Friday, January 20, 2012

MWAC in Global Zone

Solaris 11 has a new cool feature called Immutable Zones. Darren Moffat presented new features in Solaris 11 Zones at the last LOSUG meeting in London. Immutable Zones basically allow for read-only or partially read-only Zones to be deployed. You can even combine it with ZFS encryption - see Darren's blog entry for more details. The underlying technology to immutable zones  is called Mandatory Write Access Control (MWAC) and is implemented in kernel. So for each open, unlink, etc. syscall a VFS layer checks if MWAC is enabled for a given filesystem and a zone and if it is it will check white and black lists associated with a zone and potentially deny write access to a file (generating EROFS). The actual definitions for different default profiles are located in /usr/lib/brand/solaris/config.xml file. It is *very* simple to use the pre-defined profiles when creating a zone and it just works. Really cool. Thanks Darren for the great demo.

Now MWAC only works with non-global zones... at least by default. There is no public interface exposed to manipulate MWAC rules directly or to enable it for a global zone but it doesn't mean one can't try to do it anyway. DTrace, objdump, mdb, etc. were very helpful here to see what's going on. The result of having couple of hours of fun is below.

root@global # touch /test/file1
root@global # rm -f /test/file1
root@global # ./mwac -b "/test/file1"
MWAC black list for the global zone installed.

root@global # touch /test/file1
touch: cannot create /test/file1: Read-only file system
root@global # touch /test/file2 ; rm /test/file2
root@global #
Now lets disable MWAC again:
root@global # mwac -u
MWAC unlock succeeded.

root@global # touch /test/file1 ; rm /test/file1
root@global #
You can even use patterns:
root@global # mwac -b "/test/*"
MWAC black list for the global zone installed.

root@global # touch /test/a ; mkdir /test/b
touch: cannot create /test/a: Read-only file system
mkdir: Failed to make directory "/test/b"; Read-only file system
root@global #
Posted by at Friday, January 20, 2012 1 comments

Thursday, January 19, 2012

ReFS

Next generation file system for Windows: ReFS
It looks pretty interesting and promising. Something like ZFS lite for Windows.

"The key goals of ReFS are:
  • Maintain a high degree of compatibility with a subset of NTFS features that are widely adopted while deprecating others that provide limited value at the cost of system complexity and footprint.
  • Verify and auto-correct data. Data can get corrupted due to a number of reasons and therefore must be verified and, when possible, corrected automatically. Metadata must not be written in place to avoid the possibility of “torn writes,” which we will talk about in more detail below.
  • Optimize for extreme scale. Use scalable structures for everything. Don’t assume that disk-checking algorithms, in particular, can scale to the size of the entire file system.
  • Never take the file system offline. Assume that in the event of corruptions, it is advantageous to isolate the fault while allowing access to the rest of the volume. This is done while salvaging the maximum amount of data possible, all done live.
  • Provide a full end-to-end resiliency architecture when used in conjunction with the Storage Spaces feature, which was co-designed and built in conjunction with ReFS.
The key features of ReFS are as follows (note that some of these features are provided in conjunction with Storage Spaces).
  • Metadata integrity with checksums
  • Integrity streams providing optional user data integrity
  • Allocate on write transactional model for robust disk updates (also known as copy on write)
  • Large volume, file and directory sizes
  • Storage pooling and virtualization makes file system creation and management easy
  • Data striping for performance (bandwidth can be managed) and redundancy for fault tolerance
  • Disk scrubbing for protection against latent disk errors
  • Resiliency to corruptions with "salvage" for maximum volume availability in all cases
  • Shared storage pools across machines for additional failure tolerance and load balancing
"
Posted by at Thursday, January 19, 2012 1 comments

Wednesday, January 04, 2012

What is Watson?

You probably heard about Watson from IBM. Michael Perrone gave a very entertaining presentation on Watson at LISA. Enjoy.

Posted by at Wednesday, January 04, 2012 0 comments

Friday, December 30, 2011

Solaris 11 Source Code

It seems that Oracle has "published" S11 source code after all...
And a little bit more on the story.
Posted by at Friday, December 30, 2011 1 comments

Friday, December 16, 2011

From SunOS thru Solaris and OpenSolaris to illumos

Last week I attended LISA '11 conference and one of the great and fun presentations was Bryan Cantrill's talk titled "Fork Yeah! The Rise and Development of illumos".
See the video and the slides.

Also, if you are interested in the whole DevOps transformation watch Ben Rockwood's talk - see the video and the slides.

There were more interesting talks - you can find them at http://www.usenix.org/events/lisa11/tech/
Posted by at Friday, December 16, 2011 0 comments

Friday, November 11, 2011

Solaris 11 - hostmodel

Solaris 11 Express and now Solaris 11 have a new functionality which was long missing in Solaris. It allows to force an application which binds to a given IP address to only use a default gateway configured on the same subnet (hostmodel set to strong), or to prefer such gateway if exists (src-priority) or the default behavior which is to choose "randomly" (weak). This is very useful if you have an additional interface (10GbE for example) and you want a guarantee that all outgoing packets from all applications which bind to an IP address on that interface go thru that dedicated interface even if there are other default gateways on other interfaces/subnets.

From ipadm(1M) man page:

hostmodel (IPv4), hostmodel (IPv6)
Control send/receive behavior for IP packets on a multi-homed system. The value of hostmodel can be set to strong or weak, corresponding to the equivalent end-system model definitions of RFC 1122. In addition, a third value of src-priority is also supported. In the src-priority hostmodel scenario, a packet will be accepted on any interface, as long as the packet's destination IP address is configured and marked UP on one of the host's interfaces. When transmitting a packet, if multiple routes for the IP destination in the packet are available, the system will prefer routes where the IP source address in the packet is configured on the outgoing interface. If no such route is available, the system will fall back to selecting the “best” route, as with the weak ES case.
Posted by at Friday, November 11, 2011 0 comments

Friday, October 14, 2011

Live your life

Posted by at Friday, October 14, 2011 0 comments

Thursday, October 06, 2011

Oracle porting DTrace to Linux?

Apparently Oracle announced they will port DTrace to Linux. See comments from Adam Leventhal (co-creator of DTrace).
Posted by at Thursday, October 06, 2011 0 comments

Tuesday, August 16, 2011

KVM on Illumos

This is probably the first big feature/integration into Illumos. See also Bryan's slides on Experiences Portin KVM to SmartOS.
Posted by at Tuesday, August 16, 2011 0 comments

Friday, June 24, 2011

Cool Exadata Advert

Posted by at Friday, June 24, 2011 1 comments

Saturday, June 18, 2011

Ilumos Panel Session - Videos

A little bit too much of unnecessary bitterness towards Solaris 11 but other than that worth watching.

1 http://www.youtube.com/watch?v=NArlja-RXVA
2 http://www.youtube.com/watch?v=PBZRdojTik4
3 http://www.youtube.com/watch?v=lmvPJiYih80
4 http://www.youtube.com/watch?v=Gle4CU_lnls
5 http://www.youtube.com/watch?v=MyDaeQvp6O4
6 http://www.youtube.com/watch?v=eYxQO_OOcSQ



Posted by at Saturday, June 18, 2011 9 comments

Tuesday, June 07, 2011

Oracle Corporation on behalf of Dell, Inc

Out of curiosity I checked the Solaris 11 HCL list. One of the recently added entries is for Dell PE C1100 server and what caught my eye was:
Submitter Company: Oracle Corporation on behalf of Dell, Inc.
There are similar entries for other Dell servers and also for IBM servers (for example: HS22, HX5).
Then there are servers submitted directly by HP (for example: DL585 G7, BL680c G7).

This is a good signal that Oracle is behind Solaris on 3rd party x86 servers - good.
Posted by at Tuesday, June 07, 2011 2 comments

Tuesday, May 24, 2011

Stopping a thread

Solaris 11 Express allows to stop/resume a single thread - really cool!
See man pages for pstop and prun.
Posted by at Tuesday, May 24, 2011 0 comments

Monday, March 21, 2011

Solaris 11 Introduction Video

Posted by at Monday, March 21, 2011 0 comments

Wednesday, March 16, 2011

ZFS returns to MacOS?

http://info.tenscomplement.com
"We're not quite there yet — but we have some exciting products in development.  Our version of ZFS for Mac OS X, Z-410 Storage, started external beta testing last week.  Expect more announcements soon."

http://z410.tenscomplement.com
"Our foundational release of ZFS for Mac OS X is targeted at early adopters and those who can't wait to combine the world's most innovative operating system with the world's most advanced file system.
The initial beta evaluation program is in progress (thank you to those participating). We hope to have more product details soon. Those interested in participating in our future test programs can leave their email below."

Read about it also on ZDNet.
Posted by at Wednesday, March 16, 2011 0 comments
Subscribe to: Posts (Atom)