Wednesday Jul 08, 2015

Remote Administration with RAD and Oracle Solaris 11

As organisations look for increased agility in their IT operations, many are turning towards more cloud like environments with shared compute, network and storage, and the ability for self-service users to quickly provision new virtualised environments on demand. With this increased virtualization sprawl, it's imperative to have a set of tools to allow administrators to effectively manage these environments, ensure they remain highly available, secure and observable.

There's hundreds of tools that have been created to help administrators manage their environments more effectively. Many tools such as Puppet and Chef, have inspired administrators to shift legacy enterprise management models over towards more rapid, agile and 'dev ops' like models. In Oracle Solaris 11, we've worked hard to modernise the operating system to adapt to this change and transform it into a highly capable cloud platform. We've included tools like Puppet as a response to customer demand, but we've also created our own - in this case RAD.

RAD (or Remote Administration Daemon) provides a set of programmatic interfaces to allow administrators to manage Oracle Solaris 11 subsystems using Python, C, Java, and RESTful APIs. RAD is also intended for developers as a complete development framework for creating their own custom interfaces to manage systems. I've written a getting started article that covers the basics of RAD, including some examples of using a few of the Oracle Solaris RAD modules. RAD is a very strategic technology for us because it provides a standardised set of interfaces to allow Oracle and other 3rd parties to write their own management interfaces on top of RAD. In fact we've already used RAD extensively in our port of OpenStack to Oracle Solaris.

Getting Started with the Remote Administration Daemon on Oracle Solaris 11.

Wednesday Apr 29, 2015

Managing Oracle Solaris systems with Puppet

This morning I gave a presentation to the IOUG (Independent Oracle Users Group) about how to manage Oracle Solaris systems using Puppet. Puppet was integrated with Oracle Solaris 11.2, with support for a number of new resources types thanks to Drew Fisher. The presentation covered the challenges in today's data center, some basic information about Puppet, and the work we've done to integrate it as part of the platform. Enjoy!

Friday Aug 15, 2014

Mirroring IPS repositories

Out of the many changes introduced in packaging with the Oracle Solaris 11.2 release, one of really good ones was the introduction of a repository mirroring service. This provides administrators with an easy, automated way of mirroring repository contents. For example, let's say you had a package repository set up locally that was serving the clients in your data center. While we provide a few different ways to sync up the contents of this repository with the Oracle Solaris 11 support repository hosted by Oracle through the pkgrecv utility or incremental ISO images, it's a pretty manual process. Now it's a case of simply configuring and starting an SMF service, svc:/application/pkg/mirror:default.

I've written a short article on this new IPS feature - How to Set Up a Repository Mirroring Service with the Oracle Solaris 11 Image Packaging Service.

You'll also notice that I also include a sneaky mention of pkg exact-install, another new feature that allows administrators to essentially reset a system to a known software boundary. Bart Smaalders has already covered this in a great blog post.

Friday Aug 01, 2014

Secure, compliant application deployment with Oracle Solaris 11

One of the really exciting features that was introduced in Oracle Solaris 11.2 is called Unified Archives. Unified Archives provide system cloning and disaster recovery capabilities for the platform. Built on the foundations of Oracle Solaris ZFS, an archive can quickly be taken on a live running system thanks to snapshot and cloning. A single archive can be created for a complete system that includes a number of virtual environments. Once captured, it can be deployed using Automated Installer or using the existing zonecfg(1M) and zoneadm(1M) utilities during Oracle Solaris Zone creation. Thanks to integration with the IPS packaging system, an archive can be partially deployed with complete flexibility - across different systems of the same architecture, or using physical-to-virtual or virtual-to-physical transforms. They're completely flexible. Jesse Butler, the architect for Unified Archives, has already covered a lot of the basics in two blog posts: Introducing Unified Archives in Oracle Solaris 11.2 and Cloning Zones with Unified Archives.

Unified Archives are a pretty critical piece of the overall application lifecycle. Combined with Oracle Solaris Zones, Immutable Zones (read-only VMs), and our new compliance framework, we have a very nice set of technologies that can be combined to really aid developers and administrators in creating and deploying compliant application environments, from development through to test and eventually production. I've written an article that helps explain how you can achieve this, and greatly cut down the cost of ensuring certified and compliant applications and reducing the cost of human error or security exploits.

Take a look at How to Ensure Secure, Compliant Application Deployment with Oracle Solaris 11.

Monday Jul 21, 2014

Understanding IPS versioning

During the lead up to Oracle Solaris 11.2 GA, I noticed that I had written an article back last year that never got published about understanding IPS package versioning. If you haven't yet had a chance to look at Oracle Solaris 11, one of the really great changes that we introduced was completely replacing the packaging mechanism from the rather legacy SVR4 packaging system to the network based Image Packaging System. IPS relies on the fact that ZFS is the underlying file system using a feature called ZFS Boot Environments, allowing us to take advantage of snapshots and clones while updating systems. This means that administrators can perform a system update while still having the old environment to fallback to if something goes wrong. There was a similar concept in Oracle Solaris 10, but was quite primitive by comparison.

And so to the document in question. IPS uses a pretty comprehensive versioning system to allow it to calculate how to go about performing a system update, or indeed any individual software package. We use a series of package constraints on the system to ensure that administrators are updating their software to a well known, and tested state. By contrast, Oracle Solaris 10 essentially let you update or apply any patches you wanted, often leading our customers down a very un-tested path. It's useful to understand this versioning system at times so I've written a useful article that covers some of this.

Take a read of Understanding Oracle Solaris 11 Package Versioning.

Thursday Jun 12, 2014

Interactive manifest editing with the Automated Installer Manifest Wizard

Oracle Solaris 11.2 adds a new Automated Installer (AI) Manifest Wizard to allow administrators to more easily create AI manifests for use in provisioning new client systems in the data center. The AI Manifest Wizard is a web web based interface that steps administrators through the basics of the AI manifest - target disks and layout selection, additional ZFS pools and datasets, IPS publisher and package selection, and the creation of any Oracle Solaris Zone virtual environments. The end result is an AI manifest without having to directly edit XML, and this can then be associated with an appropriate AI service.

To get started, check out How To Create an Automated Installer Manifest with an Interactive Wizard

Wednesday Jun 04, 2014

Getting Started with Puppet on Oracle Solaris 11

One of the exciting enhancements with Oracle Solaris 11.2 has been the introduction of Puppet. While upstream Puppet did have some rudimentary support for Oracle Solaris 11, Drew Fisher and Ginnie Wray worked tirelessly to add enhance the Oracle Solaris Puppet offering. We've talked to customers over the past few years and asked them what their problems were and what technologies they were using, particularly for configuration management. Puppet came up time and time again, and it made a huge amount of sense bringing it as a 1st class citizen in the Oracle Solaris platform.

So what is Puppet, and why is it useful? To quote from PuppetLabs, the guys who are responsible for creating Puppet:

Puppet is a declarative, model-based approach to IT automation, helping you manage infrastructure throughout its lifecycle, from provisioning and configuration to orchestration and reporting. Using Puppet, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change, scaling from 10s of servers to 1000s, on-premise or in the cloud.

What's more, with Puppet support for Oracle Solaris, administrators can now manage a completely heterogeneous data center from a single or series of Puppet masters. Better still, it's an excellent tool when combined with our new compliance framework to ensure you're meeting your compliance regulations. We're not stopping there of course, and we'll enhance our offerings over time, and work with PuppetLabs to get some of this support upstream (or into the Puppet Forge). So if you've heard some of the buzz around Puppet and never quite got started, and have some Oracle Solaris real estate that you'd love to manage, check out the Getting Started with Puppet on Oracle Solaris 11 guide.

Monday May 26, 2014

Oracle Solaris at the OpenStack Summit in Atlanta

I had the fortune of attending my 2nd OpenStack summit in Atlanta a few weeks ago and it turned out to be a really excellent event. Oracle had many folks there this time around across a variety of different engineering teams - Oracle Solaris, Oracle ZFSSA, Oracle Linux, Oracle VM and more. Really great to see continuing momentum behind the project and we're very happy to be involved.

Here's a list of the highlights that I had during the summit:

  • The operators track was a really excellent addition, with a chance for users/administrators to voice their opinions based on experiences. Really good to hear how OpenStack is making businesses more agile, but also equally good to hear about some of the continuing frustrations they have (fortunately many of them are new and being addressed). Seeing this discussion morph into a "Win the enterprise" working group is also very pleasing.
  • Enjoyed Troy Toman's keynote (Rackspace) about designing a planet scale cloud OS and the interoperability challenges ahead of us. I've been following some of the discussion around DefCore for a bit and while I have some concerns, I think it's mostly heading in the right direction. Certainly seems like there's a balance to strike to ensure that this effects the OpenStack vendors in such a way as to avoid negatively impacting our end users.
  • Also enjoyed Toby Ford's keynote (AT&T) about his desire for a NVF (Network Function Virtualization) architecture. What really resonated was also his desire for OpenStack to start addressing the typical enterprise workload, being less like cattle and more like pets.
  • The design summit was, as per usual, pretty intense for - definitely would get more value from these if I knew the code base a little better. Nevertheless, attended some really great sessions and got a better feeling of the roadmap for Juno.
  • Markus Flierl gave a great presentation (see below) at the demo theatre for what we're doing with OpenStack on Oracle Solaris (and more widely at Oracle across different products). Based on the discussions that we had at the Oracle booth, there's a huge amount of interest there and we talked to some great customers during the week about their thoughts and directions in this respect.
  • Undoubtedly Atlanta had some really good food. Highlights were the smoked ribs and brisket and the SweetWater brewing company. That said, I also loved the fried chicken, fried green tomatoes and collared greens, and wonderful hosting of "big momma" at Pitty Pat's Porch. Couldn't quite bring myself to eat biscuits and gravy in the morning though.
  • Visiting the World of Coca-Cola just before flying out. A total brain washing exercise, but very enjoyable. And very much liked Beverly (contrary to many other opinions on the internet) - but then again, I'd happily drink tonic water every day of the year...

Looking forward to Paris in November!

Tuesday May 06, 2014

Improved SMF Docs in Oracle Solaris 11.2

While there has been a ton of blogs posted about some of the new features of Oracle Solaris 11.2, one of those blogs in particular pleases me more than many others is the improved SMF documentation. While documentation doesn't exactly sound particularly exciting, it's absolutely crucial given the increasing importance that SMF is playing as a foundation for Oracle Solaris. Alta Estad has done a phenomenal job at improving the SMF documentation and accurately represents the hard work the SMF engineering team have been doing here.

One of the really exciting enhancements in SMF is actually a feature, unbeknownst to many, that has been available in the ZFS storage appliance for some time - SMF Stencils. Stencils are a way of taking advantage of the SMF configuration repository without having to rewrite your application to use libscf. Essentially by using a stencil you can manage your application configuration within SMF and have it automatically mirrored out to the traditional configuration file using svcio. This gives us a much improved way of managing configuration in a more structured sense, and ultimately a much better upgrade and auditing experience. In fact we've taken advantage of SMF stencils while integrating the Puppet into Oracle Solaris 11.2 (as detailed here).

So without further ado, check out Introduction to the Service Management Facility.

Wednesday Apr 30, 2014

Oracle Solaris 11.2 Announced

This morning in New York City, we announced Oracle Solaris 11.2 with Mark Hurd, John Fowler and Markus Flierl all taking the stage. I think many will probably completely fail to appreciate the amount of work that's gone into this release and some of the ground breaking technologies that have been included. They've been trying to bury us for years with the 'Solaris is dead' moniker. But here we still are, continuously engineering and steadily delivering - much like our SPARC processor and system roadmap.

If you had to sum up this release, I think the tagline for the release is pretty true to form. Engineered for cloud. It's the one driving force that's always been there since the start of Solaris development - our engineers always deliver a truly engineered system that's been architected from really solid foundations. Oracle Solaris 11 brings a number of new features that I think will be really game changing:

  • Unified Archives - Unified Archives are a replacement for Solaris Flash Archives that were available in Oracle Solaris 10. It's essentially a new archive format that's built on the OVF compliant format, but taking advantage of ZFS streams. Unified Archives provide you with the ability to capture environments of a running system either for cloning within a cloud environment or for backup and disaster recovery purposes. Unlike your standard golden image that you've been used to, Unified Archives provide an ability to capture both bare-metal and virtualized environments (or a combination of both) and deploy to either bare metal or virtual with powerful image transforms. This is especially useful in a typical development, test and product lifecycle where you want to be able to capture and quickly deploy a golden image as you go through that process. But how many developers have access to a SPARC M6 system? With Unified Archives you don't need to, and developers can capture a SPARC T5 system but deploy to a larger system when it really matters.
  • Kernel Zones - Kernel Zones are a feature of Oracle Solaris Zones to allow you to have a completely independent and isolated virtual environment with a standalone kernel. Our customers have been asking for this for a while, and with the rise of highly tenanted cloud environments, the ability to run different kernel versions side by side is crucially important. This allows administrators to easily migrate workloads for system maintenance or re-balance them completely unconstrained by the version of the global zone.
  • Compliance - We've been hearing this from our customer base for a while. Compliance requirements aren't going away anytime soon, and in fact they're getting harder and harder with multiple different software versions to manage in a virtualized, cloud computing world. With Oracle Solaris 11.1 we integrated support for the industry standard SCAP. Now we're taking this a step further by providing a set of tools to automatically monitor and report compliance with a number of built-in policies to help our customers through that pain.
  • Software Defined Networking - Oracle Solaris 11 has included a number of network virtualization capabilities for quite some time. The addition of virtual network interfaces (VNICs) has led to an unprecedented level of flexibility in network topology construction, and resource management them seamlessly within software. With Oracle Solaris 11.2 we're continuing to expand, and deliver, on Software Defined Networking (SDN) with the introduction of Elastic Virtual Switch. Elastic Virtual Switch provides administrators with the ability to seamlessly manage a series of virtual switches across multiple nodes in cloud from a single source. A new socket level API provides developers the ability to write purpose built application level flows to resource manage network traffic from the VM directly through to the network hardware and backend storage.
  • OpenStack - And finally, but not least, we've adopted the industry standard cloud computing infrastructure software, OpenStack. Oracle Solaris 11.2 is a full OpenStack distribution, and we've integrated the foundations of Oracle Solaris into the various OpenStack services - Nova compute virtualization, Neutron networking, Cinder and Swift block and object level storage, Glance image management, Keystone identity management, and of course that unified management interface Horizon that provides our customers with the ability to manage a heterogenous set of data center resources. We've been hearing from more and more customers interested in deploying OpenStack in their enterprise and we're very excited at being interoperable in this space and providing infrastructure such as a OpenStack Unified Archive to really help our customers get started in shifting their business to cloud computing.

But this list is just the start. Take a read of the Oracle Solaris 11.2 What's New Guide and see the vast array of other new integrations including extended Oracle Solaris support for Puppet, read-only root environments Immutable Global Zones, 3rd party configuration management with SMF stencils, seamless IPS repository mirroring, and secure end-to-end deployment using Automated Installer.

If you're one of the people who has dismissed Oracle Solaris, do take a look at Oracle Solaris 11.2. We've come a long, long way. These are enterprise ready technologies that you won't have seen before, and we really can do a lot better to manage your business IT needs.

Thursday Jan 09, 2014

Next OTN Virtual Sys Admin Day

On Tuesday Jan 28th at 9am PT we'll be hosting another OTN Virtual Sys Admin Day event. We've run a few of these in the past. Once again, we'll have new content in the Oracle Solaris 11 track where we'll be focusing on some tips and tricks, and best practices for packaging, virtualization and data management.

Just before Christmas (Happy New Year btw), I worked on some content related to packaging. I'll show some tips and tricks for how to manage software and software updates on your Oracle Solaris 11 systems, including best practices around repository management and how to constrain your systems using incorporation packages. So come join us on what will be 4 hours of great content, and get your questions answered in a live Q&A forum.

Wednesday Jun 12, 2013

OTN Virtual Sys Admin Day Respin

Over the last couple of weeks, a few of us have been working on some new hands on lab content for Oracle Solaris 11, and we've delighted to announce the return of the OTN Virtual Sys Admin day, on July 15th at 9am PT.

This time we're taking the approach of a 3 part lab in which we build up a nice example of a typical deployment using Wordpress, MySQL, Oracle Solaris Zones and ZFS for a multi-tiered application. We'll also look at how we can monitor this application at a very basic level. We will also look briefly at packaging for Oracle Solaris 11 using IPS. Links to the recorded content are below.

Oracle Solaris 11 Feature Map and Lab AgendaIn the opening Oracle Solaris hands-on-lab session we will discuss the most important Oracle Solaris 11 features and how they work together to enable modern virtualization and cloud computing capabilities. This lab will be divided into 3 parts where we will build a secure, multi-level application deployed using virtualization capabilities included in the operating system. We will also demonstrate how to monitor this application and manage system resources appropriately. This lab will look at deploying Wordpress using Apache as the web server and MySQL as the database, and the Oracle Solaris ZFS file system as the underlying storage layer. We recommend that participants attend all parts to this lab in order.
Part I: Storage and Web LayersIn the first Oracle Solaris hands-on-lab-session, we will use the ZFS file system to set up storage for our application and introduce participants to Oracle Solaris Zones as our primary virtualization environment for our web, database and application layers. We will also cover network virtualization to create virtualized network interfaces and switches to communicate between our virtualized environments.
Part II: Database and Application LayersIn the second Oracle Solaris hands-on-lab session, we will take advantage of Oracle Solaris Zone cloning to rapidly provision new virtualized environments for our database and application layers, and demonstrate how our application can easily be secured and protected using the Immutable Zones feature of Oracle Solaris Zones providing a read-only environment.
Part III: Resource Monitoring and PackagingIn the final Oracle Solaris hands-on-lab session, we will demonstrate how to monitor and manage virtualized resources using various integrated system commands available on the system. We will also create and publish a new software package for a simple monitoring script using the Image Packaging System (IPS).

If you've attended any of the previous virtual hands on lab events and been bored by the same content, there's a simple bit of pre-work involved (but that's really just about installing Oracle Solaris 11 on your system using Oracle VM VirtualBox, or any other means). So go register now!

Tuesday Apr 02, 2013

Chatting with Oracle

Over the past year, one of my many hats has been to manage some of the content over on our Oracle Solaris YouTube Channel. We're starting to build up a nice library of videos - everything from presentations, interviews and technical how tos.

A couple of weeks ago all the Oracle Solaris engineering talent got together for a workshop in Santa Clara to discuss some of the exciting developments that we're working on. Rick Ramsey took that opportunity to start chatting to some of the many folks involved and you can see the direct result on our Chatting with Oracle playlist. As a sneak preview, take a look at a quick chat with my new boss, Michael Palmeter, senior director of Oracle Solaris product management who talks about why the operating system is still relevant.

Tuesday Mar 26, 2013

The Building Blocks of an Oracle Solaris 11 Application Deployment

A while back I blogged about a simple deployment example using some of the new and old technologies included in Oracle Solaris 11. Together they provide some of the basic building blocks that you can use for a more complex deployment in your data center. I've been meaning to put some audio to the presentation and got some time today to do just that. So if you haven't seen the original set of slides, watch the 30 min presentation below with voice over from yours truly. Enjoy!

Thursday Jan 24, 2013

OTN Virtual Sys Admin Day (Part 2)

After a very successful event last week with the Oracle Technology Network Sys Admin Day, we're doing it again next week on January 29th at 9am GMT. This virtual event will take the same format with the same content, but at a better timezone for the folks in Europe. As per usual we'll have a set of great Oracle Solaris 11 Hands on Labs for which administrators can step through in their own virtual environments and ask questions live to a panel of experts on anything related to Oracle Solaris.

Register now!


To learn more about Oracle Solaris 11, check out an extensive list of resources including technical articles, cheat sheets and screencasts on Oracle Technology Network


« November 2015