Friday, November 19, 2010

Quick Solaris 11 Express walkthrough

This is a quick command/output walkthrough of some example administrative tasks in Solaris 11 Express. You can just skim thought it or run the command yourself on a test installation. It uses zfs-crypto, deduplication, zones, crossbow, ipadm, zonestat and pkg.

Create a alternate boot environment by cloning the current filesystem state for an quick and easy rollback option:

# beadm create initial

Set up static IP and add a persistent route:
# ipadm create-addr -T static -a local= bge0/v4
# ipadm show-addr
lo0/v4 static ok
bge0/v4 static ok
lo0/v6 static ok ::1/128

# route -p add default
add net default: gateway
add persistent net default: gateway

Add mail notifications on hardware/FMA and SMF state changes:
# pkg install smtp-notify
# svccfg setnotify -g from-online,to-maintenance
# svccfg setnotify problem-diagnosed,problem-updated

Install some utilities from the network repository:
# pkg install terminal/screen mercurial nmap

Create an encrypted dataset for the secret project:
# zfs create -o encryption=on -o mountpoint=/vault rpool/vault
Enter passphrase for 'rpool/vault': ********
Enter again: ********

Add a dataset with deduplication:
zfs create -o dedup=on -o mountpoint=/export/vbox rpool/vbox

Add a NFS/SMB share area and ignore the ZIL for asynchronous writes in favor of performance(unsafe):
# zfs create -o mountpoint=/export/share rpool/share
# zfs set sharesmb=on rpool/share
# zfs set sharesmb=name=share rpool/share
# zfs set sharenfs=on rpool/share
# zfs set sync=disabled rpool/share

Create a virtual switch with crossbow and two virtual interfaces for zones with bandwidth management and assigned to different CPUs:
# dladm create-etherstub etherstub01
# dladm create-vnic -l etherstub01 vnic_zone01
# dladm create-vnic -l etherstub01 vnic_zone02
# dladm set-linkprop -p maxbw=10M -p cpus=3 vnic_zone01
# dladm set-linkprop -p maxbw=10M -p cpus=4 vnic_zone02

Configure and install zone capped to 50% of a CPU located on ZFS and using the virtual interface:
# zfs create -o mountpoint=/zones -o compression=on rpool/zones

# zonecfg -z zone01
zonecfg:zone01> create
zonecfg:zone01> set zonepath=/zones/zone01
zonecfg:zone01> set ip-type=exclusive
zonecfg:zone01> ad capped-cpu
zonecfg:zone01:capped-cpu> set ncpus=0.5
zonecfg:zone01> add capped-memory
zonecfg:zone01:capped-memory> set swap=2G
zonecfg:zone01:capped-memory> end
zonecfg:zone01> add net
zonecfg:zone01:net> set physical=vnic_zone01
zonecfg:zone01:net> end
zonecfg:zone01> commit

# zoneadm -z zone01 install
A ZFS file system has been created for this zone.
Publisher: Using solaris ( ).
Image: Preparing at /zones/zone02/root.
Sanity Check: Looking for 'entire' incorporation.
Installing: Core System (output follows)

# zoneadm -z zone01 boot
# zonestat 5
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARY Cpus/Online: 4/4 Physical: 8063M Virtual: 11.8G
----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
[total] 0.76 19.2% - - 946M 11.7% - 1960M 16.2% -
[system] 0.10 2.54% - - 774M 9.60% - 1816M 15.0% -
global 0.66 16.6% - - 133M 1.65% - 113M 0.94% -
zone01 0.00 0.00% 0.03% - 38.1M 0.47% - 30.0M 0.24% 1.46%

Enjoy the new faster scrub/resilver that should have less of impact on other workloads to the pool. It also has a more detailed output:
# zpool scrub rpool
# zpool status rpool
pool: rpool
state: ONLINE
scan: scrub in progress since Sat Nov 20 02:21:51 2010
3.22G scanned out of 19.0G at 35.8M/s, 0h7m to go
0 repaired, 16.95% done

rpool ONLINE 0 0 0
c0t0d0s0 ONLINE 0 0 0

Check if any updates are available:
# pkg update -n
No updates available for this image.


Anonymous said...

How do you access an encrypted dataset? The encrypted dataset cannot be shared.

Henkis said...

Shared datasets can be shared as usual with zfs set sharenfs=on .

美金 said...

This really help a lot, Thanks!
btw, I created a new vnic which over bge0, but don't why it's disabled if after a reboot.

and I have to enable it with -t, withtout -t will raise errors.

I will give more try and find out why, do you know more on this?

Henkis said...

Ryan, could you post exactly what commands you are using so that I can understand what you are doing?

美金 said...

Hi Henkis
I know what's the reason why my ip setting turn to disabled status.
have to do bellow for make nic setting persistent after reboot.

# svcadm disable nwam
# svcadm enable network/physical:default