THE ADMIN's LAB : December 2014

Sunday 28 December 2014

Solaris Practice-2 [ zones ]

PRACTICE WORK-SHEET-2 [zones]

Well, learned Zones?

OK…

Now time to have some Practice to check How Frequently or without looking to our notebook we can solve the things OR how much command we have on the Topics.

1. What is zone?

2. What are the types of zones?

3. List some benefits of zones?

4. What is Global zone & Non Global zone?

5. What are the types of NGZ?

6. What is diff between whole root zone & sparse root zone?

7. What is zonepath?

8. List & define the daemons & their functions for zones?

9. Is it possible to assign different types of file systems to NGZ? If yes then what is the procedure to do so.

10. What are the zone states? Define all

11. How to assign physical disk to NGZ?

12. What are the IP management schemes available in zones? Define with example

13. What is difference between zone login and zone console login?

Solaris Practice-1 [zfs-Answers]

PRACTICE WORK-SHEET-1-ANSWERS [zfs]

ANSWERS are from Q no 11,

1. What is zfs?

2. List some benefits of zfs

3. Compare ufs & zfs

4. Why we should move to zfs?

5. What is the basic requirement for zfs?

6. Limitations of zfs

7. What is “COW” in zfs?

8. What is “dataset” and how many datasets zfs can support?

9. What is zpool and how many datasets zpool can support?

10. What is “vdev” in zfs and also define the types of vdevs?

11. What is clone in zfs?

Solaris Practice-1 [ zfs ]

PRACTICE WORK-SHEET-1 [zfs]

Well, learned Solaris ?

OK…

Now time to have some Practice to check How Frequently or without looking to our notebook we can solve the things OR how much command we have on the Topics.

Let’s start with ZFS…

1. What is zfs?

2. List some benefits of zfs

3. Compare ufs & zfs

4. Why we should move to zfs?

5. What is the basic requirement for zfs?

6. Limitations of zfs

7. What is “COW” in zfs?

8. What is “dataset” and how many datasets zfs can support?

9. What is zpool and how many datasets zpool can support?

10. What is “vdev” in zfs and also define the types of vdevs?

11. What is clone in zfs?

Telnet-TCP Wrappers in Solaris

TELNET / TCP WRAPPERS IN SOLARIS

What we are going to Learn,

· How to enable trace for Telnet

· How to find users detail, logged in via telnet

· How to enable root user trace, logged in via telnet

· What is TCP WRAPPERS

· How to Enable TCP WRAPPERS

· How to Enable TCP WRAPPERS for telnet

· How to control the network access via TCP WRAPPERS

Telnet is a protocol for connecting remote hosts

It works on port 23

SSH in Solaris

SSH IN SOLARIS

What we are going to learn,

· ssh basics

· ssh files

· ssh with / without Password

· ssh config file modification [permit root login, banner]

· ssh security [allow / deny users, hosts, groups]

· ssh log generation

WHAT is SSH?

SSH (secure shell) is a secure communication protocol to access a remote client

WHY it is in use?

Though there are several protocols for remote communications like rlogin, rcp, rsh, telnet… they all offer the same thing “access to remote client” then why we need SSH?

SSH provides a secure connection between two remote hosts, means whatever the communication goes between ssh client & ssh server are in encrypted texts.

ZFS as iscsi

ZFS AS iSCSI TARGET

Well,

This is very interesting that we can use our zfs system as iscsi server

I had just created a 100m zfs FS for iscsi testing

root@sol-test-1:>/# zfs create -V 100M zm1/scsivol2

root@sol-test-1:>/# zfs share zm1/scsivol2

cannot share 'zm1/scsivol2': 'shareiscsi' property not set

set 'shareiscsi' property or use iscsitadm(1M) to share this volume

root@sol-test-1:>/# zfs set shareiscsi=on zm1/scsivol2

Zones-11 [Zone Processes & booting options]

ZONES-11

[PROCESS MONITORING-BOOT OPTIONS]

Zone Daemons,

“zoneadmd” & “zsched”

Zoneadmd

· Runs in GZ and it is primary process for setting up the zones virtual platform,

· It manages the booting / shutting down of zones

· It manages the connection to the zone from zlogin

· It allocates the zone ID & starts the zsched process

· One zoneadmd process for every active (ready, running, shutting down) zone on the system.

Zsched

· It runs within the NGZ

· Kernel threads for the zones are owned by zsched process

Zones-10 [FSS-fair share scheduler]

ZONES-10 [FAIR SHARE SCHEDULER-FSS]

Well…

What is FSS? Any guess?

Something which schedule the shares without partiality!!!

Good… close enough…

Let’s try to understand this in simple way.

Imagine a race of 3-4 year old kids,

Can u control them?

Can u expect that they run in their track?

Can u expect even 1% of discipline from them?

Zones-9 [rctls / resource controls]

ZONES-9 [RESOURCE CONTROLS]

Great,

We had learned to assign mem & cpu to NGZ, but how we will check the utilization by NGZ

Rcapadm is command from which we can find and it relies on rcapd daemon

First we should enable the rcapadm

root@sol-test-1:>/# svcadm enable rcap

Enable the resource capping daemon so that it will be started now and also be started each time the system is booted

Zones-8 [Addition IP / Resource Capping]

Well…

Done with basic create / modify /delete a NGZ?

Let’s play some more

Did u wondered till now we just created the zones,

Never bothered about

· What is the ram size?

· What is swap size?

· What is CPU capability?

· What if NGZ starts eating ram & CPU?

ZONES-7 [RECAP]

ZONES-7 [RECAP]

Well… Let’s see, what we are capable to do with Zones till now

· Define the zones & its features

· Create a NGZ with minimal config

· Create a NGZ with device shared from GZ

· Create a NGZ with FS (lofs) shared from GZ

· Create a NGZ with EXCLUSIVE IP settings

· Rename a NGZ

· Changing HOSTNAME/IP of NGZ

· Create a NGZ with WHOLE ROOT CONFIG

· Create a NGZ with UFS shared from GZ

· Moving a zone within system

· Moving a zone to other system

· Cloning a zone

· Delete a zone

ZONES-6 [MOVE / CLONE NGZ]

ZONES-6 [MOVE / CLONE NGZ]

What we are about to learn,

· Move the NGZ within same system

· Changing hostname of NGZ

· Move the NGZ to other system

· Clone the NGZ

Well, King has accommodated his all 4 rentals. And now it’s time to relax

But suddenly one PG [tzone2] came and told the king that I don’t want to live in

That room and also I want new name for my room, but I want new room within same building

King was surprised with this demand but he agreed on the same and told the PG

OK… just stop all of your work then inform me,

ZONES-5 whole root zone with exclusive Ip & shared ufs

ZONES-5

WHOLE ROOT ZONE WITH EXCLUSIVE IP & SHARED FILE SYSTEM FROM GLOBAL ZONE

Fine…

The king has selected 4 tenants, and out of four, 3 tenants are accommodated, it’s time to accommodate the family.

Tzone1 PG (bachelor) Sparse root

Tzone2 PG (bachelor) Sparse root

Tzone3 PG (bachelor) Sparse root

Tzone4 With family Whole root

The Info provided by tzone4 is,

House No IP 192.168.234.203

Separate gas pipeline YES I want my own (e1000g2)

Fancy item YES CDROM

Guest YES I want shared FS from GZ

Other info YES Yes I want attributes to be added

King was very irritated with this family drama, that they want everything but king was man of words so he agreed for the arrangements,

Let’s see what the family got?

Solaris Zones-4 [Zone with Exclusive IP]

ZONES-4 [CREATION]

EXCLUSIVE IP

Fine… King has accommodated 2 out of 4 tenants

Now it’s time for tzone3

The Info provided by Tzone3 is,

House No IP 192.168.234.202

Separate gas pipeline YES I want my own (e1000g1)

Fancy item YES CDROM

Guest NO I don’t want shared FS from GZ

Other info NO No info plz

SO… let’s prepare the accommodation for tzone3

THE ADMIN's LAB