LisaNov2004TutorialM3 < CF

CF Web>CscfSpecific>LisaNovember2004>LisaNov2004TutorialM3 (2005-04-27, MikePatterson) (raw view)
Advanced Solaris Administration

Informal classroom poll: there's still some legacy Solaris 6 in production, some 7, loads and loads of 8/9, and very little 10.  Lots of people replacing Solaris with Linux (and few going the other way around).

Disksuite partitions are 9MB now.  Keeping parts of the disk unused can help to keep disk heads over data, rather than mostly-empty space.  (Cheap trick, but it helps to squeeze performance out if you need it.)

Use dumpadm.

Webstart Flash / Flash Archive > Jumpstart?  Requires Solaris 9 though, although it can work with 8.  (??)

One ought to mirror swap if one is mirroring root - so a disk failure won't necessarily cause a crash.

Swapping to files is no longer slower than swapping to a raw partition (when did this become true?) - so if you're in a pinch, create a file and add it to your swapspace.

=swap -s= and =-l= outputs differ cos the latter only talks about actual swap, -s talks about all virtual memory.

mkfile can also be used to reserve space on a new filesystem.  Be a hero: reserve 10% of the space and free it up when it's absolutely required.  Then buy a new disk and do the same thing.

Startup scripts have changed (?) in Solaris 10.

reboot doesn't run K files.

=boot -a= can be useful.

Solaris 10 has a service management facility.  We expect the first "dot" release in Summer 2005.

pgrep and pkill can be useful too.

Solaris 8 doesn't support LDAP for user authentication.  9 doesn't really support ADS or LDAP password changes.

If you have a maintenance contract, you can request from Sun a Root Cause Analysis for failures.

Jumpstart in Solaris 10 will not require that you be on the same network segment.  (no broadcasts?)

"Software Express" for Solaris -> exports of internal Solaris builds, but with no patches.

It is not recommended to use Jumpstart for upgrading between OS releases.  One person used Live Upgrade - he hated it.  Full reinstalls is still the way to go.  Veritas can hurt you here.

Explorer can tell you about partitions and such.

You *can* use Live Upgrade for patching - it will patch one part of a mirror, and you can test the patches and revert if necessary.

---++++ files and filesystems

You can edit variables for tmpfs.

Think about cachefs on clients using NFS.  Generally it's good to use, but it might not work with NFSv4.

Sun claims that UFS + journalling on Solaris 10 is as fast as Veritas.

Went over how intent logging (journalling) works.  No reason not to use this on UFS filesystems.

fssnap not very useful, but that was some time ago.  Maybe it's better now?

/proc is useful.  Some bits:
   * pwait - waiting for a process to complete
   * preap - kills zombies (maybe they should have called it 12gauge)
   * ptime is better than time
   * pstop / prun - "fun" to do on a user's shell
   * use prstat instead of top (so says Sun)

ZFS is "the next great thing" - supposedly for Solaris 10, but I don't think it is now.

2.6+ can have multiple default routes, which should do load balancing but doesn't.

You can add a netmask to a route command.

Infodoc 17416 talks about autonegotiation.

IP multipathing in builds > 7/01 (Solaris 8) is solid.

He talked about Remote System Control, which sounded really neat.  Also Sun Management Centre.  (Center, probably.)

We can use pkgrm to get rid of things so that patches won't reinstall them.  Like sendmail!

=sys-unconfig= to rename/number systems - say, if the IP or hostname is changing.

=conserver= -> console server.  =consadm= can split console messages to different devices.

Went over a bit of tuning =/etc/system= - look at =sysdef -i=

Good debugging tools - gdb, mdb, truss (last is replaced by the truly awesome dtrace).

docs.sun.com has kernel tunables.  Solaris Tunable Reference Manual.

Solaris 10 has things like =/etc/default/passwd= .

try setting noexec_user_stack to 1.  Disables running the stack out of userland so it helps with buffer overflow issues.  (Crap software.)

Sun Screen comes free with Solaris 9, but 10 has ipfilter (hurray).  Edit =/etc/ipf/= stuff.

---+++ Performance

=psrinfo= displays information on CPUs.  =psradm= lets you bring CPUs on and offline.  =sdtprocess= is cool too.

You have to be careful with things like iostat because output can be interpreted in many different ways.  With vmstat, higher sr is bad.

try =ps -y=.

How much cpu time is fsflush taking?  Change autoup value, especially on big DB servers.  =tune_t_fsflushr= is also important.

=mpstat= is per-cpu.  hit rate < 90% is *bad*.  There's argument if > 90% is necessarily good.

=sar -a= is good for trend/status information.

When you're using Solaris 8 as an NFS server, you can set dfratime to defer stuff until the disk is already spinning.

Direct i/o = evil (p284 of book)

Don't mix NFS servers with others, as NFS threads have absolute priority over user threads.  (Guess softbase / ds are out of luck, like elora / baffin...)

You can use the Solaris Network Cache Accelerator to improve Apache performance.

Maybe we can replace batch with Resource Manager.  zones are supposed to play nice with this.

When you're tuning performance, make sure the machine will save more time than you spend tuning it!

Tools / sites:
   * blastwave.org
   * !SysNav - a front-end for cfengine
   * [[http://blogs.sun.com/dmc][Sun Blogs - dtrace?]] - broken now
   * [[http://users.tpg.com.au/ads1n4yb][Misc. stuff]]
   * BMC Passport - does ADS < - > LDAP but it's expensive
   * Solaris Security Toolkit - JASS
   * [[http://www.zone-h.org][some security stuff]]
   * [[http://www.bolthole.com/solaris][Solaris hints]]

-- Main.MikePatterson - 26 Apr 2005
Topic revision: r2 - 2005-04-27 - MikePatterson
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
Other Webs
My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images
Edit