Transition to Oracle Solaris 11: license to use this Student Guideฺ

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Qav lic
i d
ah
Sh
Transition to Oracle Solaris 11
Activity Guide
D73488GC30
Edition 3.0 | November 2014 | D89086
Learn more from Oracle University at oracle.com/education/

Author Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Venu Poddar Disclaimer
This document contains proprietary information and is protected by copyright and other
Technical Contributors intellectual property laws. You may copy and print this document solely for your own
and Reviewers use in an Oracle training course. The document may not be modified or altered in any
way. Except where your use constitutes "fair use" under copyright law, you may not
Juanita Heieck use, share, download, upload, copy, print, display, perform, reproduce, publish, license,
post, transmit, or distribute this document in whole or in part without the express
Kathy Slattery authorization of Oracle.
Alta Estad
The information contained in this document is subject to change without notice. If you
Alissa Bader Clark find any problems in the document, please report them in writing to: Oracle University,
Sharon Veach 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Graphic Designer Restricted Rights Notice
Maheshwari Krishnamurthy If this documentation is delivered to the United States Government or anyone using the
documentation on behalf of the United States Government, the following notice is
ble
applicable:
e r a
nsf
Editors
Aju Kumar U.S. GOVERNMENT RIGHTS
-tr a
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or
Anwesha Ray o n
disclose these training materials are restricted by the terms of the applicable Oracle
n
Raj Kumar
s a
license agreement and/or the applicable U.S. Government contract.
a
h eฺ
Trademark Notice
)
Publishers e
tฺa Guid
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names
n e
Sumesh Koshy
t e sฺ ent may be trademarks of their respective owners.
Syed Ali
m ira Stud
Srividya Rameshkumar
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh
Table of Contents
Practices for Lesson 1: Course Introduction.................................................................................................1-1
Practices for Lesson 1: Overview ...................................................................................................................1-2
Practice 1-1: Getting Familiar with Your Practice Environment ......................................................................1-3
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements .................2-1
Practices for Lesson 2....................................................................................................................................2-2

Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11 ..............................................3-1
Practice 3-1: Configuring a Local IPS Package Repository ...........................................................................3-3
Practice 3-2: Configuring a Network Client to Access the IPS Server ............................................................3-7
Practice 3-3: Updating Oracle Solaris 11 to Oracle Solaris 11.2 OS (demonstration) ....................................3-10
Practice 3-4: Managing Software Packages ..................................................................................................3-11
bl
Practice 3-5: Managing the Boot Environments .............................................................................................3-25 e
r a
Practice 3-6: Testing Your Skills and Knowledge ...........................................................................................3-30
fe
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System ...............................................4-1 n s
n - tra
no
Practice 4-1: Installing the Oracle Solaris 11 OS by Using the Text Installer .................................................4-3
a
h s
Practice 4-2: Installing the Oracle Solaris 11 OS by Using the Live Media Installer .......................................4-6
a.......................................4-10
Practice 4-3: Installing the Oracle Solaris 11 OS by Using the Automated Installer
a e ) d e ฺ
ฺ
et t Gu i
Practice 4-4: Configuring Oracle Solaris 11 Instances ...................................................................................4-19
ฺ n
Practice 4-5: Customizing the Automated Installation ....................................................................................4-26
s Unified eArchive n Through Automated Installer 4-35
Practice 4-6: Deploying a System by Using an Oracle Solaris
a t e d
Practice 4-7: Testing Your Skills and Knowledge ir Stu
m...........................................................................................4-44
Practices for Lesson 5: Oracle Solarisi11 @ e h is
Network tAdministration Enhancements ..................................5-1
a v e
Practice 5-1: Managing h dฺqNetwork
Practices for Lesson 5: Overview
i
Reactive t o us
...................................................................................................................5-2
Configuration ...............................................................................5-3
( s hathe Capabilities
Practice 5-2: Exploring
n se of the ipadm Utility ...........................................................................5-12
a i
v Configuring
Practice 5-3: l e
icNetwork Virtualization Features .............................................................................5-16
i d Q
Practice 5-4: Configuring Elastic Virtual Switch (EVS) ...................................................................................5-31
a h Practice 5-5: Configuring Link Aggregation ....................................................................................................5-32
Sh Practice 5-6: Configuring IPMP ......................................................................................................................5-34
Practice 5-7: Configuring a Network Bridge ...................................................................................................5-49
Practice 5-8: Monitoring the Network .............................................................................................................5-52
Practice 5-9: Test Your Skills and Knowledge ...............................................................................................5-60
Practices for Lesson 6: Administering Oracle Solaris 11 Zones .................................................................6-1
Practice 6-1: Migrating an Oracle Solaris 10 Zone to Oracle Solaris 11 ........................................................6-3
Practice 6-2: Migrating an Oracle Solaris 10 Global Zone to Oracle Solaris 11 .............................................6-10
Practice 6-3: Configuring a Kernel Zone (demonstration) ..............................................................................6-16
Practice 6-4: Cloning and Deploying a Kernel Zone by Using an Unified Archive (Demonstration) ...............6-17
Practice 6-5: Monitoring Zone Resource Utilization .......................................................................................6-18
Practices for Lesson 7: Oracle Solaris 11 ZFS Enhancements....................................................................7-1
Practice 7-1: Migrating a ZFS File System .....................................................................................................7-3
Practice 7-2: Splitting a Mirrored ZFS Storage Pool.......................................................................................7-8
Practice 7-3: Identifying ZFS Snapshot Differences .......................................................................................7-11
Practice 7-4: Configuring ZFS Deduplication .................................................................................................7-12
Copyright © 2014. Oracle and/or its affiliates. All rights reserved.
Transition to Oracle Solaris 11 Table of Contents

i
Practice 7-5: Configuring a COMSTAR iSCSI Target ....................................................................................7-14
Practice 7-6: Test Your Skills and Knowledge ...............................................................................................7-19
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements ............................................................8-1
Practice 8-1: Managing Encryption Keys .......................................................................................................8-3
Practice 8-2: Configuring a ZFS-Encrypted Storage Pool ..............................................................................8-5
Practice 8-3: Configuring a ZFS-Encrypted File System ................................................................................8-8

Practice 8-4: Configuring Read-Only Zones ...................................................................................................8-9
Practice 8-5: Using BART to Audit System Files ............................................................................................8-14
bl e
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Copyright © 2014. Oracle and/or its affiliates. All rights reserved.
Transition to Oracle Solaris 11 Table of Contents

ii
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Practicesefor ) e ฺ 1:
Course ฺ a i d
et Introduction
u
ฺ n
s 1 en t G
t e
m ir Stud
aChapter
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1: Course Introduction

Chapter 1 - Page 1
Practices Overview
This practice introduces you to the infrastructure that you will use to perform the practices.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 1 - Page 2
Practice 1-1: Getting Familiar with Your Practice Environment
Overview
This practice provides an introduction to your course assignment and the infrastructure that you
will use to perform the practices. The practices in this assignment are mapped to the respective
lessons.
Practices Infrastructure
This section presents the architectural overview of the infrastructure required for the practices.
Your practice environment is based on the Oracle VM VirtualBox virtualization software. The
environment consists of multiple virtual machines (VMs), which are configured on a private
internal network (192.168.0). Each VM can communicate with other VMs on the same private
network, as shown in the following diagram.
Note: Internet access is not configured for these VMs.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 1 - Page 3
The following image shows the configured VirtualBox VMs:
ble
e r a
a nsf
o n -tr
a n
a
h eฺ s
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
a h
VirtualBoxv i
environment nse of the following VMs:
(sh iceconsists
Q a of the VMl
h i d Name Description
a
Sh This VM is installed with Oracle Solaris 11.2 Text Install for x86.
This VM provides NFS and DNS services. You can perform the
following tasks by using this VM:
S11-Server1 • Configure IPS and AI services.
• Use S11-Server1 as target for migrating a zone.
• Perform network, ZFS, and security enhancements
practices.
This VM is installed with Oracle Solaris 11.2 Live Media for x86 and
used as the IPS client machine. You will use this VM to verify
S11-Desktop
network configurations and configure this system as an iSCSI
initiator.
This VM is installed with Oracle Solaris 10 Update 11 for x86. It is
S10-Server1
used as a source for zone’s migration practice.
This VM is used to install Oracle Solaris 11.2 Text Install OS for
Text Install
x86.

Chapter 1 - Page 4
Name of the VM Description
This VM is used to install Oracle Solaris 11.2 Live Media OS for
LiveCD Install
x86.
This VM is used as the Automatic Installer (AI) network client
S11-Client1
machine.
S11-Client2 This VM is used as the AI network client machine.

This VM is used in an optional practice to check the skill and
S11-Client5
knowledge of the user.
The VMs are further configured to communicate with the host machine through the shared
directory. The shared directories are as listed in the following table: ble
e r a
Resource Name Location Description
a nsf
Host share directory /opt/ora Various course files o n -tr
Demo files a n
Contains the demonstration file used
/opt/ora/demo
a
h eฺs in the course
e )
OVA files /opt/ora/images Contains
e tฺaa backup
u iofdall virtual
ฺ n
smachines n G
t in the course
used
t e e
m ira Ifwhile
S
any
t udperforming
virtual machine gets corrupted
@ e his delete the virtual amachine

practice, you can
a v i e t the respective VM from thisand import
dฺq to us
folder.
a h i But, after reimporting, you will have
sh ens e to redo previous practices to bring
i (
Q av lic the VM to the required start state of
the practice where the VM got
h i d corrupted.
a
Sh ISO files /opt/ora/iso Contains the S11.2 GA ISO files
required to perform practices
The details of the shared directories can be verified in the respective VM settings. Each VM has
an entry in the /etc/vfstab file, which stores information about the mount points and related
directories on the system.
User Credentials
VMs Credentials
• Username: oracle
• Password: oracle1
S11-Server1 Note: As the oracle user, use su to switch to the primary
administrator (root) role. The password is oracle1. The
root is configured as a role by default in Oracle Solaris 11.
The first username created on the system during the

Chapter 1 - Page 5
installation is the initial privileged user who can assume the
primary administrator role.
S11-Desktop • Password: oracle1
Note: The root role password is oracle1.
• Username: root
S10-Server1
• Password: cangetin
Tasks
Perform the following steps to get familiar with your practice environment:
1. On your host system, start the Oracle VM VirtualBox Manager by double-clicking its icon on
your desktop.
ble
e r a
tra nsf
n -
2. In the Oracle VM VirtualBox Manager window, double-click the S11-Server1
a no VM to start it.
h a s button on the menu
Alternatively, you can select the S11-Server1 VM and click the Start
bar.
a e ) deฺ
e t ฺ u i
n
sฺ ent G
t e
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh

Chapter 1 - Page 6
3. Log in to the S11-Server1 VM with the user ID oracle and password oracle1.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 1 - Page 7
4. Close the S11-Server1 VM by performing the following steps:
a. Click the close (X) button, which is located on the top-right corner of the VM’s window.
b. Select Power off the machine option in the Close Virtual Machine dialog box that
appears on closing a VM, and then click OK.
ble
e r a
a nsf
o n -tr
a n
a
h eฺ s
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
ha nsVMe by double-clicking it in the VirtualBox Manager.
5. Open the S11-Desktop
( s
v
6. After the
a l i ce VM is powered ON, log in with the user ID oracle and password
i S11-Desktop
i d Q
oracle1. The GUI-based desktop is displayed.
h ah
S

Chapter 1 - Page 8
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
7. Close the S11-Desktop VM.
t e sฺ ent
ira by S
8. Verify that no VMs are running at this time,
m t ud the status of the VMs in Oracle VM
viewing
VirtualBox Manager window.
@ e his
9. Do not open other VMs atathis i t
v pointsinetime.
q
idฺ to u
Best Practiceshah
( e n se steps in the practices with care and attention for a smooth
sthe instructional
•
v i
Follow
aexperience. lic
Q
id • Ensure that no more than three VMs are running at a time, while performing the
a h
Sh practices.
• Shut down the VMs when not required for a specific practice, to release system
resources for the primary VM in use.
• Halt the zones when not required to release system resources.
• When launching a VM for the first time, if you see the Select start-up disk appear,
click the Cancel button to continue.

Chapter 1 - Page 9
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 1 - Page 10
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Introducing ฺ a
et t Gthe i d
u Oracle
s ฺ n n New Features and
aSolaris
t e d 11
e
e mir Enhancements
i s S tu
v i @ e thChapter
ฺ q a us 2
a h id to
sh ens e
i (
Q av lic
i d
ah
Sh
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements
Chapter 2 - Page 1
Practices for Lesson 2
Practices Overview
There is no practice for Lesson 2.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Practices for Lesson 2: Introducing the Oracle Solaris 11 New Features and Enhancements
Chapter 2 - Page 2
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Managing ฺ a
et tSoftware
u i d Packages
ฺ n
sOracle G
nSolaris 11
ain
t e d e
e mir Chapter
s S tu3
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11

Chapter 3 - Page 1
Practices Overview
This practice introduces you to the Image Packaging System (IPS) and provides a guided,
hands-on experience with managing software packages by using IPS. While performing the
practices, you apply package management best practices applicable to the Oracle Solaris 11
operating system.
The key areas explored in the practices are:
• Configuring a local IPS package repository
• Configuring a network client to access the IPS server
• Updating Oracle Solaris 11 to Oracle Solaris 11.2 OS (demonstration)
• Managing software packages
• Managing the boot environments ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 2
Practice 3-1: Configuring a Local IPS Package Repository
Overview
IPS manages software in units of packages. An IPS package is a collection of directories, files,
links, drivers, dependencies, groups, users, and license information in a defined format. This
collection represents the installable objects of a package. Packages have attributes such as a
package name and description. When you install or upgrade to the Oracle Solaris 11 release,
the system initially has one publisher configured: the solaris publisher. The default publisher has
the http://pkg.oracle.com/solaris/release/ repository origin.
You can create your own local package repository. Having a local package repository is
necessary when your network clients do not have access to the web-based default repository.
Other reasons you might want to have a local copy of a package repository include:
• Performance: Having a local package repository allows clients to access packages at
local network speeds.
ble
• Security: You might not want your client systems to have access to the Internet. e r a
• Replication: You want to ensure that an installation that you perform next year is a nsf
exactly the same as the installation you perform today.
o n -tr
In your practice environment, your virtual machine client cannot access the default publisher for
a n
a s
software update services. So, your first task will be to create your own local package repository
h eฺ
)
and make it the default publisher so that the network client can be serviced by IPS.
e
n e tฺa Guid
Task
t e sฺto configure
e n t
Perform the following steps on the S11-Server1
i r a tud
VM a local IPS package repository:
1. Verify that no VMs are running at e mpointiofs time.
this S
2. Start the S11-Server1 VM and @ h
vi log sinewitht the user ID oracle and password oracle1.
q a
3. Run the su command
h i dฺto assume
t o uprimary administrator privileges.
( s ha nse su -
oracle@s11-server1:~$
a v i
Password:
l i ce
i d Q Oracle Corporation SunOS 5.11 11.2 June 2014
h ah root@s11-server1:~#
S 4. Determine the host name of this server.
root@s11-server1:~# hostname
s11-server1
5. Verify that this server can access DNS services.
root@s11-server1:~# nslookup s11-server1
Server: 192.168.0.112
Address: 192.168.0.112#53
Name: s11-server1.mydomain.com
Address: 192.168.0.112
6. Download the following repository files available at the Oracle Solaris download site to a
ZFS file system, such as rpool/export/repodir:
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html
Note: Do not run these commands in this lab. For this training purpose, these steps
have already been performed for you.

Chapter 3 - Page 3
• README file (README-zipped-repo.txt)
• Repository assembly script (install-repo.ksh)
• MD5 checksum file
• Four IPS repository parts (zip files)
# cd /export/repodir
# ls
install-repo.ksh sol-11_2-repo-3of4.zip
README-zipped-repo.txt sol-11_2-repo-4of4.zip
sol-11_2-repo-1of4.zip sol-11_2-repo-md5sums.txt
sol-11_2-repo-2of4.zip
7. Make the repository assembly script executable.
Note: Do not run this command in this practice. For training purpose, this step has
already been performed for you.
ble
# chmod +x install-repo.ksh
e r a
8. Create a ZFS file system for the local IPS repository with compression enabled.
a nsf
Note: Do not run this command in this practice. For training purpose, this step has
o n -tr
a n
a
h eฺ s
# zfs create -o compression=on –o atime=off rpool/export/IPSpkgrepos
e )
tฺa withGthe idZFS file system for the
# zfs create rpool/export/IPSpkgrepos/Solaris
9. Run the install-repo.ksh repository assembly n escript u

local IPS repository as an option, to build the
t e sฺ eas
repository n twell as to create the repository
ISO image.
m ira Stud
This script unzips and installs the e
zipped IPSisrepository image components into the
designated directory anda i @
v performs
also t h
e the following functions:
ฺ q u s
• id of downloaded
Validate checksums
a h to files (optional)
• sh each
Uncompress n e
s into a specified directory
part
i ( c e
v the repository
• a
Q Verify li image (optional)
a h id • Create an ISO file for mounting and distribution (optional)

Sh Note: Do not run this command in this practice. For training purpose, this step has
# ./install-repo.ksh -d /export/IPSpkgrepos/Solaris -c -v -I
Comparing checksums of downloaded files...done. Checksums match.
Uncompressing sol-11_2-repo-1of4.zip...done.
Repository can be found in /export/IPSpkgrepos/Solaris.
Initiating repository verification.
...
Building ISO image...done.
ISO image and instructions for using the ISO image are at:
/export/repodir/sol-11_2-repo.iso
/export/repodir/README-repo-iso.txt

Chapter 3 - Page 4
The repository image provides you with a complete archive of software packages to allow
you to set up a local network IPS repository that client systems can connect to.
10. Verify that the /export/IPSpkgrepos/Solaris file system has been configured with
the repository files.
root@s11-server1:~# ls -lh /export/IPSpkgrepos/Solaris
total 24
-rw-r--r-- 1 root root 3.2K Jun 24 21:45 COPYRIGHT

-rw-r--r-- 1 root root 1.6K Jun 24 21:45 NOTICES
-rw-r--r-- 1 root root 347 Jun 24 16:55 pkg5.repository
drwxr-xr-x 3 root root 3 Aug 10 10:43 publisher
-rwxr-xr-x 1 root root 5.8K Jun 24 21:45 README-repo-iso.txt
11. Assess the current IPS configuration on the S11-Server1 system.
root@s11-server1:~# svcs application/pkg/server
STATE STIME FMRI
ble
e r a
nsf
disabled 6:12:11 svc:/application/pkg/server:default
-tra
root@s11-server1:~# svcprop -p pkg/inst_root application/pkg/server
/var/pkgrepo n o n
s a
Note: This system is not currently configured as an IPS server (the service is disabled).
) a
h eฺ
The default location of the IPS repository is determined by the pkg/inst_root property.
e
tฺa Guid
The /var/pkgrepo directory is not the correct location of your local repository.
n e
t e sฺ ent
12. Determine whether the IPS service is currently available.
ra Stud
root@s11-server1:~# pkg search ientire
m
e hrespond
pkg: Some repositories failed
@
to
i s appropriately:
solaris:
q a vi package
s e t
Encountered h
i
Unable to contact
dฺ to uerror(s):
valid repository
stohacontact e configured publishers.

the following
( e n sany
i
Unable
v is likely
aThis lic a network configuration problem.
i d Q Framework error: code: 6 reason: Couldn't resolve host 'pkg.oracle.com'
ah
Sh
URL: 'http://pkg.oracle.com/solaris/release' (happened 4 times)
Searching for a package is a quick way of determining whether the IPS service is available.
The output displayed indicates that this system has no access to the IPS service.
13. Set the pkg/inst_root property of the application/pkg/server service to the
repository location (/export/IPSpkgrepos/Solaris).
root@s11-server1:~# svccfg -s application/pkg/server setprop \
pkg/inst_root=/export/IPSpkgrepos/Solaris
14. Set the pkg/readonly property of the application/pkg/server service to true.

root@s11-server1:~# svccfg -s application/pkg/server setprop pkg/readonly=true
15. Verify the inst_root property of the application/pkg/server service.

root@s11-server1:~# svcprop -p pkg/inst_root application/pkg/server
/export/IPSpkgrepos/Solaris
16. Refresh the application/pkg/server service.

root@s11-server1:~# svcadm refresh application/pkg/server

Chapter 3 - Page 5
17. Enable the application/pkg/server service.
root@s11-server1:~# svcadm enable application/pkg/server
18. Verify that the application/pkg/server service is enabled.

root@s11-server1:~# svcs application/pkg/server
STATE STIME FMRI
online 2:35:11 svc:/application/pkg/server:default

19. List the current package publishers.
root@s11-server1:~# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F http://pkg.oracle.com/solaris/release/
The preceding command output shows the current publisher. A publisher is a forward
domain name that identifies a person, group of persons, or an organization that publishes
one or more packages. The repository type origin is the location of a package repository
ble
that contains both package metadata (package manifests and catalogs) and package
e r a
content (package files). The default publisher URI is http://pkg.oracle.com/solaris/release/.
a nsf
20. Remove the current publisher URI (http://pkg.oracle.com/solaris/release/) and add a new
URI (http://s11-server1.mydomain.com) to the preferred publisher name solaris. o n -tr
a n
a s
root@s11-server1:~# pkg set-publisher -G '*' –g
h eฺ
http://s11-server1.mydomain.com/ solaris
\
e )
n e tฺa Guid
PUBLISHER TYPE
t e sฺ PeLOCATION
STATUS n t
solaris ira online
origin
m S t udF http://s11-server1.mydomain.com/
21. Test IPS on the local server by @ e hforisthe entire package.
searching
root@s11-server1:~#apkg
i
v search e t
q
dฺACTIONtoVALUE
u s entire
INDEX
h i
( s ha nse PACKAGE
v i
apkg.descriptione
lic setincluding
Provides for power management support of the entire
i d Q operating system, the configuration of the maximum time allowed to
a h reach both minimum and full capacity, and whether or not to permit system
Sh
suspend and resume if the platform supports it.
pkg:/system/kernel/power@0.5.11-0.175.2.0.0.42.2
pkg.description set Provides support for suspend and resume of the entire
operating system. When the system is suspended, the entire system state is
preserved either in RAM or non-volatile storage until a resume operation is
conducted. The ability to suspend and resume is device dependent and not all
systems support the capability. pkg:/system/kernel/suspend-resume@0.5.11-
0.175.2.0.0.42.2
pkg.description set pixz compresses and decompresses files using multiple
processors. If the input looks like a tar(1) archive, it also creates an index
of all the files in the archive. This allows the extraction of only a small
segment of the tarball, without needing to decompress the entire archive.
pkg:/compress/pixz@1.0-0.175.2.0.0.42.1
pkg.fmri set solaris/entire
pkg:/entire@0.5.11-0.175.2.0.0.42.0
22. Display the status of the IPS repository.
root@s11-server1:~# pkgrepo info -s /export/IPSpkgrepos/Solaris
PUBLISHER PACKAGES STATUS UPDATED
solaris 4870 online 2014-06-25T03:55:23.627994Z

Chapter 3 - Page 6
Practice 3-2: Configuring a Network Client to Access the IPS Server
Overview
Now that you have a local package repository set up, you must configure the network clients to
access the new repository. By default, clients are configured to use the publisher
http://pkg.oracle.com/solaris/release/. In this task, you reconfigure the client to access the
http://s11-server1.mydomain.com/ package publisher.
Task
Perform the following steps on the S11-Desktop machine to configure a network client to access
the IPS server:
1. Verify whether S11-Server1 is running. Keep it minimized for the time being.
2. Start the S11-Desktop VM and log in with the user ID oracle and password oracle1.
ble
3. In the S11-Desktop VM, right-click the desktop background and open a terminal window.
e r a
4. In the terminal window, run the su command to assume primary administrator privileges.
a nsf
oracle@s11-desktop:~$ su -
o n -tr
Password:
a n
a s
Oracle Corporation SunOS 5.11
h eฺ
11.2 June 2014
root@s11-desktop:~#
e ) d
e ฺa byuiresolving
5. Verify whether S11-Desktop (client) can access DNStservices the IPS server
host name. n
sฺ ent G
t e
ira Stud
root@s11-desktop:~# nslookup s11-server1
m
Server:
e his
192.168.0.112
@
Address: i
v se t
192.168.0.112#53
a
i q
dฺ to u
h
i ( s a ense
Address:h192.168.0.112
6. Verify
Q lic can ping the IPS server.
avthat this client
a h id root@s11-desktop:~# ping s11-server1
Sh 7. List the current package publishers.

s11-server1 is alive
root@s11-desktop:~# pkg publisher

solaris origin online F http://pkg.oracle.com/solaris/release/
8. Remove the current publisher URI (http://pkg.oracle.com/solaris/release/) and add a new
URI (http://s11-server1.mydomain.com) to the preferred publisher name solaris.
root@s11-desktop:~# pkg set-publisher -G '*' –g \
http://s11-server1.mydomain.com/ solaris
9. Verify that the preferred publisher is http://s11-server1.mydomain.com/ .
root@s11-desktop:~# pkg publisher
solaris origin online F http://s11-server1.mydomain.com/

Chapter 3 - Page 7
10. Test the client access to the IPS server by opening the http://s11-server1.mydomain.com
URL in the Firefox browser.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 8
11. Using the package repository browser, search for the entire package.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
12. Close the Firefox browser.
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh

Chapter 3 - Page 9
Practice 3-3: Updating Oracle Solaris 11 to Oracle Solaris 11.2 OS
(demonstration)
Overview
IPS allows you to update the OS image to a new version of Oracle Solaris 11. Each package in
the image is updated from the publisher that provided the current installed version. A new boot
environment (BE) is created when a full image update is performed.

Note: Before viewing the demonstration file, it is necessary that you understand the
detailed procedure documented in the “Updating a system to Oracle Solaris 11.2” section of
the Student Guide.
Assumptions
Adobe Flash Player is already installed on the host machine before executing the
demonstration.
ble
e r a
Special note for playing the demo in the virtual machine:
a nsf
• To be able to view demo controls in the browser, it is recommended to switch to full
screen. o n -tr
a n
• s
To switch to full-screen mode in the browser window, go to View > Full Screen.
a
h eฺ
e )
Task
n e tฺa Guid
e ฺ which
For this practice, you are provided with a demonstration,
sOS n twill help you to understand how
to update a machine running the Oracle Solaris
i r t
a tud
11 to e
Oracle Solaris 11.2 OS.
@ em window.
1. On your host machine, open a terminal
h i s S
2. Change to the /opt/ora/demo/
q a vi directory.
s e t
i dฺ to u
# cd /opt/ora/demo/Updating_a_System_to_S11.2
h
sha ense OS_Update_Demo.swf standard.js
# ls
i (
lic System Software Using IPS.htm file in a web browser.
OS_Update_Demo.htm
Q
3. Open avthe Upgrading
a h id # firefox OS_Update_Demo.htm &
Sh 4. A browser window with the Flash demo is displayed.
5. Close the terminal window.
6. Close the web browser after you complete viewing the flash demo.

Chapter 3 - Page 10
Practice 3-4: Managing Software Packages
Overview
After you have made the IPS server available to the network clients, the client system
administrators have the option to manage software updates by using either CLI commands or
GUI-based utilities. In this task, you work with the CLI commands and GUI-based utilities to
perform common software update tasks such as adding, removing, and searching for packages.
You also learn how to perform a “dry run” on package installations, which enables you to see
the changes that will occur on the system when a package is installed, without actually installing
the package. To demonstrate the IPS capabilities, you manage the apptrace software
package.
Start State for the Practice

Verify whether S11-Server1 and S11-Desktop VMs are running. If not, then start them now and e
run the su command to assume primary administrator privileges.
r a bl
e
Refer to Practice 1 for the procedure to start the VMs.
a nsf
Task o n -tr
a n
a s
To begin with, you manage client packages by using the pkg command.
h eฺ
)
Perform the following steps on S11-Desktop VM to manage software packages:
e
n e tฺa Guid
1. In a terminal window on the S11-Desktop virtual machine, determine whether the
t e sฺ ent
apptrace software packages are currently installed.
ra Stud
i'apptrace'
root@s11-desktop:~# pkg list apptrace
m
e his installed
pkg list: No packages matching
@
2. Search the IPS package a
q vi sfore the
repository t apptrace software package.
h i dฺ pkgtosearch
root@s11-desktop:~# u apptrace
INDEX ha se VALUE
i ( s e n
ACTION
v lic set Apptrace utility for application tracing, including

PACKAGE
Q apkg.description
h i d shared objects pkg:/developer/apptrace@0.5.11-0.175.2.0.0.42.2
a
Sh
pkg.summary set Apptrace Utility
pkg:/developer/apptrace@0.5.11-0.175.2.0.0.42.2
basename file usr/bin/apptrace
pkg.fmri set solaris/developer/apptrace
3. Display the detailed information about the apptrace package.

root@s11-desktop:~# pkg info -r apptrace
Name: developer/apptrace
Summary: Apptrace Utility
Description: Apptrace utility for application tracing, including shared
objects
Category: Development/System
State: Not installed
Publisher: solaris
Version: 0.5.11
Build Release: 5.11
Branch: 0.175.2.0.0.42.2

Chapter 3 - Page 11
Packaging Date: June 24, 2014 06:39:19 PM
Size: 162.04 kB
FMRI: pkg://solaris/developer/apptrace@0.5.11,5.11-
0.175.2.0.0.42.2:20140624T183919Z
Note: Fault Management Resource Identifier (FMRI) is the identifier for a package and it
includes the package publisher, package name, and version. The pkg command uses
FMRIs, or portions of FMRIs, to operate on packages.

4. Perform a “dry run” on the apptrace package installation.
root@s11-desktop:~# pkg install -nv apptrace
Packages to install: 1
Estimated space available: 36.11 GB
Estimated space to be consumed: 19.83 MB
Create boot environment: No
Create backup boot environment: No
ble
Rebuild boot archive: No
e r a
a nsf
Changed packages:
solaris o n -tr
developer/apptrace a n
a
h eฺs
None -> 0.5.11,5.11-0.175.2.0.0.42.2:20140624T183919Z
e ) dinstallation will not
The dry run shows that one package will be installed. The
e t ฺa willuibe
package
impact the boot environment. No currently installed
s ฺ n nt G changed.
packages
5. Install the apptrace package.
i r a te ude
e
root@s11-desktop:~# pkg installm apptrace S t
Packages toi@install: h
t 1i s
v e
ฺqaenvironment:
Create boot
Create backupid o u s No
DOWNLOADha
h e t
boot environment: No
( s e n s PKGS FILES XFER (MB)

v i
SPEED
aCompleted lic
d Q 1/1 10/10 0.1/0.1
ahi
81.7k/s
Sh PHASE ITEMS
Installing new actions 29/29
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
6. Verify the apptrace package installation.

root@s11-desktop:~# pkg verify -v apptrace
PACKAGE STATUS
pkg://solaris/developer/apptrace OK
7. Remove the apptrace package from the system image.

root@s11-desktop:~# pkg uninstall apptrace
Packages to remove: 1

Chapter 3 - Page 12
PHASE ITEMS
Removing old actions 25/25
8. Verify that the apptrace package has been removed.

root@s11-desktop:~# pkg list apptrace
pkg list: No packages matching 'apptrace' installed
Now, you will manage the apptrace package by using the graphical Package Manager
utility.
9. On the desktop background, double-click the Add More Software icon to display the
Package Manager GUI. Select the solaris publisher. ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 13
10. In the File menu, click Manage Publishers.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 14
11. Verify that the package publisher that you configured in Practice 3-1 is enabled and sticky.
Also, verify the origin of the IPS server. Click OK.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
Note: When a publisher
i q
dฺoriginally.
is sticky,uthe client source updates from the same publisher that
a h
provided the package e to
i ( sh ens
Q av lic
ah id
Sh

Chapter 3 - Page 15
12. In the Package Manager search field, type apptrace and press the Return key.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
q
idฺ thattotheuapptrace package is not currently installed on this
h
The status iconaindicates
system. (sh
e n se
av i lic
id Q
h ah
S

Chapter 3 - Page 16
13. Select the apptrace package. Note the contents of the General tab at the bottom of the
display. This information is derived from the apptrace manifest.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 17
14. Click the Files tab to view the files listed in the apptrace manifest.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 18
15. Click the Dependencies tab.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 19
16. Click the Versions tab.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 20
17. Select the apptrace package check box and click the Install/Update button. Then, click
Proceed in the Install Confirmation dialog box.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 21
18. Verify that the apptrace package installed successfully. Close the Install/Update dialog
box.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 22
19. Select the apptrace package check box and click the Remove button. Then click
Proceed in the Remove Confirmation dialog box.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 23
20. Verify that the apptrace package was successfully removed. Close the Remove dialog
box.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q
21. Close
lic Manager window.
avthe Package
a h id
Sh

Chapter 3 - Page 24
Practice 3-5: Managing the Boot Environments
Overview
With multiple boot environments (BEs), the process of updating software becomes a low-risk
operation because you can create backup boot environments before making any software
updates to your system. If needed, you have the option of booting to a backup boot
environment.
During this practice, you will create a new full boot environment based on the current BE. The
current BE does not have the diffstat package installed. You make the new BE the active
boot environment and you update it with the diffstat package. You reboot to the original boot
environment to prove that the two BEs are now logically separated.
You also mount and update an inactive BE. You also create a clone and a snapshot of the
current BE.
bl e
fe r a
Verify whether S11-Server1 VM is running. If not, start it now and run the su command to n s
assume primary administrator privileges.
n - tra
Refer to Practice 1 for the procedure to start the VMs.
a no
Task ) h as ฺ
Perform the following steps to manage boot environment:tฺa
e ide
ฺ n e G u
tes uBEs.
1. In the S11-Server1 virtual machine, list the current
en t
root@s11-server1:~# beadm list ira
t d
e m Policy s S
hi -------
BE Active Mountpoint Space Created
v i @-----
e t
--
/ฺq
a u3.42G
------ ---------- ------
s static 2014-07-07 01:05
solaris NR
h i d t o
i (
reboot (R). shaindicates
The Active field
e n sewhether the boot environment is active now (N) and active on
Q
2. Cloneavthe currentlicactive BE. Name the clone solaris-1.
a hid root@s11-server1:~# beadm create solaris-1
Sh 3. List the current BEs.
root@s11-server1:~# beadm list
BE Active Mountpoint Space Policy Created
-- ------ ---------- ----- ------ -------
solaris NR / 3.42G static 2014-07-07 01:05
solaris-1 - - 145.0K static 2014-07-09 03:52
4. Activate the solaris-1 BE. Display the list of BEs. Note that solaris-1 is pending
activation on reboot.
root@s11-server1:~# beadm activate solaris-1

-- ------ ---------- ----- ------ -------
solaris N / 43.0K static 2014-07-07 01:05
solaris-1 R - 3.42G static 2014-07-09 03:52

Chapter 3 - Page 25
5. Reboot the S11-Server1 virtual machine.
root@s11-server1:~# init 6
Notice that solaris-1 is now the default boot entry in the GRUB menu.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
6. After S11-Server1 has rebooted, log inias
m S t ud user and use su to root.
rathe oracle
e BEs.his
7. In a terminal window, list the current
@
i
v list
root@s11-server1:~#abeadm e t
q
dฺ Mountpoint s
u Space Policy Created
BE
h i
Active
t o
--
i ( sha------
- en/
e
s---------- ----- ------ -------
a v
solaris
l ic - 43.0K static 2014-07-07 01:05
d Q solaris-1 NR 3.42G static 2014-07-09 03:52
h ahi Note: The solaris-1 image is now active.

S 8. Verify that the diffstat package is not currently installed on the new active BE.
root@s11-server1:~# pkg list diffstat
pkg list: No packages matching 'diffstat' installed
9. Install the diffstat package on the new active BE.

root@s11-server1:~# pkg install diffstat
DOWNLOAD PKGS FILES XFER (MB)
SPEED
Completed 1/1 6/6 0.0/0.0
74.8k/s
PHASE ITEMS

Chapter 3 - Page 26
10. Activate the solaris BE. Display the list of BEs. Note that solaris is pending activation
on reboot.
root@s11-server1:~# beadm activate solaris

-- ------ ---------- ----- ------ -------
solaris R - 3.43G static 2014-07-07 01:05
solaris-1 N / 89.59M static 2014-07-09 03:52
11. Reboot the S11-Server1 virtual machine. After S11-Server1 has rebooted, log in as the
oracle user and su to root.
ble
e r a
nsf
root@s11-server1:~# init 6
Notice that Oracle Solaris 11.2 is now the default boot entry in the GRUB menu.
-tra
12. Verify that the solaris image is now active and that the diffstat package is not
n o n
installed.
s a
) a
h eฺ
BE
tฺa e id
Active Mountpoint Space
Policy Created
------ e------- Gu
--
n
sฺ 2014-07-07
t 01:05
------ ---------- -----
n
solaris
t eNR
static /
d e 3.47G
m ira static
solaris-1 -
S t u2014-07-09
- 94.03M
03:52
@ e hi s
v i e t
ฺqa matching
root@s11-server1:~# pkg list diffstat
i d
pkg list: No packages
t o us 'diffstat' installed
h
ha BE.nse
13. Mount the inactive
( s
a v i l ice beadm mount solaris-1 /solaris-1
root@s11-server1:~#
i d Q
h ah root@s11-server1:~# beadm list
S BE
--
Active Mountpoint Space Policy Created
------ ---------- ----- ------ -------
solaris-1 - /solaris-1 94.02M static 2014-07-09 03:52
14. Verify that the diffstat package is installed in the inactive package.
root@s11-server1:~# pkg -R /solaris-1 verify -v diffstat
PACKAGE STATUS
pkg://solaris/text/diffstat OK
15. Remove the diffstat package from the mounted inactive BE.
root@s11-server1:~# pkg -R /solaris-1 uninstall diffstat
Packages to remove: 1
PHASE ITEMS
Removing old actions 23/23

Chapter 3 - Page 27
root@s11-server1:~# pkg -R /solaris-1 list diffstat

pkg list: No packages matching 'diffstat' installed
16. Unmount the inactive BE.
root@s11-server1:~# beadm unmount solaris-1
17. Create a snapshot of the solaris BE. Name the snapshot backup.
root@s11-server1:~# beadm create solaris@backup
18. Display the list of snapshots associated with the solaris BE.
root@s11-server1:~# beadm list -a solaris
BE/Dataset/Snapshot Active Mountpoint Space Policy
Created
ble
------------------- ------ ---------- -----
r
------
e a
nsf
-------
solaris
-tr a static
rpool/ROOT/solaris
2014-07-07 01:05
NR /
n o n
2.88G
s a
rpool/ROOT/solaris/var
2014-07-07 01:05
) a
h eฺ
- /var 323.72M static
rpool/ROOT/solaris/var@2014-07-09-03:52:28
t - e
ฺa u- id 748.5K static
2014-07-09 03:52 e
ฺn -nt G -
e s
at tude
rpool/ROOT/solaris/var@backup 21.0K static
2014-07-09 04:34
i r
m is S
e
rpool/ROOT/solaris/var@install - - 205.91M static
2014-07-07 01:13
a v i@ e th
ฺ q u s
rpool/ROOT/solaris@2014-07-09-03:52:28 - - 16.19M static
id
2014-07-09 03:52
a h to
s h n s e
rpool/ROOT/solaris@backup - - 0 static
(
avi lice
2014-07-09 04:34
rpool/ROOT/solaris@install - - 55.14M static
ah19. id Q 2014-07-07 01:13
Create a new boot environment from the solaris@backup snapshot. Name this BE as
Sh solaris-2.
root@s11-server1:~# beadm create -e solaris@backup solaris-2

-- ------ ---------- ----- ------ -------
solaris-1 - - 94.16M static 2014-07-09 03:52
solaris-2 - - 70.0K static 2014-07-09 04:35

Chapter 3 - Page 28
20. Delete the solaris-2 BE and view the results.
root@s11-server1:~# beadm destroy solaris-2
Are you sure you want to destroy solaris-2? This action cannot be
undone(y/[n]): y


-- ------ ---------- ----- ------ -------
solaris-1 - - 94.16M static 2014-07-09 03:52
21. Rename the original solaris-1 BE to solaris-alt.

root@s11-server1:~# beadm rename solaris-1 solaris-alt
22. List the boot environments.
root@s11-server1:~# beadm list ble
e r a
nsf
-- ------ ---------- ----- ------ -------
-tra
n o n
solaris-alt - - 94.16M
s a static 2014-07-09 03:52
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 3 - Page 29
Practice 3-6: Testing Your Skills and Knowledge
Overview
In this practice, you get to apply the skills and knowledge you gained from the lecture and
guided practices. You are challenged with completing the following tasks without the benefit of a
step-by-step guide.
Hint: Use all the available resources, such as man pages, student guide, activity guide, and
your instructor, to successfully complete each task.
Note: This practice is optional. Check with your instructor to determine if you have enough
time available to complete this practice. If you begin this practice and run out of time, set
this practice aside and return to it if time permits.
Task 1: Manage Software Packages

Perform the following task on the S11-Server1 VM. ble
e r a
nsf
1. Determine the current status of the IPS repository.
2. Display detailed information about the snort software package.
-tra
3. Determine if the snort package is currently installed in the system.
n o n
4. s a
Perform a “dry run” installation of the snort package.
5. Install the snort package. ) a
h eฺ
e
tฺa Guid
e
6. Verify that the snort package was installed correctly.
n
7. Remove the snort package. t e sฺ ent
m ira Stud
Task 2: Manage the Boot Environment
@ e h(BE) is
i t
v S11-Server1
Perform the following tasks onathe e VM.
ฺ q u s
a h id environments
1. List the current bootable to (BEs).
e
sh BEetonasBE named solaris11.
2. Clone the active
i (
3. Activate
Q lic and reboot the system.
av BE solaris11
4.id Create a snapshot of the active BE (solaris11).
a h
Sh 5. Create a new boot environment named solaris11-1 from the BE snapshot.
6. Activate the original BE (solaris) and reboot the system.
7. Destroy the solaris11 and solars11-1 BEs.

Chapter 3 - Page 30
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Installing ฺ a
et the i d
uOracle Solaris
ฺ n
sOperating t G
n System
a11
t e d e
e mir Chapter
s S tu4
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
Practices for Lesson 4: Installing the Oracle Solaris 11 Operating System

Chapter 4 - Page 1
Practices Overview
This practice introduces you to the operating system installation methods and provides guided,
hands-on experience with both interactive and hands-free operating system installation. While
performing the practices, you apply Oracle Solaris 11 installation best practices.
The key areas explored in these practices are:

• Installing the Oracle Solaris 11 OS by using the Text Installer
• Installing the Oracle Solaris 11 OS by using the Live Media installer
• Installing the Oracle Solaris 11 OS by using the Automated Installer
• Configuring Oracle Solaris 11 Instances
• Customizing the Automated Installation
• Deploying a System by Using an Oracle Solaris Unified Archive through Automated ble
e r a
nsf
Installer
-tra
n o n
s a
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 2
Practice 4-1: Installing the Oracle Solaris 11 OS by Using the Text
Installer
Overview
When you install the Oracle Solaris 11 OS by using the Text installer, you must first download
the Oracle Solaris 11 Text installer image from the following site:
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html.
The Text installation download is in an ISO image format that can be burned to a CD/DVD or
used directly within Oracle VM Server or other virtualization software.
Note: For training purposes, the Text installer ISO has already been downloaded for you. The
ISO image file can be found in the /opt/ora/iso directory of the VirtualBox host machine.

ble
1. Power off S11-Server1 and S11-Desktop VMs.
e r a
2. In the VirtualBox Manager, verify whether the status of all VMs is Powered-off.
a nsf
3. Select the Text-Install VM in the VirtualBox Manager and verify that the appropriate ISO
image is mounted on the DVD. If the Text-Install ISO is not mounted in the Text-Install o n -tr
a
virtual machine DVD drive, you can find the ISO file in the /opt/ora/iso directory on the
n
host system. a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 3
Task
Perform the following steps to install the Oracle Solaris 11 OS by using the Text installer:
1. Click the Start button on the menu bar of the VirtualBox Manager. This will boot the Text-
Install VM from the Text installer on the DVD to begin the OS installation.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
av lic
Q After you click Start, a Select start-up disk dialog box might appear for you to select
i d Note:
ah a virtual optical disk. You may click Cancel to proceed.
Sh 2. During the OS installation process, use the following configuration data to complete the
Text installation.
Note: The Text installer program may direct you to press F2 or ESC+2 to move to the next
step in the installation process. If pressing F2 does not work, try pressing ESC+2 keys.
• Keyboard layout: Use your local keyboard layout
• Language: Use your local language
• Installation menu: Install Oracle Solaris
• Discovery Selection: Local Disks
• Disk Selection: Default option
• GPT Partitions: Use the entire disk
• Computer Name: solaris-text
• Network configuration: Manually
− Network Interface: net0
− IP Address: 192.168.0.141

Chapter 4 - Page 4
− Configure DNS: Yes
− DNS Server IP address: 192.168.0.112
− Search domain: mydomain.com
− Alternate Name Service: None
• Time zone: Use your local region.

• Language Territory: Use your local language territory
• Date and time: Set to current date and time.
• Keyboard: Use your local keyboard
• Root password: oracle1
• User account:
− Your real name: oracle ble
e r a
nsf
− Username: oracle
− Password: oracle1
-tra
• Support registration: Default options n o n
• Support: Network Configuration: Default (no proxy)s a
) a
h eฺ
3. e
After the Text installation has completed, press F8 to reboot.
tฺa Guid
4. e
After the system has successfully rebooted, log in to the system and verify that the
n
t e sฺ ent
configuration setup performed in step 2 is operational.
5. ira Stud
Shut down (power off) the Text-Install virtual machine.
m
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 5
Practice 4-2: Installing the Oracle Solaris 11 OS by Using the Live
Media Installer
Overview
When you install the Oracle Solaris 11 OS by using the Live Media installer, you must first
download the Oracle Solaris 11 Live Media install image from the following site:
The Live Media installation download is in an ISO image format that can be burned to a
CD/DVD or used directly within Oracle VM Server or other virtualization software.
Note: For training purposes, the Live Media installer ISO has already been downloaded for
you. The ISO image file can be found in the /opt/ora/iso directory of the VirtualBox
host machine.
Start State for the Practice ble

e r a
nsf
1. In the VirtualBox Manager, verify whether the status of all VMs is Powered-off.
2. Select the LiveCD-Install VM in the VirtualBox Manager and verify that the appropriate ISO
-tra
image is mounted on the DVD. If the Live Media ISO is not mounted in the LiveCD-Install
n o n
a
VM DVD drive, you can find the ISO file in the /opt/ora/iso directory on the host
s
system.
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Note: After you click Start, a Select start-up disk dialog box might appear for you to select
a virtual optical disk. You may click Cancel to proceed.

Chapter 4 - Page 6
Task
Perform the following steps to install the Oracle Solaris 11 OS by using the Live Media installer:
1. Click the Start button on the menu bar of the VirtualBox Manager. This will boot the LiveCD-
Install VM from the Live Media installer on the DVD to begin the OS installation.
Note: Choose the default boot option in the GRUB menu. Also, click Capture for keyboard,
mouse, and mouse pointer integration pop-up messages.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 7
2. In the GRUB menu, select Oracle Solaris 11.2 to start installing the Oracle Solaris 11.2
operating system.
ble
e r a
a nsf
o n -tr
a n
a
h eฺ s
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
3. During the Live Media desktop
a i
v onsyour t you are asked to select the keyboard layout
initialization,
e
and language. Set these
i d ฺ q based u local environment.
h t o
s
username(andhapassword
Note: When booting
n s eas jack
the Live Media image, the solaris console login, by default, accepts the
and displays the Live Media desktop. This is useful when
you a
are
e Media as a troubleshooting
viusing thelicLive tool. If you do log in with the username
Q
id and password as jack, the default root password is solaris.
a h
Sh

Chapter 4 - Page 8
4. When the Live Media desktop is initialized, double-click the Install Oracle Solaris icon on
the desktop to begin the OS installation.
ble
e r a
a nsf
o n -tr
a n
a
h eฺ s
e )
n e tฺa Guid
t e sฺ ent
5. During the OS installation process, use rthe
Media installation: m S t udconfiguration data to complete the Live
i a following
Note: Press Back or Next v @e e through
toinavigate t his the screens.
• Disk Discovery:
i d qa Disksus
ฺLocal
a h e o
toption
•
i ( sh eUse
Disk Selection: s
Default
n
•
a v
Disk li
Partition: c the whole disk
i Q
d • Time Zone, Date and Time: Click the city closest to your install location
h
a • User account:
Sh − Your real name: oracle
− Log-in name: oracle
− User password: oracle1
• Computer name: solaris-live
• Support registration: Default options
• Support: Network Configuration: Default (no proxy)
6. After the Live Media installation has completed, press Reboot.
7. After the system has successfully rebooted, log in to the system with the username oracle
and password oracle1. Verify that the configuration setup mentioned in step 5 is
operational.
8. Shut down (power off) the LiveCD-Install virtual machine.

Chapter 4 - Page 9
Practice 4-3: Installing the Oracle Solaris 11 OS by Using the
Automated Installer
Overview
Deploying the Oracle Solaris 11 operating system with the Automated Installer (AI) involves
three tasks:
• Verifying that the system meets AI requirements

• Configuring the AI server
• Deploying the OS to network clients
Before you install the Oracle Solaris 11 OS by using AI, you must first download the Oracle
Solaris 11 AI install image from the following site:
The AI installation download is in an ISO image format that can be burned to a CD or a DVD or ble
used directly within Oracle VM Server or other virtualization software. e r a
Note: For training purposes, the AI ISO has already been downloaded for you. The ISO a nsf
image file can be found in the /opt/ora/iso directory of the S11-Server1 virtual
o n -tr
machine.
a n
a
h eฺs
e )
1. Verify that no VMs are running at this point of time. tฺa
e u id
2. Start the S11-Server1 VM and log in with the user n
sฺ ID oracle
n G
t and password oracle1.
t e e
3. Run the su command to assume primary
m S ud privileges.
iraadministrator
t
oracle@s11-server1:~$ su - e is
i @ t h
Password:
ฺ q av SunOS
u s e
h i d
Oracle Corporation
t o 5.11 11.2 June 2014
i ( sha ense
root@s11-server1:~#
TaskQ
v ic
1:aVerifying lthe System AI Requirements
a h id the following steps to verify the system requirements for the AI OS installation:
Perform
Sh 1. Determine the build number of the installed operating system.
root@s11-server1:~# cat /etc/release
Oracle Solaris 11.2 X86
Copyright (c) 1983, 2014, Oracle and/or its affiliates. All rights reserved.
Assembled 23 June 2014
2. Verify that the networking service is online and the operating system is configured with a
static IP address.
root@s11-server1:~# svcs network/physical:default
STATE STIME FMRI
online 5:37:12 svc:/network/physical:default
root@s11-server1:~# ipadm show-addr

ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok 192.168.0.112/24
lo0/v6 static ok ::1/128
net0/v6 addrconf ok fe80::a00:27ff:fe9c:83e1/10

Chapter 4 - Page 10
3. Verify that DNS is operational.
root@s11-server1:~# nslookup s11-server1
Server: 192.168.0.112
Address: 192.168.0.112#53
Address: 192.168.0.112
Task 2: Configuring the AI Server

After you have verified that the server meets the AI requirements, you are now ready to
configure the AI server. In this task, you configure the AI server to automatically install an
Oracle Solaris 11 desktop client using the AI default settings.
Note: Because you are not using the default IPS service, you will need to adjust the default
AI service accordingly.
ble
Perform the following steps to configure the AI server:
e r a
1. On the S11-Server1 virtual machine, enable the svc:/network/dns/multicast server
tra nsf
in the AI server.
n -
a no
root@s11-server1:~# svcadm enable svc:/network/dns/multicast:default
) h as ฺ
ฺae uide
root@s11-server1:~# svcs | grep dns
online
e t
5:37:22 svc:/network/dns/client:default
online
s ฺn nt G
5:37:48 svc:/network/dns/server:default
e
online
r at tude
2:05:45 svc:/network/dns/multicast:default
i
2. em his S
Create a directory for your AI server.
@
a
root@s11-server1:~# mkdir
q vi –pse/export/ai/basic_ai
t
3. Update the netmasks
h i dฺ file. to u
i ( sha ensevi /etc/netmasks
root@s11-server1:~#
v ic 255.255.255.0
Qa192.168.0.0l
...
d
h ahi
S root@s11-server1:~# getent netmasks 192.168.0.0
192.168.0.0 255.255.255.0
Note: DHCP requires that the network mask for the local subnet be configured in the
/etc/netmasks file.
4. Set the DHCP server to be managed by AI server with the following values:
• DHCP base IP address: 192.168.0.121
• DHCP IP address range: 20
root@s11-server1:~# installadm set-server –i 192.168.0.121 –c 20 –m
Creating DHCP server configuration file
Adding DHCP IP range: 192.168.0.121 [20]
Unable to determine a route for network 192.168.0.0. Setting the route
temporarily to 0.0.0.0; this should be changed to an appropriate value in the
DHCP configuration file. Please see dhcpd(8) for further information.
Warning: AI server will now manage DHCP
Changed Server
Enabling SMF service svc:/network/dhcp/server:ipv4

Chapter 4 - Page 11
root@s11-server1:~# svcs -a | grep dhcp
disabled Jul_09 svc:/network/dhcp/server:ipv6
disabled Jul_09 svc:/network/dhcp/relay:ipv6
disabled 6:43:27 svc:/network/dhcp/relay:ipv4
online 1:43:31 svc:/network/dhcp/server:ipv4
5. Use the installadm create-service command to create an AI service based on the
following information:
• Service name: basic_ai
• AI ISO image location: /opt/ora/iso/sol-11_2-ai-x86.iso
• Target directory: /export/ai/basic_ai
root@s11-server1:~# installadm create-service -n basic_ai \
-s /opt/ora/iso/sol-11_2-ai-x86.iso -d /export/ai/basic_ai
0% : Creating service from: /opt/ora/iso/sol-11_2-ai-x86.iso
ble
33% : Transferring contents
e r a
nsf
33% : Creating i386 service: basic_ai
33% : Image path: /export/ai/basic_ai
-tr a
33% : Setting "solaris" publisher URL in default manifest to:
n o n
33% : http://s11-server1.mydomain.com/
s a
) a
33% : SMF Service ‘svc:/system/install/server:default’ will be enabled
h eฺ
e
33% : SMF Service ‘svc:/network/tftp/udp6:default’ will be enabled
tฺa Guid
33% : Creating default-i386 alias
n e
t e sฺ ent
33% :
ira Stud
http://s11-server1.mydomain.com/
m
e his
33% : Setting the default PXE bootfile(s) in the local DHCP configuration to:
@
33% : i
v se t
bios clients (arch 00:00): default-i386/boot/grub/pxegrub2
a
33% : q
dฺ to u
uefi clients (arch 00:07): default-i386/boot/grub/grub2netx64.efi
i
33% :
h
( sha ense
33% : SMF Service ‘svc:/system/install/server:default’ will be enabled
i
Q av lic
33% : SMF Service ‘svc:/network/tftp/udp6:default’ will be enabled
i d 100% : Created Service: 'basic_ai'
ah 100% : Refreshing SMF service svc:/network/tftp/udp6:default

Sh 100% : Refreshing SMF service svc:/system/install/server:default
100% : Restarting SMF service svc:/network/dhcp/server:ipv4
100% : Enabling SMF Service ‘svc:/system/install/server:default’
100% : Enabling SMF Service ‘svc:/network/tftp/udp6:default’
100% : Service 'basic_ai' has been added to the mDNS registry
100% : Service 'default-i386' has been added to the mDNS registry
Note: You can remove an AI service and associated clients by using the installadm
delete-service -r svcname command.
6. Use the installadm list command to verify that your AI service is installed.
root@s11-server1:~# installadm list
Service Name Status Arch Type Secure Alias Aliases Clients Profiles Manifests
------------ ------ ---- ---- ------ ----- ------- ------- -------- ---------
basic_ai on i386 iso no no 1 0 0 1
default-i386 on i386 iso no yes 0 0 0 1

Chapter 4 - Page 12
7. Use the installadm create-client command to add the client MAC addresses for
the S11-Client1 and S11-Client2 virtual machines to the basic_ai service. To obtain the
MAC address, in the VirtualBox Manager:
a. Go to VirtualBox Manager.
b. Select S11-Client1 or S11-Client2.
c. Click Settings on the menu bar of the VirtualBox Manager.
d. In the Settings dialog box, select Network in the left pane.

e. In the Network tab, under Adapter 1, expand Advanced section to view the MAC
address.
Make a note of the MAC address. You will be using it frequently in this practice.
f. Close the S11-Client1 Settings window.
root@s11-server1:~# installadm create-client -e 08:00:27:85:C7:D1 -n basic_ai
Adding host entry for 08:00:27:85:C7:D1 to local DHCP configuration.
ble
Created Client: '08:00:27:85:C7:D1'
e r a
Restarting SMF service svc:/network/dhcp/server:ipv4
a nsf
root@s11-server1:~# installadm create-client -e 08:00:27:85:C7:D3 -n basic_ai
o n -tr
a
Adding host entry for 08:00:27:85:C7:D3 to local DHCP configuration. n
a
h eฺ
Created Client: '08:00:27:85:C7:D3's
e )
tฺatheG idwas added to AI server
e u
8. Use the installadm list –c command to verify n that
sฺ ent client
basic_ai. t e
ra -cStud
m ilist
@ e Arch
root@s11-server1:~# installadm
h isSecure Custom Args Custom Grub
i
Service Name Client Address
t
av use ---- ------ ----------- -----------
ฺ q
------------ --------------
d
i08:00:27:85:C7:D1
basic_ai
a h e to i386 no no no
i ( sh ens 08:00:27:85:C7:D3 i386 no no no

9. Create
Q licto store your manifest files.
va directory
aroot@s11-server1:~#
h i d mkdir –p /var/tmp/manifests
a Note: Do not place manifest copies under the service directory that was created by the
Sh installadm utility. The service directory structure is private to installadm and must not
be used for storage by users.
10. Copy the default manifest file to the /var/tmp/manifests/basic_ai.xml file.
root@s11-server1:~# cp \
/export/ai/basic_ai/auto_install/manifest/default.xml \
/var/tmp/manifests/basic_ai.xml
11. Modify the /var/tmp/manifests/basic_ai.xml file XML tag elements by using the
following:
• Change
<ai_instance name="default">
to
<ai_instance name="basic_ai" auto_reboot="true" >
• Change
<origin name="http://pkg.oracle.com/solaris/release"/>

Chapter 4 - Page 13
to
<origin name="http://s11-server1.mydomain.com"/>
• Change:
<name>pkg:/group/system/solaris-large-server</name>
to
<name>pkg:/group/system/solaris-small-server</name>
12. Use the diff command to view the differences between the basic_ai.xml file and the
default.xml file.
root@s11-server1:~# diff /var/tmp/manifests/basic_ai.xml \
/export/ai/basic_ai/auto_install/manifest/default.xml
9c9
< <ai_instance name="basic_ai" auto_reboot="true">
---
ble
> <ai_instance name="default">
e r a
nsf
72c72
< <origin name="http://s11-server1.mydomain.com"/>
-tra
---
n o n
>
a
<origin name="http://pkg.oracle.com/solaris/release"/>
s
90c90
) a
h eฺ
< e
tฺa Guid
<name>pkg:/group/system/solaris-small-server</name>
---
n e
>
e sฺ ent
<name>pkg:/group/system/solaris-large-server</name>
t
ira Snamed
13. Create a MAC address–based criteria manifest
m t ud criteria_basic_ai.xml in the
/var/tmp/manifests directory.eUse theis
Client1 and S11-Client2 in v i
the @
same e t h MACorder
sequential
addresses of the network clients S11-
to avoid any error.
q a s
i dฺ vito/var/tmp/manifests/criteria_basic_ai.xml
root@s11-server1:~#
h
u
i ( sha ename="mac">
n se
<ai_criteria_manifest>
av <range>lic
<ai_criteria
id Q
a h 08:00:27:85:C7:D1
Sh 08:00:27:85:C7:D3
</range>
</ai_criteria>
</ai_criteria_manifest>
Note: If the AI client does not match the criteria for a service (in this case, a specific MAC
address), the AI service will use the default manifest when installing the OS.
14. Add the manifest_demo manifest and criteria manifest to the basic_ai service.
root@s11-server1:~# installadm create-manifest -n basic_ai \
-f /var/tmp/manifests/basic_ai.xml \
-C /var/tmp/manifests/criteria_basic_ai.xml
Created Manifest: 'basic_ai'
When a custom AI manifest (basic_ai.xml in this example) is defined for this install
service and the client matches the criteria that have been specified (in the
criteria_basic_ai.xml file) for the custom AI manifest, the client will use that
manifest. In a case where the client characteristics match multiple AI manifests, the client
characteristics are evaluated in the order of mac, ipv4, platform, arch, cpu, and mem.

Chapter 4 - Page 14
If the client does not match the criteria for any custom AI manifest, the client uses the
default AI manifest.
15. Use the installadm list –m command to verify that your manifests have been added
to the basic_ai service.
root@s11-server1:~# installadm list -m
Service Name Manifest Name Type Status Criteria
------------ ------------- ---- ------ --------

basic_ai basic_ai xml active mac = 08:00:27:85:C7:D1 -
08:00:27:85:C7:D3
orig_default derived default none
default-i386 orig_default derived default none
Task 3: Deploying the OS to a Network Client

ble
After you have completed AI server configuration, it is time to test your work by deploying the
e r a
Oracle Solaris 11 operating system to a network client. This practice will be an example of
a nsf
performing a text installation over the network.
Perform the following steps to deploy the OS to a network client: o n -tr
1. Verify that the S11-Server1 VM is running. a n
a s
h eฺ
2. In the VirtualBox Manager, start the S11-Client1VM. This will boot the S11-Client1 virtual
e )
n e tฺa Guid
machine. If the AI server is configured correctly, you should see the OS installation begin.
t e sฺ ent
After you click the Start button, a Select start-up disk dialog box might appear for you to
select a virtual optical disk. You may click the Cancel button to proceed.
m ira Stud
Note: If the S11-Client1 virtual machine fails to boot with a “No bootable medium found”
@ e his
a i
error, change the virtual machine adapter. To change the adapter type, open the Oracle VM
v se t
VirtualBox Manager, select the S11-Client1 virtual machine, and click Settings. In the
i q
dฺ to u
Settings dialog box, select Network and click Advanced under Adapter 1. Select another
h
i ( sha ense
from the Adapter Type menu. Restart the S11-Client1 virtual machine.
av lic
3. When the S11-Client1 system starts the GNU GRUB menu, select the Oracle Solaris
Q
11.2 Text Installer and command line boot option.
i d
ah
Sh

Chapter 4 - Page 15
Note:
• When you choose the “default” boot option, the interactive system configuration menus
you used during the “Text Install” practice will be available to you during this OS
installation. Also, the IPS server is not used.
• The OS installation will take a while to complete.
4. During the OS installation process, use the configuration data that follows to complete the
Text installation.
Note: The Text installer program directs you to press F2 or ESC+2 to move to the next step
in the installation process. If pressing ESC + 2 does not work, try pressing F2.
• Installation menu: Install Oracle Solaris
• Discovery Selection: Local Disks
• Disks: Default option
• GPT Partitions: Use the entire disk
ble
• Computer name: s11-client1 e r a
• Network configuration: Automatically a nsf
• Time zone: Use your local region o n -tr
• Language: Use your local language a n
a s
h eฺ
• )
Date and time: Set to current date and time
•
e
tฺa Guid
Keyboard: Use your local keyboard
n e
t e sฺ ent
• User account:
m ira Stud
− Your real name: oracle @ e his
a i
v se t
i q
dฺ to u
h
sha ehas
− Password: e
oracle1
(
5. After thei installation n scompleted, reboot (by pressing F8) the S11-Client1 virtual
a v
machine. l ic
i d Q
h ah7. VerifyS11-Client1
6. After completes the initial boot, log in as the oracle user and su to root.
S that the S11-Client1 virtual machine network configuration is set up correctly.
root@s11-client1:~# ipadm show-addr
lo0/v4 static ok 127.0.0.1/8
net0/v4 dhcp ok 192.168.0.121/24
net1/v4 dhcp ok 192.168.0.122/24
net2/v4 dhcp ok 192.168.56.105/24
net2/v6 addrconf ok fe80::a00:27ff:fe87:a490/10
root@s11-client1:~# ping 192.168.0.112

192.168.0.112 is alive
8. Shut down (power off) the S11-Client1 virtual machine.
9. Open the VirtualBox Manager window.
10. Verify that the S11-Server1 virtual machine is running.

Chapter 4 - Page 16
11. From VirtualBox Manager, start the S11-Client2 VM. This will boot the S11-Client2 VM. If
the AI server is configured correctly, you should see the OS installation begin.
After you click the Start button, a Select start-up disk dialog box might appear for you to
select a virtual optical disk. You may click the Cancel button to proceed.
11.2 Automated Install boot option.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
Note:
a i
v se t
• When you choose
i q
dฺOS installation.
this u the interactive system configuration is not available
boot option,
a
to you duringh this e t o IPS is used during the OS installation.
h
(s installation s
n will take a while to complete.
• Thei OS
v l i c e
•Qa The message traffic indicates that the IPS server is providing the installation packages.
i d
h ah 13. Note the disk activity icon in the IPS server (S11-Server1) virtual machine window.
S
Green indicates a read operation is being performed.

14. After the installation has completed, reboot (by pressing F8) the S11-Client2 virtual
machine.
15. The SCI tool will be invoked during the OS startup. Enter the following system configuration
information:
Note: It may take some time to display the SCI tool.
• Computer Name: s11-client2
• Network configuration: Automatically
• Time zone: Use your local region

Chapter 4 - Page 17
• Date and time: Set to current date and time
• User account:
− Your real name: oracle
• Support registration: Default options
• Support: Network Configuration: Default (no proxy)
16. After S11-Client2 completes the initial boot, log in as the oracle user and use su to root.
17. Verify that the S11-Client2 virtual machine network configuration is set up correctly.
root@s11-client2:~# ipadm show-addr
ble
e r a
nsf
lo0/v4 static ok 127.0.0.1/8
-tra
net0/v4
net1/v4
dhcp
dhcp
ok
ok
192.168.0.124/24
192.168.0.123/24 n o n
s a
lo0/v6
net0/v6
static
) a
ok
h eฺ
addrconf ok
::1/128
fe80::a00:27ff:fe85:c7d3/10
net1/v6 e
tฺa Guid
addrconf ok fe80::a00:27ff:fe85:c7d4/10
n e
t e sฺ ent
ira Stud
root@s11-client2:~# ping 192.168.0.112
192.168.0.112 is alive
m
e virtual is machine.
i @
18. Shut down (power off) the S11-Client2 t h
ฺ q av use
a h id to
sh ens e
i (
Q av lic
a h id
Sh

Chapter 4 - Page 18
Practice 4-4: Configuring Oracle Solaris 11 Instances
Overview
After the Oracle Solaris 11 operating system is installed, the instance must be configured with
attributes such as host name, IP address, naming services, and user credentials. The
sysconfig utility is the interface for configuring, reconfiguring, and unconfiguring the Solaris
instance. A Solaris instance is defined as a boot environment in either a global or a nonglobal

zone.
There are three operations that are performed using the sysconfig utility:
• Unconfiguration
• Configuration
• System configuration (SC) profile creation
During this practice, you work with the sysconfig utility to unconfigure and configure Solaris
ble
11 images, and create SC profiles.
e r a
a nsf
Task 1: Unconfigure an Oracle Solaris 11 Image
Perform the following steps to unconfigure a configured Solaris 11 image: o n -tr
a n
a s
1. Verify whether the S11-Server1 VM is running. If not, start it now using user ID oracle and
h eฺ
)
password oracle1. Then, assume the root role using password as oracle1.
e
n e tฺa Guid
2. Open the Oracle VM VirtualBox Manager and start the S11-Client1 VM.
3. Determine the current host name and IP address.
t e sฺ ent
root@s11-client1:~# hostname
m ira Stud
s11-client1
@ e his
a i
v se t
i
root@s11-client1:~#
d ฺ q ipadm ushow-addr
ADDROBJ a h e t o
( s h n sTYPE STATE ADDR
a v i
lo0/v4
net0/v4 l i c e static
dhcp
ok
ok
127.0.0.1/8
192.168.0.121/24
i d Q net1/v4 dhcp ok 192.168.0.122/24

ah
Sh
net2/v4 dhcp ok 192.168.56.105/24
net2/v6 addrconf ok fe80::a00:27ff:fe87:a490/10
Note: The default network interface is net0.

4. Use the sysconfig utility to return the Oracle Solaris 11 to an unconfigured (pristine)
state.
Note: After running the sysconfig command, wait for a few minutes for the prompt to
return.
root@s11-client1:~# sysconfig unconfigure
This program will unconfigure your system.
Do you want to continue (yes/[no])? yes

...
...
...
Unconfiguration could place the system in an undesirable state
See smf(5) for layer information.

Chapter 4 - Page 19
Please wait while services are unconfigured. This may take a few moments...
root@s11-client1:~# <Press Enter key>
Enter user name for system maintenance (control-d to bypass): root

Enter root password (control-d to bypass): solaris

single-user privilege assigned to root on /dev/console.
Entering System Maintenance Mode
...
root@unknown:~#
Note: The prompt displayed after entering the system maintenance mode could differ from
what is shown in the preceding output.
ble
e r a
root@unknown:~# ipadm show-addr
a nsf
o n -tr
lo0/v4 static ok
a
127.0.0.1/8
n
lo0/v6
net2/v4
static
dhcp
ok
a
h eฺ
disabled
s ::1/128
?
e )
tฺa Guid
net2/v6 addrconf disabled ::
n e
sฺ ent
net0/v4 dhcp disabled ?
net1/v4
t e dhcp disabled ?
6. Determine if the default user account m oracle ud
ira stillSexists.
t
root@unknown:~# logins @
e his
a i
v se t
| grep oracle
root@unknown:~#
i q
dฺ a pristine usystem. The next time the system is booted, the System
At this point, youhhave
a will be t o
Configuration
( shTool e n serun. System Configuration Tool helps you establish a new system
v i
configuration.
a lic
Q
7. d Reboot the system.
h a i
h root@unknown:~# init 6
S ...
...
8. When the System Configuration Tool is available, use the following properties to configure
the system:
Note: The System Configuration Tool may direct you to press F2 or ESC + 2 to move to the
next step in the installation process. If pressing F2 does not work, try pressing ESC + 2.
• Host name: s11-client1
− Network Interface: net0 (e1000g0)
− IP Address: 192.168.0.142

Chapter 4 - Page 20
• Date and time: Set to current date and time

• User account:
SC profile successfully generated as:
/etc/svc/profile/sysconfig/sysconfig-20140711-055510/sc_profile.xml
ble
e r a
Exiting System Configuration Tool. Log is available at:
a nsf
/system/volatile/sysconfig/sysconfig.log.224
o n -tr
Hostname: s11-client1
a n
a s
h eฺ
s11-client1 console login:
e )
a use usuidto root.
9. Log in to virtual machine S11-Client1 as user oracletฺand
ฺ n e t G
e s n
root@s11-client1:~# hostname
i r at tude
s11-client1
@ em his S
q a vi show-addr
s e t
h i dฺ TYPEto uSTATE
root@s11-client1:~# ipadm
ADDROBJ
lo0/v4sh
a s e ADDR
v i ( c e n static ok 127.0.0.1/8
Q anet0/v4 li static ok 192.168.0.142/24
h i d net0/v6
h a addrconf ok fe80::a00:27ff:fe85:c7d1/10
S
Task 2: Configure the Oracle Solaris 11 Image Using a System Configuration
Profile
The sysconfig utility can be used to generate a system configuration (SC) profile using the
create-profile subcommand. The resulting XML profile can later be used with the
sysconfig configure command to configure systems non-interactively. Valid SC profile
names must include a .xml extension.
Perform the following steps to configure the Oracle Solaris 11 image using an SC profile:
1. On the S11-Client1 virtual machine, create an SC profile.
root@s11-client1:~# sysconfig create-profile -o /var/tmp/iloves11_profile
Use the following system configuration attributes while creating the SC profile:
• Host name: iloves11
− IP Address: 192.168.0.143

Chapter 4 - Page 21

• User account:
− Your real name: oracle2
− Username: oracle2
− Password: oracle2 ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 22
The System Configuration Summary should look similar to the following:
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ SCtoprofile.
u
h
sha ensecd /var/tmp
2. Explore the newly created
i (
lic
root@s11-client1:~#
Q av
a h id root@s11-client1:/var/tmp# more iloves11_profile/sc_profile.xml
Sh <?xml version='1.0' encoding='US-ASCII'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/identity">
<instance enabled="true" name="node">
<property_group type="application" name="config">
<propval type="astring" name="nodename" value="iloves11"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="network/install">
<instance enabled="true" name="default">
root@s11-client1:/var/tmp#

Chapter 4 - Page 23
3. Use the iloves11_profile/sc_profile.xml profile to reconfigure the system.
Note: After running the sysconfig command, wait for a few minutes for the prompt to
return.
root@s11-client1:/var/tmp# sysconfig configure -c
/var/tmp/iloves11_profile/sc_profile.xml
This program will re-configure your system.

Please wait while services are unconfigured. This may take a few moments...
root@s11-client:/var/tmp# <Press Enter key>
...
iloves11 console login:
4. Log in to the system as user oracle2 with password oracle2 and su to root with
password oracle2.
bl e
Task 3: Set the Host Name, Time Zone, and Naming Service
fe r a
The primary repository for all naming services configuration is the SMF repository. You cann suse
n - tra
the SMF utilities such as svccfg, svcprop, and svcadm to set and modify any configuration
parameter for the host name and a naming service.
n o
Perform the following steps to reconfigure the host name, time zone, and a
s naming service:
h a
1. On the S11-Client1 virtual machine, change the host name )to client6. ฺ
ฺ a e i d e
ฺ n et t Gusetprop
root@iloves11:~# svccfg -s svc:/system/identity:node
config/nodename=client6
t e s e n
a
iridentity:node d
root@iloves11:~# svcadm refresh svc:/system/identity:node
tu
root@iloves11:~# svcadm restart
e m s S
...
Hostname: client6 av
i@ e thi
i q
dฺiloves11
t o us rpcbind terminating on signal.
h
Jul 10 23:51:10 rpcbind:
...
i ( sha ense
avPress Enter
Note:
Q licif the prompt does not return.
a h id root@iloves11:~# exit
Sh logout
oracle@iloves11:~$ exit
logout
client6 console login: oracle2

Password: oracle2
oracle@client6:~$ su -
Password: oracle2
root@client6:~#
2. On the S11-Client1 virtual machine, change the time zone to US/Central.
root@client6:~# svccfg -s timezone:default \
setprop timezone/localtime=US/Central
root@client6:~# svcadm refresh timezone:default
root@client6:~# date
Fri Jul 11 01:53:51 CDT 2014

Chapter 4 - Page 24
3. On the S11-Client1 virtual machine, configure the DNS naming service using these
properties.
• Nameserver address: 192.168.0.112
• DNS search: mydomain.com
root@client6:~# svccfg
svc:> select dns/client

svc:/network/dns/client> setprop config/search=mydomain.com
svc:/network/dns/client> setprop config/nameserver=192.168.0.112
svc:/network/dns/client> select dns/client:default
svc:/network/dns/client:default> refresh
svc:/network/dns/client:default> select name-service/switch
svc:/system/name-service/switch> setprop config/host="files dns"
svc:/system/name-service/switch> select system/name-service/switch:default
svc:/system/name-service/switch:default> refresh
ble
svc:/system/name-service/switch:default> validate
e r a
svc:/system/name-service/switch:default> exit
a nsf
root@client6:~# svcadm enable dns/client
o n -tr
root@client6:~# svcadm refresh name-service/switch
a n
root@client6:~# grep host /etc/nsswitch.conf
a s
h eฺ
hosts: files dns
e )
root@client6:~# tail -4 /etc/resolv.conf e
n tฺa Guid
# See resolv.conf(4) for details. es
ฺ n t
t
ira Stud e
m
e his
search mydomain.com
i @
v se t
nameserver
a
192.168.0.112
q
h i dฺnslookup
t o u
a se
sh192.168.0.112
root@client6:~# s11-server1
i ( e n
lic
Server:
v
aAddress:
i d Q 192.168.0.112#53
ah
Sh Name: s11-server1.mydomain.com
Address: 192.168.0.112
root@client6:~#
4. Power off the S11-Client1 virtual machine.

Chapter 4 - Page 25
Practice 4-5: Customizing the Automated Installation
Overview
Automatic Installation allows you to customize your Oracle Solaris 11 installations by adding
system configuration (SC) profiles. SC profiles are used to customize the system attributes such
as host name, IP address, naming services, and use credentials of the AI clients.
Task 1: Customizing an AI Service

Now that you have AI working, you are ready to customize the AI service. In this task, you
configure the AI server to automatically install an Oracle Solaris 11 desktop client using the AI
custom system configuration profile.
Perform the following steps on S11-Server1 VM to customize the AI service:
1. Disable the basic_ai AI service and show the results.
bl e
fe r a
Service Name Status Arch Type Secure
s
Alias Aliases Clients Profiles Manifests
n
tr2a
------------ ------ ---- ---- ------
----- ------- ------- -------- ---------
basic_ai on i386 iso no no 1 2 0
n -
0 no
default-i386 on i386 iso no yes 0 0
a 1
) h as ฺ
ฺae uide
root@s11-server1:~# installadm set-service –D –n basic_ai
Changed Server Status Service: 'basic_ai'
e t
s ฺn nt G
Refreshing SMF service svc:/system/install/server:default
e
i r at tude
em his Alias
root@s11-server1:~# installadm
@
list S Aliases Clients Profiles Manifests
vi ----
Service Name Status Arch
------------ ------a----
q s e t
Type Secure
dฺ i386 u ------ ----- ------- ------- -------- ---------

basic_ai
a h i
off
t o iso no no 1 2 0 2
sh ens
default-i386 on ei386 iso no yes 0 0 0 1
i (
2.
Qa
Remove lic AI service and show the results.
v the basic_ai
d
ahi
root@s11-server1:~# installadm delete-service -r basic_ai
Sh WARNING: The service you are deleting, or a dependent alias, is the

alias for the default i386 service. Without the 'default-i386'
service, i386 clients will fail to boot unless explicitly assigned to
a service using the create-client subcommand.
Are you sure you want to delete this alias? [y|N]: y
Removing this service's bootfile(s) from local DHCP configuration
Deleted Service: 'default-i386'
Removing host entry '08:00:27:85:C7:D1' from local DHCP configuration.
Removing host entry '08:00:27:85:C7:D3' from local DHCP configuration.
Warning: mDNS registry of service basic_ai could not be verified.
Deleted Service: 'basic_ai'
Refreshing SMF service svc:/system/install/server:default

There are no services configured on this server.

Chapter 4 - Page 26
Note: The output might differ.
3. Create a directory for the custom AI service.
root@s11-server1:~# mkdir –p /export/ai/custom_ai
4. Use the installadm create-service command to create another AI service based on

the following information:
• Service name: custom_ai

• AI ISO image location: /opt/ora/iso/sol-11_2-ai-x86.iso
• Target directory: /export/ai/custom_ai
root@s11-server1:~# installadm create-service -n custom_ai \
-s /opt/ora/iso/sol-11_2-ai-x86.iso -d /export/ai/custom_ai
0% : Creating service from: /opt/ora/iso/sol-11_2-ai-x86.iso
33% : Transferring contents
33% : Creating i386 service: custom_ai
ble
33% : Image path: /export/ai/custom_ai
e r a
ansf
o n -tr
33% : Creating default-i386 alias
a n
a
h eฺs
e )
tฺa Guid
33% : Setting the default PXE bootfile(s) in the local DHCP configuration to:
33% :
n e
bios clients (arch 00:00): default-i386/boot/grub/pxegrub2
t
33% :
e sฺ ent
uefi clients (arch 00:07): default-i386/boot/grub/grub2netx64.efi
m ira Stud
33% :
@ e his
100% : Created Service: 'custom_ai'
a i
v se t 100% : Refreshing SMF service svc:/system/install/server:default
i q
dฺ to u 100% : Restarting SMF service svc:/network/dhcp/server:ipv4
h
sha ense
100% : Service 'custom_ai' has been added to the mDNS registry
i ( 100% : Service 'default-i386' has been added to the mDNS registry
5. Use
Q lic list command to verify that your AI service is installed.
athev installadm
a h id root@s11-server1:~# installadm list
Sh Service Name Status Arch Type Secure Alias Aliases Clients Profiles Manifests
------------ ------ ---- ---- ------ ----- ------- ------- -------- ---------
custom_ai on i386 iso no no 1 0 0 1
6. Use the installadm create-client command to add the MAC address of S11-Client3
VM to the custom_ai service.
root@s11-server1:~# installadm create-client -e 08:00:27:85:C7:D5 -n custom_ai
7. Use the installadm list –c command to verify that the client was added to AI server
custom_ai.
root@s11-server1:~# installadm list -c
Service Name Client Address Arch Secure Custom Args Custom Grub
------------ -------------- ---- ------ ----------- -----------
custom_ai 08:00:27:85:C7:D5 i386 no no no

Chapter 4 - Page 27
8. Copy the /var/tmp/manifests/basic_ai.xml file to the
/var/tmp/manifests/custom_ai.xml file.
root@s11-server1:~# cp /var/tmp/manifests/basic_ai.xml \
/var/tmp/manifests/custom_ai.xml
9. Modify the /var/tmp/manifests/custom_ai.xml file XML tag elements such that it

reflects the following detail:
• AI instance name (ai_instance name): custom_ai

10. Use the diff command to view the differences between the custom_ai.xml file and the
basic_ai.xml file.
root@s11-server1:~# diff /var/tmp/manifests/custom_ai.xml \
/var/tmp/manifests/basic_ai.xml
9c9
< <ai_instance name="custom_ai" auto_reboot="true">
ble
---
e r a
> <ai_instance name="basic_ai" auto_reboot="true">
a nsf
11. Create a MAC address–based criteria manifest named criteria_custom_ai.xml in the
/var/tmp/manifests directory. Use the MAC addresses of the network client S11- o n -tr
Client3. a n
a
h eฺ s
)
root@s11-server1:~# vi /var/tmp/manifests/criteria_custom_ai.xml
e
n e tฺa Guid
<ai_criteria name="mac">
t e sฺ ent
ira Stud
<value>
08:00:27:85:C7:D5
m
e his
</value>
</ai_criteria> av
i @ e t
q
dฺ to u s
h i
haclient does
Note: If thesAI
( n senot match the criteria for a service (in this case, a specific MAC
i e
c will use the default manifest when installing the OS.
v the AIliservice
address),
a
id the results. 12. Q
Add the custom_ai manifest and criteria manifest to the custom_ai service and show
a h
Sh root@s11-server1:~# installadm create-manifest –n custom_ai \
-f /var/tmp/manifests/custom_ai.xml \
–C /var/tmp/manifests/criteria_custom_ai.xml
Created Manifest: ‘custom_ai’
root@s11-server1:~# installadm list -c -m

------------ -------------- ---- ------ ----------- -----------
------------ ------------- ---- ------ --------
custom_ai custom_ai xml active mac = 08:00:27:85:C7:D5

Chapter 4 - Page 28
13. Use the sysconfig utility to create a profile for S11-Client3:
root@s11-server1:~# sysconfig create-profile \
-o /var/tmp/manifests/client3_profile
Use the following properties while creating the profile for S11-Client3:

− IP Address: 192.168.0.144
ble
e r a
a nsf
• Local: Territory: Use your local territory
o n -tr
• Keyboard: Use your local keyboard a n
• Root password: oracle1 a s
h eฺ
e )
• User account:
n e tฺa Guid
t e sฺ ent
m ira Stud
− Password: oracle1 @e h is
i
avDefault e t
• q
Support registration:
ฺ u soptions
• h id Configuration:
Support: Network
a to Default (no proxy)
h s e
v i (s icen
Q a l
i d
ah
Sh

Chapter 4 - Page 29
Note: The sysconfig create-profile utility launches a system configuration tool
similar to the System Configuration Tool you used during the Text installation in
Practice 4-1.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 30
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i ฺ
dtheq u
a
14. View the contentshof t o
S11-Client3
e profile.
h s
(s icen more /var/tmp/manifests/client3_profile/sc_profile.xml
v i
root@s11-server1:~#
l
a<?xml version='1.0'
i d Q encoding='UTF-8'?>
a h <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
Sh 

<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/identity">
<instance enabled="true" name="node">
<propval type="astring" name="nodename" value="s11-client3"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="network/install">
<property_group type="application" name="install_ipv6_interface">
<propval type="astring" name="stateful" value="yes"/>
<propval type="astring" name="address_type" value="addrconf"/>
<propval type="astring" name="name" value="net0/v6"/>
<propval type="astring" name="stateless" value="yes"/>
</property_group>
<property_group type="application" name="install_ipv4_interface">

Chapter 4 - Page 31
<propval type="net_address_v4" name="static_address"
value="192.168.0.144/24"/>
<propval type="astring" name="name" value="net0/v4"/>
<propval type="astring" name="address_type" value="static"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="network/physical">
<property_group type="application" name="netcfg">
<propval type="astring" name="active_ncp" value="DefaultFixed"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/name-service/switch">
ble
e r a
<propval type="astring" name="default" value="files"/>
a nsf
<propval type="astring" name="host" value="files dns"/>
o n -tr
</property_group>
a n
<instance enabled="true" name="default"/>
a s
h eฺ
</service>
e )
n e tฺa Guid
<service version="1" type="service" name="network/dns/client">
sฺ ent
t e
<property type="net_address" name="nameserver">
m
<net_address_list> ira Stud
@ e his
<value_node value="192.168.0.112"/>
a i
v se t
</net_address_list>
i q
dฺ to u
</property>
h
sha ense
<property type="astring" name="search">
i (
lic
<astring_list>
Q av <value_node value="mydomain.com"/>
i d
ah
</astring_list>
Sh </property>
</property_group>
</service>
<service version="1" type="service" name="system/name-service/cache">
</service>
<service version="1" type="service" name="system/keymap">
<property_group type="application" name="keymap">
<propval type="astring" name="layout" value="US-English"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/environment">
<instance enabled="true" name="init">
<property_group type="application" name="environment">
<propval type="astring" name="LANG" value="en_US.UTF-8"/>

Chapter 4 - Page 32
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/timezone">
<property_group type="application" name="timezone">
<propval type="astring" name="localtime" value="US/Pacific"/>

</property_group>
</instance>
</service>
<service version="1" type="service" name="system/config-user">
<property_group type="application" name="root_account">
<propval type="astring" name="type" value="role"/>
<propval type="astring" name="login" value="root"/>
ble
e r a
nsf
<propval type="astring" name="password"
value="$5$tojgJh1/$aiar2510EovNtw
PXjP8Kbg03HUU898qK3AZjDnUI/6/"/>
-tra
</property_group>
n o n
s a
<property_group type="application" name="user_account">
) a
h eฺ
<propval type="astring" name="roles" value="root"/>
e
tฺa Guid
<propval type="astring" name="shell" value="/usr/bin/bash"/>
n e
sฺ ent
<propval type="astring" name="login" value="oracle"/>
t e
<propval type="astring" name="password"
ira Stud
value="$5$8Opso2ip$dLraJuYovRCoST
m
e his
w43169/Pguv.GmxqdUfuSMcCpAfi9"/>
@
a i
v se t
<propval type="astring" name="type" value="normal"/>
q
dฺ to u
<propval type="astring" name="sudoers" value="ALL=(ALL) ALL"/>
i
h
sha ense
<propval type="count" name="gid" value="10"/>
i ( <propval type="astring" name="description" value="oracle"/>
Q av lic
<propval type="astring" name="profiles" value="System Administrator"/>
i d </property_group>
ah
Sh
</instance>
</service>
<service version="1" type="service" name="system/fm/asr-notify">
<property_group type="application" name="autoreg">
<propval type="astring" name="user" value="anonymous@oracle.com"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/ocm">
<property_group type="application" name="reg">
<propval type="astring" name="user" value="anonymous@oracle.com"/>
</property_group>
</instance>
</service>
</service_bundle>

Chapter 4 - Page 33
15. Add the system configuration profile manifest to custom_ai service and show the results.
root@s11-server1:~# installadm create-profile –n custom_ai \
-f /var/tmp/manifests/client3_profile/sc_profile.xml \
–p client3_profile -C /var/tmp/manifests/criteria_custom_ai.xml
Created Profile: 'client3_profile'
root@s11-server1:~# installadm list -p -n custom_ai

Service Name Profile Name Criteria
------------ ------------ --------
custom_ai client3_profile mac = 08:00:27:85:C7:D5
16. Validate the system configuration profile.
root@s11-server1:~# installadm validate -n custom_ai -p client3_profile
Validating static profile client3_profile...
Passed
ble
root@s11-server1:~#
e r a
Task 2: Deploying the OS to a Network Client a nsf
After you have completed AI server configuration, it is time to test your work by deploying the o n -tr
Oracle Solaris 11 operating system to a network client. a n
a s
h eฺ
Perform the following steps to deploy the OS to a network client:
e )
n e tฺa Guid
t e sฺ ent
2. In the VirtualBox Manager, start the S11-Client3 VM. If the AI server is configured correctly,
you should see the OS installation begin in the VM.
m ira Stud
After you click Start, a Select start-up disk dialog box might appear for you to select a
@ e his
a i
virtual optical disk. You may click Cancel to proceed.
v se t
Note: Perform the next step as soon as possible.
i q
dฺ to u
h
i ( sha ense
av
Note:
Q lic
i d • When you choose this boot option, the interactive system configuration is not available
ah
Sh •
to you during this OS installation. IPS is used during the OS installation.
The message traffic indicates that the IPS server is providing the installation package.
When the AI installation completes, you should see messages similar to these.
• The installation takes some time to complete.
4. After the OS installation is complete, reboot from the hard disk and log in as oracle.
Check the system configuration to verify that the OS is configured according to the profile.
5. Shut down and power off the S11-Client3 virtual machine.

Chapter 4 - Page 34
Practice 4-6: Deploying a System by Using an Oracle Solaris Unified
Archive Through Automated Installer
Overview
You can use Oracle Solaris Automated Installer feature to deploy a system using Solaris Unified
Archives. Once an archive is created, you can store the archive as a file until it is needed.
Deployment scenarios include system recovery and system migration, as well as system
cloning.
Note:
• For this training, a Solaris Unified Archive is already been created for you. The
archive file can be found in the /opt/ora/labs directory of the S11-Server1 virtual
machine.
• Ensure that you successfully complete Practice 4-5: Customizing the Automated e
Installation before proceeding with the current practice.
r a bl
e
Task 1: Creating an Oracle Solaris Unified Archive File
t ra nsf
n -
server’s web directory for universal access: a no to the AI
In this task, you create a recovery archive of a source host and copy the archive
h
1. Create a recovery archive of a source host by using the archiveadm
) as ฺcommand:
Note: Do not run this command in the lab. For thisttraining
e u ide the step of creating
ฺae purpose,
s ฺn nfor
the archive on a test system has already been performed t Gyou.
e
Initializing Unified Archivem irat -rS
root@test-system:# archiveadm create
ude
/opt/ora/labs/ra-allzones.uar
t
@ e /opt/ora/labs/ra-allzones.uar
creation
h is
resources...
i
Unified Archive initialized:
av use t
ฺ q
Logging to: /system/volatile/archive_log.12516
Dataset h a hid discovery...

Executing dataset
e to
( s install n
discovery
e scomplete
i
v creation
aMedia
Creating c
li complete
media for zone(s)...
Q
d Preparing archive system image...
ahi
Sh Beginning archive stream creation...
Archive stream creation complete
Beginning final archive assembly...
Archive creation complete
2. View the recovery archive information:
root@s11-server1:# archiveadm info /opt/ora/labs/ra-allzones.uar
Archive Information
Creation Time: 2014-06-23T10:45:59Z
Source Host: solaris-text
Architecture: i386
Operating System: Oracle Solaris 11.2 X86
Deployable Systems: global
root@s11-server1:# archiveadm info -v /opt/ora/labs/ra-allzones.uar

Archive Information
Creation Time: 2014-06-23T10:45:59Z
Source Host: solaris-text

Chapter 4 - Page 35
Architecture: i386
Operating System: Oracle Solaris 11.2 X86
Recovery Archive: Yes
Unique ID: 133f97aa-7021-4717-f7b3-e8313d489f9c
Archive Version: 1.0
Deployable Systems
'global'
OS Version: 0.5.11
OS Branch: 0.175.2.0.0.37.0
Active BE: be-wireshark
Brand: solaris
Zones: zone11,zone12
Size Needed: 13.3GB
Unique ID: b7c504b3-7a7a-679c-a113-cc377cec2d59
ble
e r a
nsf
AI Media: 0.175.2_ai_i386.iso
Root-only: Yes
-tr a
n o n
In the preceding output, observe that the ra-allzones.uar archive contains a global
a
zone and two nonglobal zones. a s
h eฺ
3. e )
Copy the ra-allzones.uar recovery archive file to the AI server, such that it could be
e tฺa Guid
accessed from the target host during automated installation process:
n
t e sฺ ent
root@s11-server1:# mkdir -p /var/ai/image-server/images/archives
m ira Stud
@ e install/server:default
root@s11-server1:# svccfg -s
h is = archives \
i
av use t
setprop all_services/webserver_files_dir
ฺ q
id svcadm
a h
root@s11-server1:#
e to refresh install/server:default
i ( sh ens
v lic
aroot@s11-server1:# cp /opt/ora/labs/ra-allzones.uar \
ah4. id Q /var/ai/image-server/images/archives/
Verify the access to the recovery archive from a browser on the S11-Desktop VM by using
Sh the following URL:
http://192.168.0.112:5555/archives/
Task 2: Configure an AI Manifest and Profile for the Client

In this task, you configure the AI server to automatically install an Oracle Solaris 11 client by
using the AI custom system configuration profile.
Perform the following steps on S11-Server1 VM to customize the custom_ai AI service:
1. Use the installadm list command to verify that your custom_ai AI service is already
installed and configured.
Service Name Status Arch Type Secure Alias Aliases Clients Profiles Manifests
------------ ------ ---- ---- ------ ----- ------- ------- -------- ---------
custom_ai on i386 iso no no 1 1 1 2

Chapter 4 - Page 36
2. Use the installadm create-client command to add the MAC address of S11-Client4
VM to the custom_ai service.
root@s11-server1:~# installadm create-client -e 08:00:27:85:C7:D7 -n custom_ai
3. Use the installadm list –c command to verify that the client was added to AI server
custom_ai.
root@s11-server1:~# installadm list -c
------------ -------------- ---- ------ ----------- -----------
08:00:27:85:C7:D7 i386 no no no
4. Copy the default archive manifest file to the /var/tmp/manifests/archive_ai.xml ble

e r a
nsf
file to create a custom manifest file for using the unified archive file.
root@s11-server1:~# cp \
-tra
/export/ai/custom_ai/auto_install/manifest/default_archive.xml
n o n\
a
/var/tmp/manifests/archive_ai.xml
s
5. a
Modify the /var/tmp/manifests/archive_ai.xml file XML tag elements such that it
) h eฺ
e
reflects the following details:
tฺa Guid
n e
• AI instance name (ai_instance name): custom_ai
t e sฺ ent
m
allzones.uar, where 192.168.0.112 t udIP address of the AI server.
• Archive File URI (file uri): http://192.168.0.112:5554/archives/ra-
ira isSthe
@ e his
a v i e t
6. View the contents of the /var/tmp/manifests/archive_ai.xml manifest file:
i
<?xml version="1.0"
t o us
dฺq encoding="UTF-8"?>
h
sha ense

Sh 
<!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1">
<auto_install>
<ai_instance name="custom_ai">
<target>
<logical>
<zpool name="rpool" is_root="true">

<filesystem name="export" mountpoint="/export"/>
<filesystem name="export/home"/>
</zpool>
</logical>
ble
e r a
nsf
</target>
<software type="ARCHIVE">
-tra
<source>


<file uri="http://192.168.0.112:5555/archives/ra-allzones.uar"/>
</source>
<software_data action="install">

<name>*</name>
</software_data>

Chapter 4 - Page 38
</software>
</ai_instance>
</auto_install>
7. Use the diff command to view the differences between the archive_ai.xml file and
the default_archive.xml file.
root@s11-server1:~# diff /var/tmp/manifests/archive_ai.xml \

/export/ai/custom_ai/auto_install/manifest/default_archive.xml
13c13
< <ai_instance name="custom_ai">
---
> <ai_instance name="default">
60,63c60
< 
e r a
< <file uri="http://192.168.0.112:5555/archives/ra-allzones.uar"/>
a nsf
8. Create a MAC address–based criteria manifest by updating the
o n -tr
criteria_archive_ai.xml available in the /var/tmp/manifests directory. Use the
a n
MAC addresses of the network client S11-Client4.
a
h eฺ s
e )
root@s11-server1:~# vi /var/tmp/manifests/criteria_archive_ai.xml
n e tฺa Guid
<ai_criteria name="mac">
t e sฺ ent
ira Stud
<value>
08:00:27:85:C7:D7 m
e his
</value>
</ai_criteria> av
i @ e t
q
dฺ to u s
h i
haclient does
Note: If thesAI
( n senot match the criteria for a service (in this case, a specific MAC
i e
c will use the default manifest when installing the OS.
v the AIliservice
address),
id the results. 9. Qa
Add the custom_ai manifest and criteria manifest to the custom_ai service and show
a h
Sh root@s11-server1:~# installadm create-manifest -m archive_ai \
-n custom_ai \
-f /var/tmp/manifests/archive_ai.xml \
-C /var/tmp/manifests/criteria_archive_ai.xml
Created Manifest: ‘archive_ai’
root@s11-server1:~# installadm list -c -m

------------ -------------- ---- ------ ----------- -----------
08:00:27:85:C7:D7 i386 no no no
------------ ------------- ---- ------ --------
custom_ai archive_ai xml active mac = 08:00:27:85:C7:D7
custom_ai xml active mac = 08:00:27:85:C7:D5

Chapter 4 - Page 39
10. Use the sysconfig utility to create a profile for S11-Client4:
root@s11-server1:~# sysconfig create-profile \
-o /var/tmp/manifests/client4_profile
Use the following properties when creating a profile for S11-Client4:

− IP Address: 192.168.0.145
ble
• Time zone: Use your local region e r a
• Language: Use your local language a nsf
• Local: Territory: Use your local territory
o n -tr
• Keyboard: Use your local keyboard a n
• Root password: oracle1 a s
h eฺ
e )
• User account:
n e tฺa Guid
t e sฺ ent
m ira Stud
− Password: oracle1 i@e h is
avDefault e t
• ฺ q
Support registration: u soptions
• a h id Configuration:
Support: Network to Default (no proxy)
s h n s e
(
Q avi lice
i d
ah
Sh

Chapter 4 - Page 40
Note: The sysconfig create-profile utility launches a system configuration tool
similar to the System Configuration Tool you used during the Text installation in
Practice 4-1.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 41
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
q
idฺ toprofile
u
h h
11. Add the systemaconfiguration
e manifest to custom_ai service and show the results.
( s n s
a i ice installadm create-profile –n custom_ai
-fv /var/tmp/manifests/client4_profile/sc_profile.xml
root@s11-server1:~#
l
\
Q
id Created Profile: 'client4_profile'
–p client4_profile -C /var/tmp/manifests/criteria_archive_ai.xml
\
a h
Sh
root@s11-server1:~# installadm list -p -n custom_ai
Service Name Profile Name Criteria
------------ ------------ --------
custom_ai client3_profile mac = 08:00:27:85:C7:D5
client4_profile mac = 08:00:27:85:C7:D7
12. Validate the system configuration profile.
root@s11-server1:~# installadm validate -n custom_ai -p client4_profile
Validating static profile client4_profile...
Passed
root@s11-server1:~#

Chapter 4 - Page 42
Task 3: Deploying the OS to a Network Client
Oracle Solaris 11 operating system to a network client.
Perform the following steps to deploy the OS to a network client:
2. In the VirtualBox Manager, start the S11-Client4 VM. If the AI server is configured correctly,
you should see the OS installation begin in the VM.

Note: Perform the next step as soon as possible.
Note:
• When you choose this boot option, the interactive system configuration is not available
to you during this OS installation. The specified Oracle Solaris Unified Archive file is
ble
used during the OS installation.
e r a
• The archive-based installation takes about 20-30 minutes to complete.
a nsf
4. After the OS installation is complete, reboot from the hard disk.
o n -tr
In the GRUB menu, select the be-wireshark-recovery option, as shown in the
a n
following image: a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Note: If you are working inside an Oracle VM VirtualBox environment, after the system
reboots completely, you will need to uninstall and then reinstall the Oracle Solaris Guest
Additions software to get rid of all the warning and error messages that are shown in the
s11-client4 console.
5. Log in as oracle user and switch to the root role. The password for both is oracle1.
6. Check the system configuration to verify that the various OS configurations, such as
hostname, IP addresses of the host and zones are same as the source system that you
used to create the recovery archive.
7. Shut down and power off the S11-Client4 virtual machine.

Chapter 4 - Page 43
Practice 4-7: Testing Your Skills and Knowledge
Overview
step-by-step guide.
Note: This practice is optional. Check with your instructor to determine if you have enough
time available to complete this practice. If you begin this practice and run out of time, set
this practice aside and return to it if time permits.
Task 1: Remove an AI Service

Perform the following tasks on the S11-Server1 VM:
ble
1. Determine the name of the current AI service. e r a
2. Remove the current AI service from the system. a nsf
o n -tr
Task 2: Manage the Boot Environment
a n
a s
Perform the following task on the S11-Server1 VM:
h eฺ
e )
Add a new AI service to the system using these AI service configuration properties:
• AI service name: my_ai n e tฺa Guid
t e sฺ ent
ira Stud
• Source AI ISO image: /opt/ora/iso/sol-11_2-ai-x86.iso
m
• Target directory: /export/ai/my_ai
@ e his
i
avAI Service
e t
Task 3: Add a Client toฺq the u s
d on thetS11-Server1
Perform the following a h i
task o VM:
s h n s e
(
Add a client ito the my_ai
v i ce AI service using these properties:
a l
•Q Client virtual machine: S11-Client5
i d
h ah • Client MAC address: 08:00:27:85:C7:D9
S
Task 4: Create a Manifest for the New AI Service
Create a manifest for the my_ai service by using the manifest configuration properties:
• AI instance name (ai_instance name): my_ai
• Auto-reboot (auto_reboot): true
• IPS origin URI: http://s11-server1.mydomain.com
• IPS package: solaris-small-server
• Criteria: MAC address 08:00:27:85:C7:D9
Task 5: Create a System Configuration Profile for the AI Client

Create a system configuration profile for AI client S11-Client5 using the manifest configuration
properties:

Chapter 4 - Page 44
• Network type: Manually
• IPv4 interface name: net0
• Static IP address: 192.168.0.146
• Default route: None
• DNS Name Service: Configure DNS.
• DNS Server Addresses: 192.168.0.112

• DNS Search List: mydomain.com
• Alternate name Service: None
• Time zone: Choose your local time zone.
• Your real name: oracle1
• Username: oracle ble
e r a
• User password: oracle1
a nsf
Task 6: Install the Oracle Solaris 11 OS on the AI Client o n -tr
a
n
a s
h eฺ
Oracle Solaris 11 operating system to the network client. Open the Oracle VM VirtualBox
e )
Manager and start the S11-Client5 VM. Monitor the installation of the Oracle Solaris 11 OS on
the network client.
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 45
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 4 - Page 46
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Oracle ฺ a
etSolaris i d
u11 Network
s ฺ n n t G
aAdministration
t e d e
e mir Enhancements
i s S tu
v i @ e thChapter
ฺ q a us 5
a h id to
sh ens e
i (
Q av lic
i d
ah
Sh
Practices for Lesson 5: Oracle Solaris 11 Network Administration Enhancements

Chapter 5 - Page 1
Practices Overview
The practices of this lesson introduce you to the important new networking features found in
Oracle Solaris 11. These practices provide guided, hands-on experience in working with these
new features. During the practices, you apply network administration best practices applicable
to the Oracle Solaris 11 operating system.

The key areas explored in these practices are:
• Managing reactive profiles
• Exploring the capabilities of the ipadm utility
• Configuring network virtualization features
• Configuring link aggregation
• Creating IPMP configurations ble
e r a
nsf
• Configuring a network bridge
• Monitoring the network
-tra
n o n
s a
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 2
Practice 5-1: Managing Reactive Network Configuration
Overview
Reactive network configuration simplifies basic network configuration by automatically
addressing basic Ethernet and WiFi configurations. The basic network configuration includes
connecting to wired or wireless network at startup and displaying notifications about the status
of your currently active network connection from the desktop. Reactive or automatic network
configuration also simplifies some of the more complex networking tasks, such as the creation
and management of system-wide network profiles, for example, the configuration of naming
services, IP Filter, and IP Security (IPsec), all of which are features of Oracle Solaris. The key
components of reactive network are the Network Profiles, which allow you to specify various
network configurations to be created depending on the current network conditions.
In this practice, you perform the following tasks:
• Assess the current reactive network configuration.
ble
• Create and deploy a profile. e r a
tra nsf
-
Task 1: Assess the Current Reactive Network Configuration Profile
n
Note: For Reactive Network to configure the host’s network interface automatically,
a no DHCP
h a s 11 OS by Using the
service must be available. In the practice titled “Installing the Oracle Solaris
Automated Installer” (Practice 4-3), you configured DHCP by using
e ) the ฺ
installadm
e utility.
Perform the following steps to configure a Reactive Network
e tฺaprofile: u id
1. Verify that the S11-Server1 is running. If the VM n n G
sฺis noterunning,
t start it at this time.
t e
2. Start the S11-Desktop VM and log in with
m irathe user
S t uIDdoracle and password oracle1.
3. Minimize the S11-Server1 VM andeperformis the remaining steps in S11-Desktop VM.
i @ t h
ฺ q av use
a h id to
sh ens e
i (
Q av lic
a h id
Sh

Chapter 5 - Page 3
4. Click the Network Preferences icon to determine which NCPs and network interfaces
(NCUs) are currently enabled by Reactive Network.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
ha nNetwork
5. Click OK tosclose the
( e se Preferences window.
i c and su to root.
ava terminalliwindow
6 OpenQ
7.id Display the current network configuration for this system.
h
a
Sh root@s11-desktop:~# ipadm show-addr
lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok 192.168.0.111/24
8. List all available networking profiles and their current states.

root@s11-desktop:~# netadm list
TYPE PROFILE STATE
ncp Automatic disabled
ncp DefaultFixed disabled
ncp start_state online
ncu:phys net0 online
ncu:ip net0 online
loc Automatic offline
loc NoNet offline
loc User disabled

Chapter 5 - Page 4
loc DefaultFixed offline
loc aces online
9. List the Automatic NCP.

root@s11-desktop:~# netadm list Automatic
TYPE PROFILE STATE
ncp Automatic disabled

loc Automatic offline
10. List the DefaultFixed profile.

root@s11-desktop:~# netadm list DefaultFixed
TYPE PROFILE STATE
ncp DefaultFixed disabled
loc DefaultFixed offline
11. List the start_state profile. e

r a bl
root@s11-desktop:~# netadm list start_state
e
TYPE PROFILE STATE
a nsf
ncp start_state online
o n -tr
ncu:phys net0
a
online
n
ncu:ip net0
a s
h eฺ
online
12. List the reactive network location profiles.
e )
root@s11-desktop:~# netadm list -p loc
n e tฺa Guid
TYPE PROFILE STATE
t e sฺ ent
loc Automatic
ira Stud
offline
m
loc NoNet
@ edisabled
offline
h is
loc User
i
av uoffline
e t
loc
ฺ q
DefaultFixed s
loc
a h id
aces to online
e
h andnips network configuration units (NCUs) in the active network
sphys
i (
13. Lists all the
v profiles ice (NCPs).
a
configuration l
Q root@s11-desktop:~# netadm list -c phys
i d
h ah TYPE PROFILE STATE
S ncu:phys net0 online
root@s11-desktop:~# netadm list -c ip

TYPE PROFILE STATE
ncu:ip net0 online
14. List all profiles and their auxiliary states.
root@s11-desktop:~# netadm list -x
TYPE PROFILE STATE AUXILIARY STATE
ncp Automatic disabled disabled by administrator
ncp DefaultFixed disabled disabled by administrator
ncp start_state online active
ncu:phys net0 online interface/link is up
ncu:ip net0 online interface/link is up
loc Automatic offline conditions for activation are unmet
loc NoNet offline conditions for activation are unmet
loc User disabled disabled by administrator

Chapter 5 - Page 5
loc DefaultFixed offline conditions for activation are unmet
loc aces online active
15. Use the netcfg export command to create backups of the start_state and aces
profiles.
root@s11-desktop:~# netcfg export -f start_state_ncp_backup ncp start_state
root@s11-desktop:~# netcfg export -f aces_loc_backup loc aces
root@s11-desktop:~# ls *backup
aces_loc_backup start_state_ncp_backup
16. Use the netcfg utility to select the start_state profile and list its NCUs.
root@s11-desktop:~# netcfg
netcfg> select ncp start_state
netcfg:ncp:start_state> list ble
e r a
nsf
ncp:start_state
management-type reactive
-tra
NCUs:
n o n
phys net0
s a
ip net0
) a
h eฺ
17. Select the phys NCU and display its properties. e
tฺa Guid
netcfg:ncp:start_state:ncu:net0> list sฺ
netcfg:ncp:start_state> select ncu phys net0
n e t
t e e n
ncu:net0
m ira Stud
type
@ e his
link
class
a i phys
t
v "start_state"
e
parent
q
dฺ to utrue s
h i
activation-mode manual
sha ense
enabled
i (
netcfg:ncp:start_state:ncu:net0>
c
end
avthe ip NCU
18. Select
Q li and display its properties.
a h id netcfg:ncp:start_state> select ncu ip net0
Sh netcfg:ncp:start_state:ncu:net0> list
ncu:net0
type interface
class ip
parent "start_state"
enabled true
ip-version ipv4
ipv4-addrsrc static
ipv4-addr "192.168.0.111/24"
netcfg:ncp:start_state:ncu:net0> end
netcfg:ncp:start_state> end
netcfg>

Chapter 5 - Page 6
19. Select the aces location profile and list its properties.
netcfg> select loc aces
netcfg:loc:aces> list
loc:aces
enabled true
nameservices dns
nameservices-config-file "/etc/nsswitch.dns"
dns-nameservice-configsrc manual
dns-nameservice-domain "mydomain.com"
dns-nameservice-servers "192.168.0.112"
netcfg:loc:aces> end
netcfg> exit
root@s11-desktop:~#
ble
e r a
nsf
Task 2: Create and Deploy a Network Profile
Perform the following steps to configure a network profile:
-tra
1. Create an NCP named oracle_profile.
n o n
s a
root@s11-desktop:~# netcfg
) a
h eฺ
netcfg> create ncp oracle_profile
2. Create a phys NCU for data link net1.

e
tฺa Guid
n e
ฺ net1nt
netcfg:ncp:oracle_profile> create ncu s
r t e phys
a t... de
i
Created ncu 'net1'. Walking properties u
@ em his S
activation-mode (manual) [manual|prioritized]> manual
avi use t
mac-address> <Press Return>
autopush> <Pressฺq
mtu> <Press h
a id Return>
to
sh ens
Return>
e
v i (
netcfg:ncp:oracle_profile:ncu:net1>
c
list
Q ancu:net1 li
h i d type link
h a class phys
S parent "oracle_profile"
enabled true
netcfg:ncp:oracle_profile:ncu:net1> end
Committed changes
netcfg:ncp:oracle_profile> list
ncp:oracle_profile
management-type reactive
NCUs:
phys net1

Chapter 5 - Page 7
3. Create an ip NCU for data link net1.
netcfg:ncp:oracle_profile> create ncu ip net1
Created ncu 'net1'. Walking properties ...
ip-version (ipv4,ipv6) [ipv4|ipv6]> ipv4
ipv4-addrsrc [dhcp|static]> static
ipv4-addr> 192.168.0.111
ipv4-default-route> <Press Return>

netcfg:ncp:oracle_profile:ncu:net1> list
ncu:net1
type interface
class ip
parent "oracle_profile"
enabled true
ip-version ipv4
ble
ipv4-addrsrc static
e r a
nsf
ipv4-addr "192.168.0.111"
netcfg:ncp:oracle_profile:ncu:net1> verify
-tra
All properties verified
n o n
netcfg:ncp:oracle_profile:ncu:net1> commit
s a
Committed changes
) a
h eฺ
netcfg:ncp:oracle_profile:ncu:net1> end
e
tฺa Guid
e
netcfg:ncp:oracle_profile> list ncu ip net1
n
ncu:net1
t e sฺ ent
type
ira Stud
interface
m
class
@ e his
ip
parent
a i
v se t"oracle_profile"
enabled
i q
dฺ to u
true
h
ip-version ipv4
i ( sha ense
ipv4-addrsrc static
Q av lic
ipv4-addr "192.168.0.111"
i d netcfg:ncp:oracle_profile> end
ah netcfg>
Sh 4. Create a location (loc) NCP named classroom.
netcfg> create loc classroom
Created loc 'classroom'. Walking properties ...
activation-mode (manual) [manual|conditional-any|conditional-all]>
conditional-all
conditions> "system-domain is mydomain.com"
nameservices (dns) [dns|files|nis|ldap]> dns
nameservices-config-file ("/etc/nsswitch.dns")> <Press Return>
dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual
dns-nameservice-domain> "mydomain.com"
dns-nameservice-servers> "192.168.0.112"
dns-nameservice-search> <Press Return>
dns-nameservice-sortlist> <Press Return>
dns-nameservice-options> <Press Return>
nfsv4-domain> <Press Return>
ipfilter-config-file> <Press Return>
ipfilter-v6-config-file> <Press Return>

Chapter 5 - Page 8
ipnat-config-file> <Press Return>
ippool-config-file> <Press Return>
ike-config-file> <Press Return>
ikev2-config-file> <Press Return>
ipsecpolicy-config-file> <Press Return>
netcfg:loc:classroom> list
loc:classroom
activation-mode conditional-all
conditions "system-domain is mydomain.com"
enabled false
nameservices dns
nameservices-config-file "/etc/nsswitch.dns"
dns-nameservice-configsrc manual
dns-nameservice-domain "mydomain.com"
dns-nameservice-servers "192.168.0.112"
ble
e r a
nsf
netcfg:loc:classroom> verify
All properties verified
-tra
netcfg:loc:classroom> commit
Committed changes n o n
s a
netcfg:loc:classroom> end
netcfg> exit ) a
h eฺ
e
tฺathat exist iatdthe current scope.
5. Use the netcfg list command to display all profiles
n e G u
root@s11-desktop:~# netcfg list
t e sฺ ent
NCPs:
m ira Stud
Automatic
@ e his
DefaultFixed i
av use t
start_stateฺq
a h id to
oracle_profile
sh ens e
i (
Locations:
Q lic
av Automatic
h i d NoNet
h a User
S DefaultFixed
aces
classroom
6. Use the netcfg export command to create backups of your oracle_profile and
classroom profiles.
root@s11-desktop:~# netcfg export -f oracle_ncp_backup ncp oracle_profile
root@s11-desktop:~# netcfg export -f classroom_loc_backup loc classroom

Chapter 5 - Page 9
7. Destroy the classroom profile and show the results.
root@s11-desktop:~# netcfg destroy loc classroom

NCPs:
Automatic
DefaultFixed
start_state
oracle_profile
Locations:
Automatic
NoNet
User
DefaultFixed
ble
aces
e r a
8. Recover the classroom profile from your backup and show the results.
a nsf
root@s11-desktop:~# netcfg -f classroom_loc_backup
o n -tr
Configuration read.
a n
a s
h eฺ
e )
NCPs:
n e tฺa Guid
sฺ ent
Automatic
DefaultFixed
t e
start_state
m ira Stud
oracle_profile
@ e his
Locations:
a i
v se t
i
Automaticq
dฺ to u
h
sha ense
NoNet
i (
lic
User
Q av DefaultFixed
i d
ah
aces
Sh 9.
classroom
Use the netcfg enable command to enable classroom and oracle_profile

profiles.
root@s11-desktop:~# netadm enable classroom
Enabling loc 'classroom'
root@s11-desktop:~# netadm enable oracle_profile

Enabling ncp 'oracle_profile'
10. Reboot the system to verify that oracle_profile and classroom are the default
profiles.
root@s11-desktop:~# init 6
11. After the system reboots, log in as oracle and use su to root.

Chapter 5 - Page 10
12. Open the Network Preferences dialog box.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
ha interface
Note: The(snetwork e n se net1 is now connected to the network.
i lic to verify communication with a remote host.
athev ping command
13. Use
Q
a h id root@s11-desktop:~# ping s11-server1
Sh s11-server1 is alive
14. Shut down (power off) the S11-Desktop VM.

Chapter 5 - Page 11
Practice 5-2: Exploring the Capabilities of the ipadm Utility
Overview
The ipadm command provides a set of subcommands that you use to manage network
interfaces, IP addresses, and TCP/IP protocol properties. The ipadm utility replaces some of
the ifconfig command functionality for IP interface-related tasks.
Task
Perform the following steps in S11-Server1 VM to explore the capabilities of the ipadm utility:
1. Verify whether S11-Desktop VM is powered off.
2. Verify that S11-Server1 VM is running. If not, start the VM at this time with the user ID
oracle and password oracle1. su to root.
3. In the S11-Server1 system, run the dladm show-phys command to determine the state of
ble
the physical network interfaces currently configured in the system.
e r a
root@s11-server1:~# dladm show-phys
transf
LINK MEDIA STATE SPEED DUPLEX
n -DEVICE
net1 Ethernet
a
unknown 1000
no e1000g1
full
net2 Ethernet
a s
h eฺ
e1000g2 unknown 1000 full
net0 Ethernet
e ) e1000g0 up 1000 full
net3
e t ฺa uid
Ethernet e1000g3 unknown 1000 full
4. Run the dladm show-link command to determine

s ฺn thenstate
t Gof each network link
currently configured in the system.
r e
at tude
i
emMTUhis STATE
root@s11-server1:~# dladm show-link
@
S
LINK
a v i
CLASS
e t unknown OVER
net1
i d ฺq physo us 1500 unknown --
phys 1500
net2
a h e t --
net0 sh s phys
i ( c e n 1500 up --
Q av
net3
li phys 1500 unknown --
5.id Run the ipadm show-if command to show network interface configuration information.
a h
Sh root@s11-server1:~# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
net0 ip ok yes --
6. Rename link net1 to training1 and show the results.
root@s11-server1:~# dladm rename-link net1 training1

LINK MEDIA STATE SPEED DUPLEX DEVICE
training1 Ethernet unknown 1000 full e1000g1
net2 Ethernet unknown 1000 full e1000g2
net0 Ethernet up 1000 full e1000g0
net3 Ethernet unknown 1000 full e1000g3

Chapter 5 - Page 12
LINK CLASS MTU STATE OVER
training1 phys 1500 unknown --
net2 phys 1500 unknown --
net0 phys 1500 up --
7. Run the ipadm command to create an IP interface for link training1 and show the
results.
root@s11-server1:~# ipadm create-ip training1
root@s11-server1:~# ipadm show-if
net0 ip ok yes --
training1 ip down no --
ble
8. Run the ipadm command to create the static IPv4 address 192.168.0.150/24 on the
e r a
interface training1 and show the results.
a nsf
root@s11-server1:~# ipadm create-addr -T static –a \
o n -tr
192.168.0.150/24 training1/v4
a n
a s
ADDR ฺae
) h deฺ
ADDROBJ TYPE STATE
e t u i
lo0/v4 static ok n127.0.0.1/8
n G
sฺ 192.168.0.112/24
t
t e e
ud
a t192.168.0.150/24
net0/v4 static ok
ok ir
training1/v4 static
static e
m S
is ::1/128
lo0/v6
i @ ok
t h
net0/v6
ฺ q av uok
addrconf
s e fe80::a00:27ff:fe9c:83e1/10
h
9. Run the ipadm command
a id totshow o the current and persistent values of the IP address
shinterface
properties for
n s e
v i ( c e
training1.
Q li
aroot@s11-server1:~# ipadm show-addrprop training1/v4
h i d training1/v4 broadcast PERM

ADDROBJ PROPERTY CURRENT PERSISTENT DEFAULT POSSIBLE
h a r- 192.168.0.255 -- 192.168.0.255 --
S training1/v4 deprecated rw off -- off on,off
training1/v4 prefixlen rw 24 24 24 1-30,32
training1/v4 private rw off -- off on,off
training1/v4 reqhost r- -- -- -- --
training1/v4 transmit rw on -- on on,off
training1/v4 zone rw global -- global --
10. Run the ipadm command to show the interface properties for interface training1.
root@s11-server1:~# ipadm show-ifprop training1
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
training1 arp ipv4 rw on -- on on,off
training1 forwarding ipv4 rw off -- off on,off
training1 metric ipv4 rw 0 -- 0 --
training1 mtu ipv4 rw 1500 -- 1500 68-1500
training1 exchange_routes ipv4 rw on -- on on,off
training1 usesrc ipv4 rw none -- none --
training1 forwarding ipv6 rw off -- off on,off
training1 metric ipv6 rw 0 -- 0 --

Chapter 5 - Page 13
training1 mtu ipv6 rw 1500 -- 1500 1280-1500
training1 nud ipv6 rw on -- on on,off
training1 exchange_routes ipv6 rw on -- on on,off
training1 usesrc ipv6 rw none -- none --
training1 group ip rw -- -- -- --
training1 standby ip rw off -- off on,off
11. Run the ipadm command to show the TCP protocol properties.
root@s11-server1:~# ipadm show-prop tcp
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
tcp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
tcp ecn rw passive -- passive never,passive,
ble
e r a
nsf
active
tcp
tcp
extra_priv_ports
largest_anon_port
rw
rw
2049,4045
65535
--
--
2049,4045
65535
1-65535
-tr a
32768-65535
tcp max_buf rw 1048576 -- 1048576
n o n 128000-
1073741824
s a
tcp recv_buf
) a
h eฺ rw 128000 -- 128000 2048-1048576
tcp sack
e
tฺa Guid
rw active -- active never,passive,
n e active
tcp
t e sฺ ent
send_buf rw 49152 -- 49152 4096-1048576
ira Stud
tcp smallest_anon_port rw 32768 -- 32768 1024-65535
tcp
m smallest_nonpriv_port rw
e ipv4hforwarding
is
1024 -- 1024 1024-32768
v @
12. Run the ipadm command to ienable
e t and show the results.
root@s11-server1:~#
i d ฺqaipadm
o u s
set-prop -p forwarding=on ipv4
a h e t
( s h
root@s11-server1:~#
n s ipadm show-prop ip
av i li c e PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
id Q ipv4 forwarding rw on on off on,off
a h ipv4 ttl rw 255 -- 255 1-255
Sh ipv6
ipv6
forwarding
hoplimit
rw
rw
off
255
--
--
off
255
on,off
1-255
ipv6 hostmodel rw weak -- weak strong,
src-priority,
weak
ipv4 hostmodel rw weak -- weak strong,
src-priority,
weak
ip icmp_accept_clear rw on -- on on,off
ip igmp_accept_clear rw on -- on on,off
ip pim_accept_clear rw on -- on on,off
ip persock_require_priv rw on -- on on,off
ipv4 send_redirects rw on -- on on,off
ip ndp_unsolicit_count rw 3 -- 3 1-20
ip ndp_unsolicit_interval rw 2000 -- 2000 1000-20000
ip arp_publish_count rw 5 -- 5 1-20
ip arp_publish_interval rw 2000 -- 2000 1000-20000

Chapter 5 - Page 14
13. Run the ipadm command to disable ipv4 forwarding.
root@s11-server1:~# ipadm set-prop -p forwarding=off ipv4
14. Run the ipadm command to disable the training1 network interface and show the
results.
root@s11-server1:~# ipadm disable-if -t training1

net0 ip ok yes --
training1 ip disabled no --
Note: The -t option makes the operation temporary.

15. Verify that the IP address object for the training1 interface is also disabled.
ble
e r a
a nsf
lo0/v4 static ok 127.0.0.1/8
o n -tr
net0/v4 static ok
a
192.168.0.112/24
n
lo0/v6
net0/v6
static ok
addrconf ok a
h eฺ s ::1/128
fe80::a00:27ff:fe9c:83e1/10
e )
training1/v4
e tฺaresults.
static
id
disabled
u
192.168.0.150/24
n
sฺ ent
16. Delete the training1 network interface and show the G
t e
m ira Stud
root@s11-server1:~# ipadm delete-ip training1
@ e
show-ifhis
i
root@s11-server1:~# ipadm
v seACTIVE
CLASS aSTATE
t OVER
IFNAME
i q
dฺ okto u yes --
lo0
h
loopback
net0
i ( shaip enseok yes --
17. Rename
Q lic
av the training1 data link to net1 and show the results.
a h id root@s11-server1:~# dladm rename-link training1 net1

Sh root@s11-server1:~# dladm show-link

Chapter 5 - Page 15
Practice 5-3: Configuring Network Virtualization Features
Overview
Network virtualization is the process of combining hardware network resources and software
network resources into a single administrative unit. The goal of network virtualization is to
provide systems and users with efficient, controlled, and secure sharing of the networking
resources. The end product of network virtualization is the virtual network. An internal virtual
network consists of one system using Solaris zones that are configured over at least one
pseudo-network interface. These containers can communicate with each other as though on the
same local network, providing a virtual network on a single host. The building blocks of the
virtual network are virtual network interface cards or virtual NICs (VNICs) and virtual switches
(etherstubs). Oracle Solaris network virtualization provides the internal virtual network solution.
In this practice, you explore Oracle Solaris 11 network virtualization. To do this, you perform the
following key tasks:
ble
• Configure two zones on a private virtual network.
e r a
• Configure the virtual network for public access.
a nsf
• Secure the virtual network behind a firewall.
o n -tr
• Control network traffic flow. a n
a s
h eฺ
Note: You will learn more about Oracle Solaris Zones in the lesson 6 titled Administering
e )
Oracle Solaris 11 Zones.
e ฺa uid
tNetwork
Task 1: Configure Two Zones on a Private Virtual
s ฺ n n t G
The following illustration shows the topology of
r e
atthe virtual e that you create in this task:
dnetwork
i t u
@ em his S
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh

Chapter 5 - Page 16
Perform the following steps to configure two zones on a private virtual network:
1. Verify whether the S11-Server1 VM is running.
2. Verify that the IPS publisher is configured correctly and is operational.
root@s11-server1:~# pkg search entire

INDEX ACTION VALUE PACKAGE
...
...
pkg.fmri set solaris/entire pkg:/entire@0.5.11-0.175.2.0.0.42.0
3. Create the rpool/zones ZFS file system with the mount point as /zones.
ble
root@s11-server1:~# zfs create -o mountpoint=/zones rpool/zones
e r a
ansf
-tr
root@s11-server1:~# zfs list rpool/zones
NAME USED AVAIL REFER MOUNTPOINT
n o n
rpool/zones 31K 27.1G
a
31K /zones
s
4. a
Run the dladm utility to create an etherstub named stub0 and show the results.
h eฺ
root@s11-server1:~# dladm create-etherstub stub0e)
n e tฺa Guid
t e
root@s11-server1:~# dladm show-etherstub sฺ ent
LINK
m ira Stud
stub0
@ e his
a i
v vnic0,
5. Use the dladm utility to create e t
vnic1, and vnic2 VNICs. Attach these VNICs to
etherstub stub0. idฺ
q u s
h t o
( s ha nsedladm create-vnic -l stub0 vnic0
root@s11-server1:~#
a v i l i ce dladm create-vnic -l stub0 vnic1

root@s11-server1:~#
i d Q root@s11-server1:~# dladm create-vnic -l stub0 vnic2

h ah6. Show the results of the previous step.
S root@s11-server1:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VIDS
vnic0 stub0 40000 2:8:20:61:47:f6 random 0
vnic1 stub0 40000 2:8:20:81:e5:95 random 0
vnic2 stub0 40000 2:8:20:e9:10:18 random 0
7. Configure zone1 and display the results.

root@s11-server1:~# zonecfg -z zone1
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
create: Using system default template 'SYSdefault'
zonecfg:zone1> set zonepath=/zones/zone1
zonecfg:zone1> set autoboot=true
zonecfg:zone1> set ip-type=exclusive
zonecfg:zone1> add net
zonecfg:zone1:net> set physical=vnic1
zonecfg:zone1:net> end

Chapter 5 - Page 17
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit
root@s11-server1:~# zonecfg -z zone1 info | more

zonename: zone1
zonepath: /zones/zone1
brand: solaris
autoboot: true
autoshutdown: shutdown
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ble
e r a
nsf
ip-type: exclusive
hostid:
-tra
tenant:
fs-allowed: n o n
s a
net:
address not specified ) a
h eฺ
allowed-address not specified e
tฺa Guid
n e
t e sฺ ent
configure-allowed-address: true
ira Stud
physical: vnic1
m
defrouter not specified
e his
anet:
i @
v se t
q a
linkname: net0
h i dฺ to u
lower-link: auto
i ( sha ense
allowed-address not specified
Q av lic
i d
ah allowed-dhcp-cids not specified
Sh link-protection: mac-nospoof
mac-address: auto
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
pkey not specified
linkmode not specified

Chapter 5 - Page 18
evs not specified
vport not specified
8. Configure zone2 and display the results.

zonecfg:zone2> create
create: Using system default template 'SYSdefault'
ble
e r a
zonecfg:zone2> exit
a nsf
o n -tr
root@s11-server1:~# zonecfg -z zone2 info | more
a n
zonename: zone2
zonepath: /zones/zone2 a s
h eฺ
e )
tฺa Guid
brand: solaris
autoboot: true
n e
t e sฺ ent
bootargs:
m ira Stud
file-mac-profile:
@ e his
pool:
a i
v se t
limitpriv:
i q
dฺ to u
h
sha ense
scheduling-class:
i (
ip-type: exclusive
Q av
hostid: lic
i d tenant:
ah
Sh
fs-allowed:
net:
address not specified
physical: vnic2
anet:
linkname: net0
lower-link: auto
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: auto
mac-prefix not specified
mac-slot not specified

Chapter 5 - Page 19
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified

vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
pkey not specified
linkmode not specified
evs not specified
ble
e r a
nsf
vport not specified
9. Install zone1.
-tra
root@s11-server1:~# zoneadm -z zone1 install
n o n
The following ZFS file system(s) have been created:
s a
rpool/zones/zone1
) a
h eฺ
e
tฺa Guid
Progress being logged to /var/log/zones/zoneadm.20140713T123933Z.zone1.install
n
Image: Preparing at /zones/zone1/root.e
t e sฺ ent
ira Stud
Install Log: /system/volatile/install.3989/install_log
m
e his
AI Manifest: /tmp/manifest.xml.qbaiXh
@
a i
v se t
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
i ฺ q
dStarting
Zonename: zone1 u
h t o
sha ense
Installation: ...
i (
av Creating
Q ... lic IPS image
i d
ah
Sh
Startup linked: 1/1 done
Installing packages from:
solaris
origin: http://s11-server1.mydomain.com/
SPEED
Completed 282/282 53274/53274 351.9/351.9
323k/s
PHASE ITEMS
...
Installation: Succeeded

Chapter 5 - Page 20
Note: Man pages can be obtained by installing pkg:/system/manual
done.
Done: Installation completed in 1946.932 seconds.

Next Steps: Boot the zone, then log into the zone console (zlogin -C)
to complete the configuration process.
Log saved in non-global zone as

/zones/zone1/root/var/log/zones/zoneadm.20140713T123933Z.zone1.install
Note: This step normally takes several minutes to complete.
10. Boot zone zone1 and show the results. ble
e r a
root@s11-server1:~# zoneadm -z zone1 boot
a nsf
root@s11-server1:~# zoneadm list -cv
ID NAME STATUS PATH o n
BRAND
-tr IP
0 global running a / n
solaris shared
1 zone1 a
running s
h eฺ /zones/zone1 solaris excl
e )
tฺa Guid
- zone2 configured /zones/zone2 solaris excl
n
11. Log in to zone1 and complete the system configuration.e
root@s11-server1:~# zlogin -C zone1 te
sฺ ent
m ira Stud
e his
[Connected to zone 'zone1' console]
@
…
i
av use t
q
Use this configurationฺparameter:
id zone1to
• Computeraname:h e
• i (
Ethernetshnetwork e n sconfiguration: Manually
a v l i c
•Q Network Interface: vnic1
i d
h ah • IP Address: 192.168.1.170
S • DNS Name Service: Do not configure DNS.
• Alternate Name Service: None
• Time zone: Use your local region.
• Language: Use your local language.
• Territory: Use your local territory.
• User account:
• Your real name: oracle
Note: Wait for a few minutes before the sysconfig utility tool is displayed, and if the tool
is not displayed automatically, press Enter. When the tool is displayed, if the F2 and F3
keys are not working, press ESC+2 to navigate through the screens and ESC + 3 to go
back. If up and down arrow keys on the keyboard do not work, then use the TAB key.

Chapter 5 - Page 21
However, you need to be careful while using TAB. The options on the screen might look
confusing (appearing twice) and, therefore, read the options carefully as you press TAB.
When the system configuration is completed, log in to zone1 with the username oracle
and password oracle1, and use the ~. escape sequence to exit back to the global zone.
12. Install zone2.
root@s11-server1:~# zoneadm -z zone2 install

rpool/zones/zone2
Image: Preparing at /zones/zone2/root.

AI Manifest: /tmp/manifest.xml.zCaWQn
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
ble
Zonename: zone2
e r a
Installation: Starting ...
a nsf
o n -tr
a n
Creating IPS image
a
h eฺs
...
e )
n e tฺa Guid
sฺ ent
solaris
t e
ira Stud
m
DOWNLOAD
@ e his PKGS FILES XFER (MB)
SPEED i
av use t
Completed
i d ฺ q 282/282 53274/53274 351.9/351.9
746k/s
h t o
( s ha nse
v i
aPHASE l i ce ITEMS
i d Q Installing new actions 71043/71043
ah Updating package state database Done

Sh Updating package cache
Updating image state
0/0
Done
...
done.

Chapter 5 - Page 22
Note: This step normally takes several minutes to complete.
13. Boot zone zone2 and show the results.
root@s11-server1:~# zoneadm -z zone2 boot

ID NAME STATUS PATH BRAND IP
0 global running / solaris shared
1 zone1 running /zones/zone1 solaris excl
2 zone2 running /zones/zone2 solaris excl
14. Log in to zone2 and complete the sysid configuration.

root@s11-server1:~# zlogin -C zone2 ble
e r a
nsf
[Connected to zone 'zone2' console]
…
-tr a
Use this configuration parameter:
n o n
• Computer name: zone2
s a
• Network configuration: Manually ) a
h eฺ
• Network Interface: vnic2
e
tฺa Guid
n e
• IP Address: 192.168.1.171
t e sฺ ent
• DNS: Do not configure DNS.
m ira Stud
• Alternate Name Service:@ e his
None
a i
v se t
• Time zone: Use your
i ฺ q
dyour
local region
u
• h
Language: Use t
localo language
• ( shaUseeyour
Territory:
i n e territory
slocal
Q
• aRoot lic oracle1
v password:
i d
h • User account:
a
Sh • Your real name: oracle
Note: Wait for a few minutes before the sysconfig utility tool is displayed, and if the tool
is not displayed automatically, press Enter. Upon displaying the tool, if the F2 and F3 keys
are not working, press ESC+2 to move to the next screen and ESC+3 to go back. If up and
down arrow keys on the keyboard do not work, then use the TAB key. However, you need
to be careful while using TAB. The options on the screen might look confusing (appearing
twice) and hence, read the options carefully as you press TAB.
When the system configuration is completed, log in to the zone and use the ~. escape
sequence to exit back to the global zone.

Chapter 5 - Page 23
15. Log in to zone1 and use the ping command to verify that the virtual network connecting
zone1 and zone2 is operational.
root@s11-server1:~# zlogin zone1
root@zone1:~# ping 192.168.1.171
192.168.1.171 is alive
16. Use the ~. escape sequence to exit back to the global zone.
Task 2: Configure the Virtual Network for Public Access

Now that you have constructed a virtual network connecting two zones, you attach it to the
global zone by using vnic0 and then set up IPv4 forwarding to allow public access. The
following illustration shows the network topology that you build in this task.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
Perform the following steps to configure the virtual network for public access:
1. Use the dladm command to determine the VNICs that are currently configured in the
system.
root@s11-server1:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VIDS
vnic0 stub0 40000 2:8:20:61:47:f6 random 0
vnic1 stub0 40000 2:8:20:81:e5:95 random 0
zone1/vnic1 stub0 40000 2:8:20:81:e5:95 random 0
vnic2 stub0 40000 2:8:20:e9:10:18 random 0
zone2/vnic2 stub0 40000 2:8:20:e9:10:18 random 0
zone1/net0 net0 1000 2:8:20:8b:ba:ee random 0
zone2/net0 net0 1000 2:8:20:2c:24:7 random 0

Chapter 5 - Page 24
2. Create an IP interface for vnic0 and show the results.
root@s11-server1:~# ipadm create-ip vnic0

net0 ip ok yes --
vnic0 ip down no --
3. Run the ipadm command to create the static IPv4 address 192.168.1.148/24 on the
interface vnic0 and show the results.
root@s11-server1:~# ipadm create-addr -T static –a \
192.168.1.148/24 vnic0/v4

ble
e r a
lo0/v4 static ok 127.0.0.1/8
a nsf
net0/v4 static ok 192.168.0.112/24
o n -tr
vnic0/v4 static ok
a
192.168.1.148/24
n
lo0/v6
net0/v6
static ok
addrconf ok a
h eฺ s ::1/128
fe80::a00:27ff:fe9c:83e1/10
e )
4. Run the ipadm command to enable IPv4 forwarding tand
e ฺa show utheidresults.
s ฺ n
root@s11-server1:~# ipadm set-prop -p forwarding=on
n t Gipv4
r e
at ip tude
i
@ em
root@s11-server1:~# ipadm show-prop
h i s S
PROTO PROPERTY
ipv4 forwarding a
v i PERM
e t CURRENT PERSISTENT DEFAULT POSSIBLE
i d ฺq o usrw on on off on,off

ipv4 ttl
a h e t rw 255 -- 255 1-255
( s h
ipv6 forwarding
n s rw off -- off on,off
i
v hoplimit
aipv6 lic e rw 255 -- 255 1-255
i d Q ipv6 hostmodel rw weak -- weak strong,
h ah src-priority,
S ipv4 hostmodel rw weak -- weak
weak
strong,
src-priority,
weak
ip icmp_accept_clear rw on -- on on,off
ip igmp_accept_clear rw on -- on on,off
ip pim_accept_clear rw on -- on on,off
ip persock_require_priv rw on -- on on,off
ip ndp_unsolicit_count rw 3 -- 3 1-20
ip ndp_unsolicit_interval rw 2000 -- 2000 1000-20000
ip arp_publish_count rw 5 -- 5 1-20
ip arp_publish_interval rw 2000 -- 2000 1000-20000

Chapter 5 - Page 25
5. Boot the S11-Desktop system, log in to the S11-Desktop system, and use the ping
command to verify access to a nonglobal zone on the virtual network. Assume the root
role.
root@s11-desktop:~# ping 192.168.1.170
192.168.1.170 is alive
6. On the S11-Server1 virtual machine, log in to the zones in the virtual network and verify that
the zone can access a remote system.

root@s11-server1:~# zlogin zone1
...
root@zone1:~# ping 192.168.0.111
192.168.0.111 is alive
7. Use the ~. escape sequence to exit back to the global zone.
Task 3: Secure the Virtual Network Behind a Firewall bl e

Now that your virtual network can be accessed from remote systems, secure the virtual network feinr a
n s
this task. n - tra
by placing it behind a firewall. The following illustration shows the network topology you build
a no
) h as ฺ
e t ฺae uide
e s ฺn nt G
i r at tude
@ em his S
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh

Chapter 5 - Page 26
Perform the following steps to secure the virtual network behind a firewall:
1. Create an IP filter configuration file that blocks all outgoing and incoming traffic except for
outgoing ICMP (ping) packets.
root@s11-server1:~# vi /etc/ipf/ipf.conf
#
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
block out on net0 all
pass out quick on net0 proto icmp from any to any keep state
block in on net0 all
2. Enable IP filtering.
ble
e r a
nsf
root@s11-server1:~# ipf -E
3. Import the IP filter configuration from the IP filter configuration file.
-tra
root@s11-server1:~# ipf -f /etc/ipf/ipf.conf
n o n
4. Verify the IP filter configuration. s a
root@s11-server1:~# ipfstat -io
) a
h eฺ
block out on net0 all e
tฺa Guistate d
n e
sฺ ent
pass out quick on net0 proto icmp from any to any keep
t e
iracommand udto verify that the virtual network is
block in on net0 all
5. In the S11-Desktop system, use them

e his
ping S t
secure. i @
v se t
ฺ
root@s11-desktop:~# q a u
ping 192.168.1.170
h i d192.168.1.170
t o
shain the
no answer from
(
6. Log in to zone1 e n se network and verify that the zone can access a remote system.
virtual
v i lic
d Q zlogin zone1
ahi
...
Sh root@zone1:~# ping 192.168.0.111

192.168.0.111 is alive
7. Move back to the global zone.

Chapter 5 - Page 27
Task 4: Control Network Interface Data Flow
Now that you have some experience in working with virtual networks, consider controlling data
flow on a network interface. In this task, you create a policy for inbound HTTP traffic. You do
this by restricting HTTP data flow on vnic3.
Perform the steps on S11-Server1 VM to control virtual network data flow:
1. Display the status of the data links.

stub0 etherstub 9000 unknown --
vnic0 vnic 9000 up stub0
ble
e r a
nsf
vnic1 vnic 9000 up stub0
zone1/vnic1 vnic 9000 up stub0
-tra
vnic2
zone2/vnic2
vnic
vnic
9000
9000
up
up
stub0
stub0
n o n
zone1/net0 vnic
s a
1500 up net0
zone2/net0
)
vnic a
h eฺ 1500 up net0
e idHTTP data on vnic3.
tฺa to control
2. Create interface vnic3 and use the flowadm command
n e G
ฺ stub0 nvnic3 u
root@s11-server1:~# dladm create-vnic s
t e -l
e t
root@s11-server1:~# flowadm m
ira Stvnic3 ud
@ e http1 h i s
add-flow -l \
q a vi command
-a transport=tcp,local_port=80
s e t
in the system. ahi
dฺ to u
3. Use the flowadm show-flow to display the flow controls currently configured
i ( sh enseflowadm show-flow
root@s11-server1:~#
Q
v
aFLOW licLINK PROTO LADDR LPORT RADDR RPORT DSFLD
a h id http1 vnic3 tcp -- 80 -- -- --
Sh 4. Throttle HTTP traffic across the vnic3 VNIC to 100 Mb/s.

root@s11-server1:~# flowadm set-flowprop –p maxbw=100M http1
5. Set the priority on vnic3 to low.

root@s11-server1:~# dladm set-linkprop –p priority=low vnic3
6. Display the flow controls properties.
root@s11-server1:~# flowadm show-flowprop http1
FLOW PROPERTY PERM VALUE DEFAULT POSSIBLE
http1 maxbw rw 100 -- --
http1 priority rw medium medium low,medium,high
http1 hwflow r- off -- on,off
root@s11-server1:~# dladm show-linkprop –p priority vnic3

LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
vnic3 priority rw low low medium low,medium,high
Now, network interface vnic3 can be used to enforce the HTTP policy.

Chapter 5 - Page 28
Task 5: Remove the Virtual Network
In this task, you remove the zones and the virtual network from the system.
Perform the following steps on S11-Server1 VM to remove the virtual network:
1. Disable the IP filter.
root@s11-server1:~# ipf -D
root@s11-server1:~# ipfstat -io

empty list for ipfilter (out)
empty list for ipfilter (in)
2. Halt zones zone1 and zone2.

root@s11-server1:~# zoneadm –z zone1 halt
root@s11-server1:~# zoneadm –z zone2 halt
ble
root@s11-server1:~# zoneadm list –cv
IP e
r a
nsf
ID NAME STATUS PATH BRAND
0 global running /
t
solaris
- r ashared
- zone1 installed /zones/zone1
n on excl
solaris
- zone2 installed a/zones/zone2 solaris excl
3. Uninstall zones zone1 and zone2.

) h as ฺ
root@s11-server1:~# zoneadm -z zone1 uninstall
e t ฺ ae uide
Are you sure you want to uninstall zone n
s n t G y
ฺ zone1 (y/[n])?
Progress being logged to
r e
at tude
i
em his S
/var/log/zones/zoneadm.20140713T145826Z.zone1.uninstall
@
avi us-ze zone2
root@s11-server1:~# zoneadm
Are you sure youฺq
t uninstall
h i d o
want to uninstall
t
zone zone2 (y/[n])? y
ha logged
Progress being
( s n s e to
i zone1 iceand zone2.
/var/log/zones/zoneadm.20140713T145947Z.zone2.uninstall
a
4. Deletevzones l
i d Q root@s11-server1:~# zonecfg -z zone1 delete
h ah
S Are you sure you want to delete zone zone1 (y/[n])? y
root@s11-server1:~# zonecfg -z zone2 delete

Are you sure you want to delete zone zone2 (y/[n])? y
5. Display the current IP interfaces.
net0 ip ok yes --
vnic0 ip ok yes --
6. Remove the IP interface from data link vnic0 and show the results.
root@s11-server1:~# ipadm delete-ip vnic0
net0 ip ok yes --

Chapter 5 - Page 29
7. Check to see whether there are any flows associated with vnic3. If a flow is present,
remove it.
root@s11-server1:~# flowadm show-flow
FLOW LINK PROTO LADDR LPORT RADDR RPORT DSFLD
http1 vnic3 tcp -- 80 -- -- --
root@s11-server1:~# flowadm remove-flow –l vnic3

root@s11-server1:~# flowadm show-flow
root@s11-server1:~#
8. Remove all the VNIC data links from the system.
root@s11-server1:~# dladm delete-vnic vnic0
ble
9. Remove the etherstub from the system. e r a
a nsf
-tr
root@s11-server1:~# dladm delete-etherstub stub0
10. Display the remaining data links.
n o n
s a
LINK CLASS MTU
STATE OVER h a
) deฺ
unknown a --e
net1 phys
n t -- Gui
1500
e ฺ
sฺ e--nt
net2 phys 1500
unknown
net0
t
phys eup 1500
net3
m ira unknown
phys
S t ud --
1500
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 30
Practice 5-4: Configuring Elastic Virtual Switch (EVS)
Overview
Oracle Solaris Elastic virtual Switch (EVS) feature enables you to create and administer virtual
switches that span one or more compute nodes. The compute nodes are the physical machines
that hosts virtual machines connected to it from anywhere in the
In this demonstration, you will learn to set up two elastic virtual switches between two compute
nodes. The two compute nodes consists of two zones each and are configured to form two sets
of Layer 2 (L2) segments, such that only zones in a particular segment can communicate with
each other over a Virtual Local Area Network (VLAN).
Following are the tasks performed in this demonstration:
a. Install the mandatory EVS packages
b. Set up the SSH authentication
ble
c. Configure the EVS controller
e r a
d. Configure the EVS across compute nodes
a nsf
e. Configure compute nodes to use the EVS settings
o n -tr
f. Verify the EVS configuration
a n
a
h eฺs
Assumptions )
e
tฺabefore id the
Adobe Flash Player is already installed on the host machine
n e G u
executing
demonstration.
t e sฺ ent
Special note for playing the demo m ra virtual
in ithe t d
umachine:
• To be able to view demoi@ controls in h
S
e theisbrowser, it is recommended to switch to full
screen.
q a v se t
• To switch to h i dฺ mode
full-screen t o uin the browser window, select View > Full Screen.
( s ha nse
Task
a v i l ice
i d Q the following steps to run through the demonstration:
Perform
h ah1. On your host machine, open a terminal window.
S 2. Change to the /opt/ora/demo/Configuring_EVS directory.
# cd /opt/ora/demo/Configuring_EVS
# ls
Configuring_EVS_Demo.htm Configuring_EVS_Demo.swf standard.js
3. Open the Upgrading System Software Using IPS.htm file in a web browser.
# firefox Configuring_EVS_Demo.htm &
4. A browser window with the Flash demo is displayed.

Chapter 5 - Page 31
Practice 5-5: Configuring Link Aggregation
Overview
Link aggregation allows you to enhance the network availability and performance by combining
multiple network interfaces together to form an aggregation of those interfaces, which acts as a
single network interface with greatly enhanced availability and performance. When you
aggregate multiple network interfaces, you create a new network interface on top of the
aggregated physical interfaces combined in the link layer.
Link aggregation requires at least two network interfaces. The network interfaces must be
unplumbed before they can be aggregated. In this practice, you aggregate four network
interfaces on the S11-Server1 system as the persistent network interface.
Note: Link aggregation is not a new technology in Oracle Solaris 11. This practice was added
so that in the “Monitoring the Network” practice (Practice 5-7) you have more robust examples
to work with when using the dlstat command.
ble
e r a
Task
a nsf
Perform the following steps to configure a link aggregation:
o n -tr
1. Delete the IP interface for data link net0.
a n
a s
root@s11-server1:~# ipadm delete-ip net0
h eฺ
2. List the network links currently configured in the system. e)
n e tฺa Guid
sฺ eOVER t
LINK CLASS MTU eSTATE
t n
net1 phys
m 1500
S t ud --
ira unknown
phys e 1500 is unknown --
i@ e1500
net2
net0
a v
phys th unknown --
net3
i dฺq phys
t o us 1500 unknown --
a h
3. Create a linkh aggregation
(snet3, e n senamed speedway0 consisting of network interfaces net0, net1,
a i
net2,vand
l ic
and show the results.
i d Q root@s11-server1:~# dladm create-aggr -l net0 -l net1 \
h ah -l net2 -l net3 speedway0
S root@s11-server1:~# dladm show-link

speedway0 aggr 1500 up net0 net1 net2 net3
root@s11-server1:~# dladm show-aggr

LINK MODE POLICY ADDRPOLICY LACPACTIVITY LACPTIMER
speedway0 trunk L4 auto off short

Chapter 5 - Page 32
4. Create an IP interface for data link speedway0 and show the results.
root@s11-server1:~# ipadm create-ip speedway0

speedway0 ip down no --
5. Run the ipadm command to create the static IPv4 address for system S11-Server1 on the
interface speedway0, and show the results.
root@s11-server1:~# ipadm create-addr -T static \
-a 192.168.0.112/24 speedway0/v4

ble
lo0/v4 static ok 127.0.0.1/8
e r a
speedway0/v4 static ok
tra
192.168.0.112/24
nsf
lo0/v6 static ok
o n - ::1/128
6. Move to the S11-Desktop system and use the ping command to verify n connectivity to the
a
S11-Server1 system.
) h as ฺ
ฺae uide
root@s11-desktop:~# ping s11-server1
s11-server1 is alive
e t
n moving G on to the next practice.
Note: Remove the speedway0 link aggregation
e s ฺbefore n t
i r
root@s11-server:~# dladm delete-aggr t u de
at speedway0
@ em his S
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh

Chapter 5 - Page 33
Practice 5-6: Configuring IPMP
Overview
IP network multipathing (IPMP) provides physical interface failure detection, transparent
network access failover, and packet load spreading for systems with multiple interfaces that are
connected to a particular local area network or LAN.
An IPMP configuration typically consists of two or more physical interfaces on the same system
that are attached to the same LAN. These interfaces can belong to an IPMP group in either of
the following configurations:
• Active-active configuration: In this configuration, all underlying interfaces are active.
An active interface is an IP interface that is currently available for use by the IPMP
group. By default, an underlying interface becomes active when you configure the
interface to become part of an IPMP group.
• Active-standby configuration: In this configuration, at least one interface is ble
administratively configured as a reserve. The reserve interface is called the standby e r a
interface. Although idle, the standby IP interface is monitored by the multipathing
a nsf
daemon to track the interface’s availability, depending on how the interface is
o n -tr
configured. If link-failure notification is supported by the interface, link-based failure
a n
a s
detection is used. If the interface is configured with a test address, probe-based failure
h eฺ
detection is also used. If an active interface fails, the standby interface is automatically
e )
IPMP group. n e tฺa Guid
deployed as needed. You can configure as many standby interfaces as you want for an
t e sฺ ent
In this practice, you configure both active-active and active-standby configurations.
m ira Stud
Task 1: Create an Active-Active @ e Configuration
IPMP h is
In this task, you configure an
i t
v seIPMP group consisting of two network interfaces
aactive-active
i d ฺ q u
(net0 and net1).
h t o
sha steps
Perform the following
i ( e n stoeconfigure IPMP:
1. Verify
Q lic VM is running. Log in with the user ID oracle and password
avthat S11-Server1
h i d oracle1 and use su to root.
a Use the ipadm command to display the IP network interfaces currently configured in the
Sh 2. system.
speedway0 ip ok yes --
3. Delete the net0 network interface and display the results.

root@s11-server1:~# ipadm delete-ip speedway0

When configuring IPMP, you must assign all network interfaces attached to the same LAN
to an IPMP group. In this step, you delete the net0 interface in preparation for configuring
it in an IPMP group.

Chapter 5 - Page 34
4. Rename data link net0 to link1_ipmp0 and data link net1 to link1_ipmp0 and show
the results.
root@s11-server1:~# dladm rename-link net0 link0_ipmp0


link1_ipmp0 phys 1500 unknown --
5. Create IP interfaces for data links link0_ipmp0 and link1_ipmp0. Show the results.
root@s11-server1:~# ipadm create-ip link0_ipmp0
ble
e r a
a nsf
o n -tr
a n
IFNAME CLASS STATE
a
h eฺsACTIVE OVER
lo0 loopback ok
e ) yes --
link0_ipmp0 ip
n e tฺa Guid
down no --
sฺ ent
link1_ipmp0 ip down no --
6. Create an IPMP group named ipmp0. ate

m ir S t ud
@ e his
root@s11-server1:~# ipadm create-ipmp ipmp0
7. Add IP interfaces link0_ipmp0

a i
v and e t
link1_ipmp0 to IPMP group ipmp0 and show the
results. q
dฺ to u s
h i
( s ha nseipadm add-ipmp –i link0_ipmp0 –i link1_ipmp0 ipmp0
root@s11-server1:~#
a vi l ice ipmpstat –g
i d Q GROUP
root@s11-server1:~#
a h GROUPNAME STATE FDT INTERFACES
Sh 8. Assign two static IP addresses to the IPMP interface tolink1_ipmp0

ipmp0 ipmp0 ok -- link0_ipmp0
be used for data access.
root@s11-server1:~# ipadm create-addr –T static \
–a 192.168.0.112/24 ipmp0/v4add1

–a 192.168.0.149/24 ipmp0/v4add2
9. Assign a static IP address to each IPMP subinterface to be used for link testing.
–a 192.168.0.150/24 link0_ipmp0/test

–a 192.168.0.151/24 link1_ipmp0/test

Chapter 5 - Page 35
10. Display the data and test IP addresses.
lo0/v4 static ok 127.0.0.1/8
link0_ipmp0/test static ok 192.168.0.150/24
ipmp0/v4add1 static ok 192.168.0.112/24

11. Use the ipmpstat command to display IPMP address information.

root@s11-server1:~# ipmpstat -an
ADDRESS STATE GROUP INBOUND OUTBOUND
:: down ipmp0 -- --
192.168.0.149 up ipmp0
bllink1_ipmp0 link1_ipmp0 link0_ipmp0 e
192.168.0.112 up ipmp0
feisr a link0_ipmp0 link1_ipmp0 link0_ipmp0
Note: The INBOUND traffic is restricted to one interface depending on which IP addressn s
used. The OUTBOUND traffic is spread across both interfaces.
n - tra
12. Use the ipmpstat command to display IP interface information.
a no
root@s11-server1:~# ipmpstat -i
) h as ฺ
LINK e PROBE e
INTERFACE ACTIVE GROUP FLAGS
t ฺ a
eup t Gok u i d STATE
link1_ipmp0 yes ipmp0 -------
s ฺ n up
n
ok ok
link0_ipmp0 yes ipmp0
t e
--mbM--
e ok
Note: The interface FLAGS has the following
m S ud
ira definitions:
t
e his
i = Unusable due to being INACTIVE
@
s = Masked STANDBYqa
i
v se t
m = Nominateda idฺ toIPv4
tohsend/receive
u multicast for its IPMP group
(
b = Nominated e se IPv4 broadcast for its IPMP group
sh to send/receive
n
v i licsend/receive IPv6 multicast for its IPMP group
MQ=aNominated to
a h id d = Unusable due to being down
Sh h = Unusable due to being brought OFFLINE by in.mpathd (IPMP daemon) because of a
duplicate hardware address
13. Use the ipmpstat command to display information about test address targets.
root@s11-server1:~# ipmpstat -nt
INTERFACE MODE TESTADDR TARGETS
link1_ipmp0 multicast 192.168.0.151 192.168.0.111
link0_ipmp0 multicast 192.168.0.150 192.168.0.111
14. Use the ipmpstat command to display current probe information.

root@s11-server1:~# ipmpstat -pn
TIME INTERFACE PROBE NETRTT RTT RTTAVG TARGET
1.42s link1_ipmp0 i71 2.38ms 2.45ms 7.49ms 192.168.0.111

Chapter 5 - Page 36

^C
Note: The values vary from system to system.
Task 2: Test the Active-Active IPMP Configuration

In this task, you test the active-active IPMP configuration by causing one of the subinterfaces to
fail. Then, you verify that the system is still accessible by using the remaining interface.
ble
Perform the following steps to test the IPMP configuration:
e r a
1. Shut down the S11-Server1 virtual machine.
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 37
2. Open the VirtualBox Manager GUI. Select the S11-Server1 VM and click the Settings utility
on the menu bar.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 38
3. Under the Network settings, select Adapter 2 and set the Attached to: field to Not
attached. Press OK to save the settings and close the Settings dialog box.
ble
e r a
ansf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺvirtualtmachine.
u
h o
shamachine
4. Start the S11-Server1 e
(
5. Log in toi virtual e n sS11-Server1 as user oracle and su to root.
a v l i c
6. Use
i d Q the ipmpstat command to display IPMP group information.
h ah root@s11-server1:~# ipmpstat -g
S GROUP
ipmp0
GROUPNAME
ipmp0
STATE FDT
degraded 10.00s
INTERFACES
link0_ipmp0 [link1_ipmp0]
Note: The link1_ipmp0 has been boxed ([link1_ipmp0]) to indicate that it has failed.
INTERFACE ACTIVE GROUP FLAGS LINK PROBE STATE
link1_ipmp0 no ipmp0 ------- up failed failed
link0_ipmp0 yes ipmp0 --mbM-- up ok ok
Interface link1_ipmp0 is no longer active.

-0.26s link1_ipmp0 i213 -- -- -- 192.168.0.111
1.73s link1_ipmp0 i215 -- -- -- 192.168.0.111

Chapter 5 - Page 39
0.31s link1_ipmp0 i214 -- -- -- 192.168.0.111
3.70s link1_ipmp0 i216 -- -- -- 192.168.0.111
6.07s link1_ipmp0 i218 -- -- -- 192.168.0.111
4.82s link1_ipmp0 i217 -- -- -- 192.168.0.111

9.10s link1_ipmp0 i220 -- -- -- 192.168.0.111
8.53s link1_ipmp0 i219 -- -- -- 192.168.0.111
^C
Note: The link0_ipmp0 is failing probe tests. The values vary from system to system.
ble
9. Move to S11-Desktop virtual machine and ping the IPMP data IP addresses.
e r a
a nsf
192.168.0.112 is alive
o n -tr
a n
a
h eฺ s
192.168.0.149 is alive
e )
10. Power off the S11-Server1 virtual machine.
n etฺa utility
11. Open the VirtualBox Manager GUI and click theฺSettings G uidthe S11-Server1 virtual
machine. t e s e n t for
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh

Chapter 5 - Page 40
12. Under the Network settings, select Adapter 2 and set the Attached to: field to
Internal network.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
u
h o
shamachine e
13. Start the S11-Server1
(
a v l i c
i d Q the ipmpstat command to verify that the IPMP group ipmp0 STATE is ok.
15. Use
h ah root@s11-server1:~# ipmpstat –g
S GROUP GROUPNAME STATE FDT INTERFACES
ipmp0 ipmp0 ok 10.00s link1_ipmp0 link0_ipmp0
Task 3: Create an Active-Standby IPMP Configuration

In this task, you reconfigure the IPMP group ipmp0 from an active-active configuration to
active-standby configuration.
Perform these steps to configure an active-standby IPMP configuration:
1. On the S11-Server1 virtual machine, display the data links.
link1_ipmp0 phys 1500 up --

Chapter 5 - Page 41
2. Rename data link net2 to link2_ipmp0 and show the results.


3. Create IP interfaces for data links link2_ipmp0 and show the results.

ble
e r a
nsf
ipmp0 ipmp ok yes link0_ipmp0 link1_ipmp0
-tra
link0_ipmp0 ip
link1_ipmp0 ip
ok
ok
yes
yes
--
--
n o n
link2_ipmp0 ip down
s a
no --
4. Add IP interfaces link2_ipmp0 to IPMP group ipmp0 and) show

a
h theeresults.
ฺ
ฺ a e i d
root@s11-server1:~# ipadm add-ipmp –i link2_ipmp0
ฺ n et t ipmp0
G u
root@s11-server1:~# ipmpstat –g rat
es den
i
STATEm FDT
e S tuINTERFACES
GROUP GROUPNAME
i @ t hi s
ipmp0 ipmp0
a v ok
e 10.00s link2_ipmp0 link1_ipmp0 link0_ipmp0
d ฺq to IPMP
5. Assign a static IP address
i t o ussubinterface link2_ipmp0 to be used for link testing
h
sha enseipadm create-addr –T static \
i (
lic
a–av 192.168.0.152/24
root@s11-server1:~#
Q link2_ipmp0/test
id root@s11-server1:~# ipadm show-addr
a h
Sh ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
6. Show the current setting of the standby property for the link2_ipmp0 interface.
root@s11-server1:~# ipadm show-ifprop –p standby link2_ipmp0
link2_ipmp0 standby ip rw off -- off on,off
Note: The standby is currently turned OFF.

Chapter 5 - Page 42
7. Set the standby property for the link2_ipmp0 interface to on and show the results.
root@s11-server1:~# ipadm set-ifprop -p standby=on -m ip link2_ipmp0
root@s11-server1:~# ipadm show-ifprop -p standby link2_ipmp0

link2_ipmp0 standby ip rw on on off on,off
8. Use the ipmpstat command to display IPMP group information.

root@s11-server1:~# ipmpstat -g
GROUP GROUPNAME STATE FDT INTERFACES
ipmp0 ipmp0 ok 10.00s link1_ipmp0 link0_ipmp0 (link2_ipmp0)
Note: The interface link2_ipmp0 is enclosed in parenthesis. This indicates that the
interface is set to standby.
ble
e r a
a nsf
:: down ipmp0 -- --
o n -tr
192.168.0.149 up ipmp0
a
link1_ipmp0
n
link1_ipmp0 link0_ipmp0
192.168.0.112 up ipmp0
a s
h eand
link0_ipmp0 link1_ipmp0 link0_ipmp0
Note: The interface link2_ipmp0 is not actively used for INBOUND

e ) ฺ OUTBOUND traffic.
10. Use the ipmpstat command to display IPMP interface
e u id
tฺainformation.
n
sฺ ent G
t e
a tuLINK d
INTERFACE ACTIVE GROUP
irFLAGS
ipmp0 em is----- S
PROBE STATE
link2_ipmp0 no
i @ t h i s up ok ok
link1_ipmp0 yes
a v
ipmp0
link0_ipmp0 yes ฺq ipmp0 s e ------- up ok ok
i d t o u --mbM-- up ok ok
h h
Note: The flagsafor interface
e link2_ipmp0 indicate that the interface is inactive and set to
standby.i (s n s
a v l ice
i
Taskd Q4: Test the Active-Standby IPMP Configuration
h ahIn this task, you test the active-standby IPMP configuration by causing one of the subinterfaces
S to fail. Then you verify that the system is still accessible by using the remaining interface.
Perform the following steps to test the IPMP configuration:
2. Open the VirtualBox Manager GUI. Select the S11-Server1 VM and click the Settings utility
in the menu bar.

Chapter 5 - Page 43
3. Under the Network settings, select Adapter 2 and set the Attached to: field to Not
attached.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺVM. Log u
h t o
( s ha nse
4. Start the S11-Server1 in with the user ID oracle and password oracle1. su to
viipmpstaticecommand to display IPMP group information.

root.
5. Use Q a
the l
i d
S GROUP
ipmp0
GROUPNAME
ipmp0
STATE FDT
degraded 10.00s
INTERFACES
link2_ipmp0 link0_ipmp0 [link1_ipmp0]
Note: The link1_ipmp0 has been boxed to indicate that it has failed.
link2_ipmp0 yes ipmp0 -s----- up ok ok
link1_ipmp0 no ipmp0 ------- up failed failed
Note: Interface link1_ipmp0 is no longer active but link2_ipmp0 is now active.

Chapter 5 - Page 44
:: down ipmp0 -- --
192.168.0.149 up ipmp0 link2_ipmp0 link2_ipmp0 link0_ipmp0
192.168.0.112 up ipmp0 link0_ipmp0 link2_ipmp0 link0_ipmp0
Note: The interface link2_ipmp0 is being used for INBOUND and OUTBOUND traffic.
-1.12s link1_ipmp0 i185 -- -- -- 192.168.0.111
ble
1.51s link1_ipmp0 i187 -- -- -- 192.168.0.111
e r a
0.38s link1_ipmp0 i186 -- -- -- 192.168.0.111
a nsf
3.16s
3.30s
link2_ipmp0 i187
link0_ipmp0 i188
1.81ms
2.61ms
7.40ms
10.90ms
4.06ms
7.27ms o n -tr
192.168.0.111
192.168.0.111
4.10s link2_ipmp0 i188 1.33ms a 1.74ms 4.39ms n
192.168.0.111
4.71s link0_ipmp0 i189 a
2.12mss
h eฺ 2.20ms 6.63ms 192.168.0.111
e )
tฺa Guid
4.18s link1_ipmp0 i189 -- -- -- 192.168.0.111
3.12s link1_ipmp0 i188
n e -- -- -- 192.168.0.111
t e sฺ ent 0.96ms 25.18ms 6.70ms 192.168.0.111
m ira Stud 2.67ms 38.58ms 10.63ms 192.168.0.111
7.10s
@ e his
link2_ipmp0 i190 1.08ms 1.84ms 4.07ms 192.168.0.111
7.63s
a i
v se t
7.17s
i q
dฺ to u
link1_ipmp0 i191 -- -- -- 192.168.0.111
6.51s
hlink1_ipmp0 i190 -- -- -- 192.168.0.111
8.75s
i ( sha ense
Q av
9.45s
9.81s lic
link0_ipmp0 i192
link2_ipmp0 i192
2.02ms
2.38ms
2.11ms
9.32ms
9.42ms
4.73ms
192.168.0.111
192.168.0.111
i d
ah ^C
Sh Note: The interface link2_ipmp0 is actively probing targets. The values vary from system
to system.
9. Move to S11-Desktop virtual machine and ping the IPMP data IP addresses.
192.168.0.112 is alive

192.168.0.149 is alive
10. Shut down the S11-Server1 virtual machine.
11. Open the VirtualBox Manager GUI. Select the S11-Server VM and click the Settings utility
on the menu bar.

Chapter 5 - Page 45
12. Under the Network settings, select Adapter 2 and set the Attached to: field to
Internal Network.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
u
h o
shamachine e
13. Start the S11-Server1
(
a v l i c
i d Q the ipmpstat command to display IPMP group information.
15. Use
S GROUP GROUPNAME STATE FDT INTERFACES
ipmp0 ipmp0 ok 10.00s link1_ipmp0 link0_ipmp0 (link2_ipmp0)
Note: The interface link2_ipmp0 has been placed back up in to standby and is inactive.
This indicates that the failed interface has been repaired.
16. Use the ipmpstat command to display IPMP interface information.
link2_ipmp0 no ipmp0 is----- up ok ok
link1_ipmp0 yes ipmp0 ------- up ok ok

Chapter 5 - Page 46
Task 5: Remove the IPMP Configuration
In this task, you remove the IPMP group ipmp0 and return the network to its original
configuration.
Perform the following steps to remove the IPMP configuration:
1. Remove all the subinterfaces from the IPMP group ipmp0 and show the results.
root@s11-server1:~# ipadm remove-ipmp –i link0_ipmp0 \

–i link1_ipmp0 –i link2_ipmp0 ipmp0
...
root@s11-server1:~# ipmpstat -g
GROUP GROUPNAME STATE FDT INTERFACES
ipmp0 ipmp0 failed -- --
2. Delete the IPMP group ipmp0.

ble
root@s11-server1:~# ipadm delete-ipmp ipmp0
e r a
nsf
root@s11-server1:~# ipmpstat –g
root@s11-server1:~#
-tra
3. Display the IP address that is currently configured in the system.
n o n
s a
ADDROBJ TYPE
ADDR
) a
h eฺ
STATE
lo0/v4 e
tฺa Guid
static
127.0.0.1/8ok
n e
sฺ 192.168.0.151/24
t
link0_ipmp0/test static ok
192.168.0.150/24
t e e
link1_ipmp0/test staticn ok
m ud
ira St192.168.0.152/24
link2_ipmp0/test static ok
@ e his ::1/128
lo0/v6 static ok
a
4. Delete the IP addresses and
i t
v showsthee results.
i q
dฺ ipadm udelete-addr link0_ipmp0/test
h
root@s11-server1:~# t o
( s ha nseipadm delete-addr link1_ipmp0/test
root@s11-server1:~#
a v i l ice ipadm delete-addr link2_ipmp0/test

root@s11-server1:~#
i d Q
h ah root@s11-server1:~# ipadm show-addr
S ADDROBJ
lo0/v4
TYPE
static
STATE
ok
ADDR
127.0.0.1/8
5. Delete IP interfaces link0_ipmp0, link1_ipmp0, and link2_ipmp0. Show the results.
root@s11-server1:~# ipadm delete-ip link0_ipmp0


Chapter 5 - Page 47
6. Rename the data links to their original names and show the results.
root@s11-server1:~# dladm rename-link link0_ipmp0 net0


ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 48
Practice 5-7: Configuring a Network Bridge
Overview
Bridges are used to connect separate network segments. When connected by a bridge, the
attached network segments communicate as if they were a single network segment. Bridging is
implemented at the data link layer (L2) of the networking stack. Bridges use a packet-forwarding
mechanism to connect subnetworks together.

In this practice, you create a bridge between two network interfaces (net0 and net3).
Task
Perform the following steps in S11-Server1 VM to configure a network bridge:
1. Display the bridges currently configured in the system.
root@s11-server1:~# dladm show-bridge
ble
root@s11-server1:~#
e r a
No bridging devices are currently configured in the system.
a nsf
2. List the network interfaces currently configured in the system.
o n -tr
a n
LINK MEDIA
a s DUPLEX
h full
STATE SPEED DEVICE
net1 Ethernet
a e ) d e ฺ unknown 1000 e1000g1
net2 Ethernetฺ
et t Gu full i full unknown 1000 e1000g2
net0
s ฺ n
Ethernet
n unknown 1000 e1000g0
net3
r a t e d
Ethernet e unknown unknown 0 e1000g3
i t u
3. List the network interfaces currently
@ em configuredS
h i s in the system.
avi show-if
root@s11-server1:~# ipadm
et
CLASSฺq STATE us ACTIVE OVER
IFNAME
a h id okto yes --
se
lo0 loopback
4. Create ani ( shinterface

IP e nfor data links net0 and net3 and show the results.
Q
v lic
aroot@s11-server1:~# ipadm create-ip net0
i d
h ah root@s11-server1:~# ipadm create-ip net3
S root@s11-server1:~# ipadm show-if

net0 ip down no --
net3 ip down no --
5. Use the ipadm command to assign IP address 192.168.0.112 to network interface

net0.
root@s11-server1:~# ipadm create-addr -T static -a \
192.168.0.112/24 net0/v4

Chapter 5 - Page 49
6. Use the ipadm command to assign IP address 192.168.2.100 to network interface net3
root@s11-server1:~# ipadm create-addr -T static -a \
192.168.2.152/24 net3/v4


net0 ip ok yes --
net3 ip ok yes --

lo0/v4 static ok 127.0.0.1/8
net0/v4 static ok 192.168.0.112/24
ble
e r a
nsf
net3/v4 static ok 192.168.2.152/24
-tra
7. Create a bridge named tonowhere between interfaces net0 (forwarding) and net3
n o n
(discarding) and show the results. a
a
h eฺs
root@s11-server1:~# dladm create-bridge -l net0 -l net3 tonowhere
e )
n e tฺa Guid
BRIDGE PROTECT ADDRESS
t e sฺ PRIORITY
e n t DESROOT
tonowhere stp ira Stu32768
32768/8:0:27:9c:83:e1 d 32768/8:0:27:9c:83:e1
m
8. Display detailed information aboutethe bridgeis tonowhere.
i @
v show-bridge
root@s11-server1:~#adladm e t h
ฺ q u s -l tonowhere
LINK
a h id
STATE
toUPTIME DESROOT
net0
sh discarding
n e
s 165 32768/8:0:27:9c:83:e1
forwarding 165
v i ( ic e
anet3
l 32768/8:0:27:9c:83:e1
Q interface net3 from the bridge tonowhere and show the results.
9. d Remove
ah i
Sh root@s11-server1:~# dladm remove-bridge -l net3 tonowhere
root@s11-server1:~# dladm show-bridge -l tonowhere

LINK STATE UPTIME DESROOT
net0 forwarding 215 32768/8:0:27:9c:83:e1
10. Try to remove the bridge tonowhere.

root@s11-server1:~# dladm delete-bridge tonowhere
dladm: delete operation failed: link busy
11. Remove interface net0 from the bridge tonowhere and show the results.
root@s11-server1:~# dladm remove-bridge -l net0 tonowhere
root@s11-server1:~# dladm show-bridge -l tonowhere
root@s11-server1:~#
12. Remove the bridge tonowhere and show the results.

root@s11-server1:~# dladm delete-bridge tonowhere
root@s11-server1:~#

Chapter 5 - Page 50
13. Delete the IP interface for data link net3.
root@s11-server1:~# ipadm delete-ip net3

net0 ip ok yes --
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 51
Practice 5-8: Monitoring the Network
Overview
Oracle Solaris 11 adds a variety of robust network utilities. For network observability, the new
wireshark and dlstat utilities have been added. Wireshark is a powerful network protocol
analyzer that lets you capture and interactively browse the traffic running on a computer
network. dlstat lets you generate reports containing runtime statistics about data links.
In this practice, you are presented with two tasks. In the first task you install and explore the
wireshark utility. In the second task, you explore the dlstat utility.
Task 1: Monitor the Network by Using Wireshark

Perform the following steps to monitor the network by using Wireshark:
1. Verify that the S11-Server1 and S11-Desktop virtual machines are running. This can be
determined by viewing the Oracle VM VirtualBox Manager window and checking the run ble
e r a
nsf
status for each virtual machine. If the virtual machines are not running, start them at this
time. In the S11-Desktop VM, su to root role.
-tra
2. On the S11-Desktop system desktop, double-click the Add More Software icon to launch
n o n
the Package Manager service.
s a
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
3. Use Package Manager to search e
and
tud
ira theSwireshark
minstall package.
@ h i s
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh

Chapter 5 - Page 52
4. To start Wireshark, open the Applications menu and select System Tools. Click the
Wireshark icon.
Note: Ignore any lua:error related pop-up message displayed. Press OK to proceed.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t
Following is the home page of the Wiresharke sฺ eAnalyzer
Network n t utility:
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
ah id
Sh

Chapter 5 - Page 53
5. Click the List the Available Capture Interfaces icon ( ) to begin your capture:
6. Select the interface net1 check box and click the Options button. Under Capture File(s), in
the File field, type /var/tmp/192.168.0.112.cap and click Start.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 54
7. To generate network traffic between this system and 192.168.0.112, in the Package
Manager window, click the Refresh button. Now, using the Package Manager, install a new
package (for example, gcc-45 package).
8. After the package installation has completed, click the Stop The Running Live Capture
( ) button to stop your capture.

9. Click the Close This Capture File ( ) button to close and save your capture.
10. From the Files menu in the Wireshark main screen, select Open and browse to the
/var/tmp directory. Select the 192.168.0.112.cap file and click Open.
11. Take a few minutes and read through the packet trace.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 55
12. Click Statistics in the Wireshark utility menu bar and select Summary.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
13. Close the Summary dialog box.

Chapter 5 - Page 56
14. Click Statistics in the Wireshark utility menu bar and select Protocol Hierarchy.
ble
e r a
a nsf
o n -tr
15. Close the Protocol Hierarchy Statistics dialog box. a n
a s
h eฺ
16. Click Statistics in the Wireshark utility menu bar and select Endpoint.
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh
17. Close the Endpoints dialog box.

Chapter 5 - Page 57
18. Click Statistics in the Wireshark utility menu bar and select IO Graphs.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
19. Click Close to close the IO Graphs
@ e window. h is
i
av bar,usclick t
e Close This Capture File ( ) button to close
id
20. On the Wireshark utility ฺ qmenu
and save your a h
capture. e to
i ( sh utility
21. On the Wireshark e n smenu bar, click File and then select Quit to close the Wireshark
av
utility. li c
id Q
a h
Sh Perform2: these
Task Monitor the Network by Using dlstat
steps on S11-Server1 VM to monitor the network by using the dlstat
command:
1. Move back to the S11-Server1 VM.
2. Display statistics for all network links.
root@s11-server1:~# dlstat
LINK IPKTS RBYTES OPKTS OBYTES
net1 0 0 0 0
net2 0 0 0 0
net0 0 0 9.42K 1.01M
net3 0 0 140K 15.52K
Note: The values may differ on your system.

Chapter 5 - Page 58
3. Display statistics for all physical network devices.
root@s11-server1:~# dlstat show-phys
net1 1.64K 273.30K 32.37K 42.67M
net2 2.57K 336.97K 34.36K 46.96M
net0 49.91K 4.20M 6.25K 6.39M
net3 2.09K 289.56K 26.38K 35.16M

4. Display statistics for all network links.
root@s11-server1:~# dlstat show-link
net1 0 0 0 0
net2 0 0 0 0
net0 0 0 9.42K 1.01M
ble
e r a
nsf
net3 0 0 140 15.52K
-tra
n o n
s a
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 5 - Page 59
Practice 5-9: Test Your Skills and Knowledge
Overview
step-by-step guide.
Note: This practice is optional. Check with your instructor to determine if you have enough time
available to complete this practice. If you begin this practice and run out of time, set this practice
aside and return to it if time permits.
Task 1: Configure reactive profiles

ble
Perform this task on the S11-Desktop VM. e r a
1. Enable the start_state and aces profiles. a nsf
2. Remove the current NCU for network interface net0. o n -tr
3. a
Create a new NCU for network interface net3. Assign IP address 192.168.0.111 to net3.
n
a s
h eฺ
4. Test the new reactive profile.
e )
n e tฺa Guid
Task 2: Configure a virtual network
Perform this task on the S11-Server1 VM. ate
sฺ ent
m ir of one
S t ud and two virtual NICs.
@ e his
1. Create a private virtual network consisting etherstub
a. Create the etherstub and
a i
v seNICt devices.
virtual
q
dฺ tozones
b. Configure two nonglobal
i u on the virtual network.
h
i
other.( shathe nonglobal
c. Verify that
e n se zones on the virtual network can communicate with each
Q
2. Remove
lic virtual network.
av the private
a h id a. Remove the two nonglobal zones.
Sh b. Remove the virtual NIC and etherstub devices.
Task 3: Configure IPMP

Perform this task on the S11-Server1 VM.
1. Create an Active-Standby IPMP configuration.
a. Prepare network interfaces net0, net1, and net2 for using in an IPMP group.
b. Create an IPMP group consisting of network interfaces net0, net1, and net2. Make
net2 the standby sublink.
c. Test the new IPMP group.
2. Remove the IPMP group.
a. Restore network interface net0 to the original configuration (static IP address
192.168.0.112).
b. Verify that network interface net0 is operational.

Chapter 5 - Page 60
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
ฺ a i d
et t GuOracle Solaris
Administering
ฺ n
sZones n
a11
t e d e
e mir Chapter
s S tu6
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
Practices for Lesson 6: Administering Oracle Solaris 11 Zones

Chapter 6 - Page 1
Practices Overview
This practice introduces you to the virtual-to-virtual (V2V) and physical-to-virtual (P2V) methods
for migrating Oracle Solaris 10 zones to solaris10 zones. It provides you guided hands-on
experience with migrating zones. During the practices, you apply Oracle Solaris 10 zone
migration best practices applicable to the Oracle Solaris 11 operating system.

The key areas explored in this practice are:
• Migrating Oracle Solaris 10 zones to Oracle Solaris 11
• Migrating Oracle Solaris 10 global zones to Oracle Solaris 11
• Configuring an Oracle Solaris Kernel Zone (demonstration)
• Deploying an Oracle Solaris Kernel Zone Using Oracle Solaris Unified Archive
(demonstration)
ble
• Monitoring zone resource utilization e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 6 - Page 2
Practice 6-1: Migrating an Oracle Solaris 10 Zone to Oracle Solaris 11
Overview
Oracle Solaris BrandZ technology provides the framework to create zones that are used to run
applications that cannot be run in an Oracle Solaris 11 environment. In the practice, you
experience working with the Oracle Solaris 10 zones. Oracle Solaris 10 Zone workloads running
within these Oracle Solaris 10 zones can take advantage of the enhancements made to the
Oracle Solaris kernel and utilize some of the innovative technologies available only on the
Oracle Solaris 11 release.
In this practice, you explore the virtual-to-virtual (V2V) process for migrating an Oracle Solaris
10 native zone to an Oracle Solaris 11 environment. To do this, you perform four key tasks:
• Assess the source Oracle Solaris 10 Zone.
• Prepare the source system for migration.
• Prepare the target system for migration. ble
e r a
• Migrate from the Oracle Solaris 10 zone.
a nsf
Task 1: Assess the Source Oracle Solaris 10 Zone o n -tr
a
Perform the following steps in S10-Server1 VM to assess the source Oracle Solaris 10 zone:
n
a s
h eฺ
1. Verify that the S11-Server1 VM is running and kept minimized.
e )
n e tฺa Guid
Note: Shut down the S11-Desktop VM before proceeding to the next step.
t e sฺ ent
2. Start the S10-Server1 VM from the VirtualBox Manager and log in with the user ID root
and password cangetin.
m t ud to determine the state of the
iralistScommand
3. In the terminal window, run the zoneadme his
zones currently configured v oni@ t
the system.
q a s e
ID NAME ah
idฺ STATUS
# zoneadm list -cv
t o u
s h
0 (global n s erunning PATH BRAND IP
a v i l i c e / native shared
Q 1 zone1 running /export/zones/1 native

4.id Determine how zone1 is configured, its network interface, and IP configuration.
shared
a h
Sh # zonecfg –z zone1 info
zonename: zone1
zonepath: /export/zones/1
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid: 34dcc30c
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:

Chapter 6 - Page 3
dir: /usr
net:
address: 192.168.0.177
physical: e1000g0
5. Log in to zone1.
# zlogin zone1
[Connected to zone 'zone1' pts/4]
Oracle Corporation SunOS 5.10 Generic Patch January 2005
#
6. Determine the zone’s host name.
# hostname
zone1
7. Determine the zone’s network interface and IP configuration. ble
e r a
# ifconfig -a
ansf
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
o n -tr
a
inet 127.0.0.1 netmask ff000000 n
a
h eฺ s
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
e )
inet 192.168.0.177 netmask ffffff00 broadcast 192.168.0.255
e
8. Determine the zone’s host ID. Make a note of the valuetฺaas you u id
will use this value in the next
n
sฺ ent G
task.
t e
# hostid
m ira Stud
34dcc40c
@ e his
9. Determine the zone’s disk a i
v se t
usage.
i q
dฺ to u
# df -kh
h
ha nse size used avail capacity Mounted on
( s
Filesystem
a v i l
rpool/export i ce 24G 70M 24G 1% /
i d Q /dev 24G 70M 24G 1% /dev
h ah /lib 27G 3.3G 24G 13% /lib

S /platform
/sbin
27G
27G
3.3G
3.3G
24G
24G
13%
13%
/platform
/sbin
/usr 27G 3.3G 24G 13% /usr
proc 0K 0K 0K 0% /proc
ctfs 0K 0K 0K 0% /system/contract
mnttab 0K 0K 0K 0% /etc/mnttab
objfs 0K 0K 0K 0% /system/object
swap 3.0G 212K 3.0G 1% /etc/svc/volatile
/usr/lib/libc/libc_hwcap1.so.1
27G 3.3G 24G 13% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
swap 3.0G 0K 3.0G 0% /tmp
swap 3.0G 4K 3.0G 1% /var/run
10. Exit from zone1 to the global zone.

# exit
[Connection to zone ‘zone1’ pts/4 closed]


Chapter 6 - Page 4
Task 2: Prepare the Source Oracle Solaris 10 Zone for Migration
Perform the following steps in S10-Server1 VM to prepare the source Oracle Solaris 10 zone for
migration:
1. Halt zone1.
# zoneadm –z zone1 halt
2. Place zone1 in the ready state.

# zoneadm -z zone1 ready
# zoneadm list -cv

0 global running / native shared
2 zone1 ready /export/zones/1 native shared
When it is in the ready state, the zone is established. The kernel creates a zsched
ble
process, the network interface is ready, file systems are mounted, and devices are
e r a
configured. The zone has unique ID. However, processes are not started. The zone must
a nsf
3.
be in the ready state for the migration to succeed.
Run the showmount –e command to determine whether the source system is configured o n -tr
as an NFS server. a n
a
h eฺs
# showmount –e
e )
export list for s10-server1:
n e tฺa Guid
/export/share (everyone)
t e sฺ 1.cpio.gz
e n t
named zone1 on the target system.m
ir Stud
4. Create a gzip compressed cpio archiveanamed for zone1, which will still be
@ e his
i
v The gzip
Note: Do not run these commands
a eintthis practice as it could take about 30 minutes
q
dฺ fortyou
to create the cpio archive. s
u compressed cpio archive named 1.cpio.gz for
zone1 is already
a h i
created o and is available in the /opt/ora/labs directory. Ensure
h s e
v i (s theic/opt/ora/labs/1.cpio.gz
that you copy
e n file to the /export/share directory
Q a
before l
proceeding to the next task.
h i d # cd /export/zones/1
a
Sh # find . -print | cpio -oP@ | gzip > /export/share/1.cpio.gz
5444292 blocks
Task 3: Prepare the Target System for Migration

Perform the following steps in S11-Server1 VM to prepare the target system for migration:
Note: Ensure that you copy the /opt/ora/labs/1.cpio.gz file to the /export/share
directory before proceeding with the steps in this task.
1. Verify whether S11-Server1 VM is running. If not, start it now, log in as user oracle and
use su to root.
2. Mount the NFS share directory from the source system to the /export/share directory.
root@s11-server1:~# showmount -e s10-server1
root@s11-server1:~# mkdir /export/share

Chapter 6 - Page 5
root@s11-server1:~# mount -F nfs s10-server1:/export/share /export/share
Note: Ignore any NFS notice-related messages.
3. List the contents of the /export/share directory.
root@s11-server1:~# ls /export/share
1.cpio.gz
4. Check to see whether your IPS server is currently running. If not, start it now. Make sure
the IPS server is started before performing the next step.
5. Create an Oracle Solaris 10 Zone suitable for the migration.
ble
zonecfg:zone1> create -t SYSsolaris10
e r a
a nsf
o n -tr
zonecfg:zone1> set hostid=34dcc30c
a n
a
h eฺs
zonecfg:zone1> set ip-type=shared
)
zonecfg:zone1> remove anet
e
n e tฺa Guid
sฺ ent
zonecfg:zone1:net> set physical=net0
t e
zonecfg:zone1:net> set address=192.168.0.172/24
ira Stud
m
@ e his
a i
v se tzonecfg:zone1> commit
i q
dฺ to u zonecfg:zone1> exit
h
a configuration
6. Verify that the
( shzone1e n se meets the Oracle Solaris 10 Zone migration
i
requirements.
v lic
i d Q zonecfg -z zone1 info
h ah zonename: zone1
S zonepath: /zones/zone1
brand: solaris10
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid: 34dcc30c
fs-allowed:
net:
address: 192.168.0.172/24
physical: net0

Chapter 6 - Page 6
Task 4: Migrate from the Oracle Solaris 10 Zone
Perform the following steps on S11-Server1 VM to migrate the Oracle Solaris 10 zone:
1. After the zone1 archiving has completed (in Task 2), use the zoneadm attach
subcommand to attach the gzip image to zone1.
root@s11-server1:~# ls /export/share
1.cpio.gz
root@s11-server1:~# zoneadm -z zone1 install -pva /export/share/1.cpio.gz

rpool/zones/zone1
==== Starting: /usr/lib/brand/solaris10/image_install zone1 /zones/zone1 -p -v
-a/export/share/1.cpio.gz ====
Progress being logged to /var/log/zones/zoneadm.20140714T051822Z.zone1.attach
Starting pre-installation tasks.
ble
Pinning datasets under rpool/zones/zone1
e r a
Pinning rpool/zones/zone1
a nsf
Installation started for zone "zone1"
cpio archive o n -tr
a
Creating active_ds rpool/zones/zone1/rpool/ROOT/zbe-0 n
Creating child dataset: var a s
h eฺ
e )
tฺa Guid
Mounting boot environment in rpool/zones/zone1/rpool/ROOT/zbe-0 at
e
/zones/zone1/root (including child datasets)
n
e sฺ ent
Preparing to mount rpool/zones/zone1/rpool/ROOT/zbe-0 at /zones/zone1/root
t
ira Stud
Mounting rpool/zones/zone1/rpool/ROOT/zbe-0 at /zones/zone1/root/ with ZFS
m
temporary mount
@ e his
i
v se t
Preparing to mount rpool/zones/zone1/rpool/ROOT/zbe-0/var at /zones/zone1/root
a
q
dฺ to u
Mounting rpool/zones/zone1/rpool/ROOT/zbe-0/var at /zones/zone1/root/var with
i
ZFS temporary mount
h
sha ense
Installing: This may take several minutes...
i (
av lic
Analysing the archive
i d Q cd "/zones/zone1" && gzcat "/export/share/1.cpio.gz" | cpio -idmP@/fE

/var/tmp/fs.cpio.yMaiSd
ah
Sh
Pinning rpool/zones/zone1/rpool
...
...
...
==== Completed: /usr/lib/brand/solaris10/image_install zone1 /zones/zone1 -p -
v -a/export/share/1.cpio.gz ====
/zones/zone1/root/var/log/zones/zoneadm.20140714T051822Z.zone1.attach
Note: This will take several minutes to complete. While installing the zone, you must use
either the -p or the -u option. If you do not specify one of these two options, an error
results. The -p option preserves the system identity and -u option unconfigures the
system.

Chapter 6 - Page 7
2. List the zones currently configured on the system.
- zone1 installed /zones/zone1 solaris10 shared
3. Boot the newly migrated zone.
root@s11-server1:~# zoneadm –z zone1 boot

...
4. List the zones to verify that zone1 has successfully booted.

2 zone1 running /zones/zone1 solaris10 shared
ble
5. Log in to the zone.
e r a
root@s11-server1:~# zlogin –C zone1
tra nsf
...
n -
Note: The utility may direct you to use the F2 or ESC + 2 keys to move n toothe next step in
s a
the installation process. If F2 key does not work, try using the combination of ESC + 2 keys.
Use the Tab key to select options. h a
) deฺ
t ฺ a e i
• Terminal type: DEC VT100
n e G u
• Hostname: zone1
t e sฺ ent
• Configure Kerberos Security: No ira
m S t ud
• Name Service: None @ e his
a i
vUse the e t
• NFSv4 Domain Name:
d ฺ q u s NFSv4 domain derived by the system
• Time Zone: h i t o
aSet as spere your preference
( s h n Set as per your preference
•
a v i
Country
l i c e
or Region:
•Q Root password: cangetin
i d
h ah zone1 console login: root
S Password: cangetin
...
...
#

Chapter 6 - Page 8
6. Determine the zone’s network interface and IP configuration.
# ifconfig –a
index 1
inet 127.0.0.1 netmask ff000000
net0:2:
flags=100001100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4,PHYSRUNNING> mtu
1500 index 2
index 1
inet6 ::1/128
7. Use the ping command to verify if you can communicate with global zone and other VMs.
# ping 192.168.0.112
192.168.0.112 is alive
ble
e r a
nsf
# ping 192.168.0.113
192.168.0.113 is alive
-tra
# ping 192.168.0.172
192.168.0.172 is alive
n o n
8. Exit the zone and return to the global zone. s a
) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 6 - Page 9
Practice 6-2: Migrating an Oracle Solaris 10 Global Zone to Oracle
Solaris 11
Overview
In this practice, you explore the physical-to-virtual (P2V) process to migrate an Oracle Solaris
10 global zone to an Oracle Solaris 11 environment. To do this, you perform four key tasks:
• Assess the source Oracle Solaris 10 global zone.

• Prepare the source global zone for migration.
• Prepare the target global zone for migration.
• Migrate from the Oracle Solaris 10 global zone.
Task 1: Assess the Source Oracle Solaris 10 Global Zone

Perform the following steps in S10-Server1 VM to assess the source Oracle Solaris 10 global
ble
zone:
e r a
1. Verify that the S10-Server1 and S11-Server1 VMs are running. If the VMs are not running,
a nsf
start them at this time. Log in to S10-Server1 VM as user root. Use the password
o n -tr
cangetin.
a n
a s
2. In the terminal window, verify that the release of the Oracle Solaris 10 OS meets migration
h eฺ
requirements.
e )
# cat /etc/release
n e tฺa Guid
Oracle Solaris 10 s
e ฺ s10x_u11wos_24a
1/13
n t X86
Copyright (c) 1983, 2013, Oracle
i r t
a tud
and/or itseaffiliates. All rights reserved.
@ emAssembled S
h i s 17 January 2013
3. Determine the global zone’s
a i name.
vhost e t
q
dฺ to u s
# hostname
h i
( s ha nse
s10-server1
i
v the global
4. Determine
a l ice zone’s host ID.
i d Q # hostid
h ah 0bfd544f
S 5. Determine the zone’s network interface and IP configuration.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
index 1
zone zone1
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
ether 8:0:27:88:64:a1
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone zone1
#

Chapter 6 - Page 10
6. Determine the zone’s disk usage.
# df -kh
Filesystem size used avail capacity Mounted on
rpool/ROOT/s10x_u11wos_24a
29G 3.3G 23G 13% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 920M 372K 920M 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
sharefs 0K 0K 0K 0% /etc/dfs/sharetab
/usr/lib/libc/libc_hwcap1.so.1
26G 3.3G 23G 13% /lib/libc.so.1
ble
fd 0K 0K 0K 0% /dev/fd
e r a
nsf
swap 920M 72K 920M 1% /tmp
swap 920M 28K 920M 1% /var/run
-tra
ora 426G 265G 161G 63% /opt/ora
n o n
rpool/export 29G 740M
s a 23G 4% /export
rpool/export/home 29G
) a
h eฺ31K 23G 1% /export/home
rpool
e
29G
tฺa Guid
42K 23G 1% /rpool
ora
n e 426G 265G 161G 63% /mnt/sf_ora
7. Remove the cpio archive from the /export/share

t e sฺ edirectory.
n t
# cd /export/share
m ira Stud
# rm 1.cpio.gz
@ e his
a i
v se t
Task 2: Prepare the iSource q
dฺ Global u Zone for Migration
h t o
( s ha stepsnsineS10-Server1 VM to prepare the source global zone for migration:
Perform the following
1. In the v
a i l i ce run the zoneadm list command to determine the state of the
terminal window,
i d Q currently configured on the system.

zones
h ah # zoneadm list -cv

S ID NAME STATUS PATH BRAND IP
0 global running / native shared
2 zone1 ready /export/zones/1 native shared
2. Halt the nonglobal zones.
# zoneadm –z zone1 boot
# zoneadm –z zone1 halt
3. Determine the NFS share directory.
# showmount -e

Chapter 6 - Page 11
4. Create a flash archive image of the global zone in the NFS share directory.
Note: Do not run the following flarcreate command in this practice as it could take
about 30 minutes to create the flash archive. The s10-server1.flar flash archive
image is already created for you and is available in the /opt/ora/labs directory. .
Ensure that you copy the /opt/ora/labs/s10-server1.flar file to the
/export/share directory before proceeding to the next task.
# flarcreate -S -n s10-server1 /export/share/s10-server1.flar

Full Flash
Checking integrity...
Integrity OK.
Running precreation scripts...
Precreation scripts done.
WARNING: Non-global zones detected on the system !!! Behaviour of flash
archive created may be undefined.
Creating the archive...
ble
Archive creation complete.
e r a
Running postcreation scripts...
a nsf
Postcreation scripts done.
o n -tr
Running pre-exit scripts...
a n
Pre-exit scripts done.
a s
Task 3: Prepare the Target System for Migration ฺae
) h deฺ
e t the targetu i
Perform the following steps in S11-Server1 VM to prepare
s ฺ n n t G system for migration:
e
at tude
Note: Ensure that you copy the /opt/ora/labs/s10-server1.flar
r file to the
i
@ em his S
/export/share directory before proceeding to the next step.
1. Verify that the S10-Server1vNFS
a i share
e t
directory is mounted on the S11-Server1 machine.
| sgrep /export/share
i
root@s11-server1:~#
h donฺqs10-server1:/export/share
mount u
t o
a
/export/share
sh2014 se
i ( c e n
remote/read/write/setuid/devices/rstchown/xattr/dev=8d00001 on Mon Jul 14
Q
2. d List
athev contentsliof the /export/share directory.
04:03:41
h ahi root@s11-server1:~# ls -lh /export/share

S total 8559245
-rw-r--r-- 1 root root 3.1G Aug 7 23:39 s10-server1.flar
3. Create a Solaris 10 zone suitable for the global zone migration.
zonecfg:zone2> create -t SYSsolaris10
zonecfg:zone2> set ip-type=shared
zonecfg:zone2> remove anet
zonecfg:zone2:net> set physical=net0
zonecfg:zone2:net> set address=192.168.0.173/24

Chapter 6 - Page 12
zonecfg:zone2> exit
4. Verify that the zone2 configuration meets the Solaris 10 global zone migration
requirements.
root@s11-server1:~# zonecfg -z zone2 info
zonename: zone2
zonepath: /zones/zone2
brand: solaris10
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
ble
hostid: 0bfd544f
e r a
fs-allowed:
a nsf
net:
address: 192.168.0.173/24 o n -tr
allowed-address not specified a n
a
h eฺ
configure-allowed-address: true s
e )
tฺa Guid
physical: net0
n e
t e sฺ ent
Task 4: Migrate from the Oracle Solaris
m ira10 Global
S t udZone
Now that the target system is prepared,
@ e it is time
h isto migrate from the Oracle Solaris 10 global
zone. i
v se
aS11-Server1 t
i d
Perform the following steps ฺ q
in u VM to migrate the Oracle Solaris 10 global zone:
h t o
1. After the global
( s hazone nflar
se image has completed building (in Task 2), use the zoneadm
i
v subcommand
install e
lic to zoneadm
aroot@s11-server1:~# install the flar image in zone2.
i Q
d /export/share/s10-server1.flar -z zone2 install -a \
a h -uv
Sh The following ZFS file system(s) have been created:
rpool/zones/zone2
==== Starting: /usr/lib/brand/solaris10/image_install zone2 /zones/zone2 -
a/export/share/s10-server1.flar -u -v ====
Progress being logged to /var/log/zones/zoneadm.20140714T064424Z.zone2.attach
Starting pre-installation tasks.
Installation started for zone "zone2"
flash archive
Installing: This may take several minutes...
| install_flar
Creating active_ds rpool/zones/zone2/rpool/ROOT/zbe-0
Creating child dataset: var
Mounting boot environment in rpool/zones/zone2/rpool/ROOT/zbe-0 at
/zones/zone2/root (including child datasets)
Preparing to mount rpool/zones/zone2/rpool/ROOT/zbe-0 at /zones/zone2/root

Chapter 6 - Page 13
Mounting rpool/zones/zone2/rpool/ROOT/zbe-0 at /zones/zone2/root/ with ZFS
temporary mount
Preparing to mount rpool/zones/zone2/rpool/ROOT/zbe-0/var at /zones/zone2/root
Mounting rpool/zones/zone2/rpool/ROOT/zbe-0/var at /zones/zone2/root/var with
ZFS temporary mount
Extracting with command: '/usr/bin/cpio -icdP@/umfE /var/tmp/fs.cpio.h4aOav'
Extraction complete with exit status 0

...
...
...
==== Completed: /usr/lib/brand/solaris10/image_install zone2 /zones/zone2 -
a/export/share/s10-server1.flar -u -v ====
/zones/zone2/root/var/log/zones/zoneadm.20140714T064424Z.zone2.attach
root@s11-server1:~#
ble
Note: This will take time to complete. While installing the zone, you must use either the -p
e r a
option or the -u option. If you do not specify one of these two options, an error results. The
a nsf
2.
-p option preserves the system identity and -u option unconfigures the system.
List the zones currently configured on the system. o n -tr
a n
a s
h BRAND
ID NAME STATUS PATH
a e ) d e ฺ IP
0 global running ฺ/ i
et t Gu solaris10
solaris shared
3 zone1
s ฺ n
running /zones/zone1
n
shared
- zone2
r a t e
installed
d e
/zones/zone2
solaris10 shared
i t u
3. Boot the newly migrated zone.
@ em h i s S
q a vi se t
root@s11-server1:~# zoneadm –z zone2 boot
4. List the zones to verify

h i dฺ that zone2
t o u has successfully booted.
h a
root@s11-server1:~#
s s ezoneadm list -cv
( n
a vIDi0 NAME l ice STATUS PATH BRAND IP
i d Q global running / solaris shared
a h 3 zone1 running /zones/zone1 solaris10 shared
Sh 5 zone2 running /zones/zone2 solaris10 shared

5. Configure the zone and log in to the zone2 console.
root@s11-server1:~# zlogin -C zone2
Use the following parameters when performing the initial system configuration:
Note: The utility may direct you to use the F2 or ESC + 2 keys to move to the next step in
the installation process. If F2 key does not work, try using the combination of ESC + 2 keys.
Use Tab key to select options. If the up and down arrow keys does not work, try using the
CTRL + N and CTRL + P keys to move to the next or previous item for selection.
• Terminal type: DEC VT100
• Hostname: zone2
• Configure Kerberos Security: No
• Name Service: None
• NFSv4 Domain Name: Use the NFSv4 domain derived by the system
• Time Zone: Set as per your preference
• Country or Region: Set as per your preference

Chapter 6 - Page 14
zone2 console login: root
Password: oracle1
...
...
#
6. Determine the zone’s network interface and IP configuration.
# ifconfig –a
index 1
net0:2:
flags=100001100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4,PHYSRUNNING> mtu
ble
1500 index 4
e r a
nsf
-tra
index 1
inet6 ::1/128 n o n
s a
7. a
Use ping command to verify if you can communicate with global zone and other VMs.
) h eฺ
# ping 192.168.0.112 e
tฺa Guid
192.168.0.112 is alive
n e
# ping 192.168.0.113
t e sฺ ent
192.168.0.113 is alive
m ira Stud
# ping 192.168.0.172
192.168.0.172 is alivei@
e his
q a v se t
h i dฺ zone.
8. Move back into the global
t o u
# exit
i ( sha ense
Q
v console
azone2 lic login: ~.
a h id [Connection to zone ‘zone2’ console closed]
Sh root@s11-server1:~#

Chapter 6 - Page 15
Practice 6-3: Configuring a Kernel Zone (demonstration)
Overview
Kernel Zones is a feature enhancement that extends the functionality of the existing zones
technology. The Oracle Solaris Kernel Zones feature provides a full kernel and user
environment within a zone, and also increases kernel separation between the host and the
zone.
In this demonstration, you will observe how to:
• Configure and install a kernel zone
• Clone a kernel zone
• Warm migrate a kernel zone
Assumptions
ble
e r a
demonstration.
a nsf
Special note for playing the demo: o n -tr
• a
To be able to view demo controls in the browser, it is recommended to switch to full n
screen. a s
h eฺ
• e )
To switch to full-screen mode in the browser window, select View  Full Screen.
n e tฺa Guid
Task
t e sฺ ent
ira Stud
Perform the following steps on your host machine:
m
1. Open a terminal window.
@ e his
a i
v se t
2. Change to the /opt/ora/demo/Configuring_KZ_on_SPARC directory.
i d ฺ q u
ah se t o
# cd /opt/ora/demo/Configuring_KZ_on_SPARC
# ls sh
v i ( icen
Q l
aConfiguring_Kernel_Zones_on_SPARC.swf
Configuring_Kernel_Zones_on_SPARC.htm
a h id standard.js
Sh 3. Open the Configuring_Kernel_Zones_on_SPARC.htm file in a web browser.
# firefox Configuring_Kernel_Zones_on_SPARC.htm &
A browser window with the Flash demo is displayed for you to walkthrough.

Chapter 6 - Page 16
Practice 6-4: Cloning and Deploying a Kernel Zone by Using an
Unified Archive (Demonstration)
Overview
Oracle Solaris Unified Archives are a new native archive type for Oracle Solaris. Unified
Archives allow for multiple system instances to be archived in a single unified file format. Unified
Archives may contain one or more archived instances of Oracle Solaris OS from a single host.
An OS instance may be a global zone, a non-global zone, or a kernel zone. These individual
systems may be archived independently or bundled together. They may also be selectively
archived, so that an archive may contain only one zone or a selection of zones.
In this demonstration, you will observe how to deploy a kernel zone with the help of a clone
archive of a kernel zone.
Assumptions ble
e r a
nsf
demonstration.
-tra
n o n
Special note for playing the demo:
s a
• a
h eฺ
To be able to view demo controls in the browser, it is recommended to switch to full
)
screen. e
tฺa Guid
n e
•
sฺ ent
To switch to full-screen mode in the browser window, select View  Full Screen.
t e
m ira Stud
Tasks
@ e his
i
Perform the following steps on your
a host t
v semachine:
1. Open a terminal window.
i q
dฺ to u
h
ha/opt/ora/demo/
2. Change to the
( s e n se Using_UA_to_Deploy_KZ directory.
i
a## vcd lic
/opt/ora/demo/Using_UA_to_Deploy_KZ
Q
id standard.js
ls
a h
Sh Using_UA_to_Deploy_KZ.htm
Using_UA_to_Deploy_KZ.swf
3. Open the Using_UA_to_Deploy_KZ.htm file in a web browser.

# firefox Using_UA_to_Deploy_KZ.htm &
A browser window with the Flash demo is displayed for you to walkthrough.

Chapter 6 - Page 17
Practice 6-5: Monitoring Zone Resource Utilization
Overview
Oracle Solaris 11 provides a powerful new zone monitoring utility: zonestat. The zonestat
utility allows you to gather reports on CPU, memory, and resource control utilization of the
currently running zones. Each zone’s utilization is reported as a percentage of both system
resources and the zone’s configured limits.

The zonestat utility prints a series of reports at the specified interval. It optionally also prints
one or more summary reports at a specified interval.
Task: Monitor Zone Resource Utilization

Perform the following steps in S11-Server1 VM to monitor zone resource utilization:
1. Use the zonestat utility to display a summary of memory utilization every five seconds.
ble
root@s11-server1:~# zonestat -z global -r physical-memory 5
e r a
nsf
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
-tra
PHYSICAL-MEMORY SYSTEM MEMORY
n o n
mem_default
s a3583M
) a
h eฺ
ZONE USED %USED CAP %CAP
e [total] 2228M 62.1%

tฺa Guid
- -
n e [system] 1638M 45.7% - -
t e sฺ ent global 285M 7.97% - -

...
m ira Stud
Use Control + C to escape theezonestat is command.
2. Use the zonestat utilitya i @ t h
tovreport onethe default processor set (pset) once a second for
one minute. i d ฺ q
t o us
h
i ( sha3, Duration:
e n
root@s11-server1:~#sezonestat -r default-pset 1 1m
Q
v
Interval:
lic
aPROCESSOR_SET 0:00:03
TYPE ONLINE/CPUS MIN/MAX
i d
h ah pset_default default-pset 1/1 1/1
S ZONE USED %USED

[total] 0.26 26.1%
CAP %CAP
- -
SHRS %SHR %SHRU
- - -
[system] 0.07 7.29% - - - - -
global 0.17 17.0% - - - - -
zone1 0.00 0.87% - - - - -
zone2 0.00 0.91% - - - - -
...
Use Control + C to escape the zonestat command.

Chapter 6 - Page 18
3. Use the zonestat utility to monitor silently at 10-second intervals for one minute and then
produce a report on the total and high utilizations.
Note: To view the output, you need to wait for a minute.
root@s11-server1:~# zonestat -q -R total,high 10s 1m
Report: Total Usage
Start: Monday, July 14, 2014 08:06:10 AM UTC
End: Monday, July 14, 2014 08:07:10 AM UTC

Intervals: 6, Duration: 0:01:00
SUMMARY Cpus/Online: 1/1 PhysMem: 3583M VirtMem: 4607M
---CPU---- --PhysMem-- --VirtMem-- --PhysNet--
ZONE USED %PART USED %USED USED %USED PBYTE %PUSE
[total] 0.11 11.1% 2228M 62.1% 2650M 57.5% 71 0.00%
[system] 0.02 2.67% 1638M 45.7% 1904M 41.3% - -
global 0.07 7.02% 285M 7.97% 360M 7.81% 541 0.00%
ble
zone1 0.00 0.54% 157M 4.40% 197M 4.29% 0 0.00%
e r a
nsf
zone2 0.00 0.86% 146M 4.08% 188M 4.08% 0 0.00%
-tr a
Report: High Usage
n o n
a
Start: Monday, July 14, 2014 08:06:10 AM UTC
s
a
h eฺ
End: Monday, July 14, 2014 08:07:10 AM UTC
)
e
tฺa Guid
Intervals: 6, Duration: 0:01:00
SUMMARY
n e Cpus/Online: 1/1 PhysMem: 3583M VirtMem: 4607M
t e sฺ ent ---CPU---- --PhysMem-- --VirtMem-- --PhysNet--
m ira Stud ZONE USED %PART USED %USED USED %USED PBYTE %PUSE
@ e his [total] 0.16 16.9% 2228M 62.1% 2650M 57.5% 1909 0.00%
a i
v se t [system] 0.03 3.87% 1638M 45.7% 1904M 41.3% - -
i q
dฺ to u global 0.07 7.09% 285M 7.97% 360M 7.81% 541 0.00%
h
sha ense
zone2 0.01 1.87% 146M 4.08% 188M 4.08% 0 0.00%
i ( zone1 0.00 0.82% 157M 4.40% 197M 4.29% 0 0.00%
4. Halta
Q the lic and zone2 to release the system resources.
v zones zone1
a h id root@s11-server1:~# zoneadm –z zone1 halt
Sh root@s11-server1:~# zoneadm –z zone2 halt
root@s11-server1:~# zoneadm list –cv


Chapter 6 - Page 19
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 6 - Page 20
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Oracle ฺ a
etSolaris i d
u11 ZFS
s ฺ n n t G
aEnhancements
t e d e
e mir Chapter
s S tu7
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
Practices for Lesson 7: Oracle Solaris 11 ZFS Enhancements

Chapter 7 - Page 1
Overview
ZFS is the root file system on Oracle Solaris 11, and it offers a superior experience in terms of
manageability, scalability, and data integrity. ZFS presents a pooled storage model that
completely eliminates the problem of partitions, provisioning, wasted bandwidth, and stranded
storage. Thousands of file systems can draw from a common storage pool, each one
consuming only as much space as it actually needs. All operations are copy-on-write
transactions ensuring that the on-disk state is always valid. Additionally, blocks are
checksummed to prevent silent data corruption, allowing data to self-heal itself in replicated
(mirrored or RAIDZ) configurations. If one copy is damaged, ZFS detects it and uses another
copy to repair it. ZFS is also at the heart of Oracle Solaris 11 software installation and
management with the IPS packaging system, greatly reducing planned and unplanned down
time with safe system upgrade capability. UFS is no longer supported as a root file system.
ble
Common Multiprotocol SCSI Target (COMSTAR) is a software framework that enables you to
e r a
turn any Oracle Solaris 11 host into a SCSI target that can be accessed over the network by
a nsf
initiator hosts. COMSTAR breaks down the huge task of handling a SCSI target subsystem into
independent functional modules. These modules are then glued together by the SCSI Target o n -tr
Mode Framework (STMF). a n
a s
h eฺ
These practices provide a guided, hands-on experience in working with the new ZFS
enhancements and with COMSTAR. e )
The key areas explored in these practices are:n e tฺa Guid
• t e sฺ ent
Migrating UFS and ZFS file systems
• m ira Stud
Splitting a mirrored ZFS storage pool
@ e his
• i
v se t
Identifying ZFS snapshot differences
a
• q
dฺ to u
Configuring ZFS deduplication
i
h
•
sha ense
Configuring an iSCSI target and an iSCSI initiator
i (
Q av lic
i d
ah
Sh

Chapter 7 - Page 2
Practice 7-1: Migrating a ZFS File System
Overview
Oracle Solaris 11 features ZFS shadow migration. Using the shadow migration feature, you can
migrate data from an old file system to a new file system while simultaneously allowing access
and modification of the new file system. ZFS shadow migration allows you to migrate file
systems as follows:
• Migrate a local or remote ZFS file system to a target ZFS file system
• Migrate a local or remote UFS file system to a target ZFS file system
Task 1: Prepare the Source File Systems

In this task, you create ZFS and UFS file systems on the S11-Server1 virtual machine. These
file systems will be the source file systems used in the ZFS shadow migration.
Perform the following steps to prepare the source file systems: ble
e r a
nsf
1. Verify that S11-Server1 and S11-Desktop VMs are running.
2. Log in to the S11-Server1 VM as the user oracle and su to root role.
-tra
3. List the disk drives currently configured in the system. n o n
s a
root@s11-server1:~# format
Searching for disks...done ) a
h eฺ
e
tฺa Guid
n e
t e sฺ ent
ira Stud
AVAILABLE DISK SELECTIONS:
m
0. c1t0d0 <ATA-VBOX HARDDISK-1.0-45.00GB>
e his
i @ t
/pci@0,0/pci8086,2829@d/disk@0,0
v HARDDISK-1.0
e
q a
1. c1t2d0 <ATA-VBOX
ฺ u s cyl 1022 alt 2 hd 64 sec 32>
h id to HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>

/pci@0,0/pci8086,2829@d/disk@2,0
a
2. c1t3d0
n e
sh /pci@0,0/pci8086,2829@d/disk@3,0
s
<ATA-VBOX
i ( c e
Q av 3. c1t4d0
li <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
i d
ah /pci@0,0/pci8086,2829@d/disk@4,0
Sh 4. c1t5d0 <ATA-VBOX HARDDISK-1.0 cyl

/pci@0,0/pci8086,2829@d/disk@5,0
1022 alt 2 hd 64 sec 32>
5. c1t6d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>

/pci@0,0/pci8086,2829@d/disk@6,0
/pci@0,0/pci8086,2829@d/disk@7,0
/pci@0,0/pci8086,2829@d/disk@8,0
/pci@0,0/pci8086,2829@d/disk@9,0
Specify disk (enter its number):

Chapter 7 - Page 3
4. Create a UFS file system on disk drive 6.
Specify disk (enter its number): 6
selecting c1t7d0
[disk formatted]
No Solaris fdisk partition found.
...
format> fdisk
No fdisk table exists. The default partition for the disk is:
a 100% "SOLARIS System" partition
Type "y" to accept the default partition, otherwise type "n" to edit the
partition table.
y
ble
format> partition
e r a
nsf
...
partition> modify
-tra
Select partitioning base:
n o n
0. Current partition table (default)
s a
1. All Free Hog
) a
h eฺ
Choose base (enter number) [0]? 1
e
tฺa Guid
...
n e
t e sฺ ent
Do you wish to continue creating a new partition
ira Stud
table based on above table[yes]? <Press Return>
m
e his
Free Hog partition[6]? <Press Return>
@
i
v se t
Enter size of partition '0' [0b, 0c, 0.00mb, 0.00gb]: 0
a
q
dฺ to u
i
h
( sha ense
i
Q av lic
i d
ah ...
Sh Okay to make this the current partition table[yes]? <Press Return>
Enter table name (remember quotes): "shadow"
Ready to label disk, continue? y

...
partition> quit
root@s11-server1:~# newfs /dev/rdsk/c1t7d0s6

newfs: construct a new file system /dev/rdsk/c1t7d0s6: (y/n)? y
mkfs: bad value for rps: 1056 must be between 1 and 1000
mkfs: rps reset to default 60
/dev/rdsk/c1t7d0s6: 2088960 sectors in 1020 cylinders of 64 tracks, 32
sectors
1020.0MB in 64 cyl groups (16 c/g, 16.00MB/g, 7680 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 32832, 65632, 98432, 131232, 164032, 196832, 229632, 262432, 295232,
1771232, 1804032, 1836832, 1869632, 1902432, 1935232, 1968032, 2000832,
2033632, 2066432

Chapter 7 - Page 4
root@s11-server1:~#
5. Mount the UFS file system.
root@s11-server1:~# mkdir /export/UFS_data
root@s11-server1:~# mount /dev/dsk/c1t7d0s6 /export/UFS_data
Note: The UFS file system contains a lost+found directory. This directory has no
meaning for ZFS and shadow migration might have problems with it. You can temporarily
remove this directory and re-create it later with fsck.
root@s11-server1:~# rm -r /export/UFS_data/lost+found
6. Create a ZFS file system.
root@s11-server1:~# zfs create rpool/export/ZFS_data
7. Share the UFS and ZFS file systems as read-only and show the results.
root@s11-server1:~# share –F nfs –o ro /export/UFS_data
root@s11-server1:~# share –F nfs –o ro /export/ZFS_data
ble
e r a
root@s11-server1:~# showmount –e
a nsf
o n -tr
/export/UFS_data (everyone)
a n
/export/UFS_data (everyone)
a
h eฺ s
8. Store some data in the UFS and ZFS file systems. e )
e tฺa Guid/export/UFS_data
root@s11-server1:~# cp /opt/ora/iso/sol-11_2-ai-x86.iso
n
e sฺ ent
root@s11-server1:~# cp /opt/ora/iso/sol-11_2-text-x86.iso
t /export/ZFS_data
Task 2: Migrate the File Systemsem

ira Stud
i @ t h is on the S11-Server1 virtual machine to the
In this task, you migrate ZFS and
S11-Desktop virtual machine. ฺ q av use
UFS file systems
Perform the following a h id to

steps oneS11-Desktop VM to migrate file systems:
( s h n s
1. Verifyv
a i
whether c e
S11-Desktop
l i VM is running, and whether you are logged in as the oracle
i d Q and assumed the root role.

user
h ah2. Verify that this server can access DNS services.

S root@s11-desktop:~# nslookup s11-server1
Server: 192.168.0.112
Address: 192.168.0.112#53
Address: 192.168.0.112
3. Search for the shadow-migration package in the IPS repository.

root@s11-desktop:~# pkg search shadow-migration
pkg.fmri set solaris/system/file-system/shadow-migration
pkg:/system/file-system/shadow-migration@0.5.11-0.175.2.0.0.42.2

Chapter 7 - Page 5
4. Display detailed information about the shadow-migration package.
root@s11-desktop:~# pkg info -r shadow-migration
Name: system/file-system/shadow-migration
Summary: Shadow migration libraries and commands
Description: Shadow migration can be used to migrate data from an existing
file system to a new file system. It can be enabled by
setting
the shadow property on the destination ZFS dataset using the
zfs(1M) command.
Category: System/File System
State: Not installed
Publisher: solaris
Version: 0.5.11
Build Release: 5.11
Branch: 0.175.2.0.0.42.2
ble
e r a
nsf
Packaging Date: June 24, 2014 06:52:20 PM
Size: 510.76 kB
-tra
FMRI: pkg://solaris/system/file-system/shadow-migration@0.5.11,5.11-
0.175.2.0.0.42.2:20140624T185220Z
n o n
5. Install the shadow-migration package and show the results. s a
a
h eฺ
root@s11-desktop:~# pkg install shadow-migratione)
Creating Plan ...
n e tฺa Guid
Services to change: ra 1t
esฺ dent
e
Create boot environment: mi No is Stu
v i@ e tNoh
Create backup boot environment:
a
DOWNLOAD
d ฺ q u s PKGS FILES XFER (MB) SPEED
Completed h
a i t o
h s e 1/1 14/14 0.2/0.2 997k/s
v i (s icen
a
PHASE l
Q Installing new actions
ITEMS
i d 39/39
ah Updating package state database Done
Sh Updating package cache 0/0
root@s11-desktop:~# pkg list shadow-migration

NAME (PUBLISHER) VERSION IFO
system/file-system/shadow-migration 0.5.11-0.175.2.0.0.42.2 i--
6. Enable the shadow migration service and show the results.
root@s11-desktop:~# svcadm enable shadowd
root@s11-desktop:~# svcs shadowd

STATE STIME FMRI
online 4:45:41 svc:/system/filesystem/shadowd:default

Chapter 7 - Page 6
7. Create the ZFS shadow migration file system for the UFS and ZFS file system exports.
root@s11-desktop:~# zfs create -o shadow=nfs://s11-server1/export/UFS_data \
rpool/export/shadow_UFS_data
root@s11-desktop:~# zfs create -o shadow=nfs://s11-server1/export/ZFS_data \

rpool/export/shadow_ZFS_data
8. Display statistics on in-progress shadow migrations until the migrations have completed.
root@s11-desktop:~# shadowstat
EST
BYTES BYTES ELAPSED
DATASET XFRD LEFT ERRORS TIME
rpool/export/shadow_ZFS_data - - - 00:00:12
rpool/export/shadow_UFS_data - - - 00:00:30
ble
e r a
nsf
-tra
n o n
rpool/export/shadow_UFS_data -
s a - - 00:01:00
) a
-
h eฺ - - 00:00:52
rpool/export/shadow_UFS_data
e
tฺa Guid
- - - 00:01:10
...
n e
rpool/export/shadow_ZFS_data -
s-ฺ e--nt 00:07:56
-ate -
i
r t u d 00:08:07
e m is S
a v i@ e t--h --
rpool/export/shadow_ZFS_data - 00:08:27
i d ฺq o us -
rpool/export/shadow_ZFS_data - 00:08:37
a h e t
rpool/export/shadow_ZFS_data - - 00:08:47
i ( sh ens
Q av lic
i d rpool/export/shadow_ZFS_data - - - 00:09:17
ah rpool/export/shadow_ZFS_data - - - 00:09:27
Sh No migrations in progress
root@s11-desktop:~#
9. After the shadow migrations have completed, list the contents of the shadow migration
directories.
root@s11-desktop:~# ls –lh /export/shadow_UFS_data
total 871293
-rwxr-xr-x 1 root root 430M Jul 15 02:37 sol-11_2-ai-x86.iso
root@s11-desktop:~# ls –lh /export/shadow_ZFS_data

total 1309881
-rwxr-xr-x 1 root root 644M Jul 15 02:41 sol-11_2-text-x86.iso

Chapter 7 - Page 7
Practice 7-2: Splitting a Mirrored ZFS Storage Pool
Overview
In Oracle Solaris 11, you can split a mirrored storage pool, which detaches a disk or disks in the
original mirrored pool to create another identical pool. In this practice, you configure a mirrored
ZFS pool. You then split the pool.
Task
Perform the following steps in S11-Server1 VM to split a mirrored ZFS storage pool:
1. Run the zpool list command to display the ZFS pools currently configured in the
system.
root@s11-server1:~# zpool list
NAME SIZE ALLOC FREE CAP DEDUP
bl
HEALTH ALTROOT
e
rpool 44.5G 25.9G 18.6G 58% 1.00x
r a ONLINE -
2. Run the zpool status command to determine which disks are currently configured s infe
the
a n
ZFS rpool.
o n -tr
root@s11-server1:~# zpool status rpool
a n
as ฺ
pool: rpool
state: ONLINE
) h
scan: none requested
e t ฺae uide
config:
e s ฺn nt G
i r t CKSUM
aWRITE t u de
NAME STATE
ONLINE e
m 0 is 0S 0
READ
rpool
v i @ e 0t
h 0 0
a
ฺq o us
c1t0d0 ONLINE
h i d
errors: Noaknown data terrors
h s e
3. Run thev i (s iccommand
e n to identify any additional disks configured in the system.
Q
format
l
aroot@s11-server1:~# format
d
h ahi Searching for disks...done
S
/pci@0,0/pci8086,2829@d/disk@0,0
/pci@0,0/pci8086,2829@d/disk@2,0
/pci@0,0/pci8086,2829@d/disk@3,0
/pci@0,0/pci8086,2829@d/disk@4,0
/pci@0,0/pci8086,2829@d/disk@5,0
/pci@0,0/pci8086,2829@d/disk@6,0
/pci@0,0/pci8086,2829@d/disk@7,0

Chapter 7 - Page 8
/pci@0,0/pci8086,2829@d/disk@8,0
/pci@0,0/pci8086,2829@d/disk@9,0
Specify disk (enter its number): ^D
4. Create a mirrored ZFS pool named newpool consisting of disks c1t2d0 and c1t3d0.
Show the results.
root@s11-server1:~# zpool create newpool mirror c1t2d0 c1t3d0

NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT
newpool 1008M 112K 1008M 0% 1.00x ONLINE -
rpool 44.5G 25.9G 18.6G 58% 1.00x ONLINE -
root@s11-desktop:~# zpool status newpool

ble
pool: newpool
e r a
state: ONLINE
a nsf
config: o n -tr
a n
NAME a s
h eฺ
STATE READ WRITE CKSUM
e )
tฺa Guid
newpool ONLINE 0 0 0
n e
mirror-0 ONLINE 0 0 0
t e sฺ ent
c1t2d0 ONLINE 0 0 0
m ira Studc1t3d0 ONLINE 0 0 0
errors: No known datavierrors@e e this

5. Create a file systemi d ฺqa mydata
named
o us in the newpool pool.
h t
i ( sha ensezfs create newpool/mydata
root@s11-server1:~#
6. Perform
Q lic on splitting the newpool pool into newpool and newpool1.
av a “dry run”
h i d root@s11-server1:~# zpool split -n newpool newpool1
a
Sh
would create 'newpool1' with the following layout:
newpool1
c1t3d0
7. Split the newpool pool in to newpool and newpool1 and show the results.
root@s11-server1:~# zpool split newpool newpool1
root@s11-server1:~# zpool status newpool
pool: newpool
state: ONLINE
config:
NAME STATE READ WRITE CKSUM

c1t2d0 ONLINE 0 0 0
errors: No known data errors

Chapter 7 - Page 9
8. Import the newpool1 pool and show the results.
root@s11-server1:~# zpool import newpool1
root@s11-server1:~# zpool status

pool: newpool
state: ONLINE

config:

c1t2d0 ONLINE 0 0 0

ble
e r a
nsf
pool: newpool1
state: ONLINE
-tra
n o n
config:
s a
) a
h eฺ
0tฺa
e id
newpool1 ONLINE 0 0
0sฺ n e G u
c1t3d0 ONLINE 0
t e 0
e n t
errors: No known data errorsm
ira Stud
@ e his
a i
v se t
pool: rpool
i q
dฺ to u
h
state: ONLINE
a requested
scan: h
( s none
e n se
v i
aconfig: lic
i d Q
ah NAME STATE READ WRITE CKSUM
Sh rpool ONLINE 0 0 0
c1t0d0 ONLINE 0 0 0

9. Run the zfs list command to determine whether the mydata file system has been
replicated in the newpool1 pool.
root@s11-server1:~# zfs list
newpool 126K 976M 32K /newpool
newpool/mydata 31K 976M 31K /newpool/mydata
newpool1 129K 976M 32K /newpool1
newpool1/mydata 31K 976M 31K /newpool1/mydata
...
root@s11-server1:~#

Chapter 7 - Page 10
Practice 7-3: Identifying ZFS Snapshot Differences
Overview
In Oracle Solaris 11, you can determine ZFS snapshot differences by using the zfs diff
command. In this practice, you identify the differences between two file system snapshots.
Task
Perform the steps on S11-Server1 VM to identify ZFS snapshot differences:
1. Take a snapshot named before of the newpool/mydata file system.
root@s11-server1:~# zfs snapshot newpool/mydata@before
2. Create a new file named newfile in the newpool/mydata file system.

root@s11-server1:~# touch /newpool/mydata/newfile
3. Take another snapshot named after of the newpool/mydata file system: ble
e r a
root@s11-server1:~# zfs snapshot newpool/mydata@after
tra nsf
4. List the ZFS snapshots by name and creation date.
n -
root@s11-server1:~# zfs list -r -t snapshot -o name,creation no
s a
NAME
newpool/mydata@before
CREATION
)
Tue Jul
a
h15 4:53ฺ 2014
newpool/mydata@after e e
ฺa Jul 15uid4:54 2014
tTue
n e
ฺ WednJul t G 7 1:13 2014
rpool/ROOT/solaris@install
e s Mon
e
rpool/ROOT/solaris@2014-07-09-03:52:28
rpool/ROOT/solaris/var@install ir
at tudMon Jul 9 3:52 2014
@ em his S Wed Jul 9 3:52 2014

Jul 7 1:13 2014
vi thesebefore
t
rpool/ROOT/solaris/var@2014-07-09-03:52:28
5. Display the differences ฺ q a

between
u and after snapshots.
h i d o
t diff newpool/mydata@before newpool/mydata@after
h a
root@s11-server1:~#
s ezfs
M
v i (s /newpool/mydata/
i c e n
Q
+ l
/newpool/mydata/newfile
d
h ahi
S

Chapter 7 - Page 11
Practice 7-4: Configuring ZFS Deduplication
Overview
In Oracle Solaris 11, you can use the deduplication property to remove redundant data from
your ZFS file systems. If a file system has the dedup property enabled, duplicate data blocks
are removed synchronously. The result is that only unique data is stored and common
components are shared between files. In this practice, you configure and test ZFS
deduplication.
Task
Perform the steps on S11-Server1 VM to configure ZFS deduplication:
1. List all the ZFS pools currently configured in the system.
ble
e r a
nsf
newpool 1008M 166K 1008M 0% 1.00x ONLINE -
newpool1 1008M 129K 1008M 0% 1.00x ONLINE -
-tra
n o n
2. Determine the current deduplication settings for the newpool pool.
a
a
h eฺs
root@s11-server1:~# zpool get all newpool | grep dedup
e )
tฺa Guid
newpool dedupditto 0 default
n
newpool dedupratioe 1.00x -
t e sฺ ent
root@s11-server1:~#
ira forSthe
3. Determine the current deduplication settings
m t udnewpool/mydata file system.
root@s11-server1:~# zfs@ eall newpool/mydata
h is
v
a usi get
e t | grep dedup
ฺ q
newpool/mydata dedup
idon the tnewpool/mydata
off default
a h
4. Enable deduplication
e o file system and show the results.
h s
(s icen zfs set dedup=on newpool/mydata
a v i
root@s11-server1:~#
l
i d Q root@s11-server1:~# zfs get all newpool/mydata | grep dedup
a h
Sh 5. Create directories dir1, dir2, and dir3 in the newpool/mydata file system.
newpool/mydata dedup on local
root@s11-server1:~# mkdir /newpool/mydata/dir1

6. Copy the /opt/ora/iso/sol-11_2-ai-x86.iso file to directories dir1, dir2, and

dir3.
root@s11-server1:~# cp /opt/ora/iso/sol-11_2-ai-x86.iso /newpool/mydata/dir1

Chapter 7 - Page 12
7. List all the ZFS pools in the system.
newpool 1008M 428M 580M 42% 2.98x ONLINE -
newpool1 1008M 129K 1008M 0% 1.00x ONLINE -
8. Determine the current deduplication settings for the newpool pool.

root@s11-server1:~# zpool get all newpool | grep dedup
newpool dedupditto 0 default
newpool dedupratio 3.03x -
root@s11-server1:~#
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 7 - Page 13
Practice 7-5: Configuring a COMSTAR iSCSI Target
Overview
Using COMSTAR, you can configure iSCSI target devices on Oracle Solaris 11 hosts. In this
practice, you create an iSCSI target on virtual machine S11-Server1. You then configure S11-
Desktop as the target initiator and test the iSCSI target access.
Task 1: Create an iSCSI Logical Unit Number (LUN)

Perform the following steps on the S11-Server1 machine to create an iSCSI LUN:
1. Determine the preferred IPS publisher.
ble
2. Search the IPS repository for the storage-server package.
e r a
root@s11-server1:~# pkg search storage-server
a nsf
o n -tr
incorporate depend pkg:/storage-server@0.1,5.11-0.133
a
pkg:/consolidation/osnet/osnet-incorporation@0.5.11-0.175.2.0.0.42.2 n
pkg.fmri set a s
h eฺ
solaris/group/feature/storage-server
e )
pkg:/group/feature/storage-server@0.5.11-0.175.2.0.0.42.2
pkg.fmri set
n e tฺa Guid
solaris/storage-server pkg:/storage-
t e sฺ ent
server@0.1-0.133
ira Stud
pkg.fmri set solaris/storage/storage-server pkg:/storage/storage-
m
server@0.1-0.173.0.0.0.1.0
e hS11-Server1.
is
3. Install the storage-serveri@ package on
t
q v install
apkg s e pkg://solaris/storage/storage-server
root@s11-server1:~#
id ฺ u
...
a h e to
(
Creating
i shPlan e...
n s
av c
li Servicestotoinstall:
Packages 30
i d Q change: 1
a h
Sh
Create backup boot environment: Yes
SPEED
Completed 30/30 4811/4811 117.5/117.5
1.1M/s
PHASE ITEMS
...
root@s11-server1:~#

Chapter 7 - Page 14
4. Enable the stmf service and verify that the service is in the online state.
root@s11-server1:~# svcadm enable stmf
root@s11-server1:~# svcs stmf

STATE STIME FMRI
online 5:07:29 svc:/system/stmf:default
5. List the disks currently configured in the system.

Searching for disks...done

/pci@0,0/pci8086,2829@d/disk@0,0
ble
e r a
/pci@0,0/pci8086,2829@d/disk@2,0
a nsf
o n -tr
/pci@0,0/pci8086,2829@d/disk@3,0
a n
3. c1t4d0 <ATA-VBOX HARDDISK-1.0 cyl 1022
a s
h eฺ
alt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@4,0
e )
t ฺa u2 ihdd 64 sec 32>
e
alt
e s ฺn ntaltG 2 hd 64 sec 32>

/pci@0,0/pci8086,2829@d/disk@5,0
i r at tude
em his S
/pci@0,0/pci8086,2829@d/disk@6,0
i @
t
alt 2 hd 64 sec 32>
ฺ q av use
/pci@0,0/pci8086,2829@d/disk@7,0
i d o
h t alt 2 hd 64 sec 32>
sha ense
/pci@0,0/pci8086,2829@d/disk@8,0
v i ( c
i
alt 2 hd 64 sec 32>
Q a l/pci@0,0/pci8086,2829@d/disk@9,0
i d
ah
Sh 6.
root@s11-server1:~#
Create a ZFS pool named iscsipool using disk c1t4d0 and show the results.
root@s11-server1:~# zpool create iscsipool c1t4d0
root@s11-server1:~# zpool list iscsipool

iscsipool 1008M 112K 1008M 0% 1.00x ONLINE -
7. Create a 500 MB ZFS volume named targetvol in the iscsipool zpool and show the
results.
root@s11-server1:~# zfs create -V 500m iscsipool/targetvol
root@s11-server1:~# zfs list

iscsipool 516M 460M 31K /iscsipool
iscsipool/targetvol 516M 976M 16K -
...

Chapter 7 - Page 15
8. Create a logical unit number (LUN) for the targetvol volume and show the results.
root@s11-server1:~# stmfadm create-lu /dev/zvol/rdsk/iscsipool/targetvol
Logical unit created: 600144F0FF980700000053C4B7580001
root@s11-server1:~# stmfadm list-lu

LU Name: 600144F0FF980700000053C4B7580001
Note: Your LUN will be different from the one shown in this example.
9. Allow all systems to access the LUN by making it viewable. Show the results.
root@s11-server1:~# stmfadm add-view 600144F0FF980700000053C4B7580001
root@s11-server1:~# stmfadm list-view -l 600144F0FF980700000053C4B7580001

View Entry: 0
Host group : All
Target Group : All
ble
e r a
nsf
LUN : Auto
Task 2: Create an iSCSI Target -tr a

Perform the following steps on the S11-Server1 machine to create an iSCSI n o n
target:
a
) h as state.
1. Enable the target service and verify that the service is in the online
ฺ
ฺ a e i d e
root@s11-server1:~# svcadm enable svc:/network/iscsi/target:default
ฺ n et t Gu
root@s11-server1:~# svcs iscsi/target
t e s e n
a d
STATE
online
STIME FMRI
e mir is Stu
5:10:47 svc:/network/iscsi/target:default
a
2. Create the iSCSI target and v i@ eresults.
show the th
dฺq itadm s
ucreate-target
h i
root@s11-server1:~#
t o
sha created
n se
Target iqn.1986-03.com.sun:02:eb850f6d-7d19-c05f-954b-b2c8fb4215bd
i ( e
av lic
successfully
Q
d root@s11-server1:~# itadm list-target -v
ahi
Sh TARGET NAME
iqn.1986-03.com.sun:02:eb850f6d-7d19-c05f-954b-b2c8fb4215bd
STATE
online
SESSIONS
0
alias: -
auth: none (defaults)
targetchapuser: -
targetchapsecret: unset
tpg-tags: default
Note: The output varies from system to system.
Task 3: Configure an iSCSI Initiator

Perform the following steps to configure an iSCSI initiator:
1. Open a terminal window on the S11-Desktop VM and su to root role.
2. Enable the initiator service and verify that the service is in the online state.
root@s11-desktop:~# svcadm enable network/iscsi/initiator
root@s11-desktop:~# svcs network/iscsi/initiator

STATE STIME FMRI

Chapter 7 - Page 16
online 2:12:10 svc:/network/iscsi/initiator:default
3. Open a second terminal window and use ssh to log in to the S11-Server1 machine and su
to root role.
root@s11-desktop:~# ssh oracle@192.168.0.112
Password: oracle1
...
oracle@s11-server1:~$ su –
Password: oracle1
...
Note: Type yes for any RSA-related message.

4. In the S11-Server1 terminal window, determine the host IP address (for network interface
net0) and iSCSI target identifier.
ble
e r a
nsf
...
net0/v4 static ok 192.168.0.112/24
-tra
...
n o n
s a
a
h eฺ STATE SESSIONS
root@s11-server1:~# itadm list-target
)
TARGET NAME e
tฺa Guid online 0
e
iqn.1986-03.com.sun:02:eb850f6d-7d19-c05f-954b-b2c8fb4215bd
n
5. Move back to the S11-Desktop terminal window.
t e sฺ Configure
e n t the iSCSI initiator for static
discovery of the iSCSI target on the S11-Server1
m ud and show the results.
ira Stmachine
@
root@s11-desktop:~# iscsiadm e add hstatic-config
is \
i
av use t
iqn.1986-03.com.sun:02:637e46ed-e002-c598-d723-8e8204dba603,192.168.0.112
ฺ q
id iscsiadm
a h
root@s11-desktop:~#
e to list static-config
( h
sConfiguration
n s Target: iqn.1986-03.com.sun:02:eb850f6d-7d19-c05f-954b-
av i
Static
li c e
b2c8fb4215bd,192.168.0.112:3260
Q
6.id Enable the static discovery method and show the results.
a h
Sh root@s11-desktop:~# iscsiadm modify discovery --static enable
root@s11-desktop:~# iscsiadm list discovery

Discovery:
Static: enabled
Send Targets: disabled
iSNS: disabled
7. Verify that the iSCSI target on S11-Server1 can be discovered.
root@s11-desktop:~# iscsiadm list target
Target: iqn.1986-03.com.sun:02:eb850f6d-7d19-c05f-954b-b2c8fb4215bd
Alias: -
TPGT: 1
ISID: 4000002a0000
Connections: 1
8. Run the devfsadm command to reconfigure the /dev namespace to recognize the iSCSI
disk.
root@s11-desktop:~# devfsadm -i iscsi

Chapter 7 - Page 17
9. Use the format utility to verify that the iSCSI disk is configured in the system.
root@s11-desktop:~# format

0. c0t600144F0FF980700000053C4B7580001d0 <SUN-COMSTAR-1.0 cyl 498 alt 2

hd 64 sec 32>
/scsi_vhci/disk@g600144f0ff980700000053c4b7580001
/pci@0,0/pci8086,2829@d/disk@0,0
...
10. Create a new ZFS pool named testpool by using the iSCSI disk and show the results.
ble
root@s11-desktop:~# zpool create testpool \
e r a
nsf
c0t600144F0FF980700000053C4B7580001d0
-tra
root@s11-desktop:~# zpool status testpool
n o n
pool: testpool
s a
state: ONLINE
) a
h eฺ
e
tฺa Guid
config:
n e
t e sฺ ent
NAME
i r a tud STATE READ WRITE CKSUM
testpool
@ em his S ONLINE 0 0 0
a v i e t
c0t600144F0FF980700000053C4B7580001d0 ONLINE 0 0 0
i o us
dฺqdata terrors
a h
senamed storage by using the testpool zpool and show the
errors: No known
( shZFS
11. Create ai new e n
volume
av
results.
Q lic
a h id root@s11-desktop:~# zfs create testpool/storage
Sh root@s11-desktop:~# zfs list
...
testpool 124K 452M 32K /testpool
testpool/storage 31K 452M 31K /testpool/storage

Chapter 7 - Page 18
Practice 7-6: Test Your Skills and Knowledge
Overview
step-by-step guide.
Note: This practice is optional. Check with your instructor to determine if you have enough time
available to complete this practice. If you begin this practice and run out of time, set this practice
aside and return to it if time permits.
Task 1: Configure an iSCSI Target ble

e r a
Perform the following task on the S11-Server1 VM.
a nsf
1. Create an iSCSI Logical Unit Number (LUN). Use disk 7 (c7t8d0).
o n -tr
2. Create an iSCSI Target.
a n
Task 2: Configure an iSCSI Initiator a s
h eฺ
e )
Perform the following task on the S11-Desktop VM:
n e tฺa Guid
1. Configure iSCSI initiator.
t e sฺ ent
2. Test the iSCSI device.
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
a h id
Sh

Chapter 7 - Page 19
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 7 - Page 20
ble
e r a
a nsf
o n -tr
a n
a s
hLesson
Oracle ฺ a
etSolaris i d
u11 Security
s ฺ n n t G
aEnhancements
t e d e
e mir Chapter
s S tu8
v i @ e thi
i d ฺqa o us
a h e t
h
(s icen s
a v i l
i d Q
ah
Sh
Practices for Lesson 8: Oracle Solaris 11 Security Enhancements

Chapter 8 - Page 1
Practices Overview
The Oracle Solaris 11 operating system features powerful new security enhancements such as
ZFS data encryption, a new cryptographic framework, Secure by Default, and the Basic Audit
Reporting Tool (BART). The cryptographic framework and Secure by Default are not new
technologies but have been enhanced in Oracle Solaris 11.

This practice provides a guided, hands-on experience in working with the new security
enhancements found in the Oracle Solaris 11 operating system. The key areas explored in
these practices are:
• Managing encryption keys
• Configuring a ZFS encrypted storage pool
• Configuring a ZFS encrypted file system e
• Configuring read-only zones r a bl
e
• Use BART to audit system files
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 8 - Page 2
Practice 8-1: Managing Encryption Keys
Overview
Cryptography is the science of encrypting and decrypting data. Cryptographic services provide
authentication and encryption mechanisms to applications and users. Central to the Oracle
Solaris cryptographic framework is the pktool command. The pktool command allows you to
manage the certificates and keys on multiple keystores including PKCS#11 tokens, Netscape
Security Services (NSS) tokens, and standard file-based keystores for OpenSSL.
Task
Perform the following steps to manage encryption keys:
1. Power off the S11-Desktop VM.
2. Verify S11-Server1 VM is running.
If the virtual machine is not running, start it at this time. Log in to virtual machine S11- ble
e r a
nsf
Server1 as the user oracle and su to root role.
3. Take a few minutes and familiarize yourself with the pktool man page.
-tra
root@s11-server1:~# man pktool
n o n
...
s a
) a
h youeฺ(the user) to the
4. Change the default passphrase (changeme) used to authenticate
PKCS#11 token.
e
tฺa Guid
n e
Enter token passphrase: changeme ate
root@s11-server1:~# pktool setpin sฺ ent
m ir Stud
e
Create new passphrase: oracle1
@oracle1thi
s
i
av use
Re-enter new passphrase:
ฺ q
Passphrase changed.
d symmetric
iAES
h
5. Generate a 256abit e to key labeled myaeskey and show the results.
i ( sh ens pktool genkey label=myaeskey keytype=aes keylen=256
v PIN forlic Sun Software PKCS#11 softtoken: oracle1
root@s11-server1:~#
Q aEnter
a h id
Sh root@s11-server1:~# pktool list objtype=key
Enter PIN for Sun Software PKCS#11 softtoken: oracle1
No. Key Type Key Len. Key Label
----------------------------------------------------
Symmetric keys:
1) AES 256 myaeskey
6. Edit the /newpool/mydata/newfile file with a simple message.

root@s11-server1:~# vi /newpool/mydata/newfile
This is a test.
7. Encrypt the /newpool/mydata/newfile file by using your AES key.

root@s11-server1:~# encrypt -a aes -K myaeskey -i /newpool/mydata/newfile \
-o /newpool/mydata/newfile
Enter PIN for Sun Software PKCS#11 softtoken : oracle1

Chapter 8 - Page 3
8. Display the contents of the /newpool/mydata/newfile file.
root@s11-server1:~# cat /newpool/mydata/newfile
<some encrypted data>
9. Decrypt the /newpool/mydata/newfile file by using your AES key.

root@s11-server1:~# decrypt -a aes -K myaeskey -i /newpool/mydata/newfile \
-o /newpool/mydata/newfile
Enter PIN for Sun Software PKCS#11 softtoken : oracle1
10. Display the contents of the /newpool/mydata/newfile file.

root@s11-server1:~# cat /newpool/mydata/newfile
This is a test.
Note: If you observe that no output is displayed for the cat command, add another line of
text in step 6, and repeat the remaining steps.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 8 - Page 4
Practice 8-2: Configuring a ZFS-Encrypted Storage Pool
Overview
In this practice, you create an encrypted ZFS pool with a file system that inherits the encryption
properties.
Task
Perform the following steps to configure a ZFS-encrypted storage pool:
1. Run the format command to identify any additional disks configured in the system.
ble
e r a
nsf
/pci@0,0/pci8086,2829@d/disk@0,0
-tr a
n o n
/pci@0,0/pci8086,2829@d/disk@2,0
s a
) a
h eฺ
/pci@0,0/pci8086,2829@d/disk@3,0
e
tฺa Guid
e
n
t e sฺ entalt 2 hd 64 sec 32>
/pci@0,0/pci8086,2829@d/disk@4,0
ira Stud
m
e his
/pci@0,0/pci8086,2829@d/disk@5,0
i @ t
v e
alt 2 hd 64 sec 32>
i d ฺqa o us
/pci@0,0/pci8086,2829@d/disk@6,0
a h e t
alt 2 hd 64 sec 32>
i ( sh ens
/pci@0,0/pci8086,2829@d/disk@7,0
Q av lic
/pci@0,0/pci8086,2829@d/disk@8,0
alt 2 hd 64 sec 32>
i d
ah 8. c1t9d0 <ATA-VBOX HARDDISK-1.0 cyl 1022 alt 2 hd 64 sec 32>
Sh /pci@0,0/pci8086,2829@d/disk@9,0
root@s11-server1:~#
2. Run the zpool status command to determine which disks are currently configured in the
ZFS pools.
root@s11-server1:~# zpool status
pool: iscsipool
state: ONLINE
config:

iscsipool ONLINE 0 0 0
c1t4d0 ONLINE 0 0 0

Chapter 8 - Page 5
pool: newpool
state: ONLINE
config:

c1t2d0 ONLINE 0 0 0
pool: newpool1
state: ONLINE
config:
ble
e r a
a nsf
newpool1 ONLINE 0 0 0
o n -tr
c1t3d0 ONLINE 0 0
a 0 n
a s
h eฺ
e )
n e tฺa Guid
pool: rpool
t e sฺ ent
ira Stud
state: ONLINE
m
e his
config:
i @
v se t
q a
NAME idฺ STATEo u READ WRITE CKSUM
a h ONLINEe t
( h
s c1t0d0
rpool
n s 0 0 0
av i lic e ONLINE 0 0 0
i d Q errors: No known data errors

ah
Sh 3. Use the available disk to create an encrypted ZFS pool named encryptedpool. For the
encryptedpool pool, enter the passphrase as oracle123.
root@s11-server1:~# zpool create -O encryption=on encryptedpool c1t5d0
Enter passphrase for 'encryptedpool': oracle123
Enter again: oracle123
4. Create a ZFS file system named encryptedpool/mysecrets.

root@s11-server1:~# zfs create encryptedpool/mysecrets
5. Display the encryption property of the encryptedpool/mysecrets file system.

root@s11-server1:~# zfs get encryption encryptedpool/mysecrets
NAME PROPERTY VALUE SOURCE
encryptedpool/mysecrets encryption on inherited from encryptedpool

Chapter 8 - Page 6
6. Display the keysource property of the encryptedpool/mysecrets file system.
root@s11-server1:~# zfs get keysource encryptedpool/mysecrets
NAME PROPERTY VALUE SOURCE
encryptedpool/mysecrets keysource passphrase,prompt inherited from
encryptedpool
7. Export the encrypted pool.
root@s11-server1:~# zpool export encryptedpool

8. Import the encrypted pool.
root@s11-server1:~# zpool import encryptedpool
Enter passphrase for ‘encryptedpool’:
Observe that you are prompted for passphrase. Enter the passphrase as oracle123.
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 8 - Page 7
Practice 8-3: Configuring a ZFS-Encrypted File System
Overview
In this practice, you create an encrypted ZFS file system by using a raw key that you create in a
nonencrypted pool.
Task
Perform the following steps to configure a ZFS-encrypted file system:
1. Generate a 256-bit AES raw key in a keystore file named /myzfskey.
root@s11-server1:~# pktool genkey keystore=file outkey=/myzfskey \
keytype=aes keylen=256
2. Create an encrypted ZFS file system named newpool/mysecretdata by using the

aes-256-ccm algorithm and the key you generated in the previous step.
ble
root@s11-server1:~# zfs create -o encryption=aes-256-ccm \
e r a
nsf
-o keysource=raw,file:///myzfskey newpool/mysecretdata
3. Display the encryption property of the newpool/mysecretdata file system.

-tra
root@s11-server1:~# zfs get encryption newpool/mysecretdata
n o n
NAME PROPERTY
s aVALUE SOURCE
) a
h eฺ
newpool/mysecretdata encryption aes-256-ccm local
e
tฺa Guidfile system.
4. Display the keysource property of the newpool/mysecretdata
root@s11-server1:~# zfs get keysource s ฺ n e t
t e
a tud e n
newpool/mysecretdata
NAME PROPERTY
i r VALUE SOURCE
em hraw,file:///myzfskey
newpool/mysecretdata keysource
@ i s S local
q a vi se t
h i dฺ to u
i ( sha ense
Q av lic
a h id
Sh

Chapter 8 - Page 8
Practice 8-4: Configuring Read-Only Zones
Overview
In this practice, you create and test a new zone that has its root file system protected against
modifications by the zone.
Task
Perform the following steps to create and test a read-only nonglobal zone:
1. On the S11-Server1 VM, display the current data links.
ble
e r a
nsf
2. Create a virtual NIC over data link speedway0 and show the results.
-tra
root@s11-server1:~# dladm create-vnic -l net0 vnic0
n o n
s a
root@s11-server1:~#
) a
h eฺ
dladm show-link
LINK
unknowntฺa
STATE e
OVER
id
CLASS MTU
net1
n e --
G uphys 1500
net2
net3
t e sฺ e--nt
unknown
unknown
-- phys
phys
1500
1500
m ira up
net0
S t ud -- phys 1500
e vnic0
i s up net0 vnic 1500
v
3. Create a read-only nonglobal
a i@ th virtual NIC vnic0. Set the file-mac-
zone by using
e
profile property to
i ฺq o us
dfixed-configuration.
a h e t
h s
(s ictoenbegin configuring a new zone
Usei 'create'
v l create
azonecfg:zone5>
Q
id create:
a h Using system default template ‘SYSdefault’
Sh
zonecfg:zone5> set brand=solaris
zonecfg:zone5> set file-mac-profile=fixed-configuration
zonecfg:zone5> exit
root@s11-server1:~#
Note: The fixed-configuration value permits updates to /var/* directories, with the
exception of directories that contain system configuration components.
IPS packages, including new packages, cannot be installed.
Persistently enabled SMF services are fixed.
SMF manifests cannot be added from the default locations.

Chapter 8 - Page 9
Logging and auditing configuration files can be local. Syslog and audit configurations are
fixed.
4. Use the sysconfig create-profile command to create a profile for zone5.
root@s11-server1:~# sysconfig create-profile -o /var/tmp/zone5_cfg
Use the following system configuration attributes while creating the SC profile:
• Host name: zone5

− Network Interface: vnic0
− IP Address: 192.168.0.174
ble
− Alternate Name Service: None e r a
• Time zone: Use your local region a nsf
• Language: Use your local language o n -tr
• Territory: Use your local territory a n
a s
h eฺ
e )
n e tฺa Guid
• User account:
t e sฺ ent
m ira Stud
− Username: oraclei@
e his
q a v se t
h i dฺ Default
t o u
•
s h a
Support registration:
s e options
( n
•
Q avi lice Configuration: Default (no proxy)
Support: Network
i d
ah
Sh

Chapter 8 - Page 10
ble
e r a
a nsf
o n -tr
a n
h eฺa s
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i
5. Install zone5 by using q
dฺ the profileucreated in the previous step.
h t o
( sha ensezoneadm -z zone5 install
root@s11-server1:~#
-c i/var/tmp/zone5_cfg/sc_profile.xml
\
Q av lic
a h id The following ZFS file system(s) have been created:
Sh rpool/zones/zone5
Image: Preparing at /zones/zone5/root.

AI Manifest: /tmp/manifest.xml.tDaGho
SC Profile: /var/tmp/zone5_cfg/sc_profile.xml
Zonename: zone5
Installation: Starting ...
Creating IPS image

...
solaris
SPEED

Chapter 8 - Page 11
Completed 282/282 53274/53274 351.9/351.9
602k/s
PHASE ITEMS

done.
ble
e r a
a nsf
o n -tr
a n
a
h eฺs
e )
n e tฺa Guid

t e sฺ ent
ira Stud
m
6. Boot zone5.
@ e his
i
v s-ze zone5
root@s11-server1:~#azoneadm
t boot
i q
dฺ of the u
h
7. Display the current value t o zone file-mac-profile property.
i ( sha ensezonecfg -z zone5 info file-mac-profile

root@s11-server1:~#
Q
v lic fixed-configuration
afile-mac-profile:
8.id Log in to zone5 and wait until the zone configuration completes.
h
a
Sh root@s11-server1:~# zlogin –C zone5
...
Note: Ignore the sendmail service related messages displayed on the zone console.
9. Verify that the zone5 IPpkg publisher is configured correctly.
root@zone5:~# pkg publisher
PUBLISHER TYPE STATUS P URI
solaris (syspub) origin online T <system-repository>
10. Verify that the apptrace package is not currently installed in the zone.
root@zone5:~# pkg list apptrace
pkg list: no packages matching 'apptrace' installed

Chapter 8 - Page 12
11. Attempt to install the apptrace package in the zone.
root@zone5:~# pkg install apptrace
pkg install: Could not complete the operation on /var/pkg/lock: read-only
filesystem.
12. Exit from zone5.

root@zone5:~# exit
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 8 - Page 13
Practice 8-5: Using BART to Audit System Files
Overview
In this practice, you create a BART rules file and apply it to a BART report. You then compare
BART reports to determine whether changes occurred in the /export/home/oracle
directory.
Task
Perform the following steps to configure the BART:
1. Change directory to /var/tmp and create a BART rules file named bartrules that
contains these rules:
IGNORE all
/export/home/oracle
ble
CHECK all
e r a
root@s11-server1:~# cd /var/tmp
a nsf
root@s11-server1:/var/tmp# vi bartrules
o n -tr
IGNORE all
a n
/export/home/oracle
a
h eฺs
CHECK all
e )
ฺa inutheidprevious step and
2. Create a BART report by using the rules file that you tcreated
e
display the results.
s ฺ n n t G
r e de
at -rtubartrules
i
root@s11-server1:/var/tmp# bart create > \
em his S
bart-`hostname`-`date '+%d%m%Y-%H:%M:%S'`
@
q a vi ls
root@s11-server1:/var/tmp#
s e t
bart*
h i dฺ to u
bart-s11-server1-15072014-07:35:24 bartrules
a
sh ofethe e
sBART report.
3. View the contents
v i ( c n
Q li
aroot@s11-server1:/var/tmp# more bart-s11-server1-15072014-07\:35\:24
a h id ! Hash SHA256
! Version 1.1
Sh ! Thursday, Jul 15, 2014 (07:35:24)

# Format:
#fname D size mode acl dirmtime uid gid
#fname P size mode acl mtime uid gid
#fname S size mode acl mtime uid gid
#fname F size mode acl mtime uid gid contents
#fname L size mode acl lnmtime uid gid dest
#fname B size mode acl mtime uid gid devnode
#fname C size mode acl mtime uid gid devnode
/export/home/oracle D 5 40755
owner@:list_directory/read_data/add_file/write_data/add_subdirectory/append_da
ta/read_xattr/write_xattr/execute/delete_child/read_attributes/write_attribute
s/read_acl/write_acl/write_owner/synchronize:allow,group@:list_directory/read_
data/read_xattr/execute/read_attributes/read_acl/synchronize:allow,everyone@:l
ist_directory/read_data/read_xattr/execute/read_attributes/read_acl/synchroniz
e:allow 538433fa 100 10
...
(output truncated)

Chapter 8 - Page 14
4. Create a file named newfile in the /export/home/oracle directory.
root@s11-server1:/var/tmp# touch /export/home/oracle/newfile
5. Create another BART report by using the rules file and display the results.
root@s11-server1:/var/tmp# bart create -r bartrules > \
bart-`hostname`-`date '+%d%m%Y-%H:%M:%S'`
root@s11-server1:/var/tmp# ls bart*
bart-s11-server1-15072014-07:36:38
6. Compare the two BART reports.
root@s11-server1:/var/tmp# bart compare -r bartrules \
bart-s11-server1-15072014-07\:35\:24 \
bart-s11-server1-15072014-07\:36\:38
/export/home/oracle:
ble
size control:5 test:6
e r a
dirmtime control:53ba0c5a test:53c4d9f5
a nsf
/export/home/oracle/newfile:
o n -tr
add
a n
7. s
Edit the /export/home/oracle/newfile file by adding a simple message.
a
h eฺ
e )
root@s11-server1:/var/tmp# vi /export/home/oracle/newfile
This is a test.
n e tฺa Guid
8.
e ฺ and display
Create another BART report by using the rulessfile n t the results.
t d e
a -rtubartrules
root@s11-server1:/var/tmp# bartircreate > \
m
e his
bart-`hostname`-`date '+%d%m%Y-%H:%M:%S'`S
i @
v ls e t
q a s
h i dฺ to u
root@s11-server1:/var/tmp# bart*
s h a s e
bart-s11-server1-15072014-07:35:24 bart-s11-server1-15072014-07:39:25
v i ( c e n
9.
Qa the second
Compare li and third BART reports.
d
ahi
root@s11-server1:/var/tmp# bart compare -r bartrules \
Sh bart-s11-server1-15072014-07:36:38
bart-s11-server1-15072014-07:39:25
\
/export/home/oracle/newfile:
size control:0 test:16
mtime control:53c4d9f5 test:53c4daa2
contents
control:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
test:11586d2eb43b73e539caa3d158c883336c0e2c904b309c0c5ffe2c9b83d562a1
10. Close the terminal window and shut down the VM.

Chapter 8 - Page 15
ble
e r a
a nsf
o n -tr
a n
a s
h eฺ
e )
n e tฺa Guid
t e sฺ ent
m ira Stud
@ e his
a i
v se t
i q
dฺ to u
h
i ( sha ense
Q av lic
i d
ah
Sh

Chapter 8 - Page 16

Transition to Oracle Solaris 11: license to use this Student Guideฺ

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Transition to Oracle Solaris 11: license to use this Student Guideฺ

Uploaded by

Copyright:

Available Formats

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2015, Oracle and/or its affiliatesฺ

Learn more from Oracle University at oracle.com/education/

Venu Poddar Disclaimer

Graphic Designer Restricted Rights Notice

Practices for Lesson 2....................................................................................................................................2-2

Transition to Oracle Solaris 11 Table of Contents

Practice 8-3: Configuring a ZFS-Encrypted File System ................................................................................8-8

Copyright © 2014. Oracle and/or its affiliates. All rights reserved.

Transition to Oracle Solaris 11 Table of Contents

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

S11-Client2 This VM is used as the AI network client machine.

@ e his delete the virtual amachine

a v i e t the respective VM from thisand import

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 1: Course Introduction

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11

9. Run the install-repo.ksh repository assembly n escript u

a h id • Create an ISO file for mounting and distribution (optional)

Comparing checksums of downloaded files...done. Checksums match.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11

-rw-r--r-- 1 root root 3.2K Jun 24 21:45 COPYRIGHT

stohacontact e configured publishers.

14. Set the pkg/readonly property of the application/pkg/server service to true.

15. Verify the inst_root property of the application/pkg/server service.

16. Refresh the application/pkg/server service.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11

18. Verify that the application/pkg/server service is enabled.

online 2:35:11 svc:/application/pkg/server:default

i d Q operating system, the configuration of the maximum time allowed to

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11

http://s11-server1.mydomain.com/ package publisher.

Sh 7. List the current package publishers.

root@s11-desktop:~# pkg publisher

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Practices for Lesson 3: Managing Software Packages in Oracle Solaris 11

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.