Solaris 11

Visiting Oracle OpenWorld this october I´m getting in touch with Solaris 11 for the first time by taking the PreSales Specialist Assessment test and trying out different things on our test server. As beeing someone who has never been involved in system administrations befor it´s quite impressive for me to see, what it´s capable of as Solaris 11 is seemingly automizing many steps which had to be done manually before.

new pet project: network install Solaris 11 on Sun Fire T2000

We have an old T2000 Sparc Enterprise server that is not being used in production anymore. So the plan is to make it a Solaris 11 playground and test environment. The first step I took was to install the most current alom firmware. ALOM is quite different from the more modern iLom interfaces that come with all current Sun Servers. According to metalink the firmware was lust updated in May 2012 which impressed me since the server has been EOL since 2009. Continue reading

ZFS migration using incremental send/receive

We are currently migrating our internal systems from an older 2510 iSCSI Array to a brand new 7120 Unified Storage Box. We moved some filesystems like home directories from ZFS (over iSCSI) to NFS on the new box and performance with NFSv4 is a blast. Some of the other zpools were simply migrated to a new LUN shared via iSCSI from the new array. Fortunately, zfs makes these types of migrations very, very easy and possible with just a tiny bit of downtime even for large Volumes with a Terabyte of data (or more) spread across a numer of zfs filesystems. Continue reading

VDI Bootcamp Berlin

In dieser Woche fand in Berlin ein Bootcamp rund um die Desktopvirtualisierungssoftware Oracle VDI statt. Jaap Romers hat diesen Workshop aus Vorträgen und Demos zusammengestellt und wurde von Rolf-Per Thulin und Thomas Assum unterstützt. Veranstaltungsort war eine alte SUN-Geschäftstelle in Berlin Tempelhof, in der einige alte, mittlerweile leicht eingestaubte lila Schilder ein wenig wehmütig an vergangene Zeiten erinnerten.

Oracle hat remote eine Reihe von Servern und Storage zur Verfügung gestellt, auf denen Teilnehmer sich mit eigenen Notebooks verbinden konnten. Und so wurden in Demos und Labs Software installiert, Desktops gecloned und für die Verwendung in einer Windows Domäne vorbereitet, Cluster konfiguriert und anschließend maltretiert. Wenn etwas mal nicht gleich geklappt hat oder man schon immer eine Frage zu gewissen Funktionen hatte, war immer jemand greifbar, der Antworten kannte. Zwischendurch und als Ergänzung zu den Hand-On Aktivitäten gab es immer wieder kleine Vorträge der Experten, die einzelne Technologien und Optionen erklärten. Dabei waren Kollegen aus dem Engineering, Vertrieb und Presales stets für sämtliche Themen greifbar. Sein Netzwerk so erweitern und Pflegen zu können ist für Partner natürlich besonders wertvoll.

Das Format, in dem Labs und Vorträge gemischt werden gefällt mir sehr. Viele Fragen ergeben sich erst dadurch, dass man die Software tatsächlich selber benutzt, auch wenn man die meisten Funktionen eh schon täglich im Job benutzt. Umso mehr freue ich mich auch schon auf RAC Attack bei der UKOUG Konferenz im September, das im Grunde dasselbe Konzept darstellt.

Wer Interesse an den VDI Lösungen hat, kann sich auch auf der DOAG Konferenz in Nürnberg einige Sessions anschauen. Rolf-Per Thulin wird im Demo-Kino eine Fülle von Features präsentieren. Wer bisher noch keinen Kontakt mit Desktopvirtualisierung hatte, wird davon fasziniert sein. Thomas Assum spricht dann am Dienstag noch in einer Session über Best Practices und Implementierungen.

Ein interessanter Einstieg findet sich aktuell durch die Unterstützung vom iPad als Client, was ich vor einiger Zeit schon rudimentär getestet hatte. Jaap konnte dies live demonstrieren (über UMTS auf Servern im schottischen Solution Center). Wer nicht dabei war, schaut sich vielleicht dieses Video an.

VDI Windows on iPad

Yesterday, I took Oracle’s OVDC for iPad for a test drive. As expected, the installation was free an just as easy as with any other app. The setup offered a choice between automatic discovery and manual setup. I chose to enter the server IP manually since our wireless is on a different (but routed) network. There was another option for VPN but I did not take a closer look at that. I am wondering though if the client has it’s own VPN client or uses the iPad’s system-wide VPN.

Things were great from there. The app connected to my server and presented a sharp and crips image, things went smooth. A few things were a little annoying: I was not able to do a double-click. I can only assume that double-tapping too fast does not work and tapping too slow will let windows think that you want to rename the file or shortcut or whatever.
Also, the keyboard driver did not work as expected. When using special characters, things were weird with a US keyboard layout on the iPad but the keys were actually interpreted like on a german keyboard. Or the other way around.
Playing flash videos did not really go very well, the playback was pretty slow so I wouldn’t want to watch a full movie on it. I also tried the stream of a webcam at the office and this worked really well.

As a first impression i would say that the OVDC app is great for showing off your VDI setup and also for the occasional emergency task when you really need to have access to an excel file on the road. But it will propably not revolutionize the way you perform everyday desktop work. I also wonder if this will spark a new eco-system where Oracle partners rent virtual machines to regular people.
If I find the time, we will set up a demo system at the data center to see how this works over the internet and give test accounts to friends and family to see if this is something that is actually useful or just something that is only appreciated by true geeks.

Gute Neuigkeiten von VDI und Sun Ray

Heute ist wohl ein hervorragender Tag für Nutzer der Desktopvirtualisierungssoftware von SUN/Oracle. VDI ist in der Version 3.3 erschienen, und wir hatten bereits die Gelegenheit, diese zu testen. Die Administrationsoberfläche wurde etwas aufgeräumt. Vor allem aber wurde an der Performance geschraubt. So reagiert die Administration schneller und auch die virtuellen Maschinen laufen jetzt flüssiger und schneller. Außerdem wird jetzt neben Solaris auch Oracle Linux als Virtualisierungsplatform unterstützt. Das wird vielleicht die Hemmschwelle für Kunden senken, die bisher wenig Erfahrung mit Solaris hatten und trotzdem diese spannende Technologie kennenlernen wollen.

Brandneu ist ebenfalls der neue Software Client für das iPad! Ab jetzt kann man sich also den VDI oder Sun Ray Desktop auch auf das iPad holen. Das riecht nicht nur nach extremem geek-Spaß sondern macht sicherlich auch in Präsentationen der VDI Umgebung richtig was her.

Und dann habe ich noch gelesen, dass Oracle für das Design der dritten Generation von Sun Ray Clients einen Designpreis gewonnen hat. Die Geräte sehen auch wirklich gut aus, lassen sich einfach aufstellen (der Fuß wird jetzt nur noch geclippt statt geschraubt) und haben neuerdings einen Knopf, mit dem man die DTU von eh schon wenig Stromverbrauch in einen Standby-Modus schalten kann.

Modify service property in Solaris

This is nothing too exciting but it is something that I seem to alvais forget. So I am hoping that by writing it down once I might have a better chance to remember. Or at least remember where to look for pointers next time.

I was fiddling with ZFS auto-snapshots on a server. They were set up so that a daily snapshot was being kept for a month and I simply wanted to reduce that time to a week. I knew that this is set up through svc properties and could see this like this

bl3:~# svcprop auto-snapshot:daily
zfs/auto-include boolean true
zfs/avoidscrub boolean false
zfs/backup astring none
zfs/backup-lock astring unlocked
zfs/backup-save-cmd astring not\ set
zfs/fs-name astring //
zfs/interval astring days
zfs/label astring daily
zfs/offset astring 0
zfs/period astring 1
zfs/sep astring _
zfs/keep astring 31
zfs/snapshot-children boolean false
zfs/verbose boolean true
general/action_authorization astring solaris.smf.manage.zfs-auto-snapshot
general/value_authorization astring solaris.smf.manage.zfs-auto-snapshot
general/enabled boolean true
...

I knew I had to modify the zfs/keep parameter but I just could not remember how to modify these properties through svccfg. After 5 minutes of googling I found this nice summary and was able to put the pieces and syntax together:

bl3:~# svccfg -s auto-snapshot:daily
svc:/system/filesystem/zfs/auto-snapshot:daily> setprop zfs/keep=7
svc:/system/filesystem/zfs/auto-snapshot:daily> exit
bl3:~# svcadm refresh auto-snapshot:daily

Now I can only hope I remember the ‘-s’ flag to svccfg and setprop.

Oracle related podcasts worth listening to

My morning commute consists of a lot of traffic and I like to spend my time listening to all kinds of podcasts. Of course, I also tried most (if not all) of Oracle’s podcasts. Two of them stayed subscribed and I’d like to mention them here.

Servers, Storage, and Solaris talks about all aspects of former SUN products like sparc and x86 servers and blade systems, virtualization, Solaris and Storage technology. Some of them seem a little bit scripted by marketing people but it is still great to listen to engineers and product managers talk about their products.

The other one that stuck is Oracle Technology Network TechCasts. In this well-produced podcast series, Justin Kestelyn interviews or introduces people highly involved and enthusiastic with Oracle technology. Since OTN covers the whole array of products from hardware to applications, some of the topics may not be of interest to everybody. But the ones that cover interesting topics are full of valuable information and fun to listen to.

IPv6 in Solaris Zones

When we upgraded our datacenters to full native IPv6 we also began to enable IPv6 on our Solaris servers.

What works really well on global Solaris zones and on Solaris LDOMs can be a big pain on shared Solaris zones.

So what is the catch with Solaris zones? When you create a new Solaris zone you can add an IPv6 address easily the same way you add an IPv4 address but as you may know IPv6 needs a so called ‘link-local’ address to work properly or else IPv6 Neighbor Discovery won’t work.

We got 2 problems here. When you use an auto configured route on the global zone the shared zone will know about it (cause they share the network stack) but can’t use it since it is an link-local route and the shared zone don’t have an link-local interface. This problem can easily be avoided by setting a route to a global address in the global zone. Now the shared zone knows about the correct gateway but that is where we get to the second problem. The shared zone can neatly resolve the MAC address of the router via ND but the router can not resolve the MAC address of the zone via ND. When you snoop on the interface on the global zone you will see that the “neighbor solicitation” request arrives on the interface but somehow it is not answered.

So how do we get around the second problem? We have to add another IPv6 address to the shared zone – a link-local one. How does this usually look like? The link-local segment is fe80::/10. Usually the link-local address is generated on an per interface basis the following way: fe80::xxxx:xxxx:xxxx:xxxx/10 where xxxx:xxxx:xxxx:xxxx is the modified EUI-64 address. Since the modified EUI-64 address is already used by link-local interface in the global zone we have to come up with another address. In our case I just use the following address for our shared zones: fe80::xxxx/10. Where in this case xxxx is the last 32bit of our global IPv6 address of the zone. Lets assume our global IPv6 address for the zone is 2001:db8:0:113::133/64 this would make our link-local address for that zone fe80::133/10.

This is what a shared config zone with IPv6 global and link-local address could look like:

root@solaris10u9:~# zonecfg -z test info
zonename: test
zonepath: /zp01/zones/test
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
        dir: /sbin
inherit-pkg-dir:
        dir: /usr
net:
        address: 203.0.113.133
        physical: aggr1
        defrouter not specified
net:
        address: 2001:db8:0:113::133/64
        physical: aggr1
        defrouter not specified
net:
        address: fe80::133/10
        physical: aggr1
        defrouter not specified

With this setup we now got fully working IPv6 in Solaris shared zones.

Make sendmail on Solaris 10 listen to more than localhost

I was just installing a new sendmail server and once again stumbled across the default solaris config that will only bind this service to localhost. I knew this could be fixed somewhere in the svc properties but since this is not my daily cup of tea, I had to google this and it took me a few minutes. Anyway, this is what I came up with:

svccfg -v -s sendmail setprop config/local_only=false
svcadm refresh sendmail
svcadm restart sendmail

I found it at this blog.