|Mandalika's scratchpad||[ Work blog @Oracle | My Music Compositions ]|
[Admins] Device Removal From a ZFS Storage Pool
In addition to removing hot spares, cache and log devices, Solaris 11.4 has support for removal of top-level virtual data devices (vdev) from a zpool with the exception of a RAID-Z pool. It is possible to cancel a remove operation that's in progress too.
This enhancement will come in handy especially when dealing with overprovisioned and/or misconfigured pools.
Ref: ZFS: Removing Devices From a Storage Pool for examples.
[Developers & Admins] Bundled Software
Bundled software packages include Python 3.5, Oracle instant client 12.2, MySQL 5.7, Cython (C-Extensions for Python), cx_Oracle Python module, Go compiler, clang (C language family frontend for LLVM) and so on.
cx_Oracle is a Python module that enables accessing Oracle Database 12c and 11g from Python applications. The Solaris packaged version 5.2 can be used with Python 2.7 and 3.4.
Depending on the type of Solaris installation, not every software package may get installed by default but the above mentioned packages can be installed from the package repository on demand.
# pkg install pkg:/developer/golang-17 # go version go version devel a30c3bd1a7fcc6a48acfb74936a19b4c Fri Dec 22 01:41:25 GMT 2017 solaris/sparc64
[Security] Isolating Applications with Sandboxes
Sandboxes are isolated environments where users can run applications to protect them from other processes on the system while not giving full access to the rest of the system. Put another way, application sandboxing is one way to protect users, applications and systems by limiting the privileges of an application to its intended functionality there by reducing the risk of system compromise.
Sandboxing joins Logical Domains (LDoms) and Zones in extending the isolation mechanisms available on Solaris.
Sandboxes are suitable for constraining both privileged and unprivileged applications. Temporary sandboxes can be created to execute untrusted processes. Only administrators with the Sandbox Management rights profile (privileged users) can create persistent, uniquely named sandboxes with specific security attributes.
The unprivileged command sandbox can be used to create temporary or named sandboxes to execute applications in a restricted environment. The privileged command sandbox can be used to create and manage named sandboxes.
To install security/sandboxing package, run:
# pkg install sandboxing -OR- # pkg install pkg:/security/sandboxing
Ref: Configuring Sandboxes for Project Isolation for details.
New Way to Find SRU Level
uname -v was enhanced to include SRU level. Starting with the release of Solaris 11.4, uname -v reports Solaris patch version in the format "11.<update>.<sru>.<build>.<patch>".
# uname -v 220.127.116.11.0
Above output translates to Solaris 11 Update 4 SRU 0 Build 12 Patch 0.
[Cloud] Service to Perform Initial Configuration of Guest Operating Systems
cloudbase-init service on Solaris will help speed up the guest VM deployment in a cloud infrastructure by performing initial configuration of the guest OS. Initial configuration tasks typically include user creation, password generation, networking configuration, SSH keys and so on.
cloudbase-init package is not installed by default on Solaris 11.4. Install the package only into VM images that will be deployed in cloud environments by running:
# pkg install cloudbase-init
Device Usage Information
The release of Solaris 11.4 makes it easy to identify the consumers of busy devices. Busy devices are those devices that are opened or held by a process or kernel module.
Having access to the device usage information helps with certain hotplug or fault management tasks. For example, if a device is busy, it cannot be hotplugged. If users are provided with the knowledge of how a device is currently being used, it helps them in resolving related issue(s).
On Solaris 11.4, prtconf -v shows pids of processes using different devices.
# prtconf -v ... Device Minor Nodes: dev=(214,72) dev_path=/pci@300/pci@2/usb@0/hub@4/storage@2/disk@0,0:a spectype=blk type=minor nodetype=ddi_block:channel dev_link=/dev/dsk/c2t0d0s0 dev_path=/pci@300/pci@2/usb@0/hub@4/storage@2/disk@0,0:a,raw spectype=chr type=minor nodetype=ddi_block:channel dev_link=/dev/rdsk/c2t0d0s0 Device Minor Opened By: proc='fmd' pid=1516 cmd='/usr/lib/fm/fmd/fmd' user='root' ...
[Developers] Support for C11 (C standard revision)
Solaris 11.4 includes support for the C11 programming language standard: ISO/IEC 9899:2011 Information technology - Programming languages - C.
Note that C11 standard is not part of the Single UNIX Specification yet. Solaris 11.4 has support for C11 in addition to C99 to provide customers with C11 support ahead of its inclusion in a future UNIX specification. That means developers can write C programs using the newest available C programming language standard on Solaris 11.4 (and later).
pfiles on a coredump
pfiles, a /proc debugging utility, has been enhanced in Solaris 11.4 to provide details about the file descriptors opened by a crashed process in addition to the files opened by a live process.
In other words, "pfiles core" now works.
Privileged Command Execution History
A new command, admhist, was included in Solaris 11.4 to show successful system administration related commands which are likely to have modified the system state, in human readable form. This is similar to the shell builtin "history".
The following command displays the system administration events that occurred on the system today.
# admhist -d "today" -v ... 2018-05-31 17:43:21.957-07:00 firstname.lastname@example.org cwd=/ /usr/bin/sparcv9/python2.7 /usr/bin/64/python2.7 /usr/bin/pkg -R /zonepool/p6128-z1/root/ --runid=12891 remote --ctlfd=8 --progfd=13 2018-05-31 17:43:21.959-07:00 email@example.com cwd=/ /usr/lib/rad/rad -m /usr/lib/rad/transport -m /usr/lib/rad/protocol -m /usr/lib/rad/module -m /usr/lib/rad/site-modules -t pipe:fd=3,exit -e 180 -i 1 2018-05-31 17:43:22.413-07:00 firstname.lastname@example.org cwd=/ /usr/bin/sparcv9/pkg /usr/bin/64/python2.7 /usr/bin/pkg install sandboxing 2018-05-31 17:43:22.415-07:00 email@example.com cwd=/ /usr/lib/rad/rad -m /usr/lib/rad/transport -m /usr/lib/rad/protocol -m /usr/lib/rad/module -m /usr/lib/rad/site-modules -t pipe:fd=3,exit -e 180 -i 1 2018-05-31 18:59:52.821-07:00 firstname.lastname@example.org cwd=/root /usr/bin/sparcv9/pkg /usr/bin/64/python2.7 /usr/bin/pkg search cloudbase-init ..
It is possible to narrow the results by date, time, zone and audit-tag
Ref: man page of admhist(8)
[Developers] Process Control Library
Solaris 11.4 includes a new process control library, libproc, which provides high-level interface to features of the /proc interface. This library also provides access to information such as symbol tables which are useful while examining and control of processes and threads.
A controlling process using libproc can typically:
Ref: man page of libproc(3LIB) for an example and details.