Friday, November 19, 2010

Quick Solaris 11 Express walkthrough

This is a quick command/output walkthrough of some example administrative tasks in Solaris 11 Express. You can just skim thought it or run the command yourself on a test installation. It uses zfs-crypto, deduplication, zones, crossbow, ipadm, zonestat and pkg.

Create a alternate boot environment by cloning the current filesystem state for an quick and easy rollback option:
# beadm create initial

Set up static IP and add a persistent route:
# ipadm create-addr -T static -a local=10.0.10.242/24 bge0/v4
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
bge0/v4 static ok 10.0.10.242/24
lo0/v6 static ok ::1/128

# route -p add default 10.0.10.1
add net default: gateway 10.0.10.1
add persistent net default: gateway 10.0.10.1

Add mail notifications on hardware/FMA and SMF state changes:
# pkg install smtp-notify
# svccfg setnotify -g from-online,to-maintenance mailto:admin@somehost.com
# svccfg setnotify problem-diagnosed,problem-updated mailto:admin@somehost.com

Install some utilities from the network repository:
# pkg install terminal/screen mercurial nmap

Create an encrypted dataset for the secret project:
# zfs create -o encryption=on -o mountpoint=/vault rpool/vault
Enter passphrase for 'rpool/vault': ********
Enter again: ********

Add a dataset with deduplication:
zfs create -o dedup=on -o mountpoint=/export/vbox rpool/vbox

Add a NFS/SMB share area and ignore the ZIL for asynchronous writes in favor of performance(unsafe):
# zfs create -o mountpoint=/export/share rpool/share
# zfs set sharesmb=on rpool/share
# zfs set sharesmb=name=share rpool/share
# zfs set sharenfs=on rpool/share
# zfs set sync=disabled rpool/share

Create a virtual switch with crossbow and two virtual interfaces for zones with bandwidth management and assigned to different CPUs:
# dladm create-etherstub etherstub01
# dladm create-vnic -l etherstub01 vnic_zone01
# dladm create-vnic -l etherstub01 vnic_zone02
# dladm set-linkprop -p maxbw=10M -p cpus=3 vnic_zone01
# dladm set-linkprop -p maxbw=10M -p cpus=4 vnic_zone02

Configure and install zone capped to 50% of a CPU located on ZFS and using the virtual interface:
# zfs create -o mountpoint=/zones -o compression=on rpool/zones

# zonecfg -z zone01
zonecfg:zone01> create
zonecfg:zone01> set zonepath=/zones/zone01
zonecfg:zone01> set ip-type=exclusive
zonecfg:zone01> ad capped-cpu
zonecfg:zone01:capped-cpu> set ncpus=0.5
zonecfg:zone01:capped-cpu>end
zonecfg:zone01> add capped-memory
zonecfg:zone01:capped-memory> set swap=2G
zonecfg:zone01:capped-memory> end
zonecfg:zone01> add net
zonecfg:zone01:net> set physical=vnic_zone01
zonecfg:zone01:net> end
zonecfg:zone01> commit

# zoneadm -z zone01 install
A ZFS file system has been created for this zone.
Publisher: Using solaris (http://pkg.oracle.com/solaris/release/ ).
Image: Preparing at /zones/zone02/root.
Sanity Check: Looking for 'entire' incorporation.
Installing: Core System (output follows)

# zoneadm -z zone01 boot
# zonestat 5 
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARY                    Cpus/Online: 4/4   Physical: 8063M    Virtual: 11.8G
                    ----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
              ZONE  USED %PART  %CAP %SHRU  USED   PCT  %CAP  USED   PCT  %CAP
           [total]  0.76 19.2%     -     -  946M 11.7%     - 1960M 16.2%     -
          [system]  0.10 2.54%     -     -  774M 9.60%     - 1816M 15.0%     -
            global  0.66 16.6%     -     -  133M 1.65%     -  113M 0.94%     -
           zone01  0.00 0.00% 0.03%     - 38.1M 0.47%     - 30.0M 0.24% 1.46%


Enjoy the new faster scrub/resilver that should have less of impact on other workloads to the pool. It also has a more detailed output:
# zpool scrub rpool
# zpool status rpool
pool: rpool
state: ONLINE
scan: scrub in progress since Sat Nov 20 02:21:51 2010
3.22G scanned out of 19.0G at 35.8M/s, 0h7m to go
0 repaired, 16.95% done
config:

NAME STATE READ WRITE CKSUM
rpool ONLINE 0 0 0
c0t0d0s0 ONLINE 0 0 0

Check if any updates are available:
# pkg update -n
No updates available for this image.

at

5 comments:

  1. AnonymousFebruary 2, 2011 at 12:32 PM

    How do you access an encrypted dataset? The encrypted dataset cannot be shared.

    ReplyDelete
  2. HenkisFebruary 4, 2011 at 6:14 AM

    Shared datasets can be shared as usual with zfs set sharenfs=on .

    ReplyDelete
  3. 美金June 16, 2011 at 8:41 AM

    This really help a lot, Thanks!
    btw, I created a new vnic which over bge0, but don't why it's disabled if after a reboot.

    and I have to enable it with -t, withtout -t will raise errors.

    I will give more try and find out why, do you know more on this?
    -Ryan

    ReplyDelete
  4. HenkisJune 16, 2011 at 1:58 PM

    Ryan, could you post exactly what commands you are using so that I can understand what you are doing?

    ReplyDelete
  5. 美金June 21, 2011 at 7:56 AM

    Hi Henkis
    I know what's the reason why my ip setting turn to disabled status.
    have to do bellow for make nic setting persistent after reboot.

    # svcadm disable nwam
    # svcadm enable network/physical:default

    -Ryan

    ReplyDelete