Pages

Wednesday, January 31, 2018

Random Solaris Tips: 11.4 Beta, LDoms 3.5, Privileges, File Attributes & Disk Block Size

Solaris OS Beta

11.4 Download Location & Documentation

Recently Solaris 11.4 hit the web as a public beta product meaning anyone can download and use it in non-production environments. This is a major Solaris milestone since the release of Solaris 11.3 GA back in 2015.

Few interesting pages:


Logical Domains
Dynamic Reconfiguration
Blacklisted Resources
Command History

Dynamic Reconfiguration of Named Resources

Starting with the release of Oracle VM Server for SPARC 3.5 (aka LDoms) it is possible to dynamically reconfigure domains that have named resources assigned. Named resources are the resources that are assigned explicitly to domains. Assigning core ids 10 & 11 and a 32 GB block of memory at physical address 0x50000000 to some domain X is an example of named resource assignment. SuperCluster Engineered System is one example where named resources are explicitly assigned to guest domains.

Be aware that depending on the state of the system, domains and resources, some of the dynamic reconfiguration operations may or may not succeed.

Here are few examples that show DR functionality with named resources.

ldm remove-core cid=66,67,72,73 primary
ldm add-core cid=66,67 guest1
ldm add-mem mblock=17664M:16G,34048M:16G,50432M:16G guest2

Listing Blacklisted Resources

When FMA detects faulty resource(s), Logical Domains Manager attempts to stop using those faulty core and memory resources (no I/O resources at the moment) in all running domains. Also those faulty resources will be preemptively blacklisted so they don't get assigned to any domain.

However if the faulty resource is currently in use, Logical Domains Manager attempts to use core or memory DR to evacuate the resource. If the attempt fails, the faulty resource is marked as "evacuation pending". All such pending faulty resources are removed and moved to blacklist when the affected guest domain is stopped or rebooted.

Starting with the release of LDoms software 3.5, blacklisted and evacuation pending resources (faulty resources) can be examined with the help of ldm's -B option.

eg.,
# ldm list-devices -B
CORE
ID STATUS DOMAIN
1 Blacklisted
2 Evac_pending ldg1
MEMORY
PA SIZE STATUS DOMAIN
0xa30000000 87G Blacklisted
0x80000000000 128G Evac_pending ldg1

Check this page for some more information.

LDoms Command History

Recent releases of LDoms Manager can show the history of recently executed ldm commands with the list-history subcommand.

# ldm history
Jan 31 19:01:18 ldm ls -o domain -p
Jan 31 19:01:48 ldm list -p
Jan 31 19:01:49 ldm list -e primary
Jan 31 19:01:54 ldm history
..

Last 10 ldm commands are shown by default. ldm set-logctl history=<value> command can be used to configure the number of commands in the command history. Setting the value to 0 disables the command history log.


Disks

Determine the Blocksize

devprop command on recent versions of Solaris 11 can show the logical and physical block size of a device. The size is represented in bytes.

eg.,

Following output shows 512-byte size for both logical and physical block. It is likely a 512-byte native disk (512n).

% devprop -v -n /dev/rdsk/c4t2d0 device-blksize device-pblksize
device-blksize=512
device-pblksize=512

Find some useful information about disk drives that exceed the common 512-byte block size here.


Security Services

Privileges

When debugging option was enabled, ppriv command on recent versions of Solaris 11 can be used to check if the current user has required privileges to run a certain command.

eg.,
% ppriv -ef +D /usr/sbin/trapstat
trapstat[18998]: missing privilege "file_dac_read" (euid = 100, syscall = "faccessat") for "/devices/pseudo/trapstat@0:trapstat" at devfs_access+0x74
trapstat: permission denied opening /dev/trapstat: Permission denied

% ppriv -ef +D /usr/sbin/prtdiag
System Configuration:  Oracle Corporation  sun4v T5240
Memory size: 65312 Megabytes

================================ Virtual CPUs ================================
..

Following example examines the privileges of a running process.

# ppriv 23829  <-- pid 23829 running in a non-global zone. ppriv executed in global zone
23829:  ora_lmhb_spare31
flags = 
        E: basic,sys_mount
        I: basic,sys_mount
        P: basic,sys_mount
        L: basic,contract_event,contract_identity,contract_observer,file_chown,file_chown_self,[...]


# ppriv 18374 <-- pid 18374 and ppriv are running in the global zone
18374:  /u01/app/12.2.0.1/grid/bin/crsd.bin reboot
flags = 
        E: basic,contract_event,contract_identity,contract_observer,file_chown,[...]
        I: basic,sys_mount
        P: basic,contract_event,contract_identity,contract_observer,file_chown,file_chown_self,[...]
        L: basic,contract_event,contract_identity,contract_observer,file_chown,file_chown_self,file_dac_execute,[...]

stat

File Attributes

stat command on Solaris and other flavors of *nix operating systems can show various attributes related to a file or a file system.

Following example shows the usage to fetch filename along with the file owner, last modification date and the size in bytes.

% stat -c "%n %U %y %s" /var/tmp/perl5.zip
/var/tmp/perl5.zip twiki 2017-04-29 10:10:52.295626350 -0700 7672631

Following example demonstrates how to examine the file permissions (access rights) in octal and human readable form.

% stat -c "%a %A %n" perl5.zip
644 -rw-r--r-- perl5.zip

All attributes of the file can be obtained by dropping the -c option with format strings.

Now let's look at an example that examines the file system status.

% stat -f /export
  File: "/export"
    ID: 4bd000a  Namelen: 255     Type: zfs
Block size: 131072     Fundamental block size: 512
Blocks: Total: 159472866  Free: 159472802  Available: 159472802
Inodes: Total: 159472810  Free: 159472802

All attributes of the file system can be examined by dropping the -f option

% stat /export
  File: '/export'
  Size: 3               Blocks: 3          IO Block: 512    directory
Device: 12f0001000ah/1301375156234d     Inode: 4           Links: 3
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    3/     sys)
Access: 2017-07-27 10:38:22.346222255 -0700
Modify: 2016-08-01 16:58:04.364608118 -0700
Change: 2016-08-01 16:58:04.364608118 -0700
 Birth: 2016-08-01 15:41:55.740419710 -0700

No comments:

Post a Comment