OpenIndiana is the Default

Well, that was easy. My server now boots into OpenIndiana by default. The look and layout is very similar to Ubuntu. One slight gripe is that the OpenIndiana installer has clobbered the original grub, which gave me the choice of booting Ubuntu from another partition. Now I will have to go and reconfigure it to give me dual boot back.

I half expected that to happen since it is typical behaviour of any O/S installed to put it’s own boot loader down. It would be nice however if the installer warned it was going to to this.

It’s nice to be able to have a platform to play with ZFS etc. especially since I haven’t used Solaris (or even Unix) much recently. I have been very happily implementing private clouds, proofing AD RMS, streaming Windows applications with Numecent Jukebox and designing VDI solutions. First things first though…Grub documentation.

OpenIndiana Again

Having a relatively free evening, I am installing OpenIndiana on a partition of my lab Shuttle. The browser I am using to type this in is running from the install DVD. So far it has been a piece of cake and I have just noticed it has finished and is asking for a reboot. Back soon…

IPS for OpenIndiana and Solaris 11 – UKOUG March

I went to the March LOSUG / UKOUG where Chris Ridd gave a (long) talk about IPS – Image Packagaing System for OpenIndiana and Solaris 11. I have not used IPS so I was interested to see how it differed from the old pkgadd system I am familiar with.

He started out by saying there were little or no design docs for IPS but there are some blog postings by Stephen Hahn, Bart Smaalders and Tim Foster about the original ideas. Unfortunately I have not had time to look for or read them.

The comment was telling though as the impression I got at the end was that IPS was a system which lacked exactly that: a design. As a result, as Chris pointed out, the terminology is odd and key functionality is missing. Security, for example. As I understood it, the main conceptual difference is that unlike other packaging systems there is no “package” as such. What you make is a config file which describes the content, including metadata and how to get the files you need from a repository.

Until I play with it (which might be a while!) I’m not going to pass judgement. It was too much new information for me to absorb in one sitting.

LOSUG – UKOUG September – and other things

LinkedIn helpfully tells everyone it is 99 days since I wrote a blog post. Thanks LinkedIn. A few non-IT projects have been in progress (and summer holidays as well).

On the IT side, I have recently managed to download ESXi5.0 and install it easily on a USB stick. I’ve imported guests from my datastore and got the appliance based virtual center running. All very easy, I am happy to report!

Touching on IT, I have built a VM and installed Magento e-commerce web shopping software for a related project.

For a client, I have written a few simple load generating scripts in perl to help testing a virtual environment. It’s not as easy as you think to generate memory load. Just assigning a large chunk of RAM doesn’t work as the host operating system (Linux in this case) notices the memory is not being accessed and pages it out over time. You can see it happening in a nice graph in virtualcenter. ESXi will probably try to do something clever too, even if the O/S doesn’t. To keep RAM in use, you need to continuously access it, which I did with random accesses into an array.

I made it along to the September OpenSolaris User Group meeting where Nick Todd gave a talk on the Solaris linker and Alastair Lumsden gave an update on the OpenIndiana project (which I am downloading now).

Nick’s talk was entitled “The Missing Link”. Apt, as we all tend to take that step for granted but there’s a decent amount of engineering in there. It was interesting to note that even in the days of card decks, you nearly always had to “bracket” your deck with pre- and post- instructions to tell the machine what to do with your deck. That concept lives on in the elf file format where executable code is prefixed by crt1 and crtn code.

There are two main aspects of linking: the link editor and the runtime linker and a set of Solaris commands to aid development and debugging, not least of which is “elfdump”.

This talk was fascinating, not least because it simply reminded us that this goes on and contained plently of tips and places for further reading. (I will insert links when I get them).

Alastair gave an update on OpenIndiana (1 year old!) and the upcoming 151a stable release. OpenIndiana is based on Solaris 11 express and Illumos but future releases will fork from Oracle and enable innovation and new features. KVM has been added and GCC will be used as a compiler. The combination of these various technologies: KVM, Qemu, Illumos, ZFS, Crossbow, Zones, Dtrace is a potent mix.

Not least the consideration that the source code is freely available and if you are serious about security there is no substitute for examining and compiling the code yourself. Particularly with recent hacks against the Linux kernel.

LOSUG September

I attended the Oracle LOSUG meeting on September 15th to hear a talk from Phil Kirk on Zones and Crossbow.

I also took the opportunity to meet Alasdair Lumsden (who has set up openindiana).

I scribbled down a few notes to help jog my memory.

HISTORY

  • Zones were never meant to be like VMs. They were designed as a process container.
  • Zones have a shared I/P stack and routing.
  • There is (typically) a separate I/P alias per zone.
  • IPMP works.
  • Config is done from the global zone.
  • IPfilter works (v4).
  • DHCP, IPsec, raw sockets don’t work.

Some problems with zones:

  • Non-global routing is affected by global routing table. (Some examples).
  • Using a null route is often used to add a gateway entry but this is where global routing table changes can break zones.
  • Default routes are selected round-robin.
  • defrouter option in the zone config just does a route add (nothing clever in the kernel).
  • inter-zone traffic can be forced to go over the wire. Normally it would go via loopback for efficiency but some sites require audit/logging of traffic.

NOW

  • Each zone gets its own I/P stack.
  • Config is done in the zone.
  • Lots of zones need lots of NICs.
  • Can mix shared and exclusive stacks.

CROSSBOW:

  • Virtualisation at the data (mac addr) level. vNICs.
  • vNIC gives b/w resource management (dladm).
  • vlans are supported in Crossbow.
  • P.S. What happened to my complimentary UKOUG membership?