Monday, 26 August 2013

Solaris Some important Questions

1.NFS client is not able to access NFS server? Troubleshooting steps?
   @.Verify the connectivity between NFS server & NFS client
   @.Check the NFS ports are open in network side.
   @.Verify the shares are properly exported to NFS clients
2.If on jumpstart client, boot command "boot net install" doesn't work, what could be the possible reasons?
  @.Check the network connectivity using watch-net-all from OK prompt.
  @.Verify the MAC address in Jumpstart server.
3.What is /etc/system file gets corrupted? How will system bootup?
   If you modify your /etc/system file in Solaris and screw it up or it gets corrupt, when you try to reboot, the server will no longer startup.

To recover from this problem:

1) As the server starts booting, press Stop+A (at the same time)

2) At OK> prompt, type "boot -as"

3) Solaris will now go into an interactive boot and will ask you several things.

4) Answer using all the defaults until it asks for your system file. 

5) Either specify the name of a backup system file (if you have one) OR type "/dev/null"

6) It will allow the system to boot with a vanilla kernel so that you can fix the broken /etc/system

7) Fix the /etc/system file

  4.What is mean by paging & server average time.

If a disk shows consistently high reads/writes along with , the percentage busy (%b) of the disks is greater than 5 percent, and the average service time (svc_t) is greater than 30 milliseconds, then one of the following action needs to be taken

@.If the LUNS average service time is more than 30 ,then you need to check with SAN team .They will help you with issue. May be they will spread the LUNS to multiple physical disks in the back end.

Solaris Administrator Interview Questions


1 Tell Me the problem u have faced?
2 what is the veritas volume manager?
3 difference between solaris 10,9?
4 What is the zone,how to add memory without restart,is it possible?
5 How to replace the failed hdd in svm explain the procedure?
6 R u working Disaster Recovery Setup?



1 how to change boot order in ok promt
2 how to add the Kernal patch & precaution?
3 what is the at & crontab?how many felds?
4 what is the root mirror & how to configure step by step?
5 what is the metadb ?& algaritham?



1.How to do the Kernal Patch?& after installed patch system not booting or some problem how to resolve?
2 How to check ip address in OK Prompt
3 How to check mirror disk in OK Prompt
4
How to check Kernal version OK Prompt
5
How to check disk & boot disk in OK prompt?
6
How to revert the server in working status after install the patch had problem..
7
How to configure the Zones?
8
How to configure the Veritas mirror volume  with 2 disk?
9
How to manage the server remotly through console?
10
How to configure the T-series server?
11
how to perform Performance Tuning?
12
What are the Veritas daemons?
13
How to bring disk under Veritas control ?
14
What is the difference between init1 & init S?
15
How to boot system from OK Prompt?
16
How many run levels ?
17
How to go ok Prompt from init run level 3?

Sunday, 25 August 2013

Solaris Sparc Server Consoles using ALOM Commands

            ALOM (Advanced Lights Out Manager System Controller) only on SUN Sparc system
                   
1.Alom System COntroller enables you to remotely manage and administrator a server
2.It comes preinstalled on the machine , so as soon you plug in power cable, it works
3.Yes,It uses server's standby power,which enables you to remotely power off & on server
4.ALOM Monitors hardware in the server like CPU,RAM,Power supply,etc,and much more like Voltage and status of alarms.
5.of course,all this exercise assumes you configured ALOM's network parameters.Try to have dedicated management subnet for this
6.If you access ALOM and stay idle for 1 min .it will switch the serial console
7.You can type "console" and reach serial console of remote system from your cube or home living room.





Some ALOM Shell Commands:-
cannot login to the ALOM?
Try default password which is the last 8 digits of the chassis serial no.Usernameis "admin"
So find about them by yourself and see what help offers you.
sc> help  ------> It shows available commands
Most used commands will be:-
sc>setsc set if_network true
sc>setsc netsc_dhcp false
sc>setsc netsc_ipaddr 192.168.2.4
sc>setsc netsc_ipnetmask 255.255.255.0
sc>setsc netsc_ipgateway 192.168.2.1
sc>resetsc 
Are you sure you want reset the sc[y.n] y

sc> shownetwork
sc configuration is:
IP address :192.168.2.4
Gateway address:192.168.2.1
Netmask:255.255.255.0
Ethernet address:00:14:4f:64:b2:6f

sc>showplatform
SUNW,SUN-Fre-v240
Domanin status
------- ------
hostname OS running


sc>showenvironment ------> all hardware details like Hdd,system temperature,Fans,powersupply,
sc>usershow            ------> It will show username,permissions password 
sc>password         ---->Use to change the ALOM password for the account Must be between 6 & 8 characters 
sc>poweroff        ---->Graceful shutdown of the Solaris OS after "SC Alert:Hostsystem has shut down" wait until                                  you see this message beforepoering the system back on 
sc>poweroff -y --->Instructs ALOM to proceed without prompting 
sc>poweroff -f --->Forces an immediate shutdown regardless of the state of the host 
sc>poweron -c ---> Instructs ALOM to connect to the system console after performing the option 
sc>removefru PS0 --->To prepare POWER SUPPLY 0 form removal "T1000 servers attempting to use the 
                                removefru command on "PS0" Generates message "Could not remove <PS0> system only                                has one power supply 
sc>reset         ---->To force the host server to rest immediately 
sc>reset -c     ---->Instructs ALOM to connect to the system console after performing the operation. 
sc>resetsc     ---> To perform a hard reset of ALOM. This terminates all current ALOM sessions.
 

Saturday, 24 August 2013

Solaris Useful OK prompt commands

                                Some Useful OK prompt commands

OK show-disks  ------> To show the disks
OK probe-scsi  ------> To search the scsi devices attached to the primary scsi controller
OK probe-scsi-all ---> To search all the scsi devices
OK devalias   ----> to list device alias names
OK devalias <alias> <path> --->To temporarily create a device alias
OK printenv            ---->To view the current NVRAM settings
OK setenv <env> <value> -----> To set the envirement variables
OK set-defaults                 -----> To set the open boot prompt settings to the factory default
OK nvalias <alias> <path>  --->To set the device alias permanently to NVRAM
OK nvunalias cdrom1  ----> To remove the nvalias 'cdrom1' from NVRAMRC
OK .version   ------> To find out the Open boot prompt version
OK .ent_addr -----> To find out the ethernet MAC address
OK .speed    -----> To find out the CPU and PCI bus speeds
OK banner    -----> To display the Model,Architecture,processor,openboot version,ethernet address,hostid and etc
OK set-defaults ----> To reset variable values to the factory defaults
OK reset-all -----> To reboot the system from OK Prompt
OK show-devs  ----->To show the PCI devices
OK boot   ---> boot the system from the default boot devices
OK boot cdrom ----> to boot from cdrom
OK boot disk ----> boots the system from device as specified by the disk device alias
OK boot device-path ---->boot from the full device mentioned
OK boot net ----> network boot .boots from a TFTP boot server or Jumpstart server
OK boot net -install  -----> Jumpstart boot.
OK boot tape -----> Tape boot.boots off a SCSI tape if available
OK boot -h ----> boot halted .boot into a halted state(ok prompt) intersting for troubleshooting boot at the lowest level
OK boot -r ----> Reconfiguration boot.Boot and search for all attached device.useful when new device attached to the system
OK boot -s ----> Single user.boots the system to run level 1
OK boot -v ----> verbose boot.show good debugging information.
OK boot -F failsafe   ---> to boot the server to failsafe mode

------------------------------------------------------------------------------------------------------------
                                Displaying System Information
Commands to display additional system related information .Not all commands work on all Platforms
OK .idprom  --------> Display ID PROM contents
OK .traps  --------> Display a list of processor-dependent trap types
OK show-devs ----->display list of installed and probed devices
OK eject floppy ----> Eject the floppy
OK eject cdrom ------>eject the cdrom
OK sync -----> call the operating system to write information to hard disk

-----------------------------------------------------------------------------------------------                      
                        Emergency Keyboard Commands
These are key sequences recognized by the system to perform predetermined
actions at boot time or during normal operation.

Stop     ---> Bypass POST .(This command does not depend on security-mode)
Stop-A ---> Abort.(This will also stop a running system. You can
                    resume normal operations if you enter go at the prompt.
                    Enter anything else and you will stay halted)
Stop-D  ---> Enter diagnostic mode(set diag-switch?to true)
Stop-N  ---> Reset NVRAM contents to default values.

                                     
    

Tuesday, 20 August 2013

Solaris Zones Important Interview Questions

                    Solaris Zones Important Interview Questions


A. Zone configuration command:-
#zonecfg -z zonename --> to create new zone
#zoneadm -z zonename install---> To install the zone
#zoneadm -z zonename boot   ---> To boot the non-global zone
#zoeadm -z zonename halt    ---> To halt the non-global zone
#zonecfg -z zonename delete ---> To delete the non-global zone
B. From Global Zone Non-global Zone status:-
  @configured--->Configuration was completed & committed
  @installed --->The package has been successfully installed
  @Ready     --->The virtual platform has been established
  @Running   --->The zone booted successfully and is now running
  @Incomplte --->Transition state during install or uninstall operation
C.Zones Daemon
1.zoneadmd
2.zschd

1.What is difference between global zone and non-global zone ?
Base Solaris operating system is called global zone.(Directly installed on physical hardware).
Solaris operating system which are hosted by global zone is called Non-global zones or local zone.
2.How to find out global zone name from non-global zone ?
There is no possible from get global zone name form non-global zone.
Oracle made this one intentionally for security reasons
3.What type of Non-global in solaris 10?
There are three type non-global zones
 @ Whole root zone--> if it's no inherit file
 @ Sparse root zone---> find zonecfg -z zonename-->inherit-pkg-dir:/lib,/platform,/sbin,/usr
 @ Branded zone
4.What is the difference between whole root zone & sparse root zone?
Whole root zones have all their binaries of their own zone root filesystem,
while sparse root zones mount /usr,/lib,/platform,/sbin from the global zone.
5.To login non global zone from global zone->"zlogin -C zonename"
6.Is it possible to assign VXFS to non-global zone-->Yes
7.Is it possible to put resource control to nonglobal zone?
  Yes,we can restrict the memory,cpu,swap
8.online Resource capping---> To find the current capped-memory
   #rcapstat -z 1 1
   #zonecfg -z zonename info
 To incrase the capped memory form current value online.
   #rcapadm -z zonename -m 90M
bash-3.00# rcapstat -z
    id zone            nproc    vm   rss   cap    at avgat    pg avgpg
     2 zone1              35   43M   49M   50M 7904K    0K 1912K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
bash-3.00# rcapadm -z zone1 -m 90M
bash-3.00# rcapstat -z
    id zone            nproc    vm   rss   cap    at avgat    pg avgpg
     2 zone1              35   43M   49M   50M 7904K    0K 1912K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   50M    0K    0K    0K    0K
     2 zone1               -   43M   49M   90M    0K    0K    0K    0K

9.How to boot local zone in single user mode?
   boot the local zone using #zoneadm -z zonename boot
   using "init 1" boot the zone in single user mode
   #zoneadm -z  zonename boot -s
10.Is it possible to add new IP address on Non-global zone on fly ? If yes how to do that?
 Yes.we can plumb new IP on zones using ifconfig command
  #ifconfig bge0:1 plumb up  --> to plumb the interface
  #ifconfig bge0:1 192.168.1.2 netmask 255.255.255.0 zone zonename--> To assign ipaddress
11.What is Branded zone ?
Branded zone is used to install older version of Solaris or Linux in Solaris 10 global zone.
12.Where the zone's configuration file resides ?
   Zone configuration file can be founf in /etc/zones/zone_name.xml
13.Which configuration file will be having zone's current state ?
   current state will be written in global  zone /etc/zones/index.xml
14.How many Solaris zones can be create in on global zone?
Maximum of 8191 local zones can be created within a single operating system instance.
15.To list the  Non-Global Zone status from Global zone ?
  #zoneadm list -cv




 


Monday, 19 August 2013

Solaris Important Files

                                                   Solaris Important Files
@/etc/vfstab { Filesystem mount table}
@/var/adm/loginlog { Log of login attempts}
@/etc/default/* { Important default settings}
@/etc/system { Kernel modules and con g}
@/var/adm/messages { Syslog location}
@/etc/auto * { Automounter con fig files}
@/etc/inet/ipnodes { IPv4 & v6 host files (read before /etc/hosts)}

Sunday, 18 August 2013

Veritas Volume Manager

                                            Veritas Volume Manager


What are the daemons in VERITAS?
  @vxconfigd
  @vxiod
  @vxrelocd
  @vxnotify
  @vxconfigbackupd
  @vxcached

VXVM Region:-


Private Region:-

          A small area where configuration information is stored. A disk header label, configuration records for VxVM objects (such as volumes, plexes and subdisks), and an intent log for the configuration database are stored here. The default private region size is 32 megabytes, which is large enough to record the details of several thousand VxVM objects in a disk group.

Public Region:

   An area that covers the remainder of the disk, and which is used for the allocation of storage space to subdisks.



cdsdisk:-
       The disk is formatted as a Cross-platform Data Sharing (CDS) disk that is suitable for moving between different operating systems. This is the default format for disks that are not used to boot the system.Typically, most disks on a system are configured as this disk type. However, it is not a suitable format for boot, root or swap disks, for mirrors or hot-relocation spares of such disks, or for Extensible Firmware Interface (EFI) disks.

Private and public region on same partition
simple:-
       The disk is formatted as a simple disk that can be converted to a CDS disk.
sliced :-
         The disk is formatted as a sliced disk. This format can be applied to disks that are used to boot the system. The disk can be converted to a CDS disk if it was not initialized for use as a boot disk.

Private and Public region on different partition


To start the vxvm daemons = vxconfigd
To initialize vxvm = vxdctl init
To enable vxvm= vxdctl enable
To list disk =vxdisk -e list


=======================================================================                                 Veritas Naming scheme

1.Operting system-based naming scheme
2.Enclosure based naming scheme

vxddladm get namingscheme--->to check the naming scheme
enclosure based -disk name like--->disk_0,disk_1

vxdisk list----->to list the disk

anytime u can the change the naming scheme on fly..

vxddladm set namingscheme=osn---> to change the naming from enclosure based scheme
vxdisk list---> osn-disk will like c1t0d0s2,c1t3d0

vxddladm set namingscheme=ebn-----> to change the naming scheme from osn

vxdisk -e list-----> to list the enclosure & OS based disks


2.Discover new disks in Veritas

cfgadm -al        ---------->  scan new disk in OS level
devfsadm -Cvc disk --------->  scan new disk in os level

vxdisk scandisks -------> scan disk in veritas level

vxdctl enable or vxconfigd -k  ------> In older version scan the disk restartig vxvm daemon

vxdisk -e list -----> To list the disk

3.Bringing the disk in to Veritas control:-
/etc/vx/bin/vxdisksetup -i disk_0 ---> to bing disk to veritas control
/etc/vx/bin/vxdisksetup -i disk_1
by default this format the disk in CDS format
other formats are --- sliced & simple
sliced will be used for boot disks only

vxdisksetup -i  disk_0 format=simple or sliced -->to bring disk under veritas control specified format

vxdisk list
output under veritas disk like type"auto:cdsdisk"


                                                         Diskgroup Operation

1.Creating,adding & remove disk from Disk Group:
vxdg init UXDG uxdisk1=disk_0 uxdisk2=disk_1 ----> to create the new disk group with disk_0,disk_1
vxdg -g UXDG adddsik uxdisk3=disk_2              ----> To add new disk in excisting diskgroup
vxdg -g UXDG rmdisk uxdisk3                            ----> To remove the disk from disk group
vxdg destroy <diskgroup_name>                         ----> To destroy the disk group

2.Deporting diskgroup:
after un-mounting the volume,you can deport the diskgroup.

vxdg deport <diskgroup>
vxdg -n <new-group-name> deport <old-group-name>

vxdg list    -------> to see the imported diskgroup
vxdisk -o alldgs list  ------> deported diskgroup disks

3. Re-Naming the diskgroup:
vxdg -n <newdgname> <olddgname> -----> To rename the diskgroup

4.Diskgroup configuration backup
Whenever there is a configuration change in diskgroup,automatically vxvm backup the new configuration
under /etc/vx/cbr/bk

ls -lrt /etc/vx/cbr/bk       -----> to list the configuration file
/etc/vx/bin/vxconfigbackup   -----> To backup diskgroup configuration ...if no changed in diskgroup error will
                                    backup not necessary

/etc/vx/bin/vxconfigbackup -l /var/tmp ---> to take curret config backup specific location

5. Diskgroup configuration restore
/etc/vx/bin/vxconfigrestore -p UXDG -----> To Pre-commit the changes

/etc/vx/bin/vxconfigrestore -c UXDG -----> To commit the changes

/etc/vx/bin/vxcondigrestore -d UXDG -----> To abord the pre-commit

vxprint -g UXDG                              ------> TO disk group is OK.

========================================================================
                                      Volume Operation
1.Concatenation Volume:
vxassist -g diskgroup make vol_name size layout=format disk_name

vxassist -g UXDG make concat1 50M  uxdisk1  ----> to create concatenation volume.

mkfs -F vxfs /dev/vx/rdsk/UXDG/concat1 ------> to create vxfs file system

mount -F vxfs /dev/vx/dsk/UXDG/concat1 /mountpint

2.Stripped Volume
-------------------
vxassist -g UXDG make vol_stripe 100M uxdisk1 uxdisk2 layout=stripe stripr unit=32k
1 plex & 2 subdisk
mkfs -F vxfs /dev/vx/rdsk/UXDG/vol_stripe  -----> To create file system..

3.Mirrored volume
vxassist -g UXDG make vxmirror 50M layout=mirror --->one way mirror willhave 2 plex,two way mirror will hae 3 plex

4.Mirrored-stripe or RAID 0+1 (Stripping+mirroring)
vxassist -g UXDG make raid01 50M layout=mirror-stripe

5.Stripped-Mirror or RAID-1+0 (Mirroring+stripe)
vxassist -g UXDG make raid10 100M layout=stripe-mirror

6.RAID-5 (striping with parity)
vxassist -g UXDG make raid5 100M layout=raid5

7.Removing Volume
1.Un-mounting the volume
2.Use vxassist to delete the volume

vxassist -d UXDG remove volume vol_name -----> remove the volume name..

========================================================================
                           Veritas Volume Resize
                     

1.Increasing the volume size using-vxassist
determining how much space we can increase the volume
vxassist -g UXDG maxsize layout=mirror

Maximum volume size :92160(45Mb)

Re-Size the volume using vxassist
vxassist -g UXDG growby vol_name 10M
              or
vxassist -g UXDG growto vol_name 60M

Re-size the vxfs filesystem using fsadm
#/usr/lib/fs/vxfs/fsadm -b 60M /vol_name

If the volume is not increased as you will get below error

# /usr/lib/fs/vxfs/fsadm -b 70M /smvol
UX:vxfs fsadm: ERROR: V-3-25811: cannot expand /dev/vx/rdsk/UXDG/smvol more than size of the underlying device - 122880 sectors

2.Increasing he volume and fileystem using vxresize
/etc/vx/bin/vxresize -g UXDG vol_name +10M

3.Decreasing the volume size Using -vxassist
Reduce the fileystem using fsadm

# /usr/lib/fs/vxfs/fsadm -b 50M /vol_name

Reduce the volume using vxassist

vxassit -g UXDG -f shrinkto vol_name 50M
           or
vxassist -g UXDG -f shrinkby vol_name 10M

4.Decreasing the volume & file system using vxresize
# /etc/vx/bin/vxresize -g UXDG vol_name -10M




Difference among the two formats-

CDS Disks:-(Compressed Diagonal Storage)

1. Post VxVM 4.x Disk2. Private Region and Public Region are created on a single partition.3. Disk usable across platforms and different operating systems.4. Disk not suitable for booting the operating system.

Sliced Disks:

1. Pre VxVM 4.x Disk2. Private Region and Public Region are created on separate partitions.3. Disk cannot be used across platforms and operating systems4. Disk suitable for booting the operating system



                       VXVM Q/A & Important Commands
                             
1.How many partitions are created in a disk when we initialize the disk under VxVM?
  2 partitions
  a.Private region created on slice 3
  b.Public region created on slice4
2.  What is the length of Private Region?
 VxVM 5.0 = 32Mb
 VxVM 4.0 = 1 Mb
3.How to move a volume to another disk except a particular one in Veritas Volume Manager?
  To move a volume vg01 to any other disk except disk90 in Veritas Volume Manager:
   # vxassist move vg01 !disk90
4.How to verify the main daemon for Veritas Volume Manager?
  vxconfigd is the main daemon of Veritas Volume Manager which must be running at all times. It is       started at system startup.
  We can check its status by below given way:
  # vxdctl mode
           or
  we can verify it is running with a ps command:
  # ps -ef | grep vxconfigd
5.Why we do encapsulation of root disk? What's the difference between initialization and encapsulation?
Encapsulation will not destroy the data and it will be used root file system.

Initialization will destroy the data if its already exists on the disks
6.But why we do encapsulation? What's the need of it?
 To bring the root disks in vxvm control .


Some Important Commands :-

#vxmake plex <plex name> sd=<subdisk name>---> To create plex from a sub disk
#vxmake sd subdisk-80 disk 80,0,10000          ---> To create subdisk from disk in VXVM.
#vxmake sd subdisk-80 disk 80,0,10000          ---> To create another sub disk from same disk
#vxmend off <plex name>                                 --->set plex offline
#vxmend on <plex name>                                 --->set plex online
#vxmend fix clean <plex name>                        --->Pleax to a clean state

#vxplex att <volname> <plex name>            ----->attach plex to a volume
#vxprint -ht                                                      -->display all the avaliable information in VXVM.
#vxprint -l <plexname> or vxprint -lp            ---->display the information abot plex
#vxprint -l <subdisk>  or vxprint -st              ----> Information about sub disk
#vxprint -l <volumename>  or vxprint -vl or vxprint -vt ----> Information about volume name.

#vxrecover -s <volume name>                      ---> Recover a volume
#vxrecover 0s                                               ---> to recover all the volumes in VXVM..
# vxsd join subdisk-88 subdisk-77 subdisk-99-->To join subdisk-88 and subdisk-77 to create the new bigger subdisk-99.
#vxtrace <volume name>                              ---> trace the selected volume
#vxva                                                           ---> VXVM GUI Mode
#vxvol maint <volume name>                        ---> to voulme in maintence  mode on VXVM.
#vxtask list or vxtask monitor                        ---> Which Tasks is running in VXVM.
#vxconfigd -k   or vxtask monitor                 ---> restart VXVM configuration Daemon

#vxtask monitor

#vxptint -htv                                                ---> to determine volume status in VXVM
               



Solaris Unlimited: Root Mirroring – Solaris Volume Manager

Solaris Unlimited: Root Mirroring – Solaris Volume Manager:


HOWTO: Mirrored root disk on Solaris



0. Partition the first disk
# format c0t0d0
Use the partition tool (=> "p <enter>, p <enter>"!) to setup the slices. We assume the following slice setup afterwards:
#  Tag         Flag  Cylinders      Size      Blocks
 -  ----------  ----  -------------  --------  --------------------
 0  root        wm        0 -   812  400.15MB  (813/0/0)     819504
 1  swap        wu      813 -  1333  256.43MB  (521/0/0)     525168
 2  backup      wm        0 - 17659    8.49GB  (17660/0/0) 17801280
 3  unassigned  wm     1334 -  1354   10.34MB  (21/0/0)       21168
 4  var         wm     1355 -  8522    3.45GB  (7168/0/0)   7225344
 5  usr         wm     8523 - 14764    3.00GB  (6242/0/0)   6291936
 6  unassigned  wm    14765 - 16845    1.00GB  (2081/0/0)   2097648
 7  home        wm    16846 - 17659  400.15MB  (813/0/0)     819504
1. Copy the partition table of the first disk to its future mirror disk
# prtvtoc /dev/rdsk/c0t0d0s2  fmthard -s - /dev/rdsk/c0t1d0s2
2. Create at least two state database replicas on each disk
# metadb -a -f -c 2 c0t0d0s3 c0t1d0s3
Check the state of all replicas with metadb:
# metadb
Notes:
A state database replica contains configuration and state information about the meta devices. Make sure that always at least 50% of the replicas are active!
3. Create the root slice mirror and its first submirror
# metainit -f d10 1 1 c0t0d0s0
 # metainit -f d20 1 1 c0t1d0s0
 # metainit d30 -m d10
Run metaroot to prepare /etc/vfstab and /etc/system (do this only for the root slice!):
# metaroot d30
4. Create the swap slice mirror and its first submirror
# metainit -f d11 1 1 c0t0d0s1
 # metainit -f d21 1 1 c0t1d0s1
 # metainit d31 -m d11
5. Create the var slice mirror and its first submirror
# metainit -f d14 1 1 c0t0d0s4
 # metainit -f d24 1 1 c0t1d0s4
 # metainit d34 -m d14
6. Create the usr slice mirror and its first submirror
# metainit -f d15 1 1 c0t0d0s5
 # metainit -f d25 1 1 c0t1d0s5
 # metainit d35 -m d15
7. Create the unassigned slice mirror and its first submirror
# metainit -f d16 1 1 c0t0d0s6
 # metainit -f d26 1 1 c0t1d0s6
 # metainit d36 -m d16
8. Create the home slice mirror and its first submirror
# metainit -f d17 1 1 c0t0d0s7
 # metainit -f d27 1 1 c0t1d0s7
 # metainit d37 -m d17
9. Edit /etc/vfstab to mount all mirrors after boot, including mirrored swap

/etc/vfstab before changes:
fd                 -                   /dev/fd  fd     -  no   -
 /proc              -                   /proc    proc   -  no   -
 /dev/dsk/c0t0d0s1  -                   -        swap   -  no   -
 /dev/md/dsk/d30    /dev/md/rdsk/d30    /        ufs    1  no   logging
 /dev/dsk/c0t0d0s5  /dev/rdsk/c0t0d0s5  /usr     ufs    1  no   ro,logging
 /dev/dsk/c0t0d0s4  /dev/rdsk/c0t0d0s4  /var     ufs    1  no   nosuid,logging
 /dev/dsk/c0t0d0s7  /dev/rdsk/c0t0d0s7  /home    ufs    2  yes  nosuid,logging
 /dev/dsk/c0t0d0s6  /dev/rdsk/c0t0d0s6  /opt     ufs    2  yes  nosuid,logging
 swap               -                   /tmp     tmpfs  -  yes  -
/etc/vfstab after changes:
fd                 -                   /dev/fd  fd     -  no   -
 /proc              -                   /proc    proc   -  no   -
 /dev/md/dsk/d31    -                   -        swap   -  no   -
 /dev/md/dsk/d30    /dev/md/rdsk/d30    /        ufs    1  no   logging
 /dev/md/dsk/d35    /dev/md/rdsk/d35    /usr     ufs    1  no   ro,logging
 /dev/md/dsk/d34    /dev/md/rdsk/d34    /var     ufs    1  no   nosuid,logging
 /dev/md/dsk/d37    /dev/md/rdsk/d37    /home    ufs    2  yes  nosuid,logging
 /dev/md/dsk/d36    /dev/md/rdsk/d36    /opt     ufs    2  yes  nosuid,logging
 swap               -                   /tmp     tmpfs  -  yes  -
Notes:
The entry for the root device (/) has already been altered by the metaroot command we executed before.
10. Reboot the system
# lockfs -fa && init 6
11. Attach the second submirrors to all mirrors
# metattach d30 d20
 # metattach d31 d21
 # metattach d34 d24
 # metattach d35 d25
 # metattach d36 d26
 # metattach d37 d27
Notes:
This will finally cause the data from the boot disk to be synchronized with the mirror drive.
You can use metastat to track the mirroring progress.

12. Change the crash dump device to the swap metadevice
# dumpadm -d `swap -l  tail -1  awk '{print $1}'
13. Make the mirror disk bootable
# installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/c0t1d0s0
Notes:
This will install a boot block to the second disk.
14. Determine the physical device path of the mirror disk
# ls -l /dev/dsk/c0t1d0s0
 ... /dev/dsk/c0t1d0s0 -> ../../devices/pci@1f,4000/scsi@3/sd@1,0:a
15. Create a device alias for the mirror disk
# eeprom "nvramrc=devalias mirror /pci@1f,4000/scsi@3/disk@1,0"
 # eeprom "use-nvramrc?=true"
Add the mirror device alias to the Open Boot parameter boot-device to prepare the case of a problem with the primary boot device.
# eeprom "boot-device=disk mirror cdrom net"
You can also configure the device alias and boot-device list from the Open Boot Prompt (OBP a.k.a. ok prompt):
ok nvalias mirror /pci@1f,4000/scsi@3/disk@1,0
 ok use-nvramrc?=true
 ok boot-device=disk mirror cdrom net
Notes:
From the OBP, you can use boot mirror to boot from the mirror disk.
On my test system, I had to replace sd@1,0:a with disk@1,0. Use devalias on the OBP prompt to determine the correct device path.

Saturday, 17 August 2013

How To Update Kernel Patch in Solaris.

                                How To Update Kernal Patch in Solaris.
1.Take the backup from below files
  @ifconfig -a
  @uname -a
  @cat /etc/vfstab
  @df -h | wc -l
  @df -h
  @netstat -rn
  @backup filesystem
  @if it s in SVM --->metastat -p,metastat,metadb -i
  @Remove the root mirror (Edit the vfstab,system,dumpadm.conf file of secondary disk)
  @Check the current patch version

2.before patching you need to do in sanitory reboot in console (#init 6)
3.init 0--> why here init 0 means.If the server may happen not booted in single usermode
            we can go to alternate boot disk 1
4.OK> boot -s
it will ask the maintenance root passwd--> entire the root passwd
You will get the # prompt
make sure you should be in single user mode...Not in run level 3. 
 #who -r --> to check the run level
5.GO to te path where you downloaded cd /var/tmp/10_recommdended
6. ./installpatchset --s10 patchset
7.Once done down the machine in to OBP using #init 0 or restart the server using #init 6
8.Do the reconfiguration boot using --> #boot -r
9.Once box comes up check uname -a it will show the latest kernel level
10.If u had any problem after patching .U have to remove the new patch
    patchrm <newpatch>  & boot the system.
11. Get Validation from the Respective Application Team 

Recovery SMF depository in Solaris 10

                     Recovery SMF depository in Solaris 10

To Recover the SMF depository use below command:-
  #/lib/svc/bin/restore_depository
1.it will ask which option want restore like
2.You have type -->boot,manifest,-seed-,quit
3.select  your requirement
4.after it will get restart system automatically

Friday, 16 August 2013

How to reduce the Security risk in Solaris

                   How to reduce the Security risk in Solaris  - Generic OS Hardening steps

1.Apply recommendation patch cluster bundle regularly.
  It's very impartant bug fixes & security fix patches
2.Disable unused services which will make high risk
  like no longer used such NFS,NIS,Apache,sendmail,SNMP,Printer,Internet based services
3.disable inet services and use ssh for remote login and file server.
  It's better not to use telnet,ftp,rlogin services
4.There many parameters in solaris kernal which can be turned to increase the security
  Network parameters can be tuned using -->ndd command
  Other kernel parameters can modified using-->/etc/system file.
5.Network tweaks:-
  @ Disable IP forwarding on OS
  @ Protect against SYN floods attacks
  @ Reduce ARP timeouts
6.Restrict root to login only via console
  @ remove un-used users
  @ Restrict cron access from normal users and disable.rhosts
7.set warning banners in /etc/motd & /etc/issue
8.Increase the level of logging in system accounting,process accounting,kernal level auditing
9.create /etc/ftpd/ftpusers to restrict ftp to all users
10.Remove the group writable from all files in /etc
  # chmod -R g-w /etc
11.Disble un-used SMF services using -->svcadm command
12.use Solaris sercrity Toolkit (JASS)
13.Be caution with removable media devices.Stop "vold" if possible

14.Restrict access to TCP based network services by using TCP wrappers

Solaris administrator Day to Day activities

                                  Solaris administrator Day to Day activities
             
1. Check the status of all the servers (Health check)
   @Cpu,Memory ,processes,services & diskspace
2.Performance monitoring cpu & swap memory
3.File system usage monitoring & extension
4.User credentials and logons maintenance
5.Troubleshooting like server crash ,reboots,hardware problems
6.Network problem on the server.
7.Managing & configuration of SVM & Maintaining SVM Filesystem.
8. Managing zones creation deletion extension etc.
9. Doing Patch Management to the server.
10. Noramly general request Extending the file system & creating new mount point user administration.
11. If incident happens like server rebooted by itself any harware component failed
    raise Change Management  and Working with H/W vendor till close Change management.
12. Check the backup report (scheduled by crontab and ctrl-m)
   @ In my company Veritas netbackup 6.5 using for Backup
   @ Backup types will be BCV/Snap/Tape/D2D
   @ If any client backup fails i have to re-run if its hot backup
   @ otherwise inform the database or application team to re-run the bakup

Jump start installation step by step on Solaris 10


                  Jump start installation step by step
     
Introduction

The Solaris 10 Operating System offers an automatic installation process,
Solaris JumpStart software. The Solaris JumpStart procedure enables you to install the Solaris
OS automatically and configure it differently,
depending on the characteristics of client systems.
These identifying characteristics are used to select the correct configuration for each client system.

The following tasks are required to configure a single JumpStart server to provide
Basic software installation services using the JumpStart procedures:
1.Spool the operating system image.
2.Edit the sysidcfg file.
3.Edit the profile and rules.
4.Run the check script.
5.Run the add_install_client script.
6.Boot the client.

Basically work like this:-
1.Jumpstart reads the rules .ok file
2.Jumpstart finds the profile in rules.ok and use it for installation
3.Rules doesn't match ,regular interactive installation will occurs.

This document is a quick revision sheet, please refer to the sun documation regarding on how to install, configure and implement Solaris Jumpstart

Create the directory structure mkdir -p /export/jumpstart/Solaris_8
mkdir /export/jumpstart/Solaris_10
mkdir /export/jumpstart/config
mkdir /export/jumpstart/boot
Share out directories # edit the /etc/dfs/dfstab file
share -F nfs -o ro,anon=0 /export/jumpstart/
Create Install server # Obtain the Solaris 8 CD's
setup-install-server /export/jumpstart/Solaris_8

# Obtain the Solaris 10 CD's or DVD
setup-install-server /export/jumpstart/Solaris_10
Add additional software # Solaris normally comes on multiple CD's
add-to-install-server /export/jumpstart/Solaris_8
# Solaris normally comes on multiple CD's
add-to-install-server /export/jumpstart/Solaris_10
Copy the configuration and example scripts The samples can be find in and should be copied to /export/jumpstart/config

<your configured path>/Misc/jumpstart_sample
Create boot Servers # If additonal boot servers are required
setup-install-server -b /export/jumpstart/boot
Setup automatic system config create the sysidcfg information in the /export/jumpstart/config directory (can use sysidconfig from other servers)
Example sysidcfg file
---------------------------------------------------------------------------------------
timezone=GB
timeserver=localhost
network_interface=primary {netmask=255.255.240.0 protocol_ipv6=no}
terminal=vt100
security_policy=NONE
name_service=NONE
Create profiles # There are various examples on the CD's (directory)
# profile keywords profile values
# ----------------- -----------------
  install_type initial_install
  system_type standalone
  partitioning default
  filesys c0t0d0s0 4000 /
  filesys c0t0d0s1 1000 swap
  filesys c0t0d0s3 1000 /var
  cluster SUNWcuser
  cluster SUNWCacc
  package SUNWman delete
see link for more profile exmaples, you have used the SUNWcall cluster package for everything
Create Begin & Finish scripts The scripts can be shell, perl, etc
Create rules file The rules are based on keywords with values, begin script, profile, finish script
hostname vclus1   -   cluster_profile  -
Check rules file # Run the check script within the config directory, a file will be created called "rules.ok"
check
Setup clients
# add_install_client is in Solaris_10/Tools directory

./add_install_client
-e 8:0:20:7a:22:7e 

-i 192.168.0.1
-t jump1:/export/jumpstart/Solaris_10/Tools/Boot
-p jump1:/export/jumpstart/config
-c jump1:/export/jumpstart/config
-s jump1:/export/jumpstart/Solaris_10
newserver1
sun4u
-e client ethernet address
-i IP address of client
-t install boot image path
-p Profile Server:<path to sysidcfg file >
-c Configuration Server:<custom jumpstart directory >
-s Install Server:<OS Location>
you could have obmitted the -e and -i options if you add them to /etc/ethers and /etc/hosts files
Other useful options
---------------------------------------------------------------------
-d specify as a DHCP client


check boot server ## to make sure that a boot server is on the network, yo can use the command
rpcinfo -b bootparam 1
Jumpstart Process
Jumpstart Server/Client Process
  • Client sends a RARP for its IP address 
  • The Boot Server responds via RARPD (in.rarpd) with the IP address in /etc/ethers or the ethers NIS/NIS+ map depending on the ethers setting in /etc/nsswitch.conf
  • The client sends a tftp request for a bootimage
  • The server starts in.tftp from inetd and sends the small net kernel image
  • The client then starts bootparams client and requests boot info
  • The server responds with the clients entry from /etc/bootparams
  • The client NFS mount it’s root partition from the install server
  • The client then mounts the configuration server (/jumpstart) and runs “sysidtool”. 
  • It then mounts the install image and runs Suninstall to begin the install process.
Daemons used
Daemons Used mountd
nfsd
rpc.bootparamd
in.rarpd
in.tftpd
rpld (x86)

Files Used
Files Used /tftpboot
/rplboot
/etc/inetd.conf
/etc/ethers
/etc/hosts
/etc/bootparams

SVM Failed disk replacement on Solaris

                     SVM Failed disk replacement on Solaris
             
1.Take backup below file output:-
  a.metastat -p
  b.metastat -t
  c.metadb -i
  d.echo|fromat
  e.iostat -En
  f.ifconfig -a
2.Identify the failed disk by following commands:-
   #iostat -en
    — - errors —
    s/w h/w trn tot device
     6 50 0 6 c1t2d0

    #echo|format
    Indentifying the logs(/var/adm/message) & dmesg
3.detach the failed disk submirror
   #metadetach d0 d20
4.clear the submirror -->metaclear d20
5.delete the statedata base replica of failed disk
   #metadb -d -f c1t2d0s3
6.Remove hard drive from the tree in the sequence
  Incase the SCSI/SAS disk
  #cfgadm -al--->c0::dsk/c1t2d0 disk connected configured unknown
  #cfgadm -c unconfigure c0::dsk/c1t2d0)--->c1::dsk/c1t2d0 disk connected unconfigured unknown
  #cfgadm -z remove_device c0::dsk/c1t2d0 (for data disk only)

  In case of FCAL Sun 280R, V880, V490, V880, V890
  command sequence to replace the disks
  #luxadm -e port
  #luxadm probe(to display paths)
  #luxadm remove_device_F /dev/rdsk/c#t#d#s2
  #devfsadm -v -Cc disk (where:C=cleans dir:c=specify disk)
  #luxadm insert_device (optional)
7.Remove the disk from server
8.Insert the new disk
9.Configure the new disk
  #cfgadm -c configure c1:dsk/c1t2d0

Verify the device connected in device tree.-->cfgadm -al
10.Check the status in server by applying:
   #echo|format or #iostat -en
   if not visible
   #devfsadm -C -C disks
     or
   #devfsadm -c configure
11.Check the vtoc table for root disk and replaced disk if not same do below
   prtvtoc /dev/rdsk/c1t2d1s2 |fmthard -s - /dev/rdsk/c1t2d0s2
12.create the statedata base on replaced disk
   metadb -afc 3 /dev/dsk/c1t2d0s3
13.Reattach the mirror and wait until all mirrors will sycned
   #metainit d2 1 1 c1t2d0s0
   #metatttach d5 d2
   #metastat -ac or metastat -t to check the sycning status
 
14.safe to run metadevadm command to update the new ID
   #metadevadm -u
   #metadevadm -u /dev/dsk/c1t2d0