Thushan Fernando Uncut

Earlier today, we had the announcement for OpenIndiana. Aimed to be the de-facto OpenSolaris Distribution that tries to be binary and package compatible with Solaris 11 & Solaris 11 Express. Its apart Illumos Community with 20 core developers providing (eventually) a stable branch with 100% free & open source distribution.

Not only that, you can also download a ready baked OpenIndiana distribution (based on ou_147) or if you’re like me and still using OpenSolaris DEV snv_134, you can upgrade via the IPS management tools. Having said that though, I’m not going to rush and upgrade my zeus box anytime soon as it will take time to settle in, but you can take the baked ISO’s for a spin in a VM I have found a few references to OpenSolaris still there and there is currently no xVM Xen (dom0) support nor lx (Linux) branded zones. Not to worry, keep an eye out on the roadmap and release schedule for what they’re going to deliver.

You can get a copy of the OpenIndiana announcement presentation slides as well or follow @openIndiana on twitter. Otherwise, see the Getting Involved guide on the OpenIndiana Wiki and join in!

In a way, its good to know that the beloved OpenSolaris will still live – thanks to the community, but at the same time, how long that community will be turned on by developing and maintaining it will be interesting – though other forks of OpenSolaris are backing it (via Illumos) – like Nexenta and Schillix which has just released a version based on Ilumos. All in all, WATCH THIS PROJECT!

Just upgraded a friends OpenSolaris boxen to SNV_134 (latest available from the OpenSolaris dev repository) and after rebooting we realised we couldn’t SSH into it.

Server refused to allocate pty

DOH! This is caused by a known bug that has been around for a few builds now.

You’ll need to modify /etc/minor_perm and add the following to the bottom of the file.

clone:ptmx 0666 root sys

And what happens if your terminals don’t accept keyboard input? You could drop back into the shell *or* be lazy like me, find gText editor in your Accessories, add it to the panel and change the properties to run it as a privileged user:

pfexec gedit %U

Then run the file, open the /etc/minor_perm file, save and reboot. Make sure you change back the shortcut path

Most excellent cheatsheet for OpenSolaris.

What a whopper of a weekend, Sun has ratified Java EE 6 and also released Glassfish 3 and NetBeans 6.8 to celebrate. If that wasn’t enough JetBrains has also released TeamCity 5!

You can read all about the Sun releases on InternetNews and catchup with whats new in Java EE 6 Overview from Suns site.

Next weekend its time to move Confluence & Jira (Glassfish 2) and TeamCity 5 (Tomcat) to Glassfish 3 in a opensolaris zone and see how things progress. Did I mention I love the zones in OpenSolaris?

I’m really enjoying using OpenSolaris as our server / NAS at home, its a different ball game to Linux but an interesting one never the less. One of the cool features of Solaris are the Solaris  Zones (or Solaris Containers). Zones are an implementation of operating system-level virtualisation where the kernel isolates multiple instances of the user-space available. Something like chroot but so much more. Unlike running under a hypervisor (like VMWare or VirtualBox), Zone’s have very little (if any) overhead.

As I’ve come to realise, because of the way Solaris works in general, you can have multiple (isolated & secure) Zones for each application service exposed by the server – eg. one for Tomcat, one for Glassfish, maybe both Apache 1.3.x and 2.x, MySql, Postgres etc. Whats more, you can limit how much resources these Zones can utilise. They all have their own configuration including network routing (coupled with OpenSolaris Crossbow) and you can make for one kick ass setup that won’t break another area of the operating system.

In the Zones.

Here’s a guide on setting up a new Zone in OpenSolaris, configuring it and booting it.

Me Against the Music, its all in the global zone

When we first install OpenSolaris we’ve already got ourselves into a zone (the parent to all other zones) which is known as the global Zone.

You can find this by trying out the following to list all the available zones on a virgin install of OpenSolaris.

opensolaris# zoneadm list -vc
 ID NAME             STATUS     PATH                           BRAND    IP
 0 global           running    /                              native   shared

The output will be something like above. Now we can go about creating ourselves a zone for playing around in.

When working with zones, we only need to worry about three commands (damn I love that!). The zoneadm command to manage the physical zone, zonecfg command for configuring the zone and zlogin to login to the zone from the global zone.

First we have to do a bit of planning and thinking about what we’re going to do about this zone.

Here are few things to consider:

• What do you want to run in the zone?
• Will it need networking and have it exposed outside of the machine?
• Where will the zone reside on your disk?
• Would you like to limit the amount of CPUs the zone can see?
• Would you like to limit the amount of RAM the zone can utilise?
• Do you want to automatically boot the Zone when OpenSolaris starts?

For this post, we’re going to create a simple Zone (we won’t install anything).

Toxic Zone

Creating a zone we specify a zone to the zonecfg command.

opensolaris# zonecfg -z toxic

You’ll get something like this appearing because teh zone doesn’t exist, thats fine.

toxic: No such zone configured
Use 'create' to begin configuring a new zone.

Then you will be inside the zonecfg configuration.

Lets configure this zone to have the following:

• Reside in /base/zones/
• Autoboot with OpenSolaris
• Shared IP of 192.168.0.24 bound to physical interface e1000g1

Follow me:

zonecfg:toxic> create
zonecfg:toxic> set zonepath=/base/zones/
zonecfg:toxic> set autoboot=true
zonecfg:toxic> add net
zonecfg:toxic:net> set address=192.168.0.24
zonecfg:toxic:net> set physical=e1000g1
zonecfg:toxic:net> end
zonecfg:toxic> verify
zonecfg:toxic> commit
zonecfg:toxic> exit

This will create the configuration, verify, write it and exit. You can verify it was created by running the list command again:

opensolaris# zoneadm list -vc
ID NAME             STATUS         PATH
0 global           running        /
- toxic            configured     /base/zones

Its currently in a configured state, you can read more about the Non-Global State Model in the documentation. Next thing to do is to install the zone – this will get the base packages setup and configured for use.

opensolaris# zoneadm -z toxic install

Everytime, boot her up.

Next lets boot this bad baby up.

opensolaris# zoneadm -z toxic boot

Now if we do a list again we’ll see that our state has changed to running.

opensolaris# zoneadm list -vc
ID NAME             STATUS         PATH
0 global           running        /
- toxic            running        /base/zones

Now we have to configure the zone itself – just like a real machine. For this we use the zlogin command to login to the zone console.

opensolaris# zlogin toxic
[Connected to zone 'toxic' pts/5]
Last login: Sat Nov 21 17:52:43 on pts/5
Sun Microsystems Inc.   SunOS 5.11      snv_127 November 2008
root@toxic#

After that we’re now in the toxic zone. Anything we do inside here, stays within this zone and won’t affect our global or other zones. But before we continue we really should configure our networking.

First lets modify our /etc/nsswitch.conf file with vi.

...
passwd:     files
group:      files
hosts:      files dns
ipnodes:    files
networks:   file
...

Make sure the hosts entry has dns as above. Next we need to configure the nameservers.

toxic# echo 'nameserver 192.168.0.254' > /etc/resolv.conf

That will create a resolv.conf file with the nameserver which you can get from the global zone as it would be different for everyone:

opensolaris# cat /etc/resolv.conf
nameserver 192.168.0.254

Breath on me, reboot the zone.

Now we can access the networking like the global zone. So you can do a package refresh and update-image too.

toxic# pkg refresh && pkg image-update

If it succeeds we have correctly setup our zone and its ready for use – you may want to reboot the zone however. To do this, exit the toxic console.

toxic# exit
logout

[Connection to zone 'toxic' pts/5 closed]
opensolaris#

Then lets reboot the zone.

opensolaris# zoneadm -z toxic reboot
opensolaris# zlogin toxic
[Connected to zone 'toxic' pts/5]
Last login: Sat Nov 21 17:58:44 on pts/5
Sun Microsystems Inc.   SunOS 5.11      snv_127 November 2008
root@toxic#

Outrageous, removing the zones.

Now how about removing this zone and trying again? First get out of the zone console and back to your global zone. Issue the halt command to shutdown the zone.

root@toxic# exit
opensolaris# zoneadm -z toxic halt

Once stopped simply remove it.

opensolaris# zoneadm -z toxic uninstall
opensolaris# zonecfg -z toxic delete

You can make sure its gone by using the list command. That’s all there is to it!

Now you can consider yourself, In The Zone.

If you’ve been reading this blog a couple of things are clear, I don’t like Apple much and I have a soft spot for file-systems. An article was posted on the IBM DeveloperWorks site that covers two file systems; NiLFS(2) and exofs that has some great information about these two beasts.

Linux® continues to innovate in the area of file systems. It supports the largest variety of file systems of any operating system. It also provides cutting-edge file system technology. Two new file systems that are making their way into Linux include the NiLFS(2) log-structured file system and the exofs object-based storage system. Discover the purpose behind these two new file systems and the advantages that they bring.

Read the full article on the Next-generation linux filesystems, there was an article on LWN.net a few years back discussing the (then emerging) Btrfs and NiLFS and how things may pan out. I’m quite happy and content with ZFS but in either case it’ll be interesting to see how all three go.

ZFS now has deduplication support which is as easy as just setting a property on the file system.

$ zfs set dedup=on tank/src

Read Jeff Bonwick’s (the supremo source for ZFS) article as it covers everything you’d ever want to know about what deduplication is and the various strategies behind it. Can’t wait for it to be implemented in OpenSolaris 2010.02 its already been integrated into the ON source base.

Whilst on the subject of ZFS, there was a very good article posted on OSNews recently regarding the lack of fsck for ZFS, it gives you a very good overview of ZFS, what COW really implies, how it differs from journaling filesystems found in Linux and ofcourse regarding fsck.

And to compliment it all, a deeper look at the RAID-Z on disk format in ZFS. Light reading for Melbourne Cup Day!

Now that I’ve decided what I want out of the server (and the hardware I’ve got), its time to workout what operating system to run the system on. Currently, ZEUS is running on Ubuntu Gutsy (7.10) which is running LVM with an XFS volume holding approximately 2.5Tb worth of data. There’s a cron job that defrags the XFS volume to keep things in order.

The Operating System

As the operating system is no longer maintained (my oversight into how long it would survive) I have to find an OS that supports the hardware platform without hacky hacky bits (and by this I mean avoiding buggy ACPI and issues with the NForce4 chipset and IRQ problems) and has a file system that will benefit long term.

There were a few considerations:

• Ubuntu 8.04.x LTS
  I like Ubuntu, I’m comfortable with the user land and find the Debian package system (in particular the dependency resolving) most impressive. Hardware is well supported and 8.04.3 (at the time of writing) boots on the hardware I originally selected (Intel) and the new configuration I recently selected (AMD). I could most definitely use Ext4 but the problems with data-loss (which I’ve reproduced on several occasions on desktop machines) scare me.FileSystem: I’d have to adopt either XFS or Ext4 on an LVM to factor in future-proofing, maybe get some fakeRAID happening for redundancy.
  Installation: comes with a Server edition that’s bare bones allowing it to be a minimalistic installation which is always nice!
• Ubuntu 9.04
  Initially when I started to rebuild Zeus back in April I wanted to use Ubuntu 9.04, I was really excited about Ext4 and the promise of a brand-spanking new file-system and what it would bring to the table. Unfortunately after using Ext4 with 9.04 I’ve come to realise its probably not the wisest to trust your data with it just yet – unless you get yourself a UPS! Laptop seems to be chugging nicely though.Installation: Like LTS, comes with a Server edition that’s bare bones allowing it to be a minimalistic installation which is always nice! (copy/paste!) Unfortunately picking 9.04 when 9.10 is just around the corner is not going to be ideal, I’ll be stuck with where I am right now in a year or so.

• CentOS 5.3 or wait for CentOS 5.4 coming soon!
  CentOS is based off Redhat Enterprise Linux and having only started using CentOS after joining HSD (though my first splash in Linux was with Bowtie Redhat Linux 6.0 – I still have the CD!) I find the RHEL clone to be stable and solid as a rock! CentOS 5.4 will (thanks to RHEL 5.4) bring some KVM goodness that is a high priority on my list.

  FileSystem: Ext4 is not in the RHEL5 stream (have to wait for RHEL6 – which is a good thing!) so the best bet here is to use XFS with LVM.
  Installation: Customised via kickstarts or setup a cobbler server to install via PXE.

• OpenSolaris
  OpenSolaris has some really exciting technologies that are worth a look at, but in particular is ZFS. ZFS breaks all the rules – and for a good reason. I’ve yet to really use Solaris – quite cosy with Linux, but there’s nothing like getting used to another OS by jumping straight into the deep end!

  FileSystem: ZFS all the way baby!
  Installation: Installation is via a LiveCD, I’ve looked into customising the installation so it removes some bits I don’t which I’ll discuss later but its quite fiddly.

So in case the sudden influx of OpenSolaris posts didnt give you the hint, I decided on OpenSolaris to power the new iZeus 2.0, actually no that sounds lame, zeusy will be the new ZEUS until ZEUS is retired in which case zeusy becomes zeus (confused?).

Why ZFS?

ZFS is one of those file-systems you look at and think, wow! Why didn’t anyone else think of that before?

• Very simple administration – you only use two commands, zpool and zfs.
• Highly scalable – 128-bit means we can hold 16 exabytes or 18 Million terabytes worth of data! More porn for you! XFS can no doubt handle the TBs we use for our home boxes now, but no-chance you can get the performance or benefits of ZFS in Ext3/Ext4 or XFS.
• Data integrity to heal a filesystem (no fsck’ing around!) – 256bit checksuming to protect data, if ZFS detects a problem it will attempt to reconstruct the bad block and continue on its merry way (utilising available redundancy)
• Compression – you can elect to compress a particular file-system or a hierarchy just by setting one command! I’m thinking things like logs here.
• No hardware dependency – JBOD on a controller, let ZFS maintain the RAID volumes in software. Checkout Michael Pryc’s crazy adventure with ZFS using USB thumb drives and Constantin’s original voyage with USB drives! RAID-Z is essentially RAID-5 without the write-hole problems has plagued it if power is lost during a write, it can also survive a loss of a drive (with RAIDZ-2 you can loose two drives).
• Happy snaps for free! Snapshot (a live) file-system as many times as you like, again one easy command. Its like that tendency to hit {CTRL+S} when your working in Windows from back in the days of Windows 9x, snapshot regularly!

So ZFS sounds much like marketing spiel right now, best thing since sliced bread, cooler than a cucumber, and you’d be right it is cool and the best thing since filesystems came to being. Over the coming days I’ll post some more on my musings with ZFS – keeping in mind that I’m still learning these things. It helps to have lots of hardware to play with, but even if you don’t, you can knock up a virtual version of OpenSolaris in VirtualBox, create some virtual disks and try it out.

There are a few caveats that I’ve come across though using ZFS, one is memory! ZFS will try and cache as much data as it can in RAM, so if you have 8Gb of RAM (as I have in this box) it will happily use as much of it as it can afford. Rightfully so, I was getting ~96MB/s transfering a 16Gb MPEG from one box to the other over our Gig link (thats from one end of the house to the other!) mind you this was just a test configuration using 2x 74Gb Western Digital Raptors (WD740ADFD) in a RAID-0 style hitting a single 150Gb Western Digital Raptor (WD1500ADFD). They could have gone much higher, but I was happy with that.

There are also (as of writing) no recovery tools for ZFS, but these are slated to arrive soon (Q4 2009) which is quite scary after you read this post about a guy loosing 10Tb worth of data, however a possible revert to an older uberblock may fix some problems.

Virtualisation

Initially I wanted to concentrate quite a bit on Virtualisation, I tried Xen on OpenSolaris. It was quite easy to setup a Xen Dom0 in OpenSolaris but with the 2009.06 release you had to tweak the Xen setup a bit. I wasn’t too enthusiastic about using Xen after seeing the performance lag in Windows in my musings. Instead I’m opting for my crush, VirtualBox.

So why use VirtualBox when you can get a bare-metal hypervisor? Firstly, performance seems to be sluggish with Xen for me (I didn’t investigate this too much), secondly I want to be able to run the latest and greatest OS’s out without worrying about upgrading Xen (I’m a sucker for OS’s!). VirtualBox development has accelerated at a feverish pace, I started with VirtualBox 1.3 in 2007 and its come an insanely long way since then. When a new release comes along, its as easy as updating VirtualBox and getting all the benefits. Plus with SunOracle‘s backing of VirtualBox you know things are going to work well on OpenSolaris, the Extras repository of VirtualBox makes it as easy as doing a pkg update.

I’m still quite intrigued by the way KVM is heading and how it will pan out, but for the future zeus, it will be VirtualBox.

I’ve been messing about with OpenSolaris (you’ll know why soon!) and decided to install the OpenSolaris Extras repository so I can grab the latest VirtualBox install from the repository. This repository has the following packages (as of writing) and is recommended if you plan on using VirtualBox:

NAME (PUBLISHER)                              VERSION         STATE      UFIX
SUNWadmj (extra)                              0.5.11-0.111    known      ----
SUNWjsnmp (extra)                             0.5.11-0.111    known      ----
SUNWwbapi (extra)                             0.5.11-0.111    known      ----
SUNWwbcou (extra)                             0.5.11-0.111    known      ----
SUNWwbdev (extra)                             0.5.11-0.111    known      ----
develop/java/javafx-sdk (extra)               1.2.0.233-0.111 known      ----
service/compute/sungridengine (extra)         6.2.2-0.111     known      ----
service/compute/sungridengine/arco (extra)    6.2.2-0.111     known      ----
service/compute/sungridengine/domainmanager (extra) 6.2.2-0.111     known      ----
system/font/truetype/ttf-fonts-core (extra)   1.0-0.111       known      ----
system/iiim/ja/atok (extra)                   17-0.111        known      ----
system/iiim/ja/wnn8 (extra)                   8-0.111         known      ----
virtualbox (extra)                            3.0.8-0.101     known      ----
virtualbox/kernel (extra)                     3.0.8-0.101     known      ----
web/firefox/plugin/flash (extra)              10.0.32.18-0.111 known      ----

So what do you need to get these freebies? (source help)

• Register if you haven’t already with Sun, otherwise login to your Sun Online Account get your certificates.
• Download the Key and Certificate files onto your desktop. They are named OpenSolaris_extras.key.pem and OpenSolaris_extras.certificate.pem respectively.
• Now we need to create a directory in /var/pkg to store the certificates – ensuring they have the correct permissions. Then we’ll add them to the folder.

  $ pfexec mkdir -m 0755 -p /var/pkg/ssl
  $ pfexec cp -i ~/Desktop/OpenSolaris_extras.key.pem /var/pkg/ssl
  $ pfexec cp -i ~/Desktop/OpenSolaris_extras.certificate.pem /var/pkg/ssl

• Then we add them to our configuration.

  $ pfexec pkg set-authority \
      -k /var/pkg/ssl/OpenSolaris_extras.key.pem \
      -c /var/pkg/ssl/OpenSolaris_extras.certificate.pem \
      -O https://pkg.sun.com/opensolaris/extra extra

• To test the above worked get a list of the packages in the repository with the command below. Your output should be similar to mine above.

  $ pkg list -a 'pkg://extra/*'

Now make sure your datetime settings are valid when you do the above, as I found mine was a little out of date and raised a few python exceptions.

After a bit of digging around, my original spec’d hardware I’ve decided is too much for a boxen that will be on 24×7, especially with the rates for electricity going up next year – every little Watt counts. The existing 65W CPU isn’t ideal, instead I’m opting for a 45W CPU instead and this means – looking at the lineup, its going to be a walk down AMD way. Less watts, less heat and less noise, noice! See AMD’s product roadmap for 2010-2011.

The original specifications I mentioned were:

• Motherboard: ASUS P5QL-PRO
• CPU: Intel Core-2 E6750 – 2.66Ghz (65W TDP, VT)
• RAM: Corsair TWIN2X4096-6400C5 (4Gb kit x 2 = 8Gb)
• Graphics: ASUS 9400GT PCI-Express

I’ve decided to change the CPU and Motherboard but keep the other bits and bobs – I could loose the graphics card and go onboard but I felt like leaving it there for now. The target budget is $250 maximum for both CPU+Mobo, so this means I’m sticking with DDR2 which implies AM2+ but it must also satisfy:

• CPU has to be 45W and be atleast 1.6Ghz, dual core no more, has to support Virtualization.
• Motherboard has to Support 8Gb (most boards doo!),  have atleast 2x  PCIe and a PCI slot, it would be nice if the network cards work (gigabit) but no fuss if it doesnt. No crazy shebangabang Wifi, remotes etc bling and if it has onboard Video great, otherwise its OK to use a crappy card.

I picked the AMD Athlon X2 5050e CPU because it was cheap (~$80), supports a 45W, has virtualisation and is an AM2. Next was the motherboard, looking at the ASUS, Gigabyte & XFX models as my target.

Chipset wise only the following fit the criteria for a possible match because others just don’t have the number of SATA ports available onboard. Primarily AMD boards are supplied by NVIDIA or AMD themselves.

• NVIDIA nForce 750a SLI
• NVIDIA GeForce 8200
• NVIDIA GeForce 8300
• AMD 790X Chipset

Initially I looked at the ASUS  boards (they’ve been nothing but rock solid for me in the past) but after a lot of research scouring through the manufacturer sites I ended up picking out the Gigabyte GA-MA790X-UD4P which is based on the AMD 790X Chipset. The board came with 8x SATA Ports, 3x PCIe and 2x PCI and a  Gigabit NIC all for a $137 from PCCaseGear. Not only was the power consumption lowered but the noise and heat generated was substantially lower too!

Coming in close was the ASUS M4N78 PRO or the ASUS M4A78 PRO, each of those unfortunately didn’t have as many SATA ports (2-less) nor the PCIe ports (1-less).