Peter Baer Galvin will give a workshop on Solaris 10 administration topics, with a focus on virtualization technologies in Solaris. The workshop will provide an overview of virtualization options in Solaris like zones, logical domains (LDOMs), and Xen. It will cover both basic concepts and hands-on experience to reinforce learning. The target audience is system administrators with some Solaris experience who want to learn more about administering and using virtualization in Solaris 10 and newer releases.
The document provides an overview of Peter Baer Galvin's upcoming workshop on Solaris 10 administration topics, with a focus on file systems. It introduces Peter and his background, lists the objectives and prerequisites for the workshop, and outlines the topics to be covered, including an overview of file system options in Solaris such as UFS, Veritas, and ZFS. It also discusses preparing for hands-on labs and taking a poll of participants.
This document provides an overview of a workshop on Solaris 10 security topics presented by Peter Baer Galvin. The workshop covers new security features in Solaris 10 from an administrator's perspective, with the objectives of exploring the features, conveying their status and usability, and helping prepare for Solaris 10 deployment. The outline includes topics like DTrace, RBAC, privileges, NFSv4, auditing enhancements, packet filtering, and more.
This document provides an overview of Mac forensics. It discusses the Mac OS file system and directory structure. It also outlines the prerequisites for performing Mac forensics, including how to obtain the system date and time either from single-user mode or from preferences. Specific commands that can be run in single-user mode for safely gathering information are also provided.
The document discusses iPod and iPhone forensics. It provides an overview of iPods, iPhones, and the iPhone OS. It describes how criminals can use iPods and iPhones for illegal activities. The document outlines the forensic process, including proper collection and preservation of iPod/iPhone evidence, imaging the device, and analyzing the system and data partitions to retrieve potential evidence.
A professor at the University of Colorado Denver has received $710,000 in grants to establish a new National Center for Audio/Video Forensics. The center will develop new techniques for analyzing audio and video evidence to help solve crimes. It will provide training to students and professionals in fields like recording arts, computer science, and law enforcement. The grants were awarded by the Department of Justice and other organizations to create a leading forensics center for audio and video analysis.
The document discusses investigating social networking websites for evidence. It provides an overview of social networking sites like MySpace, Facebook, and Orkut and how they are used. It outlines the investigation process, including searching for accounts, mirroring web pages, and documenting evidence. Specific areas of investigation on each site are examined, such as friend lists, photos, and comments. The summary report generation is also reviewed.
Lawyers often lack knowledge about electronic data discovery compared to traditional paper discovery. To properly handle digital evidence, lawyers should understand basic computer functions and data storage. They should also identify qualified forensic experts, ensure the forensic process follows proper procedures, and understand what types of computer forensic analysis may be necessary for different legal cases.
This document discusses best practices for writing investigative reports based on computer forensics investigations. It provides guidelines on the format, structure, and content of reports, including maintaining objectivity, documenting evidence collection methods, and including relevant findings, conclusions, and recommendations. The document also provides a sample report template and discusses using forensic analysis tools like FTK to help generate reports.
The document provides an overview of Peter Baer Galvin's upcoming workshop on Solaris 10 administration topics, with a focus on file systems. It introduces Peter and his background, lists the objectives and prerequisites for the workshop, and outlines the topics to be covered, including an overview of file system options in Solaris such as UFS, Veritas, and ZFS. It also discusses preparing for hands-on labs and taking a poll of participants.
This document provides an overview of a workshop on Solaris 10 security topics presented by Peter Baer Galvin. The workshop covers new security features in Solaris 10 from an administrator's perspective, with the objectives of exploring the features, conveying their status and usability, and helping prepare for Solaris 10 deployment. The outline includes topics like DTrace, RBAC, privileges, NFSv4, auditing enhancements, packet filtering, and more.
This document provides an overview of Mac forensics. It discusses the Mac OS file system and directory structure. It also outlines the prerequisites for performing Mac forensics, including how to obtain the system date and time either from single-user mode or from preferences. Specific commands that can be run in single-user mode for safely gathering information are also provided.
The document discusses iPod and iPhone forensics. It provides an overview of iPods, iPhones, and the iPhone OS. It describes how criminals can use iPods and iPhones for illegal activities. The document outlines the forensic process, including proper collection and preservation of iPod/iPhone evidence, imaging the device, and analyzing the system and data partitions to retrieve potential evidence.
A professor at the University of Colorado Denver has received $710,000 in grants to establish a new National Center for Audio/Video Forensics. The center will develop new techniques for analyzing audio and video evidence to help solve crimes. It will provide training to students and professionals in fields like recording arts, computer science, and law enforcement. The grants were awarded by the Department of Justice and other organizations to create a leading forensics center for audio and video analysis.
The document discusses investigating social networking websites for evidence. It provides an overview of social networking sites like MySpace, Facebook, and Orkut and how they are used. It outlines the investigation process, including searching for accounts, mirroring web pages, and documenting evidence. Specific areas of investigation on each site are examined, such as friend lists, photos, and comments. The summary report generation is also reviewed.
Lawyers often lack knowledge about electronic data discovery compared to traditional paper discovery. To properly handle digital evidence, lawyers should understand basic computer functions and data storage. They should also identify qualified forensic experts, ensure the forensic process follows proper procedures, and understand what types of computer forensic analysis may be necessary for different legal cases.
This document discusses best practices for writing investigative reports based on computer forensics investigations. It provides guidelines on the format, structure, and content of reports, including maintaining objectivity, documenting evidence collection methods, and including relevant findings, conclusions, and recommendations. The document also provides a sample report template and discusses using forensic analysis tools like FTK to help generate reports.
A computer forensics specialist was able to disprove a claim involving improper data use through a detailed investigation and report of the computer's internal activities. The specialist examined the computer over a period of time and prepared a step-by-step report that showed what had occurred inside the computer with a particular data set. This helped the attorney address the claim and demonstrated how computer forensics can not only help prove but also disprove allegations of improper data use.
This document discusses network forensics and investigating logs. It covers topics such as where to find evidence like logs from firewalls, routers, servers and applications. It also discusses analyzing logs, handling logs as evidence, and different types of log injection attacks like new line injection, separator injection and defending against them. The document provides guidance on ensuring log file authenticity and integrity when investigating security incidents.
The document contains templates for conducting various types of forensics investigations. It includes checklists for investigating evidence from different devices and media like hard disks, floppy disks, CDs, flash drives, and mobile phones. There are also templates for documenting information gathered during an investigation like seizure records, evidence logs, and case feedback forms. The templates are intended to guide and standardize forensic investigations of digital evidence.
This document provides an overview of chapter 5 from the CISA review course, which focuses on protecting information assets. It discusses the importance of information security management and outlines key elements like policies, procedures, monitoring and compliance. It also covers logical access exposures and controls, including identification and authentication, authorization issues, and audit logging. The chapter examines network infrastructure security risks for LANs, client-server environments, wireless networks and the internet.
The document provides information on various computer forensics consulting companies and organizations. It lists their names and services offered, which include data recovery, electronic discovery, cyber forensic investigations, expert witness testimony, and litigation support for cases involving intellectual property theft, employee fraud, and other legal matters. The document also contains screenshots of some of the companies' websites.
The document provides an overview of the IS audit process chapter from a CISA review course. It discusses the organization of the IS audit function, audit planning, ISACA standards and guidelines, risk analysis, internal controls, and performing an IS audit. The objective of the process area is to ensure CISA candidates have the knowledge to provide IS audit services in accordance with standards and best practices to protect and control technology and business systems.
Service integration and management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers.
Service integration and management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers.
This document provides an introduction to Service Integration and Management (SIAM). It defines SIAM as an operating model that integrates and manages services across multiple internal and external service providers. The document outlines the history and purpose of SIAM, as well as the SIAM ecosystem, practices, roles, structures, and roadmap. It also discusses how SIAM relates to other frameworks and the value it provides organizations through improved service quality, costs, governance and flexibility.
Service integration and management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers.
Service integration and management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers.
The document discusses several digital forensics frameworks that outline procedures for conducting digital investigations. It describes the FORZA framework in detail, which includes different layers representing contextual information, legal considerations, technical preparations, data acquisition, analysis, and legal presentation. Other frameworks covered include an enhanced digital investigation process model, an event-based digital forensic investigation framework, and a computer forensics field triage process model. Key phases of each framework, such as readiness, deployment, physical crime scene investigation, and digital crime scene investigation are also outlined.
This document provides summaries of various Windows-based GUI tools across different categories such as process viewers, registry tools, desktop utilities, office applications, remote control tools, network tools, network scanners, network sniffers, hard disk tools, hardware info tools, file management tools, file recovery tools, file transfer tools, file analysis tools, password tools, and password cracking tools. For each tool, a brief description and link to the tool's website is given. The document is intended to familiarize the reader with these various Windows-based security tools.
This document provides an overview of various Windows-based command line tools. It lists tools like IPSecScan, MKBT, Aircrack, Outwit, Joeware Tools, MacMatch, WhosIP, Forfiles, Sdelete and describes their functions such as scanning for IPSec enabled systems, installing boot sectors, cracking wireless networks, and deleting files securely. It also summarizes command line tools for tasks like Active Directory management, password cracking, network scanning, and file operations.
This document provides information on various computer forensic tools, including both software and hardware tools. It discusses specific tools such as Visual TimeAnalyzer, X-Ways Forensics, Evidor, Ontrack EasyRecovery, Forensic Sorter, Directory Snoop, PDWIPE, Darik's Boot and Nuke (DBAN), FileMon, File Date Time Extractor, Snapback Datarrest, Partimage, Ltools, Mtools, @stake, Decryption Collection, AIM Password Decoder, and MS Access Database Password Decoder. It also includes screenshots of some of the tools.
This document discusses ethics in computer forensics. It covers ethics in areas like preparing forensic equipment, obtaining and documenting evidence, and bringing evidence to court. Ethics are important in computer forensics to distinguish acceptable and unacceptable behavior. Computer ethics help professionals avoid abuse and corruption. Equipment must be properly maintained and monitored. Evidence must be obtained and documented efficiently and carefully by skilled investigators to be acceptable in court.
I apologize, upon reviewing the document again I do not see any clear context to summarize it in 3 sentences or less. The document appears to be describing various concepts related to information system evaluation and certification but does not provide enough cohesive information to summarize concisely.
The document discusses the risk assessment process, including characterizing the IT system, identifying threats and vulnerabilities, analyzing controls, determining likelihood and impact, assessing risk level, and recommending controls to mitigate risks; it also covers developing policies and procedures for conducting risk assessments, writing risk assessment reports, and coordinating resources to perform risk assessments.
- Organizations need to implement effective data leakage prevention strategies like data security policies, auditing processes, access control, and encryption to protect their data from internal threats.
- Security policies help define acceptable usage of systems and data, as well as procedures for access control, backups, system administration and more. Logging policies should define which security-relevant events are logged for purposes like intrusion detection and reconstructing incidents.
- Evidence collection and documentation policies are important for responding to security incidents and preserving electronic evidence for analysis or legal proceedings. Information security policies aim to ensure the confidentiality, integrity and availability of organizational data.
This module discusses computer forensics laws and legal issues. It covers privacy issues involved in investigations, legal issues in seizing computer equipment, and laws in different countries. It also examines organizations that investigate computer crimes like the FBI, as well as US laws related to intellectual property, copyright, trademarks, trade secrets, and computer fraud and abuse. The goal is to familiarize students with the legal aspects of computer forensics investigations.
A computer forensics specialist was able to disprove a claim involving improper data use through a detailed investigation and report of the computer's internal activities. The specialist examined the computer over a period of time and prepared a step-by-step report that showed what had occurred inside the computer with a particular data set. This helped the attorney address the claim and demonstrated how computer forensics can not only help prove but also disprove allegations of improper data use.
This document discusses network forensics and investigating logs. It covers topics such as where to find evidence like logs from firewalls, routers, servers and applications. It also discusses analyzing logs, handling logs as evidence, and different types of log injection attacks like new line injection, separator injection and defending against them. The document provides guidance on ensuring log file authenticity and integrity when investigating security incidents.
The document contains templates for conducting various types of forensics investigations. It includes checklists for investigating evidence from different devices and media like hard disks, floppy disks, CDs, flash drives, and mobile phones. There are also templates for documenting information gathered during an investigation like seizure records, evidence logs, and case feedback forms. The templates are intended to guide and standardize forensic investigations of digital evidence.
This document provides an overview of chapter 5 from the CISA review course, which focuses on protecting information assets. It discusses the importance of information security management and outlines key elements like policies, procedures, monitoring and compliance. It also covers logical access exposures and controls, including identification and authentication, authorization issues, and audit logging. The chapter examines network infrastructure security risks for LANs, client-server environments, wireless networks and the internet.
The document provides information on various computer forensics consulting companies and organizations. It lists their names and services offered, which include data recovery, electronic discovery, cyber forensic investigations, expert witness testimony, and litigation support for cases involving intellectual property theft, employee fraud, and other legal matters. The document also contains screenshots of some of the companies' websites.
The document provides an overview of the IS audit process chapter from a CISA review course. It discusses the organization of the IS audit function, audit planning, ISACA standards and guidelines, risk analysis, internal controls, and performing an IS audit. The objective of the process area is to ensure CISA candidates have the knowledge to provide IS audit services in accordance with standards and best practices to protect and control technology and business systems.
Service integration and management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers.
Service integration and management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers.
This document provides an introduction to Service Integration and Management (SIAM). It defines SIAM as an operating model that integrates and manages services across multiple internal and external service providers. The document outlines the history and purpose of SIAM, as well as the SIAM ecosystem, practices, roles, structures, and roadmap. It also discusses how SIAM relates to other frameworks and the value it provides organizations through improved service quality, costs, governance and flexibility.
Service integration and management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers.
Service integration and management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers.
The document discusses several digital forensics frameworks that outline procedures for conducting digital investigations. It describes the FORZA framework in detail, which includes different layers representing contextual information, legal considerations, technical preparations, data acquisition, analysis, and legal presentation. Other frameworks covered include an enhanced digital investigation process model, an event-based digital forensic investigation framework, and a computer forensics field triage process model. Key phases of each framework, such as readiness, deployment, physical crime scene investigation, and digital crime scene investigation are also outlined.
This document provides summaries of various Windows-based GUI tools across different categories such as process viewers, registry tools, desktop utilities, office applications, remote control tools, network tools, network scanners, network sniffers, hard disk tools, hardware info tools, file management tools, file recovery tools, file transfer tools, file analysis tools, password tools, and password cracking tools. For each tool, a brief description and link to the tool's website is given. The document is intended to familiarize the reader with these various Windows-based security tools.
This document provides an overview of various Windows-based command line tools. It lists tools like IPSecScan, MKBT, Aircrack, Outwit, Joeware Tools, MacMatch, WhosIP, Forfiles, Sdelete and describes their functions such as scanning for IPSec enabled systems, installing boot sectors, cracking wireless networks, and deleting files securely. It also summarizes command line tools for tasks like Active Directory management, password cracking, network scanning, and file operations.
This document provides information on various computer forensic tools, including both software and hardware tools. It discusses specific tools such as Visual TimeAnalyzer, X-Ways Forensics, Evidor, Ontrack EasyRecovery, Forensic Sorter, Directory Snoop, PDWIPE, Darik's Boot and Nuke (DBAN), FileMon, File Date Time Extractor, Snapback Datarrest, Partimage, Ltools, Mtools, @stake, Decryption Collection, AIM Password Decoder, and MS Access Database Password Decoder. It also includes screenshots of some of the tools.
This document discusses ethics in computer forensics. It covers ethics in areas like preparing forensic equipment, obtaining and documenting evidence, and bringing evidence to court. Ethics are important in computer forensics to distinguish acceptable and unacceptable behavior. Computer ethics help professionals avoid abuse and corruption. Equipment must be properly maintained and monitored. Evidence must be obtained and documented efficiently and carefully by skilled investigators to be acceptable in court.
I apologize, upon reviewing the document again I do not see any clear context to summarize it in 3 sentences or less. The document appears to be describing various concepts related to information system evaluation and certification but does not provide enough cohesive information to summarize concisely.
The document discusses the risk assessment process, including characterizing the IT system, identifying threats and vulnerabilities, analyzing controls, determining likelihood and impact, assessing risk level, and recommending controls to mitigate risks; it also covers developing policies and procedures for conducting risk assessments, writing risk assessment reports, and coordinating resources to perform risk assessments.
- Organizations need to implement effective data leakage prevention strategies like data security policies, auditing processes, access control, and encryption to protect their data from internal threats.
- Security policies help define acceptable usage of systems and data, as well as procedures for access control, backups, system administration and more. Logging policies should define which security-relevant events are logged for purposes like intrusion detection and reconstructing incidents.
- Evidence collection and documentation policies are important for responding to security incidents and preserving electronic evidence for analysis or legal proceedings. Information security policies aim to ensure the confidentiality, integrity and availability of organizational data.
This module discusses computer forensics laws and legal issues. It covers privacy issues involved in investigations, legal issues in seizing computer equipment, and laws in different countries. It also examines organizations that investigate computer crimes like the FBI, as well as US laws related to intellectual property, copyright, trademarks, trade secrets, and computer fraud and abuse. The goal is to familiarize students with the legal aspects of computer forensics investigations.
Digital detectives specialize in computer forensics and network security. Their main roles include handling, investigating, and reacting to computer and network security incidents. They examine computers and other devices to recover evidence, using forensic tools and techniques. Digital detectives should have strong technical skills in computer forensics and operating systems. They may be required to testify in court about evidence and methods used. Continuous training, certification, and staying up to date on new techniques are important for digital detectives.
An expert witness testified in a court case involving a teacher accused of sexual relations with a student. The expert, a computer forensics officer, explained that activity seen on the teacher's computer was likely caused by automatic programs and weather programs, not tampering as the defense suggested. If the computer had been turned back on after seizure, there would have been evidence of that, but there was none. The document then discusses the role of expert witnesses and preparing for testimony in court cases.
The document discusses a new digital forensic data capture device called the Forensic Dossier launched by Logicube. The Dossier allows investigators to capture data from suspect drives at speeds of up to 6GB per minute. It supports capturing from RAID drives and various flash media. The Dossier features built-in support for many drive types and connections. It includes advanced authentication and other forensic features. The Dossier will be showcased at the 2009 International CES conference in Las Vegas.
Model Liskula Cohen is suing Google over a defamatory blog post that called her the "#1 skanky superstar". She filed the lawsuit to determine the identity of the anonymous blogger. Another woman, Nyree Howlett, sued multiple people for uploading her private photos to Facebook and dating websites without permission. The documents discuss investigating defamation over websites and blog posts, including searching blog content, checking the blog URL and owner information, reviewing comments, and using tools like Archive.org to trace the source.
Five people were indicted for their involvement in an identity theft ring in Aurora, Colorado. The ring's leader, Shadwick Weaver, was facing 56 criminal counts related to identity theft, forgery, conspiracy, and organized crime. The group allegedly stole identities by burglarizing homes and vehicles, and used the stolen information to manufacture fake IDs and commit credit card fraud. They used the proceeds to buy methamphetamines. In a separate case, a woman from California named Jocelyn Kirsch was sentenced to 5 years in prison for her role in an identity theft scheme where she and a co-defendant stole identities from over 16 victims to fraudulently obtain over $119,000.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
2009 04.s10-admin-topics2
1. Solaris 10 Administration Topics Workshop
2 - Virtualization
By Peter Baer Galvin
For Usenix
Last Revision Apr 2009
Copyright 2009 Peter Baer Galvin - All Rights Reserved
Saturday, May 2, 2009
2. About the Speaker
Peter Baer Galvin - 781 273 4100
pbg@cptech.com
www.cptech.com
peter@galvin.info
My Blog: www.galvin.info
Bio
Peter Baer Galvin is the Chief Technologist for Corporate Technologies, Inc., a leading
systems integrator and VAR, and was the Systems Manager for Brown University's
Computer Science Department. He has written articles for Byte and other magazines. He
was contributing editor of the Solaris Corner for SysAdmin Magazine , wrote Pete's
Wicked World, the security column for SunWorld magazine, and Pete’s Super Systems, the
systems administration column there. He is now Sun columnist for the Usenix ;login:
magazine. Peter is co-author of the Operating Systems Concepts and Applied Operating
Systems Concepts texbooks. As a consultant and trainer, Mr. Galvin has taught tutorials
in security and system administration and given talks at many conferences and
institutions.
Copyright 2008 Peter Baer Galvin - All Rights Reserved 2
Saturday, May 2, 2009
3. Objectives
Cover a wide variety of topics in Solaris 10
Useful for experienced system administrators
Save time
Avoid (my) mistakes
Learn about new stuff
Answer your questions about old stuff
Won't read the man pages to you
Workshop for hands-on experience and to reinforce concepts
Note – Security covered in separate tutorial
Copyright 2009 Peter Baer Galvin - All Rights Reserved 3
Saturday, May 2, 2009
4. More Objectives
What makes novice vs. advanced administrator?
Bytes as well as bits, tactics and strategy
Knows how to avoid trouble
How to get out of it once in it
How to not make it worse
Has reasoned philosophy
Has methodology
Copyright 2009 Peter Baer Galvin - All Rights Reserved 4
Saturday, May 2, 2009
5. Prerequisites
Recommend at least a couple of years of
Solaris experience
Or at least a few years of other Unix
experience
Best is a few years of admin experience,
mostly on Solaris
Copyright 2009 Peter Baer Galvin - All Rights Reserved 5
Saturday, May 2, 2009
6. About the Tutorial
Every SysAdmin has a different knowledge set
A lot to cover, but notes should make good
reference
So some covered quickly, some in detail
Setting base of knowledge
Please ask questions
But let’s take off-topic off-line
Solaris BOF
Copyright 2009 Peter Baer Galvin - All Rights Reserved 6
Saturday, May 2, 2009
7. Fair Warning
Sites vary
Circumstances vary
Admin knowledge varies
My goals
Provide information useful for each of you at
your sites
Provide opportunity for you to learn from
each other
Copyright 2009 Peter Baer Galvin - All Rights Reserved 7
Saturday, May 2, 2009
8. Why Listen to Me
20 Years of Sun experience
Seen much as a consultant
Hopefully, you've used:
My Usenix ;login: column
The Solaris Corner @ www.samag.com
The Solaris Security FAQ
SunWorld “Pete's Wicked World”
SunWorld “Pete's Super Systems”
Unix Secure Programming FAQ (out of date)
Operating System Concepts (The Dino Book), now 8th ed
Applied Operating System Concepts
Copyright 2009 Peter Baer Galvin - All Rights Reserved 8
Saturday, May 2, 2009
9. Slide Ownership
As indicated per slide, some slides
copyright Sun Microsystems
Thanks to Jeff Victor for input
Feel free to share all the slides - as long as
you don’t charge for them or teach from
them for fee
Copyright 2009 Peter Baer Galvin - All Rights Reserved 9
Saturday, May 2, 2009
10. Overview
Lay of the Land
Copyright 2009 Peter Baer Galvin - All Rights Reserved
Saturday, May 2, 2009
11. Schedule
Times and Breaks
Copyright 2009 Peter Baer Galvin - All Rights Reserved 11
Saturday, May 2, 2009
12. Coverage
Solaris 10+, with some Solaris 9 where
needed
Selected topics that are new, different,
confusing, underused, overused, etc
Copyright 2009 Peter Baer Galvin - All Rights Reserved 12
Saturday, May 2, 2009
13. Outline
Overview
Objectives
Virtualization choices in Solaris
Zones / Containers
LDOMS and Domains
Virtualbox
Xvm (aka Xen)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 13
Saturday, May 2, 2009
14. Polling Time
Solaris releases in use?
Plans to upgrade?
Other OSes in use?
Use of Solaris rising or falling?
SPARC and x86
OpenSolaris?
Copyright 2009 Peter Baer Galvin - All Rights Reserved 14
Saturday, May 2, 2009
15. Your Objectives?
Copyright 2009 Peter Baer Galvin - All Rights Reserved 15
Saturday, May 2, 2009
16. Your Lab Environment
Apple Macbook Pro
3GB memory
Mac OS X 10.4.10
VMware Fusion 1.0
Solaris Nevada
50 Containers
Copyright 2009 Peter Baer Galvin - All Rights Reserved 16
Saturday, May 2, 2009
17. Lab Preparation
Have device capable of telnet on the
USENIX network
Or have a buddy
Learn your “magic number”
Telnet to 131.106.62.100+”magic number”
User “root, password “lisa”
It’s all very secure
Copyright 2009 Peter Baer Galvin - All Rights Reserved 17
Saturday, May 2, 2009
18. Lab Preparation
Or...
Use virtualbox
Use your own system
Use a remote machine you have legit
access to
Copyright 2009 Peter Baer Galvin - All Rights Reserved 18
Saturday, May 2, 2009
19. Lab Preparation
Or...
Use virtualbox
Use your own system
Use a remote machine you have legit
access to
Copyright 2009 Peter Baer Galvin - All Rights Reserved 19
Saturday, May 2, 2009
20. Choosing Virtualization Technologies
(See separate “virtualization comparison”
document)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 20
Saturday, May 2, 2009
21. !"#$%&'()*"+,(-+*(.#&!/01*)"2
/012(301$%$%4-, 5%1$"0#(!067%-',)*(5%1$"0#%80$%4-
9',4"16'(!0-0.':'-$
!"#$%&#'()*+,(
*%-.#'()*
O1'-2($4(B#'D%P%#%$< O1'-2($4(%,4#0$%4-
C4.%60#(;4:0%-, *4#01%,(=4-$0%-'1, *4#01%,(9',4"16'
;<-0:%6(*<,$': !0-0.'1(>*9!A
;4:0%-, *"-(D5! >?4-',(@(*9!A
L'- =4-$0%-'1,(B41(C%-"D G(H-(*4#01%,(IJK
5!M01' *4#01%,(E(=4-$0%-'1,
/<&'1N5 *4#01%,(F(=4-$0%-'1,
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Copyright 2009 Peter Baer Galvin - All Rights Reserved 21
Saturday, May 2, 2009
22. !"#$%&'&()*+,""-*+.&-/
! !"#$%&'()"*+$&*,%'-
" 9-:"'-*$;-(#-<$&#*,1#'-*=$.-.)(+$>)),0(&#,=$
?)(;<)1:@:(&A-#$3/B$",&<&C1,&)#=$D!$.1#14-.-#,$
')*,*=$>&#-@4(1&#-:$*-'"(&,+
" !<-@;-(#-<=$5-,-()4-#-)"*$100<&'1,&)#$
-#A&()#.-#,*
! ./*$0&1(!/'+,0'(."0$&*'-
" %1E&.&C-*$51(:?1(-$&*)<1,&)#
! 2"3&1$#(."0$&*'4(5&%+6$#(7$18&*,'-
" %"<,&0<-$;-(#-<*=$>"<<$D!$-#A&()#.-#,*=$
5-,-()4-#-)"*
! F-'5#)<)4&-*$1(-$').0<-.-#,1(+
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Copyright 2009 Peter Baer Galvin - All Rights Reserved 22
Saturday, May 2, 2009
23. !"#$%&#'()*+(),()*-.)/"#$.0#/.12
!"#$%&'()"*+$&*,%'($*-(.&%+/$#(0$12&*,'
812/#.2()*: 812/#.2()*7 812/#.2()*;
812/#.2()*< 812/#.2()*=
!13#.2*4*&!13*4*5"(6/ !137
8139"/()
!678)()09 345
!678)
:;"<' !/*(3.0
;=*$<&1(;"<$&*'
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Copyright 2009 Peter Baer Galvin - All Rights Reserved 23
Saturday, May 2, 2009
24. Zones, Containers, and
LDOMS
Copyright 2009 Peter Baer Galvin - All Rights Reserved 24
Saturday, May 2, 2009
25. Overview
Cover details and use of Zones/Containers
and LDOMS
Note that Xen (x64 only) and Virtualbox
(open source x64 only) are coming
No slides yet
Copyright 2009 Peter Baer Galvin - All Rights Reserved 25
Saturday, May 2, 2009
26. Zones Overview
Think of them of chroot on steroids
Virtualized operating system services
Isolated and “secure” environment for running apps
Apps and users (and superusers) in zone cannot see /
effect other zones
Delegated admin control
Virtualized device paths, network interfaces, network
ports, process space, resource use (via resource manager)
Application fault isolation
Detach and attach containers between systems
Cloning of a zone to create identical new zone
Copyright 2009 Peter Baer Galvin - All Rights Reserved 26
Saturday, May 2, 2009
27. Zones Overview - 2
Low physical resource use
Up to 8192 zones per system!
Differentiated file system
Multiple versions of an app installed and running on a given system
Inter-zone communication is only via network (but short-pathed
through the kernel
No application changes needed – no API or ABI
Can restrict disk use of a zone via the loopback file driver (lofi) using
a file as a file system
Can dedicate an Ethernet port to a zone
Allowing snooping, firewalling, managing that port by the zone
Copyright 2009 Peter Baer Galvin - All Rights Reserved 27
Saturday, May 2, 2009
28. Other Virtualization Options
Many virtualization options to consider
Containers is just one of them
Xen (xVM) - being integrated into Solaris Nevada
Run other OSes (linux, win) with S10+ has the host
Industry semi-standard
Para-virtualization, x86 only
LDOMs - hard partitions, shipped in May 2007
Run multiple copies of Solaris on the same coolthreads chip
(Niagara, Rock in the future)
Some resource management - move CPUs and mem
VMWare - solaris as a guest, not a host so far, x86 only
Traditional Sun Domains - SPARC only, Enterprise servers only
Copyright 2009 Peter Baer Galvin - All Rights Reserved 28
Saturday, May 2, 2009
30. (From the Solaris 10 Sun Net Talk about Solaris 10 Security)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 30
Saturday, May 2, 2009
31. Zone Limits
Only one OS installed on a system
One set of OS patches
Only one /etc/system
Although Sun working to move as many settings as possible out of /etc/
system
System crash / OS crash -> all zones crash
Each (sparse) zone uses
~ 100MB of disk
some VM and physical memory (for processes and daemons running in the zone)
- ~40MB of physical memory
Copyright 2009 Peter Baer Galvin - All Rights Reserved 31
Saturday, May 2, 2009
32. Sparse vs. Whole Root Zone
Sparse Whole-Root
Loop-back mount of system directories Full install of all system files
(/usr, etc)
Lots of disk space
Little disk space use
Each binary independent -> memory use
Each zone shares global-zone system-
binaries -> shared memory
Apps may not be supported (but more
likely)
Apps may not be supported
Cannot change system files
Can change system files
Inter-zone communication only via Inter-zone communication only via
network network
Saturday, May 2, 2009
33. !"#$%&'($%)*+,$-+
!"#$%"&'##(&)
111&&&&1111&&&& )*#+,- ).-' )/,0&&&111&&&1111&&1111
1111
3#+,&'##(4&)*#+,-)*#+,7 . / 0 !"#$%"&02,5
3#+,&'##(4&) 3#+,&02,5
)$2+ ).-' )/,0 ,(6111
9)#-:
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Copyright 2009 Peter Baer Galvin - All Rights Reserved 33
Saturday, May 2, 2009
34. !"#$%&'($%)*+,$-+.%)/01+$23"",
!"#$%"&'##(&)
444&&&&4444&&&& )8#-/+ )*+' )./0&&&444&&&4444&&4444
4444
1#-/&'##(7&)8#-/+)8#-/9 4 5 6 !"#$%"&0,/2
1#-/&'##(7&) 1#-/&0,/2
56
)$,- )*+' )./0 /(3444
9)#-$:
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Copyright 2009 Peter Baer Galvin - All Rights Reserved 34
Saturday, May 2, 2009
35. Global Zone
Aka the usual system
Global Is assigned ID 0 by the system
Provides the single instance of the Solaris kernel
that is bootable and running on the system
Contains a complete installation of the Solaris
system software packages
Can contain additional software packages or
additional software, directories, files, and other
data not installed through packages
Copyright 2009 Peter Baer Galvin - All Rights Reserved 35
Saturday, May 2, 2009
36. Global Zone - 2
Provides a complete and consistent product
database that contains information about all
software components installed in the global
zone
Holds configuration information specific to the
global zone only, such as the global zone host
name and file system table
Is the only zone that is aware of all devices and
all file systems
Copyright 2009 Peter Baer Galvin - All Rights Reserved 36
Saturday, May 2, 2009
37. Global Zone - 3
Is the only zone with knowledge of non-global
zone existence and configuration
Is the only zone from which a non-global zone
can be configured, installed, managed, or
uninstalled
Can see the file systems of the non-global
zones (i.e. can copy files into the non-global
zone roots for the non-global zones to see
Copyright 2009 Peter Baer Galvin - All Rights Reserved 37
Saturday, May 2, 2009
38. Non-global Zones
Non-Global Is assigned a zone ID by the system when the
zone is booted
Shares operation under the Solaris kernel booted from the
global zone
Contains an installed subset of the complete Solaris
Operating System software packages
Contains Solaris software packages shared from the global
zone (“sparse zone”)
Can contain additional installed software packages not
shared from the global zone
Copyright 2009 Peter Baer Galvin - All Rights Reserved 38
Saturday, May 2, 2009
39. Non-global Zones -2
Can contain additional software, directories, files, and other data
created on the non-global zone that are not installed through
packages or shared from the global zone
Has a complete and consistent product database that contains
information about all software components installed on the zone,
whether present on the non-global zone or shared read-only
from the global zone Is not aware of the existence of any other
zones
Cannot install, manage, or uninstall other zones, including itself
Has configuration information specific to that non-global zone
only, such as the non-global zone host name and file system table
Copyright 2009 Peter Baer Galvin - All Rights Reserved 39
Saturday, May 2, 2009
40. “Sparse” and “Whole Root” Zones
By default /lib, /platform, /sbin, /usr are LOFS read-only mounted
from global zone into child zone
Ergo those can’t be modified by child zone
Packages installed in child zone only install non (/lib, /platform, /sbin, /usr)
components into the child zone’s file systems
Saves disk space
Saves memory
Whole root zone removes those mounts
Packages install entirely
Ergo child zone can modify its /lib, /platform, /sbin, /usr
Some apps not supported in zones, some only in whole root, some in
sparse root
Per app check with app vendor!
Note that ZFS clone use for zone builds may mean that sparse root is no
longer useful!
Copyright 2009 Peter Baer Galvin - All Rights Reserved 40
Saturday, May 2, 2009
41. Non-global Zone States
Configured - The zone’s configuration is complete and committed to
stable storage, not initially booted
Incomplete - During an install or uninstall operation
Installed - The zone’s configuration is instantiated on the system but
no virtual platform. Files copied into zoneroot.
Ready - The virtual platform for the zone is established. The kernel
creates the zsched process, network interfaces are plumbed, file
systems are mounted, and devices are configured. A unique zone ID
is assigned by the system, no processes associated with the zone
have been started.
Running - User processes associated with the zone application
environment are running.
Shutting down and Down - These states are transitional states that
are visible while the zone is being halted. However, a zone that is
unable to shut down for any reason will stop in one of these states.
Copyright 2009 Peter Baer Galvin - All Rights Reserved 41
Saturday, May 2, 2009
42. (From System Administration Guide: N1Grid Containers, Resource Management, and Solaris Zones)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 42
Saturday, May 2, 2009
43. Zone boot
Note that zoneadm allows “boot” “reboot”
“halt” and “shutdown”. Only “shutdown”
and “boot” execute the smf commands
Also note that there are many options to
these commands (such as zoneadm boot
-- - m verbose)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 43
Saturday, May 2, 2009
44. Zone Configuration
Data from the following are not referenced or copied when a zone is
installed:
Non-installed packages
Patches
Data on CDs and DVDs
Network installation images
Any prototype or other instance of a zone
In addition, the following types of information, if present in the global zone,
are not copied into a zone that is being installed:
New or changed users in the /etc/passwd file
New or changed groups in the /etc/group file
Configurations for networking services such as DHCP address assignment,
UUCP, or sendmail
Configurations for network services such as naming services
New or changed crontab, printer, and mail files
System log, message, and accounting files
Copyright 2009 Peter Baer Galvin - All Rights Reserved 44
Saturday, May 2, 2009
45. Zone Configuration
zlogin –C logs in to a just-boot virgin zone
Only root can zlogin – normal zone access is via network
The usual sysidconfig questions are asked
(hostname, name service, timezone, kerberos)
The zone root directory must exist prior to zone
installation
Zone reboots to put configuration changes into effect (a
few seconds)
Messages look like a system reboot (within your window)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 45
Saturday, May 2, 2009
46. sysidcfg
Create to shorten first boot questions
File gets copied into <zonehome>/root/etc
Sample contents:
name_service=DNS
{domain_name=petergalvin.info
name_server=63.240.76.19
search=arp.com}
network_interface=PRIMARY
{hostname=zone00.petergalvin.info}
timezone=US/Eastern
terminal=vt100
system_locale=C
timeserver=localhost
root_password=aMG0YPkgZQPqo <obviously change this>
security_policy=NONE
nfsv4_domain=dynamic
Copyright 2009 Peter Baer Galvin - All Rights Reserved 46
Saturday, May 2, 2009
47. Zone Configuration - 2
# zonecfg -z app1
app1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:app1> create
zonecfg:app1> set zonepath=/opt/zone/app1
zonecfg:app1> set autoboot=false
zonecfg:app1> add net
zonecfg:app1:net> set physical=pnc0
zonecfg:app1:net> set address=192.168.118.140
zonecfg:app1:net> end
zonecfg:app1> add fs
zonecfg:app1:fs> set dir=/export/home
zonecfg:app1:fs> set special=/export/home
zonecfg:app1:fs> set type=lofs
zonecfg:app1:fs> end
zonecfg:app1> add inherit-pkg-dir
zonecfg:app1:inherit-pkg-dir> set dir=/opt/sfw
zonecfg:app1:inherit-pkg-dir> end
zonecfg:app1> verify
zonecfg:app1> commit
zonecfg:app1> exit
Copyright 2009 Peter Baer Galvin - All Rights Reserved 47
Saturday, May 2, 2009
48. Zone Configuration - 3
# df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c0d0s0 5678823 2689099 2932936 48% /
/devices 0 0 0 0% /devices
/dev/dsk/c0d0p0:boot 10296 1401 8895 14% /boot
proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
fd 0 0 0 0% /dev/fd
swap 600780 28 600752 1% /var/run
swap 600776 24 600752 1% /tmp
/dev/dsk/c0d0s7 4030684 32853 3957525 1% /export/home
# zoneadm -z app1 verify
WARNING: /opt/zone/app1 does not exist, so it cannot be verified.
When 'zoneadm install' is run, 'install' will try to create
/opt/zone/app1, and 'verify' will be tried again,
but the 'verify' may fail if:
the parent directory of /opt/zone/app1 is group- or other-writable
or
/opt/zone/app1 overlaps with any other installed zones.
could not verify net address=192.168.118.140 physical=pnc0: No such device or address
zoneadm: zone app1 failed to verify
Copyright 2009 Peter Baer Galvin - All Rights Reserved 48
Saturday, May 2, 2009
49. Zone Configuration - 4
# ls -l /opt/zone
total 2
drwx------ 4 root other 512 Aug 21 12:44 test
# mkdir /opt/zone/app1
# chmod 700 /opt/zone/app1
# ls -l /opt/zone
total 4
drwx------ 2 root other 512 Sep 16 15:14 app1
drwx------ 4 root other 512 Aug 21 12:44 test
# zonadm -z app1 verify
could not verify net address=192.168.118.140
physical=pnc0: No such device or address
zoneadm: zone app1 failed to verify
# zonecfg -z app1
zonecfg:app1> info
zonepath: /opt/zone/app1
autoboot: false
Copyright 2009 Peter Baer Galvin - All Rights Reserved 49
Saturday, May 2, 2009
50. Zone Configuration - 5
net:
address: 192.168.118.140
physical: pnc0
zonecfg:app1> remove physical=pnc0
zonecfg:app1> add net
zonecfg:app1:net> set physical=pcn0
zonecfg:app1:net> set address=192.168.118.140
zonecfg:app1:net> end
zonecfg:app1> exit
# zoneadm -z app1 verify
# zoneadm -z app1 install
Preparing to install zone <app1>.
Creating list of files to copy from the global zone.
Copying <2199> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <779> packages on the zone.
Initializing package <0> of <779>: percent complete: 0%
. . .
Copyright 2009 Peter Baer Galvin - All Rights Reserved 50
Saturday, May 2, 2009
51. Zone Configuration -6
Zone <app1> is initialized.
The file </opt/zone/app1/root/var/sadm/system/logs/install_log> contains a
log of the zone installation.
# zoneadm list -v
ID NAME STATUS PATH
0 global running /
1 test running /opt/zone/test
# df -k
Filesystem kbytes used avail capacity Mounted on
/dev/dsk/c0d0s0 5678823 2766177 2855858 50% /
/devices 0 0 0 0% /devices
/dev/dsk/c0d0p0:boot 10296 1401 8895 14% /boot
proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
fd 0 0 0 0% /dev/fd
swap 594332 32 594300 1% /var/run
swap 594500 200 594300 1% /tmp
/dev/dsk/c0d0s7 4030684 32853 3957525 1% /export/home
Copyright 2009 Peter Baer Galvin - All Rights Reserved 51
Saturday, May 2, 2009
52. Zone Configuration -7
# zoneadm -z app1 boot
zoneadm: zone 'app1': WARNING: pcn0:2: no matching subnet found in netmasks(4) for 192.168.118.131; using default of
192.168.118.131.
# zoneadm list -v
ID NAME STATUS PATH
0 global running /
1 test running /opt/zone/test
2 app1 running /opt/zone/app1
# telnet 192.168.118.140
Trying 192.168.118.140...
telnet: Unable to connect to remote host: Connection refused
# zlogin -C app1
[Connected to zone 'app1' console]
Select a Locale
0. English (C - 7-bit ASCII)
1. U.S.A. (UTF-8)
2. Go Back to Previous Screen
Please make a choice (0 - 2), or press h or ? for help: 0
. . .
Copyright 2009 Peter Baer Galvin - All Rights Reserved 52
Saturday, May 2, 2009
53. Zone Configuration -8
rebooting system due to change(s) in /etc/default/init
[NOTICE: Zone rebooting]
SunOS Release 5.10 Version s10_63 32-bit
Copyright 1983-2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Hostname: zone-app1
The system is coming up. Please wait.
starting rpc services: rpcbind done.
syslog service starting.
Sep 16 15:48:24 zone-app1 sendmail[7567]: My unqualified host
name (zone-app1) unknown; sleeping for retry
Sep 16 15:49:24 zone-app1 sendmail[7567]: unable to qualify my
own domain name (zone-app1) -- using short name
WARNING: local host name (zone-app1) is not qualified; see cf/
README: WHO AM I?
/etc/mail/aliases: 12 aliases, longest 10 bytes, 138 bytes total
Copyright 2009 Peter Baer Galvin - All Rights Reserved 53
Saturday, May 2, 2009
54. Zone Configuration -9
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
The system is ready.
zone-app1 console login: root
Password:
Sep 16 15:51:08 zone-app1 login: ROOT LOGIN /dev/console
Sun Microsystems Inc. SunOS 5.10 s10_63 May 2004
# cat /etc/passwd
root:x:0:1:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
. . .
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access
User:/:
Copyright 2009 Peter Baer Galvin - All Rights Reserved 54
Saturday, May 2, 2009
55. Zone Configuration -10
# useradd -u 101 -g 14 -d /export/home/pbg -s /bin/bash
pbg
# passwd pbg
New Password:
Re-enter new Password:
passwd: password successfully changed for pbg
# zoneadm list -v
ID NAME STATUS PATH
3 app1 running /
# exit
zone-app1 console login: ~.
[Connection to zone 'app1' console closed]
Copyright 2009 Peter Baer Galvin - All Rights Reserved 55
Saturday, May 2, 2009
56. Zone Configuration - 11
# zoneadm list -v
ID NAME STATUS PATH
0 global running /
1 test running /opt/zone/test
3 app1 running /opt/zone/app1
# uptime
3:53pm up 5:14, 1 user, load average: 0.23, 0.34, 0.43
# telnet 192.168.118.140
Trying 192.168.118.140…
Connected to 192.168.118.140.
Escape character is ‘^]’.
Login: pbg
Password:
Copyright 2009 Peter Baer Galvin - All Rights Reserved 56
Saturday, May 2, 2009
57. Zones and ZFS
Installing a zone with its root on ZFS is not supported as
the system then lacks the ability to be upgraded.
Note that “add fs” can be used to add access to a ZFS file
system to a zone
Beyond that, “add dataset” delegates a ZFS file system to
a zone, removes it from the global zone
The zone can manage the file system, except where management
would effect other file systems / parent file system
Filesystem contents can still be seen from global zone via zonepath
+mountpoint (i.e. /zones/zone00/zfs/zonefs/zone00)
# zfs create zfs/zonefs/zone00
# zonecfg -z zone00
zonecfg:zone00> add dataset
zonecfg:zone00:dataset> set name=zfs/zonefs/zone00
zonecfg:zone00:dataset> end
Copyright 2009 Peter Baer Galvin - All Rights Reserved 57
Saturday, May 2, 2009
58. Zone Script
create -b
set zonepath=/opt/zones/zone0
set autoboot=false
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
Copyright 2009 Peter Baer Galvin - All Rights Reserved 58
Saturday, May 2, 2009
59. Zone Script
add inherit-pkg-dir
set dir=/usr
end
add inherit-pkg-dir
set dir=/opt/sfw
end
add net
set address=192.168.128.200
set physical=pcn0
end
add rctl
set name=zone.cpu-shares
add value (priv=privileged,limit=1,action=none)
end
Copyright 2009 Peter Baer Galvin - All Rights Reserved 59
Saturday, May 2, 2009
60. Life in a Zone
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
zone test
inet 127.0.0.1 netmask ff000000
lo0:2: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
zone app1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
inet 192.168.80.128 netmask ffffff00 broadcast 192.168.80.255
ether 0:c:29:44:a9:df
pcn0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone test
inet 192.168.80.139 netmask ffffff00 broadcast 192.168.80.255
pcn0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone app1
inet 192.168.80.140 netmask ffffff00 broadcast 192.168.80.255
Copyright 2009 Peter Baer Galvin - All Rights Reserved 60
Saturday, May 2, 2009
61. Life in a Zone - 2
$ telnet 192.168.80.140
. . .
$ df -k
Filesystem kbytes used avail capacity Mounted on
/ 9515147 1894908 7525088 21% /
/dev 9515147 1894908 7525088 21% /dev
/export/home 10076926 10369 9965788 1% /export/home
/lib 9515147 1894908 7525088 21% /lib
/platform 9515147 1894908 7525088 21% /platform
/sbin 9515147 1894908 7525088 21% /sbin
/usr 9515147 1894908 7525088 21% /usr
proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
fd 0 0 0 0% /dev/fd
swap 1043072 16 1043056 1% /var/run
swap 1043056 0 1043056 0% /tmp
$ touch /usr/foo
touch: /usr/foo cannot create
Note that virtual memory (and therefore swap) are global
resources
Copyright 2009 Peter Baer Galvin - All Rights Reserved 61
Saturday, May 2, 2009
63. Life in a Zone - 4
# mount -p
/ - / ufs - no rw,intr,largefiles,logging,xattr,onerror=panic
/dev - /dev lofs - no zonedevfs
/export/home - /export/home lofs - no
/lib - /lib lofs - no ro,nodevices,nosub
/platform - /platform lofs - no ro,nodevices,nosub
/sbin - /sbin lofs - no ro,nodevices,nosub
/usr - /usr lofs - no ro,nodevices,nosub
proc - /proc proc - no nodevices,zone=app1
mnttab - /etc/mnttab mntfs - no nodevices,zone=app1
fd - /dev/fd fd - no rw,nodevices,zone=app1
swap - /var/run tmpfs - no nodevices,xattr,zone=app1
swap - /tmp tmpfs - no nodevices,xattr,zone=app1
# hostname
zone-app1
# zonename
app1
Copyright 2009 Peter Baer Galvin - All Rights Reserved 63
Saturday, May 2, 2009
64. Zone Clone
As of S10 8/07, zones are “cloneable”
Much faster than installing a zone
As of 10/08 zones on ZFS -> ZFS clone - instantaneous
Usable only if the zones of similar configs
Configure a zone i.e. zone00
Install the zone
Configure a new zone i.e. zone01
Then rather than zoneadm install, with zone00 halted, do
# zoneadm –z zone01 clone –m copy zone00
Copyright 2009 Peter Baer Galvin - All Rights Reserved 64
Saturday, May 2, 2009
65. Zone Clone (cont)
A cloned zone is unconfigured and must be
configured
When ZFS used as clone file system
# zoneadm -z <newzone> clone <oldzone>
Can clone a zone’s previously-taken
snapshot via
# zoneadm -z <newzone> clone -s
<snapshot name> <oldzone>
Copyright 2009 Peter Baer Galvin - All Rights Reserved 65
Saturday, May 2, 2009
66. Zone Clone (cont)
So to clone zone1 to make zone2
# zonecfg -z zone1 export -f configfile
Edit configfile to change zonepath and address (at
least)
Create zone2 via zonecfg -z zone2 -f
configfile
Halt zone1 via zoneadm -z zone1 halt
Clone zone1 via zoneadm -z zone2 clone zone1
Use “-m copy” if zone1 on UFS
Boot up both zones
Check status via zoneadm list -iv
Copyright 2009 Peter Baer Galvin - All Rights Reserved 66
Saturday, May 2, 2009
67. Zone Migration
Zones can be moved between like systems
Available S10 8/07
Separate the zone from its current system
# zoneadm –z <zone> detach
Note zone must be halted first
Attach a detached zone to a different system (assuming its
file system is now visible there, send a tarball, etc)
# zoneadm –z <zone> attach [-F]
Note zone must be configured before this can work
Note new system is validated to assure the zone can function there
To create a config for a zone that is detached rather than
having to zonecfg it from scratch
# zonecfg –z <zone> create -a zonepath
Copyright 2009 Peter Baer Galvin - All Rights Reserved 67
Saturday, May 2, 2009
68. Zone Migration (cont)
Can dry-run an attach / detach via the “-n” option to
see if the attach will work
Can upgrade the attaching zone on the attaching
system via “-u” but only if all packages on the
attaching system are as new or newer than the
detaching system
Can force an attach if a detach could not be done
(dead system for example)
Best to save your zone cfg files for use on the
attach system (or you have to recreate them)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 68
Saturday, May 2, 2009
69. Other Cool Zone Stuff
ps –Z shows zone in which each process is running
Can use resource manager with zones
Zones can use global naming services
Use features to enable or disable accounts per zone
Interzone networking executed via loopback for
performance
Copyright 2009 Peter Baer Galvin - All Rights Reserved 69
Saturday, May 2, 2009
70. Labs
Create a “simple” zone
Install it
Boot it
Configure it
Look around in it - file systems, processes,
resource use, users, etc
Halt it
Copyright 2009 Peter Baer Galvin - All Rights Reserved 70
Saturday, May 2, 2009
71. Zones and DTrace
Zones can get some DTrace privileges (starting 11/06)
# zonecfg -z my-zone
zonecfg:my-zone> set
limitpriv="default,dtrace_proc,dtrace_user"
zonecfg:my-zone> exit
DTrace can use zonenames are predicates to filter
results
# dtrace -n 'syscall:::/zonename==”zone1”/
{@[probefunc]=count()}'
Copyright 2009 Peter Baer Galvin - All Rights Reserved 71
Saturday, May 2, 2009
72. Fair-share Scheduling
Solaris has many scheduler classes available
A thread has priority 0-169, user threads are 0-59
The higher the priority, the sooner scheduled on CPU
Scheduler class decides how the priority is modified over time
Default user-land is Time-sharing
Time-sharing dynamically changes the priority of each thread
based on its activity
If a thread used it time quantum, its priority decreases
(The quantum is the scheduling interval)
Kernel uses “sys” class
Have a look via ps -elfc
Copyright 2009 Peter Baer Galvin - All Rights Reserved 72
Saturday, May 2, 2009
73. !"#$%&'"$(%&)'(*+,($
Fair-share Scheduling
!"#$%&'"$(%&)'(*+,($
!"#$%&'"$(%&)'(*+,($
2
22 1 Bac up
k
AppSer er
v
3 1 Bac up
k
Bac up abas
k Dat e
3 1 AppSer er
Dat e
v
abas Web
AppSer er
v
3 Web Dat e
abas
Web
Database gets
4 / 4+3+2+1= 40% of all CPU
! !! 5
4 ! $ $!%
4 $!% $
time available to container
!""#"!"$# "%
!""#"!"$# ! "%
!
4
!"#$%&'())*+#,%-',*'.*/,#0/%$&
$ $!%5
!""#"!"$# "%
!"#$%&'())*+#,%-',*'.*/,#0/%$&
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
!"#$%&'())*+#,%-',*'.*/,#0/%$&
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Copyright 2009 Peter Baer Galvin - All Rights Reserved 73
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Saturday, May 2, 2009
74. Zones and Fair Share Scheduling
FSS allows all CPU to be used if needed, but overuse to
be limited based on “shares” given to CPU users
Shares give to projects et al, and/or to containers
Load the fair share schedule as the default schedule
class
dispadmin –d FSS
Move all processes into the FSS class
priocntl -s -c FSS -i class TS
Give the global zone some (2) shares
Note this is not persistent across reboots!
prctl -n zone.cpu-shares -v 2 -r -i zone
global
Copyright 2009 Peter Baer Galvin - All Rights Reserved 74
Saturday, May 2, 2009
75. Zones and Fair-share scheduling (2)
Check the shares of the global zone
prctl -n zone.cpu-shares -i zone global
Add a zone-wide resource control (1 share) to a zone
(within zonecfg) (before S10U5)
zonecfg:my-zone> add rctl
zonecfg:my-zone:rctl> set name=zone.cpu-
shares
zonecfg:my-zone:rctl> add value
(priv=privileged,limit=1,action=none)
zonecfg:my-zone:rctl> end
How many total shares are given out on a given
machine?
Copyright 2009 Peter Baer Galvin - All Rights Reserved 75
Saturday, May 2, 2009
76. FX Scheduler
Time-share is heavy weight scheduler
Has to calculate for every thread that ran
in the last quantum, every quantum
Plus decreases priority on CPU hogs
Instead consider “FX” - fixed scheduler class
All priorities stay the same
Light weight schedule can gain back a few
percent of CPU
Copyright 2009 Peter Baer Galvin - All Rights Reserved 76
Saturday, May 2, 2009
77. !"#$%&'()*+,-.'*(/,,0+
! 9-*&4#-:$,)$4()"0$'5)*-#$(-*)"('-*$*"'5$1*$3/;*<$
.-.)(+<$=>?$')##-',&)#*
! @$0))A$'1#$B-$1**)'&1,-:$C&,5$3/;*$1#:$1$*'5-:"A-(
! 3/;*$'1#$B-$1**&4#-:D
" :+#1.&'1AA+<$B+$')#E&4"($1$.&#&.".$1#:$.1F&.".$
#".B-($)E$3/;*$,51,$1$G)#-$)($0))A$*5)"A:$"*-
" B+$!)A1(&*$C5-#$&,$:-'&:-*$,)$,(1#*E-($3/;*$1.)#4$
-F&*,$0))A*$C&,5$H,5(-*5)A:H$1#:$H&.0)(,1#'-H$
01(1.-,-(*
" *,1,&'1AA+<$B+$H0&##H$1$3/;$,)$1$0))A$2$"*-E"A$,)$
-#*"(-$,51,$1$0()'-**$*,1+*$)#$1$3/;$1#:$:)-*#H,$
*51(-$,5-$3/;H*$'1'5-
" @$3/;$&*$.)I-:$B-,C--#$0))A*$C5-#$1#$H&.0)(,1#,H$
C)(JA)1:$*"(01**-*$&,*$",&A&G1,&)#$,5(-*5)A:$E)($1$
*"EE&'&-#,$0-(&):$)E$,&.-
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Copyright 2009 Peter Baer Galvin - All Rights Reserved 77
Saturday, May 2, 2009
78. !"#$%&'()*+,-.'*(/,,0+
! 95-(-$&*$)#-$0)):$')#;&4"(1,&)#$0-($!):1(&*$&#*,1#'-
! <+$=-;1":,>$)#-$0)):$-?&*,*>$@0)):A=-;1":,B
! 95-*-$'1#$C-$C)"#=$,)$1$0)):D
" /()'-**>$,1*E>$0()F-',>$3)#,1&#-(
! G$3)#,1&#-($'1#$C-$*,1,&'1::+$1**&4#-=$,)$1#$
-?&*,$H*51(-=I$0)):$J5-#$,5-$3)#,1&#-($C)),*
" %":,&0:-$3)#,1&#-(*$'1#$*51(-$,51,$0)):
" !"'5$1$3)#,1&#-($)#:+$"*-*$(-*)"('-*$J5-#$&,$&*$
("##
! G$3)#,1&#-($'1#$C-$1**&4#-=$,)$1$,-.0)(1(+$0)):
" /)):$)#:+$-?&*,*$J5&:-$3)#,1&#-($("#*
" 951,$0)):$'1##),$C-$*51(-=$J&,5$),5-($3)#,1&#-(*
!"#$%&'()*+*,-.*$/()0(&-,1(+$2$3)0+(&45,$6778
Copyright 2009 Peter Baer Galvin - All Rights Reserved 78
Saturday, May 2, 2009
79. DRPs
You can make “DRP”s non-dynamic by not including
a variation in the range (i.e. 2 to 2 rather than 1 to 2)
Probably preferred rather than real dynamic
With pools, interrupts and I/O only occur in the
default pool
This can help pin a process to a set of CPUS
Cache stays hot, less context switching
So consider a DRP config with the kernel in the
default pool and all apps in another pool
Copyright 2009 Peter Baer Galvin - All Rights Reserved 79
Saturday, May 2, 2009
80. Zones and Dynamic Resource Pools
Assign zones to dedicated CPU resources
Used to assign zone to processor set
Can be dynamically created, deleted, modified
Can be used with FSS
Can be used to reduce Oracle (and other?) costs!
Consider two DRPs, one with an email container
and one with 2 X web server containers (and
global) (from http://www.sun.com/software/solaris/
howtoguides/containersLowRes.jsp):
Copyright 2009 Peter Baer Galvin - All Rights Reserved 80
Saturday, May 2, 2009
81. Zones and DRPs (cont)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 81
Saturday, May 2, 2009
82. Zones and DRPs (cont)
Create a pool (from global zone) via
# # enable DRPs
# pooladm –e
# # save current config
# pooladm –s
# # show current state, at start only pool_default exists
global# pooladm
system my_system
string system.comment
int system.version 1
boolean system.bind-default true
int system.poold.pid 638
pool pool_default
int pool.sys_id 0
boolean pool.active true
boolean pool.default true
int pool.importance 1
string pool.comment
pset pset_default
Copyright 2009 Peter Baer Galvin - All Rights Reserved 82
Saturday, May 2, 2009
83. Zones and DRPs (cont)
pset pset_default
int pset.sys_id -1
boolean pset.default true
uint pset.min 1
uint pset.max 65536
string pset.units population
uint pset.load 7
uint pset.size 8
string pset.comment
cpu
int cpu.sys_id 1
string cpu.comment
string cpu.status on-line
cpu
int cpu.sys_id 0
string cpu.comment
string cpu.status on-line
cpu
int cpu.sys_id 3
string cpu.comment
string cpu.status on-line
cpu
int cpu.sys_id 2
string cpu.comment
string cpu.status on-line
Copyright 2009 Peter Baer Galvin - All Rights Reserved 83
Saturday, May 2, 2009
84. Zones and DRPs (cont)
Create a new one-CPU processor set called email-pset
# poolcfg -c 'create pset email-pset (uint
pset.min=1; uint pset.max=1)'
Create a resource pool for the processor set
# poolcfg -c 'create pool email-pool'
Link the pool to the processor set
# poolcfg -c 'associate pool email-pool (pset
email-pset)'
Set an objective (if including a range of processors (i.e. min <> max)
# poolcfg -c 'modify pset email-pool (string
pset.poold.objectives="wt-load")'
Activate the configuration
# pooladm -c
Copyright 2009 Peter Baer Galvin - All Rights Reserved 84
Saturday, May 2, 2009
85. Zones and DRPs (cont)
Check the config
# pooladm
system my_system
string system.comment
int system.version 1
boolean system.bind-default true
int system.poold.pid 638
pool email-pool
int pool.sys_id 1
boolean pool.active true
boolean pool.default false
int pool.importance 1
string pool.comment
pset email
pool pool_default
int pool.sys_id 0
boolean pool.active true
boolean pool.default true
int pool.importance 1
string pool.comment
pset pset_default
pset email-pset
int pset.sys_id 1
boolean pset.default false
uint pset.min 1
uint pset.max 1
string pset.units population
uint pset.load 0
uint pset.size 1
string pset.comment
cpu
int cpu.sys_id 0
string cpu.comment
string cpu.status on-line
Copyright 2009 Peter Baer Galvin - All Rights Reserved 85
Saturday, May 2, 2009
86. Zones and DRPs (cont)
Check the config
pset pset_default
int pset.sys_id -1
boolean pset.default true
uint pset.min 1
uint pset.max 65536
string pset.units population
uint pset.load 7
uint pset.size 7
string pset.comment
cpu
int cpu.sys_id 1
string cpu.comment
string cpu.status on-line
cpu
int cpu.sys_id 3
string cpu.comment
string cpu.status on-line
cpu
int cpu.sys_id 2
string cpu.comment
string cpu.status on-line
Copyright 2009 Peter Baer Galvin - All Rights Reserved 86
Saturday, May 2, 2009
87. DRPs
Note that you can give ranges of CPUs to
be used in DRPs
If you do be sure to set an “objective” else
nothing will be dynamic
Note that some software licenses allow
licensing of the app for only those CPUs in
the DRP that the zone is attached to (i.e.
only pay for your DRP CPUs, not all
CPUs)(!)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 87
Saturday, May 2, 2009
88. Zones and DRPs (cont)
Now enable FSS, make it default for pool_default
# poolcfg -c 'modify pool pool_default (string pool.scheduler="FSS")'
Create an instance of the configuration
# pooladm -c
Move all the processes in the default pool and its associated zones under the FSS.
# priocntl -s -c FSS -i class TS
# priocntl -s -c FSS -i pid 1
Now have the zones use the DRPs
# zonecfg –z email-zone
zonecfg:email-zone> set pool=email-pool
# zonecfg –z Web1-zone
zonecfg: Web1-zone> set pool=pool_default
zonecfg:Web1-zone> add rctl
zonecfg:Web1-zone:rctl> set name=zone.cpu-shares
zonecfg:Web1-zone:rctl> add value (priv=privileged,limit=3,action=none)
zonecfg:Web1-zone:rctl> end
# zonecfg -z Web2-zone
zonecfg:Web2-zone> set pool=pool_default
zonecfg:Web2-zone> add rctl
zonecfg:Web2-zone:rctl> set name=zone.cpu-shares
zonecfg:Web2-zone:rctl> add value (priv=privileged,limit=2,action=none)
zonecfg:Web2-zone:rtcl> end
Copyright 2009 Peter Baer Galvin - All Rights Reserved 88
Saturday, May 2, 2009
89. Zones, Resources, and S10 8/07
Much simpler now if you just want a zone to have dedicated
CPUs, memory limits
(From http://blogs.sun.com/jerrysblog/feed/entries/atom?cat=%2FSolaris)
zonecfg:my-zone> set scheduling-class=FSS
zonecfg:my-zone> add dedicated-cpu
zonecfg:my-zone:dedicated-cpu> set ncpus=1-4
zonecfg:my-zone:dedicated-cpu> set importance=10
zonecfg:my-zone:dedicated-cpu> end
zonecfg:my-zone> add capped-memory
zonecfg:my-zone:capped-memory> set physical=50m
zonecfg:my-zone:capped-memory> set swap=128m
zonecfg:my-zone:capped-memory> set locked=10m
zonecfg:my-zone:capped-memory> end
You have to enable poold via svcadm if “importance”used
Still use dispadmin to set system-wide scheduling
Copyright 2009 Peter Baer Galvin - All Rights Reserved 89
Saturday, May 2, 2009
90. Zones, Resources, and S10 8/07 (cont)
Can use zonecfg for the global zone to persistently
set resource management settings in global
Now can set other zone-wide resource limits easily
zone.cpu-shares
zone.max-locked-memory (locked property of the capped-memory
resource is preferred)
zone.max-lwps
zone.max-msg-ids
zone.max-sem-ids
zone.max-shm-ids
zone.max-shm-memory
zone.max-swap (The swap property of the capped-memory resource
is the preferred way to set this control)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 90
Saturday, May 2, 2009
91. Zones and Networking S10 8/07
Can now create exclusive-IP zones (i.e. dedicate an HBA port to a zone) known as
“IP Instances”
Need this if you want advanced networking features in a zone (firewalls, snooping,
DHCP client, traffic shaping)
Each zone get its own IP stack (and soon xVM will too)
zonecfg:my-zone>set ip-type=exclusive
zonecfg:my-zone> add net
zonecfg:my-zone:net> set physical=e1000g1
zonecfg:my-zone:net> end
Now the zone can set its own IP address et al, can do IPMP within a zone
“zonecfg set physical=” to one of the interfaces in an IPMP group
Project Crossbow will allow virtual NICs to be IP instance entity (no longer tying up
Ethernet port)
Limited to Ethernet devices that use GLDv3 drivers (dladm show-link not reporting
“legacy”)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 91
Saturday, May 2, 2009
92. Zones, Resources and 5/08
CPU Caps Can limit the aggregated amount of CPU that a container’s CPUs can
accumulate
Although it is possible to use prctl(1M) command to manage CPU caps, the capctl
Perl script that simplifies it
# capctl <-P project> <-p pid> <-Z zone> <-n name> <-v value>
* -P proj: Specify project id
* -p pid: Specify pid
* -Z zone: Specify zone name
* -n name: Specify resource name
* -v value: Specify resource value
For example, to set a cap for project foo to 50% you can say:
# capctl -P foo -v 50
To change the cap to 80%:
# capctl -P foo -v 80
To see the cap value:
# capctl -P foo
To remove the cap:
# capctl -P foo -v 0
Copyright 2009 Peter Baer Galvin - All Rights Reserved 92
Saturday, May 2, 2009
93. prctl vs zonecfg
prctl can read resource settings in the
global or child zones
Not persistent for setting variables
Can’t set variables in the child zone
zonecfg is persistent, but only runs in
global zone
Copyright 2009 Peter Baer Galvin - All Rights Reserved 93
Saturday, May 2, 2009
94. Zone Issues
Zone cannot reside on NFS
But zone can be NFS client
Each zone normally has a “sparse” installation of a
package, if package is from “inherit-package-dir” directory
tree
By default, a package installed in global zone is installed in
all existing non-global zones
Unless the pkgadd –G or –Z options are used
See also SUNW_PKG_ALLZONES and SUNW_PKG_HOLLOW
package parameters
Patches installed in global zone is installed in all non-global
zones
If any zone does not match patch dependencies, patch not
installed
Copyright 2009 Peter Baer Galvin - All Rights Reserved 94
Saturday, May 2, 2009
95. Zone issues - cont
Upgrading the global zone to a new Solaris release
upgrades the non-global zones but depends on which
upgrade method is used (hint - use live upgrade)
Best practice is to keep packages and patches synced
between global and all non-global zones
Watch out for giving users root in a zone – could
violate policy or regulations
Flash Archive (flar) can be used to capture system
containing zones and clone it, but only if zones are
halted.
Details at http://www.opensolaris.org/os/community/zones/
faq/flar_zones
Copyright 2009 Peter Baer Galvin - All Rights Reserved 95
Saturday, May 2, 2009
96. Zones and Packages
# pkgadd -d screen*
The following packages are available:
1 SMCscreen screen
(intel) 4.0.2
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
## Not processing zone <zone10>: the zone is not running and cannot be booted
## Booting non-running zone <zone0> into administrative state
## waiting for zone <zone0> to enter single user mode...
## Verifying package <SMCscreen> dependencies in zone <zone0>
## Restoring state of global zone <zone0>
## Booting non-running zone <zone1> into administrative state
## waiting for zone <zone1> to enter single user mode...
. . .
## Booting non-running zone <zone0> into administrative state
## waiting for zone <zone0> to enter single user mode...
## waiting for zone <zone0> to enter single user mode...
## Installing package <SMCscreen> in zone <zone0>
Copyright 2009 Peter Baer Galvin - All Rights Reserved 96
Saturday, May 2, 2009
97. Sparse Zones vs. Whole Root Zones
When should you use “sparse”, when should you use
“whole root”
Check per-application support and/or requirements
sparse zones don’t allow writes into /, /usr, etc by default, some apps
don’t like that
Can intermix sparse and whole-root on the same system
Make a sparse root into a whole root
# zonecfg create -b
In the future, likely that the world will use whole root
zones and ZFS cloning
But zone roots on ZFS not supported until U6
because not upgradeable
Copyright 2009 Peter Baer Galvin - All Rights Reserved 97
Saturday, May 2, 2009
98. Upgrading a System Containing Containers
Supported methods vary, depending on
OS release being upgraded from
Generally liveupgrade is best, but many
details to consider
Well documented at http://docs.sun.com/app/docs/
doc/820-4041/gdzlc?a=view
Copyright 2009 Peter Baer Galvin - All Rights Reserved 98
Saturday, May 2, 2009
99. Zone Best Practices
Note that global zone root can copy files directly into zones via their
zonepath directory
Consider building at least one container per system
Put all users and apps in there
Fast to copy for testing
Fast reboot
Put it on shared storage for future attach / detach
But watch out for limits
dtrace
app support in a zone
Surprisingly, a global-zone mount within the zone file system is
immediately seen in the zone
Copyright 2009 Peter Baer Galvin - All Rights Reserved 99
Saturday, May 2, 2009
100. Zone Best Practices (2)
Use zonecfg export to save each zone’s
config settings - store on a different system
For every zone created, in its “virgin state”,
create a clone of it and store it on a
different system
Put zones on ZFS for best feature set
Consider configuring child zones to send
syslog output to central syslog server
Copyright 2009 Peter Baer Galvin - All Rights Reserved 100
Saturday, May 2, 2009
101. Zones and /etc/system
For variables no longer in /etc/system they can be set via the rctladm command,
but only per project. This example is from the Sun installation guide for Weblogic
on Solaris 10…
Modify /etc/project in each zone the app will run in to contain the following
additions to the resource controls for user.root (assuming the application will run
as root):
bash-3.00# cat /etc/project
system:0::::
user.root:1::::
process.max-file-descriptor=(privileged,1024,deny);
process.max-sem-ops=(privileged,512,deny);
process.max-sem-nsems=(privileged,512,deny);
project.max-sem-ids=(privileged,1024,deny);
project.max-shm-ids=(privileged,1024,deny);
project.max-shm-memory=(privileged,4294967296,deny)
noproject:2::::
default:3::::
group.staff:10::::
Copyright 2009 Peter Baer Galvin - All Rights Reserved 101
Saturday, May 2, 2009
102. Zones and /etc/system (cont)
Note that /etc/project is read at login
Also to enable warnings via syslog if the resource limits
are approached execute the following commands once
in each zone the app will run in (they update the /etc/
rctladm.conf file)
Do this in the global zone, not persistent so script it:
#rctladm -e syslog process.max-file-descriptor
#rctladm -e syslog process.max-sem-ops
#rctladm -e syslog process.max-sem-nsems
#rctladm -e syslog process.max-sem-ids
#rctladm -e syslog process.max-shm-ids
#rctladm -e syslog process.max-shm-memory
Copyright 2009 Peter Baer Galvin - All Rights Reserved 102
Saturday, May 2, 2009
103. Branded Zones
Shipped in S10 8/07
Allows native binary execution of bins from other
operating systems
Centos first
Install a brandz zone, install the “guest” OS, then install
binaries (RPMs et al) and run them
Currently limited to centos and other 2.4-based distros
Result - can use DTrace to analyze Linux perf problems
See man pages for brands(5), lx(5)
Copyright 2009 Peter Baer Galvin - All Rights Reserved 103
Saturday, May 2, 2009
104. brandz
Example install given at http://milek.blogspot.com/2006/10/brandz-
integrated-into-snv49.html
# zonecfg -z linux
linux: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:linux> create -t SUNWlx
zonecfg:linux> set zonepath=/home/zones/linux
zonecfg:linux> add net
zonecfg:linux:net> set address=192.168.1.10/24
zonecfg:linux:net> set physical=bge0
zonecfg:linux:net> end
zonecfg:linux> add attr
zonecfg:linux:attr> set name="audio"
zonecfg:linux:attr> set type=boolean
zonecfg:linux:attr> set value=true
zonecfg:linux:attr> end
zonecfg:linux> exit
Copyright 2009 Peter Baer Galvin - All Rights Reserved 104
Saturday, May 2, 2009
105. brandz (cont)
# zoneadm -z linux install -d /mnt/iso/
centos_fs_image.tar.bz2
A ZFS file system has been created for this zone.
Installing zone 'linux' at root directory '/home/zones/
linux'
from archive '/mnt/iso/centos_fs_image.tar.bz2'
This process may take several minutes.
Setting up the initial lx brand environment.
System configuration modifications complete!
Setting up the initial lx brand environment.
System configuration modifications complete!
Installation of zone 'linux' completed successfully.
Details saved to log file:
"/home/zones/linux/root/var/log/linux.install.10064.log"
Copyright 2009 Peter Baer Galvin - All Rights Reserved 105
Saturday, May 2, 2009
106. Solaris 8 and 9 Containers
Now available as a commercial product ($) from Sun
Uses brandz
Capture a Solaris 8 or Solaris 9 system via Archiver (aka
P2V)
Updater Tool, processes Solaris 8 image and prepares it
for new, virtualized environment
Create it as a container under S10
Apps think they are on S8 or S9
Sun “guarantees” compatibility
SPARC only
Copyright 2009 Peter Baer Galvin - All Rights Reserved 106
Saturday, May 2, 2009