Patching and Fair Share Scheduling

by Mads
April 15, 2006 at 00:22 | categories: sun, solaris, asf

I spent a very long time today getting the ASF zones server patched for the recent sendmail vulnerability. The Sun Alert and the Interim Relief patch were simple enough except for the dependency on 118844-30 which again depends on a grub bootloader update. One thing lead to another (or should I say: one patch led to another) and with me playing it safe (the machine is 9 timezones away) and the mess of having to sort out patches by hand it all ended up taking 4 or 5 hours. I'm used to having support contracts in order and TLP/EIS at hand at work, so this ended up taking a lot more time than I expected.

With the day being more or less gone anyway, I decided that I might as well go ahead and implement Fair Share Scheduling.
So far every zone got its own pool and each zone (except global) got the same number of shares. I doubt anyone will notice this change in their day to day running of things on the server, but in the case where something goes haywire and starts soaking resources, I hope the rest of the zones won't notice. I plan to let it run for a while and then see if there is a need for adjustment.

Sunny Day

by Mads
April 13, 2006 at 20:51 | categories: hardware, sun, solaris

Tuesday last week I went to a Sun thing titled "Powering the Participation Age". Most of the day was spent chatting to Sun reps and listening to a couple of semi technical presentations. One of the presentations covered the T2000 servers and was quoting Colm MacCárthaigh's and his T2000 testing. Of course I couldn't keep quiet and had to mention that the numbers were probably far from what Colm would get in later testing and his latest posts adds about 1/3 by upgrading to Solaris Express, but the really amazing thing is that he gets better performance running Linux on the T2000!

Scott McNealy also made an appearance and did a very good job at explaining what Sun has been doing recently and why. For the first time, I began to understand where they're going and I'm not as worried as I used to be. Only time will tell wether they will succeed. As usual, Scott managed to make fun of the company that I won't be working for much longer, maybe I'm biased by having made the decision, but he wasn't far off the mark - if anything, things are probably worse than he joked about :)

Dtrace support in non-global zones

by Mads
March 28, 2006 at 23:32 | categories: sun, solaris, asf

Dan Price has just announced support for dtrace in non-global zones. The mail went to dtrace discuss.

Well, I guess this is as good a time as any to announce that I've
integrated initial support for DTrace inside of Containers (a.k.a.
non-global zones) as of Friday, Mar 24, 2006.  This means that in
future Solaris Express and Community Express builds (those based on
Nevada B37 or higher), you can use a subset of DTrace functionality
inside of non-global zones.

Here's how to use this functionality:

        # zonecfg -z myzone
        zonecfg:myzone> set limitpriv=default,dtrace_proc,dtrace_user
        zonecfg:myzone> ^D

        # zoneadm -z myzone boot

        # zlogin myzone
        myzone# dtrace -l

        myzone# plockstat -Ap `pgrep startd`

Note that either or both of the dtrace_proc and dtrace_user privileges
may be granted to a zone, but dtrace_kernel may not be (zoneadm will
enforce this).  The lack of dtrace_kernel means that not every DTrace
script will work, since kernel state is not available to DTrace inside
of a zone; but we think this represents a good start.

Additional virtualization work has been done to ensure that data from
other zones is not visible inside the zone, and to ensure that the
interactions with other relevant privileges (proc_owner and proc_zone)
behave as expected.


The whole thread is here.

I'm really looking forward to getting this in a release so that we can bring it onto the ASF zones server.

Nevada at 37

by Mads
March 28, 2006 at 14:26 | categories: sun, solaris

Dan Price has a really interesting set of slides about Solaris Nevada and the features that are in it or on the way in the near future.
A few highlights:

  • ~7,500 bug fixes / RFEs (since S10)
  • Performance
    • Sparc: RSA in the kernel is now about twice as fast as before
    • x86/64: Much faster memmove, strcpy and more
  • Networking: too many things to mention
  • In kernel SSL proxy - not something I've been able to find much info on, but there's a few parameters for it in this SPECweb2005 config.
  • Trusted Extensions
  • NFS
    • 200 megabytes/sec (1.6Gbs) on x64/10Gbs gear
    • Future: async RPC, request scheduling. wirespeed!
  • x86/64: Many fixes and improvements in drivers and FMA
  • Zones
    • rename, move, clone
    • Attach, detach (migration)
    • Future?: dtrace_proc and dtrace_user
    • Future: dhcp and snoop support
  • Xen support
  • ZFS

There is a lot more, but these are just the features that makes this interesting to me with the day job and the bits of AMD based gear I run Solaris on outside of work.

Solaris 10 U2-beta

by Mads
March 27, 2006 at 21:18 | categories: sun, solaris

I've just finished downloading the beta of Solaris 10 update 2. The list of new features is not overly exciting, but that doesn't matter too much. Small driver updates, various iSCSI updates and other bits and pieces seen in Solaris Express.
With a bit of luck, my new machine should be delivered tomorrow (it left SHG friday). While express and opensolaris can be fun, I want to give the beta a spin before getting back to work and a pile of sparc gear next week. Obviously it goes on the T2000, but maybe I can dig out an e25k domain or something.

« Previous Page -- Next Page »