I spent a very long time today getting the ASF zones server patched for the recent sendmail vulnerability. The Sun Alert and the Interim Relief patch were simple enough except for the dependency on 118844-30 which again depends on a grub bootloader update. One thing lead to another (or should I say: one patch led to another) and with me playing it safe (the machine is 9 timezones away) and the mess of having to sort out patches by hand it all ended up taking 4 or 5 hours. I'm used to having support contracts in order and TLP/EIS at hand at work, so this ended up taking a lot more time than I expected.
With the day being more or less gone anyway, I decided that I might as well go ahead and implement
Fair Share Scheduling.
So far every zone got its own pool and each zone (except global) got the same number of shares. I doubt anyone will notice this change in their day to day running of things on the server, but in the case where something goes haywire and starts soaking resources, I hope the rest of the zones won't notice. I plan to let it run for a while and then see if there is a need for adjustment.
Tuesday last week I went to a Sun thing titled "Powering the Participation Age". Most of the day was spent chatting to Sun reps and listening to a couple of semi technical presentations. One of the presentations covered the T2000 servers and was quoting Colm MacCárthaigh's and his T2000 testing. Of course I couldn't keep quiet and had to mention that the numbers were probably far from what Colm would get in later testing and his latest posts adds about 1/3 by upgrading to Solaris Express, but the really amazing thing is that he gets better performance running Linux on the T2000!
Scott McNealy also made an appearance and did a very good job at explaining what Sun has been doing recently and why. For the first time, I began to understand where they're going and I'm not as worried as I used to be. Only time will tell wether they will succeed. As usual, Scott managed to make fun of the company that I won't be working for much longer, maybe I'm biased by having made the decision, but he wasn't far off the mark - if anything, things are probably worse than he joked about :)
Well, I guess this is as good a time as any to announce that I've integrated initial support for DTrace inside of Containers (a.k.a. non-global zones) as of Friday, Mar 24, 2006. This means that in future Solaris Express and Community Express builds (those based on Nevada B37 or higher), you can use a subset of DTrace functionality inside of non-global zones. Here's how to use this functionality: # zonecfg -z myzone zonecfg:myzone> set limitpriv=default,dtrace_proc,dtrace_user zonecfg:myzone> ^D # zoneadm -z myzone boot # zlogin myzone myzone# dtrace -l ... myzone# plockstat -Ap `pgrep startd` ... Note that either or both of the dtrace_proc and dtrace_user privileges may be granted to a zone, but dtrace_kernel may not be (zoneadm will enforce this). The lack of dtrace_kernel means that not every DTrace script will work, since kernel state is not available to DTrace inside of a zone; but we think this represents a good start. Additional virtualization work has been done to ensure that data from other zones is not visible inside the zone, and to ensure that the interactions with other relevant privileges (proc_owner and proc_zone) behave as expected. -dp
The whole thread is here.
I'm really looking forward to getting this in a release so that we can bring it onto the ASF zones server.
- ~7,500 bug fixes / RFEs (since S10)
- Sparc: RSA in the kernel is now about twice as fast as before
- x86/64: Much faster memmove, strcpy and more
- Networking: too many things to mention
- In kernel SSL proxy - not something I've been able to find much info on, but there's a few parameters for it in this SPECweb2005 config.
- Trusted Extensions
- 200 megabytes/sec (1.6Gbs) on x64/10Gbs gear
- Future: async RPC, request scheduling. wirespeed!
- x86/64: Many fixes and improvements in drivers and FMA
- rename, move, clone
- Attach, detach (migration)
- Future?: dtrace_proc and dtrace_user
- Future: dhcp and snoop support
- Xen support
There is a lot more, but these are just the features that makes this interesting to me with the day job and the bits of AMD based gear I run Solaris on outside of work.
I've just finished downloading the beta of Solaris 10 update 2. The list of new features is not
overly exciting, but that doesn't matter too much. Small driver updates, various iSCSI updates and
other bits and pieces seen in Solaris Express.
With a bit of luck, my new machine should be delivered tomorrow (it left SHG friday). While express and opensolaris can be fun, I want to give the beta a spin before getting back to work and a pile of sparc gear next week. Obviously it goes on the T2000, but maybe I can dig out an e25k domain or something.
« Previous Page -- Next Page »
- Andrew Godwin - What can programmers learn from pilots
- New blog software and layout
- Today I made it into Flickrs TwitterTuesday
- bread meatloaf recipe
- Osso buco
- XKCD gets close to the truth
- Open Source Days 2010
- Autumn has arrived
- Recipes - Sottofiletto di Manzo al Pepe Verde and Pere al Vino Rosso
- Nearby parks