The guide to LKSF
Solaris Administration
Liveupgrade
From time to time you have to update or patch your system. How do you patch the system without long service interruptions? How do you keep a running version of your operating environment in case something goes wrong? Solaris can help you cope with these situations using its LiveUpgrade feature – patching and Updating while the system is still operational.
You will find the Liveupgrade tutorial in section 1{reference-type=”ref” reference=”liveupgrade”} on page
Boot environments based on ZFS snapshots
Live Upgrade was introduced for multiple disks or multiple partitions several years ago. How would such a functionality look like on modern file systems with ubiquitous snapshots? Well, ZFS boot and boot environments on ZFS give you such functionality today.
The introduction to the ZFS based boot environments is located in section 2{reference-type=”ref” reference=”zfsbootenvironment”} on page
Working with the Service Management Facility
init.d was a venerable concept for many years to start and stop services. But it had its shortfalls. Sun therefore introduced the service management facility in Solaris 10, to offer functionalities like service dependencies, service instances and a central point of service management.
Section 3{reference-type=”ref” reference=”servicemanagementfacility”} on page will give you insight to this interesting feature of Solaris.
Solaris Resource Manager
You can run a multitude of services and applications on a single big system. But how can you ensure, that every application gets its share of performance? Solaris Resource Manager can help you to control a process’s CPU, memory and other resources.
In section 4{reference-type=”ref” reference=”resourcemanager”} on page you can learn how use this feature.
/home? /export/home? AutoFS?
Many people wonder about the different location for the user home directories on a Solaris system. Why are the home directories located in /export/home and not in home?
The history of these two directories and some insight into AutoFS will be described in section 5{reference-type=”ref” reference=”autofs”} on page
lockfs
Sometimes you have to ensure that a file system doesn’t change while you’re working on it. To avoid that, use the lockfs command.
You will learn more about this function in section 6{reference-type=”ref” reference=”lockfs”} on page .
Solaris Security
Role Based Access Control and Least Privileges
root can do everything on a system, but is it a wise choice to give everyone the root password and thus the key for all rooms in the kingdom? Does a process need all the privileges of root just to bind to a privileged port? How do you configure the least set of privileges to a process?
Section 1{reference-type=”ref” reference=”rbac”} at page answers this questions.
The Solaris Security Toolkit
The Solaris Security Toolkit is designed to automate the hardening and minimization of a Solaris system. The toolkit contains the knowledge even to harden a tough target like a Sun Cluster installation and simplifies the necessary steps.
A tutorial on the usage of the Solaris Security Toolkit is located in section 2{reference-type=”ref” reference=”sst”} on page .
Auditing
What happens on your system? When did a user use which command? When did a user delete a particular file? You need log files to answers this question. The auditing functionality in Solaris generates these and reports on a vast amount of actions happening on your system.
The configuration of this feature is explained in 3{reference-type=”ref” reference=”auditing”} on page .
Basic Audit Reporting Tool
Sometimes you need to know, what has changed on a system since you installed it. For example when all your fellow admins tell you after a system crash. The Basic Audit Reporting Tool can answer this question by comparing different states of you system.
The usage of BART is explained in section 4{reference-type=”ref” reference=”bart”} on page .
IPsec
Secure communication between hosts gets more and more important. Secure communication does not only mean encrypted traffic. It also includes the authentication of your communication partner. Solaris has had an IPsec implementation since a number of versions.
The configuration of IPsec is described in 5{reference-type=”ref” reference=”ipsec”} on page .
On Passwords
It is important to have good and secure passwords. All other security systems are rendered worthless without good keys to the systems. Solaris has some features to help the administrator to enforce good passwords.
Section [passwords]{reference-type=”ref” reference=”passwords”} on page describes this feature.
Signed binaries
There are literally thousands of binaries on your system, but are they really all supplied by Sun? Every binary in Solaris is digitally signed by Sun.
The section 6{reference-type=”ref” reference=”signedbinaries”} on page explains, how you verify these signatures.
kssl
In Solaris 10 got an interesting feature to enable SSL for any service by adding a transparent SSL proxy in front of its . This proxy runs completely in kernel-space and yields better performance compared to a solution in the user-space.
The section 3{reference-type=”ref” reference=”kssl”} on page explains, how you enable kssl.
Storage
fssnap - snapshots for UFS
File system backups can be faulty. When they take longer, the file system has a different content at the beginning at the end of the backup, thus they are consistent. A solution to this problem is freezing the file system. fssnap delivers this capability to UFS.
Section 1{reference-type=”ref” reference=”fssnap”} describes this feature. The tutorial starts on page .
iSCSI
With increasing transfer speed of Ethernet it gets more and more feasible to use this media to connect block devices such as disks to a server. Since Update 4 Solaris 10 has a built-in functionality to act as an iSCSI initiator and target.
The configuration of iSCSI is the topic of section 2{reference-type=”ref” reference=”iscsi”} on page .
Remote Mirroring with the Availability Suite
You have two data centers with similar hardware and same software on both. The second data center is a perfect replica of the first. Good basics for disaster recovery. The remaining issue: How to get the data to your backup data center? And how to get the data back after the you’ve recovered your primary data center. The Remote Mirroring facility of the Availability Suite was designed for such situations.
Section 3{reference-type=”ref” reference=”avsrm”} on page explains the configuration of a remote mirror.
Point-in-Time Copy with the Availability Suite
Sometimes you need a copy of your data to test applications or to keep a working copy when you upgrade them. Copying the whole data is possible, but inefficient. Generating a frozen snapshot is easier. The Availability Suite enables the admin to freeze the state of a disk with much lower overhead in a short time.
Point-in-Time copies will be explained in 4{reference-type=”ref” reference=”avspit”} on page .
SamFS - the Storage Archive Manager File System
Typically documents and data are put away for years without them being accessed, but you cannot delete the data – possibly due to law. So your data rotates on rotating rust for years on power-hungry disks. It would be nice to archive all this data on tape without thinking about it. SamFS is a tool for this task.
The section 5{reference-type=”ref” reference=”samfs”} on page will give you a basic overview of the configuration and use of SamFS, the hierarchical storage management system from Sun.
Solaris Administrators Toolbox
fuser
This short tutorial will show you how to find out which processes are using files on a file system. It’s located in section 1{reference-type=”ref” reference=”fuser”} on page .
pfiles
Many people install lsof on their system as they know it from Linux. But you have an similar tool in Solaris. In section 2{reference-type=”ref” reference=”pfiles”} on page you will find a short tip for its usage.
Installing Solaris Packages directly via Web
This trick isn’t widely known. You can install a package directly from a HTTP source. Look in this section 3{reference-type=”ref” reference=”pkgweb”} on page for a description.
About crashes and cores
There is no bug-free code, thus from time to time an operating system has to react: it crashes and dumps core to protect itself. Learn to control the core-dumps and how you can do some basic analysis in section 4{reference-type=”ref” reference=”crashesandcores”} on page .
Nontechnical feature
Long support cycles
Solaris has a long life time for a single Solaris release with a defined time line that governs the life cycle. Get some insight to the life of a release in section 1{reference-type=”ref” reference=”lsc”} on page .