steps, first verify the Solaris partition is active. If it isn't, just make the Solaris partition active and reboot. Otherwise follow the steps below.
1. Boot from CD-ROM and get the root prompt, #, as described in the previous question, 7.1.
2. Determine the controller, disk number, and partition. The boot disk is /dev/rdsk/c?t?d?p? where ? is the controller #, target ID, and disk #, and partition #. Omit "t?" for ATAPI E.g., /dev/rdsk/c0d0p0
3. Verify it's the correct device correct with prtvtoc for the drive: This is VERY important; if it's wrong, you you may hose another partition: prtvtoc /dev/rdsk/c0t0d0p0 (omit "t0" for ATAPI, always use p0, which means the "entire drive"). The prtvtoc prints out the map for the Solaris partition on the hard drive, if found. The partitions shown on the output are actually "slices" within the Solaris partition.
4. Restore the boot block as follows:
/sbin/fdisk -b /usr/lib/fs/ufs/mboot (raw disk dev)
E.g., for SCSI it might be:
/sbin/fdisk -b /usr/lib/fs/ufs/mboot /dev/rdsk/c0t0d0p0
(omit "t0" for ATAPI)
You need to boot from your install CD. Insert the Solaris Software CD in your CDROM drive. If your CDROM drive/BIOS isn't bootable, first insert the "Device Configuration Assistant" (DCA) diskette. At the "Boot Solaris" menu, choose "CD."
At the "Type of Installation: Interactive or JumpStart" menu, type "b -s"
Or, after the video configuration, network, time and date you'll notice one of the menu's has a button: [Exit] Select Exit and, when it asks you again "do you want to exit?," just say yes.
Once you're at the UNIX root prompt #, you can mount the boot drive with "mount /dev/dsk/c0t0d0s0 /mnt"" and view anything wrong with the boot drive (omit the "t0" for ATAPI).
2)How do I restore the Solaris boot block without reinstalling?
This may happen when installing a boot manager that comes with another operating system (such as LILO from Linux) or an after-market multi-OS boot manager. These sometimes trample's active partition, which in our case is Solaris. Also, moving the Solaris partition with a partition manager program such as Partition Magic requires reinstalling the Solaris boot block. Before taking these steps, first verify the Solaris partition is active. If it isn't, just make the Solaris partition active and reboot. Otherwise follow the steps below.
1. Boot from CD-ROM and get the root prompt, #, as described in the previous question, 7.1.
2. Determine the controller, disk number, and partition. The boot disk is /dev/rdsk/c?t?d?p? where ? is the controller #, target ID, and disk #, and partition #. Omit "t?" for ATAPI E.g., /dev/rdsk/c0d0p0
3. Verify it's the correct device correct with prtvtoc for the drive: This is VERY important; if it's wrong, you you may hose another partition: prtvtoc /dev/rdsk/c0t0d0p0 (omit "t0" for ATAPI, always use p0, which means the "entire drive"). The prtvtoc prints out the map for the Solaris partition on the hard drive, if found. The partitions shown on the output are actually "slices" within the Solaris partition.
4. Restore the boot block as follows:
/sbin/fdisk -b /usr/lib/fs/ufs/mboot (raw disk dev)
E.g., for SCSI it might be:
/sbin/fdisk -b /usr/lib/fs/ufs/mboot /dev/rdsk/c0t0d0p0
(omit "t0" for ATAPI)
5. Finally, remove your CDROM and diskette media and type "/sbin/shutdown -i6" to reboot. The Solaris Multiple Device Boot Menu should appear after rebooting. If not, you can always to an upgrade (re-)install.
Note: This procedure does NOT make your Solaris partition active again (sometimes needed after installing another operating system, such as Windows, on the same disk), it just writes to your bootblock IN your Solaris partition. To learn more about the Solaris boot process, read the boot(1M) man page.
3)How do I logon as root if the password doesn't work anymore?
Regaining control of a Solaris x86 system where the root password has been lost can be accomplished by the following steps. Note that any savvy user can do this with the proper CD-ROM and diskette. Therefore, of course, physical security of a system is important for machines containing sensitive data.
1. Insert installation boot diskette and installation CD-ROM for Solaris x86.
2. Boot system from the installation floppy and select the CD-ROM as the boot device.
3. Type "b -s" (instead of typing 1 or 2 from the menu) and it'll drop you straight to a root shell, #, (and you'll be in single-user mode).
4. At the root prompt, #, key in the following commands, which will create a directory called hdrive under the /tmp directory and then mount the root hard drive partition under this temporary directory.
5. mkdir /tmp/hdrive
6. mount /dev/dsk/c0t0d0s0 /tmp/hdrive #SCSI; for ATAPI, omit "t0"
7. To use the vi editor, the TERM variable must be defined. Key in the following commands.
8. TERM=at386
9. export TERM
10. Start vi (or some other editor) and load /tmp/hdrive/etc/shadow file:
11. vi /tmp/hdrive/etc/shadow
12. Change the first line of the shadow file that has the root entry to:
13. root::6445::::::
14. Write and quit the vi editor with the "!" override command:
15. :wq!
16. Remove the floppy installation diskette, and reboot the system:
17. /sbin/shutdown -i6
18. When system has rebooted from the hard drive, you can now log in from the Console Login: as root with no password. Just hit enter for the password.
19. After logging in as root, use the passwd command to change the root password and secure the system.
Andreas Pfaffeneder has a simpler suggested to recover the password:
Choose the Failsafe-Boot option (which results in kernel/unix -s), answer "Yes" when you are prompted if / of the installed system should be mounted. Chroot into the system and change the password:
# chroot /a /bin/bash
# passwd
# /sbin/shutdown -i6
4)How can I fix Netscape Communicator to render fonts correctly on S/x86?
This problem occurs with Solaris 2.6 and Netscape Communicator 4.0x, and has since been fixed. Apply patch 106248, which I'm told fixes this problem. A workaround is to add the following two lines to your ~/.xinitrc file:
xset +fp /usr/openwin/lib/X11/fonts/75dpi/
xset fp rehash
Another workaround, if you don't have these fonts, is to go into Netscape Preferences and change the font faces.
5)Why is Solaris always booting into the Device Configuration Assistant (DCA)?
This is usually caused by one of the following:
• You installed Solaris onto a disk other than the primary boot disk.
• You didn't remove your DCA boot diskette or if you didn't remove your installation CD-ROM if it's in a bootable CD-ROM drive.
• File /boot/solaris/bootenv.rc is corrupt or truncated, usually after a hard reboot or reset. This file is setup and used by DCA. It should contain several lines.
To change or set your default boot device, See Sun FAQ 2271-02 at http://access1.Sun.COM/cgi-bin/rinfo2html?227102.faq for instructions. To summarize:
• From the "Boot Solaris" screen, press F4 (Boot Tasks).
• On the "Boot Tasks" screen, press Enter to place an "X" in front of "View/Edit Autoboot Settings."
• In the "View/Edit Autoboot Settings" screen, note that the Default Boot Device will not be set to any valid device. Place an "X" in front of Set Default Boot Device and press F2 (Continue).
• On the Set Default Boot Device screen, place an X in front of the correct disk and press F2 (Continue).
• Arrow up to the Accept Settings and press Enter to mark with an "X". Press F2 (Continue) to return to the Boot Tasks screen.
• Press F3 (Back). It will load appropriate drivers after which you will be at the Boot Solaris screen. Press F2 (Continue) to continue booting
6)Help! I get error 2 or error 8 while applying patches. What do I do?
Don't do anything. Error 2 means you already have the same or newer code. Error 8 means you can't patch some optional packages that haven't been installed, even if you did "everything plus OEM" during the original installation. Other errors, usually from lack of disk space, are explained in the patchadd(1M) man page.
7)I get this error message: "can't get local host's domain name" or "The local host's domain name hasn't been set." What do I do?
This is a NIS message. The easiest way to fix it is to type the following as root:
domainname abc.com; domainname >/etc/defaultdomain
Note: This procedure does NOT make your Solaris partition active again (sometimes needed after installing another operating system, such as Windows, on the same disk), it just writes to your bootblock IN your Solaris partition. To learn more about the Solaris boot process, read the boot(1M) man page.
3)How do I logon as root if the password doesn't work anymore?
Regaining control of a Solaris x86 system where the root password has been lost can be accomplished by the following steps. Note that any savvy user can do this with the proper CD-ROM and diskette. Therefore, of course, physical security of a system is important for machines containing sensitive data.
1. Insert installation boot diskette and installation CD-ROM for Solaris x86.
2. Boot system from the installation floppy and select the CD-ROM as the boot device.
3. Type "b -s" (instead of typing 1 or 2 from the menu) and it'll drop you straight to a root shell, #, (and you'll be in single-user mode).
4. At the root prompt, #, key in the following commands, which will create a directory called hdrive under the /tmp directory and then mount the root hard drive partition under this temporary directory.
5. mkdir /tmp/hdrive
6. mount /dev/dsk/c0t0d0s0 /tmp/hdrive #SCSI; for ATAPI, omit "t0"
7. To use the vi editor, the TERM variable must be defined. Key in the following commands.
8. TERM=at386
9. export TERM
10. Start vi (or some other editor) and load /tmp/hdrive/etc/shadow file:
11. vi /tmp/hdrive/etc/shadow
12. Change the first line of the shadow file that has the root entry to:
13. root::6445::::::
14. Write and quit the vi editor with the "!" override command:
15. :wq!
16. Remove the floppy installation diskette, and reboot the system:
17. /sbin/shutdown -i6
18. When system has rebooted from the hard drive, you can now log in from the Console Login: as root with no password. Just hit enter for the password.
19. After logging in as root, use the passwd command to change the root password and secure the system.
Andreas Pfaffeneder has a simpler suggested to recover the password:
Choose the Failsafe-Boot option (which results in kernel/unix -s), answer "Yes" when you are prompted if / of the installed system should be mounted. Chroot into the system and change the password:
# chroot /a /bin/bash
# passwd
# /sbin/shutdown -i6
4)How can I fix Netscape Communicator to render fonts correctly on S/x86?
This problem occurs with Solaris 2.6 and Netscape Communicator 4.0x, and has since been fixed. Apply patch 106248, which I'm told fixes this problem. A workaround is to add the following two lines to your ~/.xinitrc file:
xset +fp /usr/openwin/lib/X11/fonts/75dpi/
xset fp rehash
Another workaround, if you don't have these fonts, is to go into Netscape Preferences and change the font faces.
5)Why is Solaris always booting into the Device Configuration Assistant (DCA)?
This is usually caused by one of the following:
• You installed Solaris onto a disk other than the primary boot disk.
• You didn't remove your DCA boot diskette or if you didn't remove your installation CD-ROM if it's in a bootable CD-ROM drive.
• File /boot/solaris/bootenv.rc is corrupt or truncated, usually after a hard reboot or reset. This file is setup and used by DCA. It should contain several lines.
To change or set your default boot device, See Sun FAQ 2271-02 at http://access1.Sun.COM/cgi-bin/rinfo2html?227102.faq for instructions. To summarize:
• From the "Boot Solaris" screen, press F4 (Boot Tasks).
• On the "Boot Tasks" screen, press Enter to place an "X" in front of "View/Edit Autoboot Settings."
• In the "View/Edit Autoboot Settings" screen, note that the Default Boot Device will not be set to any valid device. Place an "X" in front of Set Default Boot Device and press F2 (Continue).
• On the Set Default Boot Device screen, place an X in front of the correct disk and press F2 (Continue).
• Arrow up to the Accept Settings and press Enter to mark with an "X". Press F2 (Continue) to return to the Boot Tasks screen.
• Press F3 (Back). It will load appropriate drivers after which you will be at the Boot Solaris screen. Press F2 (Continue) to continue booting
6)Help! I get error 2 or error 8 while applying patches. What do I do?
Don't do anything. Error 2 means you already have the same or newer code. Error 8 means you can't patch some optional packages that haven't been installed, even if you did "everything plus OEM" during the original installation. Other errors, usually from lack of disk space, are explained in the patchadd(1M) man page.
7)I get this error message: "can't get local host's domain name" or "The local host's domain name hasn't been set." What do I do?
This is a NIS message. The easiest way to fix it is to type the following as root:
domainname abc.com; domainname >/etc/defaultdomain
8)My system doesn't boot due to superblock problems with the root filesystem. What do I do?
Normally, you reboot in single user mode and run /usr/bin/fsck as root and everything is OK. If you get a message about errors/problems on /dev/dsk/c0d0s0, are told to run fsck manually in single user mode, and get this message:
BAD SUPER BLOCK: BAD VALUES IN SUPERBLOCK USE AN ALTERNATIVE SUPERBLOCK to SUPPLY NEEDED INFORMATION e.g. fsck -F ufs -b=# [special].
then you may be able to recover from this if the disk isn't entirely corrupted. The superblock stores important information about the file system. Because it is so important it is duplicated in several places. Hopefully one of the backup superblocks isn't corrupted. To see duplicate locations of superblock, use newfs -Nv. For example, if your root slice is at /dev/dsk/c0d0s0, run this command:
# newfs -Nv /dev/dsk/c0d0s0 You must specify -Nv so you don't clobber your root slice with a new filesystem. Your output should look like this:
# newfs -Nv /dev/dsk/c0d0s0
mkfs -F ufs -o N /dev/rdsk/c0d0s0 614880 63 16 8192 1024 16 10 60 2048 t
0 -1 8
7 n
/dev/rdsk/c0d0s0: 614880 sectors in 610 cylinders of 16 tracks, 63
sectors
300.2MB in 39 cyl groups (16 c/g, 7.88MB/g, 3776 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 16224, 32416, 48608, 64800, 80992, 97184, 113376, 129568, 145760,
468576, 484768, 500960, 516128, 532320, 548512, 564704, 580896, 597088,
613280,
Note the numbers following "super-block backups." Use one of the numbers in fsck (e.g., 32) and use it with the fsck -F -o b= option:
# fsck -F ufs -o b=32
You may get a message FREE BLK COUNT(S) WRONG IN SUPERBLOCK SALVAGE? or FILE SYSTEM STATE IN SUPERBLOCK IS WRONG; FIX? In either case, type "yes" and press return. You should get a FILE SYSTEM WAS MODIFIED message. Reboot your system. If system complains about shutdown not being found do a halt -q. Now, hopefully, your system will boot up with out any problems
Normally, you reboot in single user mode and run /usr/bin/fsck as root and everything is OK. If you get a message about errors/problems on /dev/dsk/c0d0s0, are told to run fsck manually in single user mode, and get this message:
BAD SUPER BLOCK: BAD VALUES IN SUPERBLOCK USE AN ALTERNATIVE SUPERBLOCK to SUPPLY NEEDED INFORMATION e.g. fsck -F ufs -b=# [special].
then you may be able to recover from this if the disk isn't entirely corrupted. The superblock stores important information about the file system. Because it is so important it is duplicated in several places. Hopefully one of the backup superblocks isn't corrupted. To see duplicate locations of superblock, use newfs -Nv. For example, if your root slice is at /dev/dsk/c0d0s0, run this command:
# newfs -Nv /dev/dsk/c0d0s0 You must specify -Nv so you don't clobber your root slice with a new filesystem. Your output should look like this:
# newfs -Nv /dev/dsk/c0d0s0
mkfs -F ufs -o N /dev/rdsk/c0d0s0 614880 63 16 8192 1024 16 10 60 2048 t
0 -1 8
7 n
/dev/rdsk/c0d0s0: 614880 sectors in 610 cylinders of 16 tracks, 63
sectors
300.2MB in 39 cyl groups (16 c/g, 7.88MB/g, 3776 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 16224, 32416, 48608, 64800, 80992, 97184, 113376, 129568, 145760,
468576, 484768, 500960, 516128, 532320, 548512, 564704, 580896, 597088,
613280,
Note the numbers following "super-block backups." Use one of the numbers in fsck (e.g., 32) and use it with the fsck -F -o b= option:
# fsck -F ufs -o b=32
You may get a message FREE BLK COUNT(S) WRONG IN SUPERBLOCK SALVAGE? or FILE SYSTEM STATE IN SUPERBLOCK IS WRONG; FIX? In either case, type "yes" and press return. You should get a FILE SYSTEM WAS MODIFIED message. Reboot your system. If system complains about shutdown not being found do a halt -q. Now, hopefully, your system will boot up with out any problems
9)Changing a hostname
The following steps are required to change a Sun system's hostname.
• /etc/hosts.allow (to correct access permissions)
• /etc/dfs/dfstab on this system's NFS servers (to allow proper mount access)
• /etc/vfstab on this system's NFS clients (so they will point at the correct server)
• kerberos configurations
• ethers and hosts NIS maps
• DNS information
• Netgroup information
• cron jobs should be reviewed.
• Other hostname-specific scripts and configuration files.
Additional steps may be required in order to correct issues involving other systems.
Having said all that, the minumum number of changes required are:
• /etc/nodename
• /etc/hosts
• /etc/hostname.*
• /etc/net/*/hosts
10)NFS Troubleshooting
Sun's web pages contain substantial information about NFS services; search for an NFS Administration Guide or NFS Server Performance and Tuning Guide for the version of Solaris you are running. The share_nfs man page contains specific information about export options.
If NFS is not working at all, try the following:
• Make sure that the NFS server daemons are running. In particular, check for statd, lockd, nfsd and rarpd. If the daemons are not running, they can be started by running /etc/init.d/nfs.server start. See Daemons below for information on NFS-related daemons.
• Check the /etc/dfs/dfstab and type shareall.
• Use share or showmount -e to see which filesystems are currently exported, and to whom. showmount -a shows who the server believes is actually mounting which filesystems.
• Make sure that your name service is translating the server and client hostnames correctly on both ends. Check the server logs to see if there are messages regarding failed or rejected mount attempts; check to make sure that the hostnames are correct in these messages.
• Make sure that the /etc/net/*/hosts files on both ends report the correct hostnames. Reboot if these have to be edited.
If you are dealing with a performance issue, check
• Network Issues
• CPU Useage
• Memory Levels
• Disk I/O
• Increase the number of nfsd threads in /etc/init.d/nfs.server if the problem is that requests are waiting for a turn. Note that this does increase memory useage by the kernel, so make sure that there is enough RAM in the server to handle the additional load.
• Where possible, mount filesystem with the ro option to prevent additional, unnecessary attribute traffic.
• If attribute caching does not make sense (for example, with a mail spool), mount the filesystem with the noac option. If nfsstat reports a high getattr level, actimeo may need to be increased (if the attributes do not change too often).
• nfsstat reports on most NFS-related statistics. The nfsstat page includes information on tuning suggestions for different types of problems that can be revealed with nfsstat.
If these steps do not resolve the issue, structural changes may be required:
• cachefs can be used to push some of the load from the NFS server onto the NFS clients. To be useful, cfsadmin should be used to increase maxfilesize for the cache to a value high enough to allow for the caching of commonly-used files. (The default value is 3 Mb.)
11)NFS Client
When a client makes a request to the NFS server, a file handle is returned. The file handle is a 32 byte structure which is interpreted by the NFS server. Commonly, the file handle includes a file system ID, inode number and the generation number of the inode. (The latter can be used to return a "stale file handle" error message if the inode has been freed and re-used between client file accesses.)
If a response is not received for a request, it is resent, but with an incremented xid (transmission ID). This can happen because of congestion on the network or the server, and can be observed with a snoop session between server and client.
The server handles retransmissions differently depending on whether the requests are idempotent (can be executed several times without ill effect) or nonidempotent (cannot be executed several times). Examples of these would include things like reads and getattrs versus writes, creates and removes. The system maintains a cache of nonidempotent requests so that appropriate replies can be returned.
Daemons
The following daemons play a critical role in NFS service:
• biod: On the client end, handles asynchronous I/O for blocks of NFS files.
• nfsd: Listens and responds to client NFS requests.
• mountd: Handles mount requests.
• lockd: Network lock manager.
• statd: Network status manager
12)Solaris Filesystem Troubleshooting
Filesystem corruption can be detected and often repaired by the format and fsck commands. If the filesystem corruption is not due to an improper system shutdown, the hard drive hardware may need to be replaced.
ufs filesystems contain the following types of blocks:
• boot block: This stores information used to boot the system.
• superblock: Much of the filesystems internal information is stored in these.
• inode: Stores location information about a file--everything except for the file name. The number of inodes in a filesystem can be changed from the default if newfs -i is used to create the filesystem.
• data block: The file's data is stored in these.
fsck
The fsck command is run on each filesystem at boot time. This utility checks the internal consistency of the filesystem, and can make simple repairs on its own. More complex repairs require feedback from the root user, either in terms of a "y" keyboard response to queries, or invocation with the -y option.
If fsck cannot determine where a file belongs, the file may be renamed to its inode number and placed in the filesystem's lost+found directory. If a file is missing after a noisy fsck session, it may still be intact in the lost+found directory.
Sometimes the fsck command complains that it cannot find the superblock. Alternative superblock locations were created by newfs at the time that the filesystem was created. The newfs -N command can be invoked to nondestructively discover the superblock locations for the filesystem.
ufs filesystems can carry "state flags" that have the value of fsclean, fsstable, fsactive or fsbad (unknown). These can be used by fsck during boot time to skip past filesystems that are believed to be okay.
format
The analyze option of format can be used to examine the hard drive for flaws in a nondestructive fashion.
df
df can be used to check a filesystem's available space. Of particular interest is df -kl, which checks available space for all local filesystems and prints out the statistics in kilobytes. Solaris 10 also allows us to use df -h, which presents the statistics in a more human-friendly form that doesn't require counting digits to decide whether a file is 100M or 1G in size.
du
du can be used to check space used by a directory. In particular, du -dsk will report useage in kilobytes of a directory and its descendants, without including space totals from other filesystems.
Filesystem Tuning
Filesystem performance can be improved by looking at filesystem caching issues.
The following tuning parameters may be valuable in tuning filesystem performance with tunefs or mkfs/newfs:
• inode count: The default is based upon an assumption of average file sizes of 2 KB. This can be set with mkfs/newfs at the time of filesystem creation.
• time/space optimization: Optimization can be set to allow for fastest performance or most efficient space useage.
• minfree: In Solaris 2.6+, this is set to (64 MB / filesystem size) x 100. Filesystems in earlier OS versions reserved 10%. This parameter specifies how much space is to be left empty in order to preserve filesystem performance.
• maxbpg: This is the maximum number of blocks a file can leave in a single cylinder group. Increasing this limit can improve large file performance, but may have a negative impact on small file performance
14)Filesystem Performance Monitoring
McDougall, Mauro and Gregg suggest that the best way to see if I/O is a problem at all is to look at the amount of time spent on POSIX read() and write() system calls via DTrace. If so, we need to look at the raw disk I/O performance.
iostat
As with most of the monitoring commands, the first line of iostat reflects a summary of statistics since boot time. To look at meaningful real-time data, run iostat with a time step (eg iostat 30) and look at the lines that report summaries over the time step intervals.
For Solaris 2.6 and higher, use iostat -xPnce 30 to get information including the common device names of the disk partitions, CPU statistics, error statistics, and extended disk statistics.
For Solaris 2.5.1 and earlier, or for more compact output, use iostat -xc 30 to get the extended disk and CPU statistics.
In either case, the information reported is:
• disk: Disk device name.
• r/s, w/s: Average reads/writes per second.
• Kr/s, Kw/s: Average Kb read/written per second.
• wait: Time spent by a process while waiting for block
(eg disk) I/O to complete. (See Notes on Odd Behavior below.)
• actv: Number of active requests in the hardware queue.
• %w: Occupancy of the wait queue.
• %b: Occupancy of the active queue with the device busy.
• svc_t: Service time (ms). Includes everything: wait time, active queue time, seek rotation, transfer time.
• us/sy: User/system CPU time (%).
• wt: Wait for I/O (%).
• id: Idle time (%)
The following steps are required to change a Sun system's hostname.
• /etc/hosts.allow (to correct access permissions)
• /etc/dfs/dfstab on this system's NFS servers (to allow proper mount access)
• /etc/vfstab on this system's NFS clients (so they will point at the correct server)
• kerberos configurations
• ethers and hosts NIS maps
• DNS information
• Netgroup information
• cron jobs should be reviewed.
• Other hostname-specific scripts and configuration files.
Additional steps may be required in order to correct issues involving other systems.
Having said all that, the minumum number of changes required are:
• /etc/nodename
• /etc/hosts
• /etc/hostname.*
• /etc/net/*/hosts
10)NFS Troubleshooting
Sun's web pages contain substantial information about NFS services; search for an NFS Administration Guide or NFS Server Performance and Tuning Guide for the version of Solaris you are running. The share_nfs man page contains specific information about export options.
If NFS is not working at all, try the following:
• Make sure that the NFS server daemons are running. In particular, check for statd, lockd, nfsd and rarpd. If the daemons are not running, they can be started by running /etc/init.d/nfs.server start. See Daemons below for information on NFS-related daemons.
• Check the /etc/dfs/dfstab and type shareall.
• Use share or showmount -e to see which filesystems are currently exported, and to whom. showmount -a shows who the server believes is actually mounting which filesystems.
• Make sure that your name service is translating the server and client hostnames correctly on both ends. Check the server logs to see if there are messages regarding failed or rejected mount attempts; check to make sure that the hostnames are correct in these messages.
• Make sure that the /etc/net/*/hosts files on both ends report the correct hostnames. Reboot if these have to be edited.
If you are dealing with a performance issue, check
• Network Issues
• CPU Useage
• Memory Levels
• Disk I/O
• Increase the number of nfsd threads in /etc/init.d/nfs.server if the problem is that requests are waiting for a turn. Note that this does increase memory useage by the kernel, so make sure that there is enough RAM in the server to handle the additional load.
• Where possible, mount filesystem with the ro option to prevent additional, unnecessary attribute traffic.
• If attribute caching does not make sense (for example, with a mail spool), mount the filesystem with the noac option. If nfsstat reports a high getattr level, actimeo may need to be increased (if the attributes do not change too often).
• nfsstat reports on most NFS-related statistics. The nfsstat page includes information on tuning suggestions for different types of problems that can be revealed with nfsstat.
If these steps do not resolve the issue, structural changes may be required:
• cachefs can be used to push some of the load from the NFS server onto the NFS clients. To be useful, cfsadmin should be used to increase maxfilesize for the cache to a value high enough to allow for the caching of commonly-used files. (The default value is 3 Mb.)
11)NFS Client
When a client makes a request to the NFS server, a file handle is returned. The file handle is a 32 byte structure which is interpreted by the NFS server. Commonly, the file handle includes a file system ID, inode number and the generation number of the inode. (The latter can be used to return a "stale file handle" error message if the inode has been freed and re-used between client file accesses.)
If a response is not received for a request, it is resent, but with an incremented xid (transmission ID). This can happen because of congestion on the network or the server, and can be observed with a snoop session between server and client.
The server handles retransmissions differently depending on whether the requests are idempotent (can be executed several times without ill effect) or nonidempotent (cannot be executed several times). Examples of these would include things like reads and getattrs versus writes, creates and removes. The system maintains a cache of nonidempotent requests so that appropriate replies can be returned.
Daemons
The following daemons play a critical role in NFS service:
• biod: On the client end, handles asynchronous I/O for blocks of NFS files.
• nfsd: Listens and responds to client NFS requests.
• mountd: Handles mount requests.
• lockd: Network lock manager.
• statd: Network status manager
12)Solaris Filesystem Troubleshooting
Filesystem corruption can be detected and often repaired by the format and fsck commands. If the filesystem corruption is not due to an improper system shutdown, the hard drive hardware may need to be replaced.
ufs filesystems contain the following types of blocks:
• boot block: This stores information used to boot the system.
• superblock: Much of the filesystems internal information is stored in these.
• inode: Stores location information about a file--everything except for the file name. The number of inodes in a filesystem can be changed from the default if newfs -i is used to create the filesystem.
• data block: The file's data is stored in these.
fsck
The fsck command is run on each filesystem at boot time. This utility checks the internal consistency of the filesystem, and can make simple repairs on its own. More complex repairs require feedback from the root user, either in terms of a "y" keyboard response to queries, or invocation with the -y option.
If fsck cannot determine where a file belongs, the file may be renamed to its inode number and placed in the filesystem's lost+found directory. If a file is missing after a noisy fsck session, it may still be intact in the lost+found directory.
Sometimes the fsck command complains that it cannot find the superblock. Alternative superblock locations were created by newfs at the time that the filesystem was created. The newfs -N command can be invoked to nondestructively discover the superblock locations for the filesystem.
ufs filesystems can carry "state flags" that have the value of fsclean, fsstable, fsactive or fsbad (unknown). These can be used by fsck during boot time to skip past filesystems that are believed to be okay.
format
The analyze option of format can be used to examine the hard drive for flaws in a nondestructive fashion.
df
df can be used to check a filesystem's available space. Of particular interest is df -kl, which checks available space for all local filesystems and prints out the statistics in kilobytes. Solaris 10 also allows us to use df -h, which presents the statistics in a more human-friendly form that doesn't require counting digits to decide whether a file is 100M or 1G in size.
du
du can be used to check space used by a directory. In particular, du -dsk will report useage in kilobytes of a directory and its descendants, without including space totals from other filesystems.
Filesystem Tuning
Filesystem performance can be improved by looking at filesystem caching issues.
The following tuning parameters may be valuable in tuning filesystem performance with tunefs or mkfs/newfs:
• inode count: The default is based upon an assumption of average file sizes of 2 KB. This can be set with mkfs/newfs at the time of filesystem creation.
• time/space optimization: Optimization can be set to allow for fastest performance or most efficient space useage.
• minfree: In Solaris 2.6+, this is set to (64 MB / filesystem size) x 100. Filesystems in earlier OS versions reserved 10%. This parameter specifies how much space is to be left empty in order to preserve filesystem performance.
• maxbpg: This is the maximum number of blocks a file can leave in a single cylinder group. Increasing this limit can improve large file performance, but may have a negative impact on small file performance
14)Filesystem Performance Monitoring
McDougall, Mauro and Gregg suggest that the best way to see if I/O is a problem at all is to look at the amount of time spent on POSIX read() and write() system calls via DTrace. If so, we need to look at the raw disk I/O performance.
iostat
As with most of the monitoring commands, the first line of iostat reflects a summary of statistics since boot time. To look at meaningful real-time data, run iostat with a time step (eg iostat 30) and look at the lines that report summaries over the time step intervals.
For Solaris 2.6 and higher, use iostat -xPnce 30 to get information including the common device names of the disk partitions, CPU statistics, error statistics, and extended disk statistics.
For Solaris 2.5.1 and earlier, or for more compact output, use iostat -xc 30 to get the extended disk and CPU statistics.
In either case, the information reported is:
• disk: Disk device name.
• r/s, w/s: Average reads/writes per second.
• Kr/s, Kw/s: Average Kb read/written per second.
• wait: Time spent by a process while waiting for block
(eg disk) I/O to complete. (See Notes on Odd Behavior below.)
• actv: Number of active requests in the hardware queue.
• %w: Occupancy of the wait queue.
• %b: Occupancy of the active queue with the device busy.
• svc_t: Service time (ms). Includes everything: wait time, active queue time, seek rotation, transfer time.
• us/sy: User/system CPU time (%).
• wt: Wait for I/O (%).
• id: Idle time (%)
ufs – Unix FS hsfs – High Sierra FS pcfs – PC FS for DOS FAT32 FS
udfs – Universal Disk Format FS nfs - Network FS
Pseudo FS – Memory based FS tmpfs swapfs procfs mntfs
VTOC present in the first sector in the raw disk area.
VTOC - 512 sector
Boot Block - 1-15 sector
Super Block - 16-31
First Cylinder Group - 32
Creating File Systems
# newfs /dev/rdsk/c1d0s0 - Creating FS
# newfs –i 16384 /dev/rdsk/c1d0s0 - Creating FS with data block size 16KB
# mount /dev/dsk/c1d0s0 /p1 - Mounting partition in /p1 directory
# fstyp –v /dev/rdsk/c1d0s0
grep minfree
minfree 6% - To know the reserved disk space
# tunefs –m 2 /dev/rdsk/c1d0s0 - This will reduce the reserved space to 2%
# umount /p1 - To umount a partition.
Never run the fsck command on a mounted FS. The /, /usr and /var FS should have the fsck command run on them on single user mode
# fsck /dev/rdsk/c0td0s7 - To check the FS in interactive mode
# fsck –o f,p /dev/rdsk/c0t0d0s7 - f – forces p – preen or Non interactive mode
# fsck –y /dev/rdsk/c0t0d0s7 - It answers that to all questions we said yes with –y option
# newfs –N /dev/rdsk/c0t0d0s7 - To view the locations of alternative backup superblocks
# fsck –o b=32 /dev/rdsk/c0t0d0s7 -Will retrieve the corrupted partition.
# dd if=/dev/zero of=/dev/rdsk/c0d0s7 bs=512 count=32 - It will corrupt the partition
# df - Shows disk detail in blocks
# df –k (in KB)
# df –h - Displays disk allocation in MB & GB
# df –e - Points only the number of files free
# du –k - Displays disk use in KB
# du –s - Displays only the summary in 512 bytes blocks. Using the s and k options together shows summary in KB
# du –h /opt - Shows the disk usage by the directory
# quot –a - Reports on all mounted file systems
# quot –f - Include the number of files
# quot –h /export/home - Shows disk usage userwise in the particular directory
udfs – Universal Disk Format FS nfs - Network FS
Pseudo FS – Memory based FS tmpfs swapfs procfs mntfs
VTOC present in the first sector in the raw disk area.
VTOC - 512 sector
Boot Block - 1-15 sector
Super Block - 16-31
First Cylinder Group - 32
Creating File Systems
# newfs /dev/rdsk/c1d0s0 - Creating FS
# newfs –i 16384 /dev/rdsk/c1d0s0 - Creating FS with data block size 16KB
# mount /dev/dsk/c1d0s0 /p1 - Mounting partition in /p1 directory
# fstyp –v /dev/rdsk/c1d0s0
grep minfree
minfree 6% - To know the reserved disk space
# tunefs –m 2 /dev/rdsk/c1d0s0 - This will reduce the reserved space to 2%
# umount /p1 - To umount a partition.
Never run the fsck command on a mounted FS. The /, /usr and /var FS should have the fsck command run on them on single user mode
# fsck /dev/rdsk/c0td0s7 - To check the FS in interactive mode
# fsck –o f,p /dev/rdsk/c0t0d0s7 - f – forces p – preen or Non interactive mode
# fsck –y /dev/rdsk/c0t0d0s7 - It answers that to all questions we said yes with –y option
# newfs –N /dev/rdsk/c0t0d0s7 - To view the locations of alternative backup superblocks
# fsck –o b=32 /dev/rdsk/c0t0d0s7 -Will retrieve the corrupted partition.
# dd if=/dev/zero of=/dev/rdsk/c0d0s7 bs=512 count=32 - It will corrupt the partition
# df - Shows disk detail in blocks
# df –k (in KB)
# df –h - Displays disk allocation in MB & GB
# df –e - Points only the number of files free
# du –k - Displays disk use in KB
# du –s - Displays only the summary in 512 bytes blocks. Using the s and k options together shows summary in KB
# du –h /opt - Shows the disk usage by the directory
# quot –a - Reports on all mounted file systems
# quot –f - Include the number of files
# quot –h /export/home - Shows disk usage userwise in the particular directory
# mount - Lists all of the mounted FS in the /etc/mnttab file
VFSTAB -Virtual File System Tab /etc/vfstab
device to mount device to fsck mount point FS type fsck pass mount at boot mount options
- /etc/mnttab file is an mntfs file that provides read-only info about mounted FS on the local host
- The /etc/vfstab file lists all the FS to be automatically mounted at system boot time, with the exception of the /etc/mnttab and /var/run FS
# mount /dev/dsk/c0t0d0s7 /export/home
Mount Options : read/write, setuid, intr, nologging and largefiles, xattr and onerror.
# mount –o option,option,… device_name mount_point
# mount -o ro /dev/dsk/c0d0s7 /p3 - Mount the partition read only.
# mount –o ro,nosuid /dev/dsk/c0t0d0s7 /export/home - Prohibit execution of setuid pgm.
In solaris 2GB is the large file limit. Use of nolargefiles option fails if the FS to be mounted contains large files.
# mount -o nolargefiles,noatime /dev/dsk/c0d0s7 /p3
nolargefiles - Won’t allow large files in this partition
noatime - Modification time stamp won’t get updated.
# mountall - Mounted local FS listed in the /etc/vfstab file
# mountall –l - If any FS has entry in the fsck pass field as – or 0 then it will get mounted without fsck checking. Otherwise fsck carried out before mounting
# fstype /dev/rdsk/c0t0d0s7 - To know the FS type
# mount –F hsfs –o ro /dev/dsk/c0t6d0s0 /cdrom - To mount CD-Drive
# mount –F pcfs /dev/diskette /pcfs
# umount /export/home or umount /dev/dsk/c0t0d0s7
# umountall - Will unmount local FS listed in /etc/mnttab except /, /usr, /proc, /dev/fd, /var, /var/run & /tmp
# umountall –l - To verify the FS listed in the /etc/mnttab
# fuser –c /p3 - Will show the process running on the partition
# fuser –ck /p3 à Will kill the user processes
# umount –f /p3 à Force the partition to unmount
# TERM=sun
# export TERM - Executes this 2 command to enable the VI editor to work properly
# ps –ef
grep vold
Vold is the daemon taking care of auto mounting CD-Rom.
# volcheck - Will check any media present in CD-Rom or Floppy drive
# /floppy/floppy0 - Floppy get mounted here automatically
# /cdrom/cdrom0 - CD-Rom get mounted here automatically
# /etc/init.d/volmgt stop (or) start
# eject cdrom - Will eject the CD-Rom if the vold is running
# fdformat –t dos /dev/rdiskette - To format a floppy with DOS mode
# fdformat - To format the floppy in Solaris Format.
VFSTAB -Virtual File System Tab /etc/vfstab
device to mount device to fsck mount point FS type fsck pass mount at boot mount options
- /etc/mnttab file is an mntfs file that provides read-only info about mounted FS on the local host
- The /etc/vfstab file lists all the FS to be automatically mounted at system boot time, with the exception of the /etc/mnttab and /var/run FS
# mount /dev/dsk/c0t0d0s7 /export/home
Mount Options : read/write, setuid, intr, nologging and largefiles, xattr and onerror.
# mount –o option,option,… device_name mount_point
# mount -o ro /dev/dsk/c0d0s7 /p3 - Mount the partition read only.
# mount –o ro,nosuid /dev/dsk/c0t0d0s7 /export/home - Prohibit execution of setuid pgm.
In solaris 2GB is the large file limit. Use of nolargefiles option fails if the FS to be mounted contains large files.
# mount -o nolargefiles,noatime /dev/dsk/c0d0s7 /p3
nolargefiles - Won’t allow large files in this partition
noatime - Modification time stamp won’t get updated.
# mountall - Mounted local FS listed in the /etc/vfstab file
# mountall –l - If any FS has entry in the fsck pass field as – or 0 then it will get mounted without fsck checking. Otherwise fsck carried out before mounting
# fstype /dev/rdsk/c0t0d0s7 - To know the FS type
# mount –F hsfs –o ro /dev/dsk/c0t6d0s0 /cdrom - To mount CD-Drive
# mount –F pcfs /dev/diskette /pcfs
# umount /export/home or umount /dev/dsk/c0t0d0s7
# umountall - Will unmount local FS listed in /etc/mnttab except /, /usr, /proc, /dev/fd, /var, /var/run & /tmp
# umountall –l - To verify the FS listed in the /etc/mnttab
# fuser –c /p3 - Will show the process running on the partition
# fuser –ck /p3 à Will kill the user processes
# umount –f /p3 à Force the partition to unmount
# TERM=sun
# export TERM - Executes this 2 command to enable the VI editor to work properly
# ps –ef
grep vold
Vold is the daemon taking care of auto mounting CD-Rom.
# volcheck - Will check any media present in CD-Rom or Floppy drive
# /floppy/floppy0 - Floppy get mounted here automatically
# /cdrom/cdrom0 - CD-Rom get mounted here automatically
# /etc/init.d/volmgt stop (or) start
# eject cdrom - Will eject the CD-Rom if the vold is running
# fdformat –t dos /dev/rdiskette - To format a floppy with DOS mode
# fdformat - To format the floppy in Solaris Format.
Installation
Solaris 9 OE Installation and Upgrade options
Solaris suninstall program
Solaris Web Start Installation software
Custom Jumpstart procedure
Solaris Web Start Flash Installation
Standard upgrade
Solaris Live Upgrade method
# grep METACLUSTER /var/sadm/system/admin/.clustertoc - To know cluster config
# cat /var/sadm/system/admin/CLUSTER - To know the installed cluster config
CLUSTER=SUNWCXall
Solaris 9 OE Installation and Upgrade options
Solaris suninstall program
Solaris Web Start Installation software
Custom Jumpstart procedure
Solaris Web Start Flash Installation
Standard upgrade
Solaris Live Upgrade method
# grep METACLUSTER /var/sadm/system/admin/.clustertoc - To know cluster config
# cat /var/sadm/system/admin/CLUSTER - To know the installed cluster config
CLUSTER=SUNWCXall
# /usr/platform/’uname –m’/sbin/prtdiag –v -- To know the OpenBoot version
Stop+D -- Press this keys when system power is turned ON to switch to diagnostic mode
This key sequence is not available on a serial port terminal
Stop+N -- Press while the system is turned ON to set the NVRAM parameters to default
Stop+A -- To get into boot PROM
-- /etc/default/kbd - Remove the comment for the line KEYBOARD_ABORT=disable to
turn off Stop+A function inside OS. Then issue the command kbd –I
ok go -- To comeout of PROM prompt
ok banner -- Shows system configuration
ok printenv -- Shows all variables
ok reset-all -- Will save the changes and clear the buffer & reboot the system
ok .registers -- Displays the contents of the registers
ok show-devs -- Shows all device with physical path
ok devalias -- Shows currently available devices
-- In sparc if we change values. There is no option to come out without saving.
ok probe-ide -- Shows ide details and device connected
ok probe-scsi -- Shows scsi details and device connected
ok probe-scsi-all -- Identifies devices on all all SCSI buses
ok probe-fcal-all -- Identifies devices on all fibre channel loops
ok nvalias /pci@if,......................
ok nvunalias -- To delete alias name
ok show-disks -- Desplays and allows a selection of device paths
ok show-ttys
ok show-displays
ok show-nets
ok show-tapes
ok help -- Shows list of help
ok help floppy eject
ok test -- Runs self-test on specified systems
ok sync -- Manually attempts to flush memory and synchronize FS
ok boot -- Boot the system
ok boot –r -- Detect new devices (Reconfiguration boot)
ok boot –s -- Single user mode
ok boot –v -- Verbose mode – boot the system and shows the background details
ok boot –a -- Interactive mode. Prompt user for user input for all the process at boot time
ok boot –rv (or) –sv
ok printenv auto-boot?
auto-boot?=false
ok printenv boot-device -- To know the variable details
boot-device=disk
ok setenv auto-boot? True -- To change value to true for “auto-boot?” variable
auto-boot?=true
ok printenv diag-switch?
Diag-switch?=false
ok setenv diag-switch? True
ok set-defaults -- Reset all settings to factory default
ok setenv boot-device disk cdrom net
ok set-default boot-device -- Will reset the default value of boot-device variable
ok power-off -- Will switch off the system immediately
Inside OS
# eeprom -- Equivalent to printenv
# eeprom auto-boot
Auto-boot?=true
# eeprom auto-boot?=false
# eeprom diag-switch?=true
Stop+D -- Press this keys when system power is turned ON to switch to diagnostic mode
This key sequence is not available on a serial port terminal
Stop+N -- Press while the system is turned ON to set the NVRAM parameters to default
Stop+A -- To get into boot PROM
-- /etc/default/kbd - Remove the comment for the line KEYBOARD_ABORT=disable to
turn off Stop+A function inside OS. Then issue the command kbd –I
ok go -- To comeout of PROM prompt
ok banner -- Shows system configuration
ok printenv -- Shows all variables
ok reset-all -- Will save the changes and clear the buffer & reboot the system
ok .registers -- Displays the contents of the registers
ok show-devs -- Shows all device with physical path
ok devalias -- Shows currently available devices
-- In sparc if we change values. There is no option to come out without saving.
ok probe-ide -- Shows ide details and device connected
ok probe-scsi -- Shows scsi details and device connected
ok probe-scsi-all -- Identifies devices on all all SCSI buses
ok probe-fcal-all -- Identifies devices on all fibre channel loops
ok nvalias /pci@if,......................
ok nvunalias -- To delete alias name
ok show-disks -- Desplays and allows a selection of device paths
ok show-ttys
ok show-displays
ok show-nets
ok show-tapes
ok help -- Shows list of help
ok help floppy eject
ok test -- Runs self-test on specified systems
ok sync -- Manually attempts to flush memory and synchronize FS
ok boot -- Boot the system
ok boot –r -- Detect new devices (Reconfiguration boot)
ok boot –s -- Single user mode
ok boot –v -- Verbose mode – boot the system and shows the background details
ok boot –a -- Interactive mode. Prompt user for user input for all the process at boot time
ok boot –rv (or) –sv
ok printenv auto-boot?
auto-boot?=false
ok printenv boot-device -- To know the variable details
boot-device=disk
ok setenv auto-boot? True -- To change value to true for “auto-boot?” variable
auto-boot?=true
ok printenv diag-switch?
Diag-switch?=false
ok setenv diag-switch? True
ok set-defaults -- Reset all settings to factory default
ok setenv boot-device disk cdrom net
ok set-default boot-device -- Will reset the default value of boot-device variable
ok power-off -- Will switch off the system immediately
Inside OS
# eeprom -- Equivalent to printenv
# eeprom auto-boot
Auto-boot?=true
# eeprom auto-boot?=false
# eeprom diag-switch?=true
Performing Boot and Shutdown Procedures
Always make a copy of /etc/system file before you edit the same. In case of problem , issue the interactive boot command : boot –a. When prompting for system file. Enter the path of backup file for /dev/null for a null configuration file.
/etc/init.d -- Directory contains many process or services like volume management
/sbin -- Each run level has an associated rc scripts located in this directory (eg /sbin/rc0)
The RC scripts rc0, rc5 & rc6 are hard linked to each other. Run control scripts are located in /etc/init.d directory and these files are hard-linked to corresponding run control sctipts in the .etc.rc#.d directories.
/etc/init.d -- Directory contains many process or services like volume management
/sbin -- Each run level has an associated rc scripts located in this directory (eg /sbin/rc0)
The RC scripts rc0, rc5 & rc6 are hard linked to each other. Run control scripts are located in /etc/init.d directory and these files are hard-linked to corresponding run control sctipts in the .etc.rc#.d directories.
Solaris9/PatchReport A summary of all patches for the solaris 9 OE release
9_Recommended.README Instruction for how to intall the recommended patch.
# showrev –p (or) # patchadd –p -- Will show installed patches
-- /var/sadm/patch - Info about all patches that are currently installed.
Patch Name 6 digit number-revision number (117753-01)
# /usr/bin/zcat 105050-01.tar.z | tar xvf -
# cd /var/tmp
# patchadd 105050-01 -- Will add patch
-- When you remove a patch, the patchrm command restores all files that were modified or replaced by that patch, unless
-- The patch was installed with the patchadd –d option (Which instructs the patchadd command not to save copies of files being updated or replaced)
-- The patch is required by the another patch
-- The patch has been obsoleted by a later patch
# patchrm 105050-01 -- Will remove patch
Installing Patch Cluster
# cd 9_Recommended
# ./install_cluster
-- /var/sadm/install_data/Solaris_9_Recommended_log
9_Recommended.README Instruction for how to intall the recommended patch.
# showrev –p (or) # patchadd –p -- Will show installed patches
-- /var/sadm/patch - Info about all patches that are currently installed.
Patch Name 6 digit number-revision number (117753-01)
# /usr/bin/zcat 105050-01.tar.z | tar xvf -
# cd /var/tmp
# patchadd 105050-01 -- Will add patch
-- When you remove a patch, the patchrm command restores all files that were modified or replaced by that patch, unless
-- The patch was installed with the patchadd –d option (Which instructs the patchadd command not to save copies of files being updated or replaced)
-- The patch is required by the another patch
-- The patch has been obsoleted by a later patch
# patchrm 105050-01 -- Will remove patch
Installing Patch Cluster
# cd 9_Recommended
# ./install_cluster
-- /var/sadm/install_data/Solaris_9_Recommended_log
Boot Services
Identification Services
Configuration Services
Installation Services
Implementing a Basic Jumpstart Server
1. Spool the OS image
2. Edit the sysidcfg file
3. Edit the rules and profile files
4. Run the check script
5. Run the add_install_client scripts
6. Boot the client
# cd /export
# mkdir config
# mkdir sol_dump
# cd /cdrom/cdrom0/s0/Solaris_9/Misc/Jumpstart_sample/
# cp –r * /export/config/
# cd /cdrom/cdrom0/s0/Solaris_8/Tools
# ./setup_install_server /export/home/sol_dump -- Copying solaris dump to local directory
# cd /cdrom/cdrom0/Solaris_9/Tools/
# ./add_to_install_server /export/home/sol_dump -- Appending 2nd CD content
# cd /etc
# vi ethers
8:0:20:a6:aa:2b ultra5 (hostname)
# vi /etc/hosts
140.40.40.154 ultra5
# vi /etc/timezone
Asia/Calcutta ultra5
# cd /export/config/
# vi rules
hostname ultra5 - host_class finish_script
- Pre Install script
host_class -- Config details like partition
finish_script -- Post install scripts
# vi host_class
install_type initial_install
system_type standalone
partitioning explicit
Cluster SUNWXall
filesys c0t0d0s0 10000 /
filesys c0t0d0s1 550 swap
filesys c0t0d0s7 free /export/home
# vi finish_script
touch /a/noaushutdown
rm /a/etc/defaultdomain
rm –r /a/var/yp/digit.com
cp /a/etc/nsswitch.files /a/etc/nsswitch.conf
# vi sysidcfg -- System identification & configuration. Timezone can also be given here
security_policy=none
name_service=none
network_interface=primary [netmask=255.255.0.0 protocol_ipv6=no]
timezone= Asia/Calcutta
system_locale=en_US
-- Time zone are listed in the directory structure below the /usr/share/lib/zoneinfo directory.
-- Locales are listed in the /usr/lib/locale directory
# chmod 755 finish_script
# ./check -- To check the config
# vi /etc/dfs/dfstab
share –o anon=0 /export/home/sol_dump
share –o anon=o /export/config
# cd /var/yp
# /usr/ccs/bin/Make
# cd /export/home/sol_dump/solaris_9/Tools
# ./add_install_client –c 140.40.40.151:/export/config –p 140.40.40.151:/export/config ultra5(hostname) sun4u
# update the NIS file with make command
From Client
ok boot net –install -- Will search the network and start the installation automatically
-- Before a Jumpstart client can boot and obtain all of the NFS resourctes it requires, every directory listed as an argument to the add_install_client script must be shared by the server on which it resides.
Setting Up a Boot-Only Server
A boot server responds to RARP, TFTP, and bootparams requests from jumpstart clients and provides a boot image using the NFS service.
1. Running the setup_install_server script with the –b option to spool a boot image from CD-Rom or DVD
2. Running the add_install_client script with options and argument that shows a list of servers and the identification config, and installation services that they provide.
Executing the setup_install_server script
# mkdir /export/install
# cd /cdrom/cdrom0/s0/Solaris_9/Tools
# ./setup_install_server –b /export/install
Executing the add_install_client script
Before you run the script, update the hosts and ethers information for the jumpstart client
/etc/inet/hosts
192.10.10.4 client1
/etc/ethers
8:0:20:9c:88:5b client1
The boot server must have entry in /etc/inet/hosts file for each server you specify while you run add_install_client script.
# cd /export/install/Solaris_9/Tools
# ./add_install_client –c server1:/export/config –p server1:/export/config client1 sun4u
Subscribe with a valid E-mail id so that you can get the latest updates posted in this site in your e-mails
Identification Services
Configuration Services
Installation Services
Implementing a Basic Jumpstart Server
1. Spool the OS image
2. Edit the sysidcfg file
3. Edit the rules and profile files
4. Run the check script
5. Run the add_install_client scripts
6. Boot the client
# cd /export
# mkdir config
# mkdir sol_dump
# cd /cdrom/cdrom0/s0/Solaris_9/Misc/Jumpstart_sample/
# cp –r * /export/config/
# cd /cdrom/cdrom0/s0/Solaris_8/Tools
# ./setup_install_server /export/home/sol_dump -- Copying solaris dump to local directory
# cd /cdrom/cdrom0/Solaris_9/Tools/
# ./add_to_install_server /export/home/sol_dump -- Appending 2nd CD content
# cd /etc
# vi ethers
8:0:20:a6:aa:2b ultra5 (hostname)
# vi /etc/hosts
140.40.40.154 ultra5
# vi /etc/timezone
Asia/Calcutta ultra5
# cd /export/config/
# vi rules
hostname ultra5 - host_class finish_script
- Pre Install script
host_class -- Config details like partition
finish_script -- Post install scripts
# vi host_class
install_type initial_install
system_type standalone
partitioning explicit
Cluster SUNWXall
filesys c0t0d0s0 10000 /
filesys c0t0d0s1 550 swap
filesys c0t0d0s7 free /export/home
# vi finish_script
touch /a/noaushutdown
rm /a/etc/defaultdomain
rm –r /a/var/yp/digit.com
cp /a/etc/nsswitch.files /a/etc/nsswitch.conf
# vi sysidcfg -- System identification & configuration. Timezone can also be given here
security_policy=none
name_service=none
network_interface=primary [netmask=255.255.0.0 protocol_ipv6=no]
timezone= Asia/Calcutta
system_locale=en_US
-- Time zone are listed in the directory structure below the /usr/share/lib/zoneinfo directory.
-- Locales are listed in the /usr/lib/locale directory
# chmod 755 finish_script
# ./check -- To check the config
# vi /etc/dfs/dfstab
share –o anon=0 /export/home/sol_dump
share –o anon=o /export/config
# cd /var/yp
# /usr/ccs/bin/Make
# cd /export/home/sol_dump/solaris_9/Tools
# ./add_install_client –c 140.40.40.151:/export/config –p 140.40.40.151:/export/config ultra5(hostname) sun4u
# update the NIS file with make command
From Client
ok boot net –install -- Will search the network and start the installation automatically
-- Before a Jumpstart client can boot and obtain all of the NFS resourctes it requires, every directory listed as an argument to the add_install_client script must be shared by the server on which it resides.
Setting Up a Boot-Only Server
A boot server responds to RARP, TFTP, and bootparams requests from jumpstart clients and provides a boot image using the NFS service.
1. Running the setup_install_server script with the –b option to spool a boot image from CD-Rom or DVD
2. Running the add_install_client script with options and argument that shows a list of servers and the identification config, and installation services that they provide.
Executing the setup_install_server script
# mkdir /export/install
# cd /cdrom/cdrom0/s0/Solaris_9/Tools
# ./setup_install_server –b /export/install
Executing the add_install_client script
Before you run the script, update the hosts and ethers information for the jumpstart client
/etc/inet/hosts
192.10.10.4 client1
/etc/ethers
8:0:20:9c:88:5b client1
The boot server must have entry in /etc/inet/hosts file for each server you specify while you run add_install_client script.
# cd /export/install/Solaris_9/Tools
# ./add_install_client –c server1:/export/config –p server1:/export/config client1 sun4u
Subscribe with a valid E-mail id so that you can get the latest updates posted in this site in your e-mails
# tar –cvf bkp.tar file1 file2 - Will archive file1 & file2
# tar –tvf bkp.tar - Shows the table of content
# tar –xvf bkp.tar - It extracts file from the tar archive
# jar –cvf bkp.tar
# jar –tvf bkp.jar
# jar –xvf bkp.jar
# compress bkp.tar - To compress tar archive
# ls
bkp.tar.z
# uncompress bkp.tar.z - To uncompress tar archive
# gzip bkp.tar - To create gzip file
bkp.tar.gz
# gunzip bkp.tar.gz - To extract the tar archive by gunzip
bkp.tar
# zip out.zip bkp.tar - To create zip archive
# unzip out.zip - To extract the zip archive
# tar –tvf bkp.tar - Shows the table of content
# tar –xvf bkp.tar - It extracts file from the tar archive
# jar –cvf bkp.tar
# jar –tvf bkp.jar
# jar –xvf bkp.jar
# compress bkp.tar - To compress tar archive
# ls
bkp.tar.z
# uncompress bkp.tar.z - To uncompress tar archive
# gzip bkp.tar - To create gzip file
bkp.tar.gz
# gunzip bkp.tar.gz - To extract the tar archive by gunzip
bkp.tar
# zip out.zip bkp.tar - To create zip archive
# unzip out.zip - To extract the zip archive
1.Virtualization like VMware
2.Solaris Zones can hosts only instances of solaris. Not other Os's
3.Limit of 8192 Zones per solaris Host
4.Primary Zone(Global) has access to all zones
5.non-global zones, do not have access to other non-global zones
6.Default non global zones derive oackages from global Zone
7.Program Isolation like zone1 for apache zone2 for mysql zone3 for databases.
8.Provides 'Z' commands to manage Zones : Zlogin zonecfg zoneadm zonename
Features of Global Zone
1.Solaris Always boots(cold/warm) to the global zone.
2.Knows about All Hardware devices attach to system
3.Knows about all non global Zones
Features of Non-Global Zones.
1.Installed at a location on the filesystem of the Global Zone
'Zone root path' /export/home/zones/zones1 {Zone2,Zone3----} this is as root directory for this zones.
2.Share Packages with Global Zone.
3.Manage distinct hostname and table files.
4.cannot communicate with other non-global zones by default.NIC must be used, which means use standard network API(TCP)
5.Global Zone admin can delegatenon-global zone administration
Zones Commands example :-
#which zonename - to check if you os has zonename commands
/usr/bin/zonename
#zonename - by default will show global zonename.
global
#z - "z' commands
Zone Configuration.
#zonecfg - to configure zones
note - zonecfg can run interactively , non -interactively, command-file modes
Requirements for non-global zones;
1.Hostname of
2.Zone root path ie /export/home/zones/testzone1
3.IP Adress - bound to logical or physical interfaces.
Zones Types:-
1.sparse Root Zones - share key fileswith global zones.
2.Whole Root Zones - require more storage
#df -k and select a slice which has more space lets example /export/home has 5GB
Steps for Configuring non-global-zone:
1.mkdir /export/home/zones/testzone1
2.chmod 700 /export/home/zones/testzone1 - for user restriction of global zone users.
3.ls -ltr /export/homes/zones
4#zonecfg -z testzone1
no such zone configured create one This error will pop when you first create a zone
>create - to create a zone
>set zonepath=/export/home/zones/testzone1 - This is the Root path for zone
>add net
>set address=192.168.1.0 - ip address
>set physocal=el000g0 - physical name of network card check with 'ifconfig -a'
> - If you are ready with you parameters press end before you can exit
>info- to see what we have set
>set autoboot=true - test zone will started automatically when system start
>info
>add attr - to add some extra parameters
attr>set name=commnet
attr>set type=string
attr>value =TestZone1
>end
>verify - verify if any error check the parameter again.
>commit - commit changes
>exit.
#list -iv - to list zones
#zoneadmin -z testzone1 install
Zone testzone1 in to installed in not ready for production so we have to get it in ready state now
#zoneadm list -iv - still u can see testzone1 has not got any id assigned like global one so now
#zoneadm -z testzone1 boot - boots the zone , changing its state from installed to ready
2.Solaris Zones can hosts only instances of solaris. Not other Os's
3.Limit of 8192 Zones per solaris Host
4.Primary Zone(Global) has access to all zones
5.non-global zones, do not have access to other non-global zones
6.Default non global zones derive oackages from global Zone
7.Program Isolation like zone1 for apache zone2 for mysql zone3 for databases.
8.Provides 'Z' commands to manage Zones : Zlogin zonecfg zoneadm zonename
Features of Global Zone
1.Solaris Always boots(cold/warm) to the global zone.
2.Knows about All Hardware devices attach to system
3.Knows about all non global Zones
Features of Non-Global Zones.
1.Installed at a location on the filesystem of the Global Zone
'Zone root path' /export/home/zones/zones1 {Zone2,Zone3----} this is as root directory for this zones.
2.Share Packages with Global Zone.
3.Manage distinct hostname and table files.
4.cannot communicate with other non-global zones by default.NIC must be used, which means use standard network API(TCP)
5.Global Zone admin can delegatenon-global zone administration
Zones Commands example :-
#which zonename - to check if you os has zonename commands
/usr/bin/zonename
#zonename - by default will show global zonename.
global
#z - "z' commands
Zone Configuration.
#zonecfg - to configure zones
note - zonecfg can run interactively , non -interactively, command-file modes
Requirements for non-global zones;
1.Hostname of
2.Zone root path ie /export/home/zones/testzone1
3.IP Adress - bound to logical or physical interfaces.
Zones Types:-
1.sparse Root Zones - share key fileswith global zones.
2.Whole Root Zones - require more storage
#df -k and select a slice which has more space lets example /export/home has 5GB
Steps for Configuring non-global-zone:
1.mkdir /export/home/zones/testzone1
2.chmod 700 /export/home/zones/testzone1 - for user restriction of global zone users.
3.ls -ltr /export/homes/zones
4#zonecfg -z testzone1
no such zone configured create one This error will pop when you first create a zone
>create - to create a zone
>set zonepath=/export/home/zones/testzone1 - This is the Root path for zone
>add net
>set address=192.168.1.0 - ip address
>set physocal=el000g0 - physical name of network card check with 'ifconfig -a'
> - If you are ready with you parameters press end before you can exit
>info- to see what we have set
>set autoboot=true - test zone will started automatically when system start
>info
>add attr - to add some extra parameters
attr>set name=commnet
attr>set type=string
attr>value =TestZone1
>end
>verify - verify if any error check the parameter again.
>commit - commit changes
>exit.
#list -iv - to list zones
#zoneadmin -z testzone1 install
Zone testzone1 in to installed in not ready for production so we have to get it in ready state now
#zoneadm list -iv - still u can see testzone1 has not got any id assigned like global one so now
#zoneadm -z testzone1 boot - boots the zone , changing its state from installed to ready
Simple is we are restarting the Testzone1
#zoneadm list -iv - now you can see an id is assigned and status is running.
#ps -ef | grep z
zoneadmd -z testzone1 - this process is responsible for this zone to run.
zlogin - is used to login to zones
Note - each non - global maintain a console, use 'zlogin -C testzone1' to acces that zone.
Note - zlogin permits login to non - global zone via the following messages
1.Interactive - i.e zlogin -l username zonename
2.Non -Interactive - zlogin options command
3.Console Mode - zlogin -C zonename
4.Safe Mode - zlogin -S
#zoneadm list -iv
#zlogin -C testzone1
select a laguage - 0 English
Vt100 - terminal
testzone1 press F2
Configure Kerbose - yes
name service - nis
Enter from this procure its same like installation of solaris so specify all details as required.
like dns names, nis services location places etc etc
#enter with root user and passwd
#zonename
testzone1
#zoneadm list -iv - shows all zones global and non - global
# once u r in testzone1 check /etc/passwd file u can see the system user but not users of the main system
#netstat -anp tcp
#Zoneadm -z testzone1 reboot - reboots the zone
#zlogin testzone1 shutdown - to shutdown the zone
Once Zones are created you can ssh or telnet from remote machine to connect that zone
Subscribe with a valid E-mail id so that you can get the latest updates posted in this site in your e-mHow to configure a zone.
Note that the only required elements to create a native non-global zone are the zonename and zonepath properties. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource.
You must be the global administrator in the global zone to perform this procedure.
1. Become superuser, or assume the Primary Administrator role
• Set up a zone configuration with the zone name you have chosen.
The name my-zone is used in this example procedure.
global# zonecfg -z my-zone
If this is the first time you have configured this zone, you will see the following system message:
my-zone: No such zone configured
Use 'create' to begin configuring a new zone.
• Create the new zone configuration.
This procedure uses the Sun default settings.
zonecfg:my-zone> create
• Set the zone path, /export/home/my-zone in this procedure.
zonecfg:my-zone> set zonepath=/export/home/my-zone
Do not place the zonepath on ZFS for this release.
• Set the autoboot value.
If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.
zonecfg:my-zone> set autoboot=true
• Set persistent boot arguments for a zone.
zonecfg:my-zone> set bootargs="-m verbose"
• Dedicate one CPU to this zone.
zonecfg:my-zone> add dedicated-cpu
a. Set the number of CPUs.
zonecfg:my-zone:dedicated-cpu> set ncpus=1-2
b. (Optional) Set the importance.
zonecfg:my-zone:dedicated-cpu> set importance=10
c. The default is 1.
d. End the specification.
zonecfg:my-zone:dedicated-cpu> end
• Revise the default set of privileges.
zonecfg:my-zone> set limitpriv="default,sys_time"
This line adds the ability to set the system clock to the default set of privileges.
• Set the scheduling class to FSS.
zonecfg:my-zone> set scheduling-class=FSS
• Add a memory cap.
zonecfg:my-zone> add capped-memory
a. Set the memory cap.
zonecfg:my-zone:capped-memory> set physical=50m
b. Set the swap memory cap.
zonecfg:my-zone:capped-memory> set swap=100m
c. Set the locked memory cap.
zonecfg:my-zone:capped-memory> set locked=30m
d. End the memory cap specification.
zonecfg:my-zone:capped-memory> end
• Add a file system.
zonecfg:my-zone> add fs
a. Set the mount point for the file system, /usr/local in this procedure.
zonecfg:my-zone:fs> set dir=/usr/local
b. Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured.
zonecfg:my-zone:fs> set special=/opt/local
c. In the non-global zone, the /usr/local file system will be readable and writable.
d. Specify the file system type, lofs in this procedure.
zonecfg:my-zone:fs> set type=lofs
e. The type indicates how the kernel interacts with the file system.
f. End the file system specification.
zonecfg:my-zone:fs> end
This step can be performed more than once to add more than one file system.
• Add a ZFS dataset named sales in the storage pool tank.
zonecfg:my-zone> add dataset
a. Specify the path to the ZFS dataset sales.
zonecfg:my-zone> set name=tank/sales
b. End the dataset specification.
zonecfg:my-zone> end
• (Sparse Root Zone Only) Add a shared file system that is loopback-mounted from the global zone.
Do not perform this step to create a whole root zone, which does not have any shared file systems. See the discussion for whole root zones in Disk Space Requirements.
zonecfg:my-zone> add inherit-pkg-dir
a. Specify that /opt/sfw in the global zone is to be mounted in read-only mode in the zone being configured.
zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw
b. ________________________________________
c. Note –
d. The zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm.
e. End the inherit-pkg-dir specification.
zonecfg:my-zone:inherit-pkg-dir> end
This step can be performed more than once to add more than one shared file system.
________________________________________
Note –
If you want to create a whole root zone but default shared file systems resources have been added by using inherit-pkg-dir, you must remove these default inherit-pkg-dir resources using zonecfg before you install the zone:
• zonecfg:my-zone> remove inherit-pkg-dir dir=/lib
• zonecfg:my-zone> remove inherit-pkg-dir dir=/platform
• zonecfg:my-zone> remove inherit-pkg-dir dir=/sbin
• zonecfg:my-zone> remove inherit-pkg-dir dir=/usr
________________________________________
• (Optional) If you are creating an exclusive-IP zone, set the ip-type.
zonecfg:my-zone> set ip-type=exclusive
________________________________________
Note –
Only the physical device type will be specified in the add net step.
________________________________________
• Add a network interface.
zonecfg:my-zone> add net
a. (shared-IP only) Set the IP address for the network interface, 192.168.0.1 in this procedure.
zonecfg:my-zone:net> set address=192.168.0.1
b. Set the physical device type for the network interface, the hme device in this procedure.
zonecfg:my-zone:net> set physical=hme0
c. End the specification.
zonecfg:my-zone:net> end
This step can be performed more than once to add more than one network interface.
• Add a device.
zonecfg:my-zone> add device
a. Set the device match, /dev/sound/* in this procedure.
zonecfg:my-zone:device> set match=/dev/sound/*
b. End the device specification.
zonecfg:my-zone:device> end
This step can be performed more than once to add more than one device.
• Add a zone-wide resource control by using the property name.
zonecfg:my-zone> set max-sem-ids=10485200
This step can be performed more than once to add more than one resource control.
• Add a comment by using the attr resource type.
zonecfg:my-zone> add attr
a. Set the name to comment.
zonecfg:my-zone:attr> set name=comment
b. Set the type to string.
zonecfg:my-zone:attr> set type=string
c. Set the value to a comment that describes the zone.
zonecfg:my-zone:attr> set value="This is my work zone."
d. End the attr resource type specification.
zonecfg:my-zone:attr> end
• Verify the zone configuration for the zone.
zonecfg:my-zone> verify
• Commit the zone configuration for the zone.
zonecfg:my-zone> commit
• Exit the zonecfg command.
zonecfg:my-zone> exit
Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occursails.
#zoneadm list -iv - now you can see an id is assigned and status is running.
#ps -ef | grep z
zoneadmd -z testzone1 - this process is responsible for this zone to run.
zlogin - is used to login to zones
Note - each non - global maintain a console, use 'zlogin -C testzone1' to acces that zone.
Note - zlogin permits login to non - global zone via the following messages
1.Interactive - i.e zlogin -l username zonename
2.Non -Interactive - zlogin options command
3.Console Mode - zlogin -C zonename
4.Safe Mode - zlogin -S
#zoneadm list -iv
#zlogin -C testzone1
select a laguage - 0 English
Vt100 - terminal
testzone1 press F2
Configure Kerbose - yes
name service - nis
Enter from this procure its same like installation of solaris so specify all details as required.
like dns names, nis services location places etc etc
#enter with root user and passwd
#zonename
testzone1
#zoneadm list -iv - shows all zones global and non - global
# once u r in testzone1 check /etc/passwd file u can see the system user but not users of the main system
#netstat -anp tcp
#Zoneadm -z testzone1 reboot - reboots the zone
#zlogin testzone1 shutdown - to shutdown the zone
Once Zones are created you can ssh or telnet from remote machine to connect that zone
Subscribe with a valid E-mail id so that you can get the latest updates posted in this site in your e-mHow to configure a zone.
Note that the only required elements to create a native non-global zone are the zonename and zonepath properties. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource.
You must be the global administrator in the global zone to perform this procedure.
1. Become superuser, or assume the Primary Administrator role
• Set up a zone configuration with the zone name you have chosen.
The name my-zone is used in this example procedure.
global# zonecfg -z my-zone
If this is the first time you have configured this zone, you will see the following system message:
my-zone: No such zone configured
Use 'create' to begin configuring a new zone.
• Create the new zone configuration.
This procedure uses the Sun default settings.
zonecfg:my-zone> create
• Set the zone path, /export/home/my-zone in this procedure.
zonecfg:my-zone> set zonepath=/export/home/my-zone
Do not place the zonepath on ZFS for this release.
• Set the autoboot value.
If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.
zonecfg:my-zone> set autoboot=true
• Set persistent boot arguments for a zone.
zonecfg:my-zone> set bootargs="-m verbose"
• Dedicate one CPU to this zone.
zonecfg:my-zone> add dedicated-cpu
a. Set the number of CPUs.
zonecfg:my-zone:dedicated-cpu> set ncpus=1-2
b. (Optional) Set the importance.
zonecfg:my-zone:dedicated-cpu> set importance=10
c. The default is 1.
d. End the specification.
zonecfg:my-zone:dedicated-cpu> end
• Revise the default set of privileges.
zonecfg:my-zone> set limitpriv="default,sys_time"
This line adds the ability to set the system clock to the default set of privileges.
• Set the scheduling class to FSS.
zonecfg:my-zone> set scheduling-class=FSS
• Add a memory cap.
zonecfg:my-zone> add capped-memory
a. Set the memory cap.
zonecfg:my-zone:capped-memory> set physical=50m
b. Set the swap memory cap.
zonecfg:my-zone:capped-memory> set swap=100m
c. Set the locked memory cap.
zonecfg:my-zone:capped-memory> set locked=30m
d. End the memory cap specification.
zonecfg:my-zone:capped-memory> end
• Add a file system.
zonecfg:my-zone> add fs
a. Set the mount point for the file system, /usr/local in this procedure.
zonecfg:my-zone:fs> set dir=/usr/local
b. Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured.
zonecfg:my-zone:fs> set special=/opt/local
c. In the non-global zone, the /usr/local file system will be readable and writable.
d. Specify the file system type, lofs in this procedure.
zonecfg:my-zone:fs> set type=lofs
e. The type indicates how the kernel interacts with the file system.
f. End the file system specification.
zonecfg:my-zone:fs> end
This step can be performed more than once to add more than one file system.
• Add a ZFS dataset named sales in the storage pool tank.
zonecfg:my-zone> add dataset
a. Specify the path to the ZFS dataset sales.
zonecfg:my-zone> set name=tank/sales
b. End the dataset specification.
zonecfg:my-zone> end
• (Sparse Root Zone Only) Add a shared file system that is loopback-mounted from the global zone.
Do not perform this step to create a whole root zone, which does not have any shared file systems. See the discussion for whole root zones in Disk Space Requirements.
zonecfg:my-zone> add inherit-pkg-dir
a. Specify that /opt/sfw in the global zone is to be mounted in read-only mode in the zone being configured.
zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw
b. ________________________________________
c. Note –
d. The zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm.
e. End the inherit-pkg-dir specification.
zonecfg:my-zone:inherit-pkg-dir> end
This step can be performed more than once to add more than one shared file system.
________________________________________
Note –
If you want to create a whole root zone but default shared file systems resources have been added by using inherit-pkg-dir, you must remove these default inherit-pkg-dir resources using zonecfg before you install the zone:
• zonecfg:my-zone> remove inherit-pkg-dir dir=/lib
• zonecfg:my-zone> remove inherit-pkg-dir dir=/platform
• zonecfg:my-zone> remove inherit-pkg-dir dir=/sbin
• zonecfg:my-zone> remove inherit-pkg-dir dir=/usr
________________________________________
• (Optional) If you are creating an exclusive-IP zone, set the ip-type.
zonecfg:my-zone> set ip-type=exclusive
________________________________________
Note –
Only the physical device type will be specified in the add net step.
________________________________________
• Add a network interface.
zonecfg:my-zone> add net
a. (shared-IP only) Set the IP address for the network interface, 192.168.0.1 in this procedure.
zonecfg:my-zone:net> set address=192.168.0.1
b. Set the physical device type for the network interface, the hme device in this procedure.
zonecfg:my-zone:net> set physical=hme0
c. End the specification.
zonecfg:my-zone:net> end
This step can be performed more than once to add more than one network interface.
• Add a device.
zonecfg:my-zone> add device
a. Set the device match, /dev/sound/* in this procedure.
zonecfg:my-zone:device> set match=/dev/sound/*
b. End the device specification.
zonecfg:my-zone:device> end
This step can be performed more than once to add more than one device.
• Add a zone-wide resource control by using the property name.
zonecfg:my-zone> set max-sem-ids=10485200
This step can be performed more than once to add more than one resource control.
• Add a comment by using the attr resource type.
zonecfg:my-zone> add attr
a. Set the name to comment.
zonecfg:my-zone:attr> set name=comment
b. Set the type to string.
zonecfg:my-zone:attr> set type=string
c. Set the value to a comment that describes the zone.
zonecfg:my-zone:attr> set value="This is my work zone."
d. End the attr resource type specification.
zonecfg:my-zone:attr> end
• Verify the zone configuration for the zone.
zonecfg:my-zone> verify
• Commit the zone configuration for the zone.
zonecfg:my-zone> commit
• Exit the zonecfg command.
zonecfg:my-zone> exit
Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occursails.
/dev/rmt/#hn -- h – Tape Density (l,m,h,c,u) n – no rewind
mt –f tape-device-name command count
mt status -- Displays status info about the drive
mt offline -- Rewind the tape and if appropriate takes the drive unit offline
mt rewind -- Rewinds the tape
mt fsf count -- Moves the tape forward count records
# mt –f /dev/rmt/0n fsf 2 -- Positions the tape at the beginning of the third tape record
Level 0 Monthly
M T W Th F
3 4 5 6 2
3 4 5 6 2
3 4 5 6 2
/etc/dumpdates -- Each line shows the FS that was backed up and the level of the last backup. Also shows the date, and the time of the backup
(eg) /dev/rdsk/c0t2d0s6 0 fri jan 4 19:12:27 2005
When an incremental backup is performed the ufsdump command consults the /etc/dumpdates file. It looks for the date of the next lower level backup. Then the ufsdump command copies to the backup media all of the files that were modified or added since the date of that lower-level backup. When the backup is complete, the /etc/dumpdates file records a new wntry that describes this backup. The new entry replaces the entry for the previous backup at that level
Options for the ufsdump command
0-9 Backup levels
v Verify, After the tape is written for any discrepancies occur
s Size estimate
l Autoload, you use this option with an autoloading tape drive
o Offline, When the backup is complete. Takes offline, rewinds, and if possible eject
u Updates the /etc/dumpdates file
n Notify. Sends messages to the logged-in users terminals who are member of sys group
f device Specify the device
Tape Backup
Become root user, switch to single user mode, and unmount the FS
# /usr/sbin/shutdown –y –g300 “System is being shutdown for backup”
# umount /export/home
# fsck /dev/rdsk/c0t0d0s7
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s7
Remote Backups
To perform remote backups across the network, the system with tape drive must have an entry in its /.rhosts file for every system that uses the tape drive
mt –f tape-device-name command count
mt status -- Displays status info about the drive
mt offline -- Rewind the tape and if appropriate takes the drive unit offline
mt rewind -- Rewinds the tape
mt fsf count -- Moves the tape forward count records
# mt –f /dev/rmt/0n fsf 2 -- Positions the tape at the beginning of the third tape record
Level 0 Monthly
M T W Th F
3 4 5 6 2
3 4 5 6 2
3 4 5 6 2
/etc/dumpdates -- Each line shows the FS that was backed up and the level of the last backup. Also shows the date, and the time of the backup
(eg) /dev/rdsk/c0t2d0s6 0 fri jan 4 19:12:27 2005
When an incremental backup is performed the ufsdump command consults the /etc/dumpdates file. It looks for the date of the next lower level backup. Then the ufsdump command copies to the backup media all of the files that were modified or added since the date of that lower-level backup. When the backup is complete, the /etc/dumpdates file records a new wntry that describes this backup. The new entry replaces the entry for the previous backup at that level
Options for the ufsdump command
0-9 Backup levels
v Verify, After the tape is written for any discrepancies occur
s Size estimate
l Autoload, you use this option with an autoloading tape drive
o Offline, When the backup is complete. Takes offline, rewinds, and if possible eject
u Updates the /etc/dumpdates file
n Notify. Sends messages to the logged-in users terminals who are member of sys group
f device Specify the device
Tape Backup
Become root user, switch to single user mode, and unmount the FS
# /usr/sbin/shutdown –y –g300 “System is being shutdown for backup”
# umount /export/home
# fsck /dev/rdsk/c0t0d0s7
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s7
Remote Backups
To perform remote backups across the network, the system with tape drive must have an entry in its /.rhosts file for every system that uses the tape drive
The ufsrestore command copies files to the disk, relative to the current working directory from backup tapes that were created by the ufsdump command.
Options for the ufsrestore Command
t Lists the table of the backup media
r Restores the entire FS from the backup media
x file1 file2 Restores only the files named on the command line
i Invokes an interactive restore
v Specifies verbose mode. Displays details of the restore operation on the screen
f device Specifies the tape drive name
restoresymtable -- System creates this file when you restore an entire FS. The ufsrestore command uses this file for check=printing or passing information between incremental restores. You can remove this file when the restore is complete.
Restoring the /opt FS
# newfa /dev/rdsk/c0t0d0s5
# mount /dev/dsk/c0t0d0s5 /opt
# cd /opt
# ufsrestore rf /dev/rmt/0
# rm restoresymtable
# cd /
# umount /opt
# fsck /dev/rdsk/c0t0d0s5
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s5
Always restore a FS by starting with the level 0 backup tape, continue with the next lower level tape and continue through the highest level tape.
Restoring /usr FS
ok boot cdrom –s
# newfs /dev/rdsk/c0t0d0s6
# mount /dev/dsk/c0t0d0s6 /a
# cd /a
# ufsrestore rf /dev/rmt/0
# rm restoresymtable
# cd /
# umount /a
# fsck /dev/rdsk/c0t0d0s6
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s6
# init 6
Performing a special case Recovery of the /(root) FS
ok boot cdrom -s
# newfs /dev/rdsk/c0t0d0s0
# mount /dev/dsk/c0t0d0s0 /a
# cd /a
# ufsrestore rf /dev/rmt/0
# rm restoresymtable
# cd /usr/platform/’uname –m’/lib/fs/ufs
# installboot bookblk /dev/rdsk/c0t0d0s0
# cd /
# umount /a
# fsck /dev/rdsk/c0t0d0s0
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s0
# init 6
Invoking an Interactive Restore
# cd /var/tmp
# ufsrestore ivf /dev/rmt/0
ufsrestore> ls -- Display the contents of the directory structure on the backup tape
ufsrestore> cd directory1
ufsrestore> ls
ufsrestore> add file1 file2 -- Add the files you want to be restore to the extraction list
ufsrestore> delete file1 -- to delete a file from the extraction list
ufsrestore> marked -- To view the marked extraction files
ufsrestore> extract -- To restore the selected files from the backup tape
The ufsrestore command has to find the selected files. If you used more than one type for the backup, first insert the tape with the highest volume number and type the appropriate number at this point.
Set directory mde, owner, and times
Set owner/mode for ‘.’?[yn] n -- Answering y sets ownership and permission of the temp
directory to those of the directory structure on the tape
ufsrestore> quit
Move/copy the restored files to their original or permanent directory and delete from the temp directory
Performing an Incremental Restore
Always start with the last volume and towards the first. The system uses info in the restoresymtable file to restore incremental backups on top of the latest full backup.
# more /etc/dumpdates | grep c0t0d0s7
# newfs /dev/rdsk/c0t0d0s7
# mount /dev/dsk/c0t0d0s7 /export/home
# cd /export/home
# ufsrestore rvf /dev/rmt/0
Load the next lower level tape into the tape drive and issue the following command
# ufsrestore rvf /dev/rmt/0
Alternate Steps (5 & 6)
# ufsrestore iv /dev/rmt/0
ufsrestore> ls
ufsrestore> add *
ufsrestore> extract
ufsrestore> q
Load the next tape and perform the below operation
# ufsrestore iv
ufsrestore> ls
ufsrestore> add*
ufsrestore> extract
ufsrestore> q
Options for the ufsrestore Command
t Lists the table of the backup media
r Restores the entire FS from the backup media
x file1 file2 Restores only the files named on the command line
i Invokes an interactive restore
v Specifies verbose mode. Displays details of the restore operation on the screen
f device Specifies the tape drive name
restoresymtable -- System creates this file when you restore an entire FS. The ufsrestore command uses this file for check=printing or passing information between incremental restores. You can remove this file when the restore is complete.
Restoring the /opt FS
# newfa /dev/rdsk/c0t0d0s5
# mount /dev/dsk/c0t0d0s5 /opt
# cd /opt
# ufsrestore rf /dev/rmt/0
# rm restoresymtable
# cd /
# umount /opt
# fsck /dev/rdsk/c0t0d0s5
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s5
Always restore a FS by starting with the level 0 backup tape, continue with the next lower level tape and continue through the highest level tape.
Restoring /usr FS
ok boot cdrom –s
# newfs /dev/rdsk/c0t0d0s6
# mount /dev/dsk/c0t0d0s6 /a
# cd /a
# ufsrestore rf /dev/rmt/0
# rm restoresymtable
# cd /
# umount /a
# fsck /dev/rdsk/c0t0d0s6
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s6
# init 6
Performing a special case Recovery of the /(root) FS
ok boot cdrom -s
# newfs /dev/rdsk/c0t0d0s0
# mount /dev/dsk/c0t0d0s0 /a
# cd /a
# ufsrestore rf /dev/rmt/0
# rm restoresymtable
# cd /usr/platform/’uname –m’/lib/fs/ufs
# installboot bookblk /dev/rdsk/c0t0d0s0
# cd /
# umount /a
# fsck /dev/rdsk/c0t0d0s0
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s0
# init 6
Invoking an Interactive Restore
# cd /var/tmp
# ufsrestore ivf /dev/rmt/0
ufsrestore> ls -- Display the contents of the directory structure on the backup tape
ufsrestore> cd directory1
ufsrestore> ls
ufsrestore> add file1 file2 -- Add the files you want to be restore to the extraction list
ufsrestore> delete file1 -- to delete a file from the extraction list
ufsrestore> marked -- To view the marked extraction files
ufsrestore> extract -- To restore the selected files from the backup tape
The ufsrestore command has to find the selected files. If you used more than one type for the backup, first insert the tape with the highest volume number and type the appropriate number at this point.
Set directory mde, owner, and times
Set owner/mode for ‘.’?[yn] n -- Answering y sets ownership and permission of the temp
directory to those of the directory structure on the tape
ufsrestore> quit
Move/copy the restored files to their original or permanent directory and delete from the temp directory
Performing an Incremental Restore
Always start with the last volume and towards the first. The system uses info in the restoresymtable file to restore incremental backups on top of the latest full backup.
# more /etc/dumpdates | grep c0t0d0s7
# newfs /dev/rdsk/c0t0d0s7
# mount /dev/dsk/c0t0d0s7 /export/home
# cd /export/home
# ufsrestore rvf /dev/rmt/0
Load the next lower level tape into the tape drive and issue the following command
# ufsrestore rvf /dev/rmt/0
Alternate Steps (5 & 6)
# ufsrestore iv /dev/rmt/0
ufsrestore> ls
ufsrestore> add *
ufsrestore> extract
ufsrestore> q
Load the next tape and perform the below operation
# ufsrestore iv
ufsrestore> ls
ufsrestore> add*
ufsrestore> extract
ufsrestore> q
/usr/sbin/fssnap –F FsType –V –o special-options(s) mount-point | special
Options for the fssnap command
-d Deletes the snapshots associated with the given FS. If –o unlink option was used
when you built the snapshot, the backing store file is deleted together otherwise it has
to be deleted manually
-F FsType Specifies the FS type to be used
-i Displays the state of an FSType snapshot
-v Echos the complete command line, but does not execute the command
-o Enables you to use special options. Such as the location & size of bs file
# fssnap –F ufs –o bs=backing_store_path /file_system
# fssnap –F ufs –o bs=/var/tmp /export/home
/dev/fssnap/0
backing store file -- The snapshot subsystem saves FS data in this file. The fssnap command creates the backing-store file and two read-only virtual devices. The block virtual device, /dev/fssnap/0, can be mounted as a read-only FS. The raw virtual device, /dev/rfssnap/0.
You can limit the size of the backing-store file by using the –o maxsize=n option.
If the backing-store file runs out of disk space, the system automatically deleted the ufs snapshot.
# fssnap –F ufs –o bs=/var/tmp,maxsize=500m /export/home
# fssnap –I -- Displays a list of all the current UFS snapshots on the system
0 /export/home
1 /usr
2 /database
# /usr/lib/fs/ufs/fssnap –I /export/home -- Shows the details for the /export/home snapshot
Performing a backup of a UFS Snapshot
# mkdir –p /backups/home.bkp -- Creating an empty directory
# mount –F ufs –o ro /dev/fssnap/0 /backups/home.bkp -- Mounting the block virtual device
# cd /backups/home.bkp
# tar cvf /dev/rmt/0
(or)
# ufsdump 0uf /dev/rmt/0 /dev/rfssnap/0
# ufsrestore tf /dev/rmt/0 -- To verify
Performing an Incremental Backup of a UFS Snapshot
Use ufsdump with the N option to create an incremental UFS snapshot. Which writes the name of the device being backed up, rather than the name of the snapshot device to the /etc/dumpdates file
# ufsdump 1ufN /dev/rmt/0 /dev/rdsk/c1t0d0s0 /dev/rfssnap/0
# ufsrestore tf /dev/rmt/0 -- To verify
# fssnap –d /extra(Source FS) -- To remove a snapshot
# rm /var/tmp/snapshot0
Restoring Data from a UFS Snapshot Backup
The backup created from a virtual device is a backup of the original FS when the UFS snapshot was taken. You can restore a UFS snapshot from a backup tape in the same manner as you would the backup of an original FS
# cd /usr
# ufsrestore if /dev/rmt/0
ufsrestore> add demo
ufsrestore> extract
ufsrestore> quit
Deleting a UFS Snapshot
# umount /dev/fssnap/0
# fssnap 0d /export/home
# rm /backing_store_file
Options for the fssnap command
-d Deletes the snapshots associated with the given FS. If –o unlink option was used
when you built the snapshot, the backing store file is deleted together otherwise it has
to be deleted manually
-F FsType Specifies the FS type to be used
-i Displays the state of an FSType snapshot
-v Echos the complete command line, but does not execute the command
-o Enables you to use special options. Such as the location & size of bs file
# fssnap –F ufs –o bs=backing_store_path /file_system
# fssnap –F ufs –o bs=/var/tmp /export/home
/dev/fssnap/0
backing store file -- The snapshot subsystem saves FS data in this file. The fssnap command creates the backing-store file and two read-only virtual devices. The block virtual device, /dev/fssnap/0, can be mounted as a read-only FS. The raw virtual device, /dev/rfssnap/0.
You can limit the size of the backing-store file by using the –o maxsize=n option.
If the backing-store file runs out of disk space, the system automatically deleted the ufs snapshot.
# fssnap –F ufs –o bs=/var/tmp,maxsize=500m /export/home
# fssnap –I -- Displays a list of all the current UFS snapshots on the system
0 /export/home
1 /usr
2 /database
# /usr/lib/fs/ufs/fssnap –I /export/home -- Shows the details for the /export/home snapshot
Performing a backup of a UFS Snapshot
# mkdir –p /backups/home.bkp -- Creating an empty directory
# mount –F ufs –o ro /dev/fssnap/0 /backups/home.bkp -- Mounting the block virtual device
# cd /backups/home.bkp
# tar cvf /dev/rmt/0
(or)
# ufsdump 0uf /dev/rmt/0 /dev/rfssnap/0
# ufsrestore tf /dev/rmt/0 -- To verify
Performing an Incremental Backup of a UFS Snapshot
Use ufsdump with the N option to create an incremental UFS snapshot. Which writes the name of the device being backed up, rather than the name of the snapshot device to the /etc/dumpdates file
# ufsdump 1ufN /dev/rmt/0 /dev/rdsk/c1t0d0s0 /dev/rfssnap/0
# ufsrestore tf /dev/rmt/0 -- To verify
# fssnap –d /extra(Source FS) -- To remove a snapshot
# rm /var/tmp/snapshot0
Restoring Data from a UFS Snapshot Backup
The backup created from a virtual device is a backup of the original FS when the UFS snapshot was taken. You can restore a UFS snapshot from a backup tape in the same manner as you would the backup of an original FS
# cd /usr
# ufsrestore if /dev/rmt/0
ufsrestore> add demo
ufsrestore> extract
ufsrestore> quit
Deleting a UFS Snapshot
# umount /dev/fssnap/0
# fssnap 0d /export/home
# rm /backing_store_file
Performing User Administration
/etc/passwd -- 7 fields loginID:x:UID:GID:comment:home_dir:login_shell
0 - 99 UID -- Reserved system user accounts
100 – 60000 -- UID for users range
0 -- Root
60001 -- Reserved for the nobody account
60002 -- Reserved for noaccess account -- To generate error message
65534 -- nobody4 The anoynomous user account
/etc/shadow -- 9 fields loginID:password:lastchg:min:max:warn:inactive:expire:reserved
/etc/group -- groupname:group-pwd:GID:user-list
/etc/default/passwd -- Set values for the following parameters MAXWEEKS MINWEEKS
PASSLENGTH (valid entries are 6,7 & 8) WARNWEEKS
1970 –-> V4
1986 -- Sun released first OS (sunos1.0)
# useradd –u –g –G GID,GID,.. d /export/home/user300 –m –s /bin/ksh –c “Regular User” user300
# passwd user300
# useradd –d /export/home/user305 –m user305
# useradd user306
# usermod [-u uid [-o]] [-g gid] [-G gid] [-d dir] [-m] [-s shell] [-c comment] [-l newloginname] loginname
# usermod –l –d /export/home/ –m
# usermod –u user301 -- Change uid to 905
# usermod –s /bin/csh user301
# userdel user301 -- Delete the user account not the home dir
# userdel –r user301 -- Delete user id & home dir
# groupadd [-g gid [-o]] groupname
# groupadd –g
# groupmod [-g gid [-o]] [-n name] groupname
# groupmod –n
# groupmod –g 400 class -- Change GID to 400 for the group class
# groupdel group1
/etc/profile -- The Bourne, Korn and BASH shells execute this initialization file
/etc/.login -- The C shell looks for and executes this initialization file during logon.
There are no default global initialization files for the Z or TC shells
Bourne /etc/profile $HOME/.profile /bin/sh /etc/skel/local.profile
Korn /etc/profile $HOME/.profile /bin/ksh /etc/skel/local.profile
$HOME/.kshrc
C /etc/.login $HOME/.cshrc /bin/csh /etc/skel/local.cshrc
$HOME/.login /etc/skell/local.login
Setting Environment Variables
Bourne or Korn shell VARIABLE=value; export VARIABLE
For example: PS1=”$HOSTNAME”; export PS1
C setenv variable value
For example: setenv LPDEST laserprinter
# id user301 -- Shows UID of the user & primary group
# id –a user301 -- Shows secondary group details also
# groups user300 -- Shows the users groups
# chown –R :grpname
# pwconv -- To sync passwd and shadow files.
/etc/skel -- Template files get copied once user id is created.
-- By default /etc/skel/.profile file don’t have any content.
Profile Order
/etc/motd file -- Message of the day
/etc/profile
/$HOME/.profile
0 - 99 UID -- Reserved system user accounts
100 – 60000 -- UID for users range
0 -- Root
60001 -- Reserved for the nobody account
60002 -- Reserved for noaccess account -- To generate error message
65534 -- nobody4 The anoynomous user account
/etc/shadow -- 9 fields loginID:password:lastchg:min:max:warn:inactive:expire:reserved
/etc/group -- groupname:group-pwd:GID:user-list
/etc/default/passwd -- Set values for the following parameters MAXWEEKS MINWEEKS
PASSLENGTH (valid entries are 6,7 & 8) WARNWEEKS
1970 –-> V4
1986 -- Sun released first OS (sunos1.0)
# useradd –u –g –G GID,GID,.. d /export/home/user300 –m –s /bin/ksh –c “Regular User” user300
# passwd user300
# useradd –d /export/home/user305 –m user305
# useradd user306
# usermod [-u uid [-o]] [-g gid] [-G gid] [-d dir] [-m] [-s shell] [-c comment] [-l newloginname] loginname
# usermod –l –d /export/home/ –m
# usermod –u user301 -- Change uid to 905
# usermod –s /bin/csh user301
# userdel user301 -- Delete the user account not the home dir
# userdel –r user301 -- Delete user id & home dir
# groupadd [-g gid [-o]] groupname
# groupadd –g
# groupmod [-g gid [-o]] [-n name] groupname
# groupmod –n
# groupmod –g 400 class -- Change GID to 400 for the group class
# groupdel group1
/etc/profile -- The Bourne, Korn and BASH shells execute this initialization file
/etc/.login -- The C shell looks for and executes this initialization file during logon.
There are no default global initialization files for the Z or TC shells
Bourne /etc/profile $HOME/.profile /bin/sh /etc/skel/local.profile
Korn /etc/profile $HOME/.profile /bin/ksh /etc/skel/local.profile
$HOME/.kshrc
C /etc/.login $HOME/.cshrc /bin/csh /etc/skel/local.cshrc
$HOME/.login /etc/skell/local.login
Setting Environment Variables
Bourne or Korn shell VARIABLE=value; export VARIABLE
For example: PS1=”$HOSTNAME”; export PS1
C setenv variable value
For example: setenv LPDEST laserprinter
# id user301 -- Shows UID of the user & primary group
# id –a user301 -- Shows secondary group details also
# groups user300 -- Shows the users groups
# chown –R :grpname
# pwconv -- To sync passwd and shadow files.
/etc/skel -- Template files get copied once user id is created.
-- By default /etc/skel/.profile file don’t have any content.
Profile Order
/etc/motd file -- Message of the day
/etc/profile
/$HOME/.profile
Monitoring and User permissions
Monitoring su Attempts
/etc/default/su -- File monitoring su login info
CONSOLE VARIABLE
# CONSOLE=/dev/console -- Remove the comment (#) symbol. So that root can login
remotely by su command.
SULOG VARIABLE
SULOG=/var/adm/sulog -- Specifies the file location of the log file
Controlling System Access
# /etc/default/login file
CONSOLE=/dev/console -- This line should be commented to login as root from remote system
PASSREQ=YES -- Enforces that each user should have password to login
/etc/ftpd/ftpusers -- Lists names of users prohibited from connecting to system through FTP
/etc/ftpusers -- Solaris 8
/etc/hosts.equiv & $HOME/.rhosts -- Files to determine if a remote user is allowed to access the local host, with the identity of a local user. This procedure first check /etc/hosts.equiv and then $HOME/.rhosts
hostname
hostname username
+
If a uses local host’s /etc/hosts.equiv file contains the host name ofa a remote host, then all regular users of that remote host are trusted and do not need to supply a password to login to the local host. Wherease the /rhosts file applies to a specific user
/etc/inetd.conf -- File used to control all services
# svcadm disable (or) enable ftp (or) telnet -- in solaris 10
# rsh 140.40.40.151
# rcp 140.40.40.151:/test/file1 . -- To copy remote system file to local
# rcp $HOME:/file1 140.40.40.151:/tmp -- To copy local files to remote system
# chown user2 file7 -- To change owner of a file
# chown –R user2 dir4 -- To change ownership for folder and all its subfolders
# chown user3:class file7 -- Changing both the individual and group ownership in one shot
# chgrp class file4 -- To change the group ownership of a file or directory
Setuid Permission on Executable Files
When the setuid permission is set on an executable file, a user or process that runs this executable file is granted access based on the owner of the file.
# ls –l /usr/bin/su
_ rs r_xr_x 1 root sys ………….
The setuid permission displays as an “s” in the owners executable field. You should disallow the use of setuid programs or at least restrict their use
# chmod 4555 -- To set setuid permission on a executable.
# find / -perm –4000 -- To search for setuid files
Setgid Permission on Executable Files
When the process runs, it runs as if it were a member of the same group in which the file is a member. Also access is granted based on the permission assigned to that group
# ls –l /usr/bin/write
_ r _ r_sr_x 1 root …………. -- Displays as “s” in the group’s execute field
# chmod 2555
# chmod g+s -- To set setgid for a directory
# find / -perm –2000 -- To search for setgid files
Sticky Bit Permission on Public Directories
If the directory permission have the sticky bit set, a file can be deleted only by the owner of the file/directory or the root user.
# ls –ld /tmp
drwxrwxrwt 6 root sys …… -- Displays as “t” in the execute field for other.
# chmod 1777
# find / -type d –perm –1000 -- To search for sticky bit directory
/etc/default/su -- File monitoring su login info
CONSOLE VARIABLE
# CONSOLE=/dev/console -- Remove the comment (#) symbol. So that root can login
remotely by su command.
SULOG VARIABLE
SULOG=/var/adm/sulog -- Specifies the file location of the log file
Controlling System Access
# /etc/default/login file
CONSOLE=/dev/console -- This line should be commented to login as root from remote system
PASSREQ=YES -- Enforces that each user should have password to login
/etc/ftpd/ftpusers -- Lists names of users prohibited from connecting to system through FTP
/etc/ftpusers -- Solaris 8
/etc/hosts.equiv & $HOME/.rhosts -- Files to determine if a remote user is allowed to access the local host, with the identity of a local user. This procedure first check /etc/hosts.equiv and then $HOME/.rhosts
hostname
hostname username
+
If a uses local host’s /etc/hosts.equiv file contains the host name ofa a remote host, then all regular users of that remote host are trusted and do not need to supply a password to login to the local host. Wherease the /rhosts file applies to a specific user
/etc/inetd.conf -- File used to control all services
# svcadm disable (or) enable ftp (or) telnet -- in solaris 10
# rsh 140.40.40.151
# rcp 140.40.40.151:/test/file1 . -- To copy remote system file to local
# rcp $HOME:/file1 140.40.40.151:/tmp -- To copy local files to remote system
# chown user2 file7 -- To change owner of a file
# chown –R user2 dir4 -- To change ownership for folder and all its subfolders
# chown user3:class file7 -- Changing both the individual and group ownership in one shot
# chgrp class file4 -- To change the group ownership of a file or directory
Setuid Permission on Executable Files
When the setuid permission is set on an executable file, a user or process that runs this executable file is granted access based on the owner of the file.
# ls –l /usr/bin/su
_ rs r_xr_x 1 root sys ………….
The setuid permission displays as an “s” in the owners executable field. You should disallow the use of setuid programs or at least restrict their use
# chmod 4555 -- To set setuid permission on a executable.
# find / -perm –4000 -- To search for setuid files
Setgid Permission on Executable Files
When the process runs, it runs as if it were a member of the same group in which the file is a member. Also access is granted based on the permission assigned to that group
# ls –l /usr/bin/write
_ r _ r_sr_x 1 root …………. -- Displays as “s” in the group’s execute field
# chmod 2555
# chmod g+s -- To set setgid for a directory
# find / -perm –2000 -- To search for setgid files
Sticky Bit Permission on Public Directories
If the directory permission have the sticky bit set, a file can be deleted only by the owner of the file/directory or the root user.
# ls –ld /tmp
drwxrwxrwt 6 root sys …… -- Displays as “t” in the execute field for other.
# chmod 1777
# find / -type d –perm –1000 -- To search for sticky bit directory
Recording Failed Login Attempts
# touch /var/adm/loginlog -- File to log incorrect login. If a user tries to login 5 times
(default) with wrong password a entry is created here.
# chown root:sys /var/adm/loginlog
# chmod 600 /var/adm/loginlog
# /usr/ucb/whoami -- Current login name
# who am i -- Login name of the original user
# touch /var/adm/loginlog -- File to log incorrect login. If a user tries to login 5 times
(default) with wrong password a entry is created here.
# chown root:sys /var/adm/loginlog
# chmod 600 /var/adm/loginlog
# /usr/ucb/whoami -- Current login name
# who am i -- Login name of the original user
/etc/user_attr -- The extended user attributes database, which associates users and roles with
authorizations and right profiles in addition to the /etc/passwd, /etc/group,
and /etc/shadow files
/etc/security/prof_attr -- The rights profile attributes database, which defines profiles, lists
the profile’s assigned authorizations and any nested rights profiles,
and identifies the associated help files.
/etc/security/exec_attr -- The execution attributed database, which defines the privileged
commands and scripts assigned to a profile.
/etc/security/auth_attr -- The authorization attributes database, which defines authorizations
and their attributes. This database also identifies the associated
help file.
/etc/security/policy.conf -- File provides system default authorizations for users
The /etc/user_attr Database
user:qualifier(reserved):res1(reserved):res2(reserved):attr
attr : An optional list of semicolon separated (;) key value pairs that describe the security attributes to be applied when the user runs commands.
type -- Can be normal or role. A role is assumed after the user has logged in.
auths -- Specifies a list of authorization chosen from names defined in the auth_attr DB
profiles -- Specifies a list of profile names chosen from the /etc/security/prof_attr DB
roles -- Specifies a list of role names defined in the same /etc/user_attr DB. Roles are
indicated by setting the type value to role. Roles cannot be assigned to other roles.
sysadmin::::type=role;profiles=Device Management,Filesystem Management,Printer Management
johndoe::::type=normal;auth=solaris.system.date;roles=sysadmin
The /etc/security/prof_attr Database
profname:res1:res2:desc(description):attr
attr : The security attrinutes to apply to the object upon execution. You can specify zero or more key. The two valid keys are help and auths.
# grep ‘Printer Management’ /etc/security/prof_attr
Printer Management:::manage Printers, daemns, \
……………………;auths=solaris.admin.printer.read, \
The Printer Management profile, which is defined in the /etc/security/prof_attr DB, is assigned to the sysadmin role in the /etc/user_attr DB.
The Printer management profile is defined in the prof_attr DB as having all authorizations, beginning with the solaris.admin.printer.string, assigned to it. These authorizations are defined in the /etc/security/auth_attr DB.
solaris.admin.printer.read:::view printer information::\
The /etc/security/exec_attr Database
name:policy:type:res1:res2:id:attr
name -- Name of the profile
policy -- The security policy associated with this entry. The suser (superuser policy model)
is the only valid policy entry.
type -- The type of entity. Whose attributes are specified. The only valid type is cmd
id -- a string identifying the entity. Command should have full path or a path with wildcard
attr -- euid and uid | egid and gid
Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp
The /etc/security/auth_attr Database
You can assign authorization directly to users or roles in the /etc/user_attr DB. You can also assign authorizations to rights profiles, which are assigned to roles.
authname:res1:res2:short_desc:long_desc:attr
authname -- A unique character string that identifies the authorization in the prefix.suffix[.] format.
The /etc/security/policy.conf file
This file lets you grant specific rights profiles and authorization to all users. Two types of entries in the file are
AUTHS_GRANTED=authorizations
PROFS_GRANTED=right_profiles
# cat policy.conf
AUTHS_GRANTED=solaris.device.cdrw
PROFS_GRANTED=Basic Solaris Users
# roleadd –m –d /export/home/tarback –m –c “Privileged tar backup role” –p “Media Backup, Media Restore” tarback
-A authorization and -p profile -- Assign authorization and profiles respectively to the role.
# rolemod –A auth1,auth2 –p profile1,profile2 role1
Additional Commands Used to Perform RBAC Functions
auths Displays authorizations for a user
makedbm Makes a dbm file
nscd Identifies the name service. Useful for caching the 4 RBAC DB details
pam_roles Identifies the role account management module for password authentication
module (PAM)
pfexec Identifies the profile shells used to execute commands with attributes specifies
in exec_attr
policy.conf Identifies the config file for the security policy. Lists granted authorization
profiles Displays profiles for a specified user
roles Displays roles granted to a user
roleadd Adds a role account to the system
rolemod Modifies the role’s account info in the system
roledel Deletes a role’s account from the system
Example
Profile -- Privilege to profile -- Creating Role -- Role to profile -- Role to user
/etc/security/prof_attr -- Contains profile details
Creating profile in prof_attr
uadd::Profile for user admin
init:::Profile for init process
/etc/security/exec_attr -- Privilege to profile
uadd:suser:cmd:::/usr/sbin/useradd:euid=0
uadd:suser:cmd:::/usr/sbin/usermod:euid-0
init:suser:cmd:::/usr/sbin/init:euid=0
init:suser:cmd:::/usr/sbin/shutdown:euid=0
Creating Role
# roleadd –d /export/home/role1 –m role1
# passwd role1
Role to Profile
# rolemod –P uadd,init role1
Adding role to user
# usermod –R role1 user1
/etc/user_attr -- Details about role & user to role
à Login as normal user
à Switch to role profile & use the privilege command
/etc/security/auth_attr -- Authorization file -- Config file for users & this roles
authorizations and right profiles in addition to the /etc/passwd, /etc/group,
and /etc/shadow files
/etc/security/prof_attr -- The rights profile attributes database, which defines profiles, lists
the profile’s assigned authorizations and any nested rights profiles,
and identifies the associated help files.
/etc/security/exec_attr -- The execution attributed database, which defines the privileged
commands and scripts assigned to a profile.
/etc/security/auth_attr -- The authorization attributes database, which defines authorizations
and their attributes. This database also identifies the associated
help file.
/etc/security/policy.conf -- File provides system default authorizations for users
The /etc/user_attr Database
user:qualifier(reserved):res1(reserved):res2(reserved):attr
attr : An optional list of semicolon separated (;) key value pairs that describe the security attributes to be applied when the user runs commands.
type -- Can be normal or role. A role is assumed after the user has logged in.
auths -- Specifies a list of authorization chosen from names defined in the auth_attr DB
profiles -- Specifies a list of profile names chosen from the /etc/security/prof_attr DB
roles -- Specifies a list of role names defined in the same /etc/user_attr DB. Roles are
indicated by setting the type value to role. Roles cannot be assigned to other roles.
sysadmin::::type=role;profiles=Device Management,Filesystem Management,Printer Management
johndoe::::type=normal;auth=solaris.system.date;roles=sysadmin
The /etc/security/prof_attr Database
profname:res1:res2:desc(description):attr
attr : The security attrinutes to apply to the object upon execution. You can specify zero or more key. The two valid keys are help and auths.
# grep ‘Printer Management’ /etc/security/prof_attr
Printer Management:::manage Printers, daemns, \
……………………;auths=solaris.admin.printer.read, \
The Printer Management profile, which is defined in the /etc/security/prof_attr DB, is assigned to the sysadmin role in the /etc/user_attr DB.
The Printer management profile is defined in the prof_attr DB as having all authorizations, beginning with the solaris.admin.printer.string, assigned to it. These authorizations are defined in the /etc/security/auth_attr DB.
solaris.admin.printer.read:::view printer information::\
The /etc/security/exec_attr Database
name:policy:type:res1:res2:id:attr
name -- Name of the profile
policy -- The security policy associated with this entry. The suser (superuser policy model)
is the only valid policy entry.
type -- The type of entity. Whose attributes are specified. The only valid type is cmd
id -- a string identifying the entity. Command should have full path or a path with wildcard
attr -- euid and uid | egid and gid
Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp
The /etc/security/auth_attr Database
You can assign authorization directly to users or roles in the /etc/user_attr DB. You can also assign authorizations to rights profiles, which are assigned to roles.
authname:res1:res2:short_desc:long_desc:attr
authname -- A unique character string that identifies the authorization in the prefix.suffix[.] format.
The /etc/security/policy.conf file
This file lets you grant specific rights profiles and authorization to all users. Two types of entries in the file are
AUTHS_GRANTED=authorizations
PROFS_GRANTED=right_profiles
# cat policy.conf
AUTHS_GRANTED=solaris.device.cdrw
PROFS_GRANTED=Basic Solaris Users
# roleadd –m –d /export/home/tarback –m –c “Privileged tar backup role” –p “Media Backup, Media Restore” tarback
-A authorization and -p profile -- Assign authorization and profiles respectively to the role.
# rolemod –A auth1,auth2 –p profile1,profile2 role1
Additional Commands Used to Perform RBAC Functions
auths Displays authorizations for a user
makedbm Makes a dbm file
nscd Identifies the name service. Useful for caching the 4 RBAC DB details
pam_roles Identifies the role account management module for password authentication
module (PAM)
pfexec Identifies the profile shells used to execute commands with attributes specifies
in exec_attr
policy.conf Identifies the config file for the security policy. Lists granted authorization
profiles Displays profiles for a specified user
roles Displays roles granted to a user
roleadd Adds a role account to the system
rolemod Modifies the role’s account info in the system
roledel Deletes a role’s account from the system
Example
Profile -- Privilege to profile -- Creating Role -- Role to profile -- Role to user
/etc/security/prof_attr -- Contains profile details
Creating profile in prof_attr
uadd::Profile for user admin
init:::Profile for init process
/etc/security/exec_attr -- Privilege to profile
uadd:suser:cmd:::/usr/sbin/useradd:euid=0
uadd:suser:cmd:::/usr/sbin/usermod:euid-0
init:suser:cmd:::/usr/sbin/init:euid=0
init:suser:cmd:::/usr/sbin/shutdown:euid=0
Creating Role
# roleadd –d /export/home/role1 –m role1
# passwd role1
Role to Profile
# rolemod –P uadd,init role1
Adding role to user
# usermod –R role1 user1
/etc/user_attr -- Details about role & user to role
à Login as normal user
à Switch to role profile & use the privilege command
/etc/security/auth_attr -- Authorization file -- Config file for users & this roles
Solaris volume Mangement
metadb –a [-f] [-c n] [-l nnnn] disk_slice-a Adds a stale database replica
-f Force the creation of the initial replica, even if no replica exist.
-c n Specifies the number of replicas to add to the slice
-l nnnn Specifies the size of the new replica in blocks
disk_slice Specifies the name of the disk_slice that will hold the replica
# metadb –a –f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1 -- To create metadb
# metadb -- Reports the status of all replicas
RAID 0 Config
# metainit d10(name d0-dn) 3(total disk/slice) 1 c0t1d0s0 1 c0t1d0s1 1 c0t1d0s3
# newfs /dev/md/rdsk/d10
# metaclear d10 -- Delete the volume
# metainit d0(partition name) –p d10(volume name) 1000m -- Creating partition
# metattach d0 999m -- To increase partition size
# growfs –M /m1(mount point) /dev/md/rdsk/d0 -- To create FS for extra space added
# metattach d10(volume) c0t1d0s4 -- To increase space for volume
RAID 5 Config
# metainit d20 –r(raid 5 option) c0t1d0s0 c0t1d0s1 c0t1d0s3
# metadb –d –f c0t1d0s7 -- To delete metadb
RAID 1 Config
# metainit d10 –m d0 -- To create mirror
Then reboot
# metattach d10 d1 -- Attaching another disk to mirror
# metastat -- To check the status of mirror disk
Building a Mirror of the Root (/) File System
metainit –f concat/stripe numstipes width components……
# metainit –f d0 1 1 c0t0d0s0
d0 concat/stripe is setup
# metainit d1 1 1 c0t1d0s0
d1 concat/stripe is setup
metainit mirror –m submirror [read_options] [write_options] [pass_num]
read_options
-g -- Enables the geometric read option, which results in faster performance on sequential
reads
-r -- Directs all reads to th first submirror. Use this option, when the devices that comprise
the first submirror are substantially faster than those of the second mirror.
You cannot use –r option with the –g option. If neither the –g nor –r options are specified, reads are made in a round-robin order from all submirros in the mirror. This process enables load balancing across the submirros.
write_options
S -- Performs serial write to mirrors. The default setting for this option is parallel write
Pass_num -- A number (0-9) at the end of an entry defining a mirror that determines the order in which that mirror is resynchronized during a reboot. The default is 1. If 0 used resync is skipped.
# metainit d10 –m d0
d10 : Mirror is setup
# metaroot d10 -- Updates /etc/system file also /etc/vfstab
# grep md /etc/vfstab
/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -
The metaroot command also updates the /etc/system file to contain the forceload statement that loads the kernel modules that support the logical volumes.
# tail /etc/system
forceload : misc/md_hotspares
forceload : misc/md_sp
forceload : misc/md_stripe
forceload : misc/md_mirro
forceload : drv/pcipsy
.
.
.
rootdev:/pseudo /md@0.10.blk
You must reboot the system before attaching the secondary submirror
# init 6
# metattach d10 d1
d10: Submirror d1 is attached
# ls –l /dev/dsk/c1t0d0s4
Record the path that follows the /devices directory: /pci@if,0/pci@1/scsi@4......................
ok nvalias backup_root /pci@if,0/pci@1/scsi@4,1/disk@2,0:b
ok printenv boot-device
boot-device=disk net
ok setenv boot-device disk backup_root net
boot-device=disk backup_root net
ok boot backup_root -- To test the secondary submirror
Unmirroring the Root (/) File System
# metastat d10 -- To verify that status of the mirror
# metadetach d10 d1 -- To make a one-way mirror
d10: submirror d1 is detached
# metaroot /de/dsk/c0t0d0s0 -- To change entries in /etc/vfstab and /etc/system
# init 6
# metaclear –r d10 -- To clear the mirror and submirror. The –r deletes metadevices
d10: Mirror is cleared
d0: Concat/Stripe is cleared
# metaclear d1
d1: Concat/Stripe is cleared
When an OS has a fatal error, it generates a crash dump file (crash dump). When a process has a fatal error, it generates a core file.
If the Solaris OE kernel encounters a problem or when an unexpected hardware fault occurs, the panic routine is executed. Where memory contents are copied to a disk partition defined as a dump device.
When an OS crashes, the savecore command is automatically executed during a boot. The savecore command retrieves the crash dump from the dump device and the writes the crash dump to a pair of files in your FS.
It places kernel core info in the /var/crash/nodename/vmcore.X file
It places name list info & table info in the /var/crash/nodename/unix.X file
By default, the dump device is a swap partition. The swap partition contains temp data, therefore permanent data is overwritten by the crash dump.
# dumpadm -- To view the current dump configuration
Dump Content : Kernel pages (or) Application Pages (or) All
Dump device : /dev/dsk/c0t0d0s1 (swap)
Savecore directory : /var/crash/host1
Savecore enabled : yes
# cat /etc/dumpadm.conf -- Content of dumpadm command
Changing the Crash Dump configuration
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm \ min%] [-r root-dir] [-s savecore-dir]
-n Modifies the dump config so it does not run the savecore command automatically on
reboot
-u Forcibly updates the kernel dump config based on the contents of /etc/dumpadm.conf
-y Modifies the dump config so that the savecore command is run automatically on
reboot. This is default
-c content-type The content type can be kernel, all, or curproc. The curproc includes
the kernel, memoty pages and the memory page of the currently executing process
-d dump-device The dump device cab be an absolute path of swap
-m mink | minm | min% Creates a minfree file in the current savecore-dir
-r root-dir Specifies an alternative root directory relative to which dumpadm
command should create files. The default root dir “/” is used.
-s savecore-dir To mention savefiles dir. The default is /var/crash/hostname
Managing Core File Behavior
A core file is a point-in-time copy (snapshot) of the RAM allocated to a process. The copy is written to a more permanent medium, such as a HDD. A core file is useful in analyzing why a particular program crashed.
When a core file occurs, the OS generated two possible copies of the core files, one copy known as the global core file and the other copy known as per process core file. All depends on options in effect. Global core file is created in mode 600 and is owned by the superuser. Ordinary per-process core files are created in mode 600 under the credentials of the process.
# coreadm -- Displays the currnet core file config
global core file pattern : -- Identifies the name to use for core files placed in global directory
init core file pattern : core -- Identified the default name that per-process core files must use
global core dumps : disabled -- Indicates global core files are disabled
per-process core dumps : enabled
global setid core dumps : disabled
per-process setid core dumps : disabled
global core dump logging : disabled
# cat /etc/coreadm.conf -- Content of coreadm command
You can enable or disable two configurable core file paths, per-process and global, separately. If a global core file path is enabled and set to /corefiles/core, for eg. Then each process that terminates abnormally produces two core files: One in the current working directory, and one in the /corefiles/core directory.
coreadm [-p pattern] [pid]………. -- Users can run this command
coreadm [-g pattern] [-I pattern] [-d option……] [-e option…..] -- only root user can run
-i pattern Sets the per-process core file name pattern from init to pattern
-e option Enables the specified core file option
global Enables core dumps by using the global core pattern
process Enables core dumps by using the per-process core pattern
global-setid Enables setid core dump by using the global core pattern
proc-setid Enables setid core dumps by using the per-process core pattern
log Generates a syslog (3) message when a user attempts to generate a
global core file
-d option Disables the specified core file option. See the –e option for possible options
-u Updates system-wide core file options from the config file /etc/coreadm.conf.
-g pattern Sets the global core file name pattern to pattern. The pattern must start with a /
-p pattern Sets the per-process core file name pattern to pattern.
Pattern options for the coreadm Command
%p PID
%u EUID
%g EGID
%f Executable file name
%n System node name (uname –n)
%m Machine hardware name (uname –m)
%t The time in seconds since midnight jan 1 1970
%% Literal %
# coreadm –p core.%f.%p $$ -- When executed from a users $HOME/.profile (or) .login file sets the core file name pattern for all processes run during the login session. The $$ variable is the PID of the currently running shell. The per-process core file name pattern is inherited by all child processes.
# coreadm –p $HOME/corefiles/%n.%f.%p $$ -- This command places all of the user’s core files into the corefiles subdirectory of users home directory, differentiated by the system node name.
# coreadm –g /var/core/core.%f.%p –e global -- This sets system-wide parameters that add the executable filename and PID to the name of any core file that is created.
# coreadm -- to verify that this parameter is now part of the core file configuration
# coreadm 278 5678 -- Search for the core dump file. Only the owner of a process or the superuser can query a process by using the coreadm command with a list of PIDs.
If the Solaris OE kernel encounters a problem or when an unexpected hardware fault occurs, the panic routine is executed. Where memory contents are copied to a disk partition defined as a dump device.
When an OS crashes, the savecore command is automatically executed during a boot. The savecore command retrieves the crash dump from the dump device and the writes the crash dump to a pair of files in your FS.
It places kernel core info in the /var/crash/nodename/vmcore.X file
It places name list info & table info in the /var/crash/nodename/unix.X file
By default, the dump device is a swap partition. The swap partition contains temp data, therefore permanent data is overwritten by the crash dump.
# dumpadm -- To view the current dump configuration
Dump Content : Kernel pages (or) Application Pages (or) All
Dump device : /dev/dsk/c0t0d0s1 (swap)
Savecore directory : /var/crash/host1
Savecore enabled : yes
# cat /etc/dumpadm.conf -- Content of dumpadm command
Changing the Crash Dump configuration
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm \ min%] [-r root-dir] [-s savecore-dir]
-n Modifies the dump config so it does not run the savecore command automatically on
reboot
-u Forcibly updates the kernel dump config based on the contents of /etc/dumpadm.conf
-y Modifies the dump config so that the savecore command is run automatically on
reboot. This is default
-c content-type The content type can be kernel, all, or curproc. The curproc includes
the kernel, memoty pages and the memory page of the currently executing process
-d dump-device The dump device cab be an absolute path of swap
-m mink | minm | min% Creates a minfree file in the current savecore-dir
-r root-dir Specifies an alternative root directory relative to which dumpadm
command should create files. The default root dir “/” is used.
-s savecore-dir To mention savefiles dir. The default is /var/crash/hostname
Managing Core File Behavior
A core file is a point-in-time copy (snapshot) of the RAM allocated to a process. The copy is written to a more permanent medium, such as a HDD. A core file is useful in analyzing why a particular program crashed.
When a core file occurs, the OS generated two possible copies of the core files, one copy known as the global core file and the other copy known as per process core file. All depends on options in effect. Global core file is created in mode 600 and is owned by the superuser. Ordinary per-process core files are created in mode 600 under the credentials of the process.
# coreadm -- Displays the currnet core file config
global core file pattern : -- Identifies the name to use for core files placed in global directory
init core file pattern : core -- Identified the default name that per-process core files must use
global core dumps : disabled -- Indicates global core files are disabled
per-process core dumps : enabled
global setid core dumps : disabled
per-process setid core dumps : disabled
global core dump logging : disabled
# cat /etc/coreadm.conf -- Content of coreadm command
You can enable or disable two configurable core file paths, per-process and global, separately. If a global core file path is enabled and set to /corefiles/core, for eg. Then each process that terminates abnormally produces two core files: One in the current working directory, and one in the /corefiles/core directory.
coreadm [-p pattern] [pid]………. -- Users can run this command
coreadm [-g pattern] [-I pattern] [-d option……] [-e option…..] -- only root user can run
-i pattern Sets the per-process core file name pattern from init to pattern
-e option Enables the specified core file option
global Enables core dumps by using the global core pattern
process Enables core dumps by using the per-process core pattern
global-setid Enables setid core dump by using the global core pattern
proc-setid Enables setid core dumps by using the per-process core pattern
log Generates a syslog (3) message when a user attempts to generate a
global core file
-d option Disables the specified core file option. See the –e option for possible options
-u Updates system-wide core file options from the config file /etc/coreadm.conf.
-g pattern Sets the global core file name pattern to pattern. The pattern must start with a /
-p pattern Sets the per-process core file name pattern to pattern.
Pattern options for the coreadm Command
%p PID
%u EUID
%g EGID
%f Executable file name
%n System node name (uname –n)
%m Machine hardware name (uname –m)
%t The time in seconds since midnight jan 1 1970
%% Literal %
# coreadm –p core.%f.%p $$ -- When executed from a users $HOME/.profile (or) .login file sets the core file name pattern for all processes run during the login session. The $$ variable is the PID of the currently running shell. The per-process core file name pattern is inherited by all child processes.
# coreadm –p $HOME/corefiles/%n.%f.%p $$ -- This command places all of the user’s core files into the corefiles subdirectory of users home directory, differentiated by the system node name.
# coreadm –g /var/core/core.%f.%p –e global -- This sets system-wide parameters that add the executable filename and PID to the name of any core file that is created.
# coreadm -- to verify that this parameter is now part of the core file configuration
# coreadm 278 5678 -- Search for the core dump file. Only the owner of a process or the superuser can query a process by using the coreadm command with a list of PIDs.
Configuring NIS to support jumpstart procedures involves editing files and running commands on the NIS master server in use. Info supplied in the sysidcfg file overrides any information you make available in NIS.
A change to any file that is represented by a map in an NIS domain requires that you complete the following steps on the NIS master server
# vi /etc/inet/hosts
192.10.10.4 client1
# vi /etc/ethers
8:0:20:88:5b client1
# vi locale
client1 en_US
# cd /var/yp
# vi Makefile
1. Add the text after the existing *.time entries. Duplicate the timezone entry, and replace timezone with locale
Add/Append the word locale to the line beginning with the word all
Add the following line after the auto.home: autohometime entry
Locale: locale.time
Save the file and exit the editor
# cd /var/yp
# /usr/ccs/bin/make
2. On any slave servers that exist in the NIS domain, run the ypxfr command to transfer the locale.byname map for the first time.
# /usr/bin/netsvc/yp/ypxfr locale.byname
3. On the NIS master server, again update the NIS maps by running the make command
# cd /var/yp
# /usr/ccs/bin/make
# vi /etc/timezone
US/Mountain client1
US/Mountain Central.sun.com
# cd /var/yp
# /usr/ccs/bin/make
# /vi /etc/netmasks
192.9.200.0 255.255.255.0
# cd /var/yp
# /usr/ccs/bin/make
-- Each time you run the add_install_client script on a boot server to provide boot support for a jumpstart client, the script checks the /etc/nsswitch.conf file for the bootparams entry.
Begin Script
Profile
Finish Script
-- Use can use CD/DVD soruces as boot source instead of spooled Solaris OE Image. Also you can use a Flash source as an alternative installation service.
Identifying Log Files
Jumpstart clients retain the following log files during the installation process:
/tmp/begin.log
/tmp/finish.log
/tmp/install_log
/var/sadm/system/logs/sysidtool.log
Jumpstart clients retain a corresponding set of log files after the installation process completes and the system reboots
/var/sadm/system/logs/begin.log
/var/sadm/system/logs/finish.log
/var/sadm/system/logs/install_log
/var/sadm/system/logs/sysidtool.log
Subscribe with a valid E-mail id so that you can get the latest updates posted in this site in your e-mails
Virtual Memory = RAM + Disk Space
Swap Slice | Swap File | RAM } Swap Space
# swap –s -- Summary of virtual swap space
# swap –l -- Lists the details of systems physical swap (eg. Swap file)
Adding Swap Space
# vi /etc/vfstab
/dev/dsk/c1t0d0s3 - - swap - no -
# swap –a /dev/dsk/c1t0d0s3 -- To add swap space from HDD slice.
Adding Swap File
# mkfile 20m /export/data/swapfile -- Swap file allocation
# swap –a /export.data.swapfile
# swap –l -- To list the details of the modified system swap space
# swap –s -- List a summary of the modified system swap space
# vi /etc/vfstab
/export/data/swapfile - - swap - no -
Removing Swap Space
# swap –d /dev/dsk/c1t0d0s3 -- Also remove entry from vfstab
Removing Swap File
# swap –d /export/data/swapfile
# rm /export/data/swapfile -- Also remove entry from vfstab
Swap Slice | Swap File | RAM } Swap Space
# swap –s -- Summary of virtual swap space
# swap –l -- Lists the details of systems physical swap (eg. Swap file)
Adding Swap Space
# vi /etc/vfstab
/dev/dsk/c1t0d0s3 - - swap - no -
# swap –a /dev/dsk/c1t0d0s3 -- To add swap space from HDD slice.
Adding Swap File
# mkfile 20m /export/data/swapfile -- Swap file allocation
# swap –a /export.data.swapfile
# swap –l -- To list the details of the modified system swap space
# swap –s -- List a summary of the modified system swap space
# vi /etc/vfstab
/export/data/swapfile - - swap - no -
Removing Swap Space
# swap –d /dev/dsk/c1t0d0s3 -- Also remove entry from vfstab
Removing Swap File
# swap –d /export/data/swapfile
# rm /export/data/swapfile -- Also remove entry from vfstab
# who -- List of users currently logged in to the local system. The command refers
/var/adm/utmpx to obtain information
# who –m -- Info about only the current terminal window
# rusers -l -- Displays a list of the users logged in on local and remote hosts.
# finger –m usera -- Displays info about the user and host name of user login session
# last -- Displays a record of all logins and logouts (/var/adm/wtmpx)
# last –n 5 reboot -- To view the last five system reboot times only
/var/adm/utmpx to obtain information
# who –m -- Info about only the current terminal window
# rusers -l -- Displays a list of the users logged in on local and remote hosts.
# finger –m usera -- Displays info about the user and host name of user login session
# last -- Displays a record of all logins and logouts (/var/adm/wtmpx)
# last –n 5 reboot -- To view the last five system reboot times only
No comments:
Post a Comment