Wiki code for Examples

Hide Line numbers
1: === Examples
2: 
3:  Help out by posting your favorite OpenSolaris annotated example to [[docs-discuss>>http://www.opensolaris.org/jive/forum.jspa?forumID=21]]!
4: 
5:  This document is a summary of the features in OpenSolaris, with a focus on providing examples and demonstrations for each. This has been written by the following OpenSolaris Community members:
6: 
7: * Brendan Gregg (before Sun got smart and hired him!)
8: * Your name here
9: 
10:  These features may be specific to OpenSolaris, Solaris 10, or even older Solaris versions; the aim is to cover what makes OpenSolaris a great OS. The origin of each feature is documented, to identify the OpenSolaris build number or Solaris release.
11: 
12: ----
13: 
14: ----
15: 
16: ==== BART
17: 
18:  The Basic Audit Reporting Tool provides a database of message digest and inode details. This can be helpful for many reasons, such as intrusion detection and forensics.
19: 
20:  An example of BART detecting a change is,
21: 
22: {{{
23:    # find /etc | bart create -I > etc1.bart
24:    # ed /etc/passwd
25:    580
26:    1s/-/-Duper-/
27:    w
28:    586
29:    q
30:    # find /etc | bart create -I > etc2.bart
31:    # bart compare etc1.bart etc2.bart
32:    /etc/passwd:
33:      size  control:580  test:586
34:      mtime  control:423c07a9  test:426a5d10
35:      contents  control:e90fc4977a824822f360b0c0fb79f567  test:a8f272b513f109f233408067b7eb0e62
36: 
37: }}}
38: 
39:  BART was added in Solaris Express 11/03.
40: 
41: [[BART Bluprint>>http://www.sun.com/blueprints/0405/819-2260.pdf]][[image:images/out.png]] BART Blueprint
42: 
43: ----
44: 
45: ----
46: 
47: ==== Commands
48: 
49: **pfiles** has been enhanced to display pathnames for file descriptors,
50: 
51: {{{
52:    pfiles `pgrep syslog`
53:    342:    /usr/sbin/syslogd
54:    [...]
55:       6: S_IFREG mode:0644 dev:102,0 ino:30080 uid:0 gid:0 size:142041
56:          O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
57:          /var/adm/messages
58:       7: S_IFREG mode:0644 dev:102,0 ino:30079 uid:0 gid:3 size:0
59:          O_WRONLY|O_APPEND|O_NOCTTY|O_LARGEFILE
60:          /var/log/syslog
61:    [...]
62: 
63: }}}
64: 
65: **ls** has new options for time, -e and -E,
66: 
67: {{{
68:    ls -E /etc/motd
69:    -rw-r~--r~--   1 root     sys           54 2005-01-22 10:46:06.000000000 +1100 /etc/motd
70: 
71: }}}
72: 
73: ----
74: 
75: ----
76: 
77: ==== DTrace
78: 
79:  DTrace is an analysis tool that combines features of truss, apptrace, mdb, C and awk, as well as adding many unique features of it’s own. It will help sys admins and delevopers troubleshoot faults and performance problems in amazing detail, and has solved many problems that were previously too difficult to identify.
80: 
81:  DTrace provides us with new tools such as lockstat, plockstat and intrstat. For example,
82: 
83: {{{
84:    # intrstat 1
85:          device |      cpu0 %tim
86:    ~-------------+~---------------
87:           hme#0 |       219 14.3
88:          uata#0 |         0  0.0
89:    ^C
90: }}}
91: 
92:  The CPU is spending 14% of it’s time to satisfy hme0 interrupts, previously too difficult to measure!
93: 
94:  DTrace also provides a command line tool. Here we find which process is generating the most interprocessor crosscalls,
95: 
96: {{{
97:    # dtrace -n ’sysinfo:::xcalls { @num[execname] = count(); }’
98:    dtrace: description ’sysinfo:::xcalls ’ matched 4 probes
99:    ^C
100:      dtrace                                                          105
101:      sched                                                           135
102:      tar                                                            4120
103: 
104: }}}
105: 
106:  Very cool, but that’s the tip of the iceberg. DTrace provides a new language, D, and at least 30,000 probes to measure. It’s possible to write standalone DTrace scripts to analyse just about anying. Here we snoop disk I/O,
107: 
108: {{{
109:    # iosnoop
110:      UID   PID D    BLOCK   SIZE       COMM PATHNAME
111:      100 15795 R     3808   8192        tar /usr/bin/eject
112:      100 15795 R    35904   6144        tar /usr/bin/eject
113:      100 15795 R    39828   6144        tar /usr/bin/env
114:      100 15795 R     3872   8192        tar /usr/bin/expr
115:      100 15795 R    21120   7168        tar /usr/bin/expr
116:    [...]
117: 
118: }}}
119: 
120:  In the above output we can see the tar command is using the disks, as well as the block number, size and pathname accessed!
121: 
122:  DTrace was added in Solaris Express 11/03.
123: 
124: [[DTrace Community>>Community Group dtrace.WebHome]] is the DTrace community on OpenSolaris.
125: [[DTrace BigAdmin>>http://www.sun.com/bigadmin/content/dtrace]][[image:images/out.png]] is the BigAdmin DTrace website.
126: [[DTrace Docs>>http://docs.sun.com/app/docs/doc/817-6223]][[image:images/out.png]] is the DTrace Guide.
127: [[DTrace Tools>>http://www.brendangregg.com/dtrace.html]][[image:images/out.png]] is a repository of DTrace scripts and examples.
128: 
129: ----
130: 
131: ----
132: 
133: ==== gcc
134: 
135:  gcc is available here,
136: 
137: {{{
138:    /usr/sfw/bin/gcc -v
139:    Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs
140:    Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure ~--prefix=/usr/sfw ...
141:    Thread model: posix
142:    gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
143:    #
144:    # /usr/sfw/bin/gmake
145:    gmake: *** No targets specified and no makefile found.  Stop.
146: 
147: }}}
148: 
149:  gcc was shipped with the first Solaris 10 release.
150: 
151: [[gcc>>http://gcc.gnu.org]][[image:images/out.png]] gcc Home Page.
152: 
153: ----
154: 
155: ----
156: 
157: ==== Kernel
158: 
159:  General Kernel features,
160: 
161: * Multi-tasking
162: * Virtual Memory
163: * Fully Preemptive
164: * 64-bit capable
165: 
166: //add stuff here //
167: 
168: ----
169: 
170: ----
171: 
172: ==== Kstat
173: 
174:  Kstat is the Kernel Statistics Facility, a single programming interface to provide module statistics to non-privileged processes. Commands like vmstat, iostat, mpstat and sar are Kstat based. There is a ton of info in Kstat, and it is very useful for developers to find all the system statistics in one place.
175: 
176:  Developers writing device drivers should include support for Kstat. Developers writing tools can use Kstat in C, Perl or shell (but preferably C :).
177: 
178: {{{
179:    #  man -l kstat.3kstat Sun::Solaris::Kstat kstat.1m    # list C, Perl and CLI man pages
180:    kstat.3kstat (3kstat)   -M /usr/man
181:    Sun::Solaris::Kstat (3) -M /usr/perl5/man
182:    kstat.1m (1m)   -M /usr/man
183:    #
184:    # kstat cpu_info:0:cpu_info0:clock_MHz                    # fetch a value using the CLI
185:    module: cpu_info                        instance: 0
186:    name:   cpu_info0                       class:    misc
187:            clock_MHz                       333
188: 
189: }}}
190: 
191: [[Kstat Developers 1>>http://developers.sun.com/solaris/articles/kstatc.html]][[image:images/out.png]] Kstat for C Developers
192: [[Kstat Developers 2>>http://developers.sun.com/solaris/articles/kstat_part2.html]][[image:images/out.png]] Kstat for shell and Perl Developers
193: [[K9Toolkit>>http://www.brendangregg.com/k9toolkit.html]][[image:images/out.png]] Kstat tools written using Perl
194: 
195: ----
196: 
197: ----
198: 
199: ==== IP Filter
200: 
201:  IP Filter is a freeware firewall written by Darren Reed of Australia. It has a simple command line interface, a lightweight look and feel, but is somewhat powerful.
202: 
203:  The following is a summary of IP Filter usage,
204: 
205: {{{
206:    # ipf -Fa -f /etc/ipf/ipf.conf          # load rules
207:    # ipfstat -ionh                         # list rules
208:    # ipnat -CF -f /etc/ipf/ipnat.conf      # load NAT
209:    # ipnat -l                              # list NAT
210:    # vi /etc/ipf/pfil.ap                   # activate interface
211:    # ls /usr/share/ipfilter/examples       # examples,
212:    BASIC.NAT   example.10  example.2   example.6   example.sr  ip_rules    pool.conf
213:    BASIC_1.FW  example.11  example.3   example.7   firewall    mkfilters   server
214:    BASIC_2.FW  example.12  example.4   example.8   ftp-proxy   nat-setup   tcpstate
215:    example.1   example.13  example.5   example.9   ftppxy      nat.eg
216: 
217: }}}
218: 
219:  This is a simple ruleset that blocks all inbound TCP traffic except for SSH, and allows all outbound traffic,
220: 
221: {{{
222:    # cat /etc/ipf/ipf.conf
223:    pass in quick on hme0 proto tcp from any to any port = 22 keep state
224:    block return-rst in log on hme0 proto tcp from any to any
225:    pass out on hme0 proto tcp from any to any keep state
226:    #
227:    # ipfstat -ionh
228:    0 @1 pass out on hme0 proto tcp from any to any keep state
229:    2 @1 pass in quick on hme0 proto tcp from any to any port = ssh keep state
230:    9 @2 block return-rst in log on hme0 proto tcp from any to any
231: 
232: }}}
233: 
234:  IP Filter was added in Solaris Express 2/04.
235: 
236: [[IP Filter Home>>http://coombs.anu.edu.au/~avalon/]][[image:images/out.png]] IP Filter Homepage.
237: [[IP Filter Examples>>http://coombs.anu.edu.au/ipfilter/examples.html]][[image:images/out.png]] IP Filter Examples.
238: [[IP Filter Docs>>http://docs.sun.com/app/docs/doc/816-4554]][[image:images/out.png]] Chapters 24 and 25 of the answerbook.
239: 
240: ----
241: 
242: ----
243: 
244: ==== IPQoS
245: 
246:  IPQoS allows us to classify packets based on various rules, and then stamp the packets with different priorities. Some rules are for port numbers, IP addresses, or UIDs (outbound), other rules called meters can check the rate of traffic. It is based on numerous RFCs, in particular RFC2475, and works best when other network devices also talk IPQoS.
247: 
248: {{{
249:    # ls /etc/inet/ipqosconf.*                      # example configs
250:    /etc/inet/ipqosconf.1.sample  /etc/inet/ipqosconf.3.sample
251:    /etc/inet/ipqosconf.2.sample
252:    #
253:    # ipqosconf -v -a /etc/inet/ipqosinit.conf      # load configs
254:    #
255:    # man -l ipqos ipqosconf ipgpc tokenmt tswtclmt dscpmk flowacct
256:    ipqos (7ipp)    -M /usr/share/man
257:    ipqosconf (1m)  -M /usr/share/man
258:    ipgpc (7ipp)    -M /usr/share/man
259:    tokenmt (7ipp)  -M /usr/share/man
260:    tswtclmt (7ipp) -M /usr/share/man
261:    dscpmk (7ipp)   -M /usr/share/man
262:    flowacct (7ipp) -M /usr/share/man
263: 
264: }}}
265: 
266:  IPQoS was added to Solaris 9 9/02.
267: 
268: [[IPQoS Docs>>http://docs.sun.com/app/docs/doc/816-4554]][[image:images/out.png]] in Chapters 31 to 36.
269: 
270: ----
271: 
272: ----
273: 
274: ==== MTB UFS
275: 
276:  MultiTerabyte UFS is a new flavor of Sun’s enhanced UFS (which is based on the Fast File System, FSS + many enhancements by Sun over the years). MTB_UFS is the default for file systems greater than a terabyte, which it has been optimised for. Other commands, such as fsck and ufsdump support this new file system type.
277: 
278:  Here we use MTB_UFS on a tiny slice that normally wouldn’t, so the -T is necessary to force it,
279: 
280: {{{
281:   # newfs -T /dev/dsk/c0t1d0s0
282:    newfs: construct a new file system /dev/rdsk/c0t1d0s0: (y/n)? y
283:    /dev/rdsk/c0t1d0s0:     16839648 sectors in 16706 cylinders of 16 tracks, 63 sectors
284:            8222.5MB in 59 cyl groups (286 c/g, 140.77MB/g, 192 i/g)
285:    super-block backups (for fsck -F ufs -o b=#) at:
286:     32, 288384, 576736, 865088, 1153440, 1441792, 1730144, 2018496, 2306848,
287:     2595200,
288:     14126208, 14414560, 14702912, 14991264, 15279616, 15567968, 15856320,
289:     16144672, 16433024, 16721376,
290: 
291: }}}
292: 
293:  Notice the cylinder groups are much larger than usual, and there are fewer inodes than normal.
294: 
295:  MTB_UFS was added in Solaris 9 8/03.
296: 
297: [[findbill>>http://www.brendangregg.com/findbill]][[image:images/out.png]] find UFS/MTB_UFS backups - the only google hit for MTB_UFS!
298: 
299: ----
300: 
301: ----
302: 
303: ==== OpenSSL
304: 
305:  The OpenSSL cryptography toolkit provides commands and libraries that are needed by other software.
306: 
307:  There is a /usr/sfw/include/openssl dicectory, as well as the following command,
308: 
309: {{{
310:    $ /usr/sfw/bin/openssl md5 /usr/bin/ls
311:    MD5(/usr/bin/ls)= b46d86445cb33dff0c3029730aab3a1f
312:    $
313:    $ /usr/sfw/bin/openssl enc -aes128 -in /etc/passwd -out /tmp/passwd.aes128
314:    $ enter aes-128-cbc encryption password:
315:    $ Verifying - enter aes-128-cbc encryption password:
316: 
317: }}}
318: 
319:  OpenSSL was added in Solaris Express 8/04.
320: 
321: [[OpenSSL>>http://www.openssl.org/]][[image:images/out.png]] OpenSSL Homepage
322: 
323: ----
324: 
325: ----
326: 
327: ==== PAM
328: 
329:  The Pluggable Authentication Module provides a single authentication point for applications, and sysadmins the ability to change or enhance how authentication is performed. Extra modules can be written in C, placed in /usr/lib/security, and activated by editing /etc/pam.conf.
330: 
331:  For example, the following are the modules that allow rlogin to use trusts,
332: 
333: {{{
334:    # grep rhosts /etc/pam.conf
335:    rlogin  auth sufficient         pam_rhosts_auth.so.1
336:    rsh     auth sufficient         pam_rhosts_auth.so.1
337: 
338: }}}
339: 
340:  PAM was added in Solaris 2.6.
341: 
342: [[PAM Docs>>http://www.sun.com/software/solaris/pam/]][[image:images/out.png]] PAM Docs on www.sun.com
343: 
344: ----
345: 
346: ----
347: 
348: ==== Patch Manager
349: 
350:  Patch Manager provides many ways to automatically manage patches on a server, depending on what strategy is suitable for the environment. Different methods include seperate analysis then download then install steps, or full automation with an "update".
351: 
352:  The following shows the configurables, then a portion of an analysis run,
353: 
354: {{{
355:    # smpatch get
356:    patchpro.backout.directory      -               ""
357:    patchpro.download.directory     -               /var/sadm/spool
358:    patchpro.install.types          -               rebootafter:reconfigafter:standard
359:    patchpro.patch.source           https://updateserver.sun.com/solaris/  https://updateserver.sun.com/solaris/
360:    patchpro.patchset               -               patchdb
361:    patchpro.proxy.host             mars            ""
362:    patchpro.proxy.passwd           ****            ****
363:    patchpro.proxy.port             8080            8080
364:    patchpro.proxy.user             -               ""
365:    patchpro.sun.passwd             ****            ****
366:    patchpro.sun.user               yourlogin       ""
367:    #
368:    # smpatch analyze
369:    119146-01 SunOS 5.10_x86: usr/snadm/lib Patch
370:    119253-01 SunOS 5.10_x86: System Administration Applications Patch
371:    119316-01 SunOS 5.10_x86: Solaris Management Applications Patch
372:    119314-01 SunOS 5.10_x86: WBEM Patch
373:    [...]
374: 
375: }}}
376: 
377:  Patch Manager was added in Solaris Express 6/04.
378: 
379: [[Patch Manager Docs>>http://docs.sun.com/app/docs/doc/817-1985]][[image:images/out.png]] in Chapters 18 and 19.
380: 
381: ----
382: 
383: ----
384: 
385: ==== SMF
386: 
387:  The Solaris Management Framework replaces the usual boot scripts found under /etc/rcS.d/S*... It provides many advantages: faster booting - as services can be started in parallel across CPUs, dependancy checking, excellent logs during boot, a central configuration location, and a simple interface.
388: 
389:  In this above example, we disable ssh using "svcadm" and check the status using "svcs". The change will persist across reboots.
390: 
391: {{{
392:    # ssh 0
393:    The authenticity of host ’0 (0.0.0.0)’ can’t be established.
394:    RSA key fingerprint is 3e:97:ab:fe:18:2e:1a:1f:6a:39:6e:f7:19:bd:43:85.
395:    Are you sure you want to continue connecting (yes/no)? ^C
396:    # svcadm disable ssh
397:    # ssh 0
398:    ssh: connect to host 0 port 22: Connection refused
399:    # svcs ssh
400:    STATE          STIME    FMRI
401:    disabled       11:04:22 svc:/network/ssh:default
402: 
403: }}}
404: 
405:  In the following example, there is a fault with the network card during boot. Many services are now offline, and "svcs -xv" is used to determine the root cause of the problem,
406: 
407: {{{
408:    # svcs -xv
409:    svc:/network/physical:default (physical network interfaces)
410:     State: maintenance since Sun Apr 24 11:13:36 2005
411:    Reason: Start method exited with $SMF_EXIT_ERR_CONFIG.
412:       See: http://sun.com/msg/SMF-8000-KS
413:       See: man -M /usr/share/man -s 1M ifconfig
414:       See: /etc/svc/volatile/network-physical:default.log
415:    Impact: 8 dependent services are not running:
416:            svc:/milestone/network:default
417:            svc:/network/nfs/nlockmgr:default
418:            svc:/network/nfs/client:default
419:            svc:/network/nfs/status:default
420:            svc:/network/nfs/cbd:default
421:            svc:/network/nfs/mapid:default
422:            svc:/network/ipfilter:default
423:            svc:/network/ssh:default
424: 
425: }}}
426: 
427:  The logfile make it clear what is wrong. When the fault is fixed and network/physical is reenabled, all the offline services immediatly start. SMF is really smart and saves a lot of typing.
428: 
429:  SMF (also called the Solaris Service Manager) was introduced Solaris Express 10/04.
430: 
431: [[SMF Quickstart>>http://www.sun.com/bigadmin/content/selfheal/smf-quickstart.html]][[image:images/out.png]] SMF Quickstart Guide on BigAdmin
432: [[SMF Developer>>http://www.sun.com/bigadmin/content/selfheal/sdev_intro.html]][[image:images/out.png]] Service Developer Introduction on BigAdmin
433: [[SMF Docs>>http://docs.sun.com/app/docs/doc/817-1985]][[image:images/out.png]] Chapter 9
434: 
435: ----
436: 
437: ----
438: 
439: ==== Solaris Cryptographic Framework
440: 
441:  The Solaris Cryptographic Framework is based on the Public Key Cryptographic Standard PKCS11 from RSA Security. It allows sysadmins to administer encryption provided by software libraries or hardware cards, and provides developers with a stardard API for adding to the framework.
442: 
443:  The cryptoadm command can be used list all providers, install or uninstall software providers, and enable or disable hardware providers.
444: 
445:  One immediate benifit of the Solaris Cryptographic Framework is the addition of the commands digest and encrypt,
446: 
447: {{{
448:    $  digest
449:    digest: usage: digest -l | [-v] -a <algorithm> [file...]
450:    $ digest -v -a md5 /usr/bin/ls
451:    md5 (/usr/bin/ls) = b46d86445cb33dff0c3029730aab3a1f
452:    $
453:    $ encrypt
454:    encrypt: usage: encrypt -l | -a <algorithm> [-k <keyfile>] [-i <infile>]
455:                            [-o <outfile>]
456:    $
457:    $ encrypt -l
458:    Algorithm       Keysize:  Min   Max (bits)
459:    ~------------------------------------------
460:    aes                       128   128
461:    arcfour                     8   128
462:    des                        64    64
463:    3des                      192   192
464: 
465: }}}
466: 
467:  PS. MD5 and SHA1 may be insecure, check recent articles on collisions. Good thing we have the Solaris Cryptographic Framework, as it is easy to upgrade these algorithms. :)
468: 
469:  The Solaris Cryptographic Framework was added in stages, from Solaris Express 9/03 to Solaris Express 6/04.
470: 
471: [[BigAdmin Xperts>>http://www.sun.com/bigadmin/xperts/sessions/12_crypt/]][[image:images/out.png]] Xpert transcript on BigAdmin
472: [[ BigAdmin Article>>http://www.sun.com/bigadmin/features/articles/crypt_framework.html]][[image:images/out.png]] Article on BigAdmin
473: 
474: ----
475: 
476: ----
477: 
478: ==== StarOffice 7
479: 
480:  StarOffice 7 is a fast and very capable word processor suite. It can import and export to all of the popular file formats, plus it’s own formats generate nicely small files.
481: 
482:  The first time StarOffice is executed it configures itself, then it behaves as normal,
483: 
484: {{{
485:    $ /usr/bin/soffice -h
486:    StarOffice 7  645m52(Build:8824)
487: 
488:    Usage: soffice [options] [documents...]
489: 
490: }}}
491: 
492:  StarOffice was added to the Solaris 10 release.
493: 
494: [[StarOffice 7>>http://www.sun.com/software/star/staroffice/index.xml]][[image:images/out.png]] StarOffice 7 at www.sun.com
495: [[StarOffice.Com>>http://www.staroffice.com/]][[image:images/out.png]] StarOffice User Portal
496: 
497: ----
498: 
499: ----
500: 
501: ==== TCP MDT
502: 
503:  TCP MultaData Transmit allows TCP/IP to aggregate packets sent to the network device driver, reducing the overhead of switching between these modules. This increases network performance.
504: 
505:  Testing using TTCP (Test TCP) on an busy UltraSPARC 10 with TCP MDT turned on and then off,
506: 
507: {{{
508:    # java ttcp -n 32768 -t 192.168.1.1
509:    Transmit: buflen= 8192  nbuf= 32768 port= 5001
510:    Transmit connection:
511:      Socket[addr=alfa/192.168.1.1,port=5001,localport=33398].
512:    Transmit: 268435456 bytes in 29776 milli-seconds = 9015.162 KB/sec (72121.3 Kbps).
513:    #
514:    # ndd -set /dev/ip ip_multidata_outbound 0
515:    #
516:    # java ttcp -n 32768 -t 192.168.1.1
517:    Transmit: buflen= 8192  nbuf= 32768 port= 5001
518:    Transmit connection:
519:      Socket[addr=alfa/192.168.1.1,port=5001,localport=33391].
520:    Transmit: 268435456 bytes in 34520 milli-seconds = 7776.23 KB/sec (62209.84 Kbps).
521: 
522: }}}
523: 
524:  When TCP MDT is turned on we get 9.0 Mb/s, and when off 7.7 Mb/s. The more loaded the server is, the greater the difference.
525: 
526:  TCP MDT was added in the Solaris 9 8/03 release.
527: 
528: ----
529: 
530: ----
531: 
532: ==== Webmin
533: 
534:  Webmin is a freeware GUI that allows easy administration of common tasks. To activate webmin,
535: 
536: {{{
537:    # /usr/sfw/bin/webminsetup
538:    Login name (default root):
539: 
540:    Web server port (default 10000):
541: 
542:    Use SSL?  [y,n,?,q] y
543:    ***********************************************************************
544:    *            Welcome to the Webmin setup script, version 1.170        *
545:    ***********************************************************************
546:    Webmin is a web-based interface that allows Unix-like operating
547:    systems and common Unix services to be easily administered.
548:    [...]
549: 
550: }}}
551: 
552:  Then connect to https://localhost:10000 in your browser to start webmin. New modules exist for SMF and IP Filter.
553: 
554:  webmin was added in Solaris Express 11/04.
555: 
556: [[Webmin>>http://www.webmin.com]][[image:images/out.png]] The Webmin homepage.
557: 
558: ----
559: 
560: ----
561: 
562: ==== ZFS
563: 
564: ZFS is both a volume manager and a file system, and is the world’s most advanced file system technology. Its numerous features include checksums on all data, 128-bit capacity, dynamic striping, incredible ease of use, and excellent performance.
565: 
566: There are two main commands for administering ZFS: zpool and zfs. Here, a single zpool command is issued to take four 75 Gbyte disks and create a mirrored, checksumed, dynamically-striped pool of storage, called "fast". The next two zpool commands observe the state of the pool.
567: 
568: {{{
569:    # zpool create fast mirror c1t0d0 c1t1d0 mirror c1t2d0 c1t3d0
570:    #
571:    # zpool list
572:    NAME              SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
573:    pool            149.1G   2.92M  149.1G     0%  ONLINE     -
574:    #
575:    # zpool status
576:      pool: fast
577:     state: ONLINE
578:     scrub: none requested
579:    config:
580: 
581:            NAME        STATE     READ WRITE CKSUM
582:            fast        ONLINE       0     0     0
583:              mirror    ONLINE       0     0     0
584:                c1t0d0  ONLINE       0     0     0
585:                c1t1d0  ONLINE       0     0     0
586:              mirror    ONLINE       0     0     0
587:                c1t2d0  ONLINE       0     0     0
588:                c1t3d0  ONLINE       0     0     0
589: 
590:    errors: No known data errors
591: 
592: }}}
593: 
594: After creating a storage pool, file systems can be created that use that pool. Here the zfs command is used to create a file system called "fast/home", which has a 20 Gbyte quota, compresses data (for both greater capacity and improved I/O throughput), and is mounted on /export/home.
595: 
596: {{{
597:    # zfs create fast/home
598:    # zfs set mountpoint=/export/home fast/home
599:    # zfs set compression=on fast/home
600:    # zfs set quota=20G fast/home
601:    # zfs list
602:    NAME                   USED  AVAIL  REFER  MOUNTPOINT
603:    fast                  91.0K 149.1G   9.5K  /fast
604:    fast/home                8K  20.0G     8K  /fast/home
605:    #
606:    # df -F zfs -h
607:    Filesystem             size   used  avail capacity  Mounted on
608:    fast/home               20G     9K    20G     1%    /export/home
609:    fast                   149G    91K   149G     1%    /fast
610: 
611: }}}
612: 
613: ZFS is already in OpenSolaris, and will be part of the Solaris 10 6/06 release.
614: 
615: [[ZFS Community>>Community Group zfs.WebHome]] OpenSolaris ZFS Community.
616: [[ZFS Learning Center>>http://www.sun.com/software/solaris/zfs_learning_center.jsp]] introduces ZFS.
617: [[ZFS Release>>http://www.sun.com/smi/Press/sunflash/2006-05/sunflash.20060502.5.xml?cid=155]] Announcement for the Solaris 10 6/06 release.
618: [[ZFS Article>>http://www.sun.com/2004-0914/feature/]] Sun’s ZFS article.
619: [[ZFS For Home>>http://uadmin.blogspot.com/2006/05/why-zfs-for-home.html]] discusses using ZFS for home use.
620: [[ZFS vs LVM>>http://unixconsult.org/zfs_vs_lvm.html]] compares differences between ZFS and Linux LVM.
621:  Also see the manpages for zpool and zfs, which are an excellent reference and include many examples.
622: 
623: ----
624: 
625: ----
626: 
627: ==== Zones
628: 
629:  A zone is a virtual instance of Solaris. Zones are great for isolation of network serives, sharing resources on a large server, or creating development environments. Each zone has it’s own root password, it’s own /etc and /var files, and it’s own OS files if installed in that way.
630: 
631:  In the following, a zone is created that by default will share (lofs ro) most of the OS with the global zone (the root install),
632: 
633: {{{
634:    # zonecfg -z small-zone
635:    small-zone: No such zone configured
636:    Use ’create’ to begin configuring a new zone.
637:    zonecfg:small-zone> create
638:    zonecfg:small-zone> set autoboot=true
639:    zonecfg:small-zone> set zonepath=/export/small-zone  
640:    zonecfg:small-zone> add net
641:    zonecfg:small-zone:net> set address=192.168.2.101
642:    zonecfg:small-zone:net> set physical=hme0
643:    zonecfg:small-zone:net> end
644:    zonecfg:small-zone> verify
645:    zonecfg:small-zone> exit
646:    # mkdir /export/small-zone
647:    # chmod 700 /export/small-zone
648:    # zoneadm -z small-zone install
649:    Preparing to install zone <small-zone>.
650:    Creating list of files to copy from the global zone.
651:    Copying <2574> files to the zone.
652:    [...]
653: 
654: }}}
655: 
656:  A single server may run many zones, each can be rebooted independantly to the global zone. Here we list all the zones and login to one of them,
657: 
658: {{{
659:    # zoneadm list -cv
660:      ID NAME             STATUS         PATH            
661:       0 global           running        /                
662:       1 workzone4        running        /export/workzone4 
663:       2 workzone3        running        /export/workzone3  
664:       3 workzone2        running        /export/workzone2   
665:       4 workzone1        running        /export/workzone1   
666:    #
667:    # zlogin workzone1
668:    [Connected to zone ’workzone1’ pts/2]
669:    Last login: Tue Apr 19 09:39:57 on pts/2
670:    Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
671:    Welcome to Sol10_Generic on sfe2900
672:    #
673: 
674: }}}
675: 
676:  Resource control is possible for CPU and Memory in a variety of ways. The Fair Share Schedular can divide CPU resources between busy zones depending on ratios. The following demonstrates the result of attempting to give workzone1 60%, workzone2 30% and workzone3 10% of the CPUs,
677: 
678: {{{
679:    # prstat -Z
680:       PID USERNAME  SIZE   RSS STATE  PRI NICE      TIME  CPU PROCESS/NLWP       
681:      2008 root     4000K 1168K cpu513  28    0   0:02:11 3.7% cpuhog.pl/1
682:      2018 root     4000K 1168K cpu1    32    0   0:02:11 3.7% cpuhog.pl/1
683:    [...]
684:    ZONEID    NPROC  SIZE   RSS MEMORY      TIME  CPU ZONE        
685:         2       51  182M   93M   0.5%   0:37:27  59% workzone1   
686:         4       51  182M   92M   0.5%   0:16:25  30% workzone2   
687:         3       51  183M   93M   0.5%   0:16:30  10% workzone3   
688:         0       61  359M  194M   1.1%   0:00:11 0.1% global      
689:         1       34  116M   72M   0.4%   0:00:12 0.0% workzone4   
690:    Total: 248 processes, 659 lwps, load averages: 51.19, 40.28, 20.52
691: 
692: }}}
693: 
694:  Zones was released with Solaris Express 2/04.
695: 
696: [[Zones Community>>Community Group zones.WebHome]] OpenSolaris Zones Community.
697: [[Zones BigAdmin>>http://www.sun.com/bigadmin/content/zones]][[image:images/out.png]] Zones BigAdmin
698: [[Zones Docs>>http://docs.sun.com/db/doc/817-1592]][[image:images/out.png]] Zones Answerbook on docs.sun.com
699: [[Zones Examples>>http://www.brendangregg.com/zones.html]][[image:images/out.png]] Zones Examples, including resource control
700: 
701: ----
702: 
703: === Guidelines
704: 
705: ----
706: 
707:  Each section is a summary so try to be brief - get to the point and provide a small example if possible. Make sure the subject fits on one screen (ok, DTrace, Zones and ZFS may be exceptions to that!). Add the release that this feature was added, and a short list of related websites.
708: 
709:  More detailed examples can be created as extra wiki enties, and linked to in the list of links.
710: 
711: ----
712: 
713: === History
714: 
715: ----
716: 
717:  23-Apr-05 This site was created - Brendan.
718:  23-Apr-05 Added DTrace, TCP MDT, Webmin, IP Filter, gcc, commands, MTB UFS, SCF sections - Brendan.
719:  24-Apr-05 Added Zones, StarOffice 7, Patch Manager, BART, IPQoS, SMF, Kstat, PAM sections - Brendan.
720:  11-Nov-05 Moved contents section to end for readability and changed title - Michelle.
721:  21-May-06 Some updates, including ZFS - Brendan.
722:  27-Apr-07 Moved content, removed Features heading, added instructions - Michelle
OpenSolaris

Top Menu

Wiki code for Examples

Search

Collectives

Community Group

Project

User Group

Subsites

Community Group documentation Pages
