Basic Operations for Oracle Solaris 11 Administration

by Ginny Henningsen

This article gives examples of common administrative tasks in Oracle Solaris 11. It excerpts example commands from a collection of general administration tasks in the "Oracle Solaris 11 Administrator's Cheat Sheet" written by Joerg Moellenkamp, Senior Account Architect for Oracle.

Published November 2012

Oracle Solaris 11 includes state-of-the-art technologies designed to enhance ease of use and manageability, streamline consolidation, and expedite application deployment. A key design goal for the release was to simplify administration, allowing IT organizations to maintain systems and application stacks more easily and with less cost.

Want technical articles like this one delivered to your inbox?  Subscribe to the Systems Community Newsletter—only technical content for sysadmins and developers.

To give system administrators a quick reference for managing Oracle Solaris 11 systems, Joerg Moellenkamp, a Senior Account Architect for Oracle, put together a list of general administrative commands in the "Oracle Solaris 11 Administrator's Cheat Sheet." This article excerpts examples from that cheat sheet and introduces concepts related to Oracle Solaris 11 administrative tasks. The cheat sheet and this article summarize commands related to these Oracle Solaris 11 topics:

  • Performing automated installations
  • Configuring systems and system services
  • Managing users and groups
  • Using Boot Environments (BEs)
  • Using the Image Packaging System (IPS) for software package management
  • Performing basic ZFS administration
  • Managing disk devices
  • Configuring Oracle Solaris Zones
  • Using the Service Management Facility (SMF)
  • Configuring networking, including basic configuration tasks, automated administration, and advanced tasks

Automated Installations

Oracle Solaris 11 introduces a new network-based Automated Installer (AI) that checks and resolves software package dependencies, provides greater provisioning flexibility, and performs hands-free installations on SPARC and x86 systems. AI takes advantage of network-based software package repositories to streamline the installation of multiple client types.

Isaac Rozenfeld, a Principle Product Manager in the Oracle Solaris group, wrote a separate Oracle Solaris 11 cheat sheet dedicated to AI commands called "Installation and Deployment Administration." This article and Joerg's cheat sheet reproduce some command examples from Isaac's cheat sheet.

To perform automated installations, you must first set up an Oracle Solaris 11 system on the network as an AI server and define one or more installation services. Installation services include AI boot images as well as installation manifests and system configuration profiles. You can specify installation manifests and profiles that match certain client criteria to enable customized installations. For a client system to be installed automatically, it must be able to access the AI server, a DHCP server (which can be the same machine as the AI server), and an Oracle Solaris 11 software package repository (either the default Oracle release repository or a local software repository). DHCP is used to identify the client initially, but it is possible to use AI without having a DHCP infrastructure in place.

On the AI server, you can use the installadm command to create, list, and configure installation services, along with any client-matching criteria. The create-service subcommand defines an installation service, as in the following sample command, which creates a service using a downloaded ISO file and defines x86-based DHCP clients starting at address for a total count of 10 addresses:

# installadm create-service -n s11x86 -i -c 10  \
-s /path/to/solaris-11-1111-ai-x86.iso

The list subcommand lists all defined installation services, as in this example:

# installadm list 
Service Name     Alias Of         Status  Arch  Image Path  
------------     --------         ------  ----  ----------  
default-i386     sol-11-i386-svc  on      x86   /export/images/soli386
default-sparc    sol-11-sparc-svc on      Sparc /export/images/solsparc
sol-11-i386-svc  -                on      x86   /export/images/soli386 
sol-11-sparc-svc -                on      Sparc /export/images/solsparc

By using the -m and -p options, respectively, with the list subcommand you can list installation manifests or system configuration profiles associated with installation services:

# installadm list -m
# installadm list -p

AI manifests are stored in XML and are easily customized. The first command below exports the default installation manifest associated with the s11x86 service. After editing the exported manifest file, the update-manifest subcommand updates the manifest associated with the service:

# installadm export -n s11x86 -m orig_default > manifest.xml
[edit manifest.xml]
# installadm update-manifest -n s11x86 -m orig_default -f manifest.xml

System configuration profiles provide the ability to fine-tune systems during hands-free installations. They complement manifests and typically contain specifications for post-installation (configuring system variables such as username, user password, time zone, host name, and IP address). System configuration profiles are processed by SMF after OS package installation when a client first boots.

You can interactively create a system configuration profile and save it for subsequent installations:

# sysconfig create-profile -o profile.xml 

System and Service Configuration

The Service Management Facility in Oracle Solaris 11 is used to configure systems and store related configuration data, allowing changes to persist across system updates. The svccfg and svcadm commands are used to configure and control system services, as in this sequence that configures a system's identity:

# svccfg -s svc:/system/identity:node setprop \
config/nodename = "myhost"
# svcadm refresh svc:/system/identity:node
# svcadm restart svc:/system/identity:node

This example configures a system's time zone:

# svccfg -s timezone:default setprop \
timezone/localtime = astring: US/Mountain
# svcadm refresh timezone:default

To unconfigure a system and start an interactive configuration on reboot, enter the following:

# sysconfig configure -s

You can generate an XML file containing a system configuration profile:

# sysconfig create-profile -o sc-profile.xml

The resulting profile can be used with AI or as input to a sysconfig command:

# sysconfig configure -c sc-profile.xml

Users and Groups

By default, Oracle Solaris 11 configures root as a role (rather than as a user) that is entitled to perform privileged tasks. Having root as a role enhances security since an individual user must first log in and assume the root role; thus every privileged action can be directly attributed to a named user and is logged accordingly. You can revert to the model where root is a normal user account by entering the following:

# rolemod -K type=normal root

To configure root as a role instead, as in the default setting, enter this:

# usermod -K type=role root

To add a new user with a System Administrator profile, enter the following:

# useradd -d /export/home/joerg -P "System Administrator" joerg

Boot Environments

Boot Environments (BEs) are bootable operating system images. Since creating a new BE takes advantage of the built-in Oracle Solaris 11 ZFS snapshot capabilities, you can generate a boot image clone almost instantly without using any additional disk space. (During a system update, only the changed blocks take up additional space.) Creating a BE enables a safe transition between software versions, since you can roll back to the previous software state if there's a problem.

Oracle Solaris 11 automatically creates a BE in some cases (for example, system updates), but it's easy to force the creation of a BE using the beadm create command:

# beadm create solaris-05032012

Once the BE is created, you can activate it, causing it to be the active BE at the next reboot:

# beadm activate solaris-05032012

To delete a BE, enter the following:

# beadm destroy solaris-05032012

To list BEs from the SPARC boot PROM, enter this:

ok boot -L

To boot into a certain BE from the SPARC boot PROM, use the -Z argument, specifying the BE name to the PROM boot command:

ok boot -Z rpool/ROOT/solaris-05032012

Software Packaging and Management

Oracle Solaris 11 includes a new network-centric software package management framework called the Image Packaging System (IPS). IPS installs and updates software packages from locally connected or remote repositories, automatically checking and resolving software dependencies. IPS also checks software versions in non-global zones for consistency with the global zone, simplifying software administration of Oracle Solaris Zones. Another cheat sheet, called the "Oracle Solaris 11 Cheat Sheet for Image Packaging System," summarizes common commands used with IPS, including several examples that are included here.

The primary administrative interface for IPS is the pkg command. For example, to install a package called diagnostic/wireshark, enter the following:

# pkg install diagnostic/wireshark

Packages are sometimes grouped into related clusters. For example, on a workstation, you can install the solaris-desktop group of packages to provide a desktop environment:

# pkg install solaris-desktop

IPS eliminates all patching. Instead, to update all installed packages to the newest versions, including packages in zones, enter this:

# pkg update

To understand what packages might change without actually performing the update, use the -nv options:

# pkg update -nv

To uninstall a package, use the uninstall subcommand:

# pkg uninstall wireshark

To list all packages installed on a system, enter the following:

# pkg list

To get more information about an installed package, use the info subcommand:

# pkg info wireshark

To list the contents of an installed package, use the contents subcommand:

# pkg contents wireshark

To search packages in the configured repositories for a specific file, use the search subcommand:

# pkg search math.h

The following example searches for all packages installed locally on a system that have a dependency on library/libxml2:

# pkg search -l -o 'depend::library/libxml2'

Software developers, including Oracle, publish their software in software package repositories. You can use the pkg publisher command to show the currently configured repositories:

# pkg publisher 
solaris		origin	online 

Oracle Solaris 11 has a default publisher, solaris, which supplies software packages from the release repository, Customers who have an active Oracle support agreement can change the default publisher to point to the Oracle Solaris 11 support repository at

In the Oracle Technology Network article "How to Update Oracle Solaris 11 Systems From Oracle Support Repositories," Glynn Foster steps through the process of downloading security certificates and keys and switching to the support repository. To then perform an update from the support repository, you would enter the following:

# pkg set-publisher -g \
-G -k /path/to/ssl_key \
-c /path/to/ssl_cert solaris
# pkg update

File Systems—Basic ZFS Administration

Initially deployed in Oracle Solaris 10, Oracle Solaris ZFS is the default root file system in Oracle Solaris 11, and it is required to perform software maintenance and safe upgrades. ZFS integrates volume management, provides high levels of data integrity (through checksumming and copy-on-write operations), and includes a wide variety of data services such as RAID protection, deduplication, and data encryption.

The primary commands to configure, construct, and manage ZFS file systems are zpool and zfs. Devices can be physical disks or files. When you create a ZFS file system, you specify the type of data replication, such as a mirror (RAID-1) or raidz. (A RAID-Z device is similar to RAID-5 but with atomic operations providing single-, double-, or triple-parity fault tolerance, which are specified as raidz, raidz2, and raidz3, respectively).

Creating a ZFS storage pool automatically creates and mounts a new ZFS file system, as in the following example, which creates a ZFS pool with a single disk:

# zpool create testpool c3t2d0

To create a ZFS pool with three disks in RAID-0 configuration, enter this:

# zpool create testpool c3t2d0 c3t3d0 c3t4d0

To create a ZFS pool with three disks in a RAID-1 configuration or in a single-parity RAID-Z configuration, enter mirror or raidz as arguments, respectively:

# zpool create testpool mirror c3t2d0 c3t3d0 c3t4d0
# zpool create testpool raidz c2t2d0 c3t3d0 c3t4d0

ZFS uses caching to accelerate disk operations. By applying a solid state disk as a separate ZFS Intent Log (ZIL), you can create an effective way to cache writes. For example, to build a ZFS pool with a single disk and define a separate disk as a ZIL, enter the following:

# zpool create testpool c3t2d0 log c3t3d0

The ZFS main memory cache in DRAM is called the Adaptive Replacement Cache (ARC). You can specify a Level 2 Adaptive Replacement Cache (L2ARC) that operates between main memory and disk, configuring it on a solid state disk to accelerate reads. To create a ZFS pool with a single disk and another disk as an L2ARC, enter this:

# zpool create testpool c3t2d0 cache c3t3d0

To share a file system via NFS, enter the following:

# zfs create zpool/fs1
# zfs set share=name=fs1,path=/rpool/fs1,prot=nfs rpool/fs1
# zfs set sharenfs=on rpool/fs1

In Oracle Solaris 11, you can migrate data from an old file system to a new file system while simultaneously allowing access and modification of the new file system during the migration process. This is called shadow migration, which can be performed as shown in this example command sequence:

# pkg install shadow-migration
# svcadm enable shadowd
# zfs set readonly=on path/to/data
# zfs create -o shadow=file:///path/to/data \

Disk Devices

Oracle Solaris 11 includes several new disk management features, such as COMSTAR iSCSI support. To configure a disk to be used via iSCSI, use a sequence of commands like this:

# svcadm enable svc:/network/iscsi/initiator
# iscsiadm modify initiator-node -A myclient
# iscsiadm add discovery-address
# iscsiadm discovery -t enable
# devfsadm -c iscsi

To show all disks on a system, use the cfgadm command with the -s option:

# cfgadm -s "select=type(disk)"

Suppose disk c1t1d0 in the ZFS pool testpool is faulty. To take the pool offline and replace it, enter this sequence:

# zpool offline testpool c1t1d0
# cfgadm -c unconfigure c1::dsk/c1t1d0
# cfgadm -c configure c1::dsk/c1t1d0
# zpool replace testpool c1t1d0
# zpool online testpool c1t1d0

On an x86 system, to mirror an existing boot disk c3t0d0s0 with disk c3t2d0s0, enter these commands to format and label the disk:

# fdisk -B c3t2d0s0
# prvtoc /dev/rdsk/c3t0d0s0 | fmthard -s - /dev/rdsk/c3t2d0s0

You'll need to recreate the root pool, restore a previously created root pool snapshot, and install a boot block on the new disk. To install a boot block on an x86 system, enter an installgrub command:

# installgrub /boot/grub/stage1 /boot/grub/stage2 \

To install the boot block on a SPARC system, enter this installboot command:

# installboot -F zfs \
/usr/platform/`uname -i`/lib/fs/zfs/bootblk/dev/rdsk/c3t2d0s0

For more detailed procedures for both x86 and SPARC systems, see instructions in the manual Oracle Solaris Administration: ZFS File Systems.

Oracle Solaris Zones

Oracle Solaris Zones technology is an OS-level virtualization technology that provides independent, isolated, and secure runtime environments called non-global zones, or simply "zones." Oracle Solaris automatically establishes a global zone for system-wide administrative control. Although all zones share the same underlying kernel, applications running in one zone can't impact applications running in other zones.

The primary administrative interface for managing zones is the command line interface zonecfg, which uses a tree-like structure of context-relevant subcommands. Here is a simple example of how to create and install a non-global zone using zonecfg:

# zonecfg -z testzone
testzone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:testzone> create
zonecfg:testzone> set zonepath=/zones/testzone
zonecfg:testzone> set autoboot=true
zonecfg:testzone> verify
zonecfg:testzone> commit
zonecfg:testzone> exit

The zoneadm list -v command lists all running zones, including their zone name, ID, current state, root directory, brand type, IP type, and options:

# zoneadm list -v

After first verifying the validity of the configured zone, the install subcommand installs the specified zone:

# zoneadm -z testzone install

The zoneadm boot command is used to boot the zone:

# zoneadm -z testzone boot

Once a zone has booted, you can use zlogin to log in to the zone's console:

# zlogin -C testzone

To shut down a zone cleanly (which is the equivalent to running /usr/sbin/init 0 in the zone), enter the following:

# zoneadm -z testzone shutdown

You can also monitor a zone for CPU, memory, and network utilization. For example, to capture these zone statistics every 10 seconds, enter this:

# zonestat -z testzone 10

Service Management Facility

The Service Management Facility (SMF) provides a comprehensive framework for managing services on Oracle Solaris 11. It includes the ability to restart services automatically, including any dependencies, after a failure. The information to manage each service is stored in a service repository. See the Oracle Solaris Administration: Common Tasks manual for more information about managing services.

Each service instance is named with a fault management resource indicator (FMRI). The FMRI includes the service name and the instance name. For example, the FMRI for the rlogin service is svc:/network/login:rlogin, where network/login identifies the service and rlogin identifies the service instance.

The primary administrative interfaces for configuring and managing services are the command line interfaces svcs, svcadm, svcprop, and svccfg. The svcs command displays information about service instances from the service repository. To show all services, including disabled services, enter the following:

# svcs

The svcs -l command explains the state of service instances. For example, to list detailed information about the service system/zones, enter this:

# svcs -l system/zones

To list processes associated with the network/netcfg service, enter the following:

# svcs -p network/netcfg

To enable a service called network/dns/client, enter the following:

# svcadm enable network/dns/client

To restart a service called network/nfs/server using an abbreviated FMRI, enter this:

# svcadm restart nfs/server

To disable a service called network/ssh, enter the following:

# svcadm disable network/ssh

The svcs -xv command is useful in troubleshooting services. The example in Listing 1 shows that the problem is nfs/status. The service nfs/client is waiting because it depends on nfs/nlockmgr, which depends on nfs/status:

# svcs -xv nfs/client 
svc:/network/nfs/client:default (NFS client) 
 State: offline since Mon Feb 27 16:03:23 2006 
Reason: Service svc:/network/nfs/status:default
        is not running because a method failed repeatedly. 
   Path: svc:/network/nfs/client:default
   See: man -M /usr/share/man -s 1M mount_nfs 
   See: /var/svc/log/network-nfs-client:default.log 
Impact: This service is not running.

Listing 1. Troubleshooting Example

The svcprop utility prints values of properties in the service configuration repository. For example, to display properties and associated values for the service network/ssh, enter this:

# svcprop network/ssh

The svccfg command modifies entries in the service configuration repository. It can be used interactively, as in this example that displays the general/enabled property for the service network/ssh:

# svccfg
svc:> select ssh:default
svc:/network/ssh:default> listprop general/enabled
general/enabled  boolean  false
svc:/network/ssh:default> exit

In the following example, the svccfg command sets the port number of the application/pkg/server service to 10000, and the svcadm refresh command applies the new setting:

# svccfg -s application/pkg/server setprop pkg/port=10000
# svcadm refresh application/pkg/server

To configure e-mail notifications for services that drop from the online to maintenance state, enter the following:

# svccfg setnotify -g from-online,to-maintenance \


Oracle Solaris 11 uses profile-based networking configuration that be administered in one of two configuration modes: either manual or automatic. These modes differ in whether you configure the system manually using dladm and ipadm or by creating and applying network configuration profiles (NCPs).

If the active profile is fixed (defined as DefaultFixed), you use the dladm and ipadm commands to configure networking. If the active networking configuration profile is reactive (reported as Automatic), you use netcfg and netadm to modify the profile. See the Oracle Solaris Administration: Network Interfaces and Network Virtualization manual for details.

If the active profile is Automatic, you can list all profiles using the command shown in Listing 2:

# netadm list -x 
ncp         Automatic      online      active 
ncu:phys    net0           online      interface/link is up 
ncu:ip      net0           online      interface/link is up 
ncu:phys    net1           online      interface/link is up 
ncu:ip      net1           offline*    waiting for IP address to be set 
ncp         testcfg        disabled    disabled by administrator 
loc         Automatic      offline     conditions for activation are unmet 
loc         NoNet          offline     conditions for activation are unmet 
loc         Lab            online      active 
loc         User           disabled    disabled by administrator

Listing 2. Listing All Profiles

However, the netadm list command is supported only if the network management mode is Automatic. Otherwise, it generates a message indicating that the DefaultFixed profile is active:

netadm: DefaultFixed NCP is enabled; automatic network management is not available.
'netadm list' is only supported when automatic network management is active.

Networking—Manual Administration

If the active profile is Automatic, you can switch to a DefaultFixed profile and use the dladm and ipadm commands to configure networks manually:

# netadm enable -p ncp defaultfixed

The dladm command is used to administer data links. To show physical network interfaces, enter this:

# dladm show-phys

Subcommands for ipadm create interfaces, assign addresses, and manage TCP/IP properties. For example, to create an interface with a static IPv4 configuration, enter these commands:

# ipadm create-ip net0
# ipadm create-addr -T static -a local= net0/addr
# ipadm show-addr

To create an interface with a DHCP configuration, enter the following:

# ipadm create-ip net0
# ipadm create-addr -T dhcp net0/addr

To create interface with auto-generated IPv6 configuration, enter the following:

# ipadm create-ip net0
# ipadm create-addr -T addrconf net0/addr

To configure a default route, enter this:

# route -p add default

To activate a DNS configuration, configure the DNS service using SMF, as follows:

# svccfg -s dns/client setprop config/nameserver = \
# svccfg -s dns/client setprop config/domain = \
astring: ""
# svccfg -s name-service/switch setprop config/host = \
astring: "files dns"
# svcadm refresh name-service/switch
# svcadm refresh dns/client

An alternate approach to set up DNS is to edit /etc/resolv.conf and /etc/nsswitch.conf and then import these modifications into SMF, refreshing the required services:

# nscfg -f svc:/system/name-service/switch:default
# nscfg -f svc:/network/dns/client:default
# svcadm refresh dns/client

Networking—Automatic Administration

If the active profile is Automatic, you use the netcfg and netadm commands to configure and monitor the profile. For example, to create a network configuration profile, enter the netcfg commands shown in Listing 3:

# netcfg create ncp datacenter
# netcfg
netcfg> select ncp datacenter
netcfg:ncp:datacenter> create ncu phys net0
Created ncu 'net0'. Walking properties ...
ip-version (ipv4,ipv6) [ipv4|ipv6]> ipv4
ipv4-addsrc (dhcp) [dhcp|static]> static
netcfg:ncp:datacenter:ncu:net0> end
Committed changes
netcfg:ncp:datacenter> exit
Create a network location profile:
# netcfg
netcfg> create loc datacenter
Created loc 'datacenter'. Walking properties ...
activation-mode (manual) [manual|conditional-any|conditionalall]> conditional-any
conditions> ip-address is
nameservices (dns) [dns|files|nis|ldap] dns
nameservices-config-file ("/etc/nsswitch.dns")>
dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual
netcfg:loc:datacenter> exit
Committed changes

Listing 3. Creating a Network Configuration Profile

To activate the modified network configuration profile, enter the following:

# netadm enable -p ncp datacenter

Networking—Advanced Administration

Using dladm and ipadm commands (often in conjunction with Oracle Solaris Zones), you can implement virtualized networks. Oracle Solaris enables two types of virtualized network interfaces:

  • Virtual network interface cards (VNICs) are pseudo interfaces created on top of data links.
  • Etherstubs are pseudo Ethernet NICs on which you can create VNICs (instead of creating them on physical links). VNICs on an etherstub become independent of the physical NICs in the system.

To create a VNIC on the existing physical interface net0 with the address, enter this:

# dladm create-vnic -l net0 vnic0
# ipadm create-ip vnic0
# ipadm create-addr -T static -a vnic0/v4

To create two virtual network interfaces (VNICs) over a virtual switch (without a physical network interface), enter the following:

# dladm create-etherstub stub0
# dladm create-vnic -l stub0 vnic0
# dladm create-vnic -l stub0 vnic1

One of the powerful features of Oracle Solaris is that you can set bandwidth controls for VNICs, thereby limiting networking resources for applications running in a zone. Duncan Hardie gives an example of doing this in the Oracle Technology Network article "How to Control Your Application's Network Bandwidth Using Oracle Solaris 11."

For example, to reduce the bandwidth of vnic0 to 100 Mbps, enter the following:

# dladm set-linkprop -p maxbw=100 vnic0

To restrict the bandwidth for IP address, create a flow on vnic0 and then restrict its bandwidth to 50 Mbps:

# flowadm add-flow -l vnic0 -a remote_ip= flow0
# flowadm set-flowprop -p maxbw=50 flow0

Use the following to restrict network traffic to TCP for a local port 443 on net0:

# flowadm add-flow -l net0 -a transport=TCP,local_port=433 flow0

A common task in many network scenarios is to enable support for jumbo frames, which requires increasing the size of a data link's maximum transmission unit (MTU) to 9000 bytes:

# dladm set-linkprop -p mtu=9000 net0

Link aggregation combines the capacity of multiple full-duplex Ethernet links into a single logical link. To configure Link aggregation, enter this:

# dladm create-aggr -l net0 -l net1 aggr0
# ipadm create-ip aggr0
# ipadm create-addr -T static -a aggr0/v4

By subdividing a network into virtual local area networks (VLANs), you can improve network administration and security. To configure VLANs, use a sequence of dladm and ipadm commands similar to these:

# dladm create-vlan -l net0 -v 100 administration1
# dladm create-vlan -l net0 -v 2 production1
# ipadm create-ip administration1
# ipadm create-ip production1
# ipadm create-addr -T static -a \
# ipadm create-addr -T static -a \

IP network multipathing (IPMP) provides physical interface failure detection, transparent network access failover, and packet load spreading for multiple interfaces connected to a LAN. To configure an IPMP group, use the following configuration sequence:

# ipadm create-ip net0
# ipadm create-ip net1
# ipadm create-ip net2
# ipadm create-ipmp ipmp0
# ipadm add-ipmp -i net0 -i net1 -i net2 ipmp0
# ipadm create-addr -T static -a ipmp0/v4
# ipadm create-addr -T static -a net0/test
# ipadm create-addr -T static -a net1/test
# ipadm create-addr -T static -a net2/test

See Also

In addition, see the following resources:

About the Author

Ginny Henningsen has worked for the last 15 years as a freelance writer developing technical collateral and documentation for high-tech companies. Prior to that, Ginny worked for Sun Microsystems, Inc. as a Systems Engineer in King of Prussia, PA and Milwaukee, WI. Ginny has a BA from Carnegie-Mellon University and a MSCS from Villanova University.

Revision 1.0, 11/02/2012

facebook banner twitter banner