X

News, tips, partners, and perspectives for the Oracle Linux operating system and upstream Linux kernel work

Recent Posts

Events

Hewlett Packard Enterprise at Oracle OpenWorld 2018

Coming to Oracle OpenWorld 2018? Then come see HPE. We're excited to have our partner returning to the conference this year! And they’re ready to help you learn how the right HPE hardware running Oracle Linux and Oracle VM can provide an optimal solution for your most demanding workloads. Whether your requirements are for increasing database performance or keeping critical applications available, HPE can help you optimize your investments in Oracle. HPE participates in Oracle’s HCL program to qualify hardware on Oracle Linux, Oracle Solaris, and Oracle VM. Qualified solutions can be found here. Meet with HPE compute and storage experts in the Infrastructure Technologies showcase, # 120. Learn about HPE's all-flash 3PAR and Nimble Storage with extreme performance, predictive analytics and robust data protection, or, for your mission-critical compute, the unparalleled scale-up server capacity offered by HPE Superdome servers with Intel® Xeon® Scalable processors. HPE provides a full portfolio of right-sized server and storage solutions allowing IT organizations to match processing power and scale with current and future needs, from small to large enterprise deployments, at price points that fit within almost any IT budget.        

Coming to Oracle OpenWorld 2018? Then come see HPE. We're excited to have our partner returning to the conference this year! And they’re ready to help you learn how the right HPE hardware running...

Announcing Oracle Linux Storage Appliance 1.8 for Oracle Cloud Infrastructure

We are pleased to announce the release of Oracle Linux Storage Appliance 1.8. The Oracle Linux Storage Appliance allows you to easily build NFS and Samba shared file system storage with attached NVMe devices or block volumes on Oracle Cloud Infrastructure (OCI). This release provides Microsoft Active Directory support for greater integration with Windows domain networks.  Many Microsoft Windows Server deployments use Active Directory for managing user authentication and access authorization.  Oracle Linux Storage Appliance can now authenticate users defined in the Active Directory server, and authorize or restrict access to Samba shared file system directories implementing the Server Message Block (SMB) export protocol. To take advantage of Microsoft Active Directory support, you can easily upgrade your existing Oracle Linux Storage Appliance deployment using the Update Appliance option in the Administration page of the web console.  To install a new deployment of Oracle Linux Storage Appliance on Oracle Cloud Infrastructure, simply follow a few easy steps provided here.  Active Directory support is enabled in the Samba Global Settings option in the web console’s Administration page. For more information visit: Oracle Linux Storage Appliance Oracle Linux Storage Appliance Deployment and User’s Guide

We are pleased to announce the release of Oracle Linux Storage Appliance 1.8. The Oracle Linux Storage Appliance allows you to easily build NFS and Samba shared file system storage with attached NVMe...

Announcements

Announcing Oracle Linux 7 Update 6 Developer Preview

Oracle is pleased to announce the availability of the developer preview for Oracle Linux 7 Update 6 as part of our ongoing goal of making Oracle Linux the distribution for development. The Oracle Linux 7 Update 6 Developer Preview includes the following kernel packages: kernel-uek-4.14.35-1818.2.1.el7uek.x86_64 The Unbreakable Enterprise Kernel Release 5, which is the default kernel. kernel-3.10.0-933.el7.x86_64 The latest Red Hat Compatible Kernel (RHCK). To get started with Oracle Linux 7 Update 6 Developer Preview, you can simply perform a fresh installation by using the ISO images available for download from Oracle Technology Network. Or, you can perform an upgrade from an existing Oracle Linux 7 installation by using the developer preview channels for Oracle Linux 7 Update 6 on the Oracle Linux yum server or the Unbreakable Linux Network (ULN).  # vi /etc/yum.repos.d/public-yum-ol7.repo [ol7_u6_developer] name=Oracle Linux $releasever Update 6 installation media copy ($basearch) baseurl=https://yum.oracle.com/repo/OracleLinux/OL7/6/developer/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 [ol7_u6_developer_optional] name=Oracle Linux $releasever Update 6 optional packages ($basearch) baseurl=https://yum.oracle.com/repo/OracleLinux/OL7/optional/developer/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 Oracle Linux yum server is mirrored inside Oracle Cloud Infrastructure to enable faster downloads. You can follow the instructions to configure Oracle Linux yum server mirrors in Oracle Cloud Infrastructure. Modify the yum channel setting and enable the Oracle Linux 7 Update 6 Developer Preview channels. Then you perform the upgrade. # yum update After the upgrade is completed, reboot the system and you will have Oracle Linux 7 Update 6 Developer Preview running. # cat /etc/oracle-release Oracle Linux Server release 7.6 This release is provided for development and test purposes only and is not covered by Oracle Linux support. Oracle does not recommended using preview releases in production. If you have any questions, please visit the Oracle Linux and UEK Preview space on the Oracle Linux Community. If you come to Oracle OpenWorld and want to learn more about Oracle Linux and Virtualization and to speak with product experts, visit the Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase.

Oracle is pleased to announce the availability of the developer preview for Oracle Linux 7 Update 6 as part of our ongoing goal of making Oracle Linux the distribution for development. The Oracle Linux...

Events

Join Pure Storage at the Infrastructure Technologies Showcase, #120, at Oracle OpenWorld 2018

Learn how Pure Storage empowers Oracle customers to maximize the value of data We’ve shared a lot of information about key sessions and the showcase to help Oracle OpenWorld attendees map out how to best spend time at the conference. There’s more… Our Partners. This year, we welcome AMD, Hewlett Packard Enterprise, Lenovo, Pure Storage, and Symantec who are joining us in the Infrastructure Technologies showcase, #120, in Moscone South. Here are some key things to know about Pure Storage. #1: Pure Storage hardware is qualified and supported on Oracle Linux, Oracle Solaris and Oracle VM. It is also a good selection for Oracle Private Cloud Appliance customers that need external storage for business continuity and rapid restore solutions. The Pure Data-Centric Architecture for Oracle, the all-flash storage platform, is virtually effortless to use, efficient from end-to-end, and evergreen to upgrade - delivering real-time data to power customers’ mission-critical Oracle databases, data warehouses, development activities, and modern analytics environments. Thousands of Oracle customers use Pure Storage to help them deliver faster performance, improved simplicity, and lower economics for their Oracle environments. A case in point: An insurance company in Latin America recently selected Pure Storage to improve the performance and simplify operation of their mission critical Oracle databases that run on Oracle Linux. Pure’s embedded Oracle Copy Automation Tool (CAT), based on space-efficient snapshots, helped this customer speed up development activities by over 150x. Copy, clone and refresh workflows that were taking up to 3 hours to complete are now conducted in as little as 1-2 minutes. Now that’s a benefit that’s hard to pass up. #2: You can hear more from Pure Storage product experts: Customer Case Study Session: Oracle Private Cloud Appliance and Pure Storage: An Integrated Disaster Recovery Solution Thursday, Oct 25, 12:00 p.m. - 12:45 p.m. Moscone South - Room 214 Theater Session: Accelerate Development with Database Automation Tuesday, Oct 23, 1:00 p.m. - 1:20 p.m.  The Exchange @ Moscone South - Theater 1 #3: At the Infrastructure Technologies showcase, #120, Pure will be highlighting hardware support on Oracle Linux, Oracle VM, and Oracle Private Cloud Appliance, and demoing tools including: Oracle Database Copy Automation Tool Accelerate Oracle DB Development with Automation using Ansible Oracle Enterprise Manager Plug-in for Pure Storage Space Efficient Oracle snapshots Pure ActiveCluster - Simple and cost-effective Sync Replication    Pure Storage is an OPN Gold member.  

Learn how Pure Storage empowers Oracle customers to maximize the value of data We’ve shared a lot of information about key sessions and the showcase to help Oracle OpenWorld attendees map out how to...

Events

Q: What do penguins, pop sockets and VR have in common? A: The Oracle Infrastructure Technologies Showcase at Oracle OpenWorld

It’s refreshing to be in San Francisco in the fall. The weather is typically “temperate” but can be unpredictable, so it’s always good to bring layers, just in case. Joining the throng of people heading to Oracle OpenWorld adds an even more energizing buzz to the city by the bay. I enjoy a walk in the Howard and 3rd St. neighborhood as I grab a cappuccino and head to Moscone Center. Like the convention center, which is undergoing an expansion and transformation, so too is The Exchange, this year’s demo grounds at Oracle OpenWorld, located in Moscone South. With a focus on attendees’ experience, there are several new things to make navigating the exhibit floor easier. A wayfinder application provides an easy, self-service portal for finding demos and product experts. On-demand demos join always-on demos to provide time savings, and meetings can be booked on the spot to fit your schedule. Also new this year is the Oracle Infrastructure Technologies showcase, #120. This showcase, located on the right side of the show floor, near the Oracle Cloud Infrastructure and Autonomous Database showcases, is a stop you'll want to make. Attendees will find a wealth of information and an opportunity to have some fun. Here’s an outline of what will be covered in the Oracle Infrastructure Technologies showcase. Products, technologies, and training: Servers: X86 Servers, SPARC Servers Storage: Zero Data Loss Recovery Appliance, Oracle ZFS Storage Appliance, StorageTek Tape Automation Operating Systems: Oracle Linux, Oracle Solaris Virtualization: Oracle VM for x86, Oracle VM Server for SPARC, Oracle VM VirtualBox, Tools and Platform: Oracle Containers, Oracle OpenStack, Oracle Enterprise Manager, Kubernetes Converged Infrastructure: Oracle MiniCluster, Oracle SuperCluster, Oracle Private Cloud Appliance Training Partners: AMD, Hewlett Packard Enterprise, Lenovo, Pure Storage, and Symantec Fun with VR: Join us for some fun in this virtual world (with all of the gear), where you’ll transform into the role of a solution architect. Shoot down the Oracle Infrastructure Technology product(s) that best fit your IT requirements and you could win an Oracle penguin pop socket.  And there’s more… More fun at CloudFest. 18 and if you’re planning to extend your stay in San Francisco, be sure to check out all of the Halloween parties – this city knows how to do them right! Finally, back to Oracle OpenWorld -- don’t forget to register for sessions now, they’re filling up fast. Enjoy fall in San Francisco and your time at Oracle OpenWorld 2018.

It’s refreshing to be in San Francisco in the fall. The weather is typically “temperate” but can be unpredictable, so it’s always good to bring layers, just in case. Joining the throng of...

Configuring Oracle Linux 7 Instances on Oracle Cloud Infrastructure Using OCI Utilities

Oracle Linux 7 instances created using Oracle-Provided Images on Oracle Cloud Infrastructure (OCI) include a pre-installed set of utilities that are designed to facilitate configuration tasks for Oracle Linux instances. These utilities consist of a set command line tools included in the oci-utils RPM package that is pre-installed with the latest Oracle Linux 7 images provided under the ‘Oracle-Provided OS Image’ selection when creating an instance from the Oracle Cloud Infrastructure console. The following OCI utilities are available in the oci-utils package: oci-iscsi-config - Displays and attaches/detaches iSCSI devices on Oracle Linux instances. oci-network-config - Displays instance VNICs, configures secondary VNICs, and auto-synchronizes VNIC IP configurations. oci-network-inspector - Displays network information for an OCI Virtual Cloud Network (VCN), compartment, or tenancy, including the security list, and IP addresses of VNICs and instances. oci-metadata - Queries instance metadata such as the OCI region, availability domain, shape, state, OCID, compartment, and network. oci-public-ip - Displays the instance public IP address. ocid - This is the oci-utils service daemon component. For more information on OCI utilities and how to use the scripts, visit the following links: Documentation Oracle Cloud Documentation: OCI Utilities Blogs oci-utils-0.6-34.el7 oci-utils for Oracle Cloud Infrastructure      

Oracle Linux 7 instances created using Oracle-Provided Images on Oracle Cloud Infrastructure (OCI) include a pre-installed set of utilities that are designed to facilitate configuration tasks for...

Events

Enterprise Development Platform founded on Oracle Linux and VirtualBox

"Tried, tested, and tuned for enterprise workloads, Oracle Linux is used by developers worldwide. Oracle Linux’s Yum server provides easy access to Linux developer and preview software channels. Thousands of EPEL packages have been built and signed by Oracle for security and compliance. Software collections include recent versions of Python, PHP, Node.js, nginx, and more. Oracle Cloud developer tools such as Terraform, SDKs, and CLI are available for improved experience. Oracle VM VirtualBox is the most popular cross-platform virtualization software. In this session learn about using Oracle Linux and Oracle VM VirtualBox as an enterprise development platform" Oracle Linux is a real Enterprise and Open Linux Distribution: It's free to use It's free to distribute It's free to update It's free to use just because the Oracle Linux ISOs can be downloaded and used for free, no subscription is required! It's free to distribute, because the software can be shared and installed on more and many different environment! It's free to update, because you can get access to all the updates by the Oracle Linux Yum Server and, again, no subscription is required! On Oracle Linux Yum Server you can also find channels dedicated to developers, like: Software Collection Library 3.0 for Oracle Linux 7 EPEL channel, with packages built and signed by Oracle for security and compliance Development channel, with packages dedicated to development utilities (like VirtualBox) and/or cloud utilities Oracle VM VirtualBox is the most popular cross-platform virtualization software; it allows to run any x86 Operating System on top on your laptop/desktop environment; it does not matter which OS you've installed on the Host, the same VirtualBox release is available for Linux, Windows and MacOS. By having Oracle VM VirtualBox installed on your host development platform you can really create a transparent layer that will get your Virtual Machines (dev environments) running on top, independent from the host operating system!   You can learn more about how your business can get advantage of those technologies during the Oracle Open World "Oracle Linux and Oracle VM VirtualBox: The Enterprise Development Platform" session at Oracle Open World on Monday, Oct 22, 9:00AM in room 152, Moscone South. To learn more about Oracle Linux and to speak with product experts, visit the Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase. See you there!

"Tried, tested, and tuned for enterprise workloads, Oracle Linux is used by developers worldwide. Oracle Linux’s Yum server provides easy access to Linux developer and preview software channels....

Events

Six Must-Attend Sessions at Oracle OpenWorld 2018

Building your Oracle OpenWorld 2018 schedule? You won't want to miss these six sessions. Our executives will share details on architecture and technical directions, the latest innovations, business strategies, and customer successes. You’ll come away with a better understanding of the unique capabilities Oracle Linux, Virtualization and other Oracle Infrastructure Technologies are delivering now and going forward – whether you want to deploy on premises, in the cloud or integrate between. Register now to ensure you have a seat!  Day/Time/Location    Session Title   Speakers Monday, Oct. 22     11:30 a.m. - 12:15 p.m. Moscone West - Room 2000 Oracle Linux: State of  the Penguin  [PRO4720] Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle 3:45 p.m. - 4:45 p.m. The Exchange @ Moscone South - The Arena Oracle's Systems Strategy for Cloud and On-Premises [PKN5901] Ali Alasti, Senior Vice President, Hardware Engineering, Oracle Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle Edward Screven, Chief Corporate Architect, Oracle Tuesday, Oct. 23     11:15 a.m. - 12:00 p.m. Moscone West - Room 2000 An Overview of Oracle Infrastructure Technologies in Oracle Cloud [PRO5904] Robert Shimp, Product Management Group Vice President - Oracle Linux, Virtualization and Linux and VM Development, Oracle Ajay Srivastava, Senior Vice President, Operating Systems and Virtualization, Oracle 11:30 a.m. - 12:15 p.m. Moscone West - Room 2009 Kubernetes, Docker, and Oracle Linux from On-Premises to Oracle Cloud with Ease [DEV6015] Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle Wednesday, Oct. 24     11:15 a.m. - 12:00 p.m.  Moscone West - Room 2000 The OS Factor: Advice for the Technology Buyer from IDC [BUS4729] Ashish Nadkarni, Research Director, IDC Karen Sigman, Vice President, Product and Partner Marketing, Oracle Thursday, Oct. 25     9:00 a.m. - 9:45 a.m.  Moscone West - Room 2003 Oracle Linux Is Really the Ideal Linux for Oracle Cloud Developers [DEV6017] Wim Coekaerts, SVP, Operating Systems and Virtualization Engineering, Oracle   To learn more about these sessions and to register, click on the session title above, in the search box enter the session code, click "+" to complete your registration. Visit and bookmark this Focus on Oracle Linux and Virtualization page to access the full list of our general sessions and hands-on labs. Check the Oracle Linux and Virtualization blogs regularly for news and updates. And, while at Oracle OpenWorld, be sure to stop by the Infrastructure Technologies showcase, booth #120, located in Moscone South (on the right side, just past the Autonomous Database showcase). Featuring Oracle Linux and Virtualization technologies, at the showcase you can experience demos, a virtual reality game, and speak with product experts and partners.  

Building your Oracle OpenWorld 2018 schedule? You won't want to miss these six sessions. Our executives will share details on architecture and technical directions, the latest innovations, business...

Events

Agile, reliable and secure DevOps with Oracle Linux and VirtualBox

Building an agile collaboration and communication between Development (Dev) and Operations (Ops) is one of the main goals of modern IT: deploying features into production quickly and, at the same time, detecting and correcting problems when they occur, without disrupting other services, can be obtained by a culture that puts a focus on creating a fast and stable workflow through development and IT operations. Results with a good DevOps approach: Faster time-to-market: Increase the frequency and accuracy of releases (the automation processes will give much more time to the people) Cost: reduce OPEX by automating processes; this will also prevent human errors and reduce downtime Focus on business: Allow employees to focus on high-value activities (that will also improve employees personal gratification) Oracle is, at the same time, one of the biggest players in both the Cloud and Software market and, so, DevOps is one of the most important components to grant us best results possible; infrastructure technologies we use at Oracle to build a stable and reliable workflow rely on both container and virtualization solutions. VirtualBox and Oracle Linux can help you to address most of the DevOps requirement in term of build, test and deploy; while Oracle Linux, with all its Enterprise Features, has been rated as the "Top Rated Operating System for Business", Oracle VM VirtualBox is the most famous, cross-platform, desktop virtualization solution available today. Those technologies, working with Vagrant, allow to automate and get a reliable, no human-error and reproducible environment in minutes; this is also why, some time ago, we created the official GitHub repository dedicated Vagrant Boxes for Oracle Products and projects, available at https://github.com/oracle/vagrant-boxes . You can learn more about how your business can get advantage of those technologies and their DevOps approach during the Oracle Code "Practical DevOps with Linux and Virtualization" session at Oracle Open World on Thursday, Oct 25, 10:00AM in room 2018, Moscone West. To learn more about Oracle Linux and to speak with product experts, visit the Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase. See you there!

Building an agile collaboration and communication between Development (Dev) and Operations (Ops) is one of the main goals of modern IT: deploying features into production quickly and, at the same...

Getting Started with the Unbreakable Enterprise Kernel Release 5 for Oracle Linux on Oracle Cloud Infrastructure

Oracle Linux images available on Oracle Cloud Infrastructure are frequently updated to help ensure access to the latest software. The latest Oracle Linux images provided in Oracle Cloud Infrastructure now include Oracle Linux 7 Update 5 with the Unbreakable Enterprise Kernel Release 5 (UEK R5). UEK R5 is an extensively tested and optimized Linux kernel designed for 64-bit (Intel x86_64) and ARM (aarch64) architectures and based on mainline version 4.14 LTS.  UEK R5 provides secure boot and performance optimization improvements, security and bug fixes, and driver updates. For details about UEK R5 improvements and more, visit these links: Announcing the General Availability of the Unbreakable Enterprise Kernel Release 5 Unbreakable Enterprise Kernel Release 5 for Oracle Linux 7 Oracle Linux Enterprise Kernel Release 5 – New Features and Change You can take advantage of the new UEK R5 enhancements by deploying the latest Oracle Linux images on Oracle Cloud Infrastructure. Simply create an instance with the latest Oracle Linux 7.5 image provided on the Oracle Cloud Infrastructure console, as shown in the following example: To upgrade your existing Oracle Linux instances to UEK R5 on Oracle Cloud Infrastructure, enable access to the ol7_UEKR5 channel on your Oracle Cloud Infrastructure region’s mirrored Oracle Linux yum server repository or the ol7_x86_64_UEKR5 channel on the Unbreakable Linux Network (ULN), and run the yum update command. After the upgrade, you will need to reboot and select the UEK5 kernel (version 4.14.35) if it is not the default boot kernel. The UEK R5 update is included with Oracle Linux Premier Support at no additional cost with your Oracle Cloud Infrastructure subscription. This includes access to the latest packages and updates, 24x7 expert support, the My Oracle Support portal with an extensive Linux knowledge base, Oracle Ksplice zero-downtime updates, and more. For more information, visit the following links: Oracle Linux Oracle Linux for Oracle Cloud Infrastructure Unbreakable Enterprise Kernel for Oracle Linux Release Notes for Unbreakable Enterprise Kernel Release 5 Getting Started: Oracle Linux for Oracle Cloud Infrastructure Guide

Oracle Linux images available on Oracle Cloud Infrastructure are frequently updated to help ensure access to the latest software. The latest Oracle Linux images provided in Oracle Cloud Infrastructure...

Events

Oracle Linux and Virtualization Hands-On Labs at Oracle OpenWorld

We have a great selection of hands-on labs for Oracle Linux and Virtualization at Oracle OpenWorld. To join the product experts for these sessions at the Marriott Marquis (Yerba Buena Level) - Salon 12/13, add the following six sessions to your Oracle OpenWorld calendar.   Session: Container Orchestration Using Oracle Linux (Kubernetes/Docker) - HOL6334 When: Monday October 22, 3.45 - 4.45pm Speaker: Avi Miller, Product Management Director, Oracle   Session: Build a High Availability Solution with Oracle Linux: Corosync/Pacemaker - HOL3137 When: Monday October 22, 5.15 - 6.15 pm Speaker: Jeff Savit, Director, Oracle   Session: Provide Zero Downtime Update for your Cloud Infrastructure - HOL6340 When: Wednesday October 24, 8:00  - 9:00 a.m Speaker: Christophe Pauliat, Oracle Solution Center Sales Consultant, Oracle; Simon Coter, Director of Product Management, Linux and Virtualization, Oracle   Session: Infrastructure as Code on Oracle Cloud Infrastructure with Terraform - HOL5139 When: Thursday October 25, 10:30 - 11:30 a.m Speaker: Simon Hayler, Sr Principal Technical Product Manager; Christophe Pauliat, Oracle Solution Center Sales Consultant, Oracle; Paul Bramy, CEO reloca; Matthieu Bordonne, Oracle Solution Center Sales Consultant   Session: Observing and Optimizing your Application on Oracle Linux with DTrace - HOL6339 When: Thursday October 25, 12.00 - 1.00pm Speaker: Jeff Savit, Director, Oracle   Session: Oracle Database 18c: Reliable DevOps with Vagrant, Oracle VM VirtualBox, and Oracle Linux - HOL6394 When: Thursday October 25, 1:30 - 2:30 p.m Speaker: Simon Coter, Director of Product Management, Linux and Virtualization, Oracle; Gerald Venzl, Senior Principal Product Manager, Oracle   At Oracle OpenWorld, to learn more about Oracle Linux and Virtualization, visit the Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase.

We have a great selection of hands-on labs for Oracle Linux and Virtualization at Oracle OpenWorld. To join the product experts for these sessions at the Marriott Marquis (Yerba Buena Level) -...

Events

Live Webinar: Secure and Agile Orchestration for Docker Containers

Live Webinar Oracle Webinar: Secure and Agile Orchestration for Docker Containers Europe, Middle East, Africa - October 9, 2018 10:00 AM BST/ 11:00 AM CEST/ 11:00 AM SAST/ 1:00 PM GST North America, Canada - October 9, 2018 12:00 PM PDT/ 3:00 PM EDT Asia Pacific and Japan–9 October, 2018 10:30 am IST/ 1:00 PM SGT/ 4:00 PM AEDT     Oracle Webinar: Secure and Agile Orchestration for Docker Containers     The goal of orchestration is to streamline and optimise frequent, repeatable processes to ensure accurate, speedier deployment of software–because companies know that the shorter the time-to-market, the more likely that success will follow.  Attend this webinar:  To understand how to build a secure and agile production environment by leveraging Docker containers and Kubernetes orchestration.  Learn about Oracle Container Services for use with Kubernetes which provides a comprehensive container and orchestration environment for the delivery of microservices and next generation application development.  Watch a demonstration of how to use Vagrant and VirtualBox to automatically deploy a Kubernetes cluster.  There will be a live Q&A at the end of the webinar.   Featured Speaker     Avi Miller Product Management Director  Oracle Linux and Virtualization  Stay Connected                        

Live Webinar Oracle Webinar: Secure and Agile Orchestration for Docker Containers Europe, Middle East, Africa - October 9, 2018 10:00 AM BST/ 11:00 AM CEST/ 11:00 AM SAST/ 1:00 PM GST North America,...

Announcements

Action required: Replacement of SSL certificates for the Unbreakable Linux Network

Oracle is replacing Symantec-branded certificates with Digicert-branded certificates across all of its infrastructure to prevent trust warnings once the Symantec root certificate authority is removed from several web browsers, including Firefox and Chrome. Immediate action required before October 9, 2018 Due to the nature of how Oracle Linux systems connect to Unbreakable Linux Network (ULN), this change requires that client certificates on all Oracle Linux systems directly subscribed to and receiving updates from ULN be updated. This does not affect Oracle Linux systems that are managed by Oracle Enterprise Manager or are subscribed to a local Spacewalk instance. The change in server certificates on ULN will occur on October 9, 2018. After that time, Oracle Linux systems will only be able to connect to ULN with an updated client certificate. Please make sure to update the packages listed at the end of this announcement on all servers that are registered directly to ULN before October 9, 2018. What happens if I can't update before October 9, 2018? If you are unable to update to the packages listed below before October 9, 2018, you will be unable to connect to ULN and will receive one of the following errors: The certificate /usr/share/rhn/ULN-CA-CERT is expired. Please ensure you have the correct certificate and your system time is correct. OR There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] A common cause of this error is the system time being incorrect. Verify that the time on this system is correct. Resolution: Manually replace the SSL certificate To manually replace the client SSL certificate on an Oracle Linux machine, run the following steps as root on each server: # cp /usr/share/rhn/ULN-CA-CERT /usr/share/rhn/ULN-CA-CERT.old # wget https://linux-update.oracle.com/rpms/ULN-CA-CERT.sha2 # cp ULN-CA-CERT.sha2 /usr/share/rhn/ULN-CA-CERT After this file has been updated you can continue using ULN as normal. After making this manual replacement, connectivity to ULN should be restored. The packages below should then be updated as part of your standard patching cycle. If you have any questions about this update please feel free to contact the ULN team via uln-info_us@oracle.com. Packages to be updated Oracle Linux 7 rhn-client-tools-2.0.2-21.0.9.el7.noarch.rpm rhn-setup-2.0.2-21.0.9.el7.noarch.rpm rhn-check-2.0.2-21.0.9.el7.noarch.rpm rhn-setup-gnome-2.0.2-21.0.9.el7.noarch.rpm (only required if a previous version is already installed) Oracle Linux 6 rhn-setup-1.0.0.1-45.0.3.el6.noarch.rpm rhn-client-tools-1.0.0.1-45.0.3.el6.noarch.rpm rhn-check-1.0.0.1-45.0.3.el6.noarch.rpm rhn-setup-gnome-1.0.0.1-45.0.3.el6.noarch.rpm (only required if a previous version is already installed) Oracle Linux 5 x86_64 up2date-5.10.1-41.30.el5.x86_64.rpm up2date-gnome-5.10.1-41.30.el5.x86_64.rpm (only required if a previous version is already installed) i386 up2date-5.10.1-41.30.el5.i386.rpm up2date-gnome-5.10.1-41.30.el5.i386.rpm (only required if a previous version is already installed) ia64 up2date-5.10.1-41.30.el5.ia64.rpm up2date-gnome-5.10.1-41.30.el5.ia64.rpm (only required if a previous version is already installed)

Oracle is replacing Symantec-branded certificates with Digicert-branded certificates across all of its infrastructure to prevent trust warnings once the Symantec root certificate authority is removed...

Events

Discover why Oracle Linux is top-rated operating system for business

In May 2017, IT Central Station's readers were asked to rank operating systems and based on those reviews, Oracle Linux was named the 2017 top operating system for business purposes. It can often be difficult to compare the value of one operating system over another. Pricing is obviously an important consideration, but there are so many other factors that should be considered when making such a fundamental platform decision. From the beginning, Oracle Linux was designed to provide a simpler way for Oracle customers to get full-stack support from the operating system to the application from an enterprise-class vendor that understands not just operating system, but all the really important things our customers actually need to run, like databases, middleware, applications and more recently, virtual machines and containers. To help ensure the most value for our customers, we've added additional components and products to Oracle Linux without increasing complexity. One of our customers that saw the biggest increases in efficiency and performance after migrating to Oracle Linux is Intel and this year at OpenWorld, they will be presenting the fascinating story of how they migrated their production, mission-critical manufacturing databases from Microsoft Windows to Oracle Linux with no outages or downtime. You'll also learn about the significant performance increase they gained on exactly the same hardware. To discover the value Oracle Linux can deliver for your organization, visit oracle.com/linux to connect with our global Oracle Linux sales team to schedule a customized workshop tailored specifically for you. Coming to Oracle OpenWorld? I will be giving a brief tour of all the other add-on packages that are supported on Oracle Linux at no extra cost and then introducing Intel at the "Why Choose Oracle Linux: The Value of Enterprise Linux" session on Monday, October 22nd at 5:45pm in Room 2000, Moscone West. You can also learn more about Oracle Linux directly from the product experts by visiting the Oracle Infrastructure Technologies showcase (booth #120) in Moscone South next to the Arena and just past the Autonomous Database showcase.

In May 2017, IT Central Station's readers were asked to rank operating systems and based on those reviews, Oracle Linux was named the 2017 top operating system for business purposes. It can often be...

Linux

A selection of OpenWorld sessions on Oracle Linux and Oracle VM

  Oracle OpenWorld 2018 is only a few weeks away! There are many sessions on Oracle Linux and Oracle VM, and here are a few technical sessions you may find interesting: Tips for Securing Your Cloud Infrastructure, Jan Hendrik Mangold, Jeff Savit [TIP4727], Monday 9:00 a.m. - 9:45 a.m., with products, tools and techniques for security. Perform In-Place Upgrade for Large-Scale Cloud Infrastructure, Jeff Savit, Jeffery Yoder, Rodolfo Martinez [CAS5088], Monday 3:45 p.m. - 4:30 p.m., with real world experiences on maintaining and upgrading an extremely large production Oracle VM environment. Maximize Performance with Oracle Linux and Oracle VM, Greg Marsden, Jeff Savit, Kevin Tribbey [TIP4725], Tuesday 5:45 p.m. - 6:30 p.m., with features of Oracle Linux, including DTrace, that enhance performance. Build a High Availability Solution with Oracle Linux: Corosync/Pacemaker, Jeff Savit [HOL3137] Hands-on lab for clustered Oracle Linux under VirtualBox, using Corosync and Pacemeker, Monday 5:15 p.m. - 6:15 p.m. Observing and Optimizing Your Application on Oracle Linux with DTrace, Jeff Savit [HOL6339] Hands-on lab introducing DTrace on Oracle Linux, Thursday noon to 1:00pm. These are sessions I will be at, so I hope you attend and find them useful. To learn more, visit the Oracle Infrastructure Technologies showcase featuring Oracle Linux and Virtualization technologies, booth #120, located in Moscone South (on the right side, just past the Autonomous Database showcase), where you can experience demos, a virtual reality game, and speak with product experts and partners.          

  Oracle OpenWorld 2018 is only a few weeks away! There are many sessions on Oracle Linux and Oracle VM, and here are a few technical sessions you may find interesting: Tips for Securing Your Cloud...

Events

Oracle Linux at Oracle OpenWorld 2018

Oracle OpenWorld 2018, in San Francisco, CA, is less than a month away! To help you plan your schedule below is the lineup of Oracle Linux sessions. The highlighted sessions are ones in which you’ll hear from our executives. This year’s content includes product roadmaps, tips and tricks, product training, customer case studies, and business use cases to enrich your learning experience. Remember to register ahead of time to make sure you have a seat. At the conference, you’ll also have the opportunity to connect with other Oracle customers, product experts, and partners, to help you make the most of your time. Read on and fill up your schedule now. The Sessions: Monday, Oct 22: Tips for Securing Your Cloud Infrastructure, Jan Hendrik Mangold, Jeff Savit [TIP4727], 9:00 a.m. - 9:45 a.m. Oracle Linux and Oracle VM: Get Trained for Cloud, Hybrid, and On-Premises, Avi Miller, Anotinette O’Sullivan [TRN5828], 10:30 a.m. - 11:15 a.m. -- more from Antoinette Oracle Linux: State of the Penguin, Wim Coekaerts [PRO4720], 11:30 a.m. - 12:15 p.m. Automating Workload Migration to Oracle Cloud Infrastructure, Simon Coter, Gilson Melo, Alessandr Pilotti [PRO5796], 12:30 p.m. - 1:15 p.m. Oracle’s Systems Strategy for Cloud and On-Premises, Ali Alasti, Wim Coekaerts, Edward Screven [PKN5901], 3:45 p.m. - 4:45 p.m. Perform In-Place Upgrade for Large-Scale Cloud Infrastructure, Jeff Savit, Jeffery Yoder, Rodolfo Martinez [CAS5088], 3:45 p.m. - 4:30 p.m. Why Choose Oracle Linux: The Value of Enterprise Linux, Deepen Chakraborty, Avi Miller [CAS4726], 5:45 p.m. - 6:30 p.m.  Tuesday, Oct 23: An Overview of Oracle Infrastructure Technologies in Oracle Cloud, Robert Shimp, Ajay Srivastava [PRO5904], 11:15 a.m. - 12:00 p.m.  Kubernetes, Docker, and Oracle Linux from On-Premises to Oracle Cloud with Ease, Wim Coekaerts [DEV6015], 11:30 a.m. - 12:15 p.m.  Best Practices: Oracle Linux and Oracle VM in Oracle Cloud Infrastructure, Julie Wong, Simon Coter [PRO4721], 4:45 p.m. - 5:30 p.m. Maximize Performance with Oracle Linux and Oracle VM, Greg Marsden, Jeff Savit, Kevin Tribbey [TIP4725], 5:45 p.m. - 6:30 p.m.  Wednesday, Oct 24: The OS Factor: Advice for the Technology Buyer from IDC, Karen Sigman, Ashish Nadkarni [BUS4729], 11:15 a.m. - 12:00 p.m. Secure and Agile Orchestration for Linux Containers, Avi Miller [TRN4723], 12:30 p.m. - 1:15 p.m. -- more from Avi The Emergence of New Threats: A Look at Spectre and Meltdown, Greg Marsden, Bruce Lowental [TIP3992], 4:45 p.m. - 5:30 p.m.  Thursday, Oct 25: Oracle Linux is really the ideal Linux for Oracle Cloud Developers, Wim Coekaerts [DEV6017], 9:00 a.m. - 9:45 a.m.  Build an ARM64-Based Solution with Oracle Linux, Honglin Su, Michele Resta [PRM4722], 9:00 a.m. - 9:45 a.m.  Practical DevOps with Linux and Virtualization, Simon Coter [DEV5029], 10:00 a.m. - 10:45 a.m.  Embrace Open Source Projects on GitHub for Cloud Automation, Avi Miller, Simon Coter [TIP5795], 12:00 p.m. - 12:45 p.m.  Why Oracle Linux is the Best Platform for Oracle Database and Oracle Cloud, Dhaval Giani [PRO5797], 1:00 p.m. - 1:45 p.m.  Accelerate Your Business with Machine Learning and Oracle Linux, Joost Pronk Van Hoogeveen, Simon Coter [PRO4731], 2:00 p.m. - 2:45 p.m. Add these sessions to your schedule and don't forget to bookmark our Focus on Oracle Linux and Virtualization page. And, there’s more…   The Showcase, Moscone South – Booth #120 Make sure to find time to visit the Oracle Infrastructure Technologies showcase featuring Oracle Linux and Virtualization technologies, booth #120, located in Moscone South (on the right side, just past the Autonomous Database showcase), where you can learn more about Oracle Linux, experience demos, a virtual reality game, and speak with product experts and partners. #OOW18 is sure to be an informative event. Stay tuned to this blog for more information on sessions, Hands-on Labs (HOLs), and more, in the coming days. We look forward to sharing this open world with you!

Oracle OpenWorld 2018, in San Francisco, CA, is less than a month away! To help you plan your schedule below is the lineup of Oracle Linux sessions. The highlighted sessions are ones in which you’ll...

Events

Building an open container native platform with Oracle Linux

In today's modern world of cloud-first development and container native deployment, building the infrastructure to support all of your business requirements can be complex. Going with an "all-in-one" product can seem attractive, even at the cost of locking you into that vendor. At Oracle, we're committed to letting our customers build their cloud, their way. Our goal is to provide maximum choice with all components based on open technologies. Whether your goal is to better manage and predict your IT costs while keeping pace with business demands or your developers expect the latest technology and rapid provisioning, Oracle has a solution that will fit. You can choose to migrate your workloads to Oracle Cloud and take advantage of industry leading IaaS and PaaS options, bring Oracle Cloud services into your data center with Cloud at Customer or build your own private cloud using Oracle Linux as the foundation. Oracle has years of experience with providing container-based solutions and most of our flagship products are available as container images. We also provide container runtime and orchestration tools at no extra cost with an Oracle Linux Premier support subscription. You can learn more about how your business can take advantage of these tools during the Secure and Agile Orchestration for Linux Containers session at Oracle OpenWorld on Wednesday, October 24th at 12:30pm in Room 2000, Moscone West.

In today's modern world of cloud-first development and container native deployment, building the infrastructure to support all of your business requirements can be complex. Going with an "all-in-one"...

Linux

Oracle Instant Client RPMs Now Available on Oracle Linux Yum Servers in OCI

Today we added Oracle Instant Client to the Oracle Cloud Infrastructure (OCI) yum mirrors. This makes developing Oracle Database-based apps on OCI a breeze. Previously, installing Oracle Instant Client required either registering a system with ULN or downloading from OTN, each with manual steps to accept license terms. Now you can simply use yum install directly from Oracle Linux running in OCI. See this tutorial on the Oracle Developer blog for an example that connects a Node.js app running on an OCI instance to an Autonomous Transaction Processing (ATP) Database. Getting Oracle Instant Client RPMs From Your Local OCI Yum Mirror Grab the latest version of the repo defintion from the yum server local to your region as follows: cd /etc/yum.repos.d sudo mv public-yum-ol7.repo public-yum-ol7.repo.bak export REGION=`curl http://169.254.169.254/opc/v1/instance/ -s | jq -r '.region'| cut -d '-' -f 2` sudo -E wget http://yum-$REGION.oracle.com/yum-$REGION-ol7.repo Enable the ol7_oci_included repo: sudo yum-config-manager --enable ol7_oci_included Behold! $ yum list oracle-instantclient* Loaded plugins: langpacks, ulninfo Installed Packages oracle-instantclient12.2-basic.x86_64 12.2.0.1.0-1 @ol7_oci_included Available Packages oracle-instantclient12.2-basiclite.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-devel.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-jdbc.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-odbc.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-precomp.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-sqlplus.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-tools.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient18.3-basic.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-basiclite.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-devel.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-jdbc.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-odbc.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-precomp.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-sqlplus.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-tools.x86_64 18.3.0.0.0-1 ol7_oci_included $ Try it Yourself If you want to give this a try, read the end-to-end example here.

Today we added Oracle Instant Client to the Oracle Cloud Infrastructure (OCI) yum mirrors. This makes developing Oracle Database-based apps on OCI a breeze. Previously, installing Oracle Instant...

Announcements

Announcing the developer preview of Oracle Container Services 1.1.10 for use with Kubernetes

Oracle is pleased to announce the the developer preview release of Oracle Container Services 1.1.10 for use with Kubernetes®. This release maintains Oracle's commitment to conformance with the upstream project and is Certified Kubernetes by the Cloud Native Computing Foundation (CNCF). Release Information Oracle Container Services 1.1.10 for use with Kubernetes is based on Kubernetes version 1.10, as released upstream. It is available for Oracle Linux 7 and is designed to integrate with the Oracle Container Runtime for Docker. Oracle Container Services for use with Kubernetes runs in a series of Docker containers and these images are available from the new "Container Services (Developer)" section of the Oracle Container Registry. Oracle has provided and tested a setup and configuration script that takes advantage of the kubeadm cluster configuration utility. This setup script eases configuration and setup on Oracle Linux and provides additional support for backup and recovery. Installation Oracle Container Services 1.1.10 for use with Kubernetes is free to download from Oracle Linux 7 Developer Channel on the Oracle Linux yum server. You can use the standard yum update command to perform an upgrade, however Oracle does not support Kubernetes on systems where the ol7_preview, ol7_developer, or ol7_developer_EPEL yum repositories or ULN channels are enabled, or where software from these repositories, or channels, is currently installed on the systems where Kubernetes runs. Kubernetes® is a registered trademark of The Linux Foundation in the United States and other countries, and is used pursuant to a license from The Linux Foundation. Resources – Oracle Linux Documentation Oracle Linux Software Download Oracle Linux Oracle Container Registry Blogs Oracle Linux Blog Oracle Ksplice Blog Oracle Linux Kernel Development Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - https://oracle.com/education/linux For community-based support, please visit the Oracle Linux space on the Oracle Technology Network Community.

Oracle is pleased to announce the the developer preview release of Oracle Container Services 1.1.10 for use with Kubernetes®. This release maintains Oracle's commitment to conformance with...

Announcements

Announcing Oracle Container Runtime for Docker Release 18.03

Oracle is pleased to announce the release of Oracle Container Runtime for Docker version 18.03. Oracle Container Runtime allows you to create and distribute applications across Oracle Linux systems and other operating systems that support Docker. Oracle Container Runtime for Docker consists of the Docker Engine, which packages and runs the applications, and integrates with the Docker Hub, Docker Store and Oracle Container Registry to share the applications in a Software-as-a-Service (SaaS) cloud. Notable Updates Oracle has implemented multi-registry support that makes it possible to run the daemon with the --add-registry flag, to include a list of additional registries to query when performing a pull operation. This functionality, currently available as a technology preview, enables Oracle Container Runtime for Docker to use the Oracle Container Registry as the default registry to search for container images, before falling back to alternate registry sources such as a local mirror, the Docker Hub or Docker Store. Other functionality available in this feature includes the --block-registry flag which can be used to prevent access to a particular Docker registry. Registry lists ensure that all images are prefixed with their source registry automatically, so that a listing of Docker images always indicates the source registry from which an image was pulled.   Docker 18.03 introduces enhancements that allow for better integration with Kubernetes orchestration as an alternative to Docker Swarm, including changes to follow namespace conventions used across a variety of other containerization projects.   The Dockerfile can also now exist outside of the build-context, allowing you to store Dockerfiles together and to reference their paths in the docker build command on stdin.   Several improvements to logging and access to docker logs have been added, including the --until flag to limit the log lines to those that occurred before the specified timestamp.   Experimental Docker trust management commands have been added to better handle trust management on Docker images. See the docker trust command for more information. Upgrading To learn how to upgrade from a previously supported version of Oracle Container Runtime for Docker, please review the Upgrading Oracle Container Runtime for Docker chapter of the documentation. Note that upgrading from a developer preview release is not supported by Oracle. Support Support for the Oracle Container Runtime for Docker is available to customers with an Oracle Linux Premier support subscription. Refer to Oracle Linux 7 License Information User Manual for information about Oracle Linux support levels. Oracle Linux Resources: Documentation Oracle Linux Software Download Oracle Linux Oracle Container Registry Blogs Oracle Linux Blog Oracle Ksplice Blog Oracle Mainline Linux Kernel Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - https://oracle.com/education/linux For community-based support, please visit the Oracle Linux space on the Oracle Developer Community.

Oracle is pleased to announce the release of Oracle Container Runtime for Docker version 18.03. Oracle Container Runtime allows you to create and distribute applications across Oracle Linux systems...

Announcements

Announcing Oracle OpenStack Release 5.0

We are pleased to announce the release of Oracle OpenStack 5.0, based on the upstream Queens release. Oracle OpenStack 5.0 includes support for the KVM hypervisor included with the Unbreakable Enterprise Kernel Release 5 for Oracle Linux 7. What's New Support for OpenStack Queens  For more than two years, beginning with the Kilo release, Oracle OpenStack has deployed the OpenStack control plane in Docker containers, enabling simple, scalable, and reliable deployment, updates, and upgrades of OpenStack services. The Oracle OpenStack containers have been updated to the upstream Queens release. New Capabilities: In-place upgrade: easily upgrade Oracle OpenStack Release 4 (Pike) to Release 5 (Queens) without requiring additional hardware. This can either be done service by service or all at once with a single command, with no instance downtime. Newly Supported Services Ironic (Bare Metal-as-a-Service): enables users to deploy the workload onto a physical machine instead of a virtualized instance on a hypervisor. Users of the OpenStack Compute API can launch a bare metal server instance in the same way that they can currently launch a VM instance. Telemetry and monitoring tools: offers services including Ceilometer - a data collection service, Aodh - an alarming service, and Gnocchi - a time-series database and resource indexing service These tools enable applications such as metering, monitoring, alarming and billing. Designate: provides a multitenant DNS-as-a-Service for OpenStack. It can be configured to auto-generate records based on Nova and Neutron actions. Enhancements: Deployment Configuration Flexibility Secure-by-default configuration of TLS:  automatically installs trusted certificates, or generates and installs self-signed certificates to protect API endpoints. Reset-to-defaults: enables quick, automated iterations when testing various deployment configurations. Cinder Block Storage Services** Block storage multi-attach: attach a volume to multiple VMs to enable highly available clustered filesystems, such as ASM for Oracle Real Application Clusters (Oracle RAC). Ceph Luminous support: for Cinder backend and Cinder backup. NFS support: for volume backup, providing a flexible and economical solution for development and test environments. Nova Compute Services** Libvirt compute driver: enables a new block storage multi-attach feature in Cinder, critical for highly available, mission critical workloads such as Oracle RAC. Neutron Networking Service: Infoblox IPAM plugin integration: provides an interface from Neutron to the Infoblox DDI Appliance. The Infoblox DDI Appliance is a leading DNS / DHCP / IPAM solution for the enterprise and service providers. Keystone Identity Service Application Credentials: enables finer-grained access control. Glance Image Service Shared storage: is automatically configured for Glance, if available when using the file backend. ** Oracle has supported multi-attach Cinder/Nova capabilities for the automated deployment for Oracle RAC and Oracle Database 12c single instance since Release 4 (Pike). The OpenStack community incorporated these capabilities with the Queens release. Tech Preview Features: Terraform for Oracle Database 12c single instance: Terraform is an alternative option to the Murano service for automated deployment for Oracle Database 12c single instance. Some of the advantages of Terraform: Excellent portability and cloud agnostic: A single and universal tool for describing infrastructure for OpenStack, Oracle Cloud Infrastructure or any other public/private cloud. Enhanced troubleshooting capability: enables the progress of the Oracle Database 12c deployment script to be followed and its output viewed. Magnum (Container-as-a-Service): is an OpenStack API service making container orchestration engines (COE) such as Docker Swarm, Kubernetes and Apache Mesos available as first-class resources in OpenStack. Magnum uses Heat to orchestrate an OS image which contains Docker and COE and runs that image in either virtual machines or bare metal in a cluster configuration. OpenStack Community Contributions Oracle has been actively contributing to Nova, Cinder, Kolla, Murano, Oslo, and many other projects. All Oracle enhancements are contributed upstream and are freely available for anyone to use. Below are a few examples of Oracle code contributions available upstream for the Queens release. Kolla provides production-ready containers and deployment tools for operating OpenStack clouds. Oracle developed and contributed a command line interface called kollacli to Kolla. Kollacli provides a simple, intuitive and consistent user interface for driving kolla-ansible deployments. Multi-attach support for Nova/Cinder block device. This is required to support shared storage for Oracle RAC and other solutions that require shared storage. MySQL Cluster NDB: To address OpenStack scaling issues, Oracle OpenStack employs MySQL Cluster with NDB storage engine for the database backend. Oracle has contributed upstream enhancements to OpenStack services to help ensure they are using the oslo.db framework when doing database creations, upgrades, and migrations. Murano service: Oracle contributed numerous new features and bug fixes Product Life Cycle Support Support for Oracle OpenStack is included, at no additional cost, as part of Oracle Premier Support for Oracle Linux or Oracle Premier Support for Systems. Software Download  Download Oracle OpenStack Docker images from either the Oracle Container Registry, Docker Hub or Oracle Software Delivery Cloud. Please refer to chapters 2 through 4 of the Installation and Deployment Guide, available in the Oracle Documentation Library, for important steps to take prior to downloading the Docker images. Oracle Linux software packages required to deploy Oracle OpenStack are available from the Oracle Linux yum server and from the Unbreakable Linux Network (ULN). Resources Documentation: Release notes, Installation and Configuration Guide Application Deployment Guide Data Sheets, Podcast, Videos Oracle OpenStack Community Pages Product Training and Education Training from Oracle University:  Oracle OpenStack: Administration Essentials Ed 1 NEW Administration Essentials teaches students about essential OpenStack services for creating and managing cloud resources as a cloud administrator and identifies tasks cloud operators perform. Oracle OpenStack: Getting Started Ed 1 Getting Started teaches students that are new to OpenStack about this cloud computing architecture, core and optional services, Docker images and containers, a multi-node deployment, and troubleshooting deployments.

We are pleased to announce the release of Oracle OpenStack 5.0, based on the upstream Queens release. Oracle OpenStack 5.0 includes support for the KVM hypervisor included with the...

A Musical Tour of Hints and Tools for Debugging Host Networks

Shannon Nelson from the Oracle Linux Kernel Development team offers these tips and tricks to help make host network diagnostics easier. He also includes a recommended playlist for accompanying your debugging!   Ain't Misbehavin' (Dinah Washington) As with many debugging situations, digging into and resolving a network-based problem can seem like a lot of pure guess and magic.  In the networking realm, not only do we have the host system's processes and configurations to contend with, but also the exciting and often frustrating asynchronicity of network traffic. Some of the problems that can trigger a debug session are reports of lost packets, corrupt data, poor performance, even random system crashes.  Not always do these end up as actual network problems, but as soon as the customer mentions anything about their wiring rack or routers, the network engineer is brought in and put on the spot. This post is intended not as a full how-to in debugging any particular network issue, but more a set of some of the tips and tools that we use when investigating network misbehavior. Start Me Up (The Rolling Stones) In order to even get started, and probably the most important debugging tool available, is a concise and clear description of what is happening that shouldn't happen.  This is harder to get than one might think.  You know what I mean, right?  The customer might give us anything from "it's broken" to the 3 page dissertation of everything but the actual problem. We start gathering a clearer description by asking simple questions that should be easy to answer.  Things like: Who found it, who is the engineering contact? Exactly what equipment was it running on? When/how often does this happen? What machines/configurations/NICs/etc are involved? Do all such machines have this problem, or only one or two? Are there routers and/or switches involved? Are there Virtual Machines, Virtual Functions, or Containers involved? Are there macvlans, bridges, bonds or teams involved? Are there any network offloads involved? With this information, we should be able to write our own description of the problem and see if the customer agrees with our summary.  Once we can refine that, we should have a better idea of what needs to be looked into. Some of the most valuable tools for getting this information are simple user commands that the user can do on the misbehaving systems.  These should help detail what actual NICs and drivers are on the system and how they might be connected. uname -a - This is an excellent way to start, if nothing else but to get a basic idea of what the system is and how old is the kernel being used.  This can catch the case where the customer isn't running a supported kernel. These next few are good for finding what all is on the system and how they are connected: ip addr, ip link - these are good for getting a view of the network ports that are configured, and perhaps point out devices that are either offline or not set to the right address.  These can also give a hint as to what bonds or teams might be in place.  These replace the deprecated "ifconfig" command. ip route - shows what network devices are going to handle outgoing packets.  This is mostly useful on systems with many network ports. This replaces the deprecated "route" command and the similar "netstat -rn". brctl show - lists software bridges set up and what devices are connected to them. netstat -i - gives a summary list of the interfaces and their basic statistics. These are also available with "ip -s link", just formatted differently. lseth - this is a non-standard command that gives a nice summary combining a lot of the output from the above commands.  (See http://vcojot.blogspot.com/2015/11/introducing-lsethlsnet.html) Watchin' the Detectives (Elvis Costello) Once we have an idea which particular device is involved, the following commands can help gather more information about that device.  This can get us an initial clue as to whether or not the device is configured in a generally healthy way. ethtool <ethX> - lists driver and connection attributes such as current speed connection and if link is detected. ethtool -i <ethX> - lists device driver information, including kernel driver and firmware versions, useful for being sure the customer is working with the right software; and PCIe device bus address, good for tracking the low level system hardware interface. ethtool -l <ethX> - shows the number of Tx and Rx queues that are setup, which usually should match the number of CPU cores to be used. ethtool -g <ethX> - shows the number of packet buffers for each Tx and Rx queue; too many and we're wasting memory, too few and we risk dropping packets under heavy throughput pressure. lspci -s <bus:dev:func> -vv - lists detailed information about the NIC hardware and its attributes. You can get the interface's <bus:dev:func> from "ethtool -i". Diary (Bread) The system logfiles usually have some good clues in them as to what may have happened around the time of the issue being investigated.  "dmesg" gives the direct kernel log messages, but beware that it is a limited sized buffer that can get overrun and loose history over time. In older Linux distributions the systems logs are found in /var/log, most usefully in either /var/log/messages or /var/log/syslog, while newer "systemd" based systems use "journalctl" for accessing log messages. Either way, there are often interesting traces to be found that can help describe the behavior. One thing to watch out for is that when the customer sends a log extract, it usually isn't enough.  Too often they will capture something like the kernel panic message, but not the few lines before that show what led up to the panic.  Much more useful is a copy of the full logfile, or at least something with several hours of log before the event. Once we have the full file, it can be searched for error messages, any log messages with the ethX name or the PCI device address, to look for more hints.  Sometimes just scanning through the file shows patterns of behavior that can be related. Fakin' It (Simon & Garfunkel) With the information gathered so far, we should have a chance at creating a simple reproducer.  Much of the time we can't go poking at the customer's running systems, but need to demonstrate the problem and the fix on our own lab systems.  Of course we don't have the same environment, but with a concise enough problem description we stand a good chance of finding a simple case that shows the same behavior. Some traffic generator tools that help in reproducing the issues include: ping - send one or a few packets, or send a packet flood to a NIC.  It has flags for size, timing, and other send parameters. iperf - good for heavy traffic exercise, and can run several in parallel to get a better RSS spread on the receiver. pktgen - this kernel module can be used to generate much more traffic than user level programs, in part because the packets don't have to traverse the sender's network stack.  There are also several options for packet shapes and throughput rates. scapy - this is a Python tool that allows scripting of specially crafted packets, useful in making sure certain data patterns are exactly what you need for a particular test. All Along the Watchtower (The Jimi Hendrix Experience) With our own model of the problem, we can start looking deeper into the system to see what is happening: looking at throughput statistics and watching actual packet contents.  Easy statistic gathering can come from these tools: ethtool -S <ethX> - most NIC device drivers offer Tx and Rx packets counts, as well as error data, through the '-S' option of ethtool.  This device specific information is a good window into what the NIC thinks it is doing, and can show when the NIC sees low level issues, including malformed packets and bad checksums. netstat -s <ethX> - this gives protocol statistics from the upper networking stack, such as TCP connections, segments retransmitted, and other related counters. ip -s link show <ethX> - another method for getting a summary of traffic counters, including some dropped packets. grep <ethX> /proc/interrupts - looking at the interrupt counters can give a better idea of how well the processing is getting spread across the available CPU cores.  For some loads, we can expect a wide dispersal, and other loads might end up with one core more heavily loaded that others. /proc/net/* - there are lots of data files exposed by the kernel networking stack available here that can show many different aspects of the network stack operations. Many of the command line utilities get their info directly from these files. Sometimes it is handy to write your own scripts to pull the very specific data that you need from these files. watch - The above tools give a snapshot of the current status, but sometimes we need to get a better idea of how things are working over time.  The "watch" utility can help here by repeatedly running the snapshot command and displaying the output, even highlighting where things have changed since the last snapshot.  Example uses include: # See the interrupt activity as it happens watch "grep ethX /proc/interrupts" # Watch all of the NIC's non-zero stats watch "ethtool -S ethX | grep -v ': 0'" Also useful for catching data in flight is tcpdump and its cousins wireshark and tcpreplay.  These are invaluable in catching packets from the wire, dissecting what exactly got sent and received, and replaying the conversation for testing.  These have whole tutorials in and of themselves so I won't detail them here, but here's an example of tcpdump output from a single network packet: 23:12:47.471622 IP (tos 0x0, ttl 64, id 48247, offset 0, flags [DF], proto TCP (6), length 52) 14.0.0.70.ssh > 14.0.0.52.37594: Flags [F.], cksum 0x063a (correct), seq 2358, ack 2055, win 294, options [nop,nop,TS val 2146211557 ecr 3646050837], length 0 0x0000: 4500 0034 bc77 4000 4006 61d3 0e00 0046 0x0010: 0e00 0034 0016 92da 21a8 b78a af9a f4ea 0x0020: 8011 0126 063a 0000 0101 080a 7fec 96e5 0x0030: d952 5215 Photographs and Memories (Jim Croce) Once we've made it this far and we have some idea that it might be a particular network device driver issue, we can do a little research into the history of the driver.  A good web search is an invaluable friend. For example, a web search for "bnxt_en dropping packets" brings up some references to a bugfix for the Nitro A0 hardware - perhaps this is related to a packet drop problem we are seeing? If we have a clone of the Linux kernel git repository, we can do a search through the patch history for key words.  If there's something odd happening with macvlan filters, this will point out some patches that might be related to the issue.  For example, here's a macvlan issue with driver resets that was fixed upstream in v4.18: $ git log --oneline drivers/net/ethernet/intel/ixgbe | grep -i macvlan | grep -i reset 8315ef6 ixgbe: Avoid performing unnecessary resets for macvlan offload e251ecf ixgbe: clean macvlan MAC filter table on VF reset   $ git describe --contains 8315ef6 v4.18-rc1~114^2~380^2 Reelin' In the Years (Steely Dan) A couple of examples can show a little of how these tools have been used in real life.  Of course, it's never as easy as it sounds when you're in the middle of it. lost/broken packets with TSO from sunvnet through bridge When doing some performance testing on the sunvnet network driver, a virtual NIC in the SPARC Linux kernel, we found that enabling TSO actually significantly hurt throughput, rather than helping, when going out to a remote system.  After using netstat and ethtool -S to find that there were a lot of lost packets and retries through the base machine's physical, we used tcpdump on the NIC and at various points in the internal software bridge to find where packets were getting broken and dropped.  We also found comments in the netdev mailing list about an issue with TSO'd packets getting messed up when going into the software bridge.  We turned off TSO for packets headed into the host bridge and the performance issue was fixed. log file points out misbehaving process In a case where NIC hardware was randomly freezing up on several servers, we found that a compute service daemon had recently been updated with a broken version that would immediately die and restart several times a second on scores of servers at the same time, and was resetting the NICs each time.  Once the daemon was fixed, the NIC resetting stopped and the network problem went away. Bring It On Home This is just a quick overview of some of the tools for debugging a network issue.  Everyone has their favorite tools and different uses, we've only touched on a few here. They are all handy, but all need our imagination and perseverance to be useful in getting to the root of whatever problem we are chasing.  Also useful are quick shell scripts written to collect specific sets of data, and shell scripts to process various bits of data when looking for something specific.  For more ideas, see the links below. And sometimes, when we've dug so far and haven't yet found the gold, it's best to just get up from the keyboard, take a walk, grab a snack, listen to some good music, and let the mind wander. Good hunting. Related pages Linux network troubleshooting and debugging - https://unix.stackexchange.com/questions/50098/linux-network-troubleshooting-and-debugging Tracing NFS: Beyond tcpdump - https://blogs.oracle.com/linux/tracing-nfs%3a-beyond-tcpdump-v2 Tracing Linux Networking with DTrace on Oracle Linux - https://blogs.oracle.com/linux/tracing-linux-networking-with-dtrace-on-oracle-linux-v2 iproute2 uses - https://baturin.org/docs/iproute2/ A tcpdump Tutorial and Primer with Examples - https://danielmiessler.com/study/tcpdump/ Searching git code and logs - https://git-scm.com/book/en/v2/Git-Tools-Searching  https://git-scm.com/docs/git-log#git-log--Sltstringgt Wireshark User’s Guide - https://www.wireshark.org/docs/wsug_html/ systemd: Using the journal - https://fedoramagazine.org/systemd-using-journal/

Shannon Nelson from the Oracle Linux Kernel Development team offers these tips and tricks to help make host network diagnostics easier. He also includes a recommended playlist for accompanying your...

Linux Kernel Development

Getting system resource information with a Standard API

Oracle Linux kernel developer Rahul Yadav kicked off a new project in LXC this year, called libresource. In this blog post, he talks about how to use libresource to effectively read system statistics in a stable manner. This project is hosted on github at https://github.com/lxc/libresource System resource information, like memory, network and device statistics, are crucial for system administrators to understand the inner workings of their systems, and are increasingly being used by applications to fine tune performance on different environments. Getting system resource information on Linux is not a straightforward affair. Many tools like top, free and sar can gather system statistics. The best way is to collect the information from procfs or sysfs, but getting such information from procfs or sysfs presents many challenges.  Each time an application wants to get a system resource information, it has to open a file, read the content and then parse the content to get actual information. Over time, the format in which information is provided might change and with that each application has to change its own code to read the data in the correct manner. Libresource tries to fix few of these problems by providing a standard library with set of APIs through which we can get system resource information e.g. memory, CPU, stat, networking, security related information. Find libresource on github at https://github.com/lxc/libresource Libresource provides following benefits: Ease of use: Currently applications needs to read this info mostly from /proc and /sys file-systems. In most of the cases complex string parsing is involved which is needed to be done in application code. With the library APIs application can get the information directly and all the string parsing, if any, will be done by library. Stability: If the format in which the information is provided in /proc or /sys file-system is changed then the application code is changed to align with those changes. Also if a better way to get information comes in future, like through a syscall or a sysconf then again application code needs to be changed to get the benefit of it. Library will take care of such changes and the application will never have to change the code. Virtualization: In cases where DB is running in a virtualized environment using cgroup or namespaces, reading from /proc and /sys file-systems might not give correct information as these are not cgroup aware. Library API will take care of this e.g. if a process is running in a cgroup then library should provide information which is local to that cgroup.  Interfaces to libresource Reading a single resource ID /* This is to read a resource information. A valid resource id should be * provided in res_id, out should be properly allocated on the basis of * size of resource information, hint should be given where needed. * Currently pid and flags are not used, they are for future extensions. */ int resread(int resid, void out, void hint, int pid, int flags); /* Available Resource IDs */ RES_MEM_ACTIVE Total amount of buffer or page cache memory, in kilobytes, that is in active use. RES_MEM_INACTIVE Total amount of buffer or page cache memory, in kilobytes, that are free and available RES_MEM_AVAILABLE An estimate of how much memory is available for starting new applications, without swapping. RES_MEM_FREE The amount of physical RAM, in kilobytes, left unused by the system. RES_MEM_TOTAL Total amount of physical RAM, in kilobytes. RES_MEM_PAGESIZE Size of a page in bytes RES_MEM_SWAPFREE Total amount of swap free, in kilobytes. RES_MEM_SWAPTOTAL The total amount of swap available, in kilobytes. RES_KERN_COMPILE_TIME Kernel compile time RES_KERN_RELEASE Kernel version RES_NET_ALLIFSTAT Network stat for all interfaces on system. RES_NET_IFSTAT Network stat for an interface RES_MEM_INFOALL All Memory related information Reading multiple resources in one call If an application wants to read multiple resource information in one call, it can call res_*_blk APIs to do so which are described below. #define RES_UNIT_OUT_SIZE 256 /* This union is used to return resource information of various types */ union r_data { int i; size_t sz; long l; char str[RES_UNIT_OUT_SIZE]; void *ptr; }; /* In case of res_read_blk, each resource information will be represented by * following structure. */ typedef struct res_unit { int status; unsigned int res_id; void *hint; union r_data data; } res_unit_t; /* In case of bulk read (res_read_blk), this structure will hold all required * information needed to do so. */ typedef struct res_blk { int res_count; res_unit_t *res_unit[0]; } res_blk_t; /* It allocates memory for resources and initiates them properly. * res_ids holds an array of valid resource ids and res_count holds * number of resource ids. It also initializes struct fields properly. */ extern res_blk_t *res_build_blk(int *res_ids, int res_count); /* Reading bulk resource information. Memory must be properly allocated and * all fields should be properly filled to return error free resource * information. res_build_blk call is suggested to allocate build res_blk_t * structure. */ extern int res_read_blk(res_blk_t *resblk, int pid, int flags); /* Free allocated memory from res_build_blk */ extern void res_destroy_blk(res_blk_t *resblk); Some Examples Reading total memory size_t stemp = 0; res_read(RES_MEM_TOTAL,&stemp,NULL, 0, 0); printf("MEMTOTAL is: %zu\n", stemp); Reading network interface related statistics for interface named "lo" res_net_ifstat_t ifstat; res_read(RES_NET_IFSTAT,&ifstat, (void *)"lo",0, 0); printf("status for %s: %llu %llu\n", ifstat.ifname, ifstat.rx_bytes, ifstat.rx_packets ); Reading multiple resources in one call res_blk_t *b = NULL; int a[NUM] = {RES_MEM_PAGESIZE, RES_MEM_TOTAL, RES_MEM_AVAILABLE, RES_MEM_INFOALL, RES_KERN_RELEASE, RES_NET_IFSTAT, RES_NET_ALLIFSTAT, RES_KERN_COMPILE_TIME }; b = res_build_blk(a, NUM); b->res_unit[5]->hint = (void *)"lo"; res_read_blk(b, 0, 0); printf("pagesize %ld bytes,\n memtotal %ld kb,\n memavailable %ld kb,\n" " memfree %ld kb,\n release %s,\n compile time %s\n", b->res_unit[0]->data.sz, b->res_unit[1]->data.sz, b->res_unit[2]->data.sz, ((res_mem_infoall_t *)(b->res_unit[3]->data.ptr))->memfree, b->res_unit[4]->data.str, b->res_unit[7]->data.str ); res_net_ifstat_t *ip = (res_net_ifstat_t *)b->res_unit[5]->data.ptr; printf("stat for interface %s: %llu %llu\n", ip->ifname, ip->rx_bytes, ip->rx_packets ); int k = (int)(long long)b->res_unit[6]->hint; res_net_ifstat_t *ipp = (res_net_ifstat_t *)b->res_unit[6]->data.ptr; for (int j=0; j< k; j++) { printf("stat for interface %s: %llu %llu\n", ipp[j].ifname, ipp[j].rx_bytes, ipp[j].rx_packets ); } free(ipp); res_destroy_blk(b); res_blk_t *b = NULL; int a[NUM] = {RES_MEM_PAGESIZE, RES_MEM_TOTAL, RES_MEM_AVAILABLE, RES_MEM_INFOALL, RES_KERN_RELEASE, RES_NET_IFSTAT, RES_NET_ALLIFSTAT, RES_KERN_COMPILE_TIME }; b = res_build_blk(a, NUM); b->res_unit[5]->hint = (void *)"lo"; res_read_blk(b, 0, 0); printf("pagesize %ld bytes,\n memtotal %ld kb,\n memavailable %ld kb,\n" " memfree %ld kb,\n release %s,\n compile time %s\n", b->res_unit[0]->data.sz, b->res_unit[1]->data.sz, b->res_unit[2]->data.sz, ((res_mem_infoall_t *)(b->res_unit[3]->data.ptr))->memfree, b->res_unit[4]->data.str, b->res_unit[7]->data.str ); res_net_ifstat_t *ip = (res_net_ifstat_t *)b->res_unit[5]->data.ptr; printf("stat for interface %s: %llu %llu\n", ip->ifname, ip->rx_bytes, ip->rx_packets ); int k = (int)(long long)b->res_unit[6]->hint; res_net_ifstat_t *ipp = (res_net_ifstat_t *)b->res_unit[6]->data.ptr; for (int j=0; j< k; j++) { printf("stat for interface %s: %llu %llu\n", ipp[j].ifname, ipp[j].rx_bytes, ipp[j].rx_packets ); } free(ipp); res_destroy_blk(b);

Oracle Linux kernel developer Rahul Yadav kicked off a new project in LXC this year, called libresource. In this blog post, he talks about how to use libresource to effectively read system statistics...

Oracle Database Runs Best on Oracle Linux

Why does Oracle Database run best on Oracle Linux?  A new white paper is now available where you’ll learn what makes the Oracle Linux cloud-ready operating system a cost-effective and high-performance choice when modernizing infrastructure or consolidating Oracle Database instances. When you deploy Oracle Database on Oracle Linux, you can have the confidence that you are deploying on an operating system backed by development teams that work closely together to optimize performance, security, mission-critical reliability, availability, and serviceability. Because Oracle’s applications, middleware, and database products are developed on Oracle Linux, you’ll be deploying on the most extensively tested solution, whether it be on-premises or in the cloud. For Oracle Database workloads, advantages are afforded by the operating system’s deep integration with the solution stack, optimizations resulting from Oracle’s upstream Linux kernel work and industry collaborations, and enhancements delivered in the Unbreakable Enterprise Kernel (UEK) for Oracle Linux. With Oracle Linux Support, your software environment is backed by the expertise of Oracle’s global 24x7 support organization, regardless of whether you deploy on certified partner hardware, Oracle servers, an Oracle engineered solution, or Oracle Cloud. You also receive management and high availability solutions at no additional charge, which helps reduce the TCO of your database infrastructure. Additionally, when you deploy Oracle Database on Oracle Cloud, all the benefits of Oracle Linux Support and more are provided at no additional cost. To find out more about these and other Oracle Linux advantages for Oracle Database, download a copy of the white paper: Why Oracle Database Runs Best on Oracle Linux today.

Why does Oracle Database run best on Oracle Linux?  A new white paper is now available where you’ll learn what makes the Oracle Linuxcloud-ready operating system a cost-effective and...

Linux

Getting Started with Oracle Arm Toolset 1

Why Use Oracle Arm Toolset 1? Oracle Linux 7 for Arm was announced earlier this summer. Oracle includes the "Oracle Arm Toolset 1" [see release notes], which provides many popular development tools, including: gcc v7.3.0 Supports the 2011 revision of the ISO C standard. g++ v7.3.0 Supports the 2014 ISO C++ standard. gfortran v7.3.0 Supports Fortran 2008 go 1.10.1 The Go Programming Language gdb v8.0.1 The GNU debugger binutils v2.30   Binary utilities The above versions are much more recent than the base system versions. The base system versions are intentionally kept stable for many years, in order to help ensure compatibility for device drivers and other components that may be intimately tied to a specific compiler version. For your own applications, you might want to use more modern language features. For example, Oracle Arm Toolset 1 includes support for C++14.   Illustration credit: Laura Bassett, via wikipedia For a complete list of the software packages in Oracle Arm Toolset 1, see the packages listed at the Oracle Linux 7 Software Collections yum repo. Steps (1) repo Download the Oracle Linux repo file: # cd /etc/yum.repos.d # wget http://yum.oracle.com/aarch64/public-yum-ol7.repo (2) Enable the collection In the repo file, set enabled=1 for ol7_software_collections: Edit the .repo file. Notice that there are many repositories. At minimum, you should edit the section about the Software Collection Library to set  enabled=1 While you are there, review the other repositories, and decide which others you would like to enable. You can view the Software Collection Library in a browser by going to:  http://yum.oracle.com/repo/OracleLinux/OL7/SoftwareCollections/aarch64/index.html (3) Install # yum install 'oracle-armtoolset-1*' (4) Enable a shell with the software collection $ scl enable oracle-armtoolset-1 bash Note that this will start a new shell.   (Of course, you could change the word ‘bash’ above to some other shell if you prefer.) (5) Verify Verify that the gcc command invokes the correct copy, and that paths are set as expected: which gcc echo $PATH echo $MANPATH echo $INFOPATH echo $LD_LIBRARY_PATH  Expected output: The which command should return: /opt/oracle/oracle-armtoolset-1/root/usr/bin/gcc All four echo commands should begin with: /opt/oracle/oracle-armtoolset-1/   (6) Wrong gcc?  Wrong paths? If Step (5) gives unexpected output, then check whether your shell initialization files are re-setting the path variables. If so here are four possible solutions: (6a) norc Depending on your shell, there is probably an option to start up without initialization. For example, if you are a bash user, you could say: scl enable oracle-armtoolset-1 "bash --noprofile --norc" (6b) silence Alternatively, you can edit your shell initialization files to avoid setting paths, leaving it up to  scl instead. (6c) (RECOMMENDED) Set paths only in your login shell initialization files. The easiest solution is probably to check out the documentation for your shell and notice that it probably executes certain file(s) at login time and certain other file(s) when a new sub shell is created. For example, bash at login time will look for    ~/.bash_profile, ~/.bash_login, or ~/.profile and for sub shells it looks for    ~/.bashrc If you do your path setting in ~/.bash_profile and avoid touching paths in .bashrc, then the scl enable command will successfully add Oracle Arm Toolset 1 to your paths. (6d) (Kludge) enable last  If for some reason you wish to set paths in your sub shell initialization file, then please ensure that the toolset's enable scriptlet is done last. Here is an example from the bottom of my current .bashrc # If this is a shell created by 'scl enable', then make sure that the # 'enable' scriplet is done last, after all other path setting has # been completed. grandparent_cmd=$(ps -o cmd= $(ps -o ppid= $PPID)) if [[ "$grandparent_cmd" =~ "scl enable" ]] ; then #echo "looks like scl" grandparent_which=${grandparent_cmd/scl enable} grandparent_which=${grandparent_which/bash} grandparent_which=${grandparent_which// } grandparent_enable=$(ls /opt/*/$grandparent_which/enable 2>/dev/null) if [[ -f $grandparent_enable ]] ; then sourceit="source $grandparent_enable" echo doing "'$sourceit'" $sourceit else echo "did not find the enable scriplet for '$grandparent_which'" fi fi Sources If you would like the sources: wget http://yum.oracle.com/repo/OracleLinux/OL7/SoftwareCollections/aarch64/getPackageSource/oracle-armtoolset-1-gcc-7.3.0-2.el7.src.rpm

Why Use Oracle Arm Toolset 1? Oracle Linux 7 for Arm was announced earlier this summer. Oracle includes the "Oracle Arm Toolset 1" [see release notes], which provides many popular development...

Linux

DTrace on Linux: an Update

DTrace offers easy-but-powerful dynamic tracing of system behavior, and it is so lightweight and safe that it can routinely be used on production systems. DTrace was originally developed for the Oracle Solaris operating system. Oracle has also ported DTrace to Linux. Recent enhancements for Linux include: initial ARM64 support implementation of additional providers (lockstat, initial pid provider support) improved feature alignment with other DTrace implementations (llquantize, a third argument to tracemem, etc.) compile-time array bounds checking translator support for kernels 4.12 - 4.14 pid provider support for userspace tracing bug fixes (better address-to-symbolic-name translation, drastically faster dtrace_sync() data updating, etc.) Providers now include: X86 ARM64 Provider X X dtrace (BEGIN, END, ERROR) X   fbt (function boundary tracing) X   io X   ip X   lockstat X   perf X X pid (tracing in a specific pid) X   proc (e.g. for process creation and termination) X X profile X   sched X   sdt (statically defined tracing; e.g., for instrumenting specific source code sites) X X usdt (statically defined tracing for user applications) X X syscall X   tcp X   udp   DTrace for Linux is shipped as part of the Unbreakable Enterprise Kernel (UEK) Release 4 for Oracle Linux (for x86_64) and UEK Release 5 (for aarch64 and x86_64 with Oracle Linux 7). Going forward, new versions of DTrace will be released exclusively on UEK R5 and beyond, as development for UEK R4 is no longer active. The recent DTrace for Linux presentation at FOSDEM 2018 provides more helpful details. Download information can be found at http://www.oracle.com/technetwork/server-storage/linux/downloads/linux-dtrace-2800968.html. On Oracle Linux, you can install the dtrace-utils and dtrace-utils-devel packages, which can be found on yum.oracle.com or the Unbreakable Linux Network. In addition, source code is available with other Oracle open source projects at https://oss.oracle.com/projects/DTrace/ and on github at https://github.com/oracle/dtrace-utils. The Linux kernel DTrace code is also merged periodically with more recent upstream kernels and the resulting code can be found in a git repository on oss.oracle.com: https://oss.oracle.com/git/gitweb.cgi?p=dtrace-linux-kernel.git. Help is available on the dtrace-devel mailing list.

DTrace offers easy-but-powerful dynamic tracing of system behavior, and it is so lightweight and safe that it can routinely be used on production systems. DTrace was originally developed for the Oracle...

Announcing Release 3 of Ceph Storage for Oracle Linux

We are excited to announce Release 3 of Ceph Storage for Oracle Linux. This release presents a uniform view of object and block storage from a cluster of multiple physical and logical commodity-hardware storage devices. Ceph can provide fault tolerance and enhance I/O performance by replicating and striping data across the storage devices in a Ceph Storage Cluster. Ceph's monitoring and self-repair features minimize administration overhead. Release 3 of Ceph Storage for Oracle Linux is based on the Ceph Community Luminous release (v12.2.5). Differences between Oracle versions of the software and upstream releases are limited to Oracle-specific fixes and patches for specific bugs. Supported features include the Object Store, Block Device, Ceph Storage Cluster, Ceph File System (Ceph FS), Simple Ceph Object Gateway, and Multisite Ceph Object Gateway components.   Notable new features: Ceph Manager daemon, ceph-mgr, to monitor clusters Ceph Manager web-based dashboard OSDs using the BlueStore backend to manage HDDs and SSDs Simplified OSD replacement process   Release 3 of Ceph Storage for Oracle Linux adds support for: Ceph iSCSI gateway Ceph FS Export Ceph FS filesystems and block storage over NFS Ceph block devices with QEMU   Supported Upgrade Path Please refer to the product documentation upgrade section for steps and procedures.   Product Support Release 3 of Ceph Storage for Oracle Linux replaces the previous 2.0 release. Release 3.0 of Ceph Storage for Oracle Linux is available for Oracle Linux 7 (x86_64) running the Unbreakable Enterprise Kernel Release 5. A minimum of Oracle Linux 7 Update 5 is required. The ceph-deploy package for Release 3.0 is available via ULN or Oracle Linux yum server.   Resources – Oracle Linux Documentation Oracle Linux Oracle OpenStack  Software Download Oracle Linux Oracle OpenStack  Blogs Oracle Linux Blog Oracle OpenStack Blog   Community Pages Oracle Linux Oracle OpenStack  Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux, Oracle OpenStack

We are excited to announce Release 3 of Ceph Storage for Oracle Linux. This release presents a uniform view of object and block storage from a cluster of multiple physical and...

Announcements

Latest Oracle Linux 7.5 and 6.10 Vagrant Boxes Now Available

We've just updated our Oracle Linux Vagrant boxes for Oracle VM VirtualBox to Oracle Linux 7.5 with Unbreakable Enterprise Kernel release 5 and Oracle Linux 6.10. These Vagrant boxes include: A recent kernel Oracle Linux 7: UEK5 (4.14.35-1818.0.9.el7uek.x86_64) Oracle Linux 6: UEK4 (4.1.12-124.16.4.el6uek.x86_64) VirtualBox guest additions RPMs installed Minimal package set installed 32 GiB root volume 4 GiB swap XFS root filesystem Extra 16GiB VirtualBox disk image attached, dynamically allocated The complete latest details are always here: yum.oracle.com/boxes VirtualBox Guest Addition RPMs Last year, we introduced RPM versions of VirtualBox Guest Additions to simplify installation and upgrade of these essential drivers and guest OS optimizations. Our boxes come pre-installed with the guest addition RPMs. Get Up and Running Quickly with Pre-configured Software Stacks: Vagrantfiles on GitHub If you'd like to experiment with Oracle Database, Docker, or Kubernetes and are looking to get started quickly without getting bogged down with installation details, these Vagrantfiles we've posted on Vagrantfiles on GitHub are for you. For example, there are Vagrantfiles and instructions to quickly: set up a Kubernetes cluster install Oracle Database 12c on Oracle Linux set up a Docker environment set up a local Docker Container Registry References Vagrantfile examples on GitHub Oracle Linux Vagrant boxes

We've just updated our Oracle Linux Vagrant boxes for Oracle VM VirtualBox to Oracle Linux 7.5 with Unbreakable Enterprise Kernel release 5 and Oracle Linux 6.10. These Vagrant boxes include: A recent...

Resilient RDMA IP Addresses

Oracle Linux kernel developer Sudhakar Dindukurti contributed this post on the work he's doing to bring the Resilient RDMA IP feature from RDS into upstream. This code currently is maintained in Oracle's open source UEK kernel and we are working on integrating this into the upstream Linux source code. 1.0 Introduction to Resilient RDMA IP The Resilient RDMAIP module assists ULPs (RDMA Upper Level Protocols) to do failover, failback and load-balancing  for InfiniBand and RoCE adapters.   RDMAIP is a feature for RDMA connections in Oracle Linux.  When this feature, also known as active-active bonding, is enabled the Resilient RDMAIP module creates an active bonding group among the ports of an adapter. Then, if any network adapter is lost the IPs on that port will be moved to the other port automatically providing HA for the application while allowing the full available bandwidth to be used in the non-failure scenario. Reliable Datagram Sockets (RDS) are high-performance, low-latency reliable connection-less sockets for delivering datagrams. RDS provides reliable, ordered datagram delivery by using a single reliable transport between two nodes. For more information on RDS protocol, please see the RDS documentation.  RDS RDMA uses Resilient RDMAIP module to provide HA support.  RDS RDMA module listens to RDMA CM Address change events that are delivered by the Resilient RDMAIP module. RDS drops all the RC connections associated with the failing port when it receives address change event and re-establishes new RC connections before sending the data the next time. Transparent high availability is an important issue for  RDMA-capable NIC adapters compared to standard NICs (Network Interface Cards). In case of standard NICs, the IP layer can decide which path or which netdev interface to use for sending a packet. This is not possible for RDMA capable adapters for security and performance reasons which tie the hardware to a specific port and path.   To send a data packet using RDMA to the remote node,  there are several steps: 1) Client application registers the memory with the RDMA adapter and the RDMA adapter returns an R_Key for the registered memory region to the client.  Note that the registration information is saved on the RDMA adapter. 2) Client sends this  "R_key" to the remote server  3) Server includes this R_key while requesting RDMA_READ/RDMA_WRITE to client 4) RDMA adapter on the client side uses the "R_key" to find the memory region and proceed with the transaction. Since the "R_key' is bound to a particular RDMA adapter,  same R_KEY cannot be used to send the data over another RDMA adapter.  Also, since RDMA applications can directly talk to the hardware, bypassing the kernel, traditional bonding (which lies in kernel) cannot provide HA. Resilient RDMAIP does not provide transparent failover for kernel ULPs or for OS bypass applications, however, it enables ULPs to failover, failback, and load balance over RDMA capable adapters. RDS (Reliable Datagram Sockets) protocol is the first client that is using Resilient RDMAIP module support to provide HA. The below section talks about the role of Resilient RDMAIP for different features. 1.1 Load balancing All the interfaces in the active active bonding group have individual IPs. RDMA consumers can use one or more  interfaces to send data simultaneously and are responsible to spread the load across all the active interfaces. 1.2 Failover If any interface in the active active bonding group goes down, then Resilient RDMAIP module moves  the IP address(s) of the interface to the other interface in the same group and it also sends a RDMA CM (Communication Manager) address change event to the RDMA kernel ULPs. RDMA kernel ULPs that are HA capable, would stop using the interface that went down and start using the other active interfaces.  For example, if there are any Reliable Connections (RC) established on the downed interface,  the ULP can close all those connections and re-establishes them on the failover interface. 1.3 Failback If the interface that went down earlier comes back up, then Resilient RDMAIP module moves back the IP address to the original interface and it again sends RDMA CM address change event to the kernel consumers.  RDMA kernel consumers would take action when they receive address change event. For example, RDMA consumers would move the connections that were moved as part of failover. 2.0 Resilient RDMAIP module provides the below module parameters rdmaip_active_bonding_enabled Set to 1 to enable active active bonding feature Set to 0 to disable active active bonding feature By default,  active active bonding feature is disabled. If active bonding is enabled, then the Resilient RDMAIP module creates an active bonding group among ports of the same RDMA adapter. For example,  consider a system with two RDMA adapters each with two ports, one Infiniband (ib0 and ib1) and one RoCE (eth5 and eth5). On this setup,  two active bonding groups will be created 1) Bond 1 with ib0 and ib1 2) Bond 2 with eth4 and eth5   rdmaip_ipv4_exclude_ips_list For IPs listed in this parameters, active bonding feature will be disabled. by default,  link local addresses are excluded by Resilient RDMAIP. 3.0 How it works ?   In Figure 1, there are two nodes with one 2-port Infiniband HCA each and each port of the HCA is connected to a different switch as shown. Two IPoIB interfaces (ib0 and ib1) are created, one for each port as shown in the diagram. When active active bonding is enabled,  Resilient RDMAIP module automatically creates a bond between two ports of the Infiniband HCA. 1) All the IB interfaces are up and configured   #ip a --- ib0: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:01 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.92/24 brd 10.10.10.255 scope global ib0 valid_lft forever preferred_lft forever ib1: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:09:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:02 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.102/24 brd 10.10.10.255 scope global secondary ib0:P06 valid_lft forever preferred_lft forever 2)  When Port 2 on Node 1 goes down, ib1 IP '10.10.10.102' will be moved to Port 1 (ib0) - Failover #ip a -------------- ib0: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:01 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.92/24 brd 10.10.10.255 scope global ib0 valid_lft forever preferred_lft forever inet 10.10.10.102/24 brd 10.10.10.255 scope global secondary ib0:P06 valid_lft forever preferred_lft forever inet6 fe80::210:e000:129:6501/64 scope link valid_lft forever preferred_lft forever ib1: mtu 2044 qdisc pfifo_fast state DOWN qlen 256 link/infiniband 80:00:02:09:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:02 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff ----------------   3) When Port 2 on node 1 comes back, IP '10.10.10.102' will be moved back to Port 2 (ib1) - Failback #ip a --- ib0: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:01 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.92/24 brd 10.10.10.255 scope global ib0 valid_lft forever preferred_lft forever ib1: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:09:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:02 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.102/24 brd 10.10.10.255 scope global secondary ib0:P06 valid_lft forever preferred_lft forever   Example: RDS Implementation Here are the sequence steps that occur during failover and failback. Consider an RDS application establishing an RDS socket between IP1 on node 1 Port 1 to IP3 on node 2.  For this case, at RDS kernel level, there will be one RC connection between IP1 and IP3.   Case 1: Port 1 on Node 1 goes down Resilient RDMAIP module moves the IP address IP1  from Port 1 to Port 2 Port 2 will have two IPs (IP1 and IP2) Resilient RDMAIP module sends an RDMA CM address change event to RDS RDS RDMA driver,  drops the IB connection between IP1 (Port 1) to IP3 as part of handling the address change event. RDS RDMA driver creates a new RC connection between IP1 (Port 2) to IP3  when it receives a new send request from IP1 to IP3 After failover,  when RDS resolves IP1, it will get path records for Port 2 as IP1 is now bound to Port 2. Case 2: Port 1 on Node 1 comes back UP Resilient RDMAIP module moves the IP address IP1  from Port 2 to Port 1 Resilient RDMAIP module sends an RDMA CM address change event to RDS RDS RDMA driver drops the IB connection between IP1 (Port 2) to IP3 as part of handling the address change event. RDS RDMA driver creates a new RC connection between IP1 (Port 1) to IP3 when it receives a new send request from IP1 to IP3 After failback,  when RDS resolves IP1, it will get path records for Port 1 as IP1 is now bound to Port 1. 4.0 Future work The Resilient RDMAIP module's current implementation not tightly coupled with the network stack implementation. For example, RDMA kernel consumers do not have an option to create active bonding groups and also there are no APIs that can tell the RDMA consumers about the active bond groups and which interfaces that are configured in the active bond group.  As a result, current design and implementation are not suitable tor upstream. We are currently working on developing an version of this module which would be something we can submit to upstream Linux, but until then the code for RDMAIP can be found on oss.oracle.com and our github pages.  

Oracle Linux kernel developer Sudhakar Dindukurti contributed this post on the work he's doing to bring the Resilient RDMA IP feature from RDS into upstream. This code currently is maintained in...

Linux Kernel Development

Translating Process ID between Namespaces

Oracle Linux kernel developer Nagarathnam Muthusamy contributed this blog post on the challenges of translating pids (process IDs) between different namespaces. This is a feature currently lacking from namespace support in the Linux kernel and is an important feature to enable multitenant use of the Oracle database via CDBs.  Process ID(PID) namespace facility in Linux kernel has been an effective way of providing isolation between groups of processes which in turn has been employed by various implementations of containers. Though strong isolation between processes is desired, there are always some processes which would like to monitor the activities of other processes and their resource utilizations in the system. Each PID namespace has its own sequence of PIDs which require any processes monitoring them from top of the hierarchy to translate the process ID to and from its own PID namespace. Linux kernel has various set of APIs which provide PID in its result. Any such API can be used for PID translations and following are few of the approaches. SCM_CREDENTIALS:     The sender can translate its PID from its own namespace to a PID in the target namespace by sending and receiving the SCM_CREDENTIALS message. The drawback of this method is the requirement of a socket communication channel to PID translation which adds to the management overhead. This method does not enable the sender to translate the PID of other process unless it is root or it has CAP_SYS_ADMIN.     Ref: http://man7.org/linux/man-pages/man7/unix.7.html /proc/<pid>/status file     /proc/<pid>/status file provides a way to find the PIDs associated with a process in different namespaces. PID translation from child namespace to parent namespace from parent namespace would require searching all the status file in the parent namespace to find the desired PID at desired level.     Ref: http://man7.org/linux/man-pages/man5/proc.5.html     Ref: https://patchwork.kernel.org/patch/5861791/ shmctl(..,IPC_STAT,..), msgctl(..,IPC_STAT,..)     struct shmid_ds provided by IPC_STAT on a shared memory contains following two elements. pid_t shm_cpid; /* PID of creator */ pid_t shm_lpid; /* PID of last shmat(2)/shmdt(2) */       struct msqid_ds provided by IPC_STAT on a message queue contains following two elements. pid_t msg_lspid; /* PID of last msgsnd(2) */ pid_t msg_lrpid; /* PID of last msgrcv(2) */ PIDs in these elements are translated to the PID namespace of the caller. Though these can be used by monitors to keep track of the usage of shared resources by processes regardless of their namespace, these APIs cannot be used for generic PID translation without creating extra shared memory or message queues. Ref: http://man7.org/linux/man-pages/man2/shmctl.2.html Ref: http://man7.org/linux/man-pages/man2/msgctl.2.html semctl(..,GETPID,..)     GETPID command of semctl provides the PID of the process that performed the last operation on a semaphore. Similar to shmctl and msgctl, this is an excellent way to monitor the users of a semaphore but cannot be used for generic PID translation without creating extra semaphores.  shmctl and semctl were fixed in upstream linux kernel 4.17. This facility might not be available in older releases but will be part of the Oracle UEK. Ref: http://man7.org/linux/man-pages/man2/semctl.2.html fcntl(..,F_GETLK,..)     F_GETLK command of fcntl provides information on process which is holding the file lock. This information is translated to the caller's namespace. Any process which require translation across different PID namespaces can create a dummy file in a common location which it can lock. Any query on the owner of the file lock through fcntl will return the translated PID of the observed process under caller's namespace. Though file is lighter weight than any IPC mechanisms, creation and cleanup of files for every process in a system just for PID transaltion is an added overhead. Is there any cleaner way? Usually when your monitor process or any other process in the system requires PID translation, you might be able to work with any of the above mentioned methods and get around this problem. If none of the above options satisfy your use case, well, you are not alone! I have been working with Konstantin to resurrect his old patch which provides PID translation capabilities through a new system call called translate_pid. The discussions can be followed in https://lkml.org/lkml/2018/4/4/677 The link also has pointers to previous versions of the API. The API started off with following function signature, pid_t getvpid(pid_t pid, pid_t source, pid_t target) The major issue highlighted here was the use of PID to identify namespace. Any API which uses PID is susceptible to race condition involving PID recycling. Linux kernel has many existing PID based interfaces only because there were no better method to identify the resources when those interfaces were designed. This suggestion lead to the following API pid_t translate_pid(pid_t pid, int source, int target); where source and target are the file descriptors pointing to /proc/<pid>/ns/pid files of the source and target namespace. The major issue with this API is the additional step involved in opening and closing of a file for every PID translation. This API also prevents use cases which requires PID translation but does not have privileges to open /proc/<pid>/ns/pid file. The API under discussion at the time of writing this blog tries to get the best of both worlds as follows. pid_t translate_pid(pid_t pid, int source_type, int source, int target_type, int target); Here *type argument is used to change the way source and target are interpreted as follows. TRANSLATE_PID_CURRENT_PIDNS - current pid namespace, argument is unused TRANSLATE_PID_TASK_PIDNS - task pid-ns, argument is task pid TRANSLATE_PID_FD_PIDNS - pidns fd, argument is file descriptor As the API is finalized, we will have cleaner method to translate the PID without working around the problem with other existing methods.

Oracle Linux kernel developer Nagarathnam Muthusamy contributed this blog post on the challenges of translating pids (process IDs) between different namespaces. This is a feature currently lacking...

New Oracle Linux Home Target and Ksplice patching with Oracle Enterprise Manager 13c version 13.3

From Oracle Enterprise Manager 13c version 13.3, we have introduced a new Oracle Linux Home target which enables a simplified approach to the management of Oracle Linux in a single place including the ability to patch using Ksplice for both kernel and user space updates. We view Oracle Linux Home from the Cloud Menu via Enterprise > Cloud > Oracle Linux Home: This new home page exclusively for Oracle Linux enables customers to perform management and monitoring of Oracle Linux hosts from a single page; main features include: Oracle Linux host administration and management Bare Metal Provisioning (BMP) Oracle Linux OS Patching Oracle Ksplice patching (provides the ability to update the Oracle Linux operating system kernel and key user space libraries while the OS is running, without a reboot or any interruption). Add a new Oracle Linux host which directs the user to the Setup > Add Target > Add Targets Manually wizard to push an Oracle Enterprise Manager agent to the Oracle Linux host This new target is also visible from the All Targets view: We can navigate to Oracle Linux Home from either the Enterprise or All Targets page. Oracle Linux Home has the following regions: General Overview of Incidents and Problems Host flux CPU Memory Linux patching compliance / summary Ksplice patching compliance / summary General The general region shows a summary of the Oracle Linux hosts showing total numbers of each Oracle Linux version as well as their status. From here we can click on the OS Version, which will show us in a tabular view all the Oracle Linux hosts matching that version. We have a similar view when we click on any of the total or Green arrow links. This view displays useful information such as CPU and Memory utilization as well as the total IO/second. These metrics have links which when clicked will take you to the metric monitoring area for that host. Other useful information such as Logical memory, CPU load, Network interface rate and swap utilization are available. Overview of Incidents and Problems From here, we can see any incidents or problems affecting our Oracle Linux hosts with respect to Availability, Performance, Security and others. Host flux When Oracle Linux hosts are retired or added, we show when these events occurred over a period of the last 30 days. CPU Here we display CPU utilization over a range of Oracle Linux hosts. In our example, we have 12 Oracle Linux hosts where 100% of them have a CPU utilization between 0 – 25%. If we click on the CPU 0-25 bar we see a table view of each host with individual CPU utilization. Memory For memory, we take a similar approach to CPU. Our example shows 12 Oracle Linux hosts split with regard to their memory utilization. If we click on the Memory, 25-50 bar we see a table view of each host with individual Memory utilization. Oracle Linux Patching Status / Compliance Here we show two regions: Oracle Linux Status and Compliance. The status region shows us how many Oracle Linux hosts are compliant with respect to Oracle Linux packages present on the Oracle Linux host compared to packages within ULN based or custom patching groups. We can change the Compliance region view between Hosts or Patching groups. Both views show any hosts or patching groups that have out of date or rogue packages. A rogue package is one that exists on the Oracle Linux host but not in ULN based or custom patching groups. Ksplice for Oracle Linux Ksplice updates the Oracle Linux operating system kernel and key user space libraries, whilst the operating system is running, without a reboot or interruption. To enable Oracle Enterprise Manager Ksplice management all Oracle Linux Hosts must have an Oracle Enterprise Manager agent installed and configured with Ksplice software. For further details, refer to the Ksplice portal and user guide. Ksplice Configuration metrics are collected on every monitored Oracle Linux Host configured with Ksplice software (Uptrack v1.2.45 or Enhanced Ksplice v1.0.29 or higher). To access these Metrics: From the Host menu on a host's home page, select Configuration > Latest: This view is for an offline Ksplice host, which is up to date for the kernel but out of date for user space: This view is for an online Ksplice host, which is up to date for the kernel but out of date for user space: The following metrics are collected: Ksplice Version This reports the version of the Ksplice software installed on the Target Host. Ksplice Status This reports if the host is configured to receive updates from the Ksplice Server or if it is Ksplice offline. Base Kernel Version This queries the stock (base) Kernel running in the system; this version does not represent the patched version, only the one that booted the system. Effective Kernel Version This reports the Effective Kernel, which means the Kernel version after the live Ksplice patching including security fixes and others. This also reports the last applied patch date. Kernel Status This reports if the kernel of the host is up to or out of date. A system is up to date if it has all available Ksplice patches installed. Kernel Patches Installed This reports the count of Ksplice packages installed on the system. User Space Status This reports if the host's User Space Ksplice aware packages are up to or out of date. If this in an offline Ksplice host then the status is based upon the local repositories configured on the system. User Space Packages Installed This reports the count of Ksplice user space packages installed on the system. Kernel Installed Patches This reports the installed Ksplice patches in the system. Kernel Available Patches This lists the available Ksplice patches for the kernel, in essence it list the patches that have not yet been installed. This information is gathered based on the Ksplice configuration. In the case of an online Ksplice host configured with Ksplice server, it gets that information from the ULN (Unbreakable Linux Network). In the case of an offline Ksplice host, it reflects the data based on the uptrack-updates-`uname -r` package installed on the system. User Space Installed Packages This reports the Ksplice User Space packages installed on the system.   The Ksplice Patching region on the Oracle Linux Home Page uses the metrics collected detailed earlier to collate the Ksplice status over all the Ksplice enabled Oracle Linux Hosts monitored; it contains 2 sub regions: Ksplice Status Region This region shows the total number of Ksplice enabled Hosts; clicking on that number will open a list of Hosts. The Ksplice Status Region contains two pie charts: Kernel Status User Space Status  Each pie chart shows the status of all hosts. i.e. how many hosts are compliant, non-compliant or compliance unknown. Clicking on a particular compliance status will open another page with associated hosts. Ksplice Summary Region. This region shows the table of hosts that lists the following Ksplice Status (Online/Offline) Kernel Status (Compliant/Non-Compliant/Compliance unknown) User Space Status (Compliant/Non-Compliant/Compliance unknown) Effective Kernel Version By clicking on the number next to Ksplice Enabled Hosts (in screenshot above “10”), we are taken to the Ksplice Linux Hosts page, which contains a table displaying the following: Ksplice Enabled Hosts with Ksplice Software Ksplice software Version Ksplice Status (Online – Green / Offline - Grey) Kernel Status (Compliant/Non-Compliant/Compliance unknown-in case of unconfigured/offline systems) Number of Kernel Installed Patches User Space Status (Compliant/Non-Compliant/Compliance unknown-in case of unconfigured/offline systems) Number of User space Installed Patches Base Kernel Version Effective Kernel Version.  Notice from the above screenshot the last two hosts have a version of 1.2.47. This denotes that the Ksplice Enhanced client is not installed (uptrack client) and therefore no User space patches are listed. By clicking on a host name in the Ksplice detail table, a new page will be opened. This page will list the installed Ksplice patches on that host. If this host is a Ksplice Online host, it will also list what updates are available; these updates can be added or removed from this page.  If the host is a Ksplice Offline host, this page will show all the Ksplice kernel or user space patches available in the local repository. If the Ksplice Enhanced Client Software is installed on the host, then it will display list of intall/available user space patches. Otherwise, it will show message "Install/Upgrade/Configure Ksplice Enhanced Client Software". With a Ksplice Offline host, the Ksplice status will be a grey rather than a green dot which denotes an Online host. In addition, with an Offline host two dotted clocks are present for the Kernel and User space status as we can only determine the latest updates from the Offline repository, which may not be the latest from the ULN. Notice the Refresh button; this refreshes the latest data to the dashboard. When clicked, there will be a dialogue box, which will take confirmation from user. For any install or remove update you have to select and enter root privilege or credentials. We offer the use of the uptrack or the enhanced client features. Best practice is to install all updates; therefore, we follow this model even for the uptrack client to keep our deployment model consistent. The removal of updates for Kernel is possible by ID / individually, however for User Space it is only possible to remove all updates. Summary The Oracle Linux Home target brings Oracle Linux Management into a single page providing a simplified Oracle Linux management portal. The existing Oracle Linux Patching and Bare Metal Provisioning (BMP) frameworks can be accessed here from the Oracle Linux Home main menu: For information on Oracle Linux refer here; for information on Oracle Enterprise Manager 13c 13.3 refer here.

From Oracle Enterprise Manager 13c version 13.3, we have introduced a new Oracle Linux Home target which enables a simplified approach to the management of Oracle Linux in a single place including the...

Linux Kernel Development

Oracle Data Analytics Accelerator (DAX) for SPARC

This blog post was written by kernel developers Jon Helman and Rob Gardner, whose code for the Oracle Data Analytics driver was accepted into the Linux source earlier this year. This is our ultimate installment in the kernel blog series on Linux enablement for SPARC chip features. Oracle DAX Support in Linux The Oracle Data Analytics Accelerator (DAX) is a coprocessor built into the SPARC M7, S7, and M8 chips, which can perform various operations on data streams. These operations are particularly suited to accelerate database queries but have a wide variety of uses in the field of data analytics. For the duration of a coprocessor operation, the main processors are free to execute other instruction streams. Since the coprocessor can operate on large data sets, this can potentially free up processor resources significantly. Each system may have multiple DAX coprocessors, and each DAX has multiple execution units. Each unit is capable of doing independent work in parallel with the others and applications may be able to take advantage of this parallelism for some data sets. DAX Operations The explanations and drawings below show in detail the basic operations that the DAX can perform. Scan The scan operation finds all instances of a value, values, or range of values in a list. In the following example, the DAX performs the operation of finding each instance of the search value, A, in the input vector. The resulting bit vector has a 1 set in each position where an A is found. Select The select operation pulls elements from a vector to produce a subset which corresponds to the bits set in a bitmap. In the following example, the DAX filters the input data so that the resulting output vector consists of only those elements for which a 1 is set in the bit vector. Extract The extract operation converts a vector of values from one format to another format. In the following example, the DAX converts from an RLE-encoded input vector to an expanded output vector. (RLE, or run-length encoding, is a compression technique in which repeated elements are represented by a tuple consisting of the element and the number of repetitions.) This is just one of the many possible format conversions. Translate The translate operation takes as input a vector and a bitmap. Each element in the vector is used as an index into the bitmap, and that bit is placed into the output bitmap. This operation is more easily described with this short code segment and illustrated in the diagram which follows. for (i=0; i<N; i++) OUTPUT[i] = BITMAP[INPUT[i]]; Coprocessor Features Control flow The hardware defines a Coprocessor Control Block (CCB) which specifies the operation to be done, the addresses of the buffers to process as well as metadata describing those buffers (format of the data, number of elements in the stream, compression format, etc.).  One or more CCBs are presented to the coprocessor via software.  Multiple requests may be enqueued in the hardware and these are serviced as resources allow. Many threads may make requests concurrently, and resources are shared much like the CPU is shared. After submission, software is free to do other work until it requires the computational results from the coprocessor. Upon completion of the request, no interrupt is sent as commonly done with other hardware. Rather, completion is signalled via memory which can be polled by software. The processor provides an efficient mechanism for polling this completion status in the form of two new instructions, monitored load and monitored wait.  The monitored load instruction performs a memory load while also marking the address as one of interest. The monitored wait instruction pauses the virtual processor until one of several events occur, one of which is modification of the memory location of interest. This allows other hardware threads to use core resources while the monitoring thread is suspended. Data access The DAX hardware directly reads from and writes to physical memory avoiding handling large amounts of data in the main processor.  In order to optimize cache utilization, an option is provided that directs the DAX to place output directly in the processor's L3 cache.  The DAX also optimizes data accesses with its capability of operating on compressed data: it can decompress data while performing the operation and hence does not need temporary memory to hold decompressed intermediate output. This helps to reduce the number of physical memory reads and increase the size of possible data sets.  In addition to compressed data, the DAX can work with a variety of data formats and bit widths including fixed-width bit- and byte-packed, and variable width. The multitude of possible data formats and supported bit widths is documented in the Linux kernel file located at Documentation/sparc/oradax/dax-hv-api.txt. Software Stack Initiating a Request An application will typically use the available function library (libdax) to utilize the capabilities of the coprocessor, though it is also feasible to use the raw driver interface. A request to submit an operation to the DAX starts with a user calling one of the libdax functions (e.g. dax_scan_value). These functions perform rigorous validation of the arguments, and convert them into the hardware defined CCB format before being fed to the driver. The driver locks the pages containing the input and output buffers and then submits the CCBs to the hypervisor via the hypercall mechanism. The hypervisor translates each address in the CCB from virtual to physical and then initiates the hardware operation. Control immediately returns to the hypervisor, subsequently to the driver, and then back to libdax. Request Completion Since the kernel and hypervisor are not involved in processing a CCB after it has been submitted to the DAX, requests to the DAX driver do not block waiting for completion as is traditional for many other drivers. This means that the userland application has the option of performing other work while waiting for completion. libdax provides two variants of each DAX operation: blocking (e.g. dax_scan_value or dax_extract) and non-blocking (e.g. dax_scan_value_post and dax_extract_post). Completion of a request is signaled via a status byte in shared memory called the completion area. libdax waits on this byte using the monitored load and monitored wait instructions. The function dax_poll is provided for the application to check for completion in the non-blocking scenario. In libdax, the logic of checking the completion area is: while (1) { uint8_t status = loadmon8(&completion_area->status); if (status == INPROGRESS) mwait(TIMEOUT); else break; } Driver Operation The oradax driver provides a transport mechanism for conveying one or more CCBs from a user application to the coprocessor, and also performs several housekeeping functions essential to security and integrity. The API consists of the Linux system calls open, close, read, write, and mmap. The /open/ call initializes a context for use by a single thread. The context contains buffers to hold CCBs, completion areas, and records the virtual pages used by requests. Multiple threads may utilize the coprocessor, but each thread must do its own /open/. A correspondin /close/ releases all resources associated with all requests submitted by the thread. The /mmap/ call is used to gain access to said completion area buffer. Driver commands are given via /write/, and responses (when necessary) are retrieved via /read/. Driver commands involve a CCB or group of CCBs and are submit, kill, request info, and dequeue. The submit command is a /write/ of a buffer containing one or more CCBs to be conveyed to the coprocessor. Since the coprocessor accesses physical memory directly, the virtual to physical mappings of the I/O buffers must be locked in order to prevent the physical pages from being repurposed by the kernel. The driver does this locking of all pages associated with the request and transmits the CCBs to the hypervisor. If any of the CCBs were not submitted successfully, the corresponding pages are unlocked and the /write/ return value will indicate this discrepancy. If all CCBs could not be submitted successfully, then a /read/ must be done to retrieve further information that describes what went wrong. If all CCBs were submitted successfully, the application may poll for completion or proceed immediately to other tasks and defer polling until the results are required for further progress. The current state of a CCB may be queried at any time using the request info command, and a CCB may be terminated with the kill command. The dequeue command explicitly unlocks the pages associated with all completed requests; it is not usually necessary to call this since pages are unlocked implictly during the submission process. For much more detail, see Documentation/sparc/oradax/oracle-dax.txt. Conclusion Oracle DAX is supported by the oradax device driver and is available beginning with the Linux 4.16 kernel.  A user may make calls directly to the oradax driver to submit requests to the DAX, and the kernel documentation files contain example code to demonstrate this. Do be aware that we fully expect applications wishing to use the DAX to leverage the libdax library which provides higher level services for analytics and frees the application writer from the need to understand the low level DAX command structure. The library is fully open-sourced and available at the Oracle open source project webpage and includes a full set of manpages to describe the DAX operations. Feedback is always welcome and we would be interested in hearing about your experiences with the DAX. Reference Links Oradax Driver Oradax Linux Kernel documentation OSS libdax git repo Oracle Developer Community Software in Silicon Space Introduction to Stream Processing Using the DAX API SPARC innovation article DAX use in Oracle Database 12c DAX use in Apache Spark DAX use in Java Streams API

This blog post was written by kernel developers Jon Helman and Rob Gardner, whose code for the Oracle Data Analytics driver was accepted into the Linux source earlier this year. This is our ultimate...

Announcing the release of Oracle Linux 6 Update 10

We're happy to announce the general availability of Oracle Linux 6 Update 10 for the i386 and x86_64 architectures. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images are available for download from the Oracle Software Delivery Cloud and Docker images are available via Oracle Container Registry and Docker Hub. Oracle Linux 6 Update 10 ships with the following kernel packages: Unbreakable Enterprise Kernel (UEK) Release 4 (kernel-uek-4.1.12-124.16.4.el6uek) for x86-64 Unbreakable Enterprise Kernel (UEK) Release 2 (kernel-uek-2.6.39-400.294.3.el6uek) for i386 Red Hat Compatible Kernel (kernel-2.6.32-754.el6) for i386 and x86-64 By default, both UEK and RHCK for the specific architecture (i386 or x86-64) are installed and the system boots the Unbreakable Enterprise Kernel release. Application Compatibility Oracle Linux maintains user space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that underlies the operating system. Existing applications in user space will continue to run unmodified on Oracle Linux 6 Update 10 with UEK Release 4 and no re-certifications are needed for applications already certified with Red Hat Enterprise Linux 6 or Oracle Linux 6. Notable updates in this release: Retpoline Support Added to GCC. Support for retpolines has been added to the GNU Compiler Collection (GCC) in this update. The kernel uses this technique to reduce the overhead of mitigating Spectre Variant 2 attacks, which is described in CVE-2017-5715. For more details on these and other new features and changes, please consult the Oracle Linux 6 Update 10 Release Notes in the Oracle Linux Documentation Library. Oracle Linux can be downloaded, used and distributed free of charge and all updates and errata are freely available. Customers decide which of their systems require a support subscription. This makes Oracle Linux an ideal choice for development, testing, and production systems. The customer decides which support coverage is the best for each individual system, while keeping all of the systems up-to-date and secure. Customers with Oracle Linux Premier Support also receive support for additional Linux programs, including Oracle Linux software collections, Oracle OpenStack and zero-downtime kernel updates using Oracle Ksplice. For more information about Oracle Linux, please visit www.oracle.com/linux.

We're happy to announce the general availability of Oracle Linux 6 Update 10 for the i386 and x86_64 architectures. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and...

Perspectives

List Zero Dowtime Updates Applicable to your Kernel with Ksplice Inspector

With so many kernel updates released, it can be difficult to keep track. At Oracle, we monitor kernels on a daily basis and provide bug and security updates administrators can apply without a system reboot. To help out, the Ksplice team has produced the Ksplice Inspector, a web tool to show you the updates Ksplice can apply to your kernel with zero downtime. The Ksplice Inspector is freely available to everyone. If you're running any Ksplice supported kernel, whether it is Oracle's Unbreakable Enterprise Kernel, a Red Hat compatible kernel with RHEL or CentOS, or the kernel of one of our supported desktop distributions, visit https://www.ksplice.com/inspector and follow the instructions and you'll see a list of all the available Ksplice updates for your kernel. If you are more comfortable in a terminal or don't have a browser handy, we've got you covered: you can get the same information calling our API through the command line. Just run the following command: (uname -s; uname -m; uname -r; uname -v) | \ curl https://uptrack.api.ksplice.com/api/1/update-list/ \ -L -H "Accept: text/text" --data-binary @- To illustrate the power of Oracle Ksplice, I launched a VM running Oracle Linux 7.4 with Unbreakable Enterprise Kernel from January 2018, so about 6 months old at time of this writing. This was the result: Your kernel needs the following updates: KAISER/KPTI enablement for Ksplice. Improve the interface to freeze tasks. Additional indirect branch speculation improvements for CVE-2017-5715. CVE-2017-17712: Information leak in raw IPV4 socket sendmsg(). CVE-2017-15115: Use-after-free in SCTP peel off operation inside network namespace. CVE-2017-14140: ASLR bypass due to insufficient permissions checks in move_pages. CVE-2017-12193: Denial-of-service in generic associative array implementation. CVE-2017-0861: Use-after-free in ALSA sound subsystem. CVE-2017-8824: Privileges escalation when calling connect() system call on a DCCP socket. Denial-of-service in Huge TLB mappings during process exit. Secure-boot protections bypass in /dev/mem mmap(). Kernel crash in Broadcom NetXtreme-C/E firmware responses. Denial-of-service when setting up NVMe Physical Region Page entries. CVE-2017-16649: Divide by zero when binding a network USB device. Missing Spectre v1 reporting. System crash in Broadwell microcode updates. Missing Spectre V2 protections on AMD systems. Missing IBRS protection for KVM guests. Spectre v2 hardening on context switch. Spectre v2 bypass in 32-bit compatibility system calls. Kernel crash in interrupt exit with KPTI. Kernel hang in QLogic mailbox handling. Kernel crash in KVM guest user mode return. Kernel hang in the SCSI stack when changing device state. CVE-2017-17052: Denial-of-service due to incorrect reference counting in fork. Weakness when checking the keys in the XTS crypto algorithm. CVE-2018-7492: Denial-of-service when setting options for RDS over Infiniband socket. CVE-2017-7518: Privilege escalation in KVM emulation subsystem. Information leak when setting crypto key using RNG algorithm. Deadlock while queuing messages before remote node is up using RDS protocol. NULL pointer dereference when using bind system call on RDS over Infiniband socket. CVE-2017-14051: Denial-of-service in qla2xxx sysfs handler. Denial-of-service in SCSI Lower Level Drivers (LLD) infrastructure. Denial-of-service when creating session in QLogic HBA Driver. CVE-2017-16646: Denial-of-service when using DiBcom DiB0700 USB DVB devices. CVE-2017-15537: Information disclosure in FPU restoration after signal. Kernel panic in HyperV guest-to-host transport. Memory leak when closing VMware VMXNET3 ethernet device. Memory corruption in IP packet redirection. NULL pointer dereference in Hyper-V transport driver on allocation failure. CVE-2018-1068: Privilege escalation in bridging interface. Data-loss when writing to XFS filesystem. Denial-of-service when following symlink in ext4 filesystem. Denial-of-service during NFS server migration. Denial-of-service during RDS socket operation. Denial-of-service when querying ethernet statistics. Denial-of-service in Hyper-V utilities driver. Denial-of-service in Broadcom NetXtreme-C/E network adapter. Denial-of-service when configuring SR-IOV virtual function. NULL pointer dereference during hardware reconfiguration in Cisco VIC Ethernet NIC driver. Kernel panic during asynchronous event registration in LSI Logic MegaRAID SAS driver. Kernel crash during PCI hotplug of Emulex LightPulse FibreChannel driver. Kernel crash during Emulex LightPulse FibreChannel I/O. NULL pointer dereference during Emulex LightPulse FibreChannel removal. Hard lockup in Emulex LightPulse FibreChannel driver. Deadlock during abort command in QLogic QLA2XXX driver. Kernel crash when creating RDS-over-IPv6 sockets. CVE-2017-12146: Privilege escalation using a sysfs entry from platform driver. CVE-2017-17558: Buffer overrun in USB core via integer overflow. CVE-2017-16643: Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID parsing. CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check. CVE-2018-1000199: Denial-of-service in hardware breakpoints. CVE-2018-8897: Denial-of-service in KVM breakpoint handling. CVE-2018-1087: KVM guest breakpoint privilege escalation. CVE-2017-15129: Use-after-free in network namespace when getting namespace ids. CVE-2018-5332: Out-of-bounds write when sending messages through Reliable Datagram Sockets. CVE-2017-7294: Denial-of-service when creating surface using DRM driver for VMware Virtual GPU. CVE-2017-15299: Denial-of-service in uninstantiated key configuration. CVE-2017-16994: Information leak when using mincore system call. CVE-2017-17449: Missing permission check in netlink monitoring. CVE-2017-17448: Unprivileged access to netlink namespace creation. CVE-2017-17741: Denial-of-service in kvm_mmio tracepoint. Denial-of-service of KVM L1 nested hypervisor when exiting L2 guest. Improved CPU feature detection on microcode updates. Kernel crash in interrupt exit with KPTI. CVE-2018-3639: Speculative Store Bypass information leak. Device Mapper encrypted target Support big-endian plain64 IV. CVE-2017-16939: Denial-of-service in IPSEC transform policy netlink dump. CVE-2017-1000410: Information leak in Bluetooth L2CAP messages. CVE-2018-10323: NULL pointer dereference when converting extents-format to B+tree in XFS filesystem. CVE-2018-8781: Integer overflow when mapping memory in USB Display Link video driver. CVE-2018-10675: Use-after-free in get_mempolicy due to incorrect reference counting. Denial-of-service in NFS dentry invalidation. CVE-2017-18203: Denial-of-service during device mapper destruction. CVE-2018-6927: Integer overflow when re queuing a futex. CVE-2018-5750: Information leak when registering ACPI Smart Battery System driver. CVE-2018-5333: NULL pointer dereference when freeing resources in Reliable Datagram Sockets driver. CVE-2018-3665: Information leak in floating point registers. Once you've seen all the updates available for your kernel, you can quickly patch them all with Ksplice. If you're an Oracle Linux Premier Support customer, access to Ksplice is included with your subscription and available through the Unbreakable Linux Network. As Oracle Linux Premier support is included in all Oracle Cloud Infrastructure subscriptions, Oracle Cloud customers can benefit from improved security and reduced outages through Oracle Ksplice from day one. Try Oracle Ksplice For Free! If you're running Red Hat Enterprise Linux and you would like to check out this technology, you can try Ksplice free for 30 days. Let us know what you think by commenting below or in the Oracle Linux forum on the Oracle Developer Community

With so many kernel updates released, it can be difficult to keep track. At Oracle, we monitor kernels on a daily basis and provide bug and security updates administrators can apply without a system...

Announcing the general availability of Oracle Linux 7 for ARM

Oracle is pleased to announce the general availability of Oracle Linux 7 for the ARM architecture. Oracle Linux 7 Update 5 is available on the 64-bit ARMv8 platform (aarch64). The release features Oracle’s Unbreakable Enterprise Kernel (UEK) Release 5, based on the latest mainline Linux kernel long-term stable (LTS) release 4.14. Oracle Linux 7 for ARM is built from the same source packages as the corresponding Oracle Linux distribution for the x86 architecture, plus any patches and modifications that are required to support the ARMv8 platform. Although Oracle Linux 7 for ARM is based on Oracle Linux 7 for the x86 platform, differences between the releases for the two platforms exist in terms of packaging and kernel versions. Packages built for 64-bit ARM architecture use the aarch64 architecture code. Some packages that are available for the x86 platform may not be available for this release. Patches may have been applied to packages to successfully build for this platform, and some packages may have been bumped to a newer version. Supported platforms Oracle Linux 7 for ARM is released as an ISO image that can be used to install Oracle Linux 7 on generic 64-bit ARMv8 hardware. The ISO has been tested on and is engineered for use on the Ampere™ eMAG™-based EVK platform and the Cavium ThunderX2® processor. The ISO image is available for download from the Oracle Software Delivery Cloud and is free to download, distribute and use. Certified platforms will be published on the Hardware Certification List for Oracle Linux when available. DTrace DTrace has been enabled for ARM platforms and ports of the DTrace code are available in UEK Release 5. The DTrace user space code in the dtrace-utils package has also all been ported to run on 64-bit ARM platforms to fully enable DTrace for Oracle Linux 7 for ARM. Developer Toolchain The Oracle Linux 7 for ARM release includes a toolchain that includes version 7.3 of the gcc compiler and provides a solid developer toolset to build code for 64-bit ARM platforms. The UEK R5 for the ARM platform is built using this toolchain. MySQL Community Packages MySQL Community 8.0.11 packages are available for ARM on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. You can install MySQL Community packages directly from ULN or the Oracle Linux yum server by enabling the appropriate channel or repository. Docker Oracle Container Runtime for Docker is available as a developer preview for Oracle Linux for ARM in the ol7_developer channel on the Oracle Linux yum server and the an ARM variant has been added to the official Oracle Linux image on the Docker Hub. Technology Preview An Oracle Linux 7 for ARM disk image for use on Raspberry Pi™ 3 Model B/B+ hardware is available for developers who may not have access to alternate ARM hardware. This disk image is available as a technology preview for developer use only and is not eligible for Oracle Linux support. Community support is available via the Oracle Linux for ARM community space. Software Download and Installation You can download a full Oracle Linux 7 for ARM installation media image from the Oracle Software Delivery Cloud. You can also obtain the latest Oracle Linux 7 packages from the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. The process of installing Oracle Linux 7 on the ARM platform does not differ substantially from the installation process an x86 platform. Please review Oracle Linux Documentation for installation instructions. Oracle Linux Resources Blogs Oracle Linux Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - http://oracle.com/education/linux   "Raspberry Pi" is a trademark of the Raspberry Pi Foundation.

Oracle is pleased to announce the general availability of Oracle Linux 7 for the ARM architecture. Oracle Linux 7 Update 5 is available on the 64-bit ARMv8 platform (aarch64). The release features...

Announcing the general availability of the Unbreakable Enterprise Kernel Release 5

The Unbreakable Enterprise Kernel Release 5 (UEK R5) is a heavily tested and optimized operating system kernel for Oracle Linux 7 Update 5 and later on 64-bit Intel (x86_64) and ARM (aarch64) architectures. It is based on the mainline Linux kernel version 4.14 LTS. This release also updates drivers and includes bug and security fixes. Introduction of 64-bit ARM (aarch64) architecture Oracle Linux with UEK R5 delivers kernel modifications to enable support for 64-bit ARM (aarch64) architecture. These changes are built and tested against existing ARM hardware and provide the initial groundwork to support Oracle Linux for ARM. Any ARM features available in UEK R5 are released as a technical preview and some limitations of functionality apply. The Oracle Linux 7 for ARM release includes a toolchain that includes version 7.3 of the gcc compiler and provides a solid developer toolset to build code for 64-bit ARM platforms. The UEK R5 for the ARM platform is built using this toolchain. Notable Changes Secure boot improvements. Secure boot is designed to protect a system against malicious code being loaded and executed early in the boot process. Secured platforms load only software binaries, such as option ROM drivers, boot loaders, and operating system loaders, that are unmodified and trusted by the platform. While the operating system is loaded, measures have been added to prevent malicious code from being injected on subsequent boots. NUMA balancing enabled.  Improvements and fixes to NUMA balancing help resolve issues that could cause high I/O wait times when this feature was enabled. NUMA balancing is automatically enabled on systems that have multiple NUMA nodes.  RoCE support.  RDMA over Converged Ethernet (RoCE), a standard InfiniBand Trade Association (IBTA) protocol enables efficient data transfer for RDMA over Ethernet networks using UDP encapsulation to transcend Layer 3 networks. TCP-BBR enabled.  TCP-BBR, a feature that can be used to achieve higher bandwidth and lower latency for internet traffic can offer significant performance improvements for internet-based applications. BBR (Bottleneck Bandwidth and Round-Trip Time) is a scheduling algorithm that helps to control the transmit rate of the TCP protocol to reduce buffering by monitoring round-trip times against bandwidth bottlenecks to reduce TCP congestion. Notable Driver Updates Hyper-V drivers updated.  The Hyper-V storage driver, hv_storvsc, has been updated to provide performance improvements for I/O operations on certain workloads by eliminating bounce buffers. The Hyper-V network driver, hv_netvsc, has been updated to support transparent SR-IOV on Virtual Function devices to reduce configuration complexity and the use of a dedicated bonding driver and script to handle hot plugging of the required PCI devices. Intel iWARP RDMA driver added.  The Intel Ethernet Connection X722 iWARP RDMA Driver, i40iw, has been added to the driver modules included in this kernel release. A library, libi40iw, has been added for direct userspace use of this RDMA hardware. Amazon Elastic Network Adapter Driver Updated.  The Elastic Network Adapter Driver, ena, has been updated to version 1.5.0k. This version provides a number of upstream bug fixes and improvements. Other features include additional power management operations, initial support for IPv6 RSS, and improved driver robustness. For more details on these and other new features and changes, including a full list of CVEs fixed in this release, please consult the UEK R5 Release Notes. Certification of Oracle products Before updating an Oracle Linux system to UEK R5, please confirm your applications, including Oracle applications, are supported with UEK R5. Certification of Oracle products on Oracle Linux with the UEK R5 is determined by each Oracle product group. You may find additional information on https://support.oracle.com/epmos/faces/CertifyHome. Oracle Automatic Storage Management Cluster File System (Oracle ACFS) certification for different kernel versions is described in Document ID 1369107.1 on My Oracle Support. Compatibility Oracle Linux maintains user-space compatibility with Red Hat Enterprise Linux, which is independent of the kernel version running underneath the operating system. Existing applications in user space will continue to run unmodified on the UEK R5 and no re-certifications are needed for RHEL certified applications. To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors whose hardware and software have dependencies on kernel modules. The kernel ABI for UEK R5 remains unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to previous releases that require recompilation of third-party kernel modules on the system. Before installing UEK R5, verify its support status with your application vendor. Supported Upgrade Path Customers can upgrade existing Oracle Linux 7 servers using either the Unbreakable Linux Network or the Oracle Linux yum server. Software Download Oracle Linux can be downloaded, used and distributed free of charge and updates and errata are freely available. This allows you to decide which of your systems require a support subscription and makes Oracle Linux an ideal choice for your development, testing and production systems. You decide which support coverage is the best for each of your systems, individually, while keeping all of your systems up-to-date and secure. For customers with Oracle Linux Premier Support, you also receive access to zero-downtime kernel updates using Oracle Ksplice and support for Oracle OpenStack. UEK R5 Availability in Oracle Cloud Infrastructure Oracle Linux images available on Oracle Cloud Infrastructure are frequently updated to help ensure access to the latest software. Oracle provided images in Oracle Cloud Infrastructure will soon include Oracle Linux 7 Update 5 with UEK Release 5. Oracle Linux Premier Support is included with your Oracle Cloud Infrastructure subscription at no additional cost.  You can take advantage of all the benefits Oracle Linux Support provides, including access to the latest packages and updates, 24x7 expert support, the My Oracle Support portal with an extensive Linux knowledge base, Oracle Ksplice zero-downtime updates, and the use of Oracle Enterprise Manager to manage and monitor Oracle Linux instances. Using Oracle Linux on Oracle Cloud Infrastructure enables you to have a single point of contact for support across cloud infrastructure, OS, and Oracle software. Resources – Oracle Linux Documentation Oracle Linux Software Download Oracle Linux Blogs Oracle Linux Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - http://oracle.com/education/linux

The Unbreakable Enterprise Kernel Release 5 (UEK R5) is a heavily tested and optimized operating system kernel for Oracle Linux 7 Update 5 and later on 64-bit Intel (x86_64) and ARM (aarch64)...

Announcing Oracle Linux Storage Appliance 1.7 for Oracle Cloud Infrastructure

We are pleased to announce the release of Oracle Linux Storage Appliance 1.7. The Oracle Linux Storage Appliance allows you to easily build NFS and Samba shared storage with attached NVMe or block volumes on Oracle Cloud Infrastructure (OCI). What’s New The 1.7 release introduces several new enhancements including: Appliance instance migration – This lets you migrate the appliance onto a new OCI compute instance. With a few steps, the appliance can be migrated and deployed on another compute instance, and the block volumes storage pool is re-configured on the new instance. This is useful when you need to deploy your appliance on a compute  instance with additional OCPU and memory resources, and without having to rebuild your existing file system server. No shared file systems are migrated during the appliance migration, as they remain on the existing block volumes. Support for dynamic groups through instance principals – When the appliance instance is configured as part of an OCI dynamic group, you no longer need to configure service access on the appliance console to back up and restore shares using the OCI object storage service. If you have configured credentials for OCI service access on the appliance console, this will take precedence over the instance’s dynamic group authentication on OCI. Exports Mount and Map command-line tool – This feature auto-generates NFS export mount and SMB export map commands and pre-populates parameters so that you can easily copy and paste the command line to mount your NFS and SMB share exports in your cloud tenancy. Web console UI enhancements – Additional appliance platform information including the OCI shape type, instance name, and creation timestamp are now displayed on the console 'Appliance' page. For more information visit: Oracle Linux Storage Appliance Oracle Linux Storage Appliance Deployment and User's Guide

We are pleased to announce the release of Oracle Linux Storage Appliance1.7. The Oracle Linux Storage Appliance allows you to easily build NFS and Samba shared storage with attached NVMe or block...

Events

Oracle Linux no Oracle OpenWorld Brasil / Oracle Linux at Oracle OpenWorld Brazil

Oracle Linux no Oracle OpenWorld Brasil Nos dias 20 e 21 de junho será realizado o Oracle Open World Brasil, no Parque Ibirapuera, em São Paulo. Com o tema Crie Seu Amanhã, Hoje,o evento terá um formato aberto para o público e com foco na colaboração e interação entre os participantes – executivos, especialistas, desenvolvedores, clientes e parceiros Oracle, para discutirem as novidades e ideias que vão impactar a sociedade e as empresas de todos os tamanhos. A equipe Oracle Linux marcará grande presença no evento levando conteúdo na sessão primária com o tema “Por dentro de um ataque cibernético: como os hackers operam e como se proteger”. A sessão será no dia 20 de junho, às 16:10, na Sala 3. Nesta sessão, você descobrirá como os ataques cibernéticos realmente acontecem; quais são os pontos em comum; onde estão os pontos vulneráveis e como as organizações podem se proteger. Teremos, ainda, nos dois dias de evento demonstrações práticas com os seguintes temas: Dia 20: ·Proteção online e Hardening contra ameaças de segurança com Ksplice e Spacewalk · Construindo sua nuvem privada com Oracle OpenStack. Dia 21: ·Construindo um ambiente DevOps realmente aberto: leve as VMs com você para rodar em VirtualBox e demonstrar em sua empresa ·Atingindo o próximo nível com DevSecOps: leve as VMs com você para rodar em VirtualBox e demonstrar em sua empresa Registre-se agora e junte-se a nós neste grande evento! Oracle Linux at Oracle OpenWorld Brazil On June 20 and 21 Oracle OpenWorld Brazil will take place at Parque Ibirapuera, São Paulo. Based on the theme Create Tomorrow, Today, the event will have an open format and free to public with focus on collaboration and interaction among participants – executives, experts, developers, customers and Oracle partners, to discuss trends and ideas that will impact society and businesses of all sizes. Oracle Linux team will mark presence with content at the primary session with the topic “Inside a cyber attack: how hackers operate and how to stay protected”. The session will be on June 20th at 04:10 pm - Room 3. In this session, you will learn how cyber-attacks actually happen; which are the common points; where are the data breaches and how companies can stay protected. We will also have hands-on demo sessions on both days of the event with the following topics: June 20th: Online protection and Hardening against security threats using Ksplice and Spacewalk Building your private cloud with Oracle OpenStack.   June 21st: Building a truly open DevOps environment: take the VMs with you to run in VirtualBox and demonstrate it in your company Achieving the next level with DevSecOps: take the VMs with you to run in VirtualBox and demonstrate it in your company Register now and join us in this great event!     

Oracle Linux no Oracle OpenWorld Brasil Nos dias 20 e 21 de junho será realizado o Oracle Open World Brasil, no Parque Ibirapuera, em São Paulo. Com o tema Crie Seu Amanhã, Hoje,o evento terá um...

Announcements

Upcoming change to Oracle Linux package channels

What is changing? On July 5th, 2018 channel and repository changes will go into effect on Unbreakable Linux Network (ULN) and Oracle Linux yum server. Be advised that if you rely on specific, older versions of packages, deployed via configuration management tools such as Chef, Puppet, Ansible or other custom scripts, that you may need to review this code to ensure it will still work when the channel changes take effect. Similarly, if you use Spacewalk for Oracle Linux or maintain a local mirror of ULN based on the uln-yum-mirror script, make sure that you include the appropriate archive channel by subscribing to it via ULN if needed. Changes to Latest Channels The coming changes will affect the Latest channels for Oracle Linux 6 and Oracle Linux 7: packages that predate the current Oracle Linux update level, e.g. Oracle Linux 7 Update 5 or Oracle Linux 6 Update 9 will be moved to newly created archive channels. In summary for Oracle Linux 7: Before July 5th 2018: Oracle Linux 7 Latest channel contains every version of every RPM ever released since Oracle Linux 7.0 After July 5th 2018: Oracle Linux 7 Latest channel will contain only the RPMs released in the latest update’s base and patch channels. All the other tens of thousands of RPMs will move to Oracle Linux 7 Latest Archive Similarly for Oracle Linux 6: Before July 5th 2018: Oracle Linux 6 Latest channel contains every version of every RPM ever released since Oracle Linux 6.0 After July 5th 2018: Oracle Linux 6 Latest channel will contain only the RPMs released in the latest update’s base and patch channels. All the other tens of thousands of RPMs will move to Oracle Linux 6 Latest Archive. New Channels The following channels will be created on ULN and the Oracle Linux yum server: ULN ol7_x86_64_latest_archive ol6_x86_64_latest_archive Oracle Linux yum server ol7_latest_archive ol6_latest_archive In the future, we may also create archives for other channels, including Oracle Linux 7 Latest Optional Packages (x86_64) - ol7_x86_64_optional_latest. Why are we making this change? By periodically archiving packages from the latest channel to the archive channels, we will be able to significantly reduce its overall size as well as the size of the metadata files. This will result in reduced network traffic and substantially better performance when using ULN or the Oracle Linux yum server. What happens when an update to Oracle Linux is released? When a new update release of Oracle Linux becomes available, the latest channel will be brought up to date with the set of packages that ship on its installation media and all packages that do not match these criteria will be moved to the archive channel. Thus the latest channel for each Oracle Linux release will only contain the set of packages from the most recent release as distributed on the installation media for that release (available on the Oracle Software Delivery Cloud or from one of our Oracle Linux download mirrors) together with all updated packages (errata) following that release.

What is changing? On July 5th, 2018 channel and repository changes will go into effect on Unbreakable Linux Network (ULN) and Oracle Linux yum server. Be advised that if you rely on specific, older...

Linux

Learn About Oracle Linux, a Key Community Player

Oracle is an active member of the Linux community, employing developers who work directly with the Linux community through code contributions, testing programs and deployment best practices for customers.   Oracle is an active contributor to multiple open source projects, including being an active contributor to kernel.org since 2001. Learn about Oracle Linux through training created and reviewed by the experts who are contributing to the Linux community. Those interested in Oracle Linux 7 should take the Oracle Linux 7: System Administration course in one of the following formats: Training-on-Demand: Start training straight away, following lecture delivery by an expert instructor, at your own pace, through streaming video and booking time to get hands-on experience when suits your schedule. Live-Virtual Event: Attend a live event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Events currently on the schedule include 14 May, 3, 4 and 11 June, 8 and 9 July, 17 September, 1 October and 5 November 2018. In-Class Event: Travel to an education center to attend an event. In-class events on the schedule include: Location Date Delivery Language Algiers, Algeria 18 November 2018 French Brisbane, Australia 16 July 2018 English Sao Paulo, Brazil 4 June 2018 Brazilian Portuguese Bogota, Columbia 23 July 2018 Spanish Cairo, Egypt 5 August 2018 Arabic Munich, Germany 11 June 2018 German Rome, Italy 28 May 2018 Italian Seoul, Korea 23 July 2018 Korean Kuala Lumpur, Malaysia 9 July 2018 English Mexico City, Mexico 4 June 2018 Spanish Auckland, New Zealand 11 June 2018 English Manila, Philippines (x2) 16 July 2018 English Lisbon, Portugal 14 May 2018 European Portuguese Lisbon, Portugal 16 July 2018 European Portuguese Pretoria, South Africa 21 May 2018 English Madrid, Spain 2 July 2018 Spanish Zurich, Switzerland 3 September 2018 German Bangkok, Thailand 4 June 2018 Thai Ankara, Turkey 8 October 2018 Turkish Dubai, United Arab Emirates 18 July 2018 English Reston, VA, United States 18 July 2018 English Those using an earlier version of Linux can take the Oracle Linux 5 & 6 System Administration course in one of the following formats: Training-on-Demand Live-Virtual Event: Attend a live event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Register your interest to have an event added to the schedule. In-Class Events on the schedule include: Location Date Delivery Language Tokyo, Japan 3 September 2018 Japanese Mexico City, Mexico 17 September 2018 Spanish Pretoria, South Africa 2 July 2018 English Madrid, Spain 25 June 2018 Spanish Dubai, United Arab Emirates 17 June 2018 English Resources: Oracle Linux Curriculum Oracle Linux on Oracle Cloud Infrastructure Training Oracle Linux Product Documentation Oracle Linux Product Information Oracle Linux Technology Network

Oracle is an active member of the Linux community, employing developers who work directly with the Linux community through code contributions, testing programs and deployment best practices for...

Events

It’s a Wrap: Highlights from Collaborate18

Today, Collaborate18 comes to a close, but there were some highlights we wanted to share… Oracle Keynote:  Steve Daheb, Senior Vice President of Oracle Cloud, spoke to a packed room as he covered the many paths to cloud. Noting that because everyone’s needs are unique, cookie-cutter approaches just don’t work. The good news: Oracle Cloud Platform makes it possible to develop your own unique path to cloud from wherever you choose — SaaS, PaaS, or IaaS. Demos (Oracle Booth #855, Kiosk 16):  Following Steve’s theme, many customers stopped by to talk about how they can transition from on-premises environments to cloud. Visitors were intrigued to hear and see how Oracle Linux and Virtualization solutions can help them all along their paths. Whether starting new or with existing on-premises solutions, our technologies and tools are helping customers as they transition to hybrid or 100% cloud environments. With Oracle Linux, Oracle Virtualization, including Oracle VM and Oracle VM VirtualBox, along with Oracle Private Cloud Appliance, customers are finding many options to fit their needs.  We know your path to cloud is unique, let us show you how Oracle Linux and Virtualization offerings can help you reach your goals. Hear about customer innovations: Lawrence Livermore National Laboratory NASA Jet Propulsion Laboratory United Airlines For more information: The Difference and Value of Oracle Linux Oracle Linux for the Cloud-Enabled Data Center  

Today, Collaborate18 comes to a close, but there were some highlights we wanted to share… Oracle Keynote:  Steve Daheb, Senior Vice President of Oracle Cloud, spoke to a packed room as he covered...

Announcements

Announcing the Unbreakable Enterprise Kernel Release 4 Update 7 for Oracle Linux

What's New? The Unbreakable Enterprise Kernel Release 4 Update 7 uses the 4.1.12-124.14.1 version and includes several new features, added functionality and bug fixes across a range of subsystems. Notable changes KVM security fixes for retpoline support.  Security fixes have been implemented to mitigate against kernel or cross-process memory disclosure such as the attack vector used by Spectre V2. A backport was introduced to fix an issue that resulted in the use of a stale model-specific register (MSR) value generated by a previous VM exit where retpoline support is enabled in the host kernel.  RDS IPv6 support.  Support for the use of IPv6 addresses has been added to the kernel RDS and related modules. Existing RDS applications using IPv4 addresses are able to continue to run normally, but applications that require IPv6 addresses can do so by passing the address in struct sockaddr_in6 to bind(), connect() or sendmsg(). Added DTrace lockstat probes.  These probes can be viewed using dtrace -l -P lockstat. DTrace lockstat support allows for dynamic tracing of kernel locking events. For example, these probes can provide information on which locks are most frequently used, which locks exhibit the most contention and which locks are held longest. For more details on these and other new features and changes, please consult the Release Notes for the UEK R4 Update 7. Security (CVE) Fixes A full list of CVEs fixed in this release can be found in the Release Notes for the UEK R4 Update 7. Supported upgrade path Customers can upgrade existing Oracle Linux 6 and Oracle Linux 7 servers using the Unbreakable Linux Network or the Oracle Linux yum server. Software Download Oracle Linux can be downloaded, used and distributed free of charge and all updates and errata are freely available. This allows you to decide which of your systems require a support subscription and makes Oracle Linux an ideal choice for your development, testing and production systems. You decide which support coverage is the best for each of your systems individually, while keeping all of your systems up-to-date and secure. For customers with Oracle Linux Premier Support, you also receive access to zero-downtime kernel updates using Oracle Ksplice and support for Oracle OpenStack. Compatibility UEK R4 Update 7 is fully compatible with the previous UEK R4 updates. The kernel ABI for UEK R4 will remain unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to UEK R3 that require recompilation of third-party kernel modules on the system. Before installing UEK R4, verify its support status with your application vendor. Resources – Oracle Linux Documentation Oracle Linux Blogs Oracle Linux Blog Oracle OpenStack Blog Oracle Virtualization Blog Community Pages Oracle Linux Oracle OpenStack Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - http://oracle.com/education/linux    

What's New? The Unbreakable Enterprise Kernel Release 4 Update 7 uses the 4.1.12-124.14.1 version and includes several new features, added functionality and bug fixes across a range of subsystems. Notabl...

Events

Meet Us at Collaborate18

The conference is underway! It's filled with informative sessions, hands-on labs, demos, and an exhibit hall including a 5,000+sf Oracle booth. Immerse yourself in the Oracle products you need to grow your business – from apps to tech, on-premises, hybrid, or cloud, you’ll find it at Collaborate18. For more information about Oracle Linux, VM, OpenStack, and VirtualBox, stop by Oracle’s Booth: #855. You'll find our product experts at Kiosk 16. Demos include: Open Cloud Infrastructure with Oracle Linux, VM, OpenStack, and VirtualBox Watch Oracle Linux, Oracle OpenStack, and Oracle VM together build an open cloud infrastructure. Develop virtual appliances with Oracle VM VirtualBox, and deploy to Oracle VM Server and the cloud. You’ll also see how to automate your Oracle Database deployments with OpenStack. Secure and Agile Orchestration for Docker Containers with Oracle Linux Learn how to use Oracle Linux to provide a comprehensive container and orchestration environment for the delivery of microservices and next-generation application development. Secure Cloud Access for Enterprise Applications See how Oracle Secure Global Desktop provides secure remote access for cloud-hosted enterprise applications and desktops from a wide range of popular client devices. Run Your Applications in a Private Cloud Experience Oracle Private Cloud Appliance. It allows you to rapidly provision mixed Linux, Windows, and Oracle Solaris workloads, offering a cost-effective way to run applications in a private, on -premises cloud. Exhibit Hall Location: Bayside C, Level 1 Hours: Monday | 5:15 p.m. – 8 p.m. Welcome Reception Tuesday | 9:30 a.m. – 4:15 p.m. | 5:15 p.m. – 7 p.m. Happy Hour Wednesday | 10:45 a.m. – 4:15 p.m. Follow the conversation at #C18LV We look forward to meeting you at Collaborate18.  

The conference is underway! It's filled with informative sessions, hands-on labs, demos, and an exhibit hall including a 5,000+sf Oracle booth. Immerse yourself in the Oracle products you need to grow...

Oracle Linux 7 enters Common Criteria Evaluation

Before I get into talking about this, a word from Oracle Legal: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.  The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle Corporation.   That said, back in November 2017, Oracle Linux 7 has initiated a Common Criteria certification compliant to the US Protection Profile for General Purpose Operating Systems Version 4.1. The CCRA includes 28 countries; any evaluation done in one of the CCRA certifying countries are “mutually recognized.” Common Criteria is an international framework (ISO/IEC 15408) which defines a common approach for evaluating security features and capabilities of Information Technology security products. A certified product is one that a recognized Certification Body asserts as having been evaluated by a qualified, accredited, and independent evaluation laboratory competent in the field of IT security evaluation to the requirements of the Common Criteria and Common Methodology for Information Technology Security Evaluation. The Oracle Linux operating system is an open foundation for the cloud. It is developed and extensively tested with demanding enterprise workloads like Oracle Database as well as many third-party applications in public and private clouds. While Oracle Linux is open source and includes standard technologies, tools, and features, Oracle extends the release to deliver a complete, integrated, and supported platform for performance-driven production workloads. In addition to the Red Hat Compatible Kernel (RHCK), Oracle supplies the optimized Unbreakable Enterprise Kernel for Oracle Linux(UEK), which was first developed to support highly scalable Oracle Database, applications and Oracle Engineered Systems. Oracle provides flexible and cost-effective Linux support and the updates and software releases are free to download and distribute. The Oracle Linux 7 evaluation can be viewed on the Swedish Scheme Common Criteria In Process Page until the evaluation completes. For more information on Oracle’s participation in the Common Criteria program, please visit the main Common Criteria information page. For a complete list of Oracle products with Common Criteria certifications and FIPS 140-2 validations, please see the Security Evaluations website.

Before I get into talking about this, a word from Oracle Legal: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be...

Linux Kernel Development

Btrfs send/receive helps to move and backup your data

In this update, we share Btrfs functionality that helps make moving data between Btrfs volumes faster and more efficient. It's not new feature but it's an underutilized feature which showcases the unique capabilities of Btrfs as the native Linux copy-on-write filesystem. Btrfs send is introduced in Linux v3.5 and the amazing part is that it offers the ability of incremental update. Here I'll go through the command as a user and try to understand it as a btrfs developer. A user can transfer one whole subvolume tree to another btrfs filesystem by using 'send', keep in mind that the subvolume tree must be _readonly_, so the steps could be as simple as a few commands.  By 'whole subvolume tree' I mean both data and metadata will be transferred to the receive side, in order to do this, command 'send' uses pipe(2), which creates two file descriptors, one for reader and one for writer, it is the writer fd that kernel writes send's instructions to, and in the userspace progs retrives those instructions from the reader fd and writes to stdout by default. In the above example, we created another pipe to redirect stdout to the receive side. $ man btrfs-send usage: btrfs send [-ve] [-p ] [-c <clone-src>] [-f ] <subvol> [<subvol>...] Send the subvolume(s) to stdout. Sends the subvolume(s) specified by <subvol> to stdout. <subvol> should be read-only here. By default, this will send the whole subvolume. To do an incremental send, use '-p <parent>'. If you want to allow btrfs to clone from any additional local snapshots, use '-c <clone-src>' (multiple times where applicable). You must not specify clone sources unless you guarantee that these snapshots are exactly in the same state on both sides, the sender and the receiver. It is allowed to omit the '-p <parent>' option when '-c <clone-src>' options are given, in which case 'btrfs send' will determine a suitable parent among the clone sources itself. -e If sending multiple subvols at once, use the new format and omit the end-cmd between the subvols. -p <parent> Send an incremental stream from <parent> to <subvol>. -c <clone-src> Use this snapshot as a clone source for an incremental send (multiple allowed) -f <outfile> Output is normally written to stdout. To write to a file, use this option. An alternative would be to use pipes. --no-data send in NO_FILE_DATA mode, Note: the output stream does not contain any file data and thus cannot be used to transfer changes. This mode is faster and useful to show the differences in metadata. -v|--verbose enable verbose output to stderr, each occurrence of this option increases verbosity -q|--quiet suppress all messages, except errors $ btrfs subvolume snapshot -r /mnt/send/subvol /mnt/send/snapshot $ btrfs send /mnt/send/snapshot | btrfs receive /mnt/recv/ #then, we get a identical 'snapshot' under /mnt/recv_side $ ls /mnt/receive_side snapshot Then on the receive side, 'btrfs receive' is used to create a new subvolume (/mnt/recv/snapshot) and apply the instructions in the send stream to make it look like the one on the send side (/mnt/send/snapshot). This feature is often found to be helpful when people do regular backup on filesystem because it combines built-in easy and cheap snapshot with incremental updates. Paired with out-of-band deduplication, btrfs provides all the features to build a powerful backup appliance. Last but not least, please note that nothing comes for free, although creating a snapshot can be as easy, fast and cheap as nothing, deleting snapshot could be a factor to slow down the whole filesystem. It takes a good amount of efforts to traverse across several btrees to remove references on everything, and can consume CPU quite intensively. The problem is also known as "snowball effect of wandering trees". It's highly recommended to only keep snapshots which are necessary to have. About the options... -f <outfile> Although stdout is used by default, often its file descriptor can refer to tty(terminal), then we may get this error, $ btrfs send /mnt/btrfs/snap2 ERROR: not dumping send stream into a terminal, redirect it into a file # Fix this error with one of the following commands: btrfs send /mnt/snap > output btrfs send -f output /mnt/snap -p <parent> This option can potentially speed up a 'send-receive' process because it informs the receiver to create a snapshot of <parent> before applying changes passed in the send stream. It assumes that a previous send-receive had happened so that <parent> exists on both sender side and receiver side. Incremental updates can be applied with a minimum amount of effort by making a snapshot of <parent> on receiver side. It mostly works as expected, except one problem I observed, i.e. the receiver doesn't check whether <parent> is readonly or read-write. You can see this a) toggle off the RO bit of <parent> with 'btrfs property set -s subvol <parent> ro false' b) add or remove files/directories under <parent> then the snapshot on the sender side will not be identical to the snapshot on the receive side, here is an example, $ btrfs sub create /mnt/send/sub $ touch /mnt/send/sub/foo $ btrfs sub snap -r /mnt/send/sub /mnt/send/parent # send parent out $ btrfs send /mnt/send/parent | btrfs receive /mnt/recv/ # change parent and file under it $ btrfs property set -t subvol /mnt/recv/parent ro false $ truncate -s 4096 /mnt/recv/parent/foo $ btrfs sub snap -r /mnt/send/sub /mnt/send/update $ btrfs send -p /mnt/send/parent /mnt/send/update | btrfs receive /mnt/recv $ ls -l /mnt/send/update total 0 -rw-r--r-- 1 root root 0 Mar 6 11:13 foo $ ls -l /mnt/recv/update total 0 -rw-r--r-- 1 root root 4096 Mar 6 11:14 foo However, if 'foo' in /mnt/send/update has a non-zero size, it shows the correct size on receiver side, $ truncate -s 8192 /mnt/send/sub/foo $ btrfs sub snap -r /mnt/send/sub /mnt/send/update-new $ btrfs send -p /mnt/send/parent /mnt/send/update-new | btrfs receive /mnt/recv $ ls -l /mnt/send/update-new total 0 -rw-r--r-- 1 root root 8192 Mar 6 11:21 foo $ ls -l /mnt/recv/update-new total 0 -rw-r--r-- 1 root root 8192 Mar 6 11:21 foo 'btrfs receive' doesn't apply the file size if size is zero. These issues are under development. The correct way to make changes in a readonly snapshot is to create another snapshot of itself which has write access. -c <clone-src> To understand the option, we need to explain clone first. Clone simply refers to a kind of operation which allows two files (or two different parts within the same file) to share the same piece of data on disk, and copy-on-write will happen if any parts of the shared data gets changed. With '-c' option, the send-receive process can avoid transferring data in the send stream because the required data has been availalbe on the receiver side, all it needs to do is to do reflink from <clone-src>. Similar to '-p <parent>', it also assumes that <clone-src> exists on both sender side and receiver side, the difference is that '-c <clone-src>' only avoids tranferring data and '-p <parent>' avoids both data and metadata. To reach the best result, multiple <clone-src> can be given and 'btrfs send' will try to figure out the best fit parent to use, but in case of failing to do so, an error will be printed: 'parent determination failed for xxx'.

In this update, we share Btrfs functionality that helps make moving data between Btrfs volumes faster and more efficient. It's not new feature but it's an underutilized feature which showcases the...

Perspectives

Quick and Easy Installation of Oracle Database 12c on Oracle Linux in Oracle VM VirtualBox

In a previous blog post, I described the steps to streamline the pre-installation steps on Oracle Linux for Oracle Database 12c using the Database preinstallation package. In this post you will learn how to do a fully automated installation of Oracle Database 12c on Oracle Linux running in an Oracle VM VirtualBox guest. The tutorial is based on a Vagrantfile published in our Vagrant repo on GitHub.   Because this installation method uses VirtualBox, Vagrant and an Oracle Linux Vagrant Box, the whole process can be automated, requiring minimal to no input. Assuming you have VirtualBox, Vagrant and git installed, these are the steps needed to install Oracle Database: Clone the relevant GitHub repository Download the Oracle Database 12c installation media from OTN Issue a Vagrant to create the VM and start the Database installation process Wait 15-25 minutes, depending on your network bandwidth and machine horsepower Done The commands are straightforward: $ git clone https://github.com/oracle/vagrant-boxes $ cd vagrant-boxes/OracleDatabase/12.2.0.1 <download Oracle Database installation zip file> $ vagrant up How Does This Work?   Assuming you have the required tools in place, the steps summarized earlier cause Vagrant to do the following: read the Vagrantfile (more about that later) create a headless VM based on the pre-packaged Oracle Linux 7 Vagrant box provision the VM by runing a script that updates Oracle Linux to the latest available packages from Oracle Linux yum server performs Database pre-installation checks and installs required packages unzips the Database installion files, installs the Oracle Database 12c software creates a database and pluggable database container   After the installation has completed, you can either log in to the guest VM itself and interact with the Database there or, you can leave the VM running —headless— and connect from the host operating system to the Database using tools such as SQL Developer.   For step by step instructions on how to run an automated installation of Oracle Database 12c in a VirtualBox VM, connect to the Database and save and restore snapshots of the VM, read on...

In a previous blog post, I described the steps to streamline the pre-installation steps on Oracle Linux for Oracle Database 12c using the Database preinstallation package. In this post you will...

Announcements

Announcing the release of Oracle Linux 7 Update 5

Oracle is pleased to announce the general availability of Oracle Linux 7 Update 5 for the x86_64 architecture. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images will soon be available for download from the Oracle Software Delivery Cloud and Docker images will soon be available via Oracle Container Registry and Docker Hub. Oracle Linux 7 Update 5 ships with the following kernel packages: Unbreakable Enterprise Kernel (UEK) Release 4 (kernel-uek-4.1.12-112.16.4.el7uek) for x86-64 Red Hat Compatible Kernel (kernel-3.10.0-862.el7) for x86-64 Application Compatibility Oracle Linux maintains user space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that underlies the operating system. Existing applications in user space will continue to run unmodified on Oracle Linux 7 Update 5 with the UEK Release 4 and no re-certifications are needed for applications already certified with Red Hat Enterprise Linux 7 or Oracle Linux 7. Notable security-related features in this release: Support for Memory Protection Keys on recent Intel processors. This update includes support for the Memory Protection Keys hardware feature on recent Intel processors. CPUs provide this support through a new user-accessible register (PKRU) that contains two separate bits (Access Disable and Write Disable) for each key. Ability to unlock encrypted devices connected to a network during the boot process. Previously, block devices that were connected to a network could not be unlocked during the boot process because it was not possible to connect and decrypt these devices prior to starting any network services. SSLv3 disabled in mod_ssl. To improve security for SSL/TLS connections, support for SSLv3 in the default configuration for the httpd mod_ssl module has been disabled. This change also restricts the use of certain cryptographic cipher suites. KASLR for KVM guests added. Capability for Kernel address-space layout randomization (KASLR) for KVM guests has been added. Btrfs continues to be fully supported in Oracle Linux 7.5 with UEK. Btrfs support is deprecated in the Red Hat Compatible Kernel. For more details on these and other new features and changes, please consult the Oracle Linux 7 Update 5 Release Notes in the Oracle Linux Documentation Library. Oracle Linux can be downloaded, used and distributed free of charge and all updates and errata are freely available. Customers decide which of their systems require a support subscription. This makes Oracle Linux an ideal choice for development, testing and production systems. The customer decides which support coverage is the best for each individual systems, while keeping all of the systems up-to-date and secure. Customers with Oracle Linux Premier Support also receive support for additional Linux programs, including Ceph Storage, Oracle Linux software collections, Oracle OpenStack and zero-downtime kernel updates using Oracle Ksplice. For more information about Oracle Linux, please visit www.oracle.com/linux.

Oracle is pleased to announce the general availability of Oracle Linux 7 Update 5 for the x86_64 architecture. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and the Or...

Technologies

Deployment of OpenStack Looks Hard, but it isn't

  Need a simple and reliable way to deploy OpenStack? Read this... Authors: Corey Leong and Dilip Modi OpenStack project Kolla packages OpenStack services in Docker containers and provides a deployment tool using Ansible. Kolla takes away a lot of the pain of installing, configuring, and running the various OpenStack services. Oracle OpenStack is the first commercial OpenStack distribution to offer this capability. For more than two years, beginning with the Kilo release, Oracle OpenStack has included the OpenStack control plane in Docker containers, enabling simple and reliable deployment, updates and upgrades of OpenStack. As part of its OpenStack work, Oracle also developed and contributed upstream a command line interface (CLI) called kollacli to Kolla. Kollacli provides a simple, common, intuitive and consistent user interface, further simplifying OpenStack Kolla deployments. This alleviates the need for users to know various command syntax and complexities of Ansible or Docker Containers. Kollacli starts the CLI shell or runs CLI commands from the operating system prompt. Some of the kollacli commands include: kollacli host add: adds a host to the deployment kollacli group add/remove  <group_name>  (control, compute, network, storage, database,.) kollacli group add/remove host  <group_name> <host_name> kollacli host list: lists hosts and deployment groups kollacli property set: to configure OpenStack services kollacli host check: check host configuration kollacli deploy: performs deployment on all configured hosts kollacli host destroy: stops and removes Kolla containers on one or all hosts This  demo video walks you through an Oracle OpenStack deployment using the kollacli. In less than 20 minutes, you can learn how to: Prepare a master node for a deployment Setup target nodes and the kolla user Enable and set up OpenStack services Configure network properties Deploy services Verify a successful deployment Oracle provides you an easy, simple and reliable way to deploy OpenStack, as explained in this install guide. Give Oracle OpenStack a try with a free download.

  Need a simple and reliable way to deploy OpenStack? Read this... Authors: Corey Leong and Dilip Modi OpenStack project Kollapackages OpenStack services in Docker containers and provides a deployment...

You are Invited: Docker Government Summit - April 11, Washington D.C.

Join us for Docker Government Summit, to visualize your journey containers. Faster, more agile development is luring federal, state and local government and education to containers. We have real-world advice from container thought leaders who have helped agencies and universities successfully and smoothly make this transition. Date & Location APRIL 11, 2018 NEWSEUM 555 Pennsylvania Ave. NW Washington, DC 20001 Register now!   Program begins at 9am and ends at 4pm. (Registration & Networking Breakfast starts at 8:00 am)   Docker Government Summit brings together industry leaders and the ecosystem to help you build your strategy for IT modernization.   You are invited to attend the Oracle Breakout session :   April 11, 1:50-2:30pm Rapid Oracle Deployments with Docker Containers Speaker: Phil Morano, Oracle   Other featured sessions are: Lockheed Martin: The migration to cloud and implementation of a containerization strategy presented by Arjuna Rivera, IT Leader at Lockheed Martin   FDA: Business case for containerization, challenges it addresses and implementation best practices, presented by Aurotech and Docker   Virginia Tech case study: Dino apps need love too, the business case for modernizing traditional apps   Docker keynote featuring the modern app platform by Enterprise Edition to deliver agility, portability and security for all apps while optimizing costs   Docker Security Best Practices provides pragmatic guidance and reference architecture for secure infrastructure and apps - presented by Andy Clemenko, Docker Solutions Architect   Learning Labs features guided tutorials to try Docker Orchestration, Modernizing .NET apps, Deploying with Docker Enterprise Edition and Getting Started with Docker on Windows Server   View the full event agenda here.   Register using this link to receive your complimentary pass to attend .  

Join us for Docker Government Summit, to visualize your journey containers. Faster, more agile development is luring federal, state and local government and education to containers. We have real-world...

Oracle Linux Storage Appliance Now Supports Block Volumes

We are pleased to announce the release of Oracle Linux Storage Appliance 1.6.  Oracle Linux Storage Appliance is an Oracle Linux file server that provides a fast and easy way to build shared file systems on Oracle Cloud Infrastructure.  The appliance enables you to export files using multiple protocols including NFS version 3 and 4, and SMB version 3 (Samba). With this new release, you can use block volumes to set up the storage pool to create shared file systems on Oracle Cloud Infrastructure.  In addition, the appliance can now be deployed on any of the available Oracle Cloud Infrastructure compute shapes, including those without NVMe disks attached.   To use block volumes to create shared storage, deploy your appliance on an Oracle Cloud Infrastructure compute shape with no attached NVMe disks (ie. a Standard shape).  You will need to create the block volumes and attach them to the appliance instance. After you have deployed the appliance, you will be prompted to create the appliance storage pool at initial login to the web interface. You can then create your shares in a few easy steps. Simply navigate to the Storage page, select the Add button, and configure your share using NFS and/or SMB export protocols and settings.  Click on the ‘Create’ button and you’re done! Navigate to the Storage page to view storage status and utilization, and manage your shares. If you'd like to use NVMe storage to create your shares instead, deploy the appliance on a compute shape that has attached local NVMe disks (ie. a DenseIO shape). Oracle Linux Storage Appliance is available at no additional cost for Oracle Cloud Infrastructure subscribers. If you aren't subscribed already to Oracle Cloud, you can get started with $300 worth of free credits, so why not try it out Oracle Linux and Oracle Linux Storage Appliance today? For more information, visit the following links: Oracle Linux Storage Appliance Oracle Linux Storage Appliance Deployment and User’s Guide Oracle Linux Storage Appliance 1.6 Custom Image Download for Oracle Cloud Infrastructure  Oracle Linux 7 Administrator's Guide - Shared File System Administration Oracle Linux Blog Oracle Cloud Infrastructure Blog  

We are pleased to announce the release of Oracle Linux Storage Appliance 1.6.  Oracle Linux Storage Appliance is an Oracle Linux file server that provides a fast and easy way to build shared file ...

Linux

Oracle Linux 7 Administration Training Now Even Better

The popular Oracle Linux 7: System Administration course has just gotten even better. This course, which covers a range of topics including installation and configuration, has been updated with additional information on using Oracle Ksplice in different contexts and with tips for those using Oracle Linux on Oracle Cloud Infrastructure. You can take this core course in the following formats: Training-on-Demand: Start training straight away, following lecture delivery by an expert instructor, at your own pace, through streaming video and booking time to get hands-on experience when suits your schedule. Live-Virtual Event: Attend a live event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Events currently on the schedule include 2 and 23 April and 4 and 11 June 2018. In-Class Event: Travel to an education center to attend an event. You can influence the schedule by requesting a date and location that suits your needs. Common locations include Brazil, Canada, Colombia, Germany, Italy, Korea, Malaysia, Mexico, New Zealand, Philippines, Portugal, South Africa, Spain, Switzerland, Thailand, Turkey, United States and many more. Resources: Oracle Linux curriculum Oracle Linux Product Documentation Oracle Ksplice Oracle Cloud Infrastructure Products

The popular Oracle Linux 7: System Administration course has just gotten even better. This course, which covers a range of topics including installation and configuration, has been updated with...

Linux

New Task Based Learning for Oracle Linux on Oracle Cloud Infrastructure

We are very excited to announce the release of the all new course - Use Oracle Linux on Oracle Cloud Infrastructure. This course is part of Oracle University's digital learning subscription. By purchasing the Oracle University Cloud learning subscription, under Oracle Cloud Infrastructure Services, you access to a selection of learning paths to help you implement, administer, optimize and use Oracle Cloud. The Use Oracle Linux on Oracle Cloud Infrastructure course provides you with a series of short, easy to consume, instructor-led videos which guide you through steps that embark you on a journey of administering Oracle Linux on Oracle Cloud Infrastructure. You will begin by exploring the basic configurations of Oracle Linux and learning how to create Oracle Linux instances on a variety of available VM shapes. You will learn how to configure additional virtual network interfaces on public and private networks in the infrastructure and coordinate network security between Oracle Linux and Oracle Cloud Infrastructure. The content of the Oracle Cloud learning subscription teaches you tasks that are specific to the cloud. Additional content and assets on Oracle Linux tasks you can perform on Oracle Cloud Infrastructure will be added on an ongoing basis. This will permit you to continue learning. For many cloud administration tasks, you will draw on administration knowledge that applies equally well on or off cloud. Resources: Oracle Linux curriculum Oracle Cloud Infrastructure Products Oracle Cloud Infrastructure Product Documentation Oracle Linux Product Documentation

We are very excited to announce the release of the all new course - Use Oracle Linux on Oracle Cloud Infrastructure. This course is part of Oracle University's digital learning subscription. By...

Technologies

Need to Improve Your ROI for OpenStack? Read This…

Currently, many OpenStack deployments are for Dev/Ops, IT services, Test, QA and web services. However, the majority of mission critical business applications have remained on bare metal or virtualized environments as they were designed and built before the ‘cloud era’. And, many of these business applications use Oracle Database. Enterprises are looking to support these mission critical business applications with OpenStack to increase ROI. This is why you’ll want to know more about Oracle OpenStack. Broaden your OpenStack use by easily supporting enterprise applications Many customers that adopt database cloud report greater autonomy and agility for application developers, enabling faster time to market for enterprise applications and business innovation. Oracle OpenStack is the First in the industry to support automated deployment of Oracle Database to enable enterprise applications in OpenStack. Automated deployment of Oracle Database simplifies deployment of these enterprise applications. This guide answers common questions related to planning, designing, and deploying a private database cloud in an Oracle OpenStack environment. Drive costs out of the operations The biggest cost of operating OpenStack is deployment, updates and upgrades. Oracle OpenStack is the First in the industry to deploy the OpenStack control plane in Docker containers, enabling simple and reliable deployment, update and upgrade of OpenStack. Substantially reduce your support costs You can download and use Oracle OpenStack and Oracle Linux for an unlimited time without incurring cost. When you need support for Oracle OpenStack, it is available at no additional cost with a premier support subscription for Oracle Linux, Oracle VM, or Oracle Systems. Customers building from upstream and “rolling their own” OpenStack environments have realized that this can be a time and resource intensive endeavor. By using Oracle OpenStack you get a fully tested, hardened, and supported distribution that can be deployed in hours and not days or months, providing a jump start to developers. This can free up IT staff for more value-added contributions and innovation versus dealing with operational and support issues. Oracle offers significantly lower support costs for Oracle Linux and Oracle OpenStack compared to other commercial distributions. For these reasons, Oracle can help you increase ROI on your OpenStack environment. Give Oracle OpenStack a try with a free download.

Currently, many OpenStack deployments are for Dev/Ops, IT services, Test, QA and web services. However, the majority of mission critical business applications have remained on bare metal or...

Announcements

Oracle Container Runtime for Docker on Oracle Linux for ARM

We are pleased to announce the availability of the Oracle Container Runtime for Docker for the ARM64 architecture. To install, simply run the following command: # yum install docker-engine We are also pleased to announce that the official Oracle Linux image on the Docker Hub has been updated to support both the x86_64 and ARM64 architectures. To pull the latest Oracle Linux 7 base image from the Docker Hub, you can run: # docker pull oraclelinux:7-slim And Docker will automatically pull the correct image for your architecture. We recommend using the 7-slim tag as it provides the smallest possible Oracle Linux 7 base image and is used by all of the Oracle product images published in our Docker Images repository on GitHub, however we also provide the latest, 7 and 7.4 tags if you prefer: REPOSITORY TAG IMAGE ID CREATED SIZE oraclelinux 7 b5e0e6470f16 2 hours ago 279MB oraclelinux 7.4 b5e0e6470f16 2 hours ago 279MB oraclelinux latest b5e0e6470f16 2 hours ago 279MB oraclelinux 7-slim fdaeac435bbd 2 hours ago 146MB Note that there are no Oracle product images available for the ARM64 architecture yet. Support Oracle Linux for ARM is provided as a developer preview and is not covered by Oracle Linux support. If you have any issues, community support is available on in the Oracle Linux for ARM space on the Oracle Technology Network.

We are pleased to announce the availability of the Oracle Container Runtime for Docker for the ARM64 architecture. To install, simply run the following command: # yum install docker-engine We are also...

Linux Kernel Development

An Update on Retpoline-enabled Kernels for Oracle Linux

In January, researchers disclosed flaws in speculative execution known as Meltdown and Spectre. Oracle published official guidance in this support note: Responding to the Spectre and Meltdown vulnerabilities (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) in Oracle Linux and Oracle VM on Oracle X86 Servers (Doc ID 2370398.1) At that time, we shipped mitigations for these security issues which depended on special Intel microcode. We're excited to announce that our latest kernel release kernel-uek-4.1.12-112.16.4 contains faster, retpoline-based mitigations for Spectre Variant 2 (CVE-2017-5715). This kernel is available for both Oracle Linux 7 and Oracle Linux 6. Along with the existing patches for UEK Release 2, UEK Release 3 and the Red Hat Compatible Kernel for Oracle Linux 6 and 7, this provides a full complement of the latest software mitigations for the Spectre and Meltdown vulnerabilities in Oracle Linux. And we've published all the source on github.com here. Oracle also ported the Spectre Variant 2 mitigations into Xen, using IBRS/IBPB mitigations in January. We're about to release retpoline mitigations for Xen on Oracle VM 3.4. This will ensure full protection from Meltdown/Spectre-type attacks for all our supported hypervisors: Oracle VM 3.2, Oracle VM 3.3 and Oracle VM 3.4 and kvm. A discussion of the advantages of Retpolines can be found in this intel.com white paper and in this google.com support article. Retpolines are a software mitigation performed by the compiler which isolates indirect branches from speculative execution. Derived of "return trampoline", retpoline mitigations have significantly less performance overhead than microcode-based mitigation, and under some workloads can bring performance to near pre-patched levels. Retpolines are enabled by recompiling the kernel (and kernel modules) with a retpoline-aware gcc compiler, which is available in Oracle Linux 7 (and also Oracle Linux 6). Our compiler experts ported this support into the gcc-4.8 and gcc-4.4 compilers, and the compilers are available on yum.oracle.com for public download. This was a prerequisite to making retpoline-enabled kernels available on Oracle Linux, which could use the compiler features to self-protect the kernel against the Spectre Variant 2 attacks. Recompilation of applications is not required. The alternative to using retpoline is IBRS, Indirect Branch Restricted Speculation, and calls a special SPEC_CTRL MSR (model-specific register) defined in the latest microcode updates from Intel. IBRS uses microcode to mitigate the security vulnerabilities. IBRS causes a significant drop in performance under some workloads. A second MSR, IBPB (Indirect Branch Predictor Barrier) is still used for some specific use cases even when retpoline is available. There are a number of caveats to using retpolines as a mitigation: first, the hardware has to support retpoline: some modern hardware can ignore the retpoline mitigation and continue speculating instructions. Second, any loadable kernel modules must also be compiled with a retpoline-aware compiler, otherwise the kernel can still be vulnerable. The latest kernel-uek will automatically detect each of these conditions and enable microcode-based IBRS mitigation. The fallback, IBRS mitigation, requires updated microcode on the system. Therefore we always recommend updating system microcode to the latest-available from your hardware vendor. The updated Intel microcode introduces the SPEC_CTRL MSR but does not invoke it -- the kernel has to invoke the MSR. This kernel behavior can be enabled or disabled by the user, so loading the updated microcode on a system where you plan to disable IBRS will not have a performance impact. Microcode does not need to be updated in guest (virtual machine) systems: as long as the host system has the correct microcode and updated software (Xen or qemu), the hypervisor will pass through the MSRs necessary for the guest to protect itself. Third Party Kernel Modules: Any third-party kernel modules must be recompiled with a retpoline-aware compiler. While the kABI guarantees in UEK ensure that previously-compiled modules will load, if those modules are not retpoline aware then the whole kernel will re-enable IBRS protections and the performance advantage of retpolines will be lost.  This includes customers running Oracle Grid Infrastructure software: please update your kernel modules to retpoline-compiled versions! There's a tracking bug (Bug 27463879) for recompiling usm drivers with latest gcc and several MOS notes to help you with this process: ACFS -  MOS Note 1369107.1 and ASMFD - MOS Note 203468.1 as well as specific notes for Exadata (Note 2356385.1) and ODA (Note 2377658.1). Repolines are not required. Retpoline-enabled kernels provide a performance enhancement, but if you have a security-patched kernel without retpolines, it is not critical to pull in these patches immediately. Microcode updates are required: Many scenarios exist where the system may have to fall back to IBRS (microcode-based) mitigations, which will fail if the microcode has not been updated on the system. It's imperative, even if you are able to take advantage of retpolines, to have the microcode available as a fallback.  There are numerous edge cases (kvm, hardened GPG, Xen, hardware limitations, ..) where retpoline mitigations are not sufficient. You don't want to see the following message, which will appear in your 'dmesg' output if the microcode is out-of-date. [ 358.742211] kmod: loading module not compiled with retpoline compiler. [ 358.742214] Spectre V2 : Disabling Spectre v2 mitigation retpoline. [ 358.749417] Spectre V2 : Could not enable IBRS. [ 358.754569] Spectre V2 : No Spectre v2 mitigation to fall back to. [ 358.761587] Spectre V2 : system may be vulnerable to spectre Boot-time logs if retpolines are not possible and IBRS-capable microcode is not available. No application recompile: There is no need to recompile applications to allow the kernel to use retpoline; only loadable kernel modules must be recompiled. In summary: Oracle Linux 6 and 7  with UEK 2, 3 and 4 as well as RHCK address Spectre variants 1, 2, and 3 Our latest Unbreakable Enterprise Kernel release 4 include retpoline-based mitigations for Spectre variant 2 The retpoline-enabled UEK4 offers a significant performance boost over previous releases with microcode-basd Spectre mitigations UEK4 with retpoline mitigations will only work on certain hardware and requires all kernel modules to be compiled with a retpoline-aware compiler UEK4 with retpoline mitigations will fall back on microcode-based protections automatically if conditions necessary for retpoline support are not met All this and more in the My Oracle Support document: Doc ID 2370398.1

In January, researchers disclosed flaws in speculative execution known as Meltdown and Spectre. Oracle published official guidance in this support note: Responding to the Spectre and Meltdown...

Linux Kernel Development

Tips and Tricks for IPsec on Intel 10 Gbe NICs

Shannon Nelson is a Linux kernel driver expert and kernel developer who has been looking at accelerating IPsec performance. In this blog blog post, he shows how to reduce the overhead of running with IPsec enabled.  IPsec has been gaining in popularity, but is quite a hit against network throughput, making multi-Gigabit network connections slow to Megabit speeds.  With support for IPsec hardware offload recently added to the Linux kernel's network stack, Oracle has added IPsec offload support to the kernel driver for Intel's 10 GbE family of NICs, bringing throughput back into the multi-Gigabit range. IPsec Offload In Linux IPsec (Internet Protocol Security), for encrypting network traffic, has been gaining in popularity as the cloud supported networks have grown.  However, it becomes quite a hit against network data throughput. Enabling full message encryption can easily take a 10 GbE link down to the 200 Mbps range, and suck down a lot of server CPU cycles in the process. While other operating systems have supported for some time the offloading of IPsec encryption to hardware, the Linux kernel has only recently added it.  The initial patches to expand the XFRM framework were accepted into the 4.11 kernel in Spring of 2017 [1], and was first used by the Mellanox mlx5e network driver.  Some background for this work can be found in the IPsec presentations at the recent Netdevcon conferences [2] [3] .  Similar work has also been done in DPDK implementations, but these bypass the Linux kernel and are not useful for normal applications [4]. Intel's current family of 10 GbE network devices originally came out in 2007 with the 82598, but hardware support for IPsec offload didn't appear until the 82599 (aka x540) was released in 2009.  Support for this hardware offload was added into the Microsoft Windows mini-driver at that time, but it was left unimplemented in the Linux driver. The NICs are capable of offloading the AES-128-GMAC and AES-128-GCM, and can offload 1024 Security Associatsions (SAs) for each of Tx and Rx directions.  Only 128 incoming IP addresses can be specified, but several Rx SAs can share an IP address.  To make the Rx decode faster, special Content Addressable Memory is used for the Rx SA tables. Oracle Activity Oracle provides platforms that use Intel's 10 GbE device, so it is in our best interest to be sure that our customers have access to the security and performance they need to be successful.  Given the recent Linux kernel support, we embarked on adding support for the IPsec hardware offload in ixgbe, the driver for Intel's 10 GbE NICs.  Intel had done some early work to add this feature to their driver as the kernel support was being developed in 2016, with encouragement from Oracle developers, but their effort got sidetracked by other priorities.  We were able to build from this work as a head-start to a working implementation. Theory of Operations When the ixgbe driver is loaded and sets up its network data structures, it sets the NETIF_F_HW_ESP netdev feature flag to signal support for the IPsec offload, and initializes the xfrmdev_ops callbacks.  It also clears the hardware tables and sets up the software shadow tables, but leaves the offload engine disabled until the first Security Association is added in order to save on the chip's power requirements.  The software shadow tables track the hardware table contents for faster searches and for table reloads on hardware resets. As the user adds and removes the SAs and their encryption keys, the driver's xdo_dev_state_add and xdo_dev_state_delete functions are called to update the hardware tables.  When the last SA is removed, the offload engine is disabled, again to save on power requirements.  SAs can be managed on the Linux command line via the 'ip' command, or through use of 3rd party applications such as StrongSwan, LibreSwan, and others. A "simple" pair of 'ip' commands to encrypt TCP traffic to and from a server through network port eth4 might look something like this: ip xfrm policy add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \     proto tcp tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \     spi 0x07 mode transport reqid 0x07 ip xfrm policy add dir in src 14.0.0.70/24 dst 14.0.0.52/24 \     proto tcp tmpl proto esp dst 14.0.0.52 src 14.0.0.70 \     spi 0x07 mode transport reqid 0x07 ip xfrm state add proto esp src 14.0.0.52 dst 14.0.0.70 \     spi 0x07 mode transport reqid 0x07 replay-window 32 \     aead 'rfc4106(gcm(aes))' 0x44434241343332312423222114131211f4f3f2f1 128 \     sel src 14.0.0.52/24 dst 14.0.0.70/24 proto tcp \     offload dev eth4 dir out ip xfrm state add proto esp dst 14.0.0.52 src 14.0.0.70 \     spi 0x07 mode transport reqid 0x07 replay-window 32 \     aead 'rfc4106(gcm(aes))' 0x44434241343332312423222114131211f4f3f2f1 128 \     sel src 14.0.0.70/24 dst 14.0.0.52/24 proto tcp \     offload dev eth4 dir in   A similar set of commands would be required on the remote host, but with this src and dst parameters swapped.  Both sides need to have the hardware offload enabled in order to get the throughput benefit. When a network packet is to be encrypted before sending, the packet's skb (socket data buffer) is given to the driver and has a pointer to the SA information.  The network stack has already inserted the encryption headers into the data packet, but without filling in the final encryption information.  The driver sets up the hardware to do the encryption using the specific SA - in the ixgbe case, the driver sets up a special Tx Context Descriptor that contains the encryption information - and the driver hands the packets to the NIC hardware.  The encryption engine uses the indicated encryption key to encode the packet data, fills in the rest of the header data, and sends the packet on its way. On receipt of a packet, the decryption engine looks at the packet header to see if it matches any of the Rx SAs that have been loaded.  If so, the key is used to decode the packet and the driver is informed there was a decryption.  The driver fills out a new packet skb with with decryption information and hands it up the kernel stack.  The XFRM receive code then strips off the extra headers before routing the packet to the destination user program. Current Status At this writing, the driver's offload feature has been submitted to Intel's driver code tree and is expected to be pushed to the upstream net-next tree soon, targeting release in the v4.16 kernel.  The feature should be supported in the up-coming UEK5 distribution from Oracle. In a simple TCP stream test on a pair of Oracle x5-2 systems over the 10 GbE NICs, the data throughput goes from around 330 Mbps using the default software IPsec to around 7 Gbps with the hardware offload enabled on both ends.  Currently the checksum and TSO offloads in conjunction with IPsec offload are not yet implemented.  The throughput should get near to line rate once these are completed. Many thanks go to the Intel folks, especially Jesse Brandeburg, for their support in better understanding the hardware operations, and to Steffen Klassert and the XFRM folks for their help with using the XFRM framework. References 1. xfrm: Add an IPsec hardware offloading API  https://patchwork.ozlabs.org/patch/752710/ 2. Netdevconf 1.2 IPsec workshop https://netdevconf.org/1.2/session.html?steffen-klassert 3. Netdevconf 2.2 IPsec workshop https://netdevconf.org/2.2/session.html?klassert-ipsec-workshop 4. Efficient serving of VPN endpoints on COTS server hardware https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/CloudNet2016.pdf

Shannon Nelson is a Linux kernel driver expert and kernel developer who has been looking at accelerating IPsec performance. In this blog blog post, he shows how to reduce the overhead of running with...

Announcements

Oracle Linux for ARM Developer Preview being Demo’d by Ampere and Cavium at OCP

Tomorrow is the start of the 2018 Open Compute Project (OCP) US Summit, being held March 20 – 21, at the San Jose Convention Center. If you are at the show, don’t miss the Oracle Linux for ARM64 developer preview being demo’d by Ampere (booth #A32) and Cavium (booth #37). The ARM64 architecture and ecosystem is growing and customers are interested in the value ARM offers, as it delivers strong performance and scalability for the growing demands of enterprise and cloud computing workloads. These Oracle Linux demos highlight Oracle’s commitment to building and optimizing an enterprise-class Linux operating system for ARM-based processors and providing access to a modern Linux kernel and development environment to help partners and customers start building next-generation solutions. Oracle Linux for ARM is available as a developer preview release from the Oracle Technology Network and is free to download, distribute and use. We encourage developers, ISVs and IHVs to utilize this as their test and development platform, however, keep in mind this release is a preview and is not covered by Oracle Linux support subscriptions.   More about Oracle Linux for ARM: Download Oracle Linux for ARM developer preview Developer Community Oracle Linux Wim Coekaerts blog

Tomorrow is the start of the 2018 Open Compute Project (OCP) US Summit, being held March 20 – 21, at the San Jose Convention Center. If you are at the show, don’t miss the Oracle Linux for ARM64...

Linux

Learn Linux from Oracle, a Key Linux Contributor

Oracle's key Linux contributions highlight Oracle's technical leadership and dedication to the worldwide success of Linux for organizations of all sizes and across all industries. The easiest way to benefit from this expertise is to learn about Linux from Oracle. You can do so by taking online training through the self-paced training-on-demand format. Choose the course that best fits your needs: Oracle Linux 7: System Administration - learn a range of skills including installation, using the Unbreakable Enterprise Kernel, configuring Linux services, preparing the system for the Oracle Database, monitoring and troubleshooting. In this course, you will be introduced to using Oracle Cloud. Oracle Linux 7: Advanced Administration - learn to automate OS installation, recover from boot problems and configure networking and authentication services. Explore shared storage configuration, implement virtualization services implementation, and system resources management. Versions of these courses are also available for those using Oracle Linux 5 or 6: Oracle Linux 5 & 6 System Administration Oracle Linux 5 & 6 Advanced Administration Resources: Register for an event or learn more about the Oracle Linux curriculum at http://oracle.com/education/linux Oracle Linux Product Documentation Oracle Linux Product Page

Oracle's key Linux contributions highlight Oracle's technical leadership and dedication to the worldwide success of Linux for organizations of all sizes and across all industries. The easiest way to...

Linux Kernel Development

Development Versions of Oracle Linux UEK now available on GitHub

The source for UEK has always been available at oss.oracle.com, as a git repository with full git history. Starting now, we'll also be posting the UEK source on github.com/oracle/linux-uek. By doing so, we intend  to increase the visibility for our work and to make it even easier for people to access the source for UEK. We will also use this repository for working with developers at partner companies and in the Linux community. The repository contains the source for the Unbreakable Enterprise Kernel including a small number of Oracle additions which have not yet been accepted into the mainline Linux kernel source tree.    The Unbreakable Enterprise Kernel (UEK) is a Linux kernel built by Oracle and supported via Oracle Linux support. Its focus is performance, stability, and minimal backports by tracking the mainline source code as closely as is practical. UEK is well-tested and used to run Oracle's Engineered Systems, Oracle Cloud Infrastructure, and large enterprise deployments for Oracle customers.     We're posting the source on GitHub for our weekly development builds. Building from this repository requires additional dependencies which are indicated on the GitHub README file. The source for production builds will continue to be available via git here.       kernel.org version Release Status Supported Userspace UEK Release 5: github uek5/master v4.14 Development Oracle Linux 7 UEK Release 4: github uek4/master v4.1 Production Oracle Linux 6, Oracle Linux 7 UEK Release 3: github uek3/master v3.8 Production Oracle Linux 5, Oracle Linux 6, Oracle Linux 7 UEK Release 2: github uek2/master  v3.0 Production Oracle Linux 5, Oracle Linux 6   Oracle is a long-time contributor to Linux and we have always had a strong emphasis on upstreaming and open-sourcing our changes to the kernel. Keeping our changes open source allows us to integrate with upstream Linux kernels quickly, which also means we have state-of-the-art drivers and filesystems, hardware support, and security fixes from the community...in addition to the work we have contributed ourselves.     Since 2007, Oracle has contributed more than 400,000 lines of code to Linux, and been ranked in the top 15 all-time contributors to Linux with more than 7,500 changesets. For example, Btrfs OCFS2, and RDS were originally written and submitted at Oracle. Also XFS —whose maintainer works at Oracle— and NFS have seen significant contributions. Oracle's Linux team is a top ten contributor in each upstream kernel release. Our mission is to improve Linux, which means higher performance, better security, and more advanced diagnosability. We also focus on the fundamentals of the OS, improving the scheduler and core memory allocation routines.    Please ask questions, report issues or provide suggestions in the Oracle Linux and UEK Preview space in the Oracle Developer Community. We will not accept pull requests via GitHub, but pointers to upstream commits are welcomed. The UEK source is published on github without support. For compiled binaries and a supported enterprise distribution, Oracle Linux is free to download, distribute and use and can be obtained from http://www.oracle.com/technetwork/server-storage/linux/downloads/index.html.  Individual packages and updates are available on the Oracle Linux yum server.

The source for UEK has always been available at oss.oracle.com, as a git repository with full git history. Starting now, we'll also be posting the UEK source on github.com/oracle/linux-uek. By doing so, we...

Linux Kernel Development

Tracing Linux Networking with DTrace on Oracle Linux

In this post from Alan Maguire, he shows how to use DTrace to inspect common network-related system calls. DTrace is a powerful tracing tool for understanding user and kernel processes. We've been steadily adding DTrace support for networking in Oracle Linux. Let's see how we can use these probes to better understand network behaviour. Let's do a quick tour to see what sort of support is available for dynamic tracing the network stack. Before diving into the details though, it's worth asking why use DTrace at all? Don't we have enough tools in the networking space? The reasons I use it are: DTrace is open-ended while being production-safe. So in other words if I want to find something out, there's usually a way of doing it, and most importantly I can do that without panic'ing a system. The hard part of course is forming those questions into queries that DTrace understands. I hope the next few blog posts will provide some useful hints on how to do so. DTrace allows me to reach across multiple subsystems, e.g. how effectively are interrupts being coalesced when receiving packets? Which locks are hot on the network receive path? In cloud environments especially, it's critical to be able to connect the dots from network behaviour to other subsystems and abstractions. People love to blame "the network". DTrace allows us to see where the costs are really incurred. Socket layer: syscall provider - available since UEK2 As on other operating systems, the syscall provider is avaiable and we can trace network-related system calls - sendto, sendmsg, sendmmsg, recvfrom, recvmsg, recvmmsg. Here's a simple example - trace bytes sent on a per-executable basis. Hit Ctrl+C when you're done collecting info. # dtrace -n 'syscall::sendto:entry { @c[execname] = sum(arg2); }' dtrace: description 'syscall::sendto:entry ' matched 1 probe ^C DNS Resolver #6 65 ping 192 Socket Thread 2006 vpnagentd 3872 This is what we call a DTrace one-liner. Let's examine it piece-by-piece. The -n option says we are directly specifying our probes rather than using a DTrace script (if we wanted to do that, we would use "dtrace -s <scriptname>"). The probe is a 4-element description, with each element separated by a ":". The first element is the provider - the DTrace subsystem which we are using. In this case it is "syscall". The second is the module, which is relevant for other DTrace providers but not here (for Linux it is always "vmlinux", so we can leave it blank). The third is the function - in the case of the syscall provider, that's the system call name. And finally we have the probe name. For each system call there are two probes, entry and return, corresponding to system call request/completion. Next is the action,contained in the curly brackets. DTrace code takes the form "probe /predicate/ { action }". In this case we have no predicate, but if we did it would determine if the body was executed or not. Next let's describe the action. Here we are using an aggregation variable "c" - the aggregation is signified by the "@" symbol. Aggregations can specify multiple keys in between the square brackets, and the associated values for the various sets of keys are computed using one of the aggregating functions sum(), count(), avg() etc.  Aggregations are collected efficientl in-kernel. Here we are sum()ing arg2 - the third argument to sendto(), which if you look at the manual page you will see is the size.   So to summarize, our one-liner says "show me the sum total of bytes sent via sendto() system calls, and collect the sums for each program name" ("execname" is a built in variable that references the current process executable name). Now of course these are requests, and some may fail.  Again note that the probe we used was syscall::sendto:entry.  There is also a corresponding syscall::sendto:return. A common pattern in DTrace is to measure how long it takes from :entry to :return.   Layer 4 (Transport layer): TCP, UDP providers - available since UEK4QU5 In Linux – as in Solaris – we have transport-level providers for TCP and UDP. These trace transmit/receive events, and for TCP we also trace TCP state machine transitions and connection establishment milestones. # dtrace -l -P udp ID PROVIDER MODULE FUNCTION NAME 1836 udp vmlinux udp_send_skb send 1838 udp vmlinux udp_recvmsg receive 1840 udp vmlinux udp_queue_rcv_skb receive 1868 udp vmlinux udp_v6_send_skb send 1869 udp vmlinux udpv6_recvmsg receive 1871 udp vmlinux udpv6_queue_rcv_skb receive # dtrace -l -P tcp ID PROVIDER MODULE FUNCTION NAME 1818 tcp vmlinux tcp_set_state state-change 1819 tcp vmlinux tcp_conn_request state-change 1820 tcp vmlinux tcp_finish_connect connect-established 1821 tcp vmlinux tcp_rcv_state_process accept-established 1822 tcp vmlinux tcp_rcv_state_process connect-refused 1823 tcp vmlinux tcp_transmit_skb send 1824 tcp vmlinux tcp_transmit_skb connect-request 1825 tcp vmlinux tcp_connect state-change 1826 tcp vmlinux tcp_v4_send_ack send 1827 tcp vmlinux tcp_v4_send_reset send 1828 tcp vmlinux tcp_v4_send_reset accept-refused 1829 tcp vmlinux tcp_v4_send_synack send 1830 tcp vmlinux tcp_v4_rcv receive 1831 tcp vmlinux tcp_time_wait state-change 1882 tcp vmlinux tcp_v6_send_response send 1883 tcp vmlinux tcp_v6_send_response accept-refused 1884 tcp vmlinux tcp_v6_send_synack send 1885 tcp vmlinux tcp_v6_rcv receive   Here's a quick example - what systems (remote IP) are we refusing connections to, and which ports are they trying to connect to? # dtrace -n 'tcp:::accept-refused { @c[args[2]->ip_daddr, args[4]->tcp_sport] = count(); }' dtrace: description 'tcp:::accept-refused ' matched 2 probes ^C 127.0.0.1 7 1 I telnet'ed port 7 locally in another window to generate this. Port 7 was closed so we see 1 connection being refused. The TCP, UDP and IP providers are all static-defined tracing (SDT) providers. The idea of these is that rather than trying to write probes that sit on ever-changing function entry or return to gather information from data structures that are also changing, we define a set of events of interest, and each place in the code that these events occur we place a static probe. So for example we can see that the tcp:::send probe is in tcp_v4_send_reset, tcp_v4_send_ack, etc. Importantly, these probes also define stable translators which take the OS-specific structures and translate them into stable arguments that DTrace consumers can rely on.  To see the relevant deinifitions for Oracle Linux, you can look in /usr/lib64/dtrace/4.1/tcp.d, udp.d, ip.d.   For the most part we have preserved compatibility with Solaris. If there's something missing you really need, let us know! Here's how the various arguments look. We use args[0] instead of arg0 to let DTrace know we're trying to access the stable, translated argument. The raw arguments are still available via arg0, arg1 etc. args[0] - pktinfo_t * [packet information] args[1] - csinfo_t * [ connection information] args[2] - ipinfo_t * [IP protocol information] args[3] - tcpsinfo_t * for TCP, udpsinfo_t * for UDP [TCP/UDP state information] args[4] - tcpinfo_t * for TCP, udpinfo_t * for UDP [TCP/UDP header information] Layer 3 (IP provider) - available since UEK4QU4 The IP provider traces send, receive, and inbound/outbound drops. # dtrace -l -P ip ID PROVIDER MODULE FUNCTION NAME 1839 ip vmlinux ip_rcv_finish drop-in 1840 ip vmlinux ip_local_deliver receive 1841 ip vmlinux ip_rcv drop-in 1842 ip vmlinux __ip_append_data drop-out 1843 ip vmlinux __ip_local_out_sk send 1844 ip vmlinux ip_append_page drop-out 1845 ip vmlinux ip_send_skb drop-out 1861 ip vmlinux raw_sendmsg send 1878 ip vmlinux __ip6_flush_pending_frames drop-out 1879 ip vmlinux ip6_xmit send 1880 ip vmlinux ip6_xmit drop-out 1881 ip vmlinux ip6_finish_output2 drop-out 1882 ip vmlinux __ip6_append_data drop-out 1883 ip vmlinux ip6_forward drop-out 1884 ip vmlinux ip6_output drop-out 1885 ip vmlinux ip6_send_skb drop-out 1886 ip vmlinux ip6_input_finish drop-in 1887 ip vmlinux ipv6_rcv drop-in 1888 ip vmlinux ip6_input receive 1895 ip vmlinux ndisc_send_skb send 1900 ip vmlinux rawv6_sendmsg send 1903 ip vmlinux mld_sendpack send 1904 ip vmlinux mld_sendpack drop-out 1905 ip vmlinux igmp6_send send 1906 ip vmlinux igmp6_send drop-out 1923 ip vmlinux __ip6_local_out_sk send For IP the arguments are args[0] - pktinfo_t * [packet information] args[1] - csinfo_t * [connection information] args[2] - ipinfo_t * [IP protocol information] args[3] - ifinfo_t * [IP interface info] args[4] - ipv4info_t * [IPv6 header info if IPv6 packet] args[5] - ipv6info_t * [IPv6 header info if IPv6 packet]   Other DTrace on Oracle Linux includes a perf provider, which traces perf events. And of course function boundary tracing (fbt) is available too. Here's an example of using function boundary tracing to get counts of socket buffer (struct sk_buff) allocation sizes. sk_buff is the key structure for network data, and here we're examining the counts in each power-of-two bucket 0-1, 1-2, 2-4, etc - this is the quantize() aggregating action. We see for example that the majority were in the 2048-4096 range. # dtrace -n 'fbt::__alloc_skb:entry { @size = quantize(arg0); }' dtrace: description 'fbt::__alloc_skb:entry ' matched 1 probe ^C value ------------- Distribution ------------- count -1 | 0 0 | 80 1 | 3 2 | 0 4 | 137 8 | 988 16 |@@ 5719 32 |@@@@@ 10977 64 | 779 128 |@@@ 6805 256 |@@@@@@@@@@@ 25462 512 | 508 1024 |@@ 5108 2048 |@@@@@@@@@@@@@@@@ 39011 4096 | 8 8192 | 0 16384 | 16 32768 | 0 We'll describe some more examples using fbt and perf providers in a future blog post!

In this post from Alan Maguire, he shows how to use DTrace to inspect common network-related system calls. DTrace is a powerful tracing tool for understanding user and kernel processes. We've been...

New Release of Oracle Linux Storage Appliance Adds Samba Support

Oracle Linux Storage Appliance 1.5 is now available for Oracle Cloud Infrastructure.  With Oracle Linux Storage Appliance, you can quickly and easily build NFS and Samba shared file systems using NVMe devices attached to Oracle Cloud Infrastructure compute instances.  It is available at no additional cost with an Oracle Cloud Infrastructure subscription. In this new release, we’ve added the ability to export shares using the SMB protocol via Samba.  In addition to NFS, you can now configure SMB export protocol resources for your shares.  Multiple NFS and SMB exports are supported for the same share, and access rights can be restricted based on host names and IP addresses. To install Oracle Linux Storage Appliance, follow the instructions in the Oracle Linux Storage Appliance Deployment and User's Guide.  To upgrade your existing installation with the latest security updates and version, simply go to the Administration tab in the web interface and select the ‘Update Appliance’ button.   Creating a Samba share is simple: 1)  Login to the web interface and navigate to the Storage tab.  This page allows you to view, manage, back up, and restore your shares.  Information about its associated NFS and SMB exports, backup status, size and utilization is also available at a glance.  To add a share, select the ‘Add’ button. 2)  Under the ‘Add export’ dropdown menu select ‘SMB export’ and specify your settings.  You can add multiple NFS and SMB export resources to your share. Click on ‘Create’ and you are done! You can also add Samba support to an existing share by navigating to the Storage page, selecting the ‘View/Modify’ option under Actions dropdown, and configuring a SMB export protocol resource for the share. In this release, we’ve also included reporting enhancements to show additional status and services details of your Oracle Linux Storage Appliance. For more information on Oracle Linux and Oracle Linux Storage Appliance for Oracle Cloud Infrastructure visit: Oracle Linux Storage Appliance Oracle Linux Storage Appliance Deployment and User's Guide Oracle Linux 7 Administrator's Guide - Shared File System Administration Oracle Linux for Oracle Cloud Infrastructure  

Oracle Linux Storage Appliance 1.5 is now available for Oracle Cloud Infrastructure.  With Oracle Linux Storage Appliance, you can quickly and easily build NFS and Samba shared file systems using NVMe...

Announcements

Announcing Oracle Container Services 1.1.9 for use with Kubernetes

Oracle is pleased to announce the first supported release of Oracle Container Services for use with Kubernetes®. Release Information Oracle Container Services 1.1.9 for use with Kubernetes is based on Kubernetes version 1.9.1, as released upstream. It is available for Oracle Linux 7 and is designed to integrate with the Oracle Container Runtime for Docker provided and supported by Oracle. Oracle Container Services for use with Kubernetes runs in a series of Docker containers. These images are available from the Oracle Container Registry. Features in this release of Oracle Container Services for use with Kubernetes include upstream Kubernetes 1.9 software packaged for Oracle Linux, setup and configuration utilities, the Kubernetes Dashboard software, cluster backup and restore tools and integration testing for use with Oracle Cloud Infrastructure. Oracle has provided and tested a setup and configuration script that takes advantage of the kubeadm cluster configuration utility. This setup script eases configuration and setup on Oracle Linux and provides additional support for backup and recovery. Installation and Update Oracle Container Services 1.1.9 for use with Kubernetes is free to download from the Oracle Linux yum server. Customers are encouraged to use the latest updates for Oracle Container Services for use with Kubernetes that are released on the Oracle Linux yum server and on Oracle's Unbreakable Linux Network. You can use the standard yum update command to perform an upgrade. For more information about how to install and configure Oracle Container Services for use with Kubernetes, please review the Oracle Container Services for use with Kubernetes User's Guide. Oracle does not support Kubernetes on systems where the ol7_preview, ol7_developer, or ol7_developer_EPEL yum repositories or ULN channels are enabled, or where software from these repositories, or channels, is currently installed on the systems where Kubernetes runs. Support This release of Oracle Container Services for use with Kubernetes is made available for Oracle Linux 7 and is designed to integrate with Oracle Container Runtime for Docker. Support is available to customers having an Oracle Linux Premier support subscription and is restricted to the combination of Oracle Container Services for Kubernetes and Oracle Container Runtime for Docker on Oracle Linux 7. Refer to Oracle Linux 7 License Information User Manual for information about Oracle Linux support levels.   Kubernetes® is a registered trademark of The Linux Foundation in the United States and other countries, and is used pursuant to a license from The Linux Foundation. Resources – Oracle Linux Documentation Oracle Linux Software Download Oracle Linux Oracle Container Registry Blogs Oracle Linux Blog Oracle Ksplice Blog Oracle Linux Kernel Development Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - http://oracle.com/education/linux For community-based support, please visit the Oracle Linux space on the Oracle Technology Network Community.

Oracle is pleased to announce the first supported release of Oracle Container Services for use with Kubernetes®. Release Information Oracle Container Services 1.1.9 for use with Kubernetes is based on...

Announcements

Announcing Oracle Linux 7 Update 5 Developer Preview

Oracle is pleased to announce the availability of the developer preview for Oracle Linux 7 Update 5 as part of our ongoing goal of making Oracle Linux the distribution for development. The Oracle Linux 7 Update 5 Developer Preview includes the following kernel packages: kernel-uek-4.1.12-112.14.15.el7uek The Unbreakable Enterprise Kernel Release 4 Update 6, which is the default kernel. kernel-3.10.0-830.el7 The latest Red Hat Compatible Kernel (RHCK). To get started with Oracle Linux 7 Update 5 Developer Preview, you can simply perform a fresh installation by using the ISO images available for download from Oracle Technology Network. Or, you can perform an upgrade from an existing Oracle Linux 7 installation by using the developer preview channels for Oracle Linux 7 Update 5 on the Oracle Linux yum server or the Unbreakable Linux Network (ULN). # vi /etc/yum.repos.d/public-yum-ol7.repo [ol7_u5_developer] name=Oracle Linux $releasever Update 5 installation media copy ($basearch) baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/5/developer/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 [ol7_u5_developer_optional] name=Oracle Linux $releasever Update 5 optional packages ($basearch) baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/optional/developer/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 Modify the yum channel setting and enable the Oracle Linux 7 Update 5 Developer Preview channels. Then you perform the upgrade. # yum update After the upgrade is completed, reboot the system and you will have Oracle Linux 7 Update 5 Developer Preview running. # cat /etc/oracle-release Oracle Linux Server release 7.5 # uname -a Linux honsu-ol7-vm1 4.1.12-112.14.15.el7uek.x86_64 #2 SMP Thu Feb 8 09:58:19 PST 2018 x86_64 x86_64 x86_64 GNU/Linux This release is provided for development and test purposes only and is not covered by Oracle Linux support. Oracle does not recommended using preview releases in production. If you have any questions, please visit the Oracle Linux and UEK Preview space on the Oracle Linux Community.

Oracle is pleased to announce the availability of the developer preview for Oracle Linux 7 Update 5 as part of our ongoing goal of making Oracle Linux the distribution for development. The Oracle Linux...

Technologies

Learn How to Accelerate the Journey to Private Cloud with OpenStack

OpenStack is the solution chosen by many companies for private cloud infrastructure in their enterprise. With a variety of services bringing multiple features and support for 3rd party hardware and software, Oracle OpenStack is the natural choice for controlling heterogeneous workloads across the datacenter. Develop your understanding of OpenStack services by taking the Oracle OpenStack: Administration Essentials course. This course helps you: Describe the Oracle OpenStack services Review the features of Oracle OpenStack Identify primary areas of Horizon Dashboard Configure docker-ostk client utility Create Glance images Create and manage Nova compute instances Create and manage Neutron networks Create and manage Murano environments Create, import, and manage Murano packages Identify default Ceilometer meters and metering statistics Create and manage Ceilometer alarms Identify the steps to create, manage, and link routers Create and manage Cinder volumes Identify the steps to attach and detach Cinder volumes Upload and download Swift objects Create and manage Heat stacks You can take this course as a: Live Virtual Event: Attend a live instructor-led event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Events on the schedule include 23 April 2018. In-Class Event: You can travel to an education center to take this course. If you are new to OpenStack, you could consider taking the Oracle OpenStack for Oracle Linux: Getting Started course. Resources: Learn more about the Oracle Linux curriculum Oracle OpenStack Documentation Oracle OpenStack Product Pages Download Oracle OpenStack

OpenStack is the solution chosen by many companies for private cloud infrastructure in their enterprise. With a variety of services bringing multiple features and support for 3rd party hardware and...

Linux

Learn to Accelerate your Journey to Private Cloud with OpenStack

OpenStack is the solution chosen by many companies for private cloud infrastructure in their enterprise. With a variety of services bringing multiple features and support for 3rd party hardware and software, Oracle OpenStack is the natural choice for controlling heterogeneous workloads across the datacenter. Develop your understanding of OpenStack services by taking the Oracle OpenStack: Administration Essentials course. This course helps you: Describe the Oracle OpenStack services Review the features of Oracle OpenStack Identify primary areas of Horizon Dashboard Configure docker-ostk client utility Create Glance images Create and manage Nova compute instances Create and manage Neutron networks Create and manage Murano environments Create, import, and manage Murano packages Identify default Ceilometer meters and metering statistics Create and manage Ceilometer alarms Identify the steps to create, manage, and link routers Create and manage Cinder volumes Identify the steps to attach and detach Cinder volumes Upload and download Swift objects Create and manage Heat stacks You can take this course as a: Live Virtual Event: Attend a live instructor-led event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Events on the schedule include 23 April 2018. In-Class Event: You can travel to an education center to take this course. If you are new to OpenStack, you could consider taking the Oracle OpenStack for Oracle Linux: Getting Started course. Resources: Learn more about the Oracle Linux curriculum Oracle OpenStack Documentation Oracle OpenStack Product Pages Download Oracle OpenStack

OpenStack is the solution chosen by many companies for private cloud infrastructure in their enterprise. With a variety of services bringing multiple features and support for 3rd party hardware and...

Linux

How to Install Node.js 8 with node-oracledb and Connect it to the Database

A few weeks ago we added dedicated repositories for Node.js to the Oracle Linux yum server. These repos also include an RPM with the Oracle Database driver for Node.js, node-oracledb, so you can connect your Node.js application to the Oracle Database. In this post I describe the steps to install Node.js 8, node-oracledb and the Oracle Instant Client to connect Node.js to the Oracle Database. If you are in a rush or want to try this out in a non-destructive way, I recommend you use the latest Oracle Linux 7 Vagrant box . Download and Install Instant Client Download the Instant Client Package - Basic (oracle-instantclient12.2-basic) RPM and, optionally, the  Instant Client Package - SQL*Plus (oracle-instantclient12.2-sqlplus) RPM from the Instant Client Downloads for Linux x86-64 on OTN Install the instant client RPM using yum. Position yourself in the directory where you downloaded the RPM.  $ sudo yum -y install oracle-instantclient12.2-basic-12.2.0.1.0-1.x86_64.rpm If you want to be able to use SQL*Plus (which can be handy for some sanity checks), install the SQL*Plus RPM also: $ sudo yum -y install oracle-instantclient12.2-sqlplus-12.2.0.1.0-1.x86_64.rpm Add the Oracle Instant Client to the runtime link path. $ sudo sh -c "echo /usr/lib/oracle/12.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf" $ sudo ldconfig Grab the Latest Oracle Linux Yum Server Repo File If you are not using the latest Oracle Linux 7 Vagrant box, make sure you have the most recent Oracle Linux yum server repo file. As root: $ cd /etc/yum.repos.d $ mv public-yum-ol7.repo public-yum-ol7.repo.bak $ wget https://yum.oracle.com/public-yum-ol7.repo Enable Node.js 8 Repo, Install Node.js and node-oracledb $ sudo yum -y install yum-utils $ sudo yum-config-manager --enable ol7_developer_nodejs8 $ sudo yum -y install nodejs $ sudo yum -y install node-oracledb-12c-node8 I copied this file from the examples in the node-oracledb Github repo. Running this will tell us whether Node.js can connect to the database. Copy this code into a file called connect.js. The file below comes from the same GitHub repo. Copy the code into a file called dbconfig.js and edit it to include your Database username, password and connect string. Run connect.js with node Before running connect.js, make sure NODE_PATH is set so that the node-oracledb module can be found. $ export NODE_PATH=`npm root -g` $ node connect.js Connection was successful!

A few weeks ago we added dedicated repositories for Node.js to the Oracle Linux yum server. These repos also include an RPM with the Oracle Database driver for Node.js, node-oracledb, so you can...

Linux Kernel Development

btrfs Development: Year in Review

This update on btrfs development comes from Liu Bo, an Oracle Linux Kernel developer and key upstream btrfs contributor. The btrfs community continues to thrive. In 2017, btrfs had key developers from Fujitsu, Facebook, Oracle and SuSE, as well as contributions from several NAS companies. The primary use cases for btrfs fall into two categories: single disk btrfs for '/' and '/home' and multiple disk btrfs for NAS-type workloads. Over the past year, stabilizing btrfs has been placed as the top priority, there are 117 commits with the start of "btrfs: fix ...", so basically we're fixing btrfs everywhere. Major Features for BTRFS:  Linux kernel v4.13: A new compression algorithm 'zstd' is introduced to btrfs, it is as fast as lzo and offers as good compression ratio as zlib. Benchmark details are available at btrfs: Add zstd support Linux kernel v4.14: Compression heuristic support is introduced to btrfs, it can apply a few heuristics to the data before they're compressed to decide if it's likely to gain any space savings. Linux kernel v4.15: A new mount option ref-verify and a new config CONFIG_BTRFS_FS_REF_VERIFY is added in order to offer debugging ability on internal delayed refs. Further in the future, we'll continue the work on hotspare, DAX support for persistent memory, raid56 journal (to plug write hole) and conversion to iomap infrastructure. All of them already have at least RFC patches, so we need to revise and improve them to address the concern and feedback on the mailing list. In addition to these features, we introduced bug fixes that will help applications and users:  ENOSPC: Some early 'no space' errors are still spotted in the field even after ticketed reservation mechanism is now adopted by btrfs, and a bunch of fixes have been made to improve that. Problems would only occur on nearly-full btrfs filesystems. This change also improves the overall performance while filesystem grows.  send: btrfs send is often used to provide incremental update support, it has been integrated into some NAS solutions and with their help, we found and fixed a few incorrect behaviors when sending 'rmdir' and some other bugs when cooperating with NO_HOLE feature and inline extents. backref walking (for Offline Deduplication): Offline deduplication can produce a large number of shared extents, which will cause slowness for tools using FIEMAP when checking whether the extent of interest is shared by multiple files (or even within the same file). With these changes, In-memory backrefs now get stored in rb-tree instead of list so that insertion merging is possbile and shared extent can be easily found and immediately returned while inserting backrefs. raid6 and scrub: We successfully identified a bug laid in raid6 reconstruction process which prevented btrfs from mounting. Fixes have been delivered in both upstream and stable kernel. Moreover, the community also found and fixed a bug in raid6 support of scrub, which can cause wrong parity in a certain data stripe. In addition to the above, there are also changes proposed to btrfs-progs which rewrites btrfs progs as a python lib (libbtrfsutil) and changes the license from GPL to LGPL. This license change will make it easier to have unit testing and better integration with third party tools.  This is a small sampling of the many good features in btrfs, and we will continue to improve btrfs's current features and functionality.

This update on btrfs development comes from Liu Bo, an Oracle Linux Kernel developer and key upstream btrfs contributor. The btrfs community continues to thrive. In 2017, btrfs had key developers from...

Linux

Upgrade to the UEK Release 5 Preview on Oracle Cloud Infrastructure

The Unbreakable Enterprise Kernel (UEK), included as part of Oracle Linux, provides the latest open source innovations, optimizations and security for enterprise cloud workloads. The UEK Release 4 Update 6, based on the upstream kernel 4.1, is the current UEK release that powers the production workloads on Oracle Linux 7 or 6 in the cloud or on-premises. Linux 4.14 is the latest Long-Term Stable (LTS) release of the kernel, and it is the mainline kernel that the UEK Release 5 tracks. You can experiment the UEK Release 5 preview today with Oracle Linux 7 on x86_64 and ARM64. The example below is using an Oracle Linux 7 x86_64 instance on Oracle Cloud Infrastructure. The kernel was upgraded to the UEK Release 5 preview within a few minutes. The same upgrade procedures apply to an Oracle Linux 7 x86_64 instance running on-premises. The Oracle Linux 7 instance runs the current UEK Release 4 Update 6 kernel. [root@honsu-ol74 opc]# uname -a Linux honsu-ol74 4.1.12-112.14.13.el7uek.x86_64 #2 SMP Thu Jan 18 11:38:29 PST 2018 x86_64 x86_64 x86_64 GNU/Linux Before performing the upgrade, modify the yum repository setting and enable the UEK Release 5 preview channel: [root@honsu-ol74 opc]# cd /etc/yum.repos.d [root@honsu-ol74 yum.repos.d]# vi public-yum-ol7.repo [ol7_developer_UEKR5] name=Oracle Linux $releasever UEK5 Development Packages ($basearch) baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_UEKR5/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 Next you run yum upgrade command to perform the upgrade. [root@honsu-ol74 yum.repos.d]# yum upgrade kernel-uek Loaded plugins: langpacks, ulninfo 11503/11503 Resolving Dependencies --> Running transaction check ---> Package kernel-uek.x86_64 0:4.14.14-11.el7uek will be installed --> Processing Dependency: linux-firmware >= 20180113-60.git65b1c68 for package: kernel-uek-4.14.14-11.el7uek.x86_64 --> Running transaction check ---> Package linux-firmware.noarch 0:20171128-57.git17e62881.0.2.el7 will be updated ---> Package linux-firmware.noarch 0:20180113-60.git65b1c68.el7 will be an update --> Finished Dependency Resolution Dependencies Resolved =========================================================================================================== Package Arch Version Repository Size =========================================================================================================== Installing: kernel-uek x86_64 4.14.14-11.el7uek ol7_developer_UEKR5 52 M Updating for dependencies: linux-firmware noarch 20180113-60.git65b1c68.el7 ol7_developer_UEKR5 56 M Transaction Summary =========================================================================================================== Install 1 Package Upgrade ( 1 Dependent package) Total download size: 107 M Is this ok [y/d/N]: y Downloading packages: (1/2): kernel-uek-4.14.14-11.el7uek.x86_64.rpm | 52 MB 00:00:41 (2/2): linux-firmware-20180113-60.git65b1c68.el7.noarch.rpm | 56 MB 00:00:44 ----------------------------------------------------------------------------------------------------------- Total 2.4 MB/s | 107 MB 00:00:44 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : linux-firmware-20180113-60.git65b1c68.el7.noarch 1/3 Installing : kernel-uek-4.14.14-11.el7uek.x86_64 2/3 Cleanup : linux-firmware-20171128-57.git17e62881.0.2.el7.noarch 3/3 bash nss-softokn i18n network ifcfg btrfs crypt dm dmraid kernel-modules lvm mdraid qemu qemu-net iscsi resume rootfs-block terminfo udev-rules virtfs biosdevname systemd usrmount -uptrack base fs-lib shutdown bash rescue nss-softokn i18n network ifcfg btrfs crypt dm dmraid kernel-modules lvm mdraid qemu qemu-net iscsi resume rootfs-block terminfo udev-rules virtfs biosdevname systemd usrmount -uptrack base fs-lib shutdown Verifying : kernel-uek-4.14.14-11.el7uek.x86_64 1/3 Verifying : linux-firmware-20180113-60.git65b1c68.el7.noarch 2/3 Verifying : linux-firmware-20171128-57.git17e62881.0.2.el7.noarch 3/3 Installed: kernel-uek.x86_64 0:4.14.14-11.el7uek Dependency Updated: linux-firmware.noarch 0:20180113-60.git65b1c68.el7 Complete! Now the kernel has been upgraded the UEK Release 5 preview. Reboot the Oracle Linux 7 instance to have the new kernel take effect. When the Oracle Linux 7 instance comes back, you now have the UEK Release 5 preview  running. [root@honsu-ol74 opc]# uname -a Linux honsu-ol74 4.14.14-11.el7uek.x86_64 #2 SMP Tue Feb 13 22:57:19 PST 2018 x86_64 x86_64 x86_64 GNU/Linux If you have any questions, post them to Oracle Linux Community.

The Unbreakable Enterprise Kernel (UEK), included as part of Oracle Linux, provides the latest open source innovations, optimizations and security for enterprise cloud workloads. The UEK Release 4...

LIVE DEMINAR ( Demo+Webinar): Ten Easy Steps to FIPS-2 Certification, Feb 28, 9am PT

  Webinar: How to meet FIPS 140-2 Compliance in Ten Easy Steps Wednesday, February 28, 2018 at 09:00 AM PT Register Now   The Federal Information Processing Standard (FIPS) 140-2, is a U.S. government computer security standard used to approve cryptographic modules.  FIPS 140-2 covers the design, development, and implementation of cryptographic modules, and underlying algorithms, in hardware or software. Conformance with the standard provides assurance to government and industry purchasers that products are correctly implementing cryptographic functions as the FIPS 140-2 standard specifies. Oracle Linux cryptographic modules enable FIPS 140-2 compliant operations for key use cases such as : data protection and integrity remote administration Cryptographic key generation Key/certificate management In this Deminar (Webinar+Demo) you will see a demo of a FIPS 140-2 certification process in ten easy steps. Join us and hear from Scott Lynn, Product Management Director at Oracle as he walks you through the process plus participate in live Q&A. How to meet FIPS 140-2 Compliance in Ten Easy Steps February 28, 2018  09:00 AM PT Register Now Stay Connected   Terms of Use and Privacy | Subscriptions | Unsubscribe | Contact Us Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

  Webinar: How to meet FIPS 140-2 Compliance in Ten Easy Steps Wednesday, February 28, 2018 at 09:00 AM PT Register Now   The Federal Information Processing Standard (FIPS) 140-2, is a U.S. government...

Linux Kernel Development

Oracle's new Kernel Test Framework for Linux

Kernel developers Knut Omang and Alan Maguire collaborate on the new project KTF. Available on github, KTF is an extensible framework for doing better testing and validation for Linux developers. As Knut likes to remind us, test-driven-development can work even for writing new device drivers -- because he did just that on his previous project! Kernel Test Framework (KTF) is a unit test framework we have developed to make it easier to test internal and external programming interfaces of the kernel. Unit testing and test driven development (TDD) is a recognized and much used development methodology for user space projects. Elements of the kernel are currently tested via user land unit test libraries or with standard applications and script logic and more ad-hoc test frameworks from user land. User land testing is limited in that it can only directly exercise the interfaces and code paths that can be made reachable from user space code. This limits potential coverage - error paths and other paths that are not easy to trigger from user space code cannot be easily tested. The tests that can be made is also often too high level, in that they execute a lot of functionality. Debugging intricate kernel issues can be immensely complicated. Having a way to make targeted tests that only exercises a small piece of code deep within the kernel can aid in narrowing down such issues. KTF allows tests to be written, in separate kernel modules, to test for instance internal, non-exported interfaces of kernel modules or other kernel components. User land tests with broad coverage can be good for verification of use cases but not as good as developer tools for analysing and debugging identified issues. Also an important use of unit tests is for developers themselves to be able to make executable assumptions about how existing or new code works. Coupled with a continuous integration system, where tests are added incrementally as they are created or issues are found, this form of test driven, or assertion driven development becomes powerful as it allows individual developers to put 'guards' around the assumptions they have made about the semantics of the interfaces they use. If a kernel change later breaks any of these assumptions, it will be detected by the tests, avoiding a possible regression in the dependent module. KTF is available on github, and we're keen to work with others who value TDD and want to bring it to the LInux kernel! It is encouraging to see continuous integration being adopted by kernel contributors like Intel. KTF was conceived with a clear realization that for unit testing and more generic, systematic testing to gain traction, it really needs to be simple and easy to use, and individual developers must feel that they gain something for their own by adding tests and by making them available for others or even facilitate automated test runs. With KTF we have tried to take these considerations into the design. With KTF we have tried to facilitate test-driven-development by making it Easy to run tests. Once the ktf module has been loaded, kernel test sets are added via dedicated modules.  Once loaded, all available tests can be run via the "ktfrun" command, a user level test program. This user program does not contain any test code by itself, instead it uses netlink to communicate with the kernel ktf module to query for available tests. It then uses the features of gtest, an established user land unit test framework, to select tests to run, and to generate nicely formatted reports of results. Test developers are encouraged to write zero-configuration tests, or at least tests that run with a sensible default configuration.  For example a network test could use loopback by default, if possible. Easy to debug/diagnose test failures. Tests are written using a set of assertion templates, i..e. what we expect to be true during a test. If an assertion fails the error is logged along with the line number/file in which it was triggered, helping to diagnose failures.  The gtest output emphasises pass/fail and shows the details of any failures. Results of the previous test run are always available via debugfs via        # cat /sys/kernel/debug/ktf/results/<testset> In the worst case if a test panics the kernel, postmortem debugging of crash dumps is possible. We'll describe how that is done later. Individual tests should be independent, i.e. test B should not rely on setup done in test A, that helps ensure a more reproducible environment where passes and fails are more consistent.  3. Easy to write tests.   Tests are defined like this:   TEST(examples, hello_ok) {           EXPECT_TRUE(true); }   The test case here is "examples", the test "hello_ok". Tests consist of a set of ASSERT_*() or EXPECT_*() statements combined with any setup/teardown needed to make the assertions.  EXPECT_*() differs from ASSERT_*() in that the latter is considered fatal to the test and execution of the test is terminated.   KTF also supports loop tests, where a test is added with a start and end index and the index is implicitly passed into the test for use.  See examples/h2.c for an example of loop test usage.   Finally, KTF also supports the concept of a fixture - a way of defining a set of tests with common setup/teardown. See examples/h3.c for a fixture example. 4. Easy to carry out analysis around testing, i.e. measure test coverage, memory utilization during testing.   It's always valuable to measure how extensively tests cover the codebase, and this is particularly true for cases where tests are being written for an existing codebase.  The Linux kernel has code coverage mechanismns via gcc, but these are gcc-version dependent and cannot be applied dynamically to an already-built kernel.  For KTF we therefore developed simple code coverage support. For now we have made KTF an independent out-of-tree module and made it easy to have multiple build trees from the same source tree towards different kernel versions, but we also recognize that having KTF in the kernel repository itself in the long run might make it easier to maintain it and to ensure a growing set of tests, and that these tests routinely get run. We do believe that one does not exclude the other and have ideas for how this can be arranged in practice, with minimal extra maintenance burden. Follow this blog for further development!

Kernel developers Knut Omang and Alan Maguire collaborate on the new project KTF. Available on github, KTF is an extensible framework for doing better testing and validation for Linux developers. As...

Announcements

Announcing Software Collections 3.0

We are pleased to announce the release of Software Collections 3.0 to the Unbreakable Linux Network and the Oracle Linux yum server. Software collections are primarily intended for development environments which require access to the latest features of software components such as Perl, PHP, or Python. For these environments, you need to minimize the disruption of system processes that rely on the versions of these components. The Software Collections library allows you to install and use several versions of the same software on a system, simultaneously, and without disruption. You use the software collection library utility (scl) to run the developer tools from the software collections that you have installed. The scl utility isolates the effects of running these tools from other versions of the same software utilities that you have installed. New Software Collections for Oracle Linux 7 The following collections have been added to the Software Collections for Oracle Linux 7: devtoolset-7 rh-maven35 rh-nginx112 rh-nodejs8 rh-php71 Oracle Linux 7 users can find more information in the Software Collection Library 3.0 for Oracle Linux 7 Release Notes in the Oracle Linux 7 documentation library. New Software Collections for Oracle Linux 6 The following collections have been added to the Software Collections on Oracle Linux 6: devtoolset-7 rh-python36 Oracle Linux 6 users can find more information in the Software Collection Library 3.0 for Oracle Linux 6 Release Notes in the Oracle Linux 6 documentation library. Support Support for Software Collections is provided at no extra cost to customers with an Oracle Linux Premier Support subscription. If you do not have paid support, you can get peer support via the Oracle Community forums at https://community.oracle.com.

We are pleased to announce the release of Software Collections 3.0 to the Unbreakable Linux Network and the Oracle Linux yum server. Software collections are primarily intended for...

Linux

Ksplice Providing Zero-Downtime Patching for Over 10 Years

Ksplice has been providing zero-downtime patching for over 10 years Over a million patches created for Linux kernels Includes critical areas of userspace: openSSL, glibc and QEMU See the Ksplice datasheet to start learning about Ksplice, You can continue your learning by taking the Oracle Linux system administration training where Ksplice is just one of the many key topics covered. You can take the Oracle Linux 7: System Administration course in the following format: Training-on-Demand: Start training straight away, following lecture delivery by an expert instructor, at your own pace, through streaming video and booking time to get hands-on experience when suits your schedule. Live-Virtual Event: Attend a live event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Events currently on the schedule include 5 and 19 March and 2 and 23 April 2018. In-Class Event: Travel to an education center to attend an event. In-class events on the schedule include: Location Date Delivery Language Sao Paulo, Brazil 19 February 2018 Brazilian Portuguese Sao Paulo, Brazil 9 April 2018 Brazilian Portuguese Montreal, Canada 19 March 2018 French Bogota, Columbia 5 March 2018 Spanish Frankfurt, Germany 5 March 2018 German Munich, Germany 5 March 2018 German Stuttgart, Germany 5 March 2018 German Rome, Italy 26 March 2018 Italian Seoul, Korea 23 April 2018 Korean Kuala Lumpur, Malaysia 12 March 2018 English Mexico City, Mexico 2 April 2018 Spanish Wellington, New Zealand 19 March 2018 English Manila, Philippines 21 May 2018 English Lisbon, Portugal 28 February 2018 European Portuguese Johannesburg, South Africa (x2) 5 March 2018 English Madrid, Spain (x2) 2 July 2018 Spanish Zurich, Switzerland 5 March 2018 German Bangkok, Thailand 5 March 2018 Thai Bangkok, Thailand 5 March 2018 English Ankara, Turkey 8 October 2018 Turkish Stamford, CT, United States 2 April 2018 English Those using earlier versions of Oracle Linux can take the Oracle Linux 5 & 6  System Administration course in the following formats: Training-on-Demand: Start training straightaway at your own pace. Live-Virtual Event: Attend a live event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. English language events currently on the schedule include 2 and 23 April 2018. A French language event is available 19 March 2018. In-Class Events on the schedule include: Location Date Delivery Language Munich, Germany 12 March 2018 German Cape Town, South Africa (x2) 14 May 2018 English Madrid, Spain 25 June 2018 Spanish Taking the Oracle Linux 5 & 6  System Administration course is one step in your preparation to pass the Oracle Certified Associate, Oracle Linux 5 & 6 System Administrator Exam. Resources: Register for an event or learn more about the Oracle Linux curriculum at http://oracle.com/education/linux Oracle Linux Product Documentation Oracle Linux Product Page Ksplice

Ksplice has been providing zero-downtime patching for over 10 years Over a million patches created for Linux kernels Includes critical areas of userspace: openSSL, glibc and QEMU See the Ksplice...

Oracle

Integrated Cloud Applications & Platform Services