Transcription

Logical Domains (LDoms) 1.1Administration GuideSun Microsystems, Inc.www.sun.comPart No. 820-4913-10December 2008, Revision ASubmit comments about this document at: http://www.sun.com/hwdocs/feedback

Copyright 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved.Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. Inparticular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed athttp://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement andapplicable provisions of the FAR and its supplements.Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark inthe U.S. and in other countries, exclusively licensed through X/Open Company, Ltd.Sun, Sun Microsystems, the Sun logo, Java, Solaris, JumpStart, OpenBoot, Sun Fire, Netra, SunSolve, Sun BluePrints, Sun Blade, Sun Ultra, andSunVTS are service marks, trademarks, or registered trademarks of Sun Microsystems, Inc., or its subsidiaries, in the U.S. and other countries.All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and othercountries. Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems, Inc.The Adobe PostScript logo is a trademark of Adobe Systems, Incorporated.Products covered by and information contained in this service manual are controlled by U.S. Export Control laws and may be subject to theexport or import laws in other countries. Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end users, whetherdirect or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusionlists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited.DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.Copyright 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans cedocument. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés àl’adresse http://www.sun.com/patents et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis et dans lesautres pays.Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l’Université de Californie. UNIX est une marquedéposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd.Sun, Sun Microsystems, le logo Sun, Java, Solaris, JumpStart, OpenBoot, Sun Fire, Netra, SunSolve, Sun BluePrints, Sun Blade, Sun Ultra, etSunVTS sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc., ou ses filiales, aux Etats-Unis et dans d’autres pays.Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc.aux Etats-Unis et dans d’autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par SunMicrosystems, Inc.Le logo Adobe PostScript est une marque déposée de Adobe Systems, Incorporated.Les produits qui font l’objet de ce manuel d’entretien et les informations qu’il contient sont regis par la legislation americaine en matiere decontrole des exportations et peuvent etre soumis au droit d’autres pays dans le domaine des exportations et importations. Les utilisationsfinales, ou utilisateurs finaux, pour des armes nucleaires, des missiles, des armes biologiques et chimiques ou du nucleaire maritime,directement ou indirectement, sont strictement interdites. Les exportations ou reexportations vers des pays sous embargo des Etats-Unis, ouvers des entites figurant sur les listes d’exclusion d’exportation americaines, y compris, mais de maniere non exclusive, la liste de personnes quifont objet d’un ordre de ne pas participer, d’une facon directe ou indirecte, aux exportations des produits ou des services qui sont regi par lalegislation americaine en matiere de controle des exportations et la liste de ressortissants specifiquement designes, sont rigoureusementinterdites.LA DOCUMENTATION EST FOURNIE "EN L’ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSESOU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENTTOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE

ContentsPreface1.xvOverview of the Logical Domains SoftwareHypervisor and Logical DomainsLogical Domains ManagerCommand-Line InterfaceVirtual Input/Output445Virtual Network5Virtual Storage6Virtual Console6Dynamic Reconfiguration6Delayed Reconfiguration6Persistent Configurations8Security13Roles for Logical Domains2.19Security Considerations9Solaris Security Toolkit and the Logical Domains ManagerHardening1011Minimizing Logical Domains12iii

AuthorizationAuditing14Compliance3.1314Installing and Enabling Software15Upgrading a System Already Using Logical DomainsUpgrading the Solaris OS1616Saving and Restoring the Logical Domains Constraints Database File16Preserving the Logical Domains Constraints Database File When UsingLive Upgrade 17Upgrading From Solaris 10 OS Older Than Solaris 10 5/08 OS17Upgrading the Logical Domains Manager and the System Firmware Stop All Domains Running on the Platform, Except the ControlDomain 17Upgrading to LDoms 1.1 Software18 Upgrade From LDoms 1.0 Software Upgrade From LDoms 1.0.1, 1.0.2, or 1.0.320Installing Logical Domains Software on a New System21Updating the Solaris OS1821Upgrading the System Firmware21 Upgrade System Firmware Upgrade System Firmware Without an FTP Server2123Downloading Logical Domains Manager and Solaris Security Toolkit 17Download the Software2323Installing the Logical Domains Manager and Solaris Security Toolkit24Installing the Logical Domains Manager and Solaris Security ToolkitSoftware Automatically 24Using JumpStart to Install the Logical Domains Manager 1.1 and SolarisSecurity Toolkit 4.2 Software 31Installing Logical Domains Manager and Solaris Security Toolkit SoftwareManually 34ivLogical Domains (LDoms) 1.1 Administration Guide December 2008

Enabling the Logical Domains Manager Daemon 36Enable the Logical Domains Manager Daemon37Creating Authorization and Profiles and Assigning Roles for User Accounts37Managing User AuthorizationsManaging User Profiles3838Assigning Roles to Users39Factory Default Configuration and Disabling Logical Domains 4.Remove All Guest Logical Domains4041 Restore the Factory Default Configuration Disable the Logical Domains Manager Removing the Logical Domains Manager Restore the Factory Default Configuration From the System Controller43Setting Up Services and Logical DomainsOutput MessagesCreating Default Services45Create Default Services46Set Up the Control DomainRebooting to Use Logical DomainsReboot4646Initial Configuration of the Control Domain 4245Sun UltraSPARC T2 and T2 Plus Processors 4245Sun UltraSPARC T1 Processors 4148484949Enabling Networking Between the Control/Service Domain and OtherDomains 50 Configure the Virtual Switch as the Primary InterfaceEnabling the Virtual Network Terminal Server Daemon 5052Enable the Virtual Network Terminal Server Daemon52Contentsv

Creating and Starting a Guest Domain 53Create and Start a Guest DomainInstalling Solaris OS on a Guest Domain5356 Install Solaris OS on a Guest Domain From a DVD Install Solaris OS on a Guest Domain From a Solaris ISO File Jump-Start a Guest Domain5661Saving Logical Domain Configurations for Future Rebuilding Save All Logical Domain Configurations Rebuild Guest Domain ConfigurationsRebuilding the Control Domain6263Cryptographic (mau) Section656666Memory (memory) Section67Physical Input/Output (physio device) SectionVirtual Switch (vsw) Section6768Virtual Console Concentrator (vcc) SectionVirtual Disk Server (vds) Section6969Virtual Disk Server Device (vdsdev) Section5.6262Logical Domain Information (ldom info) SectionCPU (cpu) Section70Using PCI Busses With Logical Domains Software71Configuring PCI Express Busses Across Multiple Logical Domains Create a Split PCI Configuration72Enabling the I/O MMU Bypass Mode on a PCI Bus6.Using Virtual Disks With Logical DomainsIntroduction to Virtual DisksManaging Virtual Disks vi597778Add a Virtual Disk78Logical Domains (LDoms) 1.1 Administration Guide December 2008777571

Export a Virtual Disk Backend Multiple Times Change Virtual Disk Options Change the Timeout Option Remove a Virtual DiskVirtual Disk AppearanceFull Disk7980808080Single Slice Disk81Virtual Disk Backend OptionsRead-only (ro) OptionSlice (slice) OptionVirtual Disk Backend8181Exclusive (excl) Option818283Physical Disk or Disk LUN 83Export a Physical Disk as a Virtual DiskPhysical Disk Slice8384 Export a Physical Disk Slice as a Virtual Disk Export Slice 2File and Volume85Export a File as a Full Disk8586File or Volume Exported as a Single Slice Disk 8485File or Volume Exported as a Full Disk 7987Export a ZFS Volume as a Single Slice DiskExporting Volumes and Backward Compatibility8788Summary of How Different Types of Backends Are ExportedGuidelines89Configuring Virtual Disk Multipathing 8990Configure Virtual Disk MultipathingCD, DVD and ISO Images9192Contentsvii

Export a CD or DVD From the Service Domain to the Guest DomainVirtual Disk TimeoutVirtual Disk and SCSI9596Virtual Disk and the format(1M) CommandUsing ZFS With Virtual Disks9697Configuring a ZFS Pool in a Service DomainStoring Disk Images With ZFS9797Examples of Storing Disk Images With ZFS98 Create a Disk Image Using a ZFS Volume Create a Disk Image Using a ZFS File Export the ZFS Volume Export the ZFS File Assign the ZFS Volume or File to a Guest Domain989899Creating a Snapshot of a Disk Image 9899Create a Snapshot of a Disk ImageUsing Clone to Provision a New DomainCloning a Boot Disk Image99100100Using Volume Managers in a Logical Domains EnvironmentUsing Virtual Disks on Top of Volume ManagersUsing Virtual Disks on Top of SVM103103Using Volume Managers on Top of Virtual Disks104104Using SVM on Top of Virtual DisksUsing VxVM on Top of Virtual Disks104105Using a Virtual Network With Logical DomainsIntroduction to a Virtual NetworkVirtual Switchviii101Using Virtual Disks When VxVM Is InstalledUsing ZFS on Top of Virtual Disks7.99107107Logical Domains (LDoms) 1.1 Administration Guide December 200810710193

Virtual Network Device108Managing a Virtual Switch109 Add a Virtual Switch Set Options for an Existing Virtual Switch Remove a Virtual Switch109110111Managing a Virtual Network Device111 Add a Virtual Network Device Set Options for an Existing Virtual Network Device Remove a Virtual Network Device111112112Determining the Solaris Network Interface Name Corresponding to a VirtualNetwork Device 113 Find Solaris OS Network Interface Name113Assigning MAC Addresses Automatically or Manually114Range of MAC Addresses Assigned to Logical Domains SoftwareAutomatic Assignment Algorithm115Duplicate MAC Address Detection115Freed MAC Addresses116Using Network Adapters With LDoms 117Determine If a Network Adapter Is GLDv3-Compliant117Configuring Virtual Switch and Service Domain for NAT and Routing 114117Set Up the Virtual Switch to Provide External Connectivity to Domains118Configuring IPMP in a Logical Domains Environment119Configuring Virtual Network Devices into an IPMP Group in a LogicalDomain 119 Configure a Host Route121Configuring and Using IPMP in the Service DomainUsing VLAN Tagging With Logical Domains SoftwarePort VLAN ID (PVID)VLAN ID (VID)121122123123Contentsix

Assign VLANs to a Virtual Switch and Virtual Network DeviceUsing NIU Hybrid I/O8.125 Configure a Virtual Switch With an NIU Network Device Enable Hybrid Mode Disable Hybrid Mode128Migrating Logical Domains128129Introduction to Logical Domain MigrationOverview of a Migration OperationSoftware CompatibilityAuthentication129130131Migrating an Active DomainCPUs131131Memory132Physical Input/OutputVirtual Input/Output132132NIU Hybrid Input/OutputCryptographic Units133133Delayed Reconfiguration133Operations on Other Domains133Migrating Bound or Inactive DomainsCPUsPerforming a Dry Run134134Monitoring a Migration in ProgressCanceling a Migration in ProgressRecovering From a Failed Migrationx134134Virtual Input/OutputExamples129135135136136Logical Domains (LDoms) 1.1 Administration Guide December 2008127124

9.Other Information and Tasks139Using CPU Power Management With LDoms 1.1 Software139Showing CPU Power-Managed Strands in LDoms 1.1 Software List CPU Power-Managed Strands List Power-Managed CPUsEntering Names in the CLI140141142File Names (file) and Variable Names (var name)142Virtual Disk Server backend and Virtual Switch Device NamesConfiguration Name (config name)All Other NamesMachine-Readable Output143143143Show Syntax Usage for ldm SubcommandsFlag Definitions143147Utilization Statistic DefinitionExamples of Various Lists148148 Show Software Versions (-V) Generate a Short List Generate a Long List (-l) Generate an Extended List (-e) Generate a Parseable, Machine-Readable List (-p) List a Variable List Bindings List Configurations List Dev