Friday, November 19, 2010

Quick Solaris 11 Express walkthrough

This is a quick command/output walkthrough of some example administrative tasks in Solaris 11 Express. You can just skim thought it or run the command yourself on a test installation. It uses zfs-crypto, deduplication, zones, crossbow, ipadm, zonestat and pkg.

Create a alternate boot environment by cloning the current filesystem state for an quick and easy rollback option:

# beadm create initial

Set up static IP and add a persistent route:
# ipadm create-addr -T static -a local=10.0.10.242/24 bge0/v4
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
bge0/v4 static ok 10.0.10.242/24
lo0/v6 static ok ::1/128

# route -p add default 10.0.10.1
add net default: gateway 10.0.10.1
add persistent net default: gateway 10.0.10.1

Add mail notifications on hardware/FMA and SMF state changes:
# pkg install smtp-notify
# svccfg setnotify -g from-online,to-maintenance mailto:admin@somehost.com
# svccfg setnotify problem-diagnosed,problem-updated mailto:admin@somehost.com

Install some utilities from the network repository:
# pkg install terminal/screen mercurial nmap

Create an encrypted dataset for the secret project:
# zfs create -o encryption=on -o mountpoint=/vault rpool/vault
Enter passphrase for 'rpool/vault': ********
Enter again: ********

Add a dataset with deduplication:
zfs create -o dedup=on -o mountpoint=/export/vbox rpool/vbox

Add a NFS/SMB share area and ignore the ZIL for asynchronous writes in favor of performance(unsafe):
# zfs create -o mountpoint=/export/share rpool/share
# zfs set sharesmb=on rpool/share
# zfs set sharesmb=name=share rpool/share
# zfs set sharenfs=on rpool/share
# zfs set sync=disabled rpool/share

Create a virtual switch with crossbow and two virtual interfaces for zones with bandwidth management and assigned to different CPUs:
# dladm create-etherstub etherstub01
# dladm create-vnic -l etherstub01 vnic_zone01
# dladm create-vnic -l etherstub01 vnic_zone02
# dladm set-linkprop -p maxbw=10M -p cpus=3 vnic_zone01
# dladm set-linkprop -p maxbw=10M -p cpus=4 vnic_zone02

Configure and install zone capped to 50% of a CPU located on ZFS and using the virtual interface:
# zfs create -o mountpoint=/zones -o compression=on rpool/zones

# zonecfg -z zone01
zonecfg:zone01> create
zonecfg:zone01> set zonepath=/zones/zone01
zonecfg:zone01> set ip-type=exclusive
zonecfg:zone01> ad capped-cpu
zonecfg:zone01:capped-cpu> set ncpus=0.5
zonecfg:zone01:capped-cpu>end
zonecfg:zone01> add capped-memory
zonecfg:zone01:capped-memory> set swap=2G
zonecfg:zone01:capped-memory> end
zonecfg:zone01> add net
zonecfg:zone01:net> set physical=vnic_zone01
zonecfg:zone01:net> end
zonecfg:zone01> commit

# zoneadm -z zone01 install
A ZFS file system has been created for this zone.
Publisher: Using solaris (http://pkg.oracle.com/solaris/release/ ).
Image: Preparing at /zones/zone02/root.
Sanity Check: Looking for 'entire' incorporation.
Installing: Core System (output follows)

# zoneadm -z zone01 boot
# zonestat 5
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARY Cpus/Online: 4/4 Physical: 8063M Virtual: 11.8G
----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
ZONE USED %PART %CAP %SHRU USED PCT %CAP USED PCT %CAP
[total] 0.76 19.2% - - 946M 11.7% - 1960M 16.2% -
[system] 0.10 2.54% - - 774M 9.60% - 1816M 15.0% -
global 0.66 16.6% - - 133M 1.65% - 113M 0.94% -
zone01 0.00 0.00% 0.03% - 38.1M 0.47% - 30.0M 0.24% 1.46%


Enjoy the new faster scrub/resilver that should have less of impact on other workloads to the pool. It also has a more detailed output:
# zpool scrub rpool
# zpool status rpool
pool: rpool
state: ONLINE
scan: scrub in progress since Sat Nov 20 02:21:51 2010
3.22G scanned out of 19.0G at 35.8M/s, 0h7m to go
0 repaired, 16.95% done
config:

NAME STATE READ WRITE CKSUM
rpool ONLINE 0 0 0
c0t0d0s0 ONLINE 0 0 0

Check if any updates are available:
# pkg update -n
No updates available for this image.

5 comments:

Anonymous said...

How do you access an encrypted dataset? The encrypted dataset cannot be shared.

Henkis said...

Shared datasets can be shared as usual with zfs set sharenfs=on .

美金 said...

This really help a lot, Thanks!
btw, I created a new vnic which over bge0, but don't why it's disabled if after a reboot.

and I have to enable it with -t, withtout -t will raise errors.

I will give more try and find out why, do you know more on this?
-Ryan

Henkis said...

Ryan, could you post exactly what commands you are using so that I can understand what you are doing?

美金 said...

Hi Henkis
I know what's the reason why my ip setting turn to disabled status.
have to do bellow for make nic setting persistent after reboot.

# svcadm disable nwam
# svcadm enable network/physical:default

-Ryan