some Unix notes
1. Change the file /etc/ssh/sshd_config PermitRootLogin yes with PermitRootLogin no and save file.
vi /etc/ssh/sshd_config
PermitRootLogin yes
2. Comment out the “CONSOLE=/dev/console” line in /etc/default/login.
vi /etc/default/login
#CONSOLE=/dev/console
3.Remove “;type=role” from the root entry in /etc/user_attr or use the below command.
rolemod -K type=normal root
4. Restart the Services.
#svcadm restart svc:/network/ssh:default
root@ueq2solp01:~# pkg info entire
Name: entire
Summary: entire incorporation including Support Repository Update
(Oracle Solaris 11.4.42.111.0).
Description: This package constrains system package versions to the same
build. WARNING: Proper system update and correct package
selection depend on the presence of this incorporation.
Removing this package will result in an unsupported system.
For more information see:
https://support.oracle.com/rs?type=doc&id=2433412.1
Category: Meta Packages/Incorporations
State: Installed
Publisher: solaris
Version: 11.4 (Oracle Solaris 11.4.42.111.0)
Branch: 11.4.42.0.0.111.0
Packaging Date: December 3, 2021 at 10:15:58 PM
Last Install Time: December 4, 2021 at 6:33:20 AM
Size: 2.52 kB
FMRI: pkg://solaris/entire@11.4-11.4.42.0.0.111.0:20211203T221558Z
root@ueq2solp01:~# pkg freeze -c “keep at 11.4.42.111.0” entire@0.5.11,11.4-11.4.42.0.0.111.0:20211203T221558Z
pkg freeze: The following patterns attempted to freeze the listed packages
at a version different from the version at which the packages are installed.
entire@0.5.11,11.4-11.4.42.0.0.111.0:20211203T221558Z
root@ueq2solp01:~# pkg freeze
root@ueq2solp01:~# pkg freeze -c “keep at 11.4.42.111.0” entire@11.4-11.4.42.0.0.111.0:20211203T221558Z
entire was frozen at 11.4-11.4.42.0.0.111.0:20211203T221558Z
root@ueq2solp01:~#
root@ueq2solp01:~# pkg freeze
NAME VERSION DATE COMMENT
entire 11.4-11.4.42.0.0.111.0:20211203T221558Z 23 May 2022 22:09:22 CDT keep at 11.4.42.111.0
https://pkg-register.oracle.com/register/product_info/1/
pkg set-publisher -k pkg.oracle.com.key.pem -c pkg.oracle.com.certificate.pem -G "*" -g https://pkg.oracle.com/solaris/support/ solaris
pkg list -a 'pkg://solaris/*'
to create:
tar -cpf file.tar directory
to extract:
tar -xpf file.tar
ipadm show-if
ipadm show-addr
ipadm delete-ip net0
ipadm show-addr
ipadm create-ip net0
ipadm create-addr -T static -a local=10.181.20.10/24 net0/v4
route -p show
netstat -rn
vi /etc/defaultrouter
route delete default 10.177.232.1
route add default 10.181.20.1
In the global zone:
dladm create-vnic -l net0 vnic1
dladm show-vnic
root@solaris01:~# zonecfg -z zone2
zonecfg:zone2> set ip-type=exclusive
zonecfg:zone2> add net
zonecfg:zone2:net> set physical=vnic1
zonecfg:zone2:net> end
zonecfg:zone2> verify
zonecfg:zone2> commit
zonecfg:zone2> exit
# zlogin zone2
zone2# ipadm create-ip vnic1
zone2# ipadm create-addr -T dhcp vnic1/dhcp
https://docs.oracle.com/cd/E93612_01/html/E93617/configlinkbasedipmpexample.html
# ipadm create-ip net0 # ipadm create-ip net1 # ipadm create-ipmp ipmp0 # ipadm add-ipmp -i net0 -i net1 ipmp0 # ipadm create-addr -T static -a 192.168.1.1/24 ipmp0/v4addr1 # ipadm set-ifprop -p standby=on -m ip net1 # ipmpstat -g GROUP GROUPNAME STATE FDT INTERFACES ipmp0 ipmp0 ok -- net0 (net7 net6 net5 net4 net3 net2 net1)
To test it use if_mpadm -d <nic> to disable a nic, and if_mpadm -r <nic> to enable it
# if_mpadm -d net1
# if_mpadm -d net2
# if_mpadm -d net3
# if_mpadm -d net4
# ping 192.168.5.1
# if_mpadm -r net0
# if_mpadm -r net1
# if_mpadm -r net2
# if_mpadm -r net3
# if_mpadm -r net4
# if_mpadm -r net5
# if_mpadm -r net6
You can add a vnic to the ipmp group, so you can use it in a zone, you create over one of the nics of the ipmp group:
dladm create-vnic -l net0 vnic0
Add the nic to the zone
zonecfg -z myzone
>add net
> set physical=vnic0
>end
>verify
>commit
>exit
You can also test by issuing:# ipadm disable-if -t net0
# ipadm enable-if -t net0
Set mountpoint to legacy
# zfs set mountpoint=legacy z2data/data
# zonecfg -z zone2
zonecfg:zone2> add fs
zonecfg:zone2:fs> set type=zfs
zonecfg:zone2:fs> set special=z2data/data
zonecfg:zone2:fs> set dir=/data
zonecfg:zone2:fs> end
zonecfg:zone2> verify
zonecfg:zone2> commit
zonecfg:zone2> exit
# zoneadm -z zone2 reboot
Zone States
| Configured | Configuration has been completed and storage has been committed. Additional configuration is still required. |
| Incomplete | Zone is in this state when it is being installed or uninstalled. |
| Installed | The zone has a confirmed configuration, zoneadm is used to verify the configuration, Solaris packages have been installed, even through it has been installed, it still has no virtual platform associated with it. |
| Ready (active) | Zone’s virtual platform is established. The kernel creates the zsched process, the network interfaces are plumbed and filesystems mounted. The system also assigns a zone ID at this state, but no processes are associated with this zone. |
| Running (active) | A zone enters this state when the first user process is created. This is the normal state for an operational zone. |
| Shutting down + Down (active) | Normal state when a zone is being shutdown. |
Files and Directories
| zone config file | /etc/zones |
| zone index | /etc/zones/index Note: used by /lib/svc/method/svc-zones to start and stop zones |
Cheat sheet
| Creating a zone | zonecfg -z <zone>see creating a zone for a more details |
| deleting a zone from the global ssytem | ## halt the zone first, then uninstall it zoneadm -z <zone> halt zoneadm -z <zone> uninstall ## now you can delete it zonecfg -z <zone> delete -F |
| Display zones current configuration | zonecfg -z <zone> info |
| Display zone name | zonename |
| Create a zone creation file | zonecfg -z <zone> export |
| Verify a zone | zoneadm -z <zone> verify |
| Installing a zone | zoneadm -z <zone> install |
| Ready a zone | zoneadm -z <zone> ready |
| boot a zone | zoneadm -z <zone> boot |
| reboot a zone | zoneadm -z <zone> reboot |
| halt a zone | zoneadm -z <zone> halt |
| uninstalling a zone | zoneadm -z <zone> uninstall -F |
| Veiwing zones | zoneadm list -cv |
| login into a zone | zlogin <zone> |
| login to a zones console | zlogin -C <zone> (use ~. to exit) |
| login into a zone in safe mode (recovery) | zlogin -S <zone> |
| add/remove a package (global zone) | # pkgadd -G -d . <package> If the -G option is missing the package will be added to all zones |
| add/remove a package (non-global zone) | # pkgadd -Z -d . <package>If the -Z option is missing the package will be added to all zones |
| Query packages in all non-global zones | # pkginfo -Z |
| query packages in a specified zone | # pkginfo -z <zone> |
| lists processes in a zone | # ps -z <zone> |
| list the ipcs in a zone | # ipcs -z <zone> |
| process grep in a zone | # pgrep -z <zone> |
| list the ptree in a zone | # ptree -z <zone> |
| Display all filesystems | # df -Zk |
| display the zones process informtion | # prstat -Z# prstat -z <zone> Note:-Z reports information about processes and zones -z reports information about a particular zone |