Wednesday Sep 09, 2015

Integrated technologies FTW

In the latest articles I've been writing, I've been trying to link some of the Oracle Solaris technologies together and show how they can be used for a more complete story. The nice thing about Oracle Solaris is that we really care about the integration between technologies - for example, Oracle Solaris Zones is pretty seamlessly linked with ZFS, the entire network space, IPS packaging, Unified Archives and SMF services. It's absolutely our point of differentiation, and it's a hell of a lot less frustrating an administration experience as a result. Linux really is a poor cousin that regard.

Which is why I was really thrilled to see Thorsten Mühlmann latest blog, Deploying automated CVE reporting for Solaris 11.3. He talks through how to provide regular reporting of CVE (Common Vulnerability Exploits) for his systems. Not only does he use the integrated CVE meta-data in IPS, a core part of our wider compliance framework, but he provides the integration in IPS and SMF to make this easily deployable across the systems he manages with Puppet. It's a really nice example of how to engineer things that are reliable, repeatable and integrated. Thanks Thorsten!

Monday Jul 13, 2015

Periodic and scheduled services with SMF

With the release of Oracle Solaris 11.3 Beta last week, we've introduced a metric ton of new features. I'm really excited by the direction Oracle Solaris has been taking ad we continue to modernise the platform, include software administrators and developers are using on other platforms, and generally ensure we're ready to support the next generation of applications and infrastructure. If you've not really been following along, I'd strongly suggest you download Oracle Solaris 11.3 and have a play.

Back in 2005, we took the brave step to move away from /etc/init.d and introduced the Service Management Facility (SMF) as the main way to manage application and system services. SMF provided us with automatic service dependencies, central logging, structured configuration management, reliable application restart in the event of hardware or software failures as part of the overall fault management architecture in Oracle Solaris, and a much, much easier way of administering services. Better still, we converted all the system services over to SMF straight away and improved startup performance as we could now graph service dependencies and identify issues. You can under estimate the significance of this work, especially if you've read the turbulent history of systemd.

That was then, and this is now. One of the exciting enhancements in Oracle Solaris 11.3 relates to SMF, the introduction of the periodic and scheduled services. In another bold move, we're hoping to knock cron off it's block. There's no doubt cron is a foundation of scheduling in UNIX and Linux environments, and will be for years to come. But with scheduled SMF services we take all the ability of cron and combine them with all the benefits of SMF.

Creating an SMF periodic service is easy, with a simple addition to your SMF manifest to describe a periodic method (or using svcbundle):

        <method_credential user='oracle' group='dba' />
In the above snippet, we can see that we're executing /usr/local/bin/db_check every 10-11 minutes (as indicated by a jitter attribute of 60 seconds) with a maximum of 30 seconds delay after the service has been transitioned to the online state. We've also given it a method credential to run the script as the oracle user with dba group. The svc:/system/svc/periodic-restarter:default service instance will be responsible for restarting this service periodically.

Scheduled services are services that are run at a specific time, perhaps at an off-peak time. Similarly these are easy to create with a simple addition to your SMF manifest (or again by using svcbundle):

        <method_credential user='oracle' group='db' />
In the above snippet, we can see that we're executing /usr/local/bin/db_backup every day at 2am (as indicated by the hour and minute attributes). In this case the frequency is set as a default value of 1, meaning that we will run this every day. Like the previous example, we have given it a method credential to run the script as the oracle user with dba group. The svc:/system/svc/periodic-restarter:default service instance is also responsible for ensuring this services runs to its defined schedule.

One of the outstanding gaps with the Image Packaging System (IPS) was the ability to associate cron jobs during package install time by locating . Some other platforms have solved this with the introduction of /etc/cron.d using a process of self-assembly of the system's cron entries. We don't support this ability with the cron version included in Oracle Solaris 11. But now using periodic or scheduled services, administrators can simply install their SMF manifests into /lib/svc/manifest/site and restart the svc:/system/manifest-import:default service instance. You can achieve this with an IPS manifest fragment that uses an IPS actuator similar to the following:

file lib/svc/manifest/site/db-backup.xml \
    path=lib/svc/manifest/site/db-backup.xml owner=root group=sys \
    mode=0444 restart_fmri=svc:/system/manifest-import:default

So take the plunge and move your cron entries over to SMF today - you'll not regret it! Our plan is to convert the existing system cron entries over in future releases. For more information, see the following chapters in the excellent Oracle Solaris 11.3 Product Docs:

Tuesday May 06, 2014

Improved SMF Docs in Oracle Solaris 11.2

While there has been a ton of blogs posted about some of the new features of Oracle Solaris 11.2, one of those blogs in particular pleases me more than many others is the improved SMF documentation. While documentation doesn't exactly sound particularly exciting, it's absolutely crucial given the increasing importance that SMF is playing as a foundation for Oracle Solaris. Alta Estad has done a phenomenal job at improving the SMF documentation and accurately represents the hard work the SMF engineering team have been doing here.

One of the really exciting enhancements in SMF is actually a feature, unbeknownst to many, that has been available in the ZFS storage appliance for some time - SMF Stencils. Stencils are a way of taking advantage of the SMF configuration repository without having to rewrite your application to use libscf. Essentially by using a stencil you can manage your application configuration within SMF and have it automatically mirrored out to the traditional configuration file using svcio. This gives us a much improved way of managing configuration in a more structured sense, and ultimately a much better upgrade and auditing experience. In fact we've taken advantage of SMF stencils while integrating the Puppet into Oracle Solaris 11.2 (as detailed here).

So without further ado, check out Introduction to the Service Management Facility.

Tuesday Mar 26, 2013

The Building Blocks of an Oracle Solaris 11 Application Deployment

A while back I blogged about a simple deployment example using some of the new and old technologies included in Oracle Solaris 11. Together they provide some of the basic building blocks that you can use for a more complex deployment in your data center. I've been meaning to put some audio to the presentation and got some time today to do just that. So if you haven't seen the original set of slides, watch the 30 min presentation below with voice over from yours truly. Enjoy!

Friday Nov 23, 2012

A simple deployment example using Oracle Solaris 11

Last week I was over in Melbourne and Sydney to present at an Oracle Technology Network System Administration Day. During a set of morning sessions, I presented on some of the new things that we've done in Oracle Solaris 11 and our focus for the future. One of the sessions I presented was giving a quick technical overview of what a typical application deployment scenario would look like using technologies like the Image Packaging System (IPS), Service Management Facility (SMF), Oracle Solaris Zones, and network virtualization. While it's just a simple example, it provides the basic building blocks for a more advanced configuration that a data center would typically deploy. Given these would likely be of general interest, I thought I'd upload the slides for others to view - enjoy!

You can download the original source PPTX without some of the formatting errors in the above.

Thursday Aug 09, 2012

Configuring services with the Service Management Facility

One of the bigger changes with Oracle Solaris 11 has been the move of a lot of system configuration into the Service Management Facility (SMF) configuration repository and away from configuration files stored in /etc. This not only gives us a much more structured storage approach, but also provides a much better experience of what happens to administrative customization during a system upgrade. With the introduction of repository layering, configuration can now be more seamlessly managed across the system - both customizations made directly to a system, customizations as part of a wider site profile, and the default configuration that's provided by Oracle or any other 3rd party vendor who are integrating into Oracle Solaris 11. This does mean, however, that administrators will need to get a lot more familiar with SMF.

Over the last few weeks I've been working on writing more content to help administrators with their understanding of SMF. We've added a new SMF Technology Page on OTN with a ton of content - whitepapers, technical articles, cheat sheets and screencasts. Here's a screencast about how to configure services with SMF, enjoy!

Tuesday Aug 07, 2012

Basic administration using the Service Management Facility (SMF)

The Service Management Facility (SMF), first introduced in Oracle Solaris 10, is a feature of the operating system for managing system and application services, replacing the legacy init scripting start-up mechanism common to prior releases of Oracle Solaris and other UNIX operating systems. SMF improves the availability of a system by ensuring that essential system and application services run continuously even in the event of hardware or software failures. SMF is one of the components of the wider Oracle Solaris Predictive Self Healing capability, improving application resiliency in a typical data center environment.

An Overview of SMF

SMF is the software framework that is responsible for managing services on a system—whether they are critical system services essential to the working operation of the system or application services, such as a database or Web server.

Each service has a well-defined state (enabled, disabled, offline, maintenance) and usually a relationship to other dependent services that are required to be running on the system first. This provides a key benefit in that services can be started in parallel during system start up, resulting in a much faster boot when compared to the legacy init framework, which is only able to start processes in sequence and must wait until they complete. Each service is usually started by the SMF master restarter daemon, svc.startd, though this task can be delegated to an alternative restarter, as is the case for internet services delegated to inetd.

Behind the scenes of each service is a service manifest that describes some basic information about the service, what service dependencies are required, any required service configuration, and how SMF should start and stop the service. A service, once started, can start several different processes that are tied together as part of a service contract. This means that an administrator needs to manage only the higher-level service, rather than worrying about a series of individual processes and what start order might be required by those processes. If a service fails for any reason, whether during a hardware or software fault, SMF will automatically detect the failure and restart the service and any dependent services.

For the rest of the article, head on over to OTN and read Introducing the Introducing the basics of the Service Management Facility (SMF) on Oracle Solaris 11.

Tuesday Jul 17, 2012

First steps with the Service Management Facility (SMF)

The Oracle Solaris Service Management Facility (SMF) was one of the major features added with Oracle Solaris 10. In essence, it's a system that replaces the legacy init mechanism common on many UNIX operating systems, to manage both system and application services. The main advantage of SMF is that it provides continuous availability for these services, and should any hardware or software failures occur, SMF will automatically restart the service, and any dependent services.

While many administrators didn't really interact much with SMF on Oracle Solaris 10 outside simply enabling and disabling services, changes introduced in Oracle Solaris 11 will mean that SMF will become more visible. I'll talk about these changes in a future blog entry, but if you want to get a 101 on the basics of service administration with SMF, consider taking a look at the following screencast.


To learn more about Oracle Solaris 11, check out an extensive list of resources including technical articles, cheat sheets and screencasts on Oracle Technology Network


« November 2015