Sie sind auf Seite 1von 13

VDI components:

Solaris 11 installed on sun server VDI 3.5 installed on same host on solaris operating system Sun ray os is installed before installing vdi on solaris 11

How to Create the Solaris 11 IPS Repository


To begin, I start off with a fresh install of Solaris 11. Now that my system is installed, copy the ISO images into the fallowing location. # cd /var/tmp/ Now we concatenate the ISO images following the instructions in the README.txt file. This may take some time since each ISO is approximately 1.5g. # cat sol-11-dev-167-repo-p01.iso-a sol-11-dev-167-repo-p01.iso-b > \ sol-11-dev-167-repo-p01.iso The first step is to create a ZFS file system to hold the repository packages. # zfs create -o mountpoint=/IPS rpool/IPS # zfs create rpool/IPS/s11-167-repo # zfs list -r rpool/IPS NAME rpool/IPS USED AVAIL REFER MOUNTPOINT 63K 8.26G 32K 8.26G 31K /IPS /IPS/s11-167

rpool/IPS/s11-167-repo 31K #

Now we need to mount the first repository ISO image and copy its contents to the ZFS file system we created (/IPS/s11-167). # lofiadm -a /var/tmp/sol-11-dev-167-repo-p01.iso # mount -F hsfs /dev/lofi/1 /mnt # rsync -aP /mnt/repo /IPS/s11-167-repo # umount /mnt # lofiadm -d /dev/lofi/1 Note there should not be a trailing slash (/) on the directory paths above or the rsync command will not copy the data properly and your repository will not function.

Once the rsync is finished we can then move on to create the IPS repository using SMF. The advantage of using SMF allows one to disable/enable the service as needed as well as providing a quick way to re-point to another ZFS file system containing a possibly newer repository. # svccfg -s pkg/server setprop pkg/inst_root=/IPS/s11-167-repo/repo # svccfg -s pkg/server setprop pkg/readonly=true # svccfg -s pkg/server setprop pkg/port=10000 Verify your changes. # svccfg -s pkg/server listprop | egrep "inst_root|readonly|port" pkg/inst_root pkg/readonly pkg/port # Now we can enable our new repository. # svcadm refresh pkg/server # svcadm enable pkg/server # svcs pkg/server STATE online # Now that our repository has been successfully created, we need to validate it is accessible via HTTP. Simply open up a web browser and point to your new Solaris 11 IPS repository. As we configured it in SMF the URI is http://localhost:10000/. The webpage displayed should be similar to http://pkg.oracle.com/solaris/release. In the sample output below, I used the IP Address of my server to connect. STIME 16:55:13 FMRI svc:/application/pkg/server:default astring boolean count /IPS/s11-167/repo true 10000

Success! Now lets do some minor cleanup. By default, the Solaris 11 text installer will add thesolaris publisher your list of publishers which can be verified with pkg publisher. Since the default publisher points back to Oracle, and we only want to use our local copy of the Solaris 11 repository, we need to change the publisher information. This is done as follows. # pkg set-publisher -G http://pkg.oracle.com/solaris/release -g \ /IPS/s11-167-repo/repo solaris All finished! Our local Solaris 11 repository has been created via SMF, made available via HTTP and via local ZFS to our hosting server, and our future searches via pkg search will only look at our repository instead of trying Oracles first. In the next post I will cover how to use this Solaris 11 repository as the basis for creating an AI Server for remote installation (via HTTP) to SPARC based systems.

how to turn on or off FIREWALL in solaris 10? To enable FW


svcadm enable svc:/network/ipfilter:default

To disable it

svcadm disable svc:/network/ipfilter:default

shows if ipf is running or not.


ipfstat -io

How to Get Started Configuring Your Network in Oracle Solaris 11


New Features of Oracle Solaris 11 Network Configuration

Oracle Solaris 11 introduced two new commands for manually administering networks, dladm and ipadm, and both supersede ifconfig. Unlike ifconfig, changes made by dladm and ipadm are persistent across reboots. They share a common, consistent command format and, unlike ifconfig, they have parseable output that can be used in scripts.
dladm

performs data-link (layer 2) administration to configure physical links, aggregations, VLANs, IP tunnels, and InfiniBand partitions. It also manages link-layer properties.
ipadm

configures IP interfaces, IP addresses, and TCP/IP protocol properties. It also replaces the use of ndd for network and transport layer tuning. Data-link names are no longer the same as the physical interface, which might be a virtual device. Instead, they have generic names, such as net0 or net1, or administrators can give them descriptive names. This allows the underlying hardware to be changed without impacting the network configuration. In addition, Oracle Solaris 11 adds automatic network configuration using network profiles. Profiles are managed with two administrative commandsnetadm and netcfgand describe the configuration of network interfaces, name services, routing, and IP filter and IPsec policies in a single entity.
Manual and Automatic Networking Modes

Oracle Solaris 11 uses profile-based network configuration, which comprises two network configuration modes: manual and automatic. Depending on which mode you chose during installation, either the DefaultFixed network configuration profile (NCP) or the Automatic NCP is activated on the system. The Automatic NCP uses DHCP to obtain a basic network configuration (IP address, router, and DNS server) from any of the connected Ethernet interfaces. If this fails, it will try connecting to the best wireless network in the list of known networks.

The DefaultFixed NCP effectively disables automatic network configuration and requires the network interfaces to be manually configured using dladm and ipadm and the name services to be configured using the Oracle Solaris Service Management Facility (SMF). It is easier to manage Oracle Solaris 11 networking by creating your own NCPs rather than using the DefaultFixed NCP and manually configuring the network. The DefaultFixed NCP should be used on systems that will be reconfigured using Oracle Solaris Dynamic Reconfiguration or where hot-swappable interfaces are used. It must be used for IP multipathing, which is not supported when using the Automatic NCP. You can use netadm to find out what network profiles are active on a system:
root@solaris:~# netadm TYPE PROFILE ncp Automatic ncu:phys net0 ncu:ip net0 loc Automatic loc NoNet loc User list STATE online online online online offline online

Without going into too much detail now (we will cover this in a later section), the output above shows that the Automatic NCP is enabled. To switch to the DefaultFixed NCP and, thus, enable manual networking, run the following command:
root@solaris:~# netadm enable -p ncp DefaultFixed root@solaris:~# netadm list netadm: DefaultFixed NCP is enabled; automatic network management is not available. 'netadm list' is only supported when automatic network management is active.

And to switch back to the Automatic NCP, use the following command:
root@solaris:~# netadm root@solaris:~# netadm TYPE PROFILE ncp Automatic ncu:phys net0 ncu:ip net0 loc Automatic enable -p ncp Automatic list STATE uninitialized uninitialized uninitialized uninitialized

As the system starts to configure the data links and receives an IP address from the DHCP server, we soon get back to our original online state:

root@solaris:~# netadm TYPE PROFILE ncp Automatic ncu:phys net0 ncu:ip net0 loc Automatic loc NoNet loc User

list STATE online online online online offline online

Manual Network Configuration

In the following example, we will manually configure our server to have a static IPv4 address of 10.163.198.20. First of all, we will switch to the DefaultFixed NCP, if that hasn't been done already:
root@solaris:~# netadm enable -p ncp DefaultFixed

On a machine with multiple physical networks, you can use dladm to determine how network interface names are mapped to physical interfaces.
root@solaris:~# dladm show-phys LINK MEDIA net0 Ethernet net1 Ethernet STATE up unknown SPEED 1000 0 DUPLEX full unknown DEVICE e1000g0 pcn0

Creating a static IP address is a two-step process, and it involves creating an IP interface and an IP address. There can be multiple IP addresses associated with an IP interface. IP address objects have names in the form interface/description. In the example shown in Listing 1, we use acme as the description.
root@solaris:~# ipadm root@solaris:~# ipadm IFNAME CLASS lo0 loopback net0 ip root@solaris:~# ipadm root@solaris:~# ipadm IFNAME CLASS lo0 loopback net0 ip root@solaris:~# ipadm ADDROBJ TYPE lo0/v4 static net0/acme static lo0/v6 static create-ip net0 show-if STATE ACTIVE OVER ok yes --down no --create-addr -T static -a 10.163.198.20/24 net0/acme show-if STATE ACTIVE OVER ok yes --ok yes --show-addr STATIC ADDR ok 127.0.0.1/8 ok 10.163.198.20/24 ok ::1/128

Listing 1. Configuring a Static IP Address We can then add a persistent default route:
root@solaris:~# route -p add default 10.163.198.1 add net default: gateway 10.163.198.1 add persistent net default: gateway 10.163.198.1

Name Service Configuration Using SMF

The name service configuration is now stored and configured via SMF services instead of via configuration files in /etc. This change is part of a wider set of configuration changes in Oracle Solaris 11, which provides a greater degree of administrative auditability and control over system configuration, particularly during system updates. The SMF service svc:/network/dns/client manages configuration information that used to be in /etc/resolv.conf. The SMF service svc:/system/name-service/switch manages configuration information that used to be in /etc/nsswitch.conf. In both cases, the configuration information is also stored in the legacy files for compatibility with other applications that might read them. You should not directly edit these legacy files. Changes made to properties are not reflected in the legacy files until the service is refreshed, restarted, or enabled. Note: Specifying lists and strings as SMF properties requires quoting them or escaping parentheses and quotation marks to prevent the shell from interpreting them.
Example: Configuring a DNS Client Using SMF

In the following example, we configure Domain Name Service (DNS) using the svccfg command on the svc:/network/dns/client SMF service. This will give us the ability to look up IP addresses for host names and vice versa:
root@solaris:~# svccfg -s svc:/network/dns/client setprop \ config/search='("uk.acme.com" "us.acme.com" "acme.com")' root@solaris:~# svccfg -s svc:/network/dns/client listprop config/search config/search astring "uk.acme.com" "us.acme.com" "acme.com" root@solaris:~# svccfg -s svc:/network/dns/client setprop \ config/nameserver=net_address: '(10.167.162.20 10.167.162.36)' root@solaris:~# svccfg -s svc:/network/dns/client listprop config/nameserver config/nameserver net_address 10.167.162.20 10.167.162.36

After we have made the configuration changes, we refresh the SMF service:
root@solaris:~# svcadm refresh svc:/network/dns/client

It is not necessary to set the properties for every name service database. You can use the special property config/default to provide a default value. You can individually customize entries that can't use the default value.

Configuring Naming Services When in Manual Mode


The SMF repository is the primary repository for all naming services configuration. The previous behavior of modifying a configuration file to configure naming services no longer works. These services, for example, svc:/system/name-service/switch, svc:/network/dns/client, and svc:/system/name-service/cache must be enabled or refreshed for any changes to take affect.

Note - If no network configuration exists, naming services default to files only behavior, rather than nis files. The svc:/system/name-service/cache SMF service should be enabled at all times.

The following table describes the naming service configuration that has migrated to SMF. Table 7-1 SMF Service to Legacy File Mapping

SMF Service
svc:/system/nameservice/switch:default

Files
/etc/nsswitch.conf

Description Naming service switch configuration (Used by the nscd command) Naming service cache (nscd) DNS naming service

svc:/system/nameservice/cache:default

/etc/nscd.conf

svc:/network/dns/client:defau /etc/resolv.conf lt

svc:/network/nis/domain:defau /etc/defaultdomain Shared NIS domain configuration lt /var/yp/binding/$DOMAI (Used by all NIS services). Also N/*

historical shared use by LDAP naming services

Note - Must be enabled when usingnis/client or ldap/cli


ent

svc:/network/nis/client:defau N/A lt svc:/network/ldap/client:defa /var/ldap/* ult

NIS client naming service (ypbind and related files) LDAP client naming service (ldap_cachemgr and related files) NIS server naming service (ypserv) NIS server passwd service (rpc.yppasswd) NIS server xfr naming service (ypxfrd) NIS server update naming service (rpc.ypupdated) Naming legacy file to SMF upgrade service

svc:/network/nis/server:defau N/A lt svc:/network/nis/passwd:defau N/A lt svc:/network/nis/xfr:default N/A

svc:/network/nis/update:defau N/A lt svc:/system/nameservice/upgrade:default

N/A

Example 7-3 Configuring Naming Services by Using SMF The following example shows how to configure DNS by using SMF commands. # svccfg svc:> select dns/client svc:/network/dns/client> setprop config/search = astring: \ ("us.company.com" "eu.company.com" "companya.com" "companyb.com" "company.com" ) svc:/network/dns/client> setprop config/nameserver = net_address: \ ( 138.2.202.15 138.2.202.25 ) svc:/network/dns/client> select dns/client:default svc:/network/dns/client:default> refresh svc:/network/dns/client:default> validate svc:/network/dns/client:default> select name-service/switch svc:/system/name-service/switch> setprop config/host = astring: "files dns" svc:/system/name-service/switch> select system/name-service/switch:default svc:/system/name-service/switch:default> refresh svc:/system/name-service/switch:default> validate svc:/system/name-service/switch:default> # svcadm enable dns/client # svcadm refresh name-service/switch # grep host /etc/nsswitch.conf hosts: files dns # cat /etc/resolv.conf # # opyright (c) 2011, Oracle and/or its affiliates. All rights reserved. # # # _AUTOGENERATED_FROM_SMF_V1_ # # WARNING: THIS FILE GENERATED FROM SMF DATA.

# DO NOT EDIT THIS FILE. EDITS WILL BE LOST. # See resolv.conf(4) for details. search us.company.com eu.company.com companya.com companyb.com company.com nameserver 138.2.202.15 nameserver 138.2.202.25 . . . Example 7-4 Setting Multiple NIS Servers by Using SMF

Example: Configuring /etc/switch.conf Using SMF

In the following example, we use the name service switch mechanism to allow our system to search through the DNS, LDAP, NIS, or local file sources for naming information. We again use the svccfg command on the svc:/system/name-service/switch SMF service:
root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/default = "files nis" root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/host = "files dns nis" root@solaris:~# svccfg -s svc:/system/name-service/switch setprop config/password = "files nis" root@solaris:~# svcadm refresh svc:/system/name-service/switch

Note: The config/host property defines both the hosts and ipnodes entries in /etc/nsswitch.conf, while the config/password property defines the passwd entry. The remaining properties have the same name as their /etc/nsswitch.conf entries.
Setting the Host Name

In Oracle Solaris 11, /etc/nodename has been removed and replaced with the config/nodename property of the svc:/system/identity:node service. To set the host name, we again use svccfg:
root@solaris:~# svccfg -s svc:/system/identity:node setprop config/nodename = astring: hostname root@solaris:~# svcadm refresh svc:/system/identity:node root@solaris:~# svcadm restart identity:node

Setting the host name this way will work for both automatic and manual network configurations.

Changes to /etc/hosts

In Oracle Solaris 11, the host's own entry in /etc/hosts is now the same as that of localhost. In previous versions of Oracle Solaris, this entry was associated with the first network interface.
root@solaris:~# cat /etc/hosts # # Copyright 2009 Sun Microsystems, Inc. # Use is subject to license terms. # # Internet host table # ::1 solaris localhost 127.0.0.1 solaris localhost loghost

All rights reserved.

Note: Some application installers might fail due to changes in the /etc/hosts file. If you experience this, you might have to edit /etc/hosts directly.

How to change your hostname and IP-Address in Solaris 11

How to enable SSH Root Login In Solaris 11


Permit SSH Login for Root in Oracle Solaris 11

Open Terminal window and switch to root user.

1. Change the file /etc/ssh/sshd_config PermitRootLogin yes withPermitRootLogin no and save file. vi /etc/ssh/sshd_config PermitRootLogin yes 2. Comment out the CONSOLE=/dev/console line in /etc/default/login.

vi /etc/default/login #CONSOLE=/dev/console 3.Remove ;type=role from the root entry in /etc/user_attr or use the below command. rolemod -K type=normal root 4. Restart the Services.

#svcadm restart svc:/network/ssh:default 5.Try SSH connection using root user You should be able to connect.

Das könnte Ihnen auch gefallen