System Administration for the Oracle Solaris 10 OS Part 2 Practice Guide

8/9/2019 System Administration for the Oracle Solaris 10 OS Part 2 Practice Guide

1/152

System Administration for the

Oracle Solaris 10 OS Part 2

Activity Guide


2/152

Table of Contents

Practices for Lesson 1: Introduction ............. ............. ............. ............. ............. ............. ............. ............. 1-1

Practices for Lesson 1 ............................................................................................................................. 1-3

Practices for Lesson 2: Managing Swap Space, Core Files, and Crash Dumps ..... ................. ............. ... 2-1

Practices for Lesson 2: Overview ............ ............. ............. ............. ............ ............. ............. ............. ....... 2-3

Practice 2-1: Managing Swap Utility Configuration .................. ............. ............. ............. ............. ............. 2-4

Practice 2-2: Collecting the Crash Dump and Core Dump ............. ............. ............. ............. ............. ........ 2-8

Practices for Lesson 3: Configuring NFS ............. ............. ............. ............. ............. ............. ............. ...... 3-1


Practice 3-1: Configuring NFS ................................................................................................................. 3-3

Practices for Lesson 4: Configuring AutoFS ...................... ............. ............. ............. ............. ............. .... 4-1


Practice 4-1: Configuring AutoFS ............ ............. ............. ............. ............ ............. ............. ............. ....... 4-3

Practices for Lesson 5: Describing RAID ............. ............. ............. ............. ............. ............. ............. ...... 5-1

Practices for Lesson 5 ............................................................................................................................. 5-3

Practices for Lesson 6: Configuring Solaris Volume Manager Software ............. ............. ............. .......... 6-1


Practice 6-1: Mirroring the root (/) File System on SPARC-Based Systems .................... ............. ............. . 6-3

Practice 6-2: Mirroring the root (/) File System on x86/x64-Based Systems ............. ............. ............. ........ 6-11

Practices for Lesson 7: Configuring Role-Based Access Control (RBAC) ............ ............. ............. ........ 7-1


Practice 7-1: Configuring RBAC............................................................................................................... 7-3

Practices for Lesson 8: Configuring System Messaging ............. ............. ............. ............. ............. ........ 8-1


Practice 8-1: Using the syslog Function and Auditing Utilities............ ............. ............. ............. ............. .... 8-3

Practices for Lesson 9: Using Name Services ........... ............. ............. ............. ............. ............. ............. 9-1


Practice 9-1: Reviewing Name Services ............. ............. ............. ............ ............. ............. ............. ......... 9-3

Practices for Lesson 10: Configuring Name Service Clients ........... ............. ............. ............. ............. .... 10-1

Practices for Lesson 10: Overview ............ ............ ............. ............. ............. ............. ............. ............... ... 10-2

Practice 10-1: Configuring a System to Use DNS and LDAP ...................... ............. ............ ............. ........ 10-3

Practices for Lesson 11: Introduction to Zones ............ ............. ............. ............ ............. ............. ........... 11-1


Practice 11-1: Configuring Zones ............ ............. ............. ............. ............ ............. ............. ............. ....... 11-3

Practice 11-2: Validating a Zone Migration Before Actual Migration ............ ............. ............. ............. ........ 11-17

Practices for Lesson 12: Introduction to LDAP ............. ............ ............. ............. ............. ............. ........... 12-1

Practices for Lesson 12 ........................................................................................................................... 12-3

Practices for Lesson 13: Configuring JumpStart Installation Using Oracle Solaris 10 ........................... 13-1Practices for Lesson 13: Overview ............ ............ ............. ............. ............. ............. ............. ............... ... 13-2

Practice 13-1: Configuring a JumpStart Server to Support One SPARC JumpStart Client .......................... 13-3

Practice 13-2: Configuring a JumpStart Server to Support One x86/x64 JumpStart Client ..................... ..... 13-10

Practice 13-3: (Optional) Creating a ZFS Mirrored Root Pool ............ ............. ............. ............. ............. .... 13-37

Practices for Lesson 14: Performing Live Upgrade Using the Oracle Solaris 10 Operating System ...... 14-1


Practice 14-1: Patching and Upgrading Using Solaris Live Upgrade ............. ............. ............. ............. ...... 14-3


3/152

Practices for Lesson 1: Introduction

Chapter 1 - Page 1

Practices for Lesson 1:Introduction

Chapter 1


4/152


Chapter 1 - Page 2


5/152


Chapter 1 - Page 3

Practices for Lesson 1

Practices Overview

There are no practices for this lesson.


6/152


Chapter 1 - Page 4


7/152

Practices for Lesson 2: Managing Swap Space, Core Files, and Crash Dumps

Chapter 2 - Page 1

Practices for Lesson 2:Managing Swap Space, CoreFiles, and Crash Dumps

Chapter 2


8/152


Chapter 2 - Page 2


9/152


Chapter 2 - Page 3

Practices for Lesson 2: Overview

Practices Overview

In these practices, you perform the following:

Add and remove a swap space

Configure crash dumps and core files


10/152


Chapter 2 - Page 4

Practice 2-1: Managing Swap Utility Configuration

Overview

In this practice, you add and remove a swap space.

Assumptions

To prepare for this practice: All students use disk slice 1 of the spare disk on their systems for this practice.

This practice assumes that students know how to use the formatutility to createSolaris fdiskpartitions and disk slices.

The device examples in these practices are from a SPARC-based system. Be certainto use device names that are correct for the system architecture that you are using.

On x86/x64 systems, use the fdiskmenu in the formatutility to create one Solarisfdiskpartition that uses the entire spare disk. Be certain that the Solaris fdiskpartition that you create on the spare disk is not markedas the active partition.

Note: The actual swap statistics will vary depending on the configuration of each system. You

should partition the spare disk, or the Solaris fdiskpartition on the spare disk, by using the

information in the following table:

Slice Size Use

0 2048 megabytes (MB) Swap /dump

1 2048 MB Swap /dump

3 16 MB Unassigned

4 16 MB Unassigned

5 10240 MB (or remainder

of disk)

File system

6 0 Unassigned

7 0 Unassigned

Tasks

This section describes the steps that you must perform, and lists the solutions to these steps.Perform the following steps:

1. Run the swap-scommand.

# swap -s

total: 49024k bytes allocated + 4704k reserved = 53728k used,875280k available

a. What is the total number of bytes actually allocated and currently in use?

49,024 kilobytes (KB), in this example

b. What is the number of bytes allocated and not currently in use, but reserved byprocesses for possible future use?

4,704 KB, in this example


11/152


Chapter 2 - Page 5

c. What is the total amount of swap space, both allocated and reserved?


d. What is the total swap space currently available for future reservation and allocation?


2. Run the swap-lcommand.

# swap -l

swapfile dev swaplo blocks free

/dev/dsk/c0t0d0s1 136,1 16 1049312 1049312

3. List the physical swap device configured on your system.

/dev/dsk/c0t0d0s1, in this example

a. How much total swap space is in the listed swap device?

1,049,312 blocks, in this example

b. How much space is available for the listed device?

1,049,312 blocks, in this example

4. Create the /usr/local/swap directory if it does not already exist.

# mkdir -p /usr/local/swap

5. Create a 20 MB swap file in the /usr/local/swap directory and add it to the systemswap space.

# mkfile 20m /usr/local/swap/swapfile

# swap -a /usr/local/swap/swapfile

6. Use the swap-lcommand to verify that the new swap space is available.

# swap -l


/dev/dsk/c0t0d0s1 136,1 16 1049312 1049312

/usr/local/swap/swapfile - 16 40944 40944

7. Use the swap-scommand to verify that the new swap space is available.

# swap -s

total: 49104k bytes allocated + 4624k reserved = 53728k used,895040k

availableHow does the output differ between the swap-lcommand and the swap-scommand?The swap-lcommand output is a listing of each space, whereas the swap-scommandoutput produces only a cumulative report.


12/152


Chapter 2 - Page 6

8. Remove the swap file created in step 4.

# swap -d /usr/local/swap/swapfile

# rm /usr/local/swap/swapfile

9. Use the swaputility to verify that the swap space is no longer available.

# swap -lswapfile dev swaplo blocks free

/dev/dsk/c0t0d0s1 136,1 16 1049312 1049312

# swap -s


10. Add partition 1 of your second disk to your existing swap space and use the correct devicename for your system.

# swap -a /dev/dsk/c0t1d0s1

11. Verify that the new swap space has been added.

# swap -l


/dev/dsk/c0t0d0s1 136,1 16 1049312 1049312

/dev/dsk/c0t1d0s1 136,9 16 1049312 1049312

# swap -s


12. Add the new swap partition to the /etc/vfstabfile to make the partition permanent. Toverify this change, you must reboot the system.

# vi /etc/vfstab

(add entry that matches your configuration)

/dev/dsk/c0t1d0s1 - - swap - no -

# init 6

13. After the reboot, verify that the additional swap space exists by using the swaputility.

# swap -l


/dev/dsk/c0t0d0s1 136,1 16 1049312 1049312

/dev/dsk/c0t1d0s1 136,9 16 1049312 1049312

Is the newly listed swap partition the same as the one that you added to the /etc/vfstabfile?

Yes


13/152


Chapter 2 - Page 7

14. Verify that the additional swap space exists by using the df-hcommand. Why is the newlycreated swap space that is listed in the /etc/vfstabfile not listed in the output of the df-hcommand?

# df -h

Filesystem size used avail capacity Mounted on

/dev/dsk/c0t0d0s0 470M 194M 229M 46% /

/devices 0K 0K 0K 0% /devicesctfs 0K 0K 0K 0% /system/contract

proc 0K 0K 0K 0% /proc

mnttab 0K 0K 0K 0% /etc/mnttab

swap 1.3G 968K 1.3G 1% /etc/svc/volatile

objfs 0K 0K 0K 0% /system/object

/dev/dsk/c0t0d0s6 4.8G 2.9G 1.9G 61% /usr

fd 0K 0K 0K 0% /dev/fd

/dev/dsk/c0t0d0s3 479M 57M 375M 14% /var

Swap 1.3G 0K 1.3G 0% /tmp

swap 1.3G 40K 1.3G 1% /var/run

/dev/dsk/c0t0d0s7 2.1G 2.1M 2.0G 1% /export

#

The df-houtput does not produce an entry for additional swap devices. However, theadded swap space is reflected in the total swap space.

15. Remove the additional swap space by using the swap-dcommand to return the system toits initial swap configuration.

# swap -d /dev/dsk/c0t1d0s1

16. Remove the additional swap space entry from the /etc/vfstabfile so that the systemmaintains its initial swap configuration after rebooting.

# vi /etc/vfstab

17. Verify that the additional swap space was unconfigured by using the swap-lcommand.

# swap -l


/dev/dsk/c0t0d0s1 136,1 16 1049312 1049312


14/152


Chapter 2 - Page 8

Practice 2-2: Collecting the Crash Dump and Core Dump

Overview

In this practice, you configure crash dumps and core files.

Preparation

To prepare for this practice:

This practice requires specific disk partitions on the spare disk. The required partitions mayalready exist as a result of previously-run practices.

This practice assumes that students know how to use the formatutility to createSolaris fdiskpartitions, and disk slices, if required.

The device examples in this practice are from an x86/x64-based system. Be certain touse device names that are correct for the system architecture that you are using.

On x86/x64 systems, verify that the spare disk contains one Solaris fdiskpartitionthat uses the entire disk. If not, use the fdiskmenu in the formatutility to create oneSolaris fdiskpartition that uses the entire spare disk. Be certain that the Solaris

fdiskpartition that you create on the spare disk is not marked as the active partition.Verify that the spare disk has the partitions defined in the following table. If it does not, partitionthe spare disk or the Solaris fdiskpartition on the spare disk by using the information in thefollowing table:

Slice Size Use



3 16 MB Unassigned

4 16 MB Unassigned

5 10240 MB (or remainderof disk)

File system

6 0 Unassigned

7 0 Unassigned

Task 1 Using the dumpadmCommand to Display the Core File Directory Location

Perform the following steps:

1. Use the dumpadmcommand with no arguments to view the current dump configuration.

# dumpadm

Dump content: kernel pagesDump device: /dev/dsk/c1d0s1 (swap)Savecore directory: /var/crash/sys01

Savecore enabled: yesSave compressed: on

#


15/152


Chapter 2 - Page 9

2. Record the configuration parameters that the dumpadmcommand displayed in the previousstep:

Dump content: kernel pages

Dump device: /dev/dsk/c1d0s1 (swap)

The savecoredirectory: /var/crash/sys01

Is savecoreenabled? Yes

3. Use the dumpadmcommand to change the dump device to the second disk drive slice 5.

# dumpadm -d /dev/dsk/c2d0s5


Dump device: /dev/dsk/c2d0s5 (dedicated)

Savecore directory: /var/crash/sys01

Savecore enabled: yes

Save compressed: on

#

4. Run the synccommand to flush all previously unwritten system buffers out to disk,ensuring that all file modifications up to that point will be saved.

# sync

5. Force the kernel to save a live snapshot of the running system and write out a new set ofcrash dump files by using the savecoreLfollowed by the savecore-vfcommands.

# savecore -L

dumping to /dev/dsk/c2d0s5, offset 65536, content: kernel0:01 100% done

100% done: 82143 pages dumped, dump succeededsavecore: System dump time: Tue Aug 31 08:12:26 2010

savecore: Saving compressed system crash dump in /var/crash/sys01/vmdump

savecore: Decompress the crash dump with

'savecore -vf /var/crash/sys01/vmdump.0'

# savecore -vf /var/crash/sys01/vmdump.0

savecore: System dump time: Tue Aug 31 08:12:26 2010savecore: saving system crash dump in/var/crash/sys01/{unix,vmcore}.2

Constructing namelist /var/crash/sys01/unix.0Constructing corefile /var/crash/sys01/vmcore.0

0:08 100% done: 82143 of 82143 pages saved1973 (2%) zero pages were not written

0:08 dump decompress is done

6. Make sure that the crash dump succeeded by using the filecommand to identify the filesin the savecoredirectory.


16/152


Chapter 2 - Page 10

The output shown should be similar to the following if you are using an x86/x64-basedsystem:

# cd /var/crash/sys01

# ls

bounds unix.0 vmcore.0 vmdump

# file vmcore.0

vmcore.0: SunOS 5.10 Generic_118855-33 64-bit Intel crash dumpfrom 'sys01'

#

The output shown should be similar to the following if you are using a SPARC-basedsystem:

vmcore.0:SunOS 5.10 Generic_137138-09 64-bit SPARC crash dumpfrom sys01

7. Use the dumpadmcommand to set the dump device to its original value.

# dumpadm -d /dev/dsk/c1d0s1


Dump device: /dev/dsk/c1d0s1 (swap)

Savecore directory: /var/crash/sys01

Savecore enabled: yes

Save compressed: on

#

Task 2 Using the coreadmCommand to Configure Core File Storage Locations


1. Use the coreadmcommand to display the default core file configuration.

# coreadm

global core file pattern:

global core file content: default

init core file pattern: core

init core file content: default

global core dumps: disabled

per-process core dumps: enabled

global setid core dumps: disabled

per-process setid core dumps: disabledglobal core dump logging: disabled

#


17/152


Chapter 2 - Page 11

2. Create a directory to hold core files, and enable a global core file path that uses thedirectory that you created.

# mkdir /var/core

# coreadm -e global -g /var/core/core.%f.%p

3. Turn on global core dump logging to generate a message when the system creates a global

core file.

# coreadm -e log

4. Display the core file configuration information to verify your changes.

# coreadm

global core file pattern: /var/core/core.%f.%p

global core file content: default

init core file pattern: core

init core file content: default

global core dumps: enabledper-process core dumps: enabled

global setid core dumps: disabled

per-process setid core dumps: disabled

global core dump logging: enabled

#

5. Open another terminal window. In the new terminal window, create a new directory named/var/tmp/dir, and change directory to it.

# mkdir /var/tmp/dir

# cd /var/tmp/dir

6. Verify that your current working directory is /var/tmp/dir.

# pwd

/var/tmp/dir

7. Run the pscommand to display the PID of the shell associated with the new terminalwindow, and send a SIGFPE signal (Signal 8) to the shell by using the killcommand.(SIGFPE causes a core file to be created.)

# ps

PID TTY TIME CMD

1204 pts/2 0:00 ksh

1208 pts/2 0:00 ps

# kill -8 1204

Note: The kill-8command terminates the shell and the terminal window in which it isexecuted.


18/152


Chapter 2 - Page 12

8. In the original terminal window, check to see whether a core file exists in the currentworking directory of the old shell. Use the filecommand to verify that the core file is fromthe old shell.

# cd /var/tmp/dir

# ls

core

# file corecore: ELF 32-bit LSB core file 80386 Version 1, from 'ksh'

A SPARC system displays a result similar to the following:

core: ELF 32-bit MSB core file SPARC Version 1, from ksh

9. Use the lscommand to check for a core file in the /var/coredirectory.

# ls /var/core

core.sh.1204

10. Observe the messages generated in the console window and the /var/adm/messagesfile due to coreadmlogging being enabled.

# tail /var/adm/messages

...

Apr 20 13:58:46 sys01 genunix: [ID 603404 kern.notice] NOTICE:core_log:

sh[1204] core dumped: /var/core/core.sh.1204


19/152

Practices for Lesson 3: Configuring NFS

Chapter 3 - Page 1

Practices for Lesson 3:Configuring NFS

Chapter 3


20/152


Chapter 3 - Page 2


Practices Overview

In this practice, you configure an NFS server and client to share and mount the/usr/share/manfile.


21/152


Chapter 3 - Page 3

Practice 3-1: Configuring NFS

Overview

In this practice, you configure an NFS server and client to share and mount the/usr/share/manfile.

PreparationSelect a partner for this lab. Determine which systems to configure as the NFS server and theNFS client. Verify that entries for both systems exist in the /etc/hostsfile on both systems.Refer to your lecture notes as necessary to perform the following steps:

Task 1 On the NFS Server


1. Edit the /etc/dfs/dfstabfile. Add an entry to share the directory that holds the manpages.

share -o ro /usr/share/man

2. Start the NFS server daemons.

# svcadm v enable r network/nfs/server

svc:/network/nfs/server:default enabled.

3. Verify that the NFS server service is online.

# svcs -a | grep nfs

disabled 09:04 svc:/network/nfs/cbd:default

online 09:04 svc:/network/nfs/client:default

online 09:04 svc:/network/nfs/status:default

online 09:04 svc:/network/nfs/nlockmgr:defaultonline 09:04 svc:/network/nfs/mapid:default

online 09:04 svc:/network/nfs/rquota:default

online 09:04 svc:/network/nfs/server:default

4. Verify that the /usr/share/mandirectory is shared and that no NFS mounts are present.

# share

- /usr/share/man ro ""

# dfshares

RESOURCE SERVER ACCESS TRANSPORT

server:/usr/share/man server - -

# dfmounts

There is no output for the dfmountscommand.


22/152


Chapter 3 - Page 4

Task 2 On the NFS Client


1. Rename the /usr/share/mandirectory so that you can no longer access the man pageson the client system. Verify that the man pages are not available.

# mv /usr/share/man /usr/share/man.orig

# man lsNo manual entry for ls.

#

What message does the mancommand report?

No manual entry for ls.

2. Create a new mandirectory (/usr/share/man) to use as a mount point.

# cd /usr/share

# mkdir man

3. Verify that the NFS client service is online.

# svcadm v enable r network/nfs/client

(output omitted)

# svcs -a | grep nfs

disabled 18:10:23 svc:/network/nfs/rquota:default

online 18:10:56 svc:/network/nfs/server:default

online 18:10:12 svc:/network/nfs/cbd:default

online 18:10:12 svc:/network/nfs/mapid:default

online 18:10:12 svc:/network/nfs/status:defaultonline 18:10:14 svc:/network/nfs/nlockmgr:default

online 18:10:32 svc:/network/nfs/client:default

4. Mount the /usr/share/mandirectory from the server.

# mount server:/usr/share/man /usr/share/man

5. Verify that the man pages are available.

# man ls

Are the man pages available?Yes

6. Use the mountcommand to display the mount options for the /usr/share/mandirectory.Record the read and write options that the mountcommand displays.

The ro | rwoption for the mount command is read/write (rw) bydefault.


23/152


Chapter 3 - Page 5

7. Write a file into the NFS-mounted file system.

# touch /usr/share/man/test

touch: cannot create /usr/share/man/test: Read-only file system

What is the result of trying to write to the NFS-mounted file system?

You cannot write to the file system.

What conclusion can be reached by this practice?

Even though the file system mount is read/write, by default, the actual ro |rwpermissionis read-only, as defined when the directory was shared on the NFS server.

8. Unmount the /usr/share/mandirectory.

# umount /usr/share/man



1. Unshare the /usr/share/mandirectory.# unshareall

2. Change the sharestatement in the /etc/dfs/dfstabfile for the /usr/share/mandirectory to read:

share -o ro=bogus /usr/share/man

3. Share the /usr/share/mandirectory.

# shareall


Perform the following step:

Attempt to mount the /usr/share/mandirectory again.

# mount server:/usr/share/man /usr/share/man

What happens?

The client reports the error message:

nfs mount: mount: /usr/share/man: Permission denied


Perform the following steps:1. Unshare the /usr/share/mandirectory.

# unshareall

2. Edit the /etc/dfs/dfstabfile to remove the entry for the /usr/share/mandirectory.


24/152


Chapter 3 - Page 6



1. Return the /usr/share/mandirectory to its original configuration.

# cd /usr/share

# rmdir man

# mv man.orig man

2. Verify that the man pages are now available.

# man ls


25/152

Practices for Lesson 4: Configuring AutoFS

Chapter 4 - Page 1

Practices for Lesson 4:Configuring AutoFS

Chapter 4


26/152


Chapter 4 - Page 2


Practices Overview

In this practice, you use the automountfacility to automatically mount manpages and to mounta users home directory.


27/152


Chapter 4 - Page 3

Practice 4-1: Configuring AutoFS

Overview

In this practice, you use the automountfacility to automatically mount manpages and to mounta users home directory.

AssumptionsSelect a partner for this lab, and determine which system will be configured as the NFS serverand which will serve as the NFS client. Verify that entries for both systems exist in the/etc/hostsfile of each system. Refer to the lecture notes as necessary to perform the stepslisted.

Task 1 On the Server System


1. Edit the /etc/dfs/dfstabfile, and add a line to share the man pages.

share -o ro /usr/share/man

2. Use the pgrepcommand to check whether the mountddaemon is running.

# pgrep -fl mountd

820 /usr/lib/autofs/automountd

819 /usr/lib/autofs/automountd

1021 /usr/lib/nfs/mountd

If the mountddaemon is not running, start it.

# svcadm enable svc:/network/nfs/server

If the mountddaemon is running, share the new directory.

# shareall

Task 2 On the Client System


1. Rename the /usr/share/mandirectory so that you cannot view the man pages installedon the client system.

# cd /usr/share/

# mv man man.orig

2. Make a backup copy of the /etc/auto_masterfile called /etc/_auto_master. Editthe /etc/auto_masterfile and add an entry for a direct map.

# cp /etc/auto_master /etc/_auto_master

# vi /etc/auto_master

/- auto_direct


28/152


Chapter 4 - Page 4

3. Use the vi editor to create a new file called /etc/auto_direct, and add an entry to thefile to share the man pages.

# vi /etc/auto_direct

/usr/share/man server:/usr/share/man

4. Run the automountcommand to update the list of directories managed by theautomountddaemon.

# automount -v

5. Test the configuration, and verify that a mount for the /usr/share/mandirectory existsafter accessing the man pages.

# man ls

# mount | grep man

/usr/share/man on sys44:/usr/share/man

remote/read/write/setuid/dev=42c0003 on Thu Jan 6 08:07:26 2005What did you observe to indicate that the automountoperation was successful?

This operation should automatically mount the directory in which the manuals are stored. Inother words, the mancommand should work.



1. Verify that the /export/homedirectory exists. If it does not exist, create it.

# ls /export/home

Note: Perform the next command if the /export/homedirectory does not exist.

# mkdir /export/home

2. Add a user account with the following characteristics:

User ID: 3001

Primary group: 10

Home directory: /export/home/usera

Login shell:/bin/ksh

User name: usera

# useradd -u 3001 -g 10 -m -d /export/home/usera -s /bin/kshusera

3. Configure the password mechanism for useraso that this user must assign a newpassword (123pass) at the next login. Do this by executing the passwduseracommand.


29/152


Chapter 4 - Page 5

Task 4 On the Client System


1. Verify that the /export/homedirectory exists. If it does not, create it.

# ls /export

# mkdir /export/home

2. Add a user account with the following characteristics:

User ID: 3001

Primary group: 10

Home directory: /export/home/usera

Login shell: /bin/ksh

User name: usera

# useradd -u 3001 -g 10 -m -d /export/home/usera -s /bin/kshusera

3. Configure the password mechanism for useraso that this user must assign a newpassword (123pass) at the next login. Do this by executing the passwduseracommand.

Task 5 On Both Systems


1. Edit the /etc/passwdfile, and change the home directory for userafrom the/export/home/useradirectory to /home/usera.

# vi /etc/passwd

2. Make a backup copy of the /etc/auto_homefile and call it /etc/_auto_home.

# cp /etc/auto_home /etc/_auto_home

3. Edit the /etc/auto_homefile and add the following line:

usera server:/export/home/usera



1. Edit the /etc/dfs/dfstabfile, and add a line to share the /export/homedirectory.

share /export/home

2. Use the pgrepcommand to check whether the mountddaemon is running.

# pgrep -fl mountd820 /usr/lib/autofs/automountd819 /usr/lib/autofs/automountd

1021 /usr/lib/nfs/mountd


30/152


31/152


Chapter 4 - Page 7

5. Rename the /usr/share/man.origdirectory to /usr/share/man.

# mv /usr/share/man.orig /usr/share/man



1. After the client reboots as described in step 3 of Task 8 On the Client System, remove

the entry for userafrom the /etc/auto_homemap.

2. Remove the entries from the /etc/dfs/dfstabfile.

3. Unshare the mounted directories.

# unshareall


32/152


Chapter 4 - Page 8


33/152

Practices for Lesson 5: Describing RAID

Chapter 5 - Page 1

Practices for Lesson 5:Describing RAID

Chapter 5


34/152


Chapter 5 - Page 2


35/152


Chapter 5 - Page 3

Practices for Lesson 5

Practices Overview

There are no practices for this lesson.


36/152


Chapter 5 - Page 4


37/152

Practices for Lesson 6: Configuring Solaris Volume Manager Software

Chapter 6 - Page 1

Practices for Lesson 6:Configuring Solaris VolumeManager Software

Chapter 6


38/152


Chapter 6 - Page 2


Practices Overview

In these practices, you perform the following:

Mirror the root (/) file system.

Update the default boot device.

Unmirror the root (/) file system.


39/152


Chapter 6 - Page 3

Practice 6-1: Mirroring the root(/)File System on SPARC-BasedSystems

Overview

In this practice, you perform the following:

Mirror the root(/)file system.

Update the default boot device.

Unmirror the root(/)file system.

Assumptions

Due to the differences in Suns SPARC and x86 architectures, this practice can be performedonly on SPARC-based systems. If you are using an x86-based system, perform the tasks inPractice 6-2: Mirroring the root(/)File System on x86/x64-Based Systems.

This practice mirrors the root(/)file system of your systems boot disk. This practice requiresa second disk that is not in use. Steps in this practice direct you to partition the second disk sothat it has two partitions equal to or greater than the size of the root(/)partition on the boot

disk, and at least two partitions to be used for state database replicas.This practice is performed on an individual system, so there is no need to work with a partner.Steps in these procedures are executed using the command line. Students would requireconsole access to be able to run some tasks in this practice.

This practice also requires an understanding of how to use the formatutility to partition disks.

Task

1. Use the df-hcommand to list the file systems in use, and the formatutility to display thepartition table for your systems boot disk. Record the following information:

The disk slice used for the root(/)file system, and its size in megabytes. This willbecome the primary submirror:

As predefined for your lab system (Slice 0 and 10.00 GB, in this example.)

Does the slice used for the root(/)file system start on cylinder 0 of the boot disk?

As predefined for your lab system. (No, in this example, it starts on cylinder 52319.)This information is required to determine which slice on the second disk to use as thesecondary submirror, for the purpose of this practice.

Disk slice for state database replica 1:

As predefined for your lab system (slice 4, 15.94 MB, in this example)

Disk slice for state database replica 2:

As predefined for your lab system (slice 5, 15.94 MB, in this example)

# df -h

Filesystem size used avail capacity Mounted on/dev/dsk/c0t0d0s0 9.8G 4.5G 5.2G 47% /

/devices 0K 0K 0K 0% /devices

ctfs 0K 0K 0K 0% /system/contract



swap 2.5G 1.6M 2.5G 1% /etc/svc/volatile


40/152


Chapter 6 - Page 4


sharefs 0K 0K 0K 0% /etc/dfs/sharetab

/platform/sun4u-us3/lib/libc_psr/libc_psr_hwcap1.so.1

9.8G 4.5G 5.2G 47% /platform/sun4uus3/lib/libc_psr.so.1

/platform/sun4u-us3/lib/sparcv9/libc_psr/libc_psr_hwcap1.so.1

9.8G 4.5G 5.2G 47%

/platform/sun4uus3/lib/sparcv9/libc_psr.so.1fd 0K 0K 0K 0% /dev/fd

swap 2.5G 80K 2.5G 1% /tmp


/dev/dsk/c0t0d0s3 3.9G 4.0M 3.9G 1% /myzone

/dev/dsk/c0t0d0s7 9.8G 10M 9.7G 1% /export/home

# format

Searching for disks...done

AVAILABLE DISK SELECTIONS:

0. c0t0d0

/pci@1e,600000/ide@d/dad@0,0

1. c0t1d0

/pci@1e,600000/ide@d/dad@1,0

Specify disk (enter its number): 0

selecting c0t0d0

[disk formatted, no defect list found]

(output omitted)

format> partition

(output omitted)

partition> print

Current partition table (original):Total disk cylinders available: 57459 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks

0 root wm 52319 - 57458 10.00GB (5140/0/0) 20971200

1 swap wu 0 - 1027 2.00GB (1028/0/0) 4194240

2 backup wm 0 - 57458 111.79GB (57459/0/0) 234432720

3 unassigned wm 45123 - 47178 4.00GB (2056/0/0) 8388480

4 unassigned wm 45115 - 45122 15.94MB (8/0/0) 32640

5 unassigned wm 45107 - 45114 15.94MB (8/0/0) 32640

6 unassigned wm 0 0 (0/0/0) 0

7 home wm 47179 - 52318 10.00GB (5140/0/0) 20971200

partition> q(output omitted)

format> q

#


41/152


Chapter 6 - Page 5

2. Use the formatutility to partition your spare disk so that it includes the partitions listed:

Set the size of slice 0 to be equal to or greater than the disk slice used for the root(/)file system. This slice is a candidate to become the secondary submirror.

Set the size of slice 1 to be equal to or greater than the disk slice used for the root(/)file system. This slice is a candidate to become the secondary submirror.

Set the size of slice 6 to be at least 16 MB. This slice will be used for state database

replica 3.

Set the size of slice 7 to be at least 16 MB. This slice will be used for state databasereplica 4.

# format


AVAILABLE DISK SELECTIONS:

0. c0t0d0

/pci@1e,600000/ide@d/dad@0,0

1. c0t1d0

/pci@1e,600000/ide@d/dad@1,0Specify disk (enter its number): 1

selecting c0t1d0

[disk formatted, no defect list found]

(output omitted)

format> partition

(output omitted)

partition> print

Current partition table (original):

Total disk cylinders available: 38307 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks0 root wm 0 - 5654 11.00GB (5655/0/0) 23072400

1 swap wu 5655 - 11309 11.00GB (5655/0/0) 23072400

2 backup wu 0 - 38306 74.53GB (38307/0/0) 156292560




6 unassigned wm 11310 11318 17.93MB (9/0/0) 36720

7 unassigned wm 11319 - 11327 17.93MB (9/0/0) 36720

partition> q

(output omitted)

format> q

3. Determine the names of the Solaris Volume Manager objects to use for this practice:

Volume to map to the root(/)file system primary submirror:

As defined for your lab system (The examples use d11.)


42/152


Chapter 6 - Page 6

Volume to map to the root(/)file system secondary submirror:


Volume to map to the root(/)file system mirror:


4. Create a sufficient number of state database replicas to support the majority consensusalgorithm used in the Solaris Volume Manager software.

Example:

# /usr/sbin/metadb -a -f c0t0d0s4

# /usr/sbin/metadb -a c0t0d0s5



#

What is the minimum number of state database replicas necessary to support the majorityconsensus algorithm?

As a best practice, you should use three state database replicas as the minimum to supportthe majority consensus algorithm.

5. Create a RAID-0 volume to use as the root(/)file systems primary submirror.

# /usr/sbin/metainit -f d11 1 1 c0t0d0s0

d11: Concat/Stripe is setup

#

(The variable points to the root(/)slice.)

6. Create a RAID 0 volume on the secondary drive to use as the root(/)file systems

secondary submirror.You should refer to step 2 to determine which of the following conditions is true.

a. If the root slice on your boot disk starts on cylinder 0, use slice 0 on the second disk asthe secondary submirror.

# /usr/sbin/metainit d12 1 1 c0t1d0s0


#

b. If the root slice on your boot disk does not start on cylinder 0, use slice 1 on the seconddisk as the secondary submirror.

# /usr/sbin/metainit d12 1 1 c0t1d0s1

d12: Concat/Stripe is setup#


43/152


Chapter 6 - Page 7

7. Create a RAID-1 volume as a one-way mirror by using the root(/)file system primarysubmirror as the source of the mirrors data.

# /usr/sbin/metainit d10 -m d11

d10: Mirror is setup

#

8. Update the /etc/vfstabfile to use the RAID-1 volume as the mount point for the root(/)file system and observe the changes to the /etc/vfstaband the /etc/systemfiles.

# cat /etc/vfstab

(output omitted)

fd - /dev/fd fd - no -

/proc - /proc proc - no -


/dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no -

(output omitted)

# cat /etc/system

(output omitted - the file contains only comments)

# /usr/sbin/metaroot d10

# cat /etc/vfstab

(output omitted)




/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -

(output omitted)

# cat /etc/system

(output omitted)

* Begin MDD root info (do not edit)

rootdev:/pseudo/md@0:0,10,blk

* End MDD root info (do not edit)

#

9. Reboot the system, and then log in as root.

# init 6

10. Attach the RAID-0 volume used as the root(/)file systems secondary submirror to theRAID-1 volume and allow the mirror synchronization to complete before continuing.

# /usr/sbin/metattach d10 d12

d10: submirror d12 is attached

#


44/152


Chapter 6 - Page 8

What is the primary reason for using the command line to attach a secondary submirror to amirror?

The primary reason for using the command line to attach a secondary submirror to a mirroris to force a resynchronization of data between the primary and secondary submirrors.

Note: To view the status of the resynchronization process, use the

/usr/sbin/metastat | grepResynccommand.

11. Determine the physical device path to the alternate root(/)device that you selected instep 6 (as reported by the Oracle Solaris 10 OS).

This varies by system. Use the ls-lcommand.

# ls -l /dev/dsk/c0t1d0s1

lrwxrwxrwx 1 root root 43 Oct 6 20:42 /dev/dsk/c0t1d0s1 -

> ../../devices/pci@1e,600000/ide@d/dad@1,0:b

12. Use the init0command to shut the system down to the OpenBoot PROM level, and thenuse the show-diskscommand to determine the path to the alternate root(/)device (as

reported by the OpenBoot PROM).This varies by system. For example:

# init 0

(output omitted)

Ok devalias disk

Record the path name reported. This differs from system to system

ok show-disks

a) /ramdisk-root

b) /pci@1e,600000/ide@d/cdrom

c) /pci@1e,600000/ide@d/disk

q) NO SELECTION

Enter Selection, q to quit: c

/pci@1e,600000/ide@d/disk has been selected.

Type ^Y (Control-Y) to insert it in the command line.

e.g. ok nvalias mydev ^Y

for creating devalias mydev for /pci@1e,600000/ide@d/disk

ok

13. Define a backup root(/)device alias.

This varies by system. Set the backup_rootalias to the path and disk name recorded inStep 12.

Note:Remember to use the Ctrl + Y key sequence to paste the disk path into your

nvaliascommand. You must manually complete the path to specify the disk that youwant to use.

Use the nvaliascommand. For example:

ok nvalias backup_root /pci@1e,600000/ide@d/disk@1,0:b


45/152


Chapter 6 - Page 9

14. Add the backup_rootdevice alias to the boot-devicevariable. You should retain thealias for the primary boot disk.

This varies by system. Use a combination of the printenvand setenvcommands.

ok printenv boot-device

boot-device = disk net

ok setenv boot-device disk backup_root

boot-device = disk backup_root

15. Test the ability to boot the secondary root(/)submirror and log in as rootwhen theboot process completes.

ok boot backup_root

16. Verify the status of the root(/)submirrors.

# /usr/sbin/metastat d10

d10: Mirror

Submirror 0: d11State: Okay

Submirror 1: d12

State: Okay

Pass: 1

Read option: roundrobin (default)

Write option: parallel (default)

Size: 20971200 blocks (10.0 GB)

d11: Submirror of d10

State: OkaySize: 20971200 blocks (10.0 GB)

Stripe 0:

Device Start Block Dbase State Reloc Hot Spare

c0t0d0s0 0 No Okay Yes


State: Okay

Size: 23072400 blocks (11 GB)

Stripe 0:

Device Start Block Dbase State Reloc Hot Sparec0t1d0s1 0 No Okay Yes

Device Relocation Information:

Device Reloc Device ID

c0t0d0 Yes id1,dad@AST3120026A=4JT0VAZE

c0t1d0 Yes id1,dad@AHDS728080PLAT20=______PFD242SDTWAVDB

#


46/152


Chapter 6 - Page 10

17. Detach one submirror to make the root(/)mirror a one-way mirror.

# /usr/sbin/metadetach d10 d12

d10: submirror d12 is detached

18. Update the /etc/vfstabfile to redefine the root(/)mount point by using the originaldisk slice, and the /etc/systemfile to remove the forceloadstatements.

# /usr/sbin/metaroot /dev/dsk/c0t0d0s0

19. Shut down the system to the OBP level.

# init 0

20. If you changed your boot-devicevariable to an alternate boot path, complete thefollowing steps:

a. Reset it to its default setting.

b. Boot the system to the multi-user milestone.

ok set-default boot-deviceok boot

21. Clear the mirror and submirrors.

#/usr/sbin/metaclear -r d10

d10: Mirror is cleared

d11: Concat/Stripe is cleared

#/usr/sbin/metaclear d12


#

22. Remove all state database replicas.

# /usr/sbin/metadb -d c0t0d0s4



# /usr/sbin/metadb -d -f c0t1d0s7


47/152


Chapter 6 - Page 11

Practice 6-2: Mirroring the root(/)File System on x86/x64-BasedSystems

Overview

In this practice, you perform the following:

Mirror the root(/)file system.

Make the mirrored disk bootable.

Unmirror the root(/)file system.

Assumptions

This practice runs only on x86-based systems. If you are using a SPARC-based system,perform the tasks in Practice 6-1: Mirroring the root(/)File System on SPARC-BasedSystems.

This practice assumes that students know how to use the formatutility to create fdiskpartitions and disk slices if required. The spare disk must have these structures defined:

One Solaris fdiskpartition that uses the entire spare disk

One slice that is equal to or larger than the root(/)slice of the system disk

Two small slices to hold state database replicas

The following table defines sizes for using slice 0 or 1 for the root mirror, and slices 3 and 4 tohold state database replicas.

Slice Size Use

0 10240 MB Possible root mirror

1 10240 MB Possible root mirror

3 16 MB State database replica

4 16 MB State database replica

5 10240 MB (or remainder

of disk)

Unassigned

6 0 MB Unassigned

7 0 MB Unassigned

This practice is performed on each individual system, so there is no need to work with a partnerfor this practice.


48/152


Chapter 6 - Page 12

Tasks

1. Use the dfcommand to list the file systems in use. From the dfcommand output, verifythat only the boot disk has file systems in use.

In this example, only c0d1is in use:

# df -h

Filesystem size used avail capacity Mounted on/dev/dsk/c0d1s0 9.9G 4.3G 5.5G 44% /

/devices 0K 0K 0K 0% /devices

ctfs 0K 0K 0K 0% /system/contract



swap 4.2G 968K 4.2G 1% /etc/svc/volatile


sharefs 0K 0K 0K 0% /etc/dfs/sharetab

/usr/lib/libc/libc_hwcap1.so.1

9.9G 4.3G 5.5G 44% /lib/libc.so.1fd 0K 0K 0K 0% /dev/fd

swap 4.2G 80K 4.2G 1% /tmp


/dev/dsk/c0d1s3 3.9G 4.0M 3.9G 1% /myzone

/dev/dsk/c0d1s7 3.9G 4.0M 3.9G 1% /export/home

2. Use the formatutility to gather the following information:

Record the name of the spare disk that you will use to mirror the rootfile system.

According to theformat

command output, two disks exist in the system,c0d1

andc1d0

in this example. The df-hcommand output indicates that the system currently has no filesystems mounted from c1d0, so c1d0is the spare disk.

What is the size in megabytes of the slice used for the root(/)file system? This willbecome the primary submirror:

As predefined for your lab system (slice 0 and 10.00 GB, in this example)

Which two slices on the boot disk use less than 16 MB of space?

Slices 4 and 5. These are the slices reserved for state database replicas on the boot disk.

# format


AVAILABLE DISK SELECTIONS:0. c0d1

/pci@0,0/pci-ide@1f,1/ide@0/cmdk@1,0

1. c1d0


Specify disk (enter its number): 0

selecting c1d0


49/152


Chapter 6 - Page 13

(output omitted)

format> part

(output omitted)

partition> print

Current partition table (original):

Total disk cylinders available: 9726 + 2 (reserved cylinders)


0 root wm 8420 - 9725 10.00GB (1306/0/0) 20980890

1 swap wu 3 263 2.00GB (261/0/0) 4192965

2 backup wm 0 - 9725 74.50GB (9726/0/0) 156248190

3 unassigned wm 6591 - 7113 4.01GB (523/0/0) 8401995

4 unassigned wm 6589 - 6590 15.69MB (2/0/0) 32130

5 unassigned wm 6587 - 6588 15.69MB (2/0/0) 32130


7 home wm 7114 - 8419 10.00GB (1306/0/0) 20980890

8 boot wu 0 - 0 7.84MB (1/0/0) 16065

9 alternates wu 1 - 2 15.69MB (2/0/0) 32130

partition> q

(output omitted)

format>

3. If necessary, use the formatutility to establish the required Oracle Solaris fdiskpartitionand slices on disk. Perform the following steps:

a. In the formatutility, select the spare disk and enter the fdiskmenu.

format> disk

AVAILABLE DISK SELECTIONS:0. c0d1


1. c1d0


Specify disk (enter its number)[0]: 1

selecting c1d0

Controller working list found

[disk formatted, defect list found]

format> fdisk


50/152


Chapter 6 - Page 14

b. If the following message displays, accept the default fdiskpartition, and then enter thefdiskmenu.

No fdisk table exists. The default partition for the disk is:

a 100% "SOLARIS System" partition

Type "y" to accept the default partition, otherwise type "n" toedit the

partition table.y

format> fdisk

c. If an Oracle Solaris fdiskpartition exists, the fdiskmenu lists the partition. Verify thatthe Oracle Solaris fdiskpartition is configured as described in the following steps, anduse the fdiskmenu to make any corrections required. Save any changes that youmake.

Verify that the Oracle Solaris fdiskpartition uses 100% of the disk.

Verify that the Oracle Solaris fdiskpartition is not marked as the active partition in theStatuscolumn.

The fdiskmenu lists a correctly configured Oracle Solaris fdiskpartition as described inthis example:

Cylinder size is 16065 (512 byte) blocks

Cylinders

Partition Status Type Start End Length %

========= ====== ============ ===== === ====== ===

1 Solaris 1 9728 9728 100

SELECT ONE OF THE FOLLOWING:

1. Create a partition

2. Specify the active partition

3. Delete a partition

4. Change between Solaris and Solaris2 Partition IDs

5. Exit (update disk configuration and exit)

6. Cancel (exit without updating disk configuration)

Enter Selection:

d. If disk slices on the spare disk are not correctly defined, use the partitionmenu inthe formatutility to create slices within the Oracle Solaris fdiskpartition. Use theinformation from the table in the Assumptions section to determine the correct slicesizes. When complete, the correct list of slices looks like this example from an Ultra 20:


0 unassigned wm 3 - 1308 10.00GB (1306/0/0) 20980890

1 unassigned wm 1309 - 2614 10.00GB (1306/0/0) 20980890

2 backup wu 0 - 9725 74.50GB (9726/0/0) 156248190

3 unassigned wm 2615 - 2617 23.53MB (3/0/0) 48195

4 unassigned wm 2618 - 2620 23.53MB (3/0/0) 48195

5 unassigned wu 2621 - 3926 10.00GB (1306/0/0) 20980890

6 unassigned wu 0 0 (0/0/0) 0


51/152


Chapter 6 - Page 15

7 unassigned wu 0 0 (0/0/0) 0

8 boot wu 0 - 0 7.84MB (1/0/0) 16065

9 alternates wm 1 - 2 15.69MB (2/0/0) 32130

e. If you have defined new slices on the spare disk, write the partition table to disk, and quitthe formatutility.

4. Use the installgrubcommand to install the stage1 and stage2 programs onto theOracle Solaris fdiskpartition on the spare disk.

# installgrub /boot/grub/stage1 /boot/grub/stage2/dev/rdsk/c1d0s0

Solaris boot partition inactive.

stage1 written to partition 0 sector 0 (abs 16065)

stage2 written to partition 0, 272 sectors starting at 50 (abs16115)

#

5. Determine the names of the Solaris Volume Manager objects to use for this practice:

Volume to map to the root(/)file system primary submirror:


Volume to map to the root(/)file system secondary submirror:


Volume to map to the root(/)file system mirror:


6. Create a sufficient number of state database replicas to support the majority consensus

algorithm used in the Solaris Volume Manager software.For example:

# /usr/sbin/metadb -a -f c0d1s4

# /usr/sbin/metadb -a c0d1s5



What is the minimum number of state database replicas necessary to support the majorityconsensus algorithm?

As a best practice, you should use three state database replicas as the minimum to supportthe majority consensus algorithm.

7. Create a RAID-0 volume to use as the root(/)file systems primary submirror.

# /usr/sbin/metainit -f d11 1 1 c0d1s0


(The variable points to the root(/)slice.)


52/152


Chapter 6 - Page 16

8. Create a RAID-0 volume to use as the root(/)file systems secondary submirror.

# /usr/sbin/metainit d12 1 1 c1d0s0


9. Create a RAID-1 volume as a one-way mirror using the root(/)file system primarysubmirror as the source of the mirrors data.

# /usr/sbin/metainit d10 -m d11

d10: Mirror is setup

10. Use the metarootcommand to update the /etc/vfstabfile to use the RAID-1 volumeas the mount point for the root(/)file system. Observe the changes to the/etc/vfstaband the /etc/systemfiles.

# cat /etc/vfstab

#device device mount FS fsck mount mount

#to mount to fsck point type pass at boot options

#

fd - /dev/fd fd - no -/proc - /proc proc - no -

/dev/dsk/c0d1s1 - - swap - no -

/dev/dsk/c0d1s0 /dev/rdsk/c0d1s0 / ufs 1 no -

(output omitted)

# cat /etc/vfstab

#device device mount FS fsck mount mount

#to mount to fsck point type pass at boot options

#



/dev/dsk/c0d1s1 - - swap - no -

/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -(output omitted)

# cat /etc/system

(output omitted)

* Begin MDD root info (do not edit)

rootdev:/pseudo/md@0:0,10,blk

* End MDD root info (do not edit)

#

11. Reboot the system, and then log in as root.

# init 6

12. Attach the RAID-0 volume used as the root(/)file systems secondary submirror to theRAID-1 volume, and allow the mirror synchronization to complete before continuing.

# /usr/sbin/metattach d10 d12

d10: submirror d12 is attached

#


53/152


Chapter 6 - Page 17

What is the primary reason for using the command line to attach a secondary submirror to amirror?

The primary reason for using the command line to attach a secondary submirror to a mirroris to force a resynchronization of data between the primary and secondary submirrors.

Note: To view the status of the resynchronization process, use the

/usr/sbin/metastat | grepResynccommand.

13. Use the metastatcommand to display the status of the root(/)submirrors. Verify thatthe state of each submirror is listed as Okay.

# /usr/sbin/metastat

d10: Mirror

Submirror 0: d11

State: Okay

Submirror 1: d12

State: Okay

Pass: 1

Read option: roundrobin (default)Write option: parallel (default)



State: Okay


Stripe 0:


c0d1s0 0 No Okay Yes


State: OkaySize: 20980890 blocks (10 GB)

Stripe 0:


c1d0s0 0 No Okay Yes

Device Relocation Information:

Device Reloc Device ID

c1d0 Yes id1,cmdk@AST380215AS=____________5QZ41H1T

c0d1 Yes id1,cmdk@AHDS722580VLAT20=______VN62GECHC0DX1C

#

14. Detach the secondary submirror to make the root(/)mirror a one-way mirror.

# /usr/sbin/metadetach d10 d12


54/152


Chapter 6 - Page 18

15. Use the metarootcommand to redefine the root(/)device in the /etc/vfstabfile sothat it uses the original disk slice, and to remove the forceloadstatements from the/etc/systemfile.

# /usr/sbin/metaroot /dev/dsk/c0d1s0

16. Reboot the system.

# init 6

17. Use themetaclearcommand to remove the mirror and submirrors, and use metastatto verify that they no longer exist.

# /usr/sbin/metaclear -r d10

d10: Mirror is cleared


# /usr/sbin/metaclear d12


# metastat#

18. Remove all state database replicas.

# /usr/sbin/metadb -d c0d1s4



# /usr/sbin/metadb -d -f c1d0s4


55/152

Practices for Lesson 7: Configuring Role-Based Access Control (RBAC)

Chapter 7 - Page 1

Practices for Lesson 7:Configuring Role-BasedAccess Control (RBAC)

Chapter 7


56/152


Chapter 7 - Page 2


Practices Overview

In these practices, youconfigure Role-Based Access Control (RBAC) by using the command

line in the first task and by using the Solaris Management Console in the second task.


57/152


Chapter 7 - Page 3

Practice 7-1: Configuring RBAC

Overview

In this practice, you first configure RBAC by using the command line, and then you configureRBAC by using the Solaris Management Console.

AssumptionsSome steps in this practice direct you to execute commands that do not work in order todemonstrate how RBAC must be used by logged in users.

Verify that the /export/homedirectory exists, and is writable by all users.

If this directory does not exist, create it, and change its permission mode to 777.

Review how to use the auths, profiles, and rolesRBAC commands to determine userprivileges.

Tasks

1. Create a role named sdown. Give it a user ID of 5000 and a group ID of 10.

# roleadd -u 5000 -g 10 -m -d /export/home/sdown sdown

# passwd sdown

(output omitted)

2. Create the profile named Shutby adding a line to the prof_attrfile.

# vi /etc/security/prof_attr

(output omitted)

Shut:::Able to shutdown the system:

3. Add the Shutprofile to the sdownrole.

# rolemod -P Shut sdown

4. Verify that the sdownrole is included in the /etc/user_attrfile.

# more /etc/user_attr

(output omitted)

sdown::::type=role;profiles=Shut

5. Create a user named user9and assign it access to the sdownrole. Give this user a userID of 4009 and a group ID of 10.

# useradd -u 4009 -g 10 -m -d /export/home/user9 -s /bin/ksh \-Rsdown user9

# passwd user9

(output omitted)


58/152


Chapter 7 - Page 4

6. Check the roles attributes for user9.

# grep user9 /etc/user_attr

user9::::type=normal;roles=sdown

7. Assign the shutdowncommand to the Shutprofile.

# vi /etc/security/exec_attrShut:suser:cmd:::/usr/sbin/shutdown:uid=0

8. Use the sucommand to change user identity to user9.

# su - user9

9. As user9, without assuming the new role, attempt to shut down the system.

$ /usr/sbin/shutdown -i 6 -g 0

/usr/sbin/shutdown: Only root can run /usr/sbin/shutdown

What is the result of this shutdown attempt, and why?This shutdown attempt fails because user9has not assumed the sdownrole yet, and as aregular user, does not have the rights profile to execute the shutdowncommand.

10. Execute the profilescommand to determine which RBAC profiles are associated withuser9.

$ profiles

Basic Solaris User

All

11. Execute the rolescommand to determine which RBAC roles are associated with user9.

$ roles

sdown

12. Assume the sdownrole.

$ su sdown

Password:

$


59/152


Chapter 7 - Page 5

13. Shut down the system by using the initcommand.

$ /usr/sbin/init 0

Insufficient privileges.

x86/x64 systems display this message:

bootadm: you must be root to run this program

Depending on the shell in use, the message may also be Must besuperuser.What is the result of this shutdown attempt, and why?

This shutdown attempt fails because, even after assuming the sdownrole, user9does nothave the execution attribute to execute the initcommand.

14. List the commands that the sdownprofile can execute.

$ profiles -l

Shut:

/usr/sbin/shutdown uid=0

All:

*

15. Shut down the system using the shutdowncommand.

$ /usr/sbin/shutdown -i 6 -g 0

Shutdown started. Sun Apr 29 17:30:10 MDT 2007

Do you want to continue? (y or n): n

What is the result of this shutdown attempt, and why?

This command succeeds because the sdownrole has execute permission when issuing theshutdowncommand.

16. Exit the sdownrole.

$ exit

$

17. Exit the shell for user9.

$ exit


60/152


Chapter 7 - Page 6


61/152

Practices for Lesson 8: Configuring System Messaging

Chapter 8 - Page 1

Practices for Lesson 8:Configuring SystemMessaging

Chapter 8


62/152


Chapter 8 - Page 2


Practices Overview

In this practice, you use the syslogfunction to log messages locally and remotely.


63/152


Chapter 8 - Page 3

Practice 8-1: Using the syslogFunction and Auditing Utilities

Overview

In this practice, you use the syslogfunction to log messages locally and remotely.

Assumptions

This practice requires installed manual (man) pages and two systems that list each other in the/etc/hostsfile. Verify that the CONSOLEvariable is commented out in the/etc/default/loginfile on both systems. Except as noted otherwise, perform all steps onboth systems. Refer to the lecture notes as necessary to perform the steps listed.

Note:The inetdprocess is now an smf(5)managed service and can no longer be run fromthe command line. To enable or disable inetd, refer to svcadm(1M)on how to enablesvc:/network/inetd:default, the inetdinstance.

Task 1 Enabling and Logging inetdTrace Messages


1. Change the directory to /etc, and create a backup copy of the /etc/syslog.conffile.

# cd /etc

# cp syslog.conf syslog.conf.bak

2. Display the man page for the inetdprocess, and verify the facilityand levelused bythe inetdprocess when you run the process with the -tcptraceoption.

# man inetd

Which facilityand levelpair is the inetddaemon using?

daemon.notice

3. Examine the /etc/syslog.conffile, and determine whether the syslogddaemonwould recognize inetdtracing messages.

# grep daemon.notice /etc/syslog.conf

*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages

Are inetdtracing messages recognized by the syslogddaemon (yes or no)?

Yes

To what destination will the syslogddaemon send the messages?

The/var/adm/messagesfile

4. Open a new terminal window, and use the tailcommand to view new entries as they arerecorded in the /var/adm/messagesfile.

# tail -f /var/adm/messages


64/152


Chapter 8 - Page 4

5. In an available window, use the telnetcommand to connect to your own system. Exit thetelnetsession after you successfully log in.

# telnet host

Trying nnn.nnn.nnn.nnn...

Connected to host.

Escape character is '^]'.

login: root

Password:

(output omitted)

# exit

6. Observe the window in which you are running the tailcommand. Do any new telnet-related messages appear in the /var/adm/messagesfile (yes or no)?

Before starting the inetdservice with telnettracing, no

7. Modify the inetdservice, and change the default value of the tcp_traceoption to TRUE:# inetadm -M tcp_trace=TRUE

8. Verify that the inetddaemon is running with the tracing option enabled.

# inetadm -p

NAME=VALUE

bind_addr=""

bind_fail_max=-1

bind_fail_interval=-1

max_con_rate=-1

max_copies=-1

con_rate_offline=-1

failrate_cnt=40

failrate_interval=60

inherit_env=TRUE

tcp_trace=TRUE

tcp_wrappers=FALSE

connection_backlog=10

9. Repeat step 5 and step 6. Do any new telnet-related messages appear in the/var/adm/messagesfile? If yes, list them.

A message similar to the following message appears:

Nov 6 14:19:21 sys-02 inetd[224]: [ID 317013 daemon.notice]telnet[1181] from 192.168.201.21 32795


65/152


Chapter 8 - Page 5

Task 2 Using the loggerCommand to Demonstrate How Levels Operate


1. Edit the /etc/syslog.conffile so that it includes the following line:

local0.notice /var/log/local0.log

2. Create a file called /var/log/local0.log.# touch /var/log/local0.log

3. Cause the syslogddaemon to read the /etc/syslog.conffile by sending it arefreshcommand.

# svcadm refresh svc:/system/system-log:default

4. In the window in which the tailcommand is running, stop the tailprocess. Restart thetailcommand so that it displays the end of the /var/log/local0.logfile.

# tail -f /var/log/local0.log

5. In an available window, use the loggerutility to send a message using the local0facilityand the noticelevel.

# logger -p local0.notice Notice-level message

What new messages, if any, does the tailcommand display?

A message similar to the following appears:

Nov 04 15:21:49 host root: [ID 702911 local0.notice] Notice-level message

6. In an available window, use the loggercommand to send a message by using thelocal0 facilityand the critlevel.

# logger -p local0.crit Crit-level message

What new messages, if any, does the tailcommand display?

Nov 04 15:24:43 host1 root: [ID 702911 local0.crit] Crit-levelmessage

A message similar to the preceding message displays because critis a higher levelthan notice, and the syslogddaemon is configured to recognize the noticelevel andhigher for the local0 facility.

7. Run the loggercommand from step 5 three times. Examine the output from the tailcommand in the other window. How many new messages appear in the/var/log/local0.logfile?

One. The syslogddaemon will not report multiple instances of the same message until adifferent message is logged, or the syslogdmarkinterval is reached.


66/152


Chapter 8 - Page 6

8. Run the loggercommand with the critlevel message instead of the noticelevelmessage.

Which new messages appear in the /var/log/local0.logfile?

A message indicating that the previous message was repeated a number of times, and thenew message, for example:

Oct 8 18:33:33 host last message repeated 2 times

Oct 8 18:34:19 host root: [ID 702911 local0.crit] Crit-levelMessage

9. Stop the tailcommand in the window where it is running.

Task 3 Logging Messages to Another System


Note: These steps do not require you to change host names. In the following steps, substitute

the appropriate host name for system1and system2.

1. On system1, edit the /etc/syslog.conffile, and change the line for local0.notice

so that it reads as follows:local0.notice@system2

2. On system1, cause the syslogddaemon to reread the /etc/syslog.conffile usingsvcadm.

# svcadm refresh system/system-log

3. On system2, create a file called /var/log/local0.logif it does not already exist.

# touch /var/log/local0.log

Note: If you did not already edit the /etc/syslog.conffile on the system designatedsystem2from the previous task, do so now. The /etc/syslog.conffile on system2must direct the local0.noticemessages to /var/log/local0.log. You must alsorefresh the system/system-logservice on system2.

4. On system2, open a new terminal window and use the tailcommand to view newentries as they arrive in the /var/log/local0.logfile.

# tail -f /var/log/local0.log

5. On system1, use the loggercommand to generate a message by using the

local0.noticefacilityand levelpair.# logger -p local0.notice Message from system1

6. On system2, which message is displayed in the window running the tailcommand?

Nov 06 13:07:49 system1 root: [ID 702911 local0.notice] Messagefrom system1


67/152


Chapter 8 - Page 7

7. After verifying that system1has successfully passed messages to system2, stop thetail command on system2.

Task 4 Logging Messages by Using the loghostAlias and ifdefStatementsPerform the following steps:

1. On both systems, edit the /etc/syslog.conffile, and uncomment the line that identifies

the auth.noticemessages.auth.notice ifdef(LOGHOST, /var/log/authlog, @loghost)

Which two destinations are possible for these messages?

/var/log/authlog This local hosts log file

@loghost The syslog facility on the loghost

2. On both systems, examine the /etc/inet/hostsfile, and identify the name of the hostassociated with the loghostalias.

In the default /etc/inet/hostsfile, the loghostalias is associated with the host nameof the local system.

3. On both systems, cause the syslogddaemon to reread the /etc/syslog.conffile bysending it a refreshcommand.


4. On both systems, run the following m4commands and record the line for the auth.noticemessages.

# /usr/ccs/bin/m4 -D LOGHOST /etc/syslog.conf

auth.notice /var/log/authlog

# /usr/ccs/bin/m4 /etc/syslog.conf

auth.notice @loghost

5. On both systems, open a terminal window and use the tailcommand to view new entriesas they arrive in the /var/log/authlogfile.

# tail -f /var/log/authlog

6. On system2, use the rlogincommand to log in to your own system, and then exit theconnection.

# rlogin system2

Password: xxxxxx...

# exit


68/152


Chapter 8 - Page 8

On system2, which message is displayed in the window running the tailcommand?

A message similar to the following displays:

Mar 31 09:15:23 system2 login: [ID 254462 auth.notice] ROOTLOGIN

/dev/pts/7 FROM system2

On system1, does a new message display in the window running the tailcommand (yesor no)?

No

7. On system2, change to the /etc/inetdirectory and make a backup copy of the/etc/inet/hostsfile. Edit the /etc/inet/hostsfile to remove the loghostaliasfrom the entry for system2and add it to the entry for system1.

# cd /etc/inet

# cp hosts hosts.bak

# vi hosts

8. On system2, force the syslogddaemon to reread the /etc/syslog.conffile usingsvcadm.


9. On system2, use the rlogincommand to log in to your own system, and then exit theconnection.

# rlogin system2

Password: xxxxxx

...

# exitOn system2, does a new message display in the window running the tailcommand (yesor no)?

No

On system1, which message is displayed in the window running the tailcommand?

A message similar to the following displays:

Nov 06 09:34:46 system2 login: [ID 254462 auth.notice] ROOTLOGIN

/dev/pts/7 FROM system2

Task 5 Completing the PracticePerform the following steps:

1. On both systems, stop the tailcommand in any window where it is running.

2. On system2, replace the /etc/inet/hostsfile with the backup copy that you madeearlier.


69/152


Chapter 8 - Page 9

3. On both systems, replace the /etc/syslog.conffile with the backup copy that youmade earlier.

4. On both systems, ensure that the syslogddaemon rereads the /etc/syslog.conffileby sending it a refreshcommand.



70/152


Chapter 8 - Page 10


71/152

Practices for Lesson 9: Using Name Services

Chapter 9 - Page 1

Practices for Lesson 9: UsingName Services

Chapter 9


72/152


Chapter 9 - Page 2


Practices Overview

In this practice, youevaluate your understanding of the name services concepts presented inthis lesson.


73/152


Chapter 9 - Page 3

Practice 9-1: Reviewing Name Services

Overview

In this practice, youevaluate your understanding of the name services concepts presented inthis lesson.

AssumptionsIf necessary, refer to your lecture notes to answer the following practice questions.

Task

1. List the name services that can be configured in the /etc/nsswitch.conffile.

Local files, DNS, NIS, NIS+, and LDAP

2. Which name service is the default selection during the installation of the Solaris 10 OS?

NIS+ is selected by default during a Solaris 10 OS installation.

3. What are the two main services provided by DNS?

DNS provides host name-to-IP address translation and IP address-to-host nametranslation.

4. What types of information are stored within the NIS+ namespace?

The NIS+ namespace stores information about workstation addresses, security information,mail information, Ethernet interfaces, printers, and network services.

5. Which file is referred to as the name service switch file, and why?

The /etc/nsswitch.conffile is referred to as the name service switch file because theoperating system uses it to determine where to go for any information lookups. This file

indicates whether DNS, NIS, NIS+, LDAP, or local files are to be used for name serviceresolution. If more than one name service is to be used, this file indicates the order in whichthese services should be accessed.

6. If you decide to use the LDAP for name service resolution, which template file would youuse to create the name service switch file?

/etc/nsswitch.ldap


74/152


Chapter 9 - Page 4

7. How is the following entry in the name service switch file interpreted?

hosts: nis [NOTFOUND=return] files

Assuming that the NIS name service is running and available, the syntax for this entrymeans that the NIS hosts table is searched. If an NIS server is busy or unavailable, thelocal files are searched. If an NIS server has no map entry for a host lookup, the systemwould not reference the local files.

8. Is the following an appropriate entry to the /etc/nsswitch.conffile? Why or why not?

group: dns files nis

This is not an appropriate entry in the /etc/nsswitch.conffile, because dnsappliesonly to the hostsentry in the name service switch file.


75/152

Practices for Lesson 10: Configuring Name Service Clients

Chapter 10 - Page 1

Practices for Lesson 10:Configuring Name ServiceClients

Chapter 10


76/152


Chapter 10 - Page 2


Practices Overview

In this practice, you configure the Solaris 10 OS client system to use DNS and LDAP as nameservices.


77/152


Chapter 10 - Page 3

Practice 10-1: Configuring a System to Use DNS and LDAP

Overview

In this practice, you configure the Oracle Solaris

Documents

System Administration for the Oracle Solaris 10 OS Part 2 Practice Guide