Monday, October 30, 2006

Thumpers - first impression

First Thumper is on for about 30 minutes :) There's S10 06/06 and 01/06 pre-installed. I chose 06/06 to boot, basic questions from sysidtool (locale, terminal type, etc.) - all on serial console by default - great. Then reboot I logged in on console and - 2x285 Opterons, 16GB RAM, 48x disks :) df -h and... by default there's already configured one pool named zpool1 which is collection of many smaller raidz groups. Well, first thing I just had to do was to run simple dd on that pool - 600-800MB/s of write performance and similar when reading :)
I recreated using the same disk for a one large stripe and got with single dd 1.35GB/s :) Not bad :)))))

Thumpers arrived!

Finally!

ps. Sun should definitely do something with their logistics - lately it just doesn't work the way it should.

Jim Mauro in Poland

This news is mostly for people in Poland so the rest of this entry will be in Polish.

W dniu 17 listopada (piatek) w godzinach 10:00-12:30 Jim wyglosi w biurze Sun Microsystems w Warszawie, ul. Hankiewicza 2, prezentacje:

Solaris 10 Performance, Observability and Debugging Tools and Techniques in Solaris 10

Prezentacja adresowana jest do administratoriw systemu, ekspertow od systemu operacyjnego Solaris i zagadnien wydajnosciowych, programistow oraz deweloperow aplikacji.

Uwaga - wymagana jest rejestracja za pomoca e-maila. Szczegoly w oficjalnym zaproszeniu.
Oficjalne zaproszenie znajdziecie tutaj.

Jim Mauro jest wspolautorem pierwszej ksiazki Solaris Internals, jak i dwoch najnowszych Solaris Internals Second Edition, Solaris Performance and Tools - kazdy kto powaznie zajmuje sie administracja systemem i/lub tuningiem aplikacji i systemu powinien te ksiazki miec w swojej biblioteczce.

Informacja o prezentacji jest rowniez na blogu Roberta Prusa, ktory to jest wspolorganizatorem spotkania.


ps. z nieoficjalnych informacji, byc moze uda sie rozlosowac powyzsze ksiazki w srod uczestnikow
ps2. jeszcze nie wiem czy bede

Tuesday, October 24, 2006

IP Instances

Sometimes it would be really useful to have separate routing table for a zone or being able to easily dedicate whole NIC to a zone (without assigning IP address or routing in a global zone). Well, there's actually a project call IP Instances which is going to address all these issues and more. If you want to know more about it then read here and here.

Tuesday, October 17, 2006

Dell RAID controllers

I've been playing with Dell PERC 3/DC RAID controller in v20z server + ZFS. There's external JBOD connected on one channel with several disks in it. I decided to configure each disk as an RAID-0 so basically I got 1-1 mapping. Then using ZFS I created a pool in a RAID-10 config. It turned out that creating RAID-10 entirely in HW doesn't offer any better performance so doing it in ZFS has two main advantages - one is I got much better data availability due to ZFS checksumming and second advantage is that I can connect that JBOD to simple SCSI controller and just import ZFS pool. I have actually checked it by pulling out a disk with a ZFS pool on it and then putting the disk in another JBOD with SPARC server and simple SCSI adapter and I was able to import that pool without any problems.

Now performance - it turned out that if I disable Read-Ahead and set Write-Thru mode with stripe size set to 128k I get best performance. Any more logic enabled on controller and performance drops. So in an essence I treat that RAID controller as a SCSI card (I would use SCSI card but I do not have one free right now).

By default Solaris recognizes PERC 3/DC controller out of the box. However you can't change any RAID parameters from within Solaris - you have to reboot server and go into RAID BIOS which is really annoying especially if you want to tweak parameters and see performance changes - it just takes lot of time. Additionally with setup described above (1-1 mapping, no redundancy in HW) if one disk fails you can replace it with another one (I dedicated one disk a hotspare) but you can't replace failed disk online 'coz in such a config you have to into RAID BIOS and tell it you have replaced disk. There's however another solution - Solaris used amr(7D) driver by default with PERC 3/DC. If you tell Solaris to use lsimega(7D) driver instead (which is also delivered with Solaris) then you can use LSIutils package which gives you monitoring and what is most important it gives you ability to reconfigure RAID card on-the-fly from within Solaris. The utility just works.

All I had to do in order to force system to use lsimega driver instead of amr was to comment out a line 'amr "pci1028,493"' in /etc/driver_aliases and add a line 'lsimega "pci1028,493"'. Then reboot a server (with reconfiguration). The hard part was to find LSIutil package - thanks to Mike Riley I downloaded it from LSI-Sun web page.

ps. it's great that Solaris has more and more drivers out-of-the box. I belive it would be even better if Sun would include utilities like LSIutil also.

Project Blackbox



According to story on The Register it has 250 Niagara boxes or x64 boxes and is cooled with water. There's also story on CNET.

update: it's official.

Friday, October 13, 2006

SecondLife on Solaris

Sun recently held a conference in SecondLife. Unfortunately there's no Solaris client - only Windows, Mac and Linux. Well, snv+49 has BrandZ, right? I downloaded Linux client logged to Linux zone and just started - it works very good and very fast! So all Solaris users - if you want to join Second Life go BrandZ :)

You can find Conference location here.

ps. Definitely forward over tcp to your X server in global zone rather than ssh x11 forwarding.

Thursday, October 12, 2006

BrandZ integrated into snv_49

Hi.

BrandZ project is finally integrated into snv_49. For all of you who don't know it means you can install Linux distribution in a Solaris Zone and run Linux applications. Those Linux applications run under Solaris kernel which means you can use Solaris Resource Manager, DTrace, ZFS, etc. For more details see BrandZ Overview Presentation. BrandZ are expected to be in Solaris 10 Update 4 next year. Right now you can get it with Solaris Express Community Edition and soon with Solaris Express.

Is it hard to install Linux in a zone? Well, below you can see what I did - create a Linux Zone with networking and audio device present for Linux. Basically it's just two commands!

# zonecfg -z linux
linux: No such zone configured

Use 'create' to begin configuring a new zone.

zonecfg:linux> create -t SUNWlx

zonecfg:linux> set zonepath=/home/zones/linux

zonecfg:linux> add net

zonecfg:linux:net> set address=192.168.1.10/24

zonecfg:linux:net> set physical=bge0

zonecfg:linux:net> end

zonecfg:linux> add attr

zonecfg:linux:attr> set name="audio"

zonecfg:linux:attr> set type=boolean

zonecfg:linux:attr> set value=true

zonecfg:linux:attr> end

zonecfg:linux> exit

# zoneadm -z linux install -d /mnt/iso/centos_fs_image.tar.bz2
A ZFS file system has been created for this zone.

Installing zone 'linux' at root directory '/home/zones/linux'

from archive '/mnt/iso/centos_fs_image.tar.bz2'


This process may take several minutes.


Setting up the initial lx brand environment.

System configuration modifications complete!

Setting up the initial lx brand environment.

System configuration modifications complete!

Installation of zone 'linux' completed successfully.

Details saved to log file:

"/home/zones/linux/root/var/log/linux.install.10064.log"


#

Thursday, October 05, 2006

How to fork/exec in an efficient way

I've just found good article on developers.sun.com about "Minimizing Memory Usage for creating Application Subprocesses" - it explains why posix_spawn() interface introduced in Solaris 10 is better than fork/exec approach many developers still use. There's also good section on Memory Overcommiting.

SMF management for normal users

Let's say you have your in-house developed applications under SMF. Now you want to give some users (non-root) ability to restart those applications but only those applications. You do not want to give any other privileges. With SMF it's really easy. You can do it per application instance or for entire group, etc.

1. Add new authorization

# grep ^wp /etc/security/auth_attr wp.applications:::Manage WP applications::

2. Add new property to each SMF service you want to give access to restart/enable/disable

# svccfg -s wpfileback setprop general/action_authorization = astring: wp.applications

With only that property user won't be able to change service status permanently - he/she will be able to
restart or temporarily disable/enable given service (wpfileback in above example). If you want to give
ability to permanently change service status you also need to add:

# svccfg -s wpfileback setprop general/value_authorization = astring: wp.applications

3. Add new authorization to user

# usermod -A wp.applications operator

You can also manually add authorization by editing /etc/user_attr. After above command the fill is:
# grep operator /etc/user_attr operator::::type=normal;auths=wp.applications


Now if you login as user operator you will be able to disable/enable/restart application wpfileback.

Additionally it's useful to give for example developers not only ability to restart their application but also to use dtrace. In order to achieve it add two privileges to user.

# grep operator /etc/user_attr
operator::::type=normal;auths=wp.applications;defaultpriv=basic,dtrace_proc,dtrace_user


Now user operator not only can restart/stop/start its application but also can use dtrace to find problems.

There're also many authorizations and profiles which come with Solaris by default. For example if you add for given user profile 'Service Operator' then you give ability to restart/enable/disable all SMF applications.

All of these possibilities without giving her/him root account.

For more information see smf_security(5) rbac(5) privileges(5)

Wednesday, October 04, 2006

Thumpers are coming...

or not?

Ehhhh... great technology which you can order and then wait, and wait, and wait, and... nobody can actually tell you for sure how much longer you have to wait. So we're waiting...