Sunday Feb 12, 2017
Wednesday Nov 02, 2016
By Jsavit-Oracle on Nov 02, 2016
One of the very cool recent features in Oracle VM Server for SPARC 3.4 is virtual HBA (vHBA) which adds I/O generality and function for logical domains.
I discussed this in previous blogs, and am pleased to announce a technical blog entry by Andrew Rutz (so it's authoritative!) on using MDB commands to introspect on vHBA: see MDB commands for vHBA (Virtual HBA)
Thursday Sep 29, 2016
By Jsavit-Oracle on Sep 29, 2016
Last week during Oracle Openworld, Oracle announced the availability of the OpenStack Nova driver for Oracle VM Server for SPARC (logical domains). This means that SPARC servers hosting guest domains (SPARC virtual machines) can be administered by OpenStack to create and run SPARC-based clouds.
The announcement link above gives an overview of the capabilities and installation requirements, but some additional details are:
- Support for OpenStack Kilo
- Support for Solaris 10 and Solaris 11 instances
- Network boot support, and ability to boot from a volume or a volume snapshot
- Support for SAN, NAS and local storage (FC, iSCSI, local vdisk files, NFS vdisk files, and local ZFS volumes "ZVOLs")
- Flat and VLAN networking
- Dynamic attachment and detachment of storage volumes, and network interfaces. Virtual disks can be added or removed while an instance (guest domain) is running)
- VNC and serial console support
- Historical console log
- Image (nova) and volume (cinder) based OS deployments
- Whole and max core constraints to control CPU allocation
- SSH key, Password, and file injection into guests without use of a network metadata service (network agnostic)
- Parallel guest deployment
- Multiple, physically isolated virtual switches, with guests attached to many networks (multi-homing), with varied MTUs
- Multiple MAC addresses supported for guest domains - so guests can run Solaris network virtualization and exclusive IP zones
- Nova Evacuate support with distributed lock management protection, allows redeployment of a logical domain on another node if hardware fails
Several demo videos have been produced to show it in action:
- Overview: https://www.youtube.com/watch?v=OiaQyaWz0Ho
- Basic N-tier network demo: https://www.youtube.com/watch?v=CvvUF0RKW6g
- Nova Evacuate Demo: https://www.youtube.com/watch?v=BXK5bLU3qiw
- Dynamic Storage Attach/Detach Demo: https://www.youtube.com/watch?v=C5HZ_PVxe6w
- Live Migration Demo: https://www.youtube.com/watch?v=4ghGQ-045ec
- Network Boot Demo: https://www.youtube.com/watch?v=DkhJ9YbIUbs
To get started, see the documentation, which guides you through setting up a Nova compute node on a SPARC server, and shows how to install a sample controller node running the typical OpenStack Kilo services (horizon, neutron, keystone, and so on). Note that the controller node can be a guest domain or a physical server. If a guest domain (1 core and 16GB of RAM will be plenty), don't try to run it on the infrastructure it controls as that would be a "chicken and egg" situation" :) The controller node can be based on Solaris running on SPARC or on x86, and with some configuration setups could be a non-Solaris controller environment.
I've installed this, created images and fired up "instances" (the generic name for a virtual environment which might be a VM or a container). There is a learning curve after installation since there are a lot of concepts and tools to assimilate. That said, the demonstration controller setup runs in a few minutes with little setup effort, so is a quick way to start delving into OpenStack.
Wednesday Sep 28, 2016
By Jsavit-Oracle on Sep 28, 2016
A few months ago I blogged on upgrading an Oracle VM environment from 3.3.4 to 3.4.1, and in that spirit (and with a few variations) I just did an upgrade from 3.4.1 to 3.4.2.
As before, I upgraded my lab systems (one Oracle VM Manager controlling an x86 server pool and a SPARC server pool) using the Upgrading Oracle VM instructions. The Manager upgrade was done first and that was completely by the book (mount the ISO image, run ./runInstaller.sh, and so on) with nothing exciting to report. After a few minutes I had the Manager at 3.4.2 level.
However, I used some variations for the servers. Before upgrade, the Oracle VM Manager instance was at the public 3.4.1 version, but the x86 servers were at an earlier internal test build (yes, I know: I should have synced it up long ago. My bad). To simulate customer experience I upgraded the servers to the official Oracle VM Server 3.4.1 level and then upgraded them to Oracle VM Server 3.4.2. This was the regular, documented process - I just did it twice with different Yum repository contents. A slight difference is that I created the repositories on one of my SPARC servers running Solaris instead of on x86 running Linux. No real reason except that I have those machines handy. The commands were almost the same as in the documentation, except for the slight differences for the mount command and the directory where I put the files.
Finally, I upgraded the SPARC portion of this lab. Instead of doing the method I've used in previous upgrades (update the server update repository, run the update from the Oracle VM Manager user interface), for a change I deleted a server from the Manager, uninstalled all presence of Oracle VM Manager's OVS agent, and then did a fresh install using the current OVS agent and Distributed Lock Manager (DLM). That worked just fine, and then I took another minute or two to re-present network definitions and repositories.
The net result is that this lab environment is now running Oracle VM Manager 3.4.2 with Oracle VM Server for x86 3.4.2, and Oracle VM Server for SPARC 3.4 (the release numbers vary slightly) and with the OVS agent corresponding to the Manager version.
Tuesday Sep 06, 2016
By Jsavit-Oracle on Sep 06, 2016
I was recently asked for a list of 'security best practices' for Oracle VM Server for SPARC, so I'll share the list I came up with:
- Start with the Oracle VM Server for SPARC Security Guide.
- Lock down access to the control domain, any service domains, and root domains hosting physical functions for SR-IOV virtual functions.
- Keep management and storage networks separate from guest domain
- Separate guest domains in different security categories by using different virtual switches, VLANs, or PVLANs.
- Use etherstub-based virtual switches for private inter-guest networking, or virtual switches without any net-dev.
- Set allowed-ips, allowed-dhcp-cids, and allowed-mac on a vnet in conjunction with setting protection=mac_nospoof, ip_nospoof and dhcp_nospoof. This requires recent versions of Oracle VM Server for SPARC.
- Set maxbw value on vnet to prevent denial of service attack from a VM.
- Implement secure wanboot / verified boot to ensure use of signed binaries at boot time.
- Deploy control and service domains (and when possible, guest domains) with Solaris 11.3 minimal server profile plus necessary IPS packages. The minimal server does not even include snoop(1M), so is very tight with regard to attack surface.
- Stay current on firmware and Solaris versions to get the latest security fixes.
- Don't use clear-text communication for anything that has a potential security implication.
That's not meant to be comprehensive list, but should be a good start for making sure your Oracle VM Server for SPARC environment is configured for security. Thanks to Steffen Weiberle for several helpful suggestions.
Tuesday Aug 30, 2016
By Jsavit-Oracle on Aug 30, 2016
I'm pleased to announce an update to the whitepaper Optimizing Oracle VM Server for x86 Performance.
This update adds information about aligning virtual disk partitions on a 4K boundary for performance and references the KM note describing this in further detail. The update also adds text to clarify that Oracle VM does not buffer file writes, so there's no risk of data loss due to buffering.
Tuesday Jun 21, 2016
By Jsavit-Oracle on Jun 21, 2016
Wednesday Jun 01, 2016
By Jsavit-Oracle on Jun 01, 2016
Friday May 06, 2016
By Jsavit-Oracle on May 06, 2016
Last month I blogged on Oracle VM upgrades: one blog entry upgrading Oracle VM Manager to version 3.3.4. and the other blog upgrading to the corresponding SPARC OVS agent. Today, I upgraded the same systems to Oracle VM Manager 3.4.1 and the ovs-agent 3.4.1
[A note on release numbers: Oracle VM Manager's release is 3.4.1, and so is the ovs-agent that runs on the SPARC server. The actual hypervisor, Oracle VM Server for SPARC, formerly called logical domains (and frequently still called by the original name), is currently at release 3.3. Close, but not exactly aligned.]
Today's process was exactly the same as before, and proceeded without any excitement. I upgraded the Manager, and then the server component. If anyone asks via comment I'll post the commands I used, as I did last time, but it will look exactly the same except for file names and release numbers.
This was uneventful. I won't say "boring", because people might find it interesting ;) but it proceeded as expected without any excitement. System upgrades should be uneventful! Now my lab systems are at the current of Oracle VM Manager, ovs-agent, and logical domains.
Friday Apr 22, 2016
By Jsavit-Oracle on Apr 22, 2016
Wednesday Apr 20, 2016
Tuesday Apr 12, 2016
Thursday Mar 24, 2016
By Jsavit-Oracle on Mar 24, 2016
Friday Mar 18, 2016
By Jsavit-Oracle on Mar 18, 2016
Monday Nov 30, 2015
- Private Cloud Appliance (PCA) Tenant Groups
- MDB commands for Virtual HBA on Oracle VM Server for SPARC
- OpenStack for Oracle VM Server for SPARC
- Upgrading Oracle VM Manager to version 3.4.2
- Security Best Practices for Oracle VM Server for SPARC
- Updated whitepaper: Optimizing Oracle VM Server for x86 Performance
- Oracle VM Server for SPARC - virtual HBA (vHBA) enhancements
- Oracle VM Server for SPARC 3.4 - scalability improvements
- Upgrading Oracle VM Manager to version 3.4.1
- New whitepaper: Optimizing Oracle VM Server for x86 Performance