X

News, tips, partners, and perspectives for the Oracle Linux operating system and upstream Linux kernel work

Recent Posts

Announcements

Big News at KubeCon + CloudNativeCon North America 2018: Oracle Cloud Native Framework and Oracle Linux

This post is contributed by Robert Shimp, Group Vice President of Product Management and Strategy, Oracle Linux and Virtualization.  For several years now we have seen the decomposition of applications into microservices running on container infrastructure with developers and operations collaborating using DevOps methodologies. This week at KubeCon, Oracle is introducing its Cloud Native Framework, a consistent, aligned, and unified collection of cloud services and on-premises software based on open, community-driven Cloud Native Computing Foundation (CNCF) projects.  This announcement fills out Oracle’s vision for addressing modern cloud application development and deployment and ushers in a new era for cloud developers and operations. We in the Oracle Linux team are particularly excited about this announcement.  We have included Open Container Initiative (OCI)-compliant container software and CNCF Certified Conformance orchestration software with Oracle Linux for several years.  Earlier this year at Oracle OpenWorld in San Francisco, we announced Oracle Linux Cloud Native Environment, our cloud native development and deployment software, which is being delivered as part of Oracle Linux.  We are planning to make available additional components in 2019. Components available in preview are made available via Oracle Linux yum server or Oracle Container Registry. Customer interest has been overwhelming.  I think it’s because of the value that we are offering.  We are delivering software that supports the open standards, specifications, and APIs defined by CNCF.  In addition, this is the first cloud native solution delivered and supported as both managed cloud services and on-premises software. It is the only solution that provides deployment models for public cloud (Oracle Cloud Infrastructure), hybrid cloud and on-premises users. We are the only cloud vendor that supports seamless, bi-directional portability of cloud native applications built anywhere on the Oracle Cloud Native Framework. Applications built on the Oracle Cloud Native Framework will not lock you in.  They are portable to any Kubernetes conformant environment – on any cloud or infrastructure. Oracle is a platinum member of CNCF as well as a platinum member of the Linux Foundation.  Oracle closely tracks the CNCF standards and contributes to the CNCF community. Support for the Oracle Linux Cloud Native Environment is included with an Oracle Linux Premier Support subscription at no additional cost. Getting Started Oracle Linux is freely available to everyone at Oracle Software Delivery Cloud. Updates can be obtained from Oracle Linux yum server.  Oracle VM VirtualBox is the most popular cross-platform virtualization software for development environments. You can download a copy of VirtualBox to run Oracle Linux and the cloud-native software on your desktop and easily deploy to the cloud.  Oracle is offering up to 3,500 free hours on Oracle Cloud to developers that would like to use our cloud for their development environment.

This post is contributed by Robert Shimp, Group Vice President of Product Management and Strategy, Oracle Linux and Virtualization.  For several years now we have seen the decomposition of applications...

Linux Kernel Development

Linux Scheduler Scalabilty like a boss!

Oracle Linux developer Subhra Mazumdar has been working on scalability improvements in the Linux scheduler. In this blog post, he talks about some of his latest work. At Oracle, we run big database workloads which are very susceptible to how the OS chooses to schedule threads. Spending too much time in the scheduler to select a CPU can translate to higher transaction latency (at a given throughput) or lower maximum achievable transaction throughput in TPC-C workloads. In this article, we're introducing our "Scheduler Scalability" project, which improves this latency and exposes knob to further allow us to tune such workloads. The Linux scheduler searches for idle CPUs upon which to enqueue a thread when it becomes runnable. It first searches to find a fully idle core using select_idle_core(). If that fails, the scheduler finds any idle CPU via select_idle_cpu(). Both of these routines can end up scanning the entire last level cache (LLC) domain which is expensive and can hurt context switch intensive workloads like TPC-C where threads wakeup and run for small amounts of time and go to sleep. This is a scalability bottleneck in big systems that have a large number of cores per LLC. For such workloads, it is desirable to have a constant bound on the search time while at the same time achieving a good spread of threads. These are two conflicting interests and the right balance needs to be struck. Some experimentation with constant upper and lower bounds on the number of CPUs searched in select_idle_cpu() reveals different bounds work best for different architectures. For example, a SMT2 Intel processor upper bound of 4 and lower bound of 2 works well while on a SPARC SMT8, an upper bound of 16 and lower bound of 8 works well. A quick guess reveals an upper bound of 2 cores and a lower bound of 1 core works on both architectures. This makes sense as cores are different scheduling domains and it usually is good idea to search beyond the current domain for idle cpus as the neighbouring domain may be differently loaded. This can happen since scheduler load balancing works on a domain basis. While putting constant bounds on the search will reduce search time, it can lead to localization of threads with uneven spreading. To solve this the scheduler can keep a per-CPU variable to track the boundary of search. If no idle CPUs are found in one instance, the search can begin from the boundary next time so that any other idle CPUs will be quickly found. Together these work well and improve the scalability of select_idle_cpu(). Next, we focus on select_idle_core() which searches for a fully idle core (i.e core that has all CPUs idle). Any CPU in that core is the best CPU to run since all the hardware resources can be used to run the thread as fast as possible. While it has a dynamic switch that turns off if no idle core is present, it is still a bottleneck since in practice we can have only a few cores fully idle and it will end up scanning the entire LLC domain. It can be challenging to come up with data structures to do it fast as this code path is very sensitive. Experiments showed touching too many cache lines during the search or using atomic operations ruins any margins. In practice we found just disabling idle core search improves Oracle Database TPC-C on Intel x86 systems while it regresses some other benchmarks like hackbench on SPARC systems. This is a common problem in the scheduler where one workload optimized on one architecture can hurt another on a different architecture or even the same architecture. Linux uses scheduler features to work around this. It can block execution of certain code paths unsuitable for the workload. This can be turned on or off on live systems via /sys/kernel/debug/sched_features. A new scheduler feature called SIS_CORE was introduced for this purpose to disable idle core search at run time. This can be used by the Oracle Database instances meant for OLTP. Results Following are the performance numbers with various benchmarks with SIS_CORE true (idle core search enabled). Hackbench process on 2 socket, 44 core and 88 threads Intel x86 machine (lower is better): groups baseline %stdev patch %stdev 1 0.5816 8.94 0.5903 (-1.5%) 11.28 2 0.6428 10.64 0.5843 (9.1%) 4.93 4 1.0152 1.99 0.9965 (1.84%) 1.83 8 1.8128 1.4 1.7921 (1.14%) 1.76 16 3.1666 0.8 3.1345 (1.01%) 0.81 32 5.6084 0.83 5.5677 (0.73%) 0.8 Uperf pingpong on 2 socket, 44 core and 88 threads Intel x86 machine with message size = 8k (higher is better): threads baseline %stdev patch %stdev 8 45.36 0.43 46.28 (2.01%) 0.29 16 87.81 0.82 89.67 (2.12%) 0.38 32 151.19 0.02 153.5 (1.53%) 0.41 48 190.2 0.21 194.79 (2.41%) 0.07 64 190.42 0.35 202.9 (6.55%) 1.66 128 323.86 0.28 343.56 (6.08%) 1.34 Oracle Database on 2 socket, 44 core and 88 threads Intel x86 machine (normalized, higher is better): users baseline %stdev patch %stdev 20 1 0.9 1.0068 (0.68%) 0.27 40 1 0.8 1.0103 (1.03%) 1.24 60 1 0.34 1.0178 (1.78%) 0.49 80 1 0.53 1.0092 (0.92%) 1.5 100 1 0.79 1.0090 (0.9%) 0.88 120 1 0.06 1.0048 (0.48%) 0.72 140 1 0.22 1.0116 (1.16%) 0.05 160 1 0.57 1.0264 (2.64%) 0.67 180 1 0.81 1.0194 (1.94%) 0.91 200 1 0.44 1.028 (2.8%) 3.09 220 1 1.74 1.0229 (2.29%) 0.21 Hackbench process on 2 socket, 16 core and 128 threads SPARC machine (lower is better): groups baseline %stdev patch %stdev 1 1.3085 6.65 1.2213 (6.66%) 10.32 2 1.4559 8.55 1.5048 (-3.36%) 4.72 4 2.6271 1.74 2.5532 (2.81%) 2.02 8 4.7089 3.01 4.5118 (4.19%) 2.74 16 8.7406 2.25 8.6801 (0.69%) 4.78 32 17.7835 1.01 16.759 (5.76%) 1.38 64 36.1901 0.65 34.6652 (4.21%) 1.24 128 72.6585 0.51 70.9762 (2.32%) 0.9 Following are the performance numbers with various benchmarks with SIS_CORE false (idle core search disabled). Hackbench process on 2 socket, 44 core and 88 threads Intel x86 machine (lower is better): groups baseline %stdev patch %stdev 1 0.5816 8.94 0.5835 (-0.33%) 8.21 2 0.6428 10.64 0.5752 (10.52%) 4.05 4 1.0152 1.99 0.9946 (2.03%) 2.56 8 1.8128 1.4 1.7619 (2.81%) 1.88 16 3.1666 0.8 3.1275 (1.23%) 0.42 32 5.6084 0.83 5.5856 (0.41%) 0.89 Uperf pingpong on 2 socket, 44 core and 88 threads Intel x86 machine with message size = 8k (higher is better): threads baseline %stdev patch %stdev 8 45.36 0.43 46.94 (3.48%) 0.2 16 87.81 0.82 91.75 (4.49%) 0.43 32 151.19 0.02 167.74 (10.95%) 1.29 48 190.2 0.21 200.57 (5.45%) 0.89 64 190.42 0.35 226.74 (19.07%) 1.79 128 323.86 0.28 348.12 (7.49%) 0.77 Oracle Database on 2 socket, 44 core and 88 threads Intel x86 machine (normalized, higher is better): users baseline %stdev patch %stdev 20 1 0.9 1.0056 (0.56%) 0.34 40 1 0.8 1.0173 (1.73%) 0.13 60 1 0.34 0.9995 (-0.05%) 0.85 80 1 0.53 1.0175 (1.75%) 1.56 100 1 0.79 1.0151 (1.51%) 1.31 120 1 0.06 1.0244 (2.44%) 0.5 140 1 0.22 1.034 (3.4%) 0.66 160 1 0.57 1.0362 (3.62%) 0.07 180 1 0.81 1.041 (4.1%) 0.8 200 1 0.44 1.0233 (2.33%) 1.4 220 1 1.74 1.0125 (1.25%) 1.41 Hackbench process on 2 socket, 16 core and 128 threads SPARC machine (lower is better): groups baseline %stdev patch %stdev 1 1.3085 6.65 1.2514 (4.36%) 11.1 2 1.4559 8.55 1.5433 (-6%) 3.05 4 2.6271 1.74 2.5626 (2.5%) 2.69 8 4.7089 3.01 4.5316 (3.77%) 2.95 16 8.7406 2.25 8.6585 (0.94%) 2.91 32 17.7835 1.01 17.175 (3.42%) 1.38 64 36.1901 0.65 35.5294 (1.83%) 1.02 128 72.6585 0.51 71.8821 (1.07%) 1.05

Oracle Linux developer Subhra Mazumdar has been working on scalability improvements in the Linux scheduler. In this blog post, he talks about some of his latest work. At Oracle, we run big database...

Linux

Encrypting NFS data on the Wire

Oracle Linux developer Chuck Lever has been collaborating on an internet draft standard to bring transparent, end-to-end encryption for NFS (actually, all RPC-based protocols) in this new internet draft. As more Linux workloads traverse shared network infrastructure, we have seen an uptick in requests for encryption for network traffic. While there are many ways to do point-to-point traffic encryption, leading members of the Linux NFS community have proposed a different, and simpler, strategy for achieving over-the-wire encryption of NFS traffic. Linux NFS maintainer Trond Myklebust and Oracle Linux developer Chuck Lever propose NFS-over-TLS, a transparent, easy to configure end-to-end encryption standard for RPC-based protocols like NFS. This solution relies on self-signed certificates to set up standard encryption for nfs over-the-wire traffic without the heavy overhead of Kerberos or Active Directory. There are many ways to encrypt NFS traffic over the wire, including IPSEC and Kerberos, but in their current incarnations, each have significant drawbacks that keep most users from using them. Much like HTTPS, this proposal to enable RPC-over-TLS makes encryption the "easy" option, opting for self-signed certificates. Although this standard is put forward as the simplest, easiest-to-use solution, this solution also provides unique benefits in cases where the alternative encryption solutions may not have good answers -- for example, with per-flow encryption as opposed to per-connection (ipsec) encryption, or if the customer's user authentication domain is separate from the host's identity management (as is often the case in cloud environments!) There are plenty of deployment cases where the client and server trust each other already, and all that is needed is protection of the NFS traffic as it flows over an untrusted network. Most NFS works this way already: a tenant trusts the IP addresses provided by the DNS service, but does not trust the other tenants not to spy on the traffic. This solution takes a hint from the https solution for encrypting web traffic: focusing on the encryption separately from authorization/authentication. While this solution would not be as full-featured as the user authentication solutions, this is a solution which would be useable with minimal configuration required by an administrator. And this standard would be rolled out with that in mind: defaulting to a "use-if-available" model, meaning that if both ends support it and there is sufficient certificate trust available, NFS traffic would be encrypted. Someday this could mean that all NFS traffic would be transparently encrypted as this capability rolls out to NFS clients and servers. This is still a draft standard, so don't expect this on your Oracle Linux servers very soon, but it's already starting to get talked about in the industry press

Oracle Linux developer Chuck Lever has been collaborating on an internet draft standard to bring transparent, end-to-end encryption for NFS (actually, all RPC-based protocols) in this new internet draf...

Linux

5 things you may not know about Ksplice

Ksplice is a cool technology and I wanted to share a few things that you might not know about it along with a few tips on how to get started if you aren't already using it. 1. New patching advances As the security landscape evolves, so does Ksplice to keep up with more and more complex patches.  These new changes and techniques allow Ksplice to safely patch even more of the kernel entry assembly code, even on heavily loaded systems.  To date, Ksplice is the only technology that has been able to live patch the CVE-2018-3639 (Spectre v4) and CVE-2018-3620+CVE-2018-3646 (L1 terminal fault), the latter comprising of thousands of lines of changes across the kernel. The Linux kernel continues to advance over time gaining new features and optimizations to scale to all kinds of workloads. Oracle Ksplice continues to advance in kind. The Ksplice team is actively developing Ksplice, making sure that we can give the best patching experience with every supported kernel in all configurations.  This includes safe integration with DTrace probes in Oracle UEKR4 and UEKR5, full support for Meltdown mitigations including both KAISER and KPTI with no reduction in patch coverage, and support for linker optimization in modern Fedora toolchains. We have optimized some of the Ksplice core to minimize the period that the system is paused during the safety checks to ensure that we can scale to larger SMP systems with no visibility to the running workload. These enhancements allow us to make sure that we are patching all of the issues that you care about on a running system.  With recent developments in speculative side channel attacks, we have seen an increase in number and complexity of patches to some of the lowest levels of the kernel that have resulted in some new patching techniques for Ksplice. 2. A dizzying number of supported kernels Ksplice supports a wide range of kernels, from Oracle Linux 5 2.6.18 (32-bit, 32-bit PAE, 64-bit and Xen paravirt) to the latest Fedora 28 4.17 64-bit kernels.  At any one time, Ksplice supports around 5,000 binary kernels.  In the extreme case of a wide-reaching vulnerability affecting all kernels, Ksplice releases updates for all of those in short order.  Today, Ksplice supports kernels almost 8 years old with the oldest kernels having over 700 unique fixes applied through Ksplice - that's a lot of reboots saved. When Ksplice updates are created, we take fixes from the most recently released kernel in a series and then iteratively apply those fixes to all older kernels in that series as far as they are applicable.  In some of the older series this means a lot of versions - at the time of writing, Oracle UEKR2 has 118 distinct source releases with each requiring new patches backporting.  Ksplice will take each of the new fixes that are applicable to already running systems and iteratively backport to all of those older releases where appropriate. You can check if your kernel is supported by Ksplice with our inspector which will helpfully show you a list of fixes that have been applied with Ksplice and you could fix today without any downtime. 3. User-space + Xen Since Oracle acquired Ksplice in 2011, we have continued to invest heavily in the technology and added several noteworthy new features that other Linux distributions have no competitive offering for.  In 2015, Oracle introduced Ksplice patching for user-space on Oracle Linux 6 and 7 for key components - glibc and OpenSSL.  glibc is fundamental to almost all Linux applications, providing the core functions for memory management, networking, threading and many other essentials.  OpenSSL is the Oracle Linux library used for SSL/TLS and many other common cryptographic functions seeing use in many security sensitive applications such as web servers, SSH, postfix, NTP and many other network clients and servers. When a vulnerability is found in one of these core libraries, a new RPM is created and can be installed on systems with newly executed processes using the patched version.  However, already running applications will continue to use the vulnerable code and it can be extremely hard to even determine what applications are still using the old libraries and then schedule those to be restarted without any customer visible downtime.  Patching these vulnerabilities with Ksplice means no application downtime or reboots with all of the same deployment options that you are used to with Ksplice kernel updates.  Ksplice has patched some critical, high profile vulnerabilities since we started supporting these libraries including CVE-2015-7547, a remote code execution bug in the glibc DNS resolver and CVE-2016-0800 (DROWN), a cipher downgrade in OpenSSL. With OVM 3.4.5, Ksplice can now patch the Xen hypervisor and user-space components such as xenstored, libxenctrl and qemu.  This means you can have a full live patchable virtualization stack, from the hypervisor, through the Dom0 kernel+user-space and the guests themselves, something that no other Linux vendor can offer. 4. OCI Ksplice is just as important in a cloud environment as an on-premise environment and we've made it incredibly easy to get started with in Oracle Cloud Infrastructure IaaS.  OCI Oracle Linux images come with an Oracle Linux Premier Support entitlement and have Ksplice pre-installed with no registration required.  Simply create an instance and you're one "uptrack-upgrade" away from having the latest security patches applied to your kernel with zero downtime.  For legacy or custom images, Ksplice can be installed with a simple script, again without registration. Simply run the following commands in your instance: # wget -N https://ksplice.oracle.com/uptrack/install-uptrack-oc # sh install-uptrack-oc --autoinstall and the system will start automatically installing Ksplice kernel updates without any further interaction and no downtime. Ksplice isn't just available inside OCI tenancies though. Ksplice powers it.  The same technology you use inside your instances is also used to proactively patch OCI without any disruptive downtime, keeping everything running securely and stably. 5. Safety One of the key principles behind Ksplice is that security and safety come first.  This means delivering the right patches quickly and applying them to the running system without any visible side-effects. Doing so means that we need to handle a variety of edge cases and unexpected setups. Ksplice is the only live patching system that fully covers these cases.  We'll look at a couple of these here, but as always, the devil is in the detail and there are a lot of details in live patching! Firstly, Ksplice performs integrity checks - we want to make sure that the code your are running on your system matches what we expect so that a patch doesn't get applied to incorrect code and either make things worse or fail to close the vulnerability.  A mismatch sounds unlikely, but there are a number of things that could cause it to happen: You could be running modules from a different kernel or compatible module provided by a hardware vendor. You could have another application that has modified the running code such as antivirus or intrusion detection, or even a root kit or virus Ksplice handles these conditions automatically, checking every byte of the compilation units that we want to patch making sure that they match exactly.  If a mismatch is found then we'll safely abort patching, explaining why. Secondly, we make sure that we're not replacing anything that is in use.  We employ conservative checks here doing full stack walks. Ksplice makes sure that not only is a function to be patched not currently being called, but additionally no local function pointers or data pointers that could call the wrong version of code are present.  Simple frame pointer based stack walks do cover these cases. Simple walks might work most of the time, but failure to make thorough safety checks could result in a crash or even worse, a new security vulnerability. Lastly, Ksplice isn't just in-memory patching.  The Linux kernel can be changed at runtime by loading new modules either on explicit request by the user or automatically when doing things like mounting filesystems, opening a network socket, hot plugging hardware, or using a new cryptographic algorithm.  Ksplice handles these unloaded modules gracefully, providing on-disk patched modules and arranging for the patched to be loaded rather than the old vulnerable versions.  Without this, it would be possible to load vulnerable module code and leaving a system unstable or open to exploitation. Conclusions Ksplice offers unparalleled functionality and safety, allowing system administrators to take control of patching in all deployments from on-premise to OCI.  By leveraging Ksplice in your environment you can avoid unplanned reboots, and rapidly patch against the latest vulnerabilities with minimal configuration and maintenance.  If you aren't already using Ksplice, why not give it a go?  Oracle Linux instances in OCI come preconfigured with Ksplice, and for all other uses, please visit the Ksplice website to learn how to get started in a few minutes.

Ksplice is a cool technology and I wanted to share a few things that you might not know about it along with a few tips on how to get started if you aren't already using it. 1. New patching advances As...

Linux Kernel Development

Making kernel tasks faster with ktask, an update

Making kernel tasks faster with ktask, an update Kernel developer Daniel Jordan got a nice writeup on lwn.net for his work on ktask. Daniel wrote a blog post about ktask when the first version of this work was submitted to the Linux kernel community. Since then, the code has evolved to cover many additional dimensions in order to help it integrate with other systems. LWN.net subscribers can learn more in this recent writeup on the evolution of ktask. Ktask is a generic framework for kernel task parallelization: any task which is currently single-threaded in the kernel can be broken up into workable chunks and handed off to the ktask helper, which will make clever scheduling and CPU participation decisions to ensure that the task finishes quickly. This change is not automatic; ktask introduces a coding construct which must be used by developers who wish to take advantage of this parallelized functionality. Memory initialization (page zeroing) will be helped considerably by the parallelization of ktask. Initializing memory is a critical task done by the OS to keep data secure, and can be a significant factor in the startup time for database applications and for virtual machines. ktask allows those tasks to be spread out across all the cores on a system and allow it to scale across the CPUs on the system. As the patches have been reviewed and revised, more use cases have bubbled up and we're excited to see more opportunities to make this generic framework useful for the kernel, including parallelizing kernel operations in the infiniband driver, to improve vfio performance, and more! ktask: parallelize CPU-intensive kernel work ktask is a generic framework for parallelizing CPU-intensive work in the kernel. The intended use is for big machines that can use their CPU power to speed up large tasks that can't otherwise be multithreaded in userland. The API is generic enough to add concurrency to many different kinds of tasks--for example, page clearing over an address range or freeing a list of pages--and aims to save its clients the trouble of splitting up the work, choosing the number of helper threads to use, maintaining an efficient concurrency level, starting these threads, and load balancing the work between them. Some Results Machine: Intel(R) Xeon(R) CPU E7-8895 v3 @ 2.60GHz, 288 CPUs, 1T memory Test: Clear a range of gigantic pages (triggered via fallocate) nthread speedup size (GiB) min time (s) stdev 1 100 41.13 0.03 2 2.03x 100 20.26 0.14 4 4.28x 100 9.62 0.09 8 8.39x 100 4.90 0.05 16 10.44x 100 3.94 0.03 1 200 89.68 0.35 2 2.21x 200 40.64 0.18 4 4.64x 200 19.33 0.32 8 8.99x 200 9.98 0.04 16 11.27x 200 7.96 0.04 1 400 188.20 1.57 2 2.30x 400 81.84 0.09 4 4.63x 400 40.62 0.26 8 8.92x 400 21.09 0.50 16 11.78x 400 15.97 0.25 1 800 434.91 1.81 2 2.54x 800 170.97 1.46 4 4.98x 800 87.38 1.91 8 10.15x 800 42.86 2.59 16 12.99x 800 33.48 0.83 This data shows the speedup for zeroing large amounts of memory, and the advantages as the tasks are spread across available cores. Raw data for these results. We look forward to seeing ktask as part of upstream Linux!

Making kernel tasks faster with ktask, an update Kernel developer Daniel Jordan got a nice writeup on lwn.net for his work on ktask. Daniel wrote a blog post about ktask when the first version of this...

Announcements

Announcing the release of Oracle Linux 7 Update 6

Oracle is pleased to announce the general availability of Oracle Linux 7 Update 6 for the x86_64 and Arm architectures. You can find the individual RPM packages on both th Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images will soon be available for download from the Oracle Software Delivery Cloud and Docker images will soon be available via Oracle Container Registry and Docker Hub. Oracle Linux 7 Update 6 ships with the following kernel packages: Unbreakable Enterprise Kernel (UEK) Release 5 (4.14.35-1818.3.3) for x86-64 and Arm Red Hat Compatible Kernel (3.10.0-957) for x86-64 only Application Compatibility Oracle Linux maintains user space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that underlies the operating system. Existing applications in user space will continue to run unmodified on Oracle Linux 7 Update 6 with UEK Release 5 and no re-certifications are needed for applications already certified with Red Hat Enterprise Linux 7 or Oracle Linux 7. Notable new features in this release Pacemaker now supports path, mount, and timer systemd unit files. Although previous releases of Pacemaker supported service and socket systemd unit files, alternative units would fail. Pacemaker can now manage path, mount and timer systemd units. Package installation and upgrade using rpm can be tracked using audit events. The RPM package manager has been updated to provide audit events so that software package installation and updates can be tracked using the Linux Audit system. Software installation and upgrades using yum are also tracked. Features specific to the x86_64 architecture Clevis support for TPM 2.0. The Clevis automated encryption framework that can automatically encrypt or decrypt data, or unlock LUKS volumes, has been updated to support the encryption of keys in a Trusted Platform Module 2.0 (TPM2) chip. Note that this feature is only available for x86_64 systems. Features now available as a technology preview on the x86_64 architecture Block and object storage layouts for parallel NFS (pNFS) DAX (Direct Access) for direct persistent memory mapping from an application. This is under technical preview for the ext4 and XFS file systems Multi-queue I/O scheduling for SCSI (scsi-mq). Please note that this functionality is disabled by default Features specific to the Arm architecture DTrace has been enabled for Arm platforms and ports of the DTrace code are available in the Unbreakable Enterprise Kernel Release 5 channel on the Oracle Linux yum server. The DTrace user space code in the dtrace-utils package has been ported to run on 64-bit Arm platforms to fully enable DTrace for Oracle Linux 7 Update 6 (aarch64). For more details on these and other new features and changes, please consult the Oracle Linux 7 Update 6 Release Notes and the Oracle Linux 7 Update 6 (aarch64) Release Notes in the Oracle Linux Documentation Library. Btrfs continues to be fully supported in Oracle Linux 7 Update 6 with UEK R5. Btrfs support is deprecated in the Red Hat Compatible Kernel. Oracle Linux Support Options Oracle Linux can be downloaded, used, and distributed free of charge and all updates and errata are freely available. Customers decide which of their systems require a support subscription. This makes Oracle Linux an ideal choice for development, testing, and production systems. The customer decides which support coverage is best for each individual system while keeping all systems up-to-date and secure. Customers with Oracle Linux Premier Support also receive support for additional Linux programs, including Ceph Storage, Oracle Linux software collections, Oracle OpenStack and zero-downtime kernel updates using Oracle Ksplice. For more information about Oracle Linux, please visit www.oracle.com/linux.

Oracle is pleased to announce the general availability of Oracle Linux 7 Update 6 for the x86_64 and Arm architectures. You can find the individual RPM packages on both th Unbreakable Linux Network...

Technologies

Installing cx_Oracle and Oracle Instant Client via Oracle Linux Yum Server

Note: this post was updated on 6 November, 2018 to include simplified installation of Oracle Instant Client via Oracle Linux yum server. cx_Oracle enables access to Oracle Database from Python and conforms with the Python database API specification. The module works with Oracle Database 11g and 12c and both Python 2.x and 3.x. We have just released the first RPM builds of cx_Oracle on the Oracle Linux yum server, including the latest cx_Oracle 7.0.  You can find them in  the Oracle Linux 7 (x86_64) Development  (ol7_developer) and Oracle Linux 6 (x86_64) Development (ol6_developer) This post covers the steps to install and set up cx_Oracle 7.0 with the default Python 2.7.5 on Oracle Linux 7.  I used our latest Oracle Linux 7 Vagrant box    1. Confirm Yum Configuration First, make sure you have the most recent Oracle Linux yum server repo file by grabbing it from the source: $ sudo mv /etc/yum.repos.d/public-yum-ol7.repo /etc/yum.repos.d/public-yum-ol7.repo.bak $ sudo wget -O /etc/yum.repos.d/public-yum-ol7.repo http://yum.oracle.com/public-yum-ol7.repo 2. Enable ol7_developer and ol7_oracle_instantclient Repositories $ sudo yum -y install yum-utils $ sudo yum-config-manager --enable ol7_developer ol7_oracle_instantclient 3. Install cx_Oracle RPM Note that case matters here. The RPM is called python-cx_Oracle sudo yum -y install python-cx_Oracle ... Running transaction Installing : oracle-instantclient18.3-basic-18.3.0.0.0-2.x86_64 1/2 Installing : python-cx_Oracle-7.0-1.0.1.el7.x86_64 2/2 Verifying : python-cx_Oracle-7.0-1.0.1.el7.x86_64 1/2 Verifying : oracle-instantclient18.3-basic-18.3.0.0.0-2.x86_64 2/2 Installed: python-cx_Oracle.x86_64 0:7.0-1.0.1.el7 Dependency Installed: oracle-instantclient18.3-basic.x86_64 0:18.3.0.0.0-2 Complete! 4. Add the Oracle Instant Client to the Runtime Link Path cx_Oracle depends on Oracle Instant Client. During OpenWorld 2018 we released Oracle Instant Client 18.3 RPMs on Oracle Linux yum server in the ol7_oracle_instantclient and ol6_oracle_instantclient repositories, making installation a breeze. Assuming you have enabled the repository for Oracle Instant Client appropriate for your Oracle Linux release, it is installed as a dependency. Older releases of Oracle Instant Client are available on OTN.   Oracle Instant Client was installed as a dependency of cx_Oracle in the previous step. Before you can make use of Oracle Instant Client, set the runtime link path so that cx_Oracle can find the libraries it needs to connect to Oracle Database. $ sudo sh -c "echo /usr/lib/oracle/18.3/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf" $ sudo ldconfig 5. Test connection to Oracle Database $ python Python 2.7.5 (default, Nov 1 2018, 03:12:47) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36.0.1)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import cx_Oracle >>> db = cx_Oracle.connect("scott/tiger@10.0.1.127/orclpdb1") >>> db.version '12.2.0.1.0' >>> These cx_Oracle RPMs offer Python-on-Oracle developers a quick and straightforward way to get started. Give it a try and let us know what you think in the comments or in the Python and Oracle Developer Community Read on... In this next post I go into more detail about what the different cx_Oracle RPMs are for and I show how to install our cx_Oracle RPM on Oracle Linux 6 to connect Python 3.5 to Oracle Database. See this page information about Python on Oracle Linux

Note: this post was updated on 6 November, 2018 to include simplified installation of Oracle Instant Client via Oracle Linux yum server. cx_Oracle enables access to Oracle Database from Python...

Linux

How to Install Node.js 10 with node-oracledb and Connect it to Oracle Database

A few months ago we added dedicated repositories for Node.js to the Oracle Linux yum server. These repos also include an RPM with the Oracle Database driver for Node.js, node-oracledb, so you can connect your Node.js application to the Oracle Database. In this post I describe the steps to install Node.js 10 and node-oracledb Node.js to Oracle Database. If you are in a rush or want to try this out in a non-destructive way, I recommend you use the latest Oracle Linux 7 Vagrant box . Grab the Latest Oracle Linux Yum Server Repo File First, make sure you have the most recent Oracle Linux yum server repo file by grabbing it from the source: $ sudo mv /etc/yum.repos.d/public-yum-ol7.repo /etc/yum.repos.d/public-yum-ol7.repo.bak $ sudo wget -O /etc/yum.repos.d/public-yum-ol7.repo http://yum.oracle.com/public-yum-ol7.repo Enable Node.js 10 Repo, Install Node.js and node-oracledb $ sudo yum -y install yum-utils $ sudo yum-config-manager --enable ol7_developer_nodejs10 ol7_oracle_instantclient $ sudo yum -y install nodejs node-oracledb-node10 Connecting to Oracle Database For my testing I used Oracle Database 18c Express Edition (XE). You can download it here. Quick Start instructions are here. About Oracle Instant Client node-oracledb depends on Oracle Instant Client. During OpenWorld 2018 we released Oracle Instant Client 18.3 RPMs on Oracle Linux yum server in the ol7_oracle_instantclient and ol6_oracle_instantclient repositories, making installation a breeze. Assuming you have enabled the repository for Oracle Instant Client appropriate for your Oracle Linux release, it will be installed as a dependency. As of release 3.0, node-oracledb is built with Oracle Client 18.3, which connects to Oracle Database 11.2 and greater. Older releases of Oracle Instant Client are available on OTN. Add the Oracle Instant Client to the runtime link path. $ sudo sh -c "echo /usr/lib/oracle/18.3/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf" $ sudo ldconfig A Quick Node.js Test Program Connecting to Oracle Database I copied this file from the examples in the node-oracledb Github repo. Running this will tell us whether Node.js can connect to the database. Copy this code into a file called connect.js. The file below comes from the same GitHub repo. Copy the code into a file called dbconfig.js and edit it to include your Database username, password and connect string. Run connect.js with node Before running connect.js, make sure NODE_PATH is set so that the node-oracledb module can be found. $ export NODE_PATH=`npm root -g` $ node connect.js Connection was successful!

A few months ago we added dedicated repositories for Node.js to the Oracle Linux yum server. These repos also include an RPM with the Oracle Database driver for Node.js, node-oracledb, so you can...

Events

How to spend your last day at Oracle OpenWorld 2018

It’s the last day of Oracle OpenWorld 2018 and it has a lot to offer You’ll find plenty of useful information in these sessions and HOLs. Join us and soak it all up!  Oracle Linux Is Really the Ideal Linux for Oracle Cloud Developers [DEV6017] SPEAKERS Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle 09:00 AM - 09:45 AM | Moscone West - Room 2003 Build an ARM64-Based Solution with Oracle Linux [PRM4722] SPEAKERS Michele Resta, Product Management Sr. Director - Alliances, Oracle Honglin Su, Sr. Director of Product Management, Oracle 09:00 AM - 09:45 AM | Moscone West - Room 2000 Building a Cost-Effective Cloud with Oracle OpenStack and Oracle's x86 Servers [PRO4786] SPEAKERS Joshua Rosen, Oracle Dilip Modi, Principal Product Manager, Oracle OpenStack, Linux and VM Development, Oracle Subban Raghunathan, VP, Product Management, Oracle 09:00 AM - 09:45 AM | Moscone South - Room 207 Infrastructure as Code on Oracle Cloud Infrastructure with Terraform [HOL5139] SPEAKERS Christophe Pauliat, Oracle Solution Center Sales Consultant, Oracle Simon Hayler, Sr Principal Technical Product Manager, Oracle Paul Bramy, CEO, reloca Matthieu Bordonne, Oracle Solution Center Sales Consultant, Oracle 10:30 AM - 11:30 AM | Marriott Marquis (Yerba Buena Level) - Salon 12/13 Strategy and Insights from the Oracle Linux and Oracle VM Product Management Team [BQS4730] SPEAKERS Avi Miller, Product Management Director, Oracle Robert Shimp, Product Management Group Vice President - Oracle Linux, Virtualization and Linux and VM Development, Oracle Honglin Su, Sr. Director of Product Management 11:00 AM - 11:45 AM | Moscone South - Room 206 Observing and Optimizing Your Application on Oracle Linux with DTrace [HOL6339] SPEAKERS Jeff Savit, Director, Oracle 12:00 PM - 01:00 PM | Marriott Marquis (Yerba Buena Level) - Salon 12/13 Detecting and Blocking Attacks with Oracle Audit Vault and Database Firewall [PRO4110] SPEAKERS Russ Lowenthal, Director, Product Management, Oracle Ram Subramanian, Director, Database Services, Symantec Corporation Rohit Muttepawar, IT Architect - Database Platform, Symantec Corporation Oct 25, 12:00 PM - 12:45 PM | Moscone West - Room 3006 Embrace Open Source Projects on GitHub for Cloud Automation [TIP5795] SPEAKERS Avi Miller, Product Management Director, Oracle Simon Coter, Director of Product Management, Linux and Virtualization, Oracle 12:00 PM - 12:45 PM | Moscone South - Room 160 How Oracle Linux Delivers Superior Application Scalability for Exadata [PRO5798] SPEAKERS Swamy Kiran, Infrastructure Architect / DBA Team Technical Lead, The World Bank Group Sudhakar Dindukurti, Oracle 12:00 PM - 12:45 PM | Moscone West - Room 2000 Why Oracle Linux Is the Best Platform for Oracle Database and Oracle Cloud [PRO5797] SPEAKERS Ravi Thammaiah, Director of Software Development, Oracle Dhaval Giani, Oracle 01:00 PM - 01:45 PM | Moscone South - Room 207 Oracle Database 18c: Reliable DevOps with Vagrant, Oracle VM VirtualBox, and Oracle Linux [HOL6394] SPEAKERS Gerald Venzl, Senior Principal Product Manager, Oracle Simon Coter, Director of Product Management, Linux and Virtualization, Oracle 01:30 PM - 02:30 PM | Marriott Marquis (Yerba Buena Level) - Salon 12/13

It’s the last day of Oracle OpenWorld 2018 and it has a lot to offer You’ll find plenty of useful information in these sessions and HOLs. Join us and soak it all up!  Oracle Linux Is Really the Ideal...

Events

The first half of Oracle OpenWorld 2018 was a hit--Wednesday’s sessions will continue to impress

The first two days of Oracle OpenWorld 2018 are in the record books. Sessions were well attended and the Infrastructure Technologies showcase, #120, drew a steady crowd and long lines at the VR game. Ajay Srivastava, Senior Vice President, Oracle presented an “Overview of Oracle Infrastructure Technologies” to a full house. Providing a behind-the-scenes look at the Oracle servers, Linux operating system, virtualization, and other software components that power Oracle Cloud. Ajay offered this take away: “Oracle Linux is the only OS on this planet that allows you to apply patches with zero-downtime. It’s free in Oracle Cloud.” Sessions recommended for Wednesday, October 24: Provide Zero Downtime Update for Your Cloud Infrastructure [HOL6340] 08:00 AM - 09:00 AM | Marriott Marquis (Yerba Buena Level) - Salon 12/13 SPEAKERS Christophe Pauliat, Oracle Solution Center Sales Consultant, Oracle Simon Coter, Director of Product Management, Linux and Virtualization, Oracle   Keynote: The Role of Security and Privacy in a Globalized Society—Threats, Implications and Opportunities [KEY6573] 09:00 AM - 10:30 AM | Moscone North - Hall D SPEAKERS Mark Hurd, Chief Executive Officer, Oracle General Michael Hayden, Former Director of the CIA and NSA Jeh Johnson, Former Secretary of Homeland Security Sir John Scarlett , KCMG OBE Former Chief of the British Secret Intelligence Service Edward Screven, Chief Corporate Architect, Oracle   The OS Factor: Advice for the Technology Buyer from IDC [BUS4729] 11:15 AM - 12:00 PM | Moscone West - Room 2000 SPEAKERS Karen Sigman, Vice President, Product and Partner Marketing, Oracle Ashish Nadkarni, Research Director, IDC   Secure and Agile Orchestration for Linux Containers [TRN4723] 12:30 PM - 01:15 PM | Moscone West - Room 2000 SPEAKERS Avi Miller, Product Management Director, Oracle   AMD EPYC: Freeing the Data Center [PRM6946] 12:30 PM - 01:15 PM | Moscone South - Room 154 SPEAKERS Rajan Panchapakesan, Oracle Daniel Bounds, Sr. Director, Product Management, AMD   Oracle Private Cloud Appliance: Deploy Your Private Cloud IaaS Out-of-the-Box [CAS6167] 12:30 PM - 01:15 PM | Moscone South - Room 214 SPEAKERS Sam K Tan, Product Manager, ODA and PCA, Oracle Ryan Lea, Solution Consultant, Revera   Securing Your Critical Oracle Cloud Infrastructure Workloads [THT6585] 01:00 PM - 01:20 PM | The Exchange @ Moscone South - Theater 2 SPEAKERS Rich Vorwaller, Product Manager, Symantec   Keynote: Fusion Cloud Applications—Secure and Extensible [KEY3879] 2:00 PM - 03:00 PM | Moscone North - Hall D SPEAKERS Larry Ellison, Executive Chairman and CTO, Oracle   The Emergence of New Threats: A Look at Spectre and Meltdown [TIP3992] 04:45 PM - 05:30 PM | Moscone West - Room 2000 SPEAKERS Greg Marsden, Linux Kernel Development, Oracle Bruce Lowenthal, Senior Director, Security Alerts Group, Oracle    

The first two days of Oracle OpenWorld 2018 are in the record books. Sessions were well attended and the Infrastructure Technologies showcase, #120, drew a steady crowd and long lines at the VR game. Aj...

Announcements

Oracle Announces 2018 Oracle Excellence Awards – Congratulations to our “Leadership in Infrastructure Transformation" Winners

We are pleased to announce the 2018 Oracle Excellence Awards “Leadership in Infrastructure Transformation" Winners. This elite group of recipients includes customers and partners who are using Oracle Infrastructure Technologies to accelerate innovation and drive business transformation by increasing agility, lowering costs, and reducing IT complexity. This year, our 10 award recipients were selected from amongst hundreds of nominations. The winners represent 5 different countries: Austria, Russia, Turkey, Sweden, United States and 6 different industries:  Communications, Financial, Government, Manufacturing, Technology, Transportation. Winners must use at least one, or a combination, of the following for category qualification:   •    Oracle Linux •    Oracle Virtualization (VM, Virtual Box) •    Oracle Private Cloud Appliance •    Oracle SuperCluster •    Oracle SPARC •    Oracle Solaris •    Oracle Storage, Tape/Disk Oracle is pleased to honor these leaders who have delivered value to their organizations through the use of multiple Oracle technologies which have resulted in reduced cost of IT operations, improved time to deployment, and performance and end user productivity gains.  This year’s winners are Michael Polepchuk, Deputy Chief Information Officer, BCS Global Markets; Brian Young, Vice President, Cerner, Brian Bream, CTO, Collier IT; Rudolf Rotheneder, CEO, cons4u GmbH; Heidi Ratini, Senior Director of Engineering, IT Convergence; Philip Adams, Chief Technology Officer, Lawrence Livermore National Labs; JK Pareek, Vice President, Global IT and CIO, Nidec Americas Holding Corporation; Baris Findik, CIO, Pegasus Airlines; Michael Myhrén, Senior DBA Senior Systems Engineer and Charles Mongeon, Vice President Data Center Solutions and Services (TELUS Corporation). More information on these winners can be found at https://www.oracle.com/corporate/awards/leadership-in-infrastructure-transformation/winners.html.

We are pleased to announce the 2018 Oracle Excellence Awards “Leadership in Infrastructure Transformation" Winners. This elite group of recipients includes customers and partners who are using...

Events

Oracle OpenWorld 2018: Day One is a Wrap. What’s in Store for Day Two?

Cloud native development and security were among the key themes in today’s sessions from keynotes to HOLs and in the news… Starting with today’s Oracle Linux Cloud Native Environment announcement. In keeping with long-standing Oracle OpenWorld traditions, Wim Coekaerts delivered the “State of the Penguin.” In  the session, he shared updates on product releases, new areas of focus including Oracle Linux Cloud Native Environment, Kata Containers, KVM work, and Oracle Instant Client. Hear more from @WimOracle in this Oracle Groundbreakers Live interview. In other news, today: Gluster Storage 3.12 for Oracle Linux 7 was announced Oracle VM VirtualBox 6.0 Beta is out Catch-up on other keynotes on demand. Tomorrow there is another information-packed line up: Tuesday, October 23 Accelerating Growth in the Cloud [KEY3877] 09:00 AM - 10:30 AM | Moscone North - Hall D An Overview of Oracle Infrastructure Technologies in Oracle Cloud [PRO5904] 11:15 a.m. - 12:00 p.m. | Moscone West - Room 2000 Kubernetes, Docker, and Oracle Linux from On-Premises to Oracle Cloud with Ease [DEV6015] 11:30 a.m. - 12:15 p.m. | Moscone West - Room 2009 Accelerate Your Business with Machine Learning and Oracle Linux [PRO4731] 1:45 p.m. - 2:30 p.m. | Moscone West - Room 2000 Best Practices: Oracle Linux and Oracle VM in Oracle Cloud Infrastructure [PRO4721] 4:45 p.m. - 5:30 p.m. | Moscone South - Room 160 Building a Cloud Native Environment with Oracle Linux [THT6913] 5:25 p.m. - 5:45 p.m. | The Exchange @ Moscone South - Theater 6 Maximize Performance with Oracle Linux and Oracle VM [TIP4725] 5:45 p.m. - 6:30 p.m. | Moscone West - Room 2000

Cloud native development and security were among the key themes in today’s sessions from keynotes to HOLs and in the news… Starting with today’s Oracle Linux Cloud Native Environment announcement. In...

Linux

Oracle Instant Client RPMs Now Available on Oracle Linux Yum Server (yum.oracle.com)

Recently, we added Oracle Instant Client RPMs to the yum servers inside Oracle Cloud Infrastructure (OCI). Those yum servers are accessible from systems within OCI only. Today, I'm pleased to announce we added Oracle Instant Client RPMs to Oracle Linux yum server. That's right, no more manual steps to accept a license before you can download Oracle Instant Client. Simply run yum install from any Oracle Linux system connected to the Internet. How to access Oracle Instant Client on Oracle Linux yum server (yum.oracle.com) Grab the latest version of the repo definition file from the Oracle Linux yum server: cd /etc/yum.repos.d sudo mv public-yum-ol7.repo public-yum-ol7.repo.bak sudo wget http://yum.oracle.com/public-yum-ol7.repo Enable the ol7_oracle_instantclient repo: sudo yum install -y yum-utils sudo yum-config-manager --enable ol7_oracle_instantclient   Here are the instant RPMs currently available: $ sudo yum list oracle-instantclient* ol7_UEKR4 | 1.2 kB 00:00:00 ol7_latest | 1.4 kB 00:00:00 ol7_oracle_instantclient | 1.2 kB 00:00:00 (1/2): ol7_oracle_instantclient/x86_64/primary | 2.2 kB 00:00:00 (2/2): ol7_oracle_instantclient/x86_64/updateinfo | 145 B 00:00:00 ol7_oracle_instantclient 7/7 Available Packages oracle-instantclient18.3-basic.x86_64 18.3.0.0.0-2 ol7_oracle_instantclient oracle-instantclient18.3-basiclite.x86_64 18.3.0.0.0-2 ol7_oracle_instantclient oracle-instantclient18.3-devel.x86_64 18.3.0.0.0-2 ol7_oracle_instantclient oracle-instantclient18.3-jdbc.x86_64 18.3.0.0.0-2 ol7_oracle_instantclient oracle-instantclient18.3-odbc.x86_64 18.3.0.0.0-2 ol7_oracle_instantclient oracle-instantclient18.3-sqlplus.x86_64 18.3.0.0.0-2 ol7_oracle_instantclient oracle-instantclient18.3-tools.x86_64 18.3.0.0.0-2 ol7_oracle_instantclient $ Conclusion With Oracle Instant Client RPMs now on our publicly available Oracle Linux yum server, it's even easier to develop and deploy applications for Oracle Database.

Recently, we added Oracle Instant Client RPMs to the yum servers inside Oracle Cloud Infrastructure (OCI). Those yum servers are accessible from systems within OCI only. Today, I'm pleased to...

Announcements

Announcing Gluster Storage Release 3.12 for Oracle Linux 7

Oracle is pleased to announce the release of Gluster Storage Release 3.12 for Oracle Linux 7. Gluster Storage is an open source, POSIX compatible filesystem capable of supporting thousands of clients while using commodity hardware. Gluster provides a scalable, distributed file system that aggregates disk storage resources from multiple servers into a single global namespace. Gluster provides built-in optimisation for different workloads and can be accessed using either an optimised Gluster FUSE client or standard protocols including SMB/CIFS. Gluster can be configured to enable both distribution and replication of content with quota support, snapshots and bit-rot detection for self-healing.  Installation Gluster Storage is available on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. It is currently available for the x86_64 architecture only and can be installed on any Oracle Linux 7 server running either the Red Hat Compatible Kernel (RHCK) or the Unbreakable Enterprise Kernel (UEK) Release 4 or 5.  For more information on hardware requirements and how to install and configure Gluster, please review the Gluster Storage for Oracle Linux Release 3.12 documentation. Support Support for Gluster Storage is available to customers with an Oracle Linux Premier support subscription. Refer to Oracle Linux 7 License Information User Manual for information about Oracle Linux support levels. Oracle Linux Resources: Documentation Oracle Linux Software Download Oracle Linux Oracle Container Registry Blogs Oracle Linux Blog Oracle Ksplice Blog Oracle Mainline Linux Kernel Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - https://oracle.com/education/linux For community-based support, please visit the Oracle Linux space on the Oracle Developer Community.

Oracle is pleased to announce the release of Gluster Storage Release 3.12 for Oracle Linux 7. Gluster Storage is an open source, POSIX compatible filesystem capable of supporting thousands of clients...

Announcements

Announcing Oracle Linux Cloud Native Environment

Oracle is pleased to announce Oracle Linux Cloud Native Environment, a curated set of open source Cloud Native Computing Foundation (CNCF) projects that can be easily deployed, have been tested for interoperability, and for which enterprise-grade support is offered. For several years now we have seen the decomposition of applications into microservices running on container infrastructure with developers and operations collaborating using DevOps methodologies. Enterprises are looking for technologies that can help them reduce time to market and keep ahead of the competition. Cloud native microservices-based applications offer the agility and increased productivity needed. However, most IT operations are overwhelmed with the changing cloud native technology landscape. One option is to build your own cloud native environment from open source software but that requires dealing with the complexity of picking the right software and getting it all to work together without any vendor support. The other approach is to use a stack or distribution from a software vendor. This option offers support but that could mean lock-in with that vendor, which may also not be up to date with the latest technologies. Oracle offers a better alternative: one that can give you the best of both worlds by delivering software that supports the open standards, specifications, and APIs defined by the Cloud Native Computing Foundation or CNCF. The CNCF promulgates guidelines and defines certifications for cloud-native microservices software. Oracle is a platinum member of CNCF as well as a platinum member of the Linux Foundation. Oracle closely tracks the CNCF standards and contributes to the CNCF community. Oracle has been investing in components of the CNCF framework for some time. For example, Open Container Initiative (OCI)-compliant container software and CNCF Certified Conformance orchestration software have been included with Oracle Linux for several years. “We’re always thrilled to see members and long-standing open source contributors driving cloud native innovations that benefit both developers and enterprises," said Dee Kumar, vice president of marketing, Cloud Native Computing Foundation. "CNCF looks forward to seeing how Oracle continues its efforts to meet the quality, availability, and security needs of enterprises for cloud native DevOps.” Oracle Linux Cloud Native Environment With the Oracle Linux Cloud Native Environment, Oracle provides the features for customers to develop microservices-based applications that can be deployed in environments that support open standards and specifications. Container Infrastructure Containers are the fundamental infrastructure to deploy modern cloud applications. Oracle delivers the tools to create and provision OCI-compliant containers with the Oracle Container Runtime for Docker package available for Oracle Linux 7 on both the x86_64 and Arm architectures. To provide additional security and isolation of workloads, Oracle has adopted Kata Containers, an OpenStack Foundation project. Oracle is using Kata Container software to deliver the framework for creating lightweight virtual machines that can easily plug into a container ecosystem. A combination of Intel’s Clear Container initiative and the Hyper runV project, Kata Containers offer additional levels of security while maintaining the development and deployment speed of traditional containers. Kata Containers are available as a developer preview with Oracle Linux. Container Orchestration and Management Oracle Container Services for use with Kubernetes is an extension to Oracle Linux, based on the upstream Kubernetes project and released under the CNCF Kubernetes Certified Conformance program. Oracle Container Services for use with Kubernetes simplifies the configuration and setup of Kubernetes with support for backup and recovery. This solution is developed for Oracle Linux and integrates with Oracle Container Runtime for Docker to provide a comprehensive container and orchestration environment for the delivery of microservices and next-generation application development. CRI-O, an implementation of the Kubernetes CRI (Container Runtime Interface) to enable using Open Container Initiative compatible runtimes, is available in preview. CRI-O allows you to run containers directly from Kubernetes without any unnecessary code or tooling. As long as the container is Open Container Initiative (OCI)-compliant, CRI-O can run it, cutting out extraneous tooling and allowing containers to do what they do best: fuel your next-generation cloud native applications. Cloud Native Networking CNCF project Flannel provides the overlay network used in Oracle Container Services for use with Kubernetes today and simplifies container-to-container networking. The Container Network Interface (CNI) project currently incubating under CNCF seeks to simplify networking for container workloads by defining a common network interface for containers. The CNI plugin is available as a developer preview. Coming soon additional features like Calico will enable customers to define fine-grained connection policies to further improve container and virtual machine network security. Cloud Native Storage There are a number of storage projects associated with the CNCF foundation and several providers are included by default in Oracle Container Services for use with Kubernetes including a plugin for Gluster Storage for Oracle Linux Release 3.12. The future of storage integration will be provided through the use of a new plugin referred to as the Container Storage Interface (CSI) which was released in alpha beginning with Kubernetes 1.9. This new plugin will adhere to a standard specification and allow storage vendors to manage their plugins against their own timelines versus alignment with upstream Kubernetes releases. The alpha CSI plugin is available as a developer preview. Continuous Integration / Continuous Delivery The increased adoption of microservices and the development of cloud native applications requires continuous integration and delivery options to keep pace with growing release frequencies. Jenkins X, available in preview, is a CNCF project which rethinks how developers should interact with CI/CD in the cloud with a focus on making development teams more productive through automation, tooling and DevOps best practices. Observability and Diagnostics Prometheus is a powerful, flexible, instrumentation solution for monitoring container environments.  It provides time-series dimensional data, powerful query tools and alerting features to improve visibility across the environment.  In addition, integration with 3rd party “exporters” allow users to collect additional data and turn it into a metric in Prometheus.  One example of this would be with Fluentd which is a data collector that decouples data sources from backend systems by providing a unified logging layer in between. Fluentd provides an exporter for Prometheus, allowing for a more simple integration experience.  Both Prometheus and Fluentd are available as previews. Oracle Linux for Development Tried, tested, and tuned for enterprise workloads, Oracle Linux is used by developers worldwide. The Oracle Linux yum server provides easy access to Linux developer preview software, including the latest Cloud Native Environment software. Thousands of EPEL packages also have been built and signed by Oracle for security and compliance. Software collections include recent versions of Python, PHP, Node.js, nginx, and more. In addition, Oracle Cloud developer tools such as Terraform, SDKs, and CLI are available for an improved experience. And finally, Oracle VM VirtualBox helps customers get started with Oracle Linux Cloud Native Environment quickly. Greater Value Support for the Oracle Linux Cloud Native Environment is included with an Oracle Linux Premier support subscription at no additional cost. Components available in preview are made available via Oracle Linux yum server or Oracle Container Registry. Getting Started Oracle Linux is freely available to everyone at Oracle Software Delivery Cloud. Updates can be obtained from Oracle Linux yum server.  Oracle VM VirtualBox is the most popular cross-platform virtualization software for development environments. You can download a copy of VirtualBox to run Oracle Linux and the cloud-native software on your desktop and easily deploy to the cloud.  Oracle is offering up to 3,500 free hours on Oracle Cloud to developers that would like to use our cloud for their development environment. Oracle OpenWorld 2018 To learn more about Oracle Linux Cloud Native Environment at Oracle OpenWorld 2018, attend the sessions and visit Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase.

Oracle is pleased to announce Oracle Linux Cloud Native Environment, a curated set of open source Cloud Native Computing Foundation (CNCF) projects that can be easily deployed, have been tested for...

Events

Oracle Sponsors Open Source Summit Europe - Oct 22-25

Open Source Summit Europe (OSSEU) is the leading conference for developers, architects and other technologists – as well as open source community and industry leaders – to collaborate, share information, learn about the latest technologies and gain a competitive advantage by using innovative open solutions. Oracle is a gold sponsor of Open Source Summit in Edinburg. We have two great sessions : Tuesday, Oct 23 - 16:40    : ​Rapid and Secure Cloud Native DevOps  presented by Shane James Learn how to rapidly and securely build your cloud-native DevOps using tools such as: ready to deploy Oracle products as Docker images, Oracle Container Runtime for Docker, Oracle Container Services for use with Kubernetes, and Oracle VitualBox which enables multiple operating systems on one desktop and transporting live virtual machines between hosts and the cloud without interruption. Wednesday, Oct 24 - 16:15  : Test Driven Kernel Development presented by Knut Omang In this talk Knut will make a case for a pragmatic test driven approach to Linux kernel development. Most of the testing we are aware of are based on tests that are executed from user space only, and can only observe what the kernel exposes. Often this is not sufficient to test detailed semantics of components of the kernel, as many of the stimulis needed to activate certain pieces of the code is not easily generated. Also, even when a certain class of problems can be exposed using system level tests, running it as part of a continuous integration (CI) system may not be feasible due to the hardware needs. A good unit test framework can make it easier to write tests that asserts certain behavour that some code rely on. Oracle is developing and improving KTF (Kernel Test Framework), available on github to allow unit testing across the user/kernel boundary, which will be demonstrated as part of the talk. Visit us at Booth #9 to talk to engineers and get more information about Linux and Virtualization products and see demos.            

Open Source Summit Europe (OSSEU) is the leading conference for developers, architects and other technologists – as well as open source community and industry leaders – to collaborate,...

Key Happenings on the First Day of Oracle OpenWorld 2018

Today was a gorgeous day in San Francisco. The temperature was in the mid-60’s, the sun was shining, and there was a light breeze. The forecast is for similar weather all week – just in time for Oracle OpenWorld 2018. I flew in to cloud cover, but it burned off between baggage, finding my ride, and the drive from SFO to the city. I made my way to the convention center and the hustle is on!   It’s remarkable how the expanse of Moscone South can transform from an empty hall to the booming venue that tomorrow will be The Exchange – and I thought SFO was a busy place. Monday, October 22, is the first day of Oracle OpenWorld and there are several key things you’ll want to do… Register. If you haven’t already, use the advance check-in option. It’s a breeze. Sign-up for Sessions. Be sure to register for the ones you must attend to be sure to have a seat. Here are some links to help you finish building your Monday schedule:   Monday, Oct. 22        11:30 a.m. - 12:15 p.m. Oracle Linux: State of the Penguin [PRO4720] – Moscone West - Room 2000 Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle   1:45 p.m. - 3:00 p.m. Keynote: Cloud Generation 2 [KEY3784] – Moscone North – Hall D Larry Ellison, Executive Chairman and CTO, Oracle   3:45 p.m. - 4:45 p.m. Oracle's Systems Strategy for Cloud and On-Premises [PKN5901] – The Exchange @ Moscone South - The Arena Ali Alasti, Senior Vice President, Hardware Engineering, Oracle Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle Edward Screven, Chief Corporate Architect, Oracle   As you exit The Arena at 4:45, you conveniently have to walk by the Infrastructure Technologies showcase, #120. Take a few minutes to see what’s going on. If the demos and product experts don’t keep you enthralled, the VR game will. Apparently, shooting widgets with a bow and arrow in VR is a lot of fun – hope you’ll give it a try – you could win a prize.   For more session information, visit the Focus on Oracle Linux and Virtualization page.

Today was a gorgeous day in San Francisco. The temperature was in the mid-60’s, the sun was shining, and there was a light breeze. The forecast is for similar weather all week – just in time...

Events

Don’t Miss the Theater While in San Francisco or at Oracle OpenWorld

There’s a lot to see and do in San Francisco. If you’re joining us for Oracle OpenWorld 2018, be sure to partake in some of the wonderful attractions and culture that the city has to offer. If you like theater, you’ll find lots of options from large world-renowned venues such as the Orpheum Theater and the Golden Gate Theater to smaller ones like the SF Playhouse on Union Square, offering a variety of productions from Broadway hits to comedies and locally written pieces. You can also find some great content in the theaters of The Exchange @ Moscone South while you’re attending the conference. After walking the streets (and hills) of San Francisco, not to mention the halls of Moscone, who wouldn’t want to take a seat?  For 20 minutes, you can rest your feet and gather some knowledge. Here are a few sessions in Theater 6, located in the Infrastructure Technologies showcase, #120, to mark on your schedule: Monday, October 22 12:40 p.m. – 1:00 p.m. Oracle Infrastructure Technologies in Oracle Cloud [THT6914] Robert Shimp, Product Management Group Vice President - Oracle Linux, Virtualization and Linux and VM Development, will outline the many infrastructure technologies that Oracle designs, builds, and optimizes that power Oracle Cloud. Learn about the inner workings that make Oracle Cloud unique. Tuesday, October 23 1:30 p.m. – 1:50 p.m. Oracle Linux/Oracle VM VirtualBox: An Enterprise Development Platform for Oracle Cloud [THT6912] Simon Coter, Director of Product Management, Linux and Virtualization, will discuss the advantages of using Oracle Linux and Oracle VM VirtualBox as an enterprise development platform for Oracle Cloud. 5:25 p.m. – 5:45 p.m. Building a Cloud Native Environment with Oracle Linux [THT6913] Avi Miller, Product Management Director, will delve into the open, integrated operating environment that Oracle Linux offers, with application development tools, management tools, containers, and orchestration capabilities, which enable DevOps teams to efficiently build reliable, secure cloud native applications. Learn how Oracle Linux can help you enhance productivity.

There’s a lot to see and do in San Francisco. If you’re joining us for Oracle OpenWorld 2018, be sure to partake in some of the wonderful attractions and culture that the city has to offer. If you...

Events

Hewlett Packard Enterprise at Oracle OpenWorld 2018

Coming to Oracle OpenWorld 2018? Then come see HPE. We're excited to have our partner returning to the conference this year! And they’re ready to help you learn how the right HPE hardware running Oracle Linux and Oracle VM can provide an optimal solution for your most demanding workloads. Whether your requirements are for increasing database performance or keeping critical applications available, HPE can help you optimize your investments in Oracle. HPE participates in Oracle’s HCL program to qualify hardware on Oracle Linux, Oracle Solaris, and Oracle VM. Qualified solutions can be found here. Meet with HPE compute and storage experts in the Infrastructure Technologies showcase, # 120. Learn about HPE's all-flash 3PAR and Nimble Storage with extreme performance, predictive analytics and robust data protection, or, for your mission-critical compute, the unparalleled scale-up server capacity offered by HPE Superdome servers with Intel® Xeon® Scalable processors. HPE provides a full portfolio of right-sized server and storage solutions allowing IT organizations to match processing power and scale with current and future needs, from small to large enterprise deployments, at price points that fit within almost any IT budget.        

Coming to Oracle OpenWorld 2018? Then come see HPE. We're excited to have our partner returning to the conference this year! And they’re ready to help you learn how the right HPE hardware running...

Announcing Oracle Linux Storage Appliance 1.8 for Oracle Cloud Infrastructure

We are pleased to announce the release of Oracle Linux Storage Appliance 1.8. The Oracle Linux Storage Appliance allows you to easily build NFS and Samba shared file system storage with attached NVMe devices or block volumes on Oracle Cloud Infrastructure (OCI). This release provides Microsoft Active Directory support for greater integration with Windows domain networks.  Many Microsoft Windows Server deployments use Active Directory for managing user authentication and access authorization.  Oracle Linux Storage Appliance can now authenticate users defined in the Active Directory server, and authorize or restrict access to Samba shared file system directories implementing the Server Message Block (SMB) export protocol. To take advantage of Microsoft Active Directory support, you can easily upgrade your existing Oracle Linux Storage Appliance deployment using the Update Appliance option in the Administration page of the web console.  To install a new deployment of Oracle Linux Storage Appliance on Oracle Cloud Infrastructure, simply follow a few easy steps provided here.  Active Directory support is enabled in the Samba Global Settings option in the web console’s Administration page. For more information visit: Oracle Linux Storage Appliance Oracle Linux Storage Appliance Deployment and User’s Guide

We are pleased to announce the release of Oracle Linux Storage Appliance 1.8. The Oracle Linux Storage Appliance allows you to easily build NFS and Samba shared file system storage with attached NVMe...

Announcements

Announcing Oracle Linux 7 Update 6 Developer Preview

Oracle is pleased to announce the availability of the developer preview for Oracle Linux 7 Update 6 as part of our ongoing goal of making Oracle Linux the distribution for development. The Oracle Linux 7 Update 6 Developer Preview includes the following kernel packages: kernel-uek-4.14.35-1818.2.1.el7uek.x86_64 The Unbreakable Enterprise Kernel Release 5, which is the default kernel. kernel-3.10.0-933.el7.x86_64 The latest Red Hat Compatible Kernel (RHCK). To get started with Oracle Linux 7 Update 6 Developer Preview, you can simply perform a fresh installation by using the ISO images available for download from Oracle Technology Network. Or, you can perform an upgrade from an existing Oracle Linux 7 installation by using the developer preview channels for Oracle Linux 7 Update 6 on the Oracle Linux yum server or the Unbreakable Linux Network (ULN).  # vi /etc/yum.repos.d/public-yum-ol7.repo [ol7_u6_developer] name=Oracle Linux $releasever Update 6 installation media copy ($basearch) baseurl=https://yum.oracle.com/repo/OracleLinux/OL7/6/developer/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 [ol7_u6_developer_optional] name=Oracle Linux $releasever Update 6 optional packages ($basearch) baseurl=https://yum.oracle.com/repo/OracleLinux/OL7/optional/developer/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 Oracle Linux yum server is mirrored inside Oracle Cloud Infrastructure to enable faster downloads. You can follow the instructions to configure Oracle Linux yum server mirrors in Oracle Cloud Infrastructure. Modify the yum channel setting and enable the Oracle Linux 7 Update 6 Developer Preview channels. Then you perform the upgrade. # yum update After the upgrade is completed, reboot the system and you will have Oracle Linux 7 Update 6 Developer Preview running. # cat /etc/oracle-release Oracle Linux Server release 7.6 This release is provided for development and test purposes only and is not covered by Oracle Linux support. Oracle does not recommended using preview releases in production. If you have any questions, please visit the Oracle Linux and UEK Preview space on the Oracle Linux Community. If you come to Oracle OpenWorld and want to learn more about Oracle Linux and Virtualization and to speak with product experts, visit the Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase.

Oracle is pleased to announce the availability of the developer preview for Oracle Linux 7 Update 6 as part of our ongoing goal of making Oracle Linux the distribution for development. The Oracle Linux...

Events

Join Pure Storage at the Infrastructure Technologies Showcase, #120, at Oracle OpenWorld 2018

Learn how Pure Storage empowers Oracle customers to maximize the value of data We’ve shared a lot of information about key sessions and the showcase to help Oracle OpenWorld attendees map out how to best spend time at the conference. There’s more… Our Partners. This year, we welcome AMD, Hewlett Packard Enterprise, Lenovo, Pure Storage, and Symantec who are joining us in the Infrastructure Technologies showcase, #120, in Moscone South. Here are some key things to know about Pure Storage. #1: Pure Storage hardware is qualified and supported on Oracle Linux, Oracle Solaris and Oracle VM. It is also a good selection for Oracle Private Cloud Appliance customers that need external storage for business continuity and rapid restore solutions. The Pure Data-Centric Architecture for Oracle, the all-flash storage platform, is virtually effortless to use, efficient from end-to-end, and evergreen to upgrade - delivering real-time data to power customers’ mission-critical Oracle databases, data warehouses, development activities, and modern analytics environments. Thousands of Oracle customers use Pure Storage to help them deliver faster performance, improved simplicity, and lower economics for their Oracle environments. A case in point: An insurance company in Latin America recently selected Pure Storage to improve the performance and simplify operation of their mission critical Oracle databases that run on Oracle Linux. Pure’s embedded Oracle Copy Automation Tool (CAT), based on space-efficient snapshots, helped this customer speed up development activities by over 150x. Copy, clone and refresh workflows that were taking up to 3 hours to complete are now conducted in as little as 1-2 minutes. Now that’s a benefit that’s hard to pass up. #2: You can hear more from Pure Storage product experts: Customer Case Study Session: Oracle Private Cloud Appliance and Pure Storage: An Integrated Disaster Recovery Solution Thursday, Oct 25, 12:00 p.m. - 12:45 p.m. Moscone South - Room 214 Theater Session: Accelerate Development with Database Automation Tuesday, Oct 23, 1:00 p.m. - 1:20 p.m.  The Exchange @ Moscone South - Theater 1 #3: At the Infrastructure Technologies showcase, #120, Pure will be highlighting hardware support on Oracle Linux, Oracle VM, and Oracle Private Cloud Appliance, and demoing tools including: Oracle Database Copy Automation Tool Accelerate Oracle DB Development with Automation using Ansible Oracle Enterprise Manager Plug-in for Pure Storage Space Efficient Oracle snapshots Pure ActiveCluster - Simple and cost-effective Sync Replication    Pure Storage is an OPN Gold member.  

Learn how Pure Storage empowers Oracle customers to maximize the value of data We’ve shared a lot of information about key sessions and the showcase to help Oracle OpenWorld attendees map out how to...

Events

Q: What do penguins, pop sockets and VR have in common? A: The Oracle Infrastructure Technologies Showcase at Oracle OpenWorld

It’s refreshing to be in San Francisco in the fall. The weather is typically “temperate” but can be unpredictable, so it’s always good to bring layers, just in case. Joining the throng of people heading to Oracle OpenWorld adds an even more energizing buzz to the city by the bay. I enjoy a walk in the Howard and 3rd St. neighborhood as I grab a cappuccino and head to Moscone Center. Like the convention center, which is undergoing an expansion and transformation, so too is The Exchange, this year’s demo grounds at Oracle OpenWorld, located in Moscone South. With a focus on attendees’ experience, there are several new things to make navigating the exhibit floor easier. A wayfinder application provides an easy, self-service portal for finding demos and product experts. On-demand demos join always-on demos to provide time savings, and meetings can be booked on the spot to fit your schedule. Also new this year is the Oracle Infrastructure Technologies showcase, #120. This showcase, located on the right side of the show floor, near the Oracle Cloud Infrastructure and Autonomous Database showcases, is a stop you'll want to make. Attendees will find a wealth of information and an opportunity to have some fun. Here’s an outline of what will be covered in the Oracle Infrastructure Technologies showcase. Products, technologies, and training: Servers: X86 Servers, SPARC Servers Storage: Zero Data Loss Recovery Appliance, Oracle ZFS Storage Appliance, StorageTek Tape Automation Operating Systems: Oracle Linux, Oracle Solaris Virtualization: Oracle VM for x86, Oracle VM Server for SPARC, Oracle VM VirtualBox, Tools and Platform: Oracle Containers, Oracle OpenStack, Oracle Enterprise Manager, Kubernetes Converged Infrastructure: Oracle MiniCluster, Oracle SuperCluster, Oracle Private Cloud Appliance Training Partners: AMD, Hewlett Packard Enterprise, Lenovo, Pure Storage, and Symantec Fun with VR: Join us for some fun in this virtual world (with all of the gear), where you’ll transform into the role of a solution architect. Shoot down the Oracle Infrastructure Technology product(s) that best fit your IT requirements and you could win an Oracle penguin pop socket.  And there’s more… More fun at CloudFest. 18 and if you’re planning to extend your stay in San Francisco, be sure to check out all of the Halloween parties – this city knows how to do them right! Finally, back to Oracle OpenWorld -- don’t forget to register for sessions now, they’re filling up fast. Enjoy fall in San Francisco and your time at Oracle OpenWorld 2018.

It’s refreshing to be in San Francisco in the fall. The weather is typically “temperate” but can be unpredictable, so it’s always good to bring layers, just in case. Joining the throng of...

Configuring Oracle Linux 7 Instances on Oracle Cloud Infrastructure Using OCI Utilities

Oracle Linux 7 instances created using Oracle-Provided Images on Oracle Cloud Infrastructure (OCI) include a pre-installed set of utilities that are designed to facilitate configuration tasks for Oracle Linux instances. These utilities consist of a set command line tools included in the oci-utils RPM package that is pre-installed with the latest Oracle Linux 7 images provided under the ‘Oracle-Provided OS Image’ selection when creating an instance from the Oracle Cloud Infrastructure console. The following OCI utilities are available in the oci-utils package: oci-iscsi-config - Displays and attaches/detaches iSCSI devices on Oracle Linux instances. oci-network-config - Displays instance VNICs, configures secondary VNICs, and auto-synchronizes VNIC IP configurations. oci-network-inspector - Displays network information for an OCI Virtual Cloud Network (VCN), compartment, or tenancy, including the security list, and IP addresses of VNICs and instances. oci-metadata - Queries instance metadata such as the OCI region, availability domain, shape, state, OCID, compartment, and network. oci-public-ip - Displays the instance public IP address. ocid - This is the oci-utils service daemon component. For more information on OCI utilities and how to use the scripts, visit the following links: Documentation Oracle Cloud Documentation: OCI Utilities Blogs oci-utils-0.6-34.el7 oci-utils for Oracle Cloud Infrastructure      

Oracle Linux 7 instances created using Oracle-Provided Images on Oracle Cloud Infrastructure (OCI) include a pre-installed set of utilities that are designed to facilitate configuration tasks for...

Events

Enterprise Development Platform founded on Oracle Linux and VirtualBox

"Tried, tested, and tuned for enterprise workloads, Oracle Linux is used by developers worldwide. Oracle Linux’s Yum server provides easy access to Linux developer and preview software channels. Thousands of EPEL packages have been built and signed by Oracle for security and compliance. Software collections include recent versions of Python, PHP, Node.js, nginx, and more. Oracle Cloud developer tools such as Terraform, SDKs, and CLI are available for improved experience. Oracle VM VirtualBox is the most popular cross-platform virtualization software. In this session learn about using Oracle Linux and Oracle VM VirtualBox as an enterprise development platform" Oracle Linux is a real Enterprise and Open Linux Distribution: It's free to use It's free to distribute It's free to update It's free to use just because the Oracle Linux ISOs can be downloaded and used for free, no subscription is required! It's free to distribute, because the software can be shared and installed on more and many different environment! It's free to update, because you can get access to all the updates by the Oracle Linux Yum Server and, again, no subscription is required! On Oracle Linux Yum Server you can also find channels dedicated to developers, like: Software Collection Library 3.0 for Oracle Linux 7 EPEL channel, with packages built and signed by Oracle for security and compliance Development channel, with packages dedicated to development utilities (like VirtualBox) and/or cloud utilities Oracle VM VirtualBox is the most popular cross-platform virtualization software; it allows to run any x86 Operating System on top on your laptop/desktop environment; it does not matter which OS you've installed on the Host, the same VirtualBox release is available for Linux, Windows and MacOS. By having Oracle VM VirtualBox installed on your host development platform you can really create a transparent layer that will get your Virtual Machines (dev environments) running on top, independent from the host operating system!   You can learn more about how your business can get advantage of those technologies during the Oracle Open World "Oracle Linux and Oracle VM VirtualBox: The Enterprise Development Platform" session at Oracle Open World on Monday, Oct 22, 9:00AM in room 152, Moscone South. To learn more about Oracle Linux and to speak with product experts, visit the Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase. See you there!

"Tried, tested, and tuned for enterprise workloads, Oracle Linux is used by developers worldwide. Oracle Linux’s Yum server provides easy access to Linux developer and preview software channels....

Events

Six Must-Attend Sessions at Oracle OpenWorld 2018

Building your Oracle OpenWorld 2018 schedule? You won't want to miss these six sessions. Our executives will share details on architecture and technical directions, the latest innovations, business strategies, and customer successes. You’ll come away with a better understanding of the unique capabilities Oracle Linux, Virtualization and other Oracle Infrastructure Technologies are delivering now and going forward – whether you want to deploy on premises, in the cloud or integrate between. Register now to ensure you have a seat!  Day/Time/Location    Session Title   Speakers Monday, Oct. 22     11:30 a.m. - 12:15 p.m. Moscone West - Room 2000 Oracle Linux: State of  the Penguin  [PRO4720] Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle 3:45 p.m. - 4:45 p.m. The Exchange @ Moscone South - The Arena Oracle's Systems Strategy for Cloud and On-Premises [PKN5901] Ali Alasti, Senior Vice President, Hardware Engineering, Oracle Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle Edward Screven, Chief Corporate Architect, Oracle Tuesday, Oct. 23     11:15 a.m. - 12:00 p.m. Moscone West - Room 2000 An Overview of Oracle Infrastructure Technologies in Oracle Cloud [PRO5904] Robert Shimp, Product Management Group Vice President - Oracle Linux, Virtualization and Linux and VM Development, Oracle Ajay Srivastava, Senior Vice President, Operating Systems and Virtualization, Oracle 11:30 a.m. - 12:15 p.m. Moscone West - Room 2009 Kubernetes, Docker, and Oracle Linux from On-Premises to Oracle Cloud with Ease [DEV6015] Wim Coekaerts, Senior Vice President, Operating Systems and Virtualization Engineering, Oracle Wednesday, Oct. 24     11:15 a.m. - 12:00 p.m.  Moscone West - Room 2000 The OS Factor: Advice for the Technology Buyer from IDC [BUS4729] Ashish Nadkarni, Research Director, IDC Karen Sigman, Vice President, Product and Partner Marketing, Oracle Thursday, Oct. 25     9:00 a.m. - 9:45 a.m.  Moscone West - Room 2003 Oracle Linux Is Really the Ideal Linux for Oracle Cloud Developers [DEV6017] Wim Coekaerts, SVP, Operating Systems and Virtualization Engineering, Oracle   To learn more about these sessions and to register, click on the session title above, in the search box enter the session code, click "+" to complete your registration. Visit and bookmark this Focus on Oracle Linux and Virtualization page to access the full list of our general sessions and hands-on labs. Check the Oracle Linux and Virtualization blogs regularly for news and updates. And, while at Oracle OpenWorld, be sure to stop by the Infrastructure Technologies showcase, booth #120, located in Moscone South (on the right side, just past the Autonomous Database showcase). Featuring Oracle Linux and Virtualization technologies, at the showcase you can experience demos, a virtual reality game, and speak with product experts and partners.  

Building your Oracle OpenWorld 2018 schedule? You won't want to miss these six sessions. Our executives will share details on architecture and technical directions, the latest innovations, business...

Events

Agile, reliable and secure DevOps with Oracle Linux and VirtualBox

Building an agile collaboration and communication between Development (Dev) and Operations (Ops) is one of the main goals of modern IT: deploying features into production quickly and, at the same time, detecting and correcting problems when they occur, without disrupting other services, can be obtained by a culture that puts a focus on creating a fast and stable workflow through development and IT operations. Results with a good DevOps approach: Faster time-to-market: Increase the frequency and accuracy of releases (the automation processes will give much more time to the people) Cost: reduce OPEX by automating processes; this will also prevent human errors and reduce downtime Focus on business: Allow employees to focus on high-value activities (that will also improve employees personal gratification) Oracle is, at the same time, one of the biggest players in both the Cloud and Software market and, so, DevOps is one of the most important components to grant us best results possible; infrastructure technologies we use at Oracle to build a stable and reliable workflow rely on both container and virtualization solutions. VirtualBox and Oracle Linux can help you to address most of the DevOps requirement in term of build, test and deploy; while Oracle Linux, with all its Enterprise Features, has been rated as the "Top Rated Operating System for Business", Oracle VM VirtualBox is the most famous, cross-platform, desktop virtualization solution available today. Those technologies, working with Vagrant, allow to automate and get a reliable, no human-error and reproducible environment in minutes; this is also why, some time ago, we created the official GitHub repository dedicated Vagrant Boxes for Oracle Products and projects, available at https://github.com/oracle/vagrant-boxes . You can learn more about how your business can get advantage of those technologies and their DevOps approach during the Oracle Code "Practical DevOps with Linux and Virtualization" session at Oracle Open World on Thursday, Oct 25, 10:00AM in room 2018, Moscone West. To learn more about Oracle Linux and to speak with product experts, visit the Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase. See you there!

Building an agile collaboration and communication between Development (Dev) and Operations (Ops) is one of the main goals of modern IT: deploying features into production quickly and, at the same...

Getting Started with the Unbreakable Enterprise Kernel Release 5 for Oracle Linux on Oracle Cloud Infrastructure

Oracle Linux images available on Oracle Cloud Infrastructure are frequently updated to help ensure access to the latest software. The latest Oracle Linux images provided in Oracle Cloud Infrastructure now include Oracle Linux 7 Update 5 with the Unbreakable Enterprise Kernel Release 5 (UEK R5). UEK R5 is an extensively tested and optimized Linux kernel designed for 64-bit (Intel x86_64) and ARM (aarch64) architectures and based on mainline version 4.14 LTS.  UEK R5 provides secure boot and performance optimization improvements, security and bug fixes, and driver updates. For details about UEK R5 improvements and more, visit these links: Announcing the General Availability of the Unbreakable Enterprise Kernel Release 5 Unbreakable Enterprise Kernel Release 5 for Oracle Linux 7 Oracle Linux Enterprise Kernel Release 5 – New Features and Change You can take advantage of the new UEK R5 enhancements by deploying the latest Oracle Linux images on Oracle Cloud Infrastructure. Simply create an instance with the latest Oracle Linux 7.5 image provided on the Oracle Cloud Infrastructure console, as shown in the following example: To upgrade your existing Oracle Linux instances to UEK R5 on Oracle Cloud Infrastructure, enable access to the ol7_UEKR5 channel on your Oracle Cloud Infrastructure region’s mirrored Oracle Linux yum server repository or the ol7_x86_64_UEKR5 channel on the Unbreakable Linux Network (ULN), and run the yum update command. After the upgrade, you will need to reboot and select the UEK5 kernel (version 4.14.35) if it is not the default boot kernel. The UEK R5 update is included with Oracle Linux Premier Support at no additional cost with your Oracle Cloud Infrastructure subscription. This includes access to the latest packages and updates, 24x7 expert support, the My Oracle Support portal with an extensive Linux knowledge base, Oracle Ksplice zero-downtime updates, and more. For more information, visit the following links: Oracle Linux Oracle Linux for Oracle Cloud Infrastructure Unbreakable Enterprise Kernel for Oracle Linux Release Notes for Unbreakable Enterprise Kernel Release 5 Getting Started: Oracle Linux for Oracle Cloud Infrastructure Guide

Oracle Linux images available on Oracle Cloud Infrastructure are frequently updated to help ensure access to the latest software. The latest Oracle Linux images provided in Oracle Cloud Infrastructure...

Events

Oracle Linux and Virtualization Hands-On Labs at Oracle OpenWorld

We have a great selection of hands-on labs for Oracle Linux and Virtualization at Oracle OpenWorld. To join the product experts for these sessions at the Marriott Marquis (Yerba Buena Level) - Salon 12/13, add the following six sessions to your Oracle OpenWorld calendar.   Session: Container Orchestration Using Oracle Linux (Kubernetes/Docker) - HOL6334 When: Monday October 22, 3.45 - 4.45pm Speaker: Avi Miller, Product Management Director, Oracle   Session: Build a High Availability Solution with Oracle Linux: Corosync/Pacemaker - HOL3137 When: Monday October 22, 5.15 - 6.15 pm Speaker: Jeff Savit, Director, Oracle   Session: Provide Zero Downtime Update for your Cloud Infrastructure - HOL6340 When: Wednesday October 24, 8:00  - 9:00 a.m Speaker: Christophe Pauliat, Oracle Solution Center Sales Consultant, Oracle; Simon Coter, Director of Product Management, Linux and Virtualization, Oracle   Session: Infrastructure as Code on Oracle Cloud Infrastructure with Terraform - HOL5139 When: Thursday October 25, 10:30 - 11:30 a.m Speaker: Simon Hayler, Sr Principal Technical Product Manager; Christophe Pauliat, Oracle Solution Center Sales Consultant, Oracle; Paul Bramy, CEO reloca; Matthieu Bordonne, Oracle Solution Center Sales Consultant   Session: Observing and Optimizing your Application on Oracle Linux with DTrace - HOL6339 When: Thursday October 25, 12.00 - 1.00pm Speaker: Jeff Savit, Director, Oracle   Session: Oracle Database 18c: Reliable DevOps with Vagrant, Oracle VM VirtualBox, and Oracle Linux - HOL6394 When: Thursday October 25, 1:30 - 2:30 p.m Speaker: Simon Coter, Director of Product Management, Linux and Virtualization, Oracle; Gerald Venzl, Senior Principal Product Manager, Oracle   At Oracle OpenWorld, to learn more about Oracle Linux and Virtualization, visit the Oracle Infrastructure Technologies showcase, booth #120, located in Moscone South, on the right side, just past the Autonomous Database showcase.

We have a great selection of hands-on labs for Oracle Linux and Virtualization at Oracle OpenWorld. To join the product experts for these sessions at the Marriott Marquis (Yerba Buena Level) -...

Events

Live Webinar: Secure and Agile Orchestration for Docker Containers

Live Webinar Oracle Webinar: Secure and Agile Orchestration for Docker Containers Europe, Middle East, Africa - October 9, 2018 10:00 AM BST/ 11:00 AM CEST/ 11:00 AM SAST/ 1:00 PM GST North America, Canada - October 9, 2018 12:00 PM PDT/ 3:00 PM EDT Asia Pacific and Japan–9 October, 2018 10:30 am IST/ 1:00 PM SGT/ 4:00 PM AEDT     Oracle Webinar: Secure and Agile Orchestration for Docker Containers     The goal of orchestration is to streamline and optimise frequent, repeatable processes to ensure accurate, speedier deployment of software–because companies know that the shorter the time-to-market, the more likely that success will follow.  Attend this webinar:  To understand how to build a secure and agile production environment by leveraging Docker containers and Kubernetes orchestration.  Learn about Oracle Container Services for use with Kubernetes which provides a comprehensive container and orchestration environment for the delivery of microservices and next generation application development.  Watch a demonstration of how to use Vagrant and VirtualBox to automatically deploy a Kubernetes cluster.  There will be a live Q&A at the end of the webinar.   Featured Speaker     Avi Miller Product Management Director  Oracle Linux and Virtualization  Stay Connected                        

Live Webinar Oracle Webinar: Secure and Agile Orchestration for Docker Containers Europe, Middle East, Africa - October 9, 2018 10:00 AM BST/ 11:00 AM CEST/ 11:00 AM SAST/ 1:00 PM GST North America,...

Announcements

Action required: Replacement of SSL certificates for the Unbreakable Linux Network

Oracle is replacing Symantec-branded certificates with Digicert-branded certificates across all of its infrastructure to prevent trust warnings once the Symantec root certificate authority is removed from several web browsers, including Firefox and Chrome. Immediate action required before October 9, 2018 Due to the nature of how Oracle Linux systems connect to Unbreakable Linux Network (ULN), this change requires that client certificates on all Oracle Linux systems directly subscribed to and receiving updates from ULN be updated. This does not affect Oracle Linux systems that are managed by Oracle Enterprise Manager or are subscribed to a local Spacewalk instance. The change in server certificates on ULN will occur on October 9, 2018. After that time, Oracle Linux systems will only be able to connect to ULN with an updated client certificate. Please make sure to update the packages listed at the end of this announcement on all servers that are registered directly to ULN before October 9, 2018. What happens if I can't update before October 9, 2018? If you are unable to update to the packages listed below before October 9, 2018, you will be unable to connect to ULN and will receive one of the following errors: The certificate /usr/share/rhn/ULN-CA-CERT is expired. Please ensure you have the correct certificate and your system time is correct. OR There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] A common cause of this error is the system time being incorrect. Verify that the time on this system is correct. Resolution: Manually replace the SSL certificate To manually replace the client SSL certificate on an Oracle Linux machine, run the following steps as root on each server: # cp /usr/share/rhn/ULN-CA-CERT /usr/share/rhn/ULN-CA-CERT.old # wget https://linux-update.oracle.com/rpms/ULN-CA-CERT.sha2 # cp ULN-CA-CERT.sha2 /usr/share/rhn/ULN-CA-CERT After this file has been updated you can continue using ULN as normal. After making this manual replacement, connectivity to ULN should be restored. The packages below should then be updated as part of your standard patching cycle. If you have any questions about this update please feel free to contact the ULN team via uln-info_us@oracle.com. Packages to be updated Oracle Linux 7 rhn-client-tools-2.0.2-21.0.9.el7.noarch.rpm rhn-setup-2.0.2-21.0.9.el7.noarch.rpm rhn-check-2.0.2-21.0.9.el7.noarch.rpm rhn-setup-gnome-2.0.2-21.0.9.el7.noarch.rpm (only required if a previous version is already installed) Oracle Linux 6 rhn-setup-1.0.0.1-45.0.3.el6.noarch.rpm rhn-client-tools-1.0.0.1-45.0.3.el6.noarch.rpm rhn-check-1.0.0.1-45.0.3.el6.noarch.rpm rhn-setup-gnome-1.0.0.1-45.0.3.el6.noarch.rpm (only required if a previous version is already installed) Oracle Linux 5 x86_64 up2date-5.10.1-41.30.el5.x86_64.rpm up2date-gnome-5.10.1-41.30.el5.x86_64.rpm (only required if a previous version is already installed) i386 up2date-5.10.1-41.30.el5.i386.rpm up2date-gnome-5.10.1-41.30.el5.i386.rpm (only required if a previous version is already installed) ia64 up2date-5.10.1-41.30.el5.ia64.rpm up2date-gnome-5.10.1-41.30.el5.ia64.rpm (only required if a previous version is already installed)

Oracle is replacing Symantec-branded certificates with Digicert-branded certificates across all of its infrastructure to prevent trust warnings once the Symantec root certificate authority is removed...

Events

Discover why Oracle Linux is top-rated operating system for business

In May 2017, IT Central Station's readers were asked to rank operating systems and based on those reviews, Oracle Linux was named the 2017 top operating system for business purposes. It can often be difficult to compare the value of one operating system over another. Pricing is obviously an important consideration, but there are so many other factors that should be considered when making such a fundamental platform decision. From the beginning, Oracle Linux was designed to provide a simpler way for Oracle customers to get full-stack support from the operating system to the application from an enterprise-class vendor that understands not just operating system, but all the really important things our customers actually need to run, like databases, middleware, applications and more recently, virtual machines and containers. To help ensure the most value for our customers, we've added additional components and products to Oracle Linux without increasing complexity. One of our customers that saw the biggest increases in efficiency and performance after migrating to Oracle Linux is Intel and this year at OpenWorld, they will be presenting the fascinating story of how they migrated their production, mission-critical manufacturing databases from Microsoft Windows to Oracle Linux with no outages or downtime. You'll also learn about the significant performance increase they gained on exactly the same hardware. To discover the value Oracle Linux can deliver for your organization, visit oracle.com/linux to connect with our global Oracle Linux sales team to schedule a customized workshop tailored specifically for you. Coming to Oracle OpenWorld? I will be giving a brief tour of all the other add-on packages that are supported on Oracle Linux at no extra cost and then introducing Intel at the "Why Choose Oracle Linux: The Value of Enterprise Linux" session on Monday, October 22nd at 5:45pm in Room 2000, Moscone West. You can also learn more about Oracle Linux directly from the product experts by visiting the Oracle Infrastructure Technologies showcase (booth #120) in Moscone South next to the Arena and just past the Autonomous Database showcase.

In May 2017, IT Central Station's readers were asked to rank operating systems and based on those reviews, Oracle Linux was named the 2017 top operating system for business purposes. It can often be...

Linux

A selection of OpenWorld sessions on Oracle Linux and Oracle VM

  Oracle OpenWorld 2018 is only a few weeks away! There are many sessions on Oracle Linux and Oracle VM, and here are a few technical sessions you may find interesting: Tips for Securing Your Cloud Infrastructure, Jan Hendrik Mangold, Jeff Savit [TIP4727], Monday 9:00 a.m. - 9:45 a.m., with products, tools and techniques for security. Perform In-Place Upgrade for Large-Scale Cloud Infrastructure, Jeff Savit, Jeffery Yoder, Rodolfo Martinez [CAS5088], Monday 3:45 p.m. - 4:30 p.m., with real world experiences on maintaining and upgrading an extremely large production Oracle VM environment. Maximize Performance with Oracle Linux and Oracle VM, Greg Marsden, Jeff Savit, Kevin Tribbey [TIP4725], Tuesday 5:45 p.m. - 6:30 p.m., with features of Oracle Linux, including DTrace, that enhance performance. Build a High Availability Solution with Oracle Linux: Corosync/Pacemaker, Jeff Savit [HOL3137] Hands-on lab for clustered Oracle Linux under VirtualBox, using Corosync and Pacemeker, Monday 5:15 p.m. - 6:15 p.m. Observing and Optimizing Your Application on Oracle Linux with DTrace, Jeff Savit [HOL6339] Hands-on lab introducing DTrace on Oracle Linux, Thursday noon to 1:00pm. These are sessions I will be at, so I hope you attend and find them useful. To learn more, visit the Oracle Infrastructure Technologies showcase featuring Oracle Linux and Virtualization technologies, booth #120, located in Moscone South (on the right side, just past the Autonomous Database showcase), where you can experience demos, a virtual reality game, and speak with product experts and partners.          

  Oracle OpenWorld 2018 is only a few weeks away! There are many sessions on Oracle Linux and Oracle VM, and here are a few technical sessions you may find interesting: Tips for Securing Your Cloud...

Events

Oracle Linux at Oracle OpenWorld 2018

Oracle OpenWorld 2018, in San Francisco, CA, is less than a month away! To help you plan your schedule below is the lineup of Oracle Linux sessions. The highlighted sessions are ones in which you’ll hear from our executives. This year’s content includes product roadmaps, tips and tricks, product training, customer case studies, and business use cases to enrich your learning experience. Remember to register ahead of time to make sure you have a seat. At the conference, you’ll also have the opportunity to connect with other Oracle customers, product experts, and partners, to help you make the most of your time. Read on and fill up your schedule now. The Sessions: Monday, Oct 22: Tips for Securing Your Cloud Infrastructure, Jan Hendrik Mangold, Jeff Savit [TIP4727], 9:00 a.m. - 9:45 a.m. Oracle Linux and Oracle VM: Get Trained for Cloud, Hybrid, and On-Premises, Avi Miller, Anotinette O’Sullivan [TRN5828], 10:30 a.m. - 11:15 a.m. -- more from Antoinette Oracle Linux: State of the Penguin, Wim Coekaerts [PRO4720], 11:30 a.m. - 12:15 p.m. Automating Workload Migration to Oracle Cloud Infrastructure, Simon Coter, Gilson Melo, Alessandr Pilotti [PRO5796], 12:30 p.m. - 1:15 p.m. Oracle’s Systems Strategy for Cloud and On-Premises, Ali Alasti, Wim Coekaerts, Edward Screven [PKN5901], 3:45 p.m. - 4:45 p.m. Perform In-Place Upgrade for Large-Scale Cloud Infrastructure, Jeff Savit, Jeffery Yoder, Rodolfo Martinez [CAS5088], 3:45 p.m. - 4:30 p.m. Why Choose Oracle Linux: The Value of Enterprise Linux, Deepen Chakraborty, Avi Miller [CAS4726], 5:45 p.m. - 6:30 p.m.  Tuesday, Oct 23: An Overview of Oracle Infrastructure Technologies in Oracle Cloud, Robert Shimp, Ajay Srivastava [PRO5904], 11:15 a.m. - 12:00 p.m.  Kubernetes, Docker, and Oracle Linux from On-Premises to Oracle Cloud with Ease, Wim Coekaerts [DEV6015], 11:30 a.m. - 12:15 p.m.  Best Practices: Oracle Linux and Oracle VM in Oracle Cloud Infrastructure, Julie Wong, Simon Coter [PRO4721], 4:45 p.m. - 5:30 p.m. Maximize Performance with Oracle Linux and Oracle VM, Greg Marsden, Jeff Savit, Kevin Tribbey [TIP4725], 5:45 p.m. - 6:30 p.m.  Wednesday, Oct 24: The OS Factor: Advice for the Technology Buyer from IDC, Karen Sigman, Ashish Nadkarni [BUS4729], 11:15 a.m. - 12:00 p.m. Secure and Agile Orchestration for Linux Containers, Avi Miller [TRN4723], 12:30 p.m. - 1:15 p.m. -- more from Avi The Emergence of New Threats: A Look at Spectre and Meltdown, Greg Marsden, Bruce Lowental [TIP3992], 4:45 p.m. - 5:30 p.m.  Thursday, Oct 25: Oracle Linux is really the ideal Linux for Oracle Cloud Developers, Wim Coekaerts [DEV6017], 9:00 a.m. - 9:45 a.m.  Build an ARM64-Based Solution with Oracle Linux, Honglin Su, Michele Resta [PRM4722], 9:00 a.m. - 9:45 a.m.  Practical DevOps with Linux and Virtualization, Simon Coter [DEV5029], 10:00 a.m. - 10:45 a.m.  Embrace Open Source Projects on GitHub for Cloud Automation, Avi Miller, Simon Coter [TIP5795], 12:00 p.m. - 12:45 p.m.  Why Oracle Linux is the Best Platform for Oracle Database and Oracle Cloud, Dhaval Giani [PRO5797], 1:00 p.m. - 1:45 p.m.  Accelerate Your Business with Machine Learning and Oracle Linux, Joost Pronk Van Hoogeveen, Simon Coter [PRO4731], 2:00 p.m. - 2:45 p.m. Add these sessions to your schedule and don't forget to bookmark our Focus on Oracle Linux and Virtualization page. And, there’s more…   The Showcase, Moscone South – Booth #120 Make sure to find time to visit the Oracle Infrastructure Technologies showcase featuring Oracle Linux and Virtualization technologies, booth #120, located in Moscone South (on the right side, just past the Autonomous Database showcase), where you can learn more about Oracle Linux, experience demos, a virtual reality game, and speak with product experts and partners. #OOW18 is sure to be an informative event. Stay tuned to this blog for more information on sessions, Hands-on Labs (HOLs), and more, in the coming days. We look forward to sharing this open world with you!

Oracle OpenWorld 2018, in San Francisco, CA, is less than a month away! To help you plan your schedule below is the lineup of Oracle Linux sessions. The highlighted sessions are ones in which you’ll...

Events

Building an open container native platform with Oracle Linux

In today's modern world of cloud-first development and container native deployment, building the infrastructure to support all of your business requirements can be complex. Going with an "all-in-one" product can seem attractive, even at the cost of locking you into that vendor. At Oracle, we're committed to letting our customers build their cloud, their way. Our goal is to provide maximum choice with all components based on open technologies. Whether your goal is to better manage and predict your IT costs while keeping pace with business demands or your developers expect the latest technology and rapid provisioning, Oracle has a solution that will fit. You can choose to migrate your workloads to Oracle Cloud and take advantage of industry leading IaaS and PaaS options, bring Oracle Cloud services into your data center with Cloud at Customer or build your own private cloud using Oracle Linux as the foundation. Oracle has years of experience with providing container-based solutions and most of our flagship products are available as container images. We also provide container runtime and orchestration tools at no extra cost with an Oracle Linux Premier support subscription. You can learn more about how your business can take advantage of these tools during the Secure and Agile Orchestration for Linux Containers session at Oracle OpenWorld on Wednesday, October 24th at 12:30pm in Room 2000, Moscone West.

In today's modern world of cloud-first development and container native deployment, building the infrastructure to support all of your business requirements can be complex. Going with an "all-in-one"...

Linux

Oracle Instant Client RPMs Now Available on Oracle Linux Yum Servers in OCI

Today we added Oracle Instant Client to the Oracle Cloud Infrastructure (OCI) yum mirrors. This makes developing Oracle Database-based apps on OCI a breeze. Previously, installing Oracle Instant Client required either registering a system with ULN or downloading from OTN, each with manual steps to accept license terms. Now you can simply use yum install directly from Oracle Linux running in OCI. See this tutorial on the Oracle Developer blog for an example that connects a Node.js app running on an OCI instance to an Autonomous Transaction Processing (ATP) Database. Getting Oracle Instant Client RPMs From Your Local OCI Yum Mirror Grab the latest version of the repo defintion from the yum server local to your region as follows: cd /etc/yum.repos.d sudo mv public-yum-ol7.repo public-yum-ol7.repo.bak export REGION=`curl http://169.254.169.254/opc/v1/instance/ -s | jq -r '.region'| cut -d '-' -f 2` sudo -E wget http://yum-$REGION.oracle.com/yum-$REGION-ol7.repo Enable the ol7_oci_included repo: sudo yum-config-manager --enable ol7_oci_included Behold! $ yum list oracle-instantclient* Loaded plugins: langpacks, ulninfo Installed Packages oracle-instantclient12.2-basic.x86_64 12.2.0.1.0-1 @ol7_oci_included Available Packages oracle-instantclient12.2-basiclite.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-devel.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-jdbc.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-odbc.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-precomp.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-sqlplus.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient12.2-tools.x86_64 12.2.0.1.0-1 ol7_oci_included oracle-instantclient18.3-basic.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-basiclite.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-devel.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-jdbc.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-odbc.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-precomp.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-sqlplus.x86_64 18.3.0.0.0-1 ol7_oci_included oracle-instantclient18.3-tools.x86_64 18.3.0.0.0-1 ol7_oci_included $ Try it Yourself If you want to give this a try, read the end-to-end example here.

Today we added Oracle Instant Client to the Oracle Cloud Infrastructure (OCI) yum mirrors. This makes developing Oracle Database-based apps on OCI a breeze. Previously, installing Oracle Instant...

Announcements

Announcing the developer preview of Oracle Container Services 1.1.10 for use with Kubernetes

Oracle is pleased to announce the the developer preview release of Oracle Container Services 1.1.10 for use with Kubernetes®. This release maintains Oracle's commitment to conformance with the upstream project and is Certified Kubernetes by the Cloud Native Computing Foundation (CNCF). Release Information Oracle Container Services 1.1.10 for use with Kubernetes is based on Kubernetes version 1.10, as released upstream. It is available for Oracle Linux 7 and is designed to integrate with the Oracle Container Runtime for Docker. Oracle Container Services for use with Kubernetes runs in a series of Docker containers and these images are available from the new "Container Services (Developer)" section of the Oracle Container Registry. Oracle has provided and tested a setup and configuration script that takes advantage of the kubeadm cluster configuration utility. This setup script eases configuration and setup on Oracle Linux and provides additional support for backup and recovery. Installation Oracle Container Services 1.1.10 for use with Kubernetes is free to download from Oracle Linux 7 Developer Channel on the Oracle Linux yum server. You can use the standard yum update command to perform an upgrade, however Oracle does not support Kubernetes on systems where the ol7_preview, ol7_developer, or ol7_developer_EPEL yum repositories or ULN channels are enabled, or where software from these repositories, or channels, is currently installed on the systems where Kubernetes runs. Kubernetes® is a registered trademark of The Linux Foundation in the United States and other countries, and is used pursuant to a license from The Linux Foundation. Resources – Oracle Linux Documentation Oracle Linux Software Download Oracle Linux Oracle Container Registry Blogs Oracle Linux Blog Oracle Ksplice Blog Oracle Linux Kernel Development Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - https://oracle.com/education/linux For community-based support, please visit the Oracle Linux space on the Oracle Technology Network Community.

Oracle is pleased to announce the the developer preview release of Oracle Container Services 1.1.10 for use with Kubernetes®. This release maintains Oracle's commitment to conformance with...

Announcements

Announcing Oracle Container Runtime for Docker Release 18.03

Oracle is pleased to announce the release of Oracle Container Runtime for Docker version 18.03. Oracle Container Runtime allows you to create and distribute applications across Oracle Linux systems and other operating systems that support Docker. Oracle Container Runtime for Docker consists of the Docker Engine, which packages and runs the applications, and integrates with the Docker Hub, Docker Store and Oracle Container Registry to share the applications in a Software-as-a-Service (SaaS) cloud. Notable Updates Oracle has implemented multi-registry support that makes it possible to run the daemon with the --add-registry flag, to include a list of additional registries to query when performing a pull operation. This functionality, currently available as a technology preview, enables Oracle Container Runtime for Docker to use the Oracle Container Registry as the default registry to search for container images, before falling back to alternate registry sources such as a local mirror, the Docker Hub or Docker Store. Other functionality available in this feature includes the --block-registry flag which can be used to prevent access to a particular Docker registry. Registry lists ensure that all images are prefixed with their source registry automatically, so that a listing of Docker images always indicates the source registry from which an image was pulled.   Docker 18.03 introduces enhancements that allow for better integration with Kubernetes orchestration as an alternative to Docker Swarm, including changes to follow namespace conventions used across a variety of other containerization projects.   The Dockerfile can also now exist outside of the build-context, allowing you to store Dockerfiles together and to reference their paths in the docker build command on stdin.   Several improvements to logging and access to docker logs have been added, including the --until flag to limit the log lines to those that occurred before the specified timestamp.   Experimental Docker trust management commands have been added to better handle trust management on Docker images. See the docker trust command for more information. Upgrading To learn how to upgrade from a previously supported version of Oracle Container Runtime for Docker, please review the Upgrading Oracle Container Runtime for Docker chapter of the documentation. Note that upgrading from a developer preview release is not supported by Oracle. Support Support for the Oracle Container Runtime for Docker is available to customers with an Oracle Linux Premier support subscription. Refer to Oracle Linux 7 License Information User Manual for information about Oracle Linux support levels. Oracle Linux Resources: Documentation Oracle Linux Software Download Oracle Linux Oracle Container Registry Blogs Oracle Linux Blog Oracle Ksplice Blog Oracle Mainline Linux Kernel Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - https://oracle.com/education/linux For community-based support, please visit the Oracle Linux space on the Oracle Developer Community.

Oracle is pleased to announce the release of Oracle Container Runtime for Docker version 18.03. Oracle Container Runtime allows you to create and distribute applications across Oracle Linux systems...

Announcements

Announcing Oracle OpenStack Release 5.0

We are pleased to announce the release of Oracle OpenStack 5.0, based on the upstream Queens release. Oracle OpenStack 5.0 includes support for the KVM hypervisor included with the Unbreakable Enterprise Kernel Release 5 for Oracle Linux 7. What's New Support for OpenStack Queens  For more than two years, beginning with the Kilo release, Oracle OpenStack has deployed the OpenStack control plane in Docker containers, enabling simple, scalable, and reliable deployment, updates, and upgrades of OpenStack services. The Oracle OpenStack containers have been updated to the upstream Queens release. New Capabilities: In-place upgrade: easily upgrade Oracle OpenStack Release 4 (Pike) to Release 5 (Queens) without requiring additional hardware. This can either be done service by service or all at once with a single command, with no instance downtime. Newly Supported Services Ironic (Bare Metal-as-a-Service): enables users to deploy the workload onto a physical machine instead of a virtualized instance on a hypervisor. Users of the OpenStack Compute API can launch a bare metal server instance in the same way that they can currently launch a VM instance. Telemetry and monitoring tools: offers services including Ceilometer - a data collection service, Aodh - an alarming service, and Gnocchi - a time-series database and resource indexing service These tools enable applications such as metering, monitoring, alarming and billing. Designate: provides a multitenant DNS-as-a-Service for OpenStack. It can be configured to auto-generate records based on Nova and Neutron actions. Enhancements: Deployment Configuration Flexibility Secure-by-default configuration of TLS:  automatically installs trusted certificates, or generates and installs self-signed certificates to protect API endpoints. Reset-to-defaults: enables quick, automated iterations when testing various deployment configurations. Cinder Block Storage Services** Block storage multi-attach: attach a volume to multiple VMs to enable highly available clustered filesystems, such as ASM for Oracle Real Application Clusters (Oracle RAC). Ceph Luminous support: for Cinder backend and Cinder backup. NFS support: for volume backup, providing a flexible and economical solution for development and test environments. Nova Compute Services** Libvirt compute driver: enables a new block storage multi-attach feature in Cinder, critical for highly available, mission critical workloads such as Oracle RAC. Neutron Networking Service: Infoblox IPAM plugin integration: provides an interface from Neutron to the Infoblox DDI Appliance. The Infoblox DDI Appliance is a leading DNS / DHCP / IPAM solution for the enterprise and service providers. Keystone Identity Service Application Credentials: enables finer-grained access control. Glance Image Service Shared storage: is automatically configured for Glance, if available when using the file backend. ** Oracle has supported multi-attach Cinder/Nova capabilities for the automated deployment for Oracle RAC and Oracle Database 12c single instance since Release 4 (Pike). The OpenStack community incorporated these capabilities with the Queens release. Tech Preview Features: Terraform for Oracle Database 12c single instance: Terraform is an alternative option to the Murano service for automated deployment for Oracle Database 12c single instance. Some of the advantages of Terraform: Excellent portability and cloud agnostic: A single and universal tool for describing infrastructure for OpenStack, Oracle Cloud Infrastructure or any other public/private cloud. Enhanced troubleshooting capability: enables the progress of the Oracle Database 12c deployment script to be followed and its output viewed. Magnum (Container-as-a-Service): is an OpenStack API service making container orchestration engines (COE) such as Docker Swarm, Kubernetes and Apache Mesos available as first-class resources in OpenStack. Magnum uses Heat to orchestrate an OS image which contains Docker and COE and runs that image in either virtual machines or bare metal in a cluster configuration. OpenStack Community Contributions Oracle has been actively contributing to Nova, Cinder, Kolla, Murano, Oslo, and many other projects. All Oracle enhancements are contributed upstream and are freely available for anyone to use. Below are a few examples of Oracle code contributions available upstream for the Queens release. Kolla provides production-ready containers and deployment tools for operating OpenStack clouds. Oracle developed and contributed a command line interface called kollacli to Kolla. Kollacli provides a simple, intuitive and consistent user interface for driving kolla-ansible deployments. Multi-attach support for Nova/Cinder block device. This is required to support shared storage for Oracle RAC and other solutions that require shared storage. MySQL Cluster NDB: To address OpenStack scaling issues, Oracle OpenStack employs MySQL Cluster with NDB storage engine for the database backend. Oracle has contributed upstream enhancements to OpenStack services to help ensure they are using the oslo.db framework when doing database creations, upgrades, and migrations. Murano service: Oracle contributed numerous new features and bug fixes Product Life Cycle Support Support for Oracle OpenStack is included, at no additional cost, as part of Oracle Premier Support for Oracle Linux or Oracle Premier Support for Systems. Software Download  Download Oracle OpenStack Docker images from either the Oracle Container Registry, Docker Hub or Oracle Software Delivery Cloud. Please refer to chapters 2 through 4 of the Installation and Deployment Guide, available in the Oracle Documentation Library, for important steps to take prior to downloading the Docker images. Oracle Linux software packages required to deploy Oracle OpenStack are available from the Oracle Linux yum server and from the Unbreakable Linux Network (ULN). Resources Documentation: Release notes, Installation and Configuration Guide Application Deployment Guide Data Sheets, Podcast, Videos Oracle OpenStack Community Pages Product Training and Education Training from Oracle University:  Oracle OpenStack: Administration Essentials Ed 1 NEW Administration Essentials teaches students about essential OpenStack services for creating and managing cloud resources as a cloud administrator and identifies tasks cloud operators perform. Oracle OpenStack: Getting Started Ed 1 Getting Started teaches students that are new to OpenStack about this cloud computing architecture, core and optional services, Docker images and containers, a multi-node deployment, and troubleshooting deployments.

We are pleased to announce the release of Oracle OpenStack 5.0, based on the upstream Queens release. Oracle OpenStack 5.0 includes support for the KVM hypervisor included with the...

Linux Kernel Development

A Musical Tour of Hints and Tools for Debugging Host Networks

Shannon Nelson from the Oracle Linux Kernel Development team offers these tips and tricks to help make host network diagnostics easier. He also includes a recommended playlist for accompanying your debugging!   Ain't Misbehavin' (Dinah Washington) As with many debugging situations, digging into and resolving a network-based problem can seem like a lot of pure guess and magic.  In the networking realm, not only do we have the host system's processes and configurations to contend with, but also the exciting and often frustrating asynchronicity of network traffic. Some of the problems that can trigger a debug session are reports of lost packets, corrupt data, poor performance, even random system crashes.  Not always do these end up as actual network problems, but as soon as the customer mentions anything about their wiring rack or routers, the network engineer is brought in and put on the spot. This post is intended not as a full how-to in debugging any particular network issue, but more a set of some of the tips and tools that we use when investigating network misbehavior. Start Me Up (The Rolling Stones) In order to even get started, and probably the most important debugging tool available, is a concise and clear description of what is happening that shouldn't happen.  This is harder to get than one might think.  You know what I mean, right?  The customer might give us anything from "it's broken" to the 3 page dissertation of everything but the actual problem. We start gathering a clearer description by asking simple questions that should be easy to answer.  Things like: Who found it, who is the engineering contact? Exactly what equipment was it running on? When/how often does this happen? What machines/configurations/NICs/etc are involved? Do all such machines have this problem, or only one or two? Are there routers and/or switches involved? Are there Virtual Machines, Virtual Functions, or Containers involved? Are there macvlans, bridges, bonds or teams involved? Are there any network offloads involved? With this information, we should be able to write our own description of the problem and see if the customer agrees with our summary.  Once we can refine that, we should have a better idea of what needs to be looked into. Some of the most valuable tools for getting this information are simple user commands that the user can do on the misbehaving systems.  These should help detail what actual NICs and drivers are on the system and how they might be connected. uname -a - This is an excellent way to start, if nothing else but to get a basic idea of what the system is and how old is the kernel being used.  This can catch the case where the customer isn't running a supported kernel. These next few are good for finding what all is on the system and how they are connected: ip addr, ip link - these are good for getting a view of the network ports that are configured, and perhaps point out devices that are either offline or not set to the right address.  These can also give a hint as to what bonds or teams might be in place.  These replace the deprecated "ifconfig" command. ip route - shows what network devices are going to handle outgoing packets.  This is mostly useful on systems with many network ports. This replaces the deprecated "route" command and the similar "netstat -rn". brctl show - lists software bridges set up and what devices are connected to them. netstat -i - gives a summary list of the interfaces and their basic statistics. These are also available with "ip -s link", just formatted differently. lseth - this is a non-standard command that gives a nice summary combining a lot of the output from the above commands.  (See http://vcojot.blogspot.com/2015/11/introducing-lsethlsnet.html) Watchin' the Detectives (Elvis Costello) Once we have an idea which particular device is involved, the following commands can help gather more information about that device.  This can get us an initial clue as to whether or not the device is configured in a generally healthy way. ethtool <ethX> - lists driver and connection attributes such as current speed connection and if link is detected. ethtool -i <ethX> - lists device driver information, including kernel driver and firmware versions, useful for being sure the customer is working with the right software; and PCIe device bus address, good for tracking the low level system hardware interface. ethtool -l <ethX> - shows the number of Tx and Rx queues that are setup, which usually should match the number of CPU cores to be used. ethtool -g <ethX> - shows the number of packet buffers for each Tx and Rx queue; too many and we're wasting memory, too few and we risk dropping packets under heavy throughput pressure. lspci -s <bus:dev:func> -vv - lists detailed information about the NIC hardware and its attributes. You can get the interface's <bus:dev:func> from "ethtool -i". Diary (Bread) The system logfiles usually have some good clues in them as to what may have happened around the time of the issue being investigated.  "dmesg" gives the direct kernel log messages, but beware that it is a limited sized buffer that can get overrun and loose history over time. In older Linux distributions the systems logs are found in /var/log, most usefully in either /var/log/messages or /var/log/syslog, while newer "systemd" based systems use "journalctl" for accessing log messages. Either way, there are often interesting traces to be found that can help describe the behavior. One thing to watch out for is that when the customer sends a log extract, it usually isn't enough.  Too often they will capture something like the kernel panic message, but not the few lines before that show what led up to the panic.  Much more useful is a copy of the full logfile, or at least something with several hours of log before the event. Once we have the full file, it can be searched for error messages, any log messages with the ethX name or the PCI device address, to look for more hints.  Sometimes just scanning through the file shows patterns of behavior that can be related. Fakin' It (Simon & Garfunkel) With the information gathered so far, we should have a chance at creating a simple reproducer.  Much of the time we can't go poking at the customer's running systems, but need to demonstrate the problem and the fix on our own lab systems.  Of course we don't have the same environment, but with a concise enough problem description we stand a good chance of finding a simple case that shows the same behavior. Some traffic generator tools that help in reproducing the issues include: ping - send one or a few packets, or send a packet flood to a NIC.  It has flags for size, timing, and other send parameters. iperf - good for heavy traffic exercise, and can run several in parallel to get a better RSS spread on the receiver. pktgen - this kernel module can be used to generate much more traffic than user level programs, in part because the packets don't have to traverse the sender's network stack.  There are also several options for packet shapes and throughput rates. scapy - this is a Python tool that allows scripting of specially crafted packets, useful in making sure certain data patterns are exactly what you need for a particular test. All Along the Watchtower (The Jimi Hendrix Experience) With our own model of the problem, we can start looking deeper into the system to see what is happening: looking at throughput statistics and watching actual packet contents.  Easy statistic gathering can come from these tools: ethtool -S <ethX> - most NIC device drivers offer Tx and Rx packets counts, as well as error data, through the '-S' option of ethtool.  This device specific information is a good window into what the NIC thinks it is doing, and can show when the NIC sees low level issues, including malformed packets and bad checksums. netstat -s <ethX> - this gives protocol statistics from the upper networking stack, such as TCP connections, segments retransmitted, and other related counters. ip -s link show <ethX> - another method for getting a summary of traffic counters, including some dropped packets. grep <ethX> /proc/interrupts - looking at the interrupt counters can give a better idea of how well the processing is getting spread across the available CPU cores.  For some loads, we can expect a wide dispersal, and other loads might end up with one core more heavily loaded that others. /proc/net/* - there are lots of data files exposed by the kernel networking stack available here that can show many different aspects of the network stack operations. Many of the command line utilities get their info directly from these files. Sometimes it is handy to write your own scripts to pull the very specific data that you need from these files. watch - The above tools give a snapshot of the current status, but sometimes we need to get a better idea of how things are working over time.  The "watch" utility can help here by repeatedly running the snapshot command and displaying the output, even highlighting where things have changed since the last snapshot.  Example uses include: # See the interrupt activity as it happens watch "grep ethX /proc/interrupts" # Watch all of the NIC's non-zero stats watch "ethtool -S ethX | grep -v ': 0'" Also useful for catching data in flight is tcpdump and its cousins wireshark and tcpreplay.  These are invaluable in catching packets from the wire, dissecting what exactly got sent and received, and replaying the conversation for testing.  These have whole tutorials in and of themselves so I won't detail them here, but here's an example of tcpdump output from a single network packet: 23:12:47.471622 IP (tos 0x0, ttl 64, id 48247, offset 0, flags [DF], proto TCP (6), length 52) 14.0.0.70.ssh > 14.0.0.52.37594: Flags [F.], cksum 0x063a (correct), seq 2358, ack 2055, win 294, options [nop,nop,TS val 2146211557 ecr 3646050837], length 0 0x0000: 4500 0034 bc77 4000 4006 61d3 0e00 0046 0x0010: 0e00 0034 0016 92da 21a8 b78a af9a f4ea 0x0020: 8011 0126 063a 0000 0101 080a 7fec 96e5 0x0030: d952 5215 Photographs and Memories (Jim Croce) Once we've made it this far and we have some idea that it might be a particular network device driver issue, we can do a little research into the history of the driver.  A good web search is an invaluable friend. For example, a web search for "bnxt_en dropping packets" brings up some references to a bugfix for the Nitro A0 hardware - perhaps this is related to a packet drop problem we are seeing? If we have a clone of the Linux kernel git repository, we can do a search through the patch history for key words.  If there's something odd happening with macvlan filters, this will point out some patches that might be related to the issue.  For example, here's a macvlan issue with driver resets that was fixed upstream in v4.18: $ git log --oneline drivers/net/ethernet/intel/ixgbe | grep -i macvlan | grep -i reset 8315ef6 ixgbe: Avoid performing unnecessary resets for macvlan offload e251ecf ixgbe: clean macvlan MAC filter table on VF reset   $ git describe --contains 8315ef6 v4.18-rc1~114^2~380^2 Reelin' In the Years (Steely Dan) A couple of examples can show a little of how these tools have been used in real life.  Of course, it's never as easy as it sounds when you're in the middle of it. lost/broken packets with TSO from sunvnet through bridge When doing some performance testing on the sunvnet network driver, a virtual NIC in the SPARC Linux kernel, we found that enabling TSO actually significantly hurt throughput, rather than helping, when going out to a remote system.  After using netstat and ethtool -S to find that there were a lot of lost packets and retries through the base machine's physical, we used tcpdump on the NIC and at various points in the internal software bridge to find where packets were getting broken and dropped.  We also found comments in the netdev mailing list about an issue with TSO'd packets getting messed up when going into the software bridge.  We turned off TSO for packets headed into the host bridge and the performance issue was fixed. log file points out misbehaving process In a case where NIC hardware was randomly freezing up on several servers, we found that a compute service daemon had recently been updated with a broken version that would immediately die and restart several times a second on scores of servers at the same time, and was resetting the NICs each time.  Once the daemon was fixed, the NIC resetting stopped and the network problem went away. Bring It On Home This is just a quick overview of some of the tools for debugging a network issue.  Everyone has their favorite tools and different uses, we've only touched on a few here. They are all handy, but all need our imagination and perseverance to be useful in getting to the root of whatever problem we are chasing.  Also useful are quick shell scripts written to collect specific sets of data, and shell scripts to process various bits of data when looking for something specific.  For more ideas, see the links below. And sometimes, when we've dug so far and haven't yet found the gold, it's best to just get up from the keyboard, take a walk, grab a snack, listen to some good music, and let the mind wander. Good hunting. Related pages Linux network troubleshooting and debugging - https://unix.stackexchange.com/questions/50098/linux-network-troubleshooting-and-debugging Tracing NFS: Beyond tcpdump - https://blogs.oracle.com/linux/tracing-nfs%3a-beyond-tcpdump-v2 Tracing Linux Networking with DTrace on Oracle Linux - https://blogs.oracle.com/linux/tracing-linux-networking-with-dtrace-on-oracle-linux-v2 iproute2 uses - https://baturin.org/docs/iproute2/ A tcpdump Tutorial and Primer with Examples - https://danielmiessler.com/study/tcpdump/ Searching git code and logs - https://git-scm.com/book/en/v2/Git-Tools-Searching  https://git-scm.com/docs/git-log#git-log--Sltstringgt Wireshark User’s Guide - https://www.wireshark.org/docs/wsug_html/ systemd: Using the journal - https://fedoramagazine.org/systemd-using-journal/

Shannon Nelson from the Oracle Linux Kernel Development team offers these tips and tricks to help make host network diagnostics easier. He also includes a recommended playlist for accompanying your...

Linux Kernel Development

Getting system resource information with a Standard API

Oracle Linux kernel developer Rahul Yadav kicked off a new project in LXC this year, called libresource. In this blog post, he talks about how to use libresource to effectively read system statistics in a stable manner. This project is hosted on github at https://github.com/lxc/libresource System resource information, like memory, network and device statistics, are crucial for system administrators to understand the inner workings of their systems, and are increasingly being used by applications to fine tune performance on different environments. Getting system resource information on Linux is not a straightforward affair. Many tools like top, free and sar can gather system statistics. The best way is to collect the information from procfs or sysfs, but getting such information from procfs or sysfs presents many challenges.  Each time an application wants to get a system resource information, it has to open a file, read the content and then parse the content to get actual information. Over time, the format in which information is provided might change and with that each application has to change its own code to read the data in the correct manner. Libresource tries to fix few of these problems by providing a standard library with set of APIs through which we can get system resource information e.g. memory, CPU, stat, networking, security related information. Find libresource on github at https://github.com/lxc/libresource Libresource provides following benefits: Ease of use: Currently applications needs to read this info mostly from /proc and /sys file-systems. In most of the cases complex string parsing is involved which is needed to be done in application code. With the library APIs application can get the information directly and all the string parsing, if any, will be done by library. Stability: If the format in which the information is provided in /proc or /sys file-system is changed then the application code is changed to align with those changes. Also if a better way to get information comes in future, like through a syscall or a sysconf then again application code needs to be changed to get the benefit of it. Library will take care of such changes and the application will never have to change the code. Virtualization: In cases where DB is running in a virtualized environment using cgroup or namespaces, reading from /proc and /sys file-systems might not give correct information as these are not cgroup aware. Library API will take care of this e.g. if a process is running in a cgroup then library should provide information which is local to that cgroup.  Interfaces to libresource Reading a single resource ID /* This is to read a resource information. A valid resource id should be * provided in res_id, out should be properly allocated on the basis of * size of resource information, hint should be given where needed. * Currently pid and flags are not used, they are for future extensions. */ int resread(int resid, void out, void hint, int pid, int flags); /* Available Resource IDs */ RES_MEM_ACTIVE Total amount of buffer or page cache memory, in kilobytes, that is in active use. RES_MEM_INACTIVE Total amount of buffer or page cache memory, in kilobytes, that are free and available RES_MEM_AVAILABLE An estimate of how much memory is available for starting new applications, without swapping. RES_MEM_FREE The amount of physical RAM, in kilobytes, left unused by the system. RES_MEM_TOTAL Total amount of physical RAM, in kilobytes. RES_MEM_PAGESIZE Size of a page in bytes RES_MEM_SWAPFREE Total amount of swap free, in kilobytes. RES_MEM_SWAPTOTAL The total amount of swap available, in kilobytes. RES_KERN_COMPILE_TIME Kernel compile time RES_KERN_RELEASE Kernel version RES_NET_ALLIFSTAT Network stat for all interfaces on system. RES_NET_IFSTAT Network stat for an interface RES_MEM_INFOALL All Memory related information Reading multiple resources in one call If an application wants to read multiple resource information in one call, it can call res_*_blk APIs to do so which are described below. #define RES_UNIT_OUT_SIZE 256 /* This union is used to return resource information of various types */ union r_data { int i; size_t sz; long l; char str[RES_UNIT_OUT_SIZE]; void *ptr; }; /* In case of res_read_blk, each resource information will be represented by * following structure. */ typedef struct res_unit { int status; unsigned int res_id; void *hint; union r_data data; } res_unit_t; /* In case of bulk read (res_read_blk), this structure will hold all required * information needed to do so. */ typedef struct res_blk { int res_count; res_unit_t *res_unit[0]; } res_blk_t; /* It allocates memory for resources and initiates them properly. * res_ids holds an array of valid resource ids and res_count holds * number of resource ids. It also initializes struct fields properly. */ extern res_blk_t *res_build_blk(int *res_ids, int res_count); /* Reading bulk resource information. Memory must be properly allocated and * all fields should be properly filled to return error free resource * information. res_build_blk call is suggested to allocate build res_blk_t * structure. */ extern int res_read_blk(res_blk_t *resblk, int pid, int flags); /* Free allocated memory from res_build_blk */ extern void res_destroy_blk(res_blk_t *resblk); Some Examples Reading total memory size_t stemp = 0; res_read(RES_MEM_TOTAL,&stemp,NULL, 0, 0); printf("MEMTOTAL is: %zu\n", stemp); Reading network interface related statistics for interface named "lo" res_net_ifstat_t ifstat; res_read(RES_NET_IFSTAT,&ifstat, (void *)"lo",0, 0); printf("status for %s: %llu %llu\n", ifstat.ifname, ifstat.rx_bytes, ifstat.rx_packets ); Reading multiple resources in one call res_blk_t *b = NULL; int a[NUM] = {RES_MEM_PAGESIZE, RES_MEM_TOTAL, RES_MEM_AVAILABLE, RES_MEM_INFOALL, RES_KERN_RELEASE, RES_NET_IFSTAT, RES_NET_ALLIFSTAT, RES_KERN_COMPILE_TIME }; b = res_build_blk(a, NUM); b->res_unit[5]->hint = (void *)"lo"; res_read_blk(b, 0, 0); printf("pagesize %ld bytes,\n memtotal %ld kb,\n memavailable %ld kb,\n" " memfree %ld kb,\n release %s,\n compile time %s\n", b->res_unit[0]->data.sz, b->res_unit[1]->data.sz, b->res_unit[2]->data.sz, ((res_mem_infoall_t *)(b->res_unit[3]->data.ptr))->memfree, b->res_unit[4]->data.str, b->res_unit[7]->data.str ); res_net_ifstat_t *ip = (res_net_ifstat_t *)b->res_unit[5]->data.ptr; printf("stat for interface %s: %llu %llu\n", ip->ifname, ip->rx_bytes, ip->rx_packets ); int k = (int)(long long)b->res_unit[6]->hint; res_net_ifstat_t *ipp = (res_net_ifstat_t *)b->res_unit[6]->data.ptr; for (int j=0; j< k; j++) { printf("stat for interface %s: %llu %llu\n", ipp[j].ifname, ipp[j].rx_bytes, ipp[j].rx_packets ); } free(ipp); res_destroy_blk(b); res_blk_t *b = NULL; int a[NUM] = {RES_MEM_PAGESIZE, RES_MEM_TOTAL, RES_MEM_AVAILABLE, RES_MEM_INFOALL, RES_KERN_RELEASE, RES_NET_IFSTAT, RES_NET_ALLIFSTAT, RES_KERN_COMPILE_TIME }; b = res_build_blk(a, NUM); b->res_unit[5]->hint = (void *)"lo"; res_read_blk(b, 0, 0); printf("pagesize %ld bytes,\n memtotal %ld kb,\n memavailable %ld kb,\n" " memfree %ld kb,\n release %s,\n compile time %s\n", b->res_unit[0]->data.sz, b->res_unit[1]->data.sz, b->res_unit[2]->data.sz, ((res_mem_infoall_t *)(b->res_unit[3]->data.ptr))->memfree, b->res_unit[4]->data.str, b->res_unit[7]->data.str ); res_net_ifstat_t *ip = (res_net_ifstat_t *)b->res_unit[5]->data.ptr; printf("stat for interface %s: %llu %llu\n", ip->ifname, ip->rx_bytes, ip->rx_packets ); int k = (int)(long long)b->res_unit[6]->hint; res_net_ifstat_t *ipp = (res_net_ifstat_t *)b->res_unit[6]->data.ptr; for (int j=0; j< k; j++) { printf("stat for interface %s: %llu %llu\n", ipp[j].ifname, ipp[j].rx_bytes, ipp[j].rx_packets ); } free(ipp); res_destroy_blk(b);

Oracle Linux kernel developer Rahul Yadav kicked off a new project in LXC this year, called libresource. In this blog post, he talks about how to use libresource to effectively read system statistics...

Oracle Database Runs Best on Oracle Linux

Why does Oracle Database run best on Oracle Linux?  A new white paper is now available where you’ll learn what makes the Oracle Linux cloud-ready operating system a cost-effective and high-performance choice when modernizing infrastructure or consolidating Oracle Database instances. When you deploy Oracle Database on Oracle Linux, you can have the confidence that you are deploying on an operating system backed by development teams that work closely together to optimize performance, security, mission-critical reliability, availability, and serviceability. Because Oracle’s applications, middleware, and database products are developed on Oracle Linux, you’ll be deploying on the most extensively tested solution, whether it be on-premises or in the cloud. For Oracle Database workloads, advantages are afforded by the operating system’s deep integration with the solution stack, optimizations resulting from Oracle’s upstream Linux kernel work and industry collaborations, and enhancements delivered in the Unbreakable Enterprise Kernel (UEK) for Oracle Linux. With Oracle Linux Support, your software environment is backed by the expertise of Oracle’s global 24x7 support organization, regardless of whether you deploy on certified partner hardware, Oracle servers, an Oracle engineered solution, or Oracle Cloud. You also receive management and high availability solutions at no additional charge, which helps reduce the TCO of your database infrastructure. Additionally, when you deploy Oracle Database on Oracle Cloud, all the benefits of Oracle Linux Support and more are provided at no additional cost. To find out more about these and other Oracle Linux advantages for Oracle Database, download a copy of the white paper: Why Oracle Database Runs Best on Oracle Linux today.

Why does Oracle Database run best on Oracle Linux?  A new white paper is now available where you’ll learn what makes the Oracle Linuxcloud-ready operating system a cost-effective and...

Linux

Getting Started with Oracle Arm Toolset 1

Why Use Oracle Arm Toolset 1? Oracle Linux 7 for Arm was announced earlier this summer. Oracle includes the "Oracle Arm Toolset 1" [see release notes], which provides many popular development tools, including: gcc v7.3.0 Supports the 2011 revision of the ISO C standard. g++ v7.3.0 Supports the 2014 ISO C++ standard. gfortran v7.3.0 Supports Fortran 2008 go 1.10.1 The Go Programming Language gdb v8.0.1 The GNU debugger binutils v2.30   Binary utilities The above versions are much more recent than the base system versions. The base system versions are intentionally kept stable for many years, in order to help ensure compatibility for device drivers and other components that may be intimately tied to a specific compiler version. For your own applications, you might want to use more modern language features. For example, Oracle Arm Toolset 1 includes support for C++14.   Illustration credit: Laura Bassett, via wikipedia For a complete list of the software packages in Oracle Arm Toolset 1, see the packages listed at the Oracle Linux 7 Software Collections yum repo. Steps (1) repo Download the Oracle Linux repo file: # cd /etc/yum.repos.d # wget http://yum.oracle.com/aarch64/public-yum-ol7.repo (2) Enable the collection In the repo file, set enabled=1 for ol7_software_collections: Edit the .repo file. Notice that there are many repositories. At minimum, you should edit the section about the Software Collection Library to set  enabled=1 While you are there, review the other repositories, and decide which others you would like to enable. You can view the Software Collection Library in a browser by going to:  http://yum.oracle.com/repo/OracleLinux/OL7/SoftwareCollections/aarch64/index.html (3) Install # yum install 'oracle-armtoolset-1*' (4) Enable a shell with the software collection $ scl enable oracle-armtoolset-1 bash Note that this will start a new shell.   (Of course, you could change the word ‘bash’ above to some other shell if you prefer.) (5) Verify Verify that the gcc command invokes the correct copy, and that paths are set as expected: which gcc echo $PATH echo $MANPATH echo $INFOPATH echo $LD_LIBRARY_PATH  Expected output: The which command should return: /opt/oracle/oracle-armtoolset-1/root/usr/bin/gcc All four echo commands should begin with: /opt/oracle/oracle-armtoolset-1/   (6) Wrong gcc?  Wrong paths? If Step (5) gives unexpected output, then check whether your shell initialization files are re-setting the path variables. If so here are four possible solutions: (6a) norc Depending on your shell, there is probably an option to start up without initialization. For example, if you are a bash user, you could say: scl enable oracle-armtoolset-1 "bash --noprofile --norc" (6b) silence Alternatively, you can edit your shell initialization files to avoid setting paths, leaving it up to  scl instead. (6c) (RECOMMENDED) Set paths only in your login shell initialization files. The easiest solution is probably to check out the documentation for your shell and notice that it probably executes certain file(s) at login time and certain other file(s) when a new sub shell is created. For example, bash at login time will look for    ~/.bash_profile, ~/.bash_login, or ~/.profile and for sub shells it looks for    ~/.bashrc If you do your path setting in ~/.bash_profile and avoid touching paths in .bashrc, then the scl enable command will successfully add Oracle Arm Toolset 1 to your paths. (6d) (Kludge) enable last  If for some reason you wish to set paths in your sub shell initialization file, then please ensure that the toolset's enable scriptlet is done last. Here is an example from the bottom of my current .bashrc # If this is a shell created by 'scl enable', then make sure that the # 'enable' scriplet is done last, after all other path setting has # been completed. grandparent_cmd=$(ps -o cmd= $(ps -o ppid= $PPID)) if [[ "$grandparent_cmd" =~ "scl enable" ]] ; then #echo "looks like scl" grandparent_which=${grandparent_cmd/scl enable} grandparent_which=${grandparent_which/bash} grandparent_which=${grandparent_which// } grandparent_enable=$(ls /opt/*/$grandparent_which/enable 2>/dev/null) if [[ -f $grandparent_enable ]] ; then sourceit="source $grandparent_enable" echo doing "'$sourceit'" $sourceit else echo "did not find the enable scriplet for '$grandparent_which'" fi fi Sources If you would like the sources: wget http://yum.oracle.com/repo/OracleLinux/OL7/SoftwareCollections/aarch64/getPackageSource/oracle-armtoolset-1-gcc-7.3.0-2.el7.src.rpm

Why Use Oracle Arm Toolset 1? Oracle Linux 7 for Arm was announced earlier this summer. Oracle includes the "Oracle Arm Toolset 1" [see release notes], which provides many popular development...

Announcing Release 3 of Ceph Storage for Oracle Linux

We are excited to announce Release 3 of Ceph Storage for Oracle Linux. This release presents a uniform view of object and block storage from a cluster of multiple physical and logical commodity-hardware storage devices. Ceph can provide fault tolerance and enhance I/O performance by replicating and striping data across the storage devices in a Ceph Storage Cluster. Ceph's monitoring and self-repair features minimize administration overhead. Release 3 of Ceph Storage for Oracle Linux is based on the Ceph Community Luminous release (v12.2.5). Differences between Oracle versions of the software and upstream releases are limited to Oracle-specific fixes and patches for specific bugs. Supported features include the Object Store, Block Device, Ceph Storage Cluster, Ceph File System (Ceph FS), Simple Ceph Object Gateway, and Multisite Ceph Object Gateway components.   Notable new features: Ceph Manager daemon, ceph-mgr, to monitor clusters Ceph Manager web-based dashboard OSDs using the BlueStore backend to manage HDDs and SSDs Simplified OSD replacement process   Release 3 of Ceph Storage for Oracle Linux adds support for: Ceph iSCSI gateway Ceph FS Export Ceph FS filesystems and block storage over NFS Ceph block devices with QEMU   Supported Upgrade Path Please refer to the product documentation upgrade section for steps and procedures.   Product Support Release 3 of Ceph Storage for Oracle Linux replaces the previous 2.0 release. Release 3.0 of Ceph Storage for Oracle Linux is available for Oracle Linux 7 (x86_64) running the Unbreakable Enterprise Kernel Release 5. A minimum of Oracle Linux 7 Update 5 is required. The ceph-deploy package for Release 3.0 is available via ULN or Oracle Linux yum server.   Resources – Oracle Linux Documentation Oracle Linux Oracle OpenStack  Software Download Oracle Linux Oracle OpenStack  Blogs Oracle Linux Blog Oracle OpenStack Blog   Community Pages Oracle Linux Oracle OpenStack  Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux, Oracle OpenStack

We are excited to announce Release 3 of Ceph Storage for Oracle Linux. This release presents a uniform view of object and block storage from a cluster of multiple physical and...

Announcements

Latest Oracle Linux 7.5 and 6.10 Vagrant Boxes Now Available

We've just updated our Oracle Linux Vagrant boxes for Oracle VM VirtualBox to Oracle Linux 7.5 with Unbreakable Enterprise Kernel release 5 and Oracle Linux 6.10. These Vagrant boxes include: A recent kernel Oracle Linux 7: UEK5 (4.14.35-1818.0.9.el7uek.x86_64) Oracle Linux 6: UEK4 (4.1.12-124.16.4.el6uek.x86_64) VirtualBox guest additions RPMs installed Minimal package set installed 32 GiB root volume 4 GiB swap XFS root filesystem Extra 16GiB VirtualBox disk image attached, dynamically allocated The complete latest details are always here: yum.oracle.com/boxes VirtualBox Guest Addition RPMs Last year, we introduced RPM versions of VirtualBox Guest Additions to simplify installation and upgrade of these essential drivers and guest OS optimizations. Our boxes come pre-installed with the guest addition RPMs. Get Up and Running Quickly with Pre-configured Software Stacks: Vagrantfiles on GitHub If you'd like to experiment with Oracle Database, Docker, or Kubernetes and are looking to get started quickly without getting bogged down with installation details, these Vagrantfiles we've posted on Vagrantfiles on GitHub are for you. For example, there are Vagrantfiles and instructions to quickly: set up a Kubernetes cluster install Oracle Database 12c on Oracle Linux set up a Docker environment set up a local Docker Container Registry References Vagrantfile examples on GitHub Oracle Linux Vagrant boxes

We've just updated our Oracle Linux Vagrant boxes for Oracle VM VirtualBox to Oracle Linux 7.5 with Unbreakable Enterprise Kernel release 5 and Oracle Linux 6.10. These Vagrant boxes include: A recent...

Resilient RDMA IP Addresses

Oracle Linux kernel developer Sudhakar Dindukurti contributed this post on the work he's doing to bring the Resilient RDMA IP feature from RDS into upstream. This code currently is maintained in Oracle's open source UEK kernel and we are working on integrating this into the upstream Linux source code. 1.0 Introduction to Resilient RDMA IP The Resilient RDMAIP module assists ULPs (RDMA Upper Level Protocols) to do failover, failback and load-balancing  for InfiniBand and RoCE adapters.   RDMAIP is a feature for RDMA connections in Oracle Linux.  When this feature, also known as active-active bonding, is enabled the Resilient RDMAIP module creates an active bonding group among the ports of an adapter. Then, if any network adapter is lost the IPs on that port will be moved to the other port automatically providing HA for the application while allowing the full available bandwidth to be used in the non-failure scenario. Reliable Datagram Sockets (RDS) are high-performance, low-latency reliable connection-less sockets for delivering datagrams. RDS provides reliable, ordered datagram delivery by using a single reliable transport between two nodes. For more information on RDS protocol, please see the RDS documentation.  RDS RDMA uses Resilient RDMAIP module to provide HA support.  RDS RDMA module listens to RDMA CM Address change events that are delivered by the Resilient RDMAIP module. RDS drops all the RC connections associated with the failing port when it receives address change event and re-establishes new RC connections before sending the data the next time. Transparent high availability is an important issue for  RDMA-capable NIC adapters compared to standard NICs (Network Interface Cards). In case of standard NICs, the IP layer can decide which path or which netdev interface to use for sending a packet. This is not possible for RDMA capable adapters for security and performance reasons which tie the hardware to a specific port and path.   To send a data packet using RDMA to the remote node,  there are several steps: 1) Client application registers the memory with the RDMA adapter and the RDMA adapter returns an R_Key for the registered memory region to the client.  Note that the registration information is saved on the RDMA adapter. 2) Client sends this  "R_key" to the remote server  3) Server includes this R_key while requesting RDMA_READ/RDMA_WRITE to client 4) RDMA adapter on the client side uses the "R_key" to find the memory region and proceed with the transaction. Since the "R_key' is bound to a particular RDMA adapter,  same R_KEY cannot be used to send the data over another RDMA adapter.  Also, since RDMA applications can directly talk to the hardware, bypassing the kernel, traditional bonding (which lies in kernel) cannot provide HA. Resilient RDMAIP does not provide transparent failover for kernel ULPs or for OS bypass applications, however, it enables ULPs to failover, failback, and load balance over RDMA capable adapters. RDS (Reliable Datagram Sockets) protocol is the first client that is using Resilient RDMAIP module support to provide HA. The below section talks about the role of Resilient RDMAIP for different features. 1.1 Load balancing All the interfaces in the active active bonding group have individual IPs. RDMA consumers can use one or more  interfaces to send data simultaneously and are responsible to spread the load across all the active interfaces. 1.2 Failover If any interface in the active active bonding group goes down, then Resilient RDMAIP module moves  the IP address(s) of the interface to the other interface in the same group and it also sends a RDMA CM (Communication Manager) address change event to the RDMA kernel ULPs. RDMA kernel ULPs that are HA capable, would stop using the interface that went down and start using the other active interfaces.  For example, if there are any Reliable Connections (RC) established on the downed interface,  the ULP can close all those connections and re-establishes them on the failover interface. 1.3 Failback If the interface that went down earlier comes back up, then Resilient RDMAIP module moves back the IP address to the original interface and it again sends RDMA CM address change event to the kernel consumers.  RDMA kernel consumers would take action when they receive address change event. For example, RDMA consumers would move the connections that were moved as part of failover. 2.0 Resilient RDMAIP module provides the below module parameters rdmaip_active_bonding_enabled Set to 1 to enable active active bonding feature Set to 0 to disable active active bonding feature By default,  active active bonding feature is disabled. If active bonding is enabled, then the Resilient RDMAIP module creates an active bonding group among ports of the same RDMA adapter. For example,  consider a system with two RDMA adapters each with two ports, one Infiniband (ib0 and ib1) and one RoCE (eth5 and eth5). On this setup,  two active bonding groups will be created 1) Bond 1 with ib0 and ib1 2) Bond 2 with eth4 and eth5   rdmaip_ipv4_exclude_ips_list For IPs listed in this parameters, active bonding feature will be disabled. by default,  link local addresses are excluded by Resilient RDMAIP. 3.0 How it works ?   In Figure 1, there are two nodes with one 2-port Infiniband HCA each and each port of the HCA is connected to a different switch as shown. Two IPoIB interfaces (ib0 and ib1) are created, one for each port as shown in the diagram. When active active bonding is enabled,  Resilient RDMAIP module automatically creates a bond between two ports of the Infiniband HCA. 1) All the IB interfaces are up and configured   #ip a --- ib0: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:01 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.92/24 brd 10.10.10.255 scope global ib0 valid_lft forever preferred_lft forever ib1: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:09:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:02 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.102/24 brd 10.10.10.255 scope global secondary ib0:P06 valid_lft forever preferred_lft forever 2)  When Port 2 on Node 1 goes down, ib1 IP '10.10.10.102' will be moved to Port 1 (ib0) - Failover #ip a -------------- ib0: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:01 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.92/24 brd 10.10.10.255 scope global ib0 valid_lft forever preferred_lft forever inet 10.10.10.102/24 brd 10.10.10.255 scope global secondary ib0:P06 valid_lft forever preferred_lft forever inet6 fe80::210:e000:129:6501/64 scope link valid_lft forever preferred_lft forever ib1: mtu 2044 qdisc pfifo_fast state DOWN qlen 256 link/infiniband 80:00:02:09:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:02 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff ----------------   3) When Port 2 on node 1 comes back, IP '10.10.10.102' will be moved back to Port 2 (ib1) - Failback #ip a --- ib0: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:01 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.92/24 brd 10.10.10.255 scope global ib0 valid_lft forever preferred_lft forever ib1: mtu 2044 qdisc pfifo_fast state UP qlen 256 link/infiniband 80:00:02:09:fe:80:00:00:00:00:00:00:00:10:e0:00:01:29:65:02 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff inet 10.10.10.102/24 brd 10.10.10.255 scope global secondary ib0:P06 valid_lft forever preferred_lft forever   Example: RDS Implementation Here are the sequence steps that occur during failover and failback. Consider an RDS application establishing an RDS socket between IP1 on node 1 Port 1 to IP3 on node 2.  For this case, at RDS kernel level, there will be one RC connection between IP1 and IP3.   Case 1: Port 1 on Node 1 goes down Resilient RDMAIP module moves the IP address IP1  from Port 1 to Port 2 Port 2 will have two IPs (IP1 and IP2) Resilient RDMAIP module sends an RDMA CM address change event to RDS RDS RDMA driver,  drops the IB connection between IP1 (Port 1) to IP3 as part of handling the address change event. RDS RDMA driver creates a new RC connection between IP1 (Port 2) to IP3  when it receives a new send request from IP1 to IP3 After failover,  when RDS resolves IP1, it will get path records for Port 2 as IP1 is now bound to Port 2. Case 2: Port 1 on Node 1 comes back UP Resilient RDMAIP module moves the IP address IP1  from Port 2 to Port 1 Resilient RDMAIP module sends an RDMA CM address change event to RDS RDS RDMA driver drops the IB connection between IP1 (Port 2) to IP3 as part of handling the address change event. RDS RDMA driver creates a new RC connection between IP1 (Port 1) to IP3 when it receives a new send request from IP1 to IP3 After failback,  when RDS resolves IP1, it will get path records for Port 1 as IP1 is now bound to Port 1. 4.0 Future work The Resilient RDMAIP module's current implementation not tightly coupled with the network stack implementation. For example, RDMA kernel consumers do not have an option to create active bonding groups and also there are no APIs that can tell the RDMA consumers about the active bond groups and which interfaces that are configured in the active bond group.  As a result, current design and implementation are not suitable tor upstream. We are currently working on developing an version of this module which would be something we can submit to upstream Linux, but until then the code for RDMAIP can be found on oss.oracle.com and our github pages.  

Oracle Linux kernel developer Sudhakar Dindukurti contributed this post on the work he's doing to bring the Resilient RDMA IP feature from RDS into upstream. This code currently is maintained in...

Linux Kernel Development

Translating Process ID between Namespaces

Oracle Linux kernel developer Nagarathnam Muthusamy contributed this blog post on the challenges of translating pids (process IDs) between different namespaces. This is a feature currently lacking from namespace support in the Linux kernel and is an important feature to enable multitenant use of the Oracle database via CDBs.  Process ID(PID) namespace facility in Linux kernel has been an effective way of providing isolation between groups of processes which in turn has been employed by various implementations of containers. Though strong isolation between processes is desired, there are always some processes which would like to monitor the activities of other processes and their resource utilizations in the system. Each PID namespace has its own sequence of PIDs which require any processes monitoring them from top of the hierarchy to translate the process ID to and from its own PID namespace. Linux kernel has various set of APIs which provide PID in its result. Any such API can be used for PID translations and following are few of the approaches. SCM_CREDENTIALS:     The sender can translate its PID from its own namespace to a PID in the target namespace by sending and receiving the SCM_CREDENTIALS message. The drawback of this method is the requirement of a socket communication channel to PID translation which adds to the management overhead. This method does not enable the sender to translate the PID of other process unless it is root or it has CAP_SYS_ADMIN.     Ref: http://man7.org/linux/man-pages/man7/unix.7.html /proc/<pid>/status file     /proc/<pid>/status file provides a way to find the PIDs associated with a process in different namespaces. PID translation from child namespace to parent namespace from parent namespace would require searching all the status file in the parent namespace to find the desired PID at desired level.     Ref: http://man7.org/linux/man-pages/man5/proc.5.html     Ref: https://patchwork.kernel.org/patch/5861791/ shmctl(..,IPC_STAT,..), msgctl(..,IPC_STAT,..)     struct shmid_ds provided by IPC_STAT on a shared memory contains following two elements. pid_t shm_cpid; /* PID of creator */ pid_t shm_lpid; /* PID of last shmat(2)/shmdt(2) */       struct msqid_ds provided by IPC_STAT on a message queue contains following two elements. pid_t msg_lspid; /* PID of last msgsnd(2) */ pid_t msg_lrpid; /* PID of last msgrcv(2) */ PIDs in these elements are translated to the PID namespace of the caller. Though these can be used by monitors to keep track of the usage of shared resources by processes regardless of their namespace, these APIs cannot be used for generic PID translation without creating extra shared memory or message queues. Ref: http://man7.org/linux/man-pages/man2/shmctl.2.html Ref: http://man7.org/linux/man-pages/man2/msgctl.2.html semctl(..,GETPID,..)     GETPID command of semctl provides the PID of the process that performed the last operation on a semaphore. Similar to shmctl and msgctl, this is an excellent way to monitor the users of a semaphore but cannot be used for generic PID translation without creating extra semaphores.  shmctl and semctl were fixed in upstream linux kernel 4.17. This facility might not be available in older releases but will be part of the Oracle UEK. Ref: http://man7.org/linux/man-pages/man2/semctl.2.html fcntl(..,F_GETLK,..)     F_GETLK command of fcntl provides information on process which is holding the file lock. This information is translated to the caller's namespace. Any process which require translation across different PID namespaces can create a dummy file in a common location which it can lock. Any query on the owner of the file lock through fcntl will return the translated PID of the observed process under caller's namespace. Though file is lighter weight than any IPC mechanisms, creation and cleanup of files for every process in a system just for PID transaltion is an added overhead. Is there any cleaner way? Usually when your monitor process or any other process in the system requires PID translation, you might be able to work with any of the above mentioned methods and get around this problem. If none of the above options satisfy your use case, well, you are not alone! I have been working with Konstantin to resurrect his old patch which provides PID translation capabilities through a new system call called translate_pid. The discussions can be followed in https://lkml.org/lkml/2018/4/4/677 The link also has pointers to previous versions of the API. The API started off with following function signature, pid_t getvpid(pid_t pid, pid_t source, pid_t target) The major issue highlighted here was the use of PID to identify namespace. Any API which uses PID is susceptible to race condition involving PID recycling. Linux kernel has many existing PID based interfaces only because there were no better method to identify the resources when those interfaces were designed. This suggestion lead to the following API pid_t translate_pid(pid_t pid, int source, int target); where source and target are the file descriptors pointing to /proc/<pid>/ns/pid files of the source and target namespace. The major issue with this API is the additional step involved in opening and closing of a file for every PID translation. This API also prevents use cases which requires PID translation but does not have privileges to open /proc/<pid>/ns/pid file. The API under discussion at the time of writing this blog tries to get the best of both worlds as follows. pid_t translate_pid(pid_t pid, int source_type, int source, int target_type, int target); Here *type argument is used to change the way source and target are interpreted as follows. TRANSLATE_PID_CURRENT_PIDNS - current pid namespace, argument is unused TRANSLATE_PID_TASK_PIDNS - task pid-ns, argument is task pid TRANSLATE_PID_FD_PIDNS - pidns fd, argument is file descriptor As the API is finalized, we will have cleaner method to translate the PID without working around the problem with other existing methods.

Oracle Linux kernel developer Nagarathnam Muthusamy contributed this blog post on the challenges of translating pids (process IDs) between different namespaces. This is a feature currently lacking...

New Oracle Linux Home Target and Ksplice patching with Oracle Enterprise Manager 13c version 13.3

From Oracle Enterprise Manager 13c version 13.3, we have introduced a new Oracle Linux Home target which enables a simplified approach to the management of Oracle Linux in a single place including the ability to patch using Ksplice for both kernel and user space updates. We view Oracle Linux Home from the Cloud Menu via Enterprise > Cloud > Oracle Linux Home: This new home page exclusively for Oracle Linux enables customers to perform management and monitoring of Oracle Linux hosts from a single page; main features include: Oracle Linux host administration and management Bare Metal Provisioning (BMP) Oracle Linux OS Patching Oracle Ksplice patching (provides the ability to update the Oracle Linux operating system kernel and key user space libraries while the OS is running, without a reboot or any interruption). Add a new Oracle Linux host which directs the user to the Setup > Add Target > Add Targets Manually wizard to push an Oracle Enterprise Manager agent to the Oracle Linux host This new target is also visible from the All Targets view: We can navigate to Oracle Linux Home from either the Enterprise or All Targets page. Oracle Linux Home has the following regions: General Overview of Incidents and Problems Host flux CPU Memory Linux patching compliance / summary Ksplice patching compliance / summary General The general region shows a summary of the Oracle Linux hosts showing total numbers of each Oracle Linux version as well as their status. From here we can click on the OS Version, which will show us in a tabular view all the Oracle Linux hosts matching that version. We have a similar view when we click on any of the total or Green arrow links. This view displays useful information such as CPU and Memory utilization as well as the total IO/second. These metrics have links which when clicked will take you to the metric monitoring area for that host. Other useful information such as Logical memory, CPU load, Network interface rate and swap utilization are available. Overview of Incidents and Problems From here, we can see any incidents or problems affecting our Oracle Linux hosts with respect to Availability, Performance, Security and others. Host flux When Oracle Linux hosts are retired or added, we show when these events occurred over a period of the last 30 days. CPU Here we display CPU utilization over a range of Oracle Linux hosts. In our example, we have 12 Oracle Linux hosts where 100% of them have a CPU utilization between 0 – 25%. If we click on the CPU 0-25 bar we see a table view of each host with individual CPU utilization. Memory For memory, we take a similar approach to CPU. Our example shows 12 Oracle Linux hosts split with regard to their memory utilization. If we click on the Memory, 25-50 bar we see a table view of each host with individual Memory utilization. Oracle Linux Patching Status / Compliance Here we show two regions: Oracle Linux Status and Compliance. The status region shows us how many Oracle Linux hosts are compliant with respect to Oracle Linux packages present on the Oracle Linux host compared to packages within ULN based or custom patching groups. We can change the Compliance region view between Hosts or Patching groups. Both views show any hosts or patching groups that have out of date or rogue packages. A rogue package is one that exists on the Oracle Linux host but not in ULN based or custom patching groups. Ksplice for Oracle Linux Ksplice updates the Oracle Linux operating system kernel and key user space libraries, whilst the operating system is running, without a reboot or interruption. To enable Oracle Enterprise Manager Ksplice management all Oracle Linux Hosts must have an Oracle Enterprise Manager agent installed and configured with Ksplice software. For further details, refer to the Ksplice portal and user guide. Ksplice Configuration metrics are collected on every monitored Oracle Linux Host configured with Ksplice software (Uptrack v1.2.45 or Enhanced Ksplice v1.0.29 or higher). To access these Metrics: From the Host menu on a host's home page, select Configuration > Latest: This view is for an offline Ksplice host, which is up to date for the kernel but out of date for user space: This view is for an online Ksplice host, which is up to date for the kernel but out of date for user space: The following metrics are collected: Ksplice Version This reports the version of the Ksplice software installed on the Target Host. Ksplice Status This reports if the host is configured to receive updates from the Ksplice Server or if it is Ksplice offline. Base Kernel Version This queries the stock (base) Kernel running in the system; this version does not represent the patched version, only the one that booted the system. Effective Kernel Version This reports the Effective Kernel, which means the Kernel version after the live Ksplice patching including security fixes and others. This also reports the last applied patch date. Kernel Status This reports if the kernel of the host is up to or out of date. A system is up to date if it has all available Ksplice patches installed. Kernel Patches Installed This reports the count of Ksplice packages installed on the system. User Space Status This reports if the host's User Space Ksplice aware packages are up to or out of date. If this in an offline Ksplice host then the status is based upon the local repositories configured on the system. User Space Packages Installed This reports the count of Ksplice user space packages installed on the system. Kernel Installed Patches This reports the installed Ksplice patches in the system. Kernel Available Patches This lists the available Ksplice patches for the kernel, in essence it list the patches that have not yet been installed. This information is gathered based on the Ksplice configuration. In the case of an online Ksplice host configured with Ksplice server, it gets that information from the ULN (Unbreakable Linux Network). In the case of an offline Ksplice host, it reflects the data based on the uptrack-updates-`uname -r` package installed on the system. User Space Installed Packages This reports the Ksplice User Space packages installed on the system.   The Ksplice Patching region on the Oracle Linux Home Page uses the metrics collected detailed earlier to collate the Ksplice status over all the Ksplice enabled Oracle Linux Hosts monitored; it contains 2 sub regions: Ksplice Status Region This region shows the total number of Ksplice enabled Hosts; clicking on that number will open a list of Hosts. The Ksplice Status Region contains two pie charts: Kernel Status User Space Status  Each pie chart shows the status of all hosts. i.e. how many hosts are compliant, non-compliant or compliance unknown. Clicking on a particular compliance status will open another page with associated hosts. Ksplice Summary Region. This region shows the table of hosts that lists the following Ksplice Status (Online/Offline) Kernel Status (Compliant/Non-Compliant/Compliance unknown) User Space Status (Compliant/Non-Compliant/Compliance unknown) Effective Kernel Version By clicking on the number next to Ksplice Enabled Hosts (in screenshot above “10”), we are taken to the Ksplice Linux Hosts page, which contains a table displaying the following: Ksplice Enabled Hosts with Ksplice Software Ksplice software Version Ksplice Status (Online – Green / Offline - Grey) Kernel Status (Compliant/Non-Compliant/Compliance unknown-in case of unconfigured/offline systems) Number of Kernel Installed Patches User Space Status (Compliant/Non-Compliant/Compliance unknown-in case of unconfigured/offline systems) Number of User space Installed Patches Base Kernel Version Effective Kernel Version.  Notice from the above screenshot the last two hosts have a version of 1.2.47. This denotes that the Ksplice Enhanced client is not installed (uptrack client) and therefore no User space patches are listed. By clicking on a host name in the Ksplice detail table, a new page will be opened. This page will list the installed Ksplice patches on that host. If this host is a Ksplice Online host, it will also list what updates are available; these updates can be added or removed from this page.  If the host is a Ksplice Offline host, this page will show all the Ksplice kernel or user space patches available in the local repository. If the Ksplice Enhanced Client Software is installed on the host, then it will display list of intall/available user space patches. Otherwise, it will show message "Install/Upgrade/Configure Ksplice Enhanced Client Software". With a Ksplice Offline host, the Ksplice status will be a grey rather than a green dot which denotes an Online host. In addition, with an Offline host two dotted clocks are present for the Kernel and User space status as we can only determine the latest updates from the Offline repository, which may not be the latest from the ULN. Notice the Refresh button; this refreshes the latest data to the dashboard. When clicked, there will be a dialogue box, which will take confirmation from user. For any install or remove update you have to select and enter root privilege or credentials. We offer the use of the uptrack or the enhanced client features. Best practice is to install all updates; therefore, we follow this model even for the uptrack client to keep our deployment model consistent. The removal of updates for Kernel is possible by ID / individually, however for User Space it is only possible to remove all updates. Summary The Oracle Linux Home target brings Oracle Linux Management into a single page providing a simplified Oracle Linux management portal. The existing Oracle Linux Patching and Bare Metal Provisioning (BMP) frameworks can be accessed here from the Oracle Linux Home main menu: For information on Oracle Linux refer here; for information on Oracle Enterprise Manager 13c 13.3 refer here.

From Oracle Enterprise Manager 13c version 13.3, we have introduced a new Oracle Linux Home target which enables a simplified approach to the management of Oracle Linux in a single place including the...

Linux Kernel Development

Oracle Data Analytics Accelerator (DAX) for SPARC

This blog post was written by kernel developers Jon Helman and Rob Gardner, whose code for the Oracle Data Analytics driver was accepted into the Linux source earlier this year. This is our ultimate installment in the kernel blog series on Linux enablement for SPARC chip features. Oracle DAX Support in Linux The Oracle Data Analytics Accelerator (DAX) is a coprocessor built into the SPARC M7, S7, and M8 chips, which can perform various operations on data streams. These operations are particularly suited to accelerate database queries but have a wide variety of uses in the field of data analytics. For the duration of a coprocessor operation, the main processors are free to execute other instruction streams. Since the coprocessor can operate on large data sets, this can potentially free up processor resources significantly. Each system may have multiple DAX coprocessors, and each DAX has multiple execution units. Each unit is capable of doing independent work in parallel with the others and applications may be able to take advantage of this parallelism for some data sets. DAX Operations The explanations and drawings below show in detail the basic operations that the DAX can perform. Scan The scan operation finds all instances of a value, values, or range of values in a list. In the following example, the DAX performs the operation of finding each instance of the search value, A, in the input vector. The resulting bit vector has a 1 set in each position where an A is found. Select The select operation pulls elements from a vector to produce a subset which corresponds to the bits set in a bitmap. In the following example, the DAX filters the input data so that the resulting output vector consists of only those elements for which a 1 is set in the bit vector. Extract The extract operation converts a vector of values from one format to another format. In the following example, the DAX converts from an RLE-encoded input vector to an expanded output vector. (RLE, or run-length encoding, is a compression technique in which repeated elements are represented by a tuple consisting of the element and the number of repetitions.) This is just one of the many possible format conversions. Translate The translate operation takes as input a vector and a bitmap. Each element in the vector is used as an index into the bitmap, and that bit is placed into the output bitmap. This operation is more easily described with this short code segment and illustrated in the diagram which follows. for (i=0; i<N; i++) OUTPUT[i] = BITMAP[INPUT[i]]; Coprocessor Features Control flow The hardware defines a Coprocessor Control Block (CCB) which specifies the operation to be done, the addresses of the buffers to process as well as metadata describing those buffers (format of the data, number of elements in the stream, compression format, etc.).  One or more CCBs are presented to the coprocessor via software.  Multiple requests may be enqueued in the hardware and these are serviced as resources allow. Many threads may make requests concurrently, and resources are shared much like the CPU is shared. After submission, software is free to do other work until it requires the computational results from the coprocessor. Upon completion of the request, no interrupt is sent as commonly done with other hardware. Rather, completion is signalled via memory which can be polled by software. The processor provides an efficient mechanism for polling this completion status in the form of two new instructions, monitored load and monitored wait.  The monitored load instruction performs a memory load while also marking the address as one of interest. The monitored wait instruction pauses the virtual processor until one of several events occur, one of which is modification of the memory location of interest. This allows other hardware threads to use core resources while the monitoring thread is suspended. Data access The DAX hardware directly reads from and writes to physical memory avoiding handling large amounts of data in the main processor.  In order to optimize cache utilization, an option is provided that directs the DAX to place output directly in the processor's L3 cache.  The DAX also optimizes data accesses with its capability of operating on compressed data: it can decompress data while performing the operation and hence does not need temporary memory to hold decompressed intermediate output. This helps to reduce the number of physical memory reads and increase the size of possible data sets.  In addition to compressed data, the DAX can work with a variety of data formats and bit widths including fixed-width bit- and byte-packed, and variable width. The multitude of possible data formats and supported bit widths is documented in the Linux kernel file located at Documentation/sparc/oradax/dax-hv-api.txt. Software Stack Initiating a Request An application will typically use the available function library (libdax) to utilize the capabilities of the coprocessor, though it is also feasible to use the raw driver interface. A request to submit an operation to the DAX starts with a user calling one of the libdax functions (e.g. dax_scan_value). These functions perform rigorous validation of the arguments, and convert them into the hardware defined CCB format before being fed to the driver. The driver locks the pages containing the input and output buffers and then submits the CCBs to the hypervisor via the hypercall mechanism. The hypervisor translates each address in the CCB from virtual to physical and then initiates the hardware operation. Control immediately returns to the hypervisor, subsequently to the driver, and then back to libdax. Request Completion Since the kernel and hypervisor are not involved in processing a CCB after it has been submitted to the DAX, requests to the DAX driver do not block waiting for completion as is traditional for many other drivers. This means that the userland application has the option of performing other work while waiting for completion. libdax provides two variants of each DAX operation: blocking (e.g. dax_scan_value or dax_extract) and non-blocking (e.g. dax_scan_value_post and dax_extract_post). Completion of a request is signaled via a status byte in shared memory called the completion area. libdax waits on this byte using the monitored load and monitored wait instructions. The function dax_poll is provided for the application to check for completion in the non-blocking scenario. In libdax, the logic of checking the completion area is: while (1) { uint8_t status = loadmon8(&completion_area->status); if (status == INPROGRESS) mwait(TIMEOUT); else break; } Driver Operation The oradax driver provides a transport mechanism for conveying one or more CCBs from a user application to the coprocessor, and also performs several housekeeping functions essential to security and integrity. The API consists of the Linux system calls open, close, read, write, and mmap. The /open/ call initializes a context for use by a single thread. The context contains buffers to hold CCBs, completion areas, and records the virtual pages used by requests. Multiple threads may utilize the coprocessor, but each thread must do its own /open/. A correspondin /close/ releases all resources associated with all requests submitted by the thread. The /mmap/ call is used to gain access to said completion area buffer. Driver commands are given via /write/, and responses (when necessary) are retrieved via /read/. Driver commands involve a CCB or group of CCBs and are submit, kill, request info, and dequeue. The submit command is a /write/ of a buffer containing one or more CCBs to be conveyed to the coprocessor. Since the coprocessor accesses physical memory directly, the virtual to physical mappings of the I/O buffers must be locked in order to prevent the physical pages from being repurposed by the kernel. The driver does this locking of all pages associated with the request and transmits the CCBs to the hypervisor. If any of the CCBs were not submitted successfully, the corresponding pages are unlocked and the /write/ return value will indicate this discrepancy. If all CCBs could not be submitted successfully, then a /read/ must be done to retrieve further information that describes what went wrong. If all CCBs were submitted successfully, the application may poll for completion or proceed immediately to other tasks and defer polling until the results are required for further progress. The current state of a CCB may be queried at any time using the request info command, and a CCB may be terminated with the kill command. The dequeue command explicitly unlocks the pages associated with all completed requests; it is not usually necessary to call this since pages are unlocked implictly during the submission process. For much more detail, see Documentation/sparc/oradax/oracle-dax.txt. Conclusion Oracle DAX is supported by the oradax device driver and is available beginning with the Linux 4.16 kernel.  A user may make calls directly to the oradax driver to submit requests to the DAX, and the kernel documentation files contain example code to demonstrate this. Do be aware that we fully expect applications wishing to use the DAX to leverage the libdax library which provides higher level services for analytics and frees the application writer from the need to understand the low level DAX command structure. The library is fully open-sourced and available at the Oracle open source project webpage and includes a full set of manpages to describe the DAX operations. Feedback is always welcome and we would be interested in hearing about your experiences with the DAX. Reference Links Oradax Driver Oradax Linux Kernel documentation OSS libdax git repo Oracle Developer Community Software in Silicon Space Introduction to Stream Processing Using the DAX API SPARC innovation article DAX use in Oracle Database 12c DAX use in Apache Spark DAX use in Java Streams API

This blog post was written by kernel developers Jon Helman and Rob Gardner, whose code for the Oracle Data Analytics driver was accepted into the Linux source earlier this year. This is our ultimate...

Announcing the release of Oracle Linux 6 Update 10

We're happy to announce the general availability of Oracle Linux 6 Update 10 for the i386 and x86_64 architectures. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images are available for download from the Oracle Software Delivery Cloud and Docker images are available via Oracle Container Registry and Docker Hub. Oracle Linux 6 Update 10 ships with the following kernel packages: Unbreakable Enterprise Kernel (UEK) Release 4 (kernel-uek-4.1.12-124.16.4.el6uek) for x86-64 Unbreakable Enterprise Kernel (UEK) Release 2 (kernel-uek-2.6.39-400.294.3.el6uek) for i386 Red Hat Compatible Kernel (kernel-2.6.32-754.el6) for i386 and x86-64 By default, both UEK and RHCK for the specific architecture (i386 or x86-64) are installed and the system boots the Unbreakable Enterprise Kernel release. Application Compatibility Oracle Linux maintains user space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that underlies the operating system. Existing applications in user space will continue to run unmodified on Oracle Linux 6 Update 10 with UEK Release 4 and no re-certifications are needed for applications already certified with Red Hat Enterprise Linux 6 or Oracle Linux 6. Notable updates in this release: Retpoline Support Added to GCC. Support for retpolines has been added to the GNU Compiler Collection (GCC) in this update. The kernel uses this technique to reduce the overhead of mitigating Spectre Variant 2 attacks, which is described in CVE-2017-5715. For more details on these and other new features and changes, please consult the Oracle Linux 6 Update 10 Release Notes in the Oracle Linux Documentation Library. Oracle Linux can be downloaded, used and distributed free of charge and all updates and errata are freely available. Customers decide which of their systems require a support subscription. This makes Oracle Linux an ideal choice for development, testing, and production systems. The customer decides which support coverage is the best for each individual system, while keeping all of the systems up-to-date and secure. Customers with Oracle Linux Premier Support also receive support for additional Linux programs, including Oracle Linux software collections, Oracle OpenStack and zero-downtime kernel updates using Oracle Ksplice. For more information about Oracle Linux, please visit www.oracle.com/linux.

We're happy to announce the general availability of Oracle Linux 6 Update 10 for the i386 and x86_64 architectures. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and...

Perspectives

List Zero Dowtime Updates Applicable to your Kernel with Ksplice Inspector

With so many kernel updates released, it can be difficult to keep track. At Oracle, we monitor kernels on a daily basis and provide bug and security updates administrators can apply without a system reboot. To help out, the Ksplice team has produced the Ksplice Inspector, a web tool to show you the updates Ksplice can apply to your kernel with zero downtime. The Ksplice Inspector is freely available to everyone. If you're running any Ksplice supported kernel, whether it is Oracle's Unbreakable Enterprise Kernel, a Red Hat compatible kernel with RHEL or CentOS, or the kernel of one of our supported desktop distributions, visit https://www.ksplice.com/inspector and follow the instructions and you'll see a list of all the available Ksplice updates for your kernel. If you are more comfortable in a terminal or don't have a browser handy, we've got you covered: you can get the same information calling our API through the command line. Just run the following command: (uname -s; uname -m; uname -r; uname -v) | \ curl https://uptrack.api.ksplice.com/api/1/update-list/ \ -L -H "Accept: text/text" --data-binary @- To illustrate the power of Oracle Ksplice, I launched a VM running Oracle Linux 7.4 with Unbreakable Enterprise Kernel from January 2018, so about 6 months old at time of this writing. This was the result: Your kernel needs the following updates: KAISER/KPTI enablement for Ksplice. Improve the interface to freeze tasks. Additional indirect branch speculation improvements for CVE-2017-5715. CVE-2017-17712: Information leak in raw IPV4 socket sendmsg(). CVE-2017-15115: Use-after-free in SCTP peel off operation inside network namespace. CVE-2017-14140: ASLR bypass due to insufficient permissions checks in move_pages. CVE-2017-12193: Denial-of-service in generic associative array implementation. CVE-2017-0861: Use-after-free in ALSA sound subsystem. CVE-2017-8824: Privileges escalation when calling connect() system call on a DCCP socket. Denial-of-service in Huge TLB mappings during process exit. Secure-boot protections bypass in /dev/mem mmap(). Kernel crash in Broadcom NetXtreme-C/E firmware responses. Denial-of-service when setting up NVMe Physical Region Page entries. CVE-2017-16649: Divide by zero when binding a network USB device. Missing Spectre v1 reporting. System crash in Broadwell microcode updates. Missing Spectre V2 protections on AMD systems. Missing IBRS protection for KVM guests. Spectre v2 hardening on context switch. Spectre v2 bypass in 32-bit compatibility system calls. Kernel crash in interrupt exit with KPTI. Kernel hang in QLogic mailbox handling. Kernel crash in KVM guest user mode return. Kernel hang in the SCSI stack when changing device state. CVE-2017-17052: Denial-of-service due to incorrect reference counting in fork. Weakness when checking the keys in the XTS crypto algorithm. CVE-2018-7492: Denial-of-service when setting options for RDS over Infiniband socket. CVE-2017-7518: Privilege escalation in KVM emulation subsystem. Information leak when setting crypto key using RNG algorithm. Deadlock while queuing messages before remote node is up using RDS protocol. NULL pointer dereference when using bind system call on RDS over Infiniband socket. CVE-2017-14051: Denial-of-service in qla2xxx sysfs handler. Denial-of-service in SCSI Lower Level Drivers (LLD) infrastructure. Denial-of-service when creating session in QLogic HBA Driver. CVE-2017-16646: Denial-of-service when using DiBcom DiB0700 USB DVB devices. CVE-2017-15537: Information disclosure in FPU restoration after signal. Kernel panic in HyperV guest-to-host transport. Memory leak when closing VMware VMXNET3 ethernet device. Memory corruption in IP packet redirection. NULL pointer dereference in Hyper-V transport driver on allocation failure. CVE-2018-1068: Privilege escalation in bridging interface. Data-loss when writing to XFS filesystem. Denial-of-service when following symlink in ext4 filesystem. Denial-of-service during NFS server migration. Denial-of-service during RDS socket operation. Denial-of-service when querying ethernet statistics. Denial-of-service in Hyper-V utilities driver. Denial-of-service in Broadcom NetXtreme-C/E network adapter. Denial-of-service when configuring SR-IOV virtual function. NULL pointer dereference during hardware reconfiguration in Cisco VIC Ethernet NIC driver. Kernel panic during asynchronous event registration in LSI Logic MegaRAID SAS driver. Kernel crash during PCI hotplug of Emulex LightPulse FibreChannel driver. Kernel crash during Emulex LightPulse FibreChannel I/O. NULL pointer dereference during Emulex LightPulse FibreChannel removal. Hard lockup in Emulex LightPulse FibreChannel driver. Deadlock during abort command in QLogic QLA2XXX driver. Kernel crash when creating RDS-over-IPv6 sockets. CVE-2017-12146: Privilege escalation using a sysfs entry from platform driver. CVE-2017-17558: Buffer overrun in USB core via integer overflow. CVE-2017-16643: Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID parsing. CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check. CVE-2018-1000199: Denial-of-service in hardware breakpoints. CVE-2018-8897: Denial-of-service in KVM breakpoint handling. CVE-2018-1087: KVM guest breakpoint privilege escalation. CVE-2017-15129: Use-after-free in network namespace when getting namespace ids. CVE-2018-5332: Out-of-bounds write when sending messages through Reliable Datagram Sockets. CVE-2017-7294: Denial-of-service when creating surface using DRM driver for VMware Virtual GPU. CVE-2017-15299: Denial-of-service in uninstantiated key configuration. CVE-2017-16994: Information leak when using mincore system call. CVE-2017-17449: Missing permission check in netlink monitoring. CVE-2017-17448: Unprivileged access to netlink namespace creation. CVE-2017-17741: Denial-of-service in kvm_mmio tracepoint. Denial-of-service of KVM L1 nested hypervisor when exiting L2 guest. Improved CPU feature detection on microcode updates. Kernel crash in interrupt exit with KPTI. CVE-2018-3639: Speculative Store Bypass information leak. Device Mapper encrypted target Support big-endian plain64 IV. CVE-2017-16939: Denial-of-service in IPSEC transform policy netlink dump. CVE-2017-1000410: Information leak in Bluetooth L2CAP messages. CVE-2018-10323: NULL pointer dereference when converting extents-format to B+tree in XFS filesystem. CVE-2018-8781: Integer overflow when mapping memory in USB Display Link video driver. CVE-2018-10675: Use-after-free in get_mempolicy due to incorrect reference counting. Denial-of-service in NFS dentry invalidation. CVE-2017-18203: Denial-of-service during device mapper destruction. CVE-2018-6927: Integer overflow when re queuing a futex. CVE-2018-5750: Information leak when registering ACPI Smart Battery System driver. CVE-2018-5333: NULL pointer dereference when freeing resources in Reliable Datagram Sockets driver. CVE-2018-3665: Information leak in floating point registers. Once you've seen all the updates available for your kernel, you can quickly patch them all with Ksplice. If you're an Oracle Linux Premier Support customer, access to Ksplice is included with your subscription and available through the Unbreakable Linux Network. As Oracle Linux Premier support is included in all Oracle Cloud Infrastructure subscriptions, Oracle Cloud customers can benefit from improved security and reduced outages through Oracle Ksplice from day one. Try Oracle Ksplice For Free! If you're running Red Hat Enterprise Linux and you would like to check out this technology, you can try Ksplice free for 30 days. Let us know what you think by commenting below or in the Oracle Linux forum on the Oracle Developer Community

With so many kernel updates released, it can be difficult to keep track. At Oracle, we monitor kernels on a daily basis and provide bug and security updates administrators can apply without a system...

Announcing the general availability of Oracle Linux 7 for ARM

Oracle is pleased to announce the general availability of Oracle Linux 7 for the ARM architecture. Oracle Linux 7 Update 5 is available on the 64-bit ARMv8 platform (aarch64). The release features Oracle’s Unbreakable Enterprise Kernel (UEK) Release 5, based on the latest mainline Linux kernel long-term stable (LTS) release 4.14. Oracle Linux 7 for ARM is built from the same source packages as the corresponding Oracle Linux distribution for the x86 architecture, plus any patches and modifications that are required to support the ARMv8 platform. Although Oracle Linux 7 for ARM is based on Oracle Linux 7 for the x86 platform, differences between the releases for the two platforms exist in terms of packaging and kernel versions. Packages built for 64-bit ARM architecture use the aarch64 architecture code. Some packages that are available for the x86 platform may not be available for this release. Patches may have been applied to packages to successfully build for this platform, and some packages may have been bumped to a newer version. Supported platforms Oracle Linux 7 for ARM is released as an ISO image that can be used to install Oracle Linux 7 on generic 64-bit ARMv8 hardware. The ISO has been tested on and is engineered for use on the Ampere™ eMAG™-based EVK platform and the Cavium ThunderX2® processor. The ISO image is available for download from the Oracle Software Delivery Cloud and is free to download, distribute and use. Certified platforms will be published on the Hardware Certification List for Oracle Linux when available. DTrace DTrace has been enabled for ARM platforms and ports of the DTrace code are available in UEK Release 5. The DTrace user space code in the dtrace-utils package has also all been ported to run on 64-bit ARM platforms to fully enable DTrace for Oracle Linux 7 for ARM. Developer Toolchain The Oracle Linux 7 for ARM release includes a toolchain that includes version 7.3 of the gcc compiler and provides a solid developer toolset to build code for 64-bit ARM platforms. The UEK R5 for the ARM platform is built using this toolchain. MySQL Community Packages MySQL Community 8.0.11 packages are available for ARM on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. You can install MySQL Community packages directly from ULN or the Oracle Linux yum server by enabling the appropriate channel or repository. Docker Oracle Container Runtime for Docker is available as a developer preview for Oracle Linux for ARM in the ol7_developer channel on the Oracle Linux yum server and the an ARM variant has been added to the official Oracle Linux image on the Docker Hub. Technology Preview An Oracle Linux 7 for ARM disk image for use on Raspberry Pi™ 3 Model B/B+ hardware is available for developers who may not have access to alternate ARM hardware. This disk image is available as a technology preview for developer use only and is not eligible for Oracle Linux support. Community support is available via the Oracle Linux for ARM community space. Software Download and Installation You can download a full Oracle Linux 7 for ARM installation media image from the Oracle Software Delivery Cloud. You can also obtain the latest Oracle Linux 7 packages from the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. The process of installing Oracle Linux 7 on the ARM platform does not differ substantially from the installation process an x86 platform. Please review Oracle Linux Documentation for installation instructions. Oracle Linux Resources Blogs Oracle Linux Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - http://oracle.com/education/linux   "Raspberry Pi" is a trademark of the Raspberry Pi Foundation.

Oracle is pleased to announce the general availability of Oracle Linux 7 for the ARM architecture. Oracle Linux 7 Update 5 is available on the 64-bit ARMv8 platform (aarch64). The release features...

Announcing the general availability of the Unbreakable Enterprise Kernel Release 5

The Unbreakable Enterprise Kernel Release 5 (UEK R5) is a heavily tested and optimized operating system kernel for Oracle Linux 7 Update 5 and later on 64-bit Intel (x86_64) and ARM (aarch64) architectures. It is based on the mainline Linux kernel version 4.14 LTS. This release also updates drivers and includes bug and security fixes. Introduction of 64-bit ARM (aarch64) architecture Oracle Linux with UEK R5 delivers kernel modifications to enable support for 64-bit ARM (aarch64) architecture. These changes are built and tested against existing ARM hardware and provide the initial groundwork to support Oracle Linux for ARM. Any ARM features available in UEK R5 are released as a technical preview and some limitations of functionality apply. The Oracle Linux 7 for ARM release includes a toolchain that includes version 7.3 of the gcc compiler and provides a solid developer toolset to build code for 64-bit ARM platforms. The UEK R5 for the ARM platform is built using this toolchain. Notable Changes Secure boot improvements. Secure boot is designed to protect a system against malicious code being loaded and executed early in the boot process. Secured platforms load only software binaries, such as option ROM drivers, boot loaders, and operating system loaders, that are unmodified and trusted by the platform. While the operating system is loaded, measures have been added to prevent malicious code from being injected on subsequent boots. NUMA balancing enabled.  Improvements and fixes to NUMA balancing help resolve issues that could cause high I/O wait times when this feature was enabled. NUMA balancing is automatically enabled on systems that have multiple NUMA nodes.  RoCE support.  RDMA over Converged Ethernet (RoCE), a standard InfiniBand Trade Association (IBTA) protocol enables efficient data transfer for RDMA over Ethernet networks using UDP encapsulation to transcend Layer 3 networks. TCP-BBR enabled.  TCP-BBR, a feature that can be used to achieve higher bandwidth and lower latency for internet traffic can offer significant performance improvements for internet-based applications. BBR (Bottleneck Bandwidth and Round-Trip Time) is a scheduling algorithm that helps to control the transmit rate of the TCP protocol to reduce buffering by monitoring round-trip times against bandwidth bottlenecks to reduce TCP congestion. Notable Driver Updates Hyper-V drivers updated.  The Hyper-V storage driver, hv_storvsc, has been updated to provide performance improvements for I/O operations on certain workloads by eliminating bounce buffers. The Hyper-V network driver, hv_netvsc, has been updated to support transparent SR-IOV on Virtual Function devices to reduce configuration complexity and the use of a dedicated bonding driver and script to handle hot plugging of the required PCI devices. Intel iWARP RDMA driver added.  The Intel Ethernet Connection X722 iWARP RDMA Driver, i40iw, has been added to the driver modules included in this kernel release. A library, libi40iw, has been added for direct userspace use of this RDMA hardware. Amazon Elastic Network Adapter Driver Updated.  The Elastic Network Adapter Driver, ena, has been updated to version 1.5.0k. This version provides a number of upstream bug fixes and improvements. Other features include additional power management operations, initial support for IPv6 RSS, and improved driver robustness. For more details on these and other new features and changes, including a full list of CVEs fixed in this release, please consult the UEK R5 Release Notes. Certification of Oracle products Before updating an Oracle Linux system to UEK R5, please confirm your applications, including Oracle applications, are supported with UEK R5. Certification of Oracle products on Oracle Linux with the UEK R5 is determined by each Oracle product group. You may find additional information on https://support.oracle.com/epmos/faces/CertifyHome. Oracle Automatic Storage Management Cluster File System (Oracle ACFS) certification for different kernel versions is described in Document ID 1369107.1 on My Oracle Support. Compatibility Oracle Linux maintains user-space compatibility with Red Hat Enterprise Linux, which is independent of the kernel version running underneath the operating system. Existing applications in user space will continue to run unmodified on the UEK R5 and no re-certifications are needed for RHEL certified applications. To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors whose hardware and software have dependencies on kernel modules. The kernel ABI for UEK R5 remains unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to previous releases that require recompilation of third-party kernel modules on the system. Before installing UEK R5, verify its support status with your application vendor. Supported Upgrade Path Customers can upgrade existing Oracle Linux 7 servers using either the Unbreakable Linux Network or the Oracle Linux yum server. Software Download Oracle Linux can be downloaded, used and distributed free of charge and updates and errata are freely available. This allows you to decide which of your systems require a support subscription and makes Oracle Linux an ideal choice for your development, testing and production systems. You decide which support coverage is the best for each of your systems, individually, while keeping all of your systems up-to-date and secure. For customers with Oracle Linux Premier Support, you also receive access to zero-downtime kernel updates using Oracle Ksplice and support for Oracle OpenStack. UEK R5 Availability in Oracle Cloud Infrastructure Oracle Linux images available on Oracle Cloud Infrastructure are frequently updated to help ensure access to the latest software. Oracle provided images in Oracle Cloud Infrastructure will soon include Oracle Linux 7 Update 5 with UEK Release 5. Oracle Linux Premier Support is included with your Oracle Cloud Infrastructure subscription at no additional cost.  You can take advantage of all the benefits Oracle Linux Support provides, including access to the latest packages and updates, 24x7 expert support, the My Oracle Support portal with an extensive Linux knowledge base, Oracle Ksplice zero-downtime updates, and the use of Oracle Enterprise Manager to manage and monitor Oracle Linux instances. Using Oracle Linux on Oracle Cloud Infrastructure enables you to have a single point of contact for support across cloud infrastructure, OS, and Oracle software. Resources – Oracle Linux Documentation Oracle Linux Software Download Oracle Linux Blogs Oracle Linux Blog Community Pages Oracle Linux Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - http://oracle.com/education/linux

The Unbreakable Enterprise Kernel Release 5 (UEK R5) is a heavily tested and optimized operating system kernel for Oracle Linux 7 Update 5 and later on 64-bit Intel (x86_64) and ARM (aarch64)...

Announcing Oracle Linux Storage Appliance 1.7 for Oracle Cloud Infrastructure

We are pleased to announce the release of Oracle Linux Storage Appliance 1.7. The Oracle Linux Storage Appliance allows you to easily build NFS and Samba shared storage with attached NVMe or block volumes on Oracle Cloud Infrastructure (OCI). What’s New The 1.7 release introduces several new enhancements including: Appliance instance migration – This lets you migrate the appliance onto a new OCI compute instance. With a few steps, the appliance can be migrated and deployed on another compute instance, and the block volumes storage pool is re-configured on the new instance. This is useful when you need to deploy your appliance on a compute  instance with additional OCPU and memory resources, and without having to rebuild your existing file system server. No shared file systems are migrated during the appliance migration, as they remain on the existing block volumes. Support for dynamic groups through instance principals – When the appliance instance is configured as part of an OCI dynamic group, you no longer need to configure service access on the appliance console to back up and restore shares using the OCI object storage service. If you have configured credentials for OCI service access on the appliance console, this will take precedence over the instance’s dynamic group authentication on OCI. Exports Mount and Map command-line tool – This feature auto-generates NFS export mount and SMB export map commands and pre-populates parameters so that you can easily copy and paste the command line to mount your NFS and SMB share exports in your cloud tenancy. Web console UI enhancements – Additional appliance platform information including the OCI shape type, instance name, and creation timestamp are now displayed on the console 'Appliance' page. For more information visit: Oracle Linux Storage Appliance Oracle Linux Storage Appliance Deployment and User's Guide

We are pleased to announce the release of Oracle Linux Storage Appliance1.7. The Oracle Linux Storage Appliance allows you to easily build NFS and Samba shared storage with attached NVMe or block...

Events

Oracle Linux no Oracle OpenWorld Brasil / Oracle Linux at Oracle OpenWorld Brazil

Oracle Linux no Oracle OpenWorld Brasil Nos dias 20 e 21 de junho será realizado o Oracle Open World Brasil, no Parque Ibirapuera, em São Paulo. Com o tema Crie Seu Amanhã, Hoje,o evento terá um formato aberto para o público e com foco na colaboração e interação entre os participantes – executivos, especialistas, desenvolvedores, clientes e parceiros Oracle, para discutirem as novidades e ideias que vão impactar a sociedade e as empresas de todos os tamanhos. A equipe Oracle Linux marcará grande presença no evento levando conteúdo na sessão primária com o tema “Por dentro de um ataque cibernético: como os hackers operam e como se proteger”. A sessão será no dia 20 de junho, às 16:10, na Sala 3. Nesta sessão, você descobrirá como os ataques cibernéticos realmente acontecem; quais são os pontos em comum; onde estão os pontos vulneráveis e como as organizações podem se proteger. Teremos, ainda, nos dois dias de evento demonstrações práticas com os seguintes temas: Dia 20: ·Proteção online e Hardening contra ameaças de segurança com Ksplice e Spacewalk · Construindo sua nuvem privada com Oracle OpenStack. Dia 21: ·Construindo um ambiente DevOps realmente aberto: leve as VMs com você para rodar em VirtualBox e demonstrar em sua empresa ·Atingindo o próximo nível com DevSecOps: leve as VMs com você para rodar em VirtualBox e demonstrar em sua empresa Registre-se agora e junte-se a nós neste grande evento! Oracle Linux at Oracle OpenWorld Brazil On June 20 and 21 Oracle OpenWorld Brazil will take place at Parque Ibirapuera, São Paulo. Based on the theme Create Tomorrow, Today, the event will have an open format and free to public with focus on collaboration and interaction among participants – executives, experts, developers, customers and Oracle partners, to discuss trends and ideas that will impact society and businesses of all sizes. Oracle Linux team will mark presence with content at the primary session with the topic “Inside a cyber attack: how hackers operate and how to stay protected”. The session will be on June 20th at 04:10 pm - Room 3. In this session, you will learn how cyber-attacks actually happen; which are the common points; where are the data breaches and how companies can stay protected. We will also have hands-on demo sessions on both days of the event with the following topics: June 20th: Online protection and Hardening against security threats using Ksplice and Spacewalk Building your private cloud with Oracle OpenStack.   June 21st: Building a truly open DevOps environment: take the VMs with you to run in VirtualBox and demonstrate it in your company Achieving the next level with DevSecOps: take the VMs with you to run in VirtualBox and demonstrate it in your company Register now and join us in this great event!     

Oracle Linux no Oracle OpenWorld Brasil Nos dias 20 e 21 de junho será realizado o Oracle Open World Brasil, no Parque Ibirapuera, em São Paulo. Com o tema Crie Seu Amanhã, Hoje,o evento terá um...

Linux

Installing Python SDK and CLI for Oracle Cloud Infrastructure on Oracle Linux: a Tutorial

There are several ways to install the Python SDK and CLI for Oracle Cloud Infrastructure (OCI). In this blog post I describe two ways to do so on Oracle Linux 7:   using Oracle Linux system Python 2.7 —included in the OS— and the python-oci-sdk and python-oci-cli RPMs Using Python 3.6 from the Oracle Linux EPEL repository and pip Configuring Required Keys and OCIDs For the OCI SDK and CLI to work, basic configuration and authentication information is required. For example, Oracle Cloud IDs (OCID) for user and tenancy. This is covered in the OCI Documentation: SDK and Tool Configuration and Required Keys and OCIDs. To set up public and private API keys for the OCI SDK and CLI:   mkdir ~/.oci openssl genrsa -out ~/.oci/oci_api_key.pem 2048 chmod go-rwx ~/.oci/oci_api_key.pem openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem # add this public key to your profile under User Settings > API Keys cat ~/.oci/oci_api_key_public.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/7hKYCiExQJjo3C4M+V QVgBowAUYRRRCEIkkfolpYSlHuyfl0Y34OuYlat6mqnZReuSl6MKa2e8PKIHfa4T 0s/01cWvgETYnFty6lskNQO3eGO1KIQ5rZCSuCgcrnWNUzYKQ+0FopSDHj1BPzbv 9Kr13cE9BRU7nBYyG4hGbjUmY9qt6LUKR/MzZZjI5+IAlwpywlYN7X2uwUf30K/c M/zUpgSZNNiI9lwnJB679pAOHBGdK0JfXEDS6VUAITgzHbNQcFcl6567LCd4U15j 1DjWAEWIObtYvzpX0nqUsn8Is8GoS6eTQBes8Nhf+rUgLSodsP8rGBboWtkDfRBk 9wIDAQAB -----END PUBLIC KEY----- Copy the Public Key output and upload it by Signing in to the Console and pasting it under User Settings > API Keys. See Figure 1. Figure 1. Adding Public Key to User Settings in OCI Console   Create a file ~/.oci/config that contains your user OCID, your tenancy OCID, the fingerprint for your Public Key and your region. The tenancy OCID can be found bottom left in the footer of the Console (see Documentation: Where to Find Your Tenancy's OCID) For example: $ cat ~/.oci/config [DEFAULT] user=ocid1.user.oc1..aaaaaaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxlhxw4mqc2r2reqxx fingerprint=ba:xx:45:xx:ab:61:c7:xx:0b:46:58:xx:80:89:xx:b7 key_file=~/.oci/oci_api_key.pem tenancy=ocid1.tenancy.oc1..aaaaaaaaywf4txxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx region=us-ashburn-1 Set the permissions for the ~/.oci/config file to limit access: chmod go-rwx ~/.oci/config Oracle Linux System Python 2.7: Install Using RPM from Oracle Linux Yum Server The Oracle Linux team packages the OCI CLI and SDK in RPM form and publishes them in the Developer repository on Oracle Linux yum server. To install these for (system) Python 2.7: sudo yum -y install yum-utils sudo yum-config-manager --enable ol7_developer ol7_developer_epel sudo yum -y install python-oci-sdk python-oci-cli Python 3.6 from EPEL: Install Using pip Oracle Linux yum server has an EPEL repository that includes Python 3.6. You can read more about Python for Oracle Linux here. sudo yum -y install yum-utils sudo yum-config-manager --enable ol7_developer_epel sudo yum install -y python36 python3.6 -m venv py36env source py36env/bin/activate python -m pip install oci oci-cli Testing the OCI CLI To test the CLI, you'll need the Compartment OCID. You can find this via the Console main "hamburger" menu Identity > Compartments. See figure 2. Figure 2. Finding your Compartment OCID   A quick test of the CLI by obtaining a list of available images in the Compute service: oci compute image list --compartment-id=ocid1.compartment.oc1..aaaa..xxx ... { "base-image-id": null, "compartment-id": null, "create-image-allowed": true, "defined-tags": {}, "display-name": "Oracle-Linux-7.5-Gen2-GPU-2018.05.09-1", "freeform-tags": {}, "id": "ocid1.image.oc1.iad.aaaaaaaaafiwqi57icjjdkwvlkf7li5lfnk4ad3jw4bvt73uvfdzrgvz7iqq", "launch-mode": "NATIVE", "launch-options": { "boot-volume-type": "ISCSI", "firmware": "UEFI_64", "network-type": "VFIO", "remote-data-volume-type": "PARAVIRTUALIZED" }, "lifecycle-state": "AVAILABLE", "operating-system": "Oracle Linux", "operating-system-version": "7.5", "size-in-mbs": 47694, "time-created": "2018-05-15T03:22:42.463000+00:00" }, { "base-image-id": null, "compartment-id": null, "create-image-allowed": true, "defined-tags": {}, "display-name": "Oracle-Linux-7.5-Gen2-GPU-2018.05.09-0", "freeform-tags": {}, "id": "ocid1.image.oc1.iad.aaaaaaaafde2zxmzk6abzji6hndayiqzb3jglubvvxhugfjqvvsywag355va", "launch-mode": "NATIVE", "launch-options": { "boot-volume-type": "ISCSI", "firmware": "UEFI_64", "network-type": "VFIO", "remote-data-volume-type": "PARAVIRTUALIZED" }, "lifecycle-state": "AVAILABLE", "operating-system": "Oracle Linux", "operating-system-version": "7.5", "size-in-mbs": 47694, "time-created": "2018-05-10T15:41:47.117000+00:00" }, ... Testing the OCI SDK Here's a quick test of the Python SDK, using sample code from oci-python-sdk on GitHub, reading from the ~/.oci/config file: (py36env) $ python Python 3.6.3 (default, Feb 8 2018, 05:35:00) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import oci >>> config = oci.config.from_file("~/.oci/config","DEFAULT") >>> identity = oci.identity.IdentityClient(config) >>> user = identity.get_user(config["user"]).data >>> print(user) { "compartment_id": "ocid1.tenancy.oc1..aaaaaaadkjfhksdjfhkjhsdfasieoirusnksndflknasdf7zxoxrw5jq", "defined_tags": {}, "description": "sergio", "freeform_tags": {}, "id": "ocid1.user.oc1..aaaadskjfhaksdjfhkljasdhfkjahsdfkjhasdflkjhsdf2r2req", "inactive_status": null, "lifecycle_state": "ACTIVE", "name": "sergio@domain.com", "time_created": "2017-04-08T22:54:30.717000+00:00" } >>> References Oracle Linux for Python Developers Python SDK for Oracle Cloud Infrastructure on Github OCI Command Line Interface (CLI) documentation OCI Documentation: SDK and Tool Configuration

There are several ways to install the Python SDK and CLI for Oracle Cloud Infrastructure (OCI). In this blog post I describe two ways to do so on Oracle Linux 7:   using Oracle Linux system Python 2.7...

Announcements

Upcoming change to Oracle Linux package channels

What is changing? On July 5th, 2018 channel and repository changes will go into effect on Unbreakable Linux Network (ULN) and Oracle Linux yum server. Be advised that if you rely on specific, older versions of packages, deployed via configuration management tools such as Chef, Puppet, Ansible or other custom scripts, that you may need to review this code to ensure it will still work when the channel changes take effect. Similarly, if you use Spacewalk for Oracle Linux or maintain a local mirror of ULN based on the uln-yum-mirror script, make sure that you include the appropriate archive channel by subscribing to it via ULN if needed. Changes to Latest Channels The coming changes will affect the Latest channels for Oracle Linux 6 and Oracle Linux 7: packages that predate the current Oracle Linux update level, e.g. Oracle Linux 7 Update 5 or Oracle Linux 6 Update 9 will be moved to newly created archive channels. In summary for Oracle Linux 7: Before July 5th 2018: Oracle Linux 7 Latest channel contains every version of every RPM ever released since Oracle Linux 7.0 After July 5th 2018: Oracle Linux 7 Latest channel will contain only the RPMs released in the latest update’s base and patch channels. All the other tens of thousands of RPMs will move to Oracle Linux 7 Latest Archive Similarly for Oracle Linux 6: Before July 5th 2018: Oracle Linux 6 Latest channel contains every version of every RPM ever released since Oracle Linux 6.0 After July 5th 2018: Oracle Linux 6 Latest channel will contain only the RPMs released in the latest update’s base and patch channels. All the other tens of thousands of RPMs will move to Oracle Linux 6 Latest Archive. New Channels The following channels will be created on ULN and the Oracle Linux yum server: ULN ol7_x86_64_latest_archive ol6_x86_64_latest_archive Oracle Linux yum server ol7_latest_archive ol6_latest_archive In the future, we may also create archives for other channels, including Oracle Linux 7 Latest Optional Packages (x86_64) - ol7_x86_64_optional_latest. Why are we making this change? By periodically archiving packages from the latest channel to the archive channels, we will be able to significantly reduce its overall size as well as the size of the metadata files. This will result in reduced network traffic and substantially better performance when using ULN or the Oracle Linux yum server. What happens when an update to Oracle Linux is released? When a new update release of Oracle Linux becomes available, the latest channel will be brought up to date with the set of packages that ship on its installation media and all packages that do not match these criteria will be moved to the archive channel. Thus the latest channel for each Oracle Linux release will only contain the set of packages from the most recent release as distributed on the installation media for that release (available on the Oracle Software Delivery Cloud or from one of our Oracle Linux download mirrors) together with all updated packages (errata) following that release.

What is changing? On July 5th, 2018 channel and repository changes will go into effect on Unbreakable Linux Network (ULN) and Oracle Linux yum server. Be advised that if you rely on specific, older...

Linux

Learn About Oracle Linux, a Key Community Player

Oracle is an active member of the Linux community, employing developers who work directly with the Linux community through code contributions, testing programs and deployment best practices for customers.   Oracle is an active contributor to multiple open source projects, including being an active contributor to kernel.org since 2001. Learn about Oracle Linux through training created and reviewed by the experts who are contributing to the Linux community. Those interested in Oracle Linux 7 should take the Oracle Linux 7: System Administration course in one of the following formats: Training-on-Demand: Start training straight away, following lecture delivery by an expert instructor, at your own pace, through streaming video and booking time to get hands-on experience when suits your schedule. Live-Virtual Event: Attend a live event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Events currently on the schedule include 14 May, 3, 4 and 11 June, 8 and 9 July, 17 September, 1 October and 5 November 2018. In-Class Event: Travel to an education center to attend an event. In-class events on the schedule include: Location Date Delivery Language Algiers, Algeria 18 November 2018 French Brisbane, Australia 16 July 2018 English Sao Paulo, Brazil 4 June 2018 Brazilian Portuguese Bogota, Columbia 23 July 2018 Spanish Cairo, Egypt 5 August 2018 Arabic Munich, Germany 11 June 2018 German Rome, Italy 28 May 2018 Italian Seoul, Korea 23 July 2018 Korean Kuala Lumpur, Malaysia 9 July 2018 English Mexico City, Mexico 4 June 2018 Spanish Auckland, New Zealand 11 June 2018 English Manila, Philippines (x2) 16 July 2018 English Lisbon, Portugal 14 May 2018 European Portuguese Lisbon, Portugal 16 July 2018 European Portuguese Pretoria, South Africa 21 May 2018 English Madrid, Spain 2 July 2018 Spanish Zurich, Switzerland 3 September 2018 German Bangkok, Thailand 4 June 2018 Thai Ankara, Turkey 8 October 2018 Turkish Dubai, United Arab Emirates 18 July 2018 English Reston, VA, United States 18 July 2018 English Those using an earlier version of Linux can take the Oracle Linux 5 & 6 System Administration course in one of the following formats: Training-on-Demand Live-Virtual Event: Attend a live event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Register your interest to have an event added to the schedule. In-Class Events on the schedule include: Location Date Delivery Language Tokyo, Japan 3 September 2018 Japanese Mexico City, Mexico 17 September 2018 Spanish Pretoria, South Africa 2 July 2018 English Madrid, Spain 25 June 2018 Spanish Dubai, United Arab Emirates 17 June 2018 English Resources: Oracle Linux Curriculum Oracle Linux on Oracle Cloud Infrastructure Training Oracle Linux Product Documentation Oracle Linux Product Information Oracle Linux Technology Network

Oracle is an active member of the Linux community, employing developers who work directly with the Linux community through code contributions, testing programs and deployment best practices for...

Events

It’s a Wrap: Highlights from Collaborate18

Today, Collaborate18 comes to a close, but there were some highlights we wanted to share… Oracle Keynote:  Steve Daheb, Senior Vice President of Oracle Cloud, spoke to a packed room as he covered the many paths to cloud. Noting that because everyone’s needs are unique, cookie-cutter approaches just don’t work. The good news: Oracle Cloud Platform makes it possible to develop your own unique path to cloud from wherever you choose — SaaS, PaaS, or IaaS. Demos (Oracle Booth #855, Kiosk 16):  Following Steve’s theme, many customers stopped by to talk about how they can transition from on-premises environments to cloud. Visitors were intrigued to hear and see how Oracle Linux and Virtualization solutions can help them all along their paths. Whether starting new or with existing on-premises solutions, our technologies and tools are helping customers as they transition to hybrid or 100% cloud environments. With Oracle Linux, Oracle Virtualization, including Oracle VM and Oracle VM VirtualBox, along with Oracle Private Cloud Appliance, customers are finding many options to fit their needs.  We know your path to cloud is unique, let us show you how Oracle Linux and Virtualization offerings can help you reach your goals. Hear about customer innovations: Lawrence Livermore National Laboratory NASA Jet Propulsion Laboratory United Airlines For more information: The Difference and Value of Oracle Linux Oracle Linux for the Cloud-Enabled Data Center  

Today, Collaborate18 comes to a close, but there were some highlights we wanted to share… Oracle Keynote:  Steve Daheb, Senior Vice President of Oracle Cloud, spoke to a packed room as he covered...

Announcements

Announcing the Unbreakable Enterprise Kernel Release 4 Update 7 for Oracle Linux

What's New? The Unbreakable Enterprise Kernel Release 4 Update 7 uses the 4.1.12-124.14.1 version and includes several new features, added functionality and bug fixes across a range of subsystems. Notable changes KVM security fixes for retpoline support.  Security fixes have been implemented to mitigate against kernel or cross-process memory disclosure such as the attack vector used by Spectre V2. A backport was introduced to fix an issue that resulted in the use of a stale model-specific register (MSR) value generated by a previous VM exit where retpoline support is enabled in the host kernel.  RDS IPv6 support.  Support for the use of IPv6 addresses has been added to the kernel RDS and related modules. Existing RDS applications using IPv4 addresses are able to continue to run normally, but applications that require IPv6 addresses can do so by passing the address in struct sockaddr_in6 to bind(), connect() or sendmsg(). Added DTrace lockstat probes.  These probes can be viewed using dtrace -l -P lockstat. DTrace lockstat support allows for dynamic tracing of kernel locking events. For example, these probes can provide information on which locks are most frequently used, which locks exhibit the most contention and which locks are held longest. For more details on these and other new features and changes, please consult the Release Notes for the UEK R4 Update 7. Security (CVE) Fixes A full list of CVEs fixed in this release can be found in the Release Notes for the UEK R4 Update 7. Supported upgrade path Customers can upgrade existing Oracle Linux 6 and Oracle Linux 7 servers using the Unbreakable Linux Network or the Oracle Linux yum server. Software Download Oracle Linux can be downloaded, used and distributed free of charge and all updates and errata are freely available. This allows you to decide which of your systems require a support subscription and makes Oracle Linux an ideal choice for your development, testing and production systems. You decide which support coverage is the best for each of your systems individually, while keeping all of your systems up-to-date and secure. For customers with Oracle Linux Premier Support, you also receive access to zero-downtime kernel updates using Oracle Ksplice and support for Oracle OpenStack. Compatibility UEK R4 Update 7 is fully compatible with the previous UEK R4 updates. The kernel ABI for UEK R4 will remain unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to UEK R3 that require recompilation of third-party kernel modules on the system. Before installing UEK R4, verify its support status with your application vendor. Resources – Oracle Linux Documentation Oracle Linux Blogs Oracle Linux Blog Oracle OpenStack Blog Oracle Virtualization Blog Community Pages Oracle Linux Oracle OpenStack Social Media Oracle Linux on YouTube Oracle Linux on Facebook Oracle Linux on Twitter Data Sheets, White Papers, Videos, Training, Support & more Oracle Linux Product Training and Education Oracle Linux - http://oracle.com/education/linux    

What's New? The Unbreakable Enterprise Kernel Release 4 Update 7 uses the 4.1.12-124.14.1 version and includes several new features, added functionality and bug fixes across a range of subsystems. Notabl...

Events

Meet Us at Collaborate18

The conference is underway! It's filled with informative sessions, hands-on labs, demos, and an exhibit hall including a 5,000+sf Oracle booth. Immerse yourself in the Oracle products you need to grow your business – from apps to tech, on-premises, hybrid, or cloud, you’ll find it at Collaborate18. For more information about Oracle Linux, VM, OpenStack, and VirtualBox, stop by Oracle’s Booth: #855. You'll find our product experts at Kiosk 16. Demos include: Open Cloud Infrastructure with Oracle Linux, VM, OpenStack, and VirtualBox Watch Oracle Linux, Oracle OpenStack, and Oracle VM together build an open cloud infrastructure. Develop virtual appliances with Oracle VM VirtualBox, and deploy to Oracle VM Server and the cloud. You’ll also see how to automate your Oracle Database deployments with OpenStack. Secure and Agile Orchestration for Docker Containers with Oracle Linux Learn how to use Oracle Linux to provide a comprehensive container and orchestration environment for the delivery of microservices and next-generation application development. Secure Cloud Access for Enterprise Applications See how Oracle Secure Global Desktop provides secure remote access for cloud-hosted enterprise applications and desktops from a wide range of popular client devices. Run Your Applications in a Private Cloud Experience Oracle Private Cloud Appliance. It allows you to rapidly provision mixed Linux, Windows, and Oracle Solaris workloads, offering a cost-effective way to run applications in a private, on -premises cloud. Exhibit Hall Location: Bayside C, Level 1 Hours: Monday | 5:15 p.m. – 8 p.m. Welcome Reception Tuesday | 9:30 a.m. – 4:15 p.m. | 5:15 p.m. – 7 p.m. Happy Hour Wednesday | 10:45 a.m. – 4:15 p.m. Follow the conversation at #C18LV We look forward to meeting you at Collaborate18.  

The conference is underway! It's filled with informative sessions, hands-on labs, demos, and an exhibit hall including a 5,000+sf Oracle booth. Immerse yourself in the Oracle products you need to grow...

Oracle Linux 7 enters Common Criteria Evaluation

Before I get into talking about this, a word from Oracle Legal: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.  The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle Corporation.   That said, back in November 2017, Oracle Linux 7 has initiated a Common Criteria certification compliant to the US Protection Profile for General Purpose Operating Systems Version 4.1. The CCRA includes 28 countries; any evaluation done in one of the CCRA certifying countries are “mutually recognized.” Common Criteria is an international framework (ISO/IEC 15408) which defines a common approach for evaluating security features and capabilities of Information Technology security products. A certified product is one that a recognized Certification Body asserts as having been evaluated by a qualified, accredited, and independent evaluation laboratory competent in the field of IT security evaluation to the requirements of the Common Criteria and Common Methodology for Information Technology Security Evaluation. The Oracle Linux operating system is an open foundation for the cloud. It is developed and extensively tested with demanding enterprise workloads like Oracle Database as well as many third-party applications in public and private clouds. While Oracle Linux is open source and includes standard technologies, tools, and features, Oracle extends the release to deliver a complete, integrated, and supported platform for performance-driven production workloads. In addition to the Red Hat Compatible Kernel (RHCK), Oracle supplies the optimized Unbreakable Enterprise Kernel for Oracle Linux(UEK), which was first developed to support highly scalable Oracle Database, applications and Oracle Engineered Systems. Oracle provides flexible and cost-effective Linux support and the updates and software releases are free to download and distribute. The Oracle Linux 7 evaluation can be viewed on the Swedish Scheme Common Criteria In Process Page until the evaluation completes. For more information on Oracle’s participation in the Common Criteria program, please visit the main Common Criteria information page. For a complete list of Oracle products with Common Criteria certifications and FIPS 140-2 validations, please see the Security Evaluations website.

Before I get into talking about this, a word from Oracle Legal: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be...

Linux Kernel Development

Btrfs send/receive helps to move and backup your data

In this update, we share Btrfs functionality that helps make moving data between Btrfs volumes faster and more efficient. It's not new feature but it's an underutilized feature which showcases the unique capabilities of Btrfs as the native Linux copy-on-write filesystem. Btrfs send is introduced in Linux v3.5 and the amazing part is that it offers the ability of incremental update. Here I'll go through the command as a user and try to understand it as a btrfs developer. A user can transfer one whole subvolume tree to another btrfs filesystem by using 'send', keep in mind that the subvolume tree must be _readonly_, so the steps could be as simple as a few commands.  By 'whole subvolume tree' I mean both data and metadata will be transferred to the receive side, in order to do this, command 'send' uses pipe(2), which creates two file descriptors, one for reader and one for writer, it is the writer fd that kernel writes send's instructions to, and in the userspace progs retrives those instructions from the reader fd and writes to stdout by default. In the above example, we created another pipe to redirect stdout to the receive side. $ man btrfs-send usage: btrfs send [-ve] [-p ] [-c <clone-src>] [-f ] <subvol> [<subvol>...] Send the subvolume(s) to stdout. Sends the subvolume(s) specified by <subvol> to stdout. <subvol> should be read-only here. By default, this will send the whole subvolume. To do an incremental send, use '-p <parent>'. If you want to allow btrfs to clone from any additional local snapshots, use '-c <clone-src>' (multiple times where applicable). You must not specify clone sources unless you guarantee that these snapshots are exactly in the same state on both sides, the sender and the receiver. It is allowed to omit the '-p <parent>' option when '-c <clone-src>' options are given, in which case 'btrfs send' will determine a suitable parent among the clone sources itself. -e If sending multiple subvols at once, use the new format and omit the end-cmd between the subvols. -p <parent> Send an incremental stream from <parent> to <subvol>. -c <clone-src> Use this snapshot as a clone source for an incremental send (multiple allowed) -f <outfile> Output is normally written to stdout. To write to a file, use this option. An alternative would be to use pipes. --no-data send in NO_FILE_DATA mode, Note: the output stream does not contain any file data and thus cannot be used to transfer changes. This mode is faster and useful to show the differences in metadata. -v|--verbose enable verbose output to stderr, each occurrence of this option increases verbosity -q|--quiet suppress all messages, except errors $ btrfs subvolume snapshot -r /mnt/send/subvol /mnt/send/snapshot $ btrfs send /mnt/send/snapshot | btrfs receive /mnt/recv/ #then, we get a identical 'snapshot' under /mnt/recv_side $ ls /mnt/receive_side snapshot Then on the receive side, 'btrfs receive' is used to create a new subvolume (/mnt/recv/snapshot) and apply the instructions in the send stream to make it look like the one on the send side (/mnt/send/snapshot). This feature is often found to be helpful when people do regular backup on filesystem because it combines built-in easy and cheap snapshot with incremental updates. Paired with out-of-band deduplication, btrfs provides all the features to build a powerful backup appliance. Last but not least, please note that nothing comes for free, although creating a snapshot can be as easy, fast and cheap as nothing, deleting snapshot could be a factor to slow down the whole filesystem. It takes a good amount of efforts to traverse across several btrees to remove references on everything, and can consume CPU quite intensively. The problem is also known as "snowball effect of wandering trees". It's highly recommended to only keep snapshots which are necessary to have. About the options... -f <outfile> Although stdout is used by default, often its file descriptor can refer to tty(terminal), then we may get this error, $ btrfs send /mnt/btrfs/snap2 ERROR: not dumping send stream into a terminal, redirect it into a file # Fix this error with one of the following commands: btrfs send /mnt/snap > output btrfs send -f output /mnt/snap -p <parent> This option can potentially speed up a 'send-receive' process because it informs the receiver to create a snapshot of <parent> before applying changes passed in the send stream. It assumes that a previous send-receive had happened so that <parent> exists on both sender side and receiver side. Incremental updates can be applied with a minimum amount of effort by making a snapshot of <parent> on receiver side. It mostly works as expected, except one problem I observed, i.e. the receiver doesn't check whether <parent> is readonly or read-write. You can see this a) toggle off the RO bit of <parent> with 'btrfs property set -s subvol <parent> ro false' b) add or remove files/directories under <parent> then the snapshot on the sender side will not be identical to the snapshot on the receive side, here is an example, $ btrfs sub create /mnt/send/sub $ touch /mnt/send/sub/foo $ btrfs sub snap -r /mnt/send/sub /mnt/send/parent # send parent out $ btrfs send /mnt/send/parent | btrfs receive /mnt/recv/ # change parent and file under it $ btrfs property set -t subvol /mnt/recv/parent ro false $ truncate -s 4096 /mnt/recv/parent/foo $ btrfs sub snap -r /mnt/send/sub /mnt/send/update $ btrfs send -p /mnt/send/parent /mnt/send/update | btrfs receive /mnt/recv $ ls -l /mnt/send/update total 0 -rw-r--r-- 1 root root 0 Mar 6 11:13 foo $ ls -l /mnt/recv/update total 0 -rw-r--r-- 1 root root 4096 Mar 6 11:14 foo However, if 'foo' in /mnt/send/update has a non-zero size, it shows the correct size on receiver side, $ truncate -s 8192 /mnt/send/sub/foo $ btrfs sub snap -r /mnt/send/sub /mnt/send/update-new $ btrfs send -p /mnt/send/parent /mnt/send/update-new | btrfs receive /mnt/recv $ ls -l /mnt/send/update-new total 0 -rw-r--r-- 1 root root 8192 Mar 6 11:21 foo $ ls -l /mnt/recv/update-new total 0 -rw-r--r-- 1 root root 8192 Mar 6 11:21 foo 'btrfs receive' doesn't apply the file size if size is zero. These issues are under development. The correct way to make changes in a readonly snapshot is to create another snapshot of itself which has write access. -c <clone-src> To understand the option, we need to explain clone first. Clone simply refers to a kind of operation which allows two files (or two different parts within the same file) to share the same piece of data on disk, and copy-on-write will happen if any parts of the shared data gets changed. With '-c' option, the send-receive process can avoid transferring data in the send stream because the required data has been availalbe on the receiver side, all it needs to do is to do reflink from <clone-src>. Similar to '-p <parent>', it also assumes that <clone-src> exists on both sender side and receiver side, the difference is that '-c <clone-src>' only avoids tranferring data and '-p <parent>' avoids both data and metadata. To reach the best result, multiple <clone-src> can be given and 'btrfs send' will try to figure out the best fit parent to use, but in case of failing to do so, an error will be printed: 'parent determination failed for xxx'.

In this update, we share Btrfs functionality that helps make moving data between Btrfs volumes faster and more efficient. It's not new feature but it's an underutilized feature which showcases the...

Perspectives

Quick and Easy Installation of Oracle Database 12c on Oracle Linux in Oracle VM VirtualBox

In a previous blog post, I described the steps to streamline the pre-installation steps on Oracle Linux for Oracle Database 12c using the Database preinstallation package. In this post you will learn how to do a fully automated installation of Oracle Database 12c on Oracle Linux running in an Oracle VM VirtualBox guest. The tutorial is based on a Vagrantfile published in our Vagrant repo on GitHub.   Because this installation method uses VirtualBox, Vagrant and an Oracle Linux Vagrant Box, the whole process can be automated, requiring minimal to no input. Assuming you have VirtualBox, Vagrant and git installed, these are the steps needed to install Oracle Database: Clone the relevant GitHub repository Download the Oracle Database 12c installation media from OTN Issue a Vagrant to create the VM and start the Database installation process Wait 15-25 minutes, depending on your network bandwidth and machine horsepower Done The commands are straightforward: $ git clone https://github.com/oracle/vagrant-boxes $ cd vagrant-boxes/OracleDatabase/12.2.0.1 <download Oracle Database installation zip file> $ vagrant up How Does This Work?   Assuming you have the required tools in place, the steps summarized earlier cause Vagrant to do the following: read the Vagrantfile (more about that later) create a headless VM based on the pre-packaged Oracle Linux 7 Vagrant box provision the VM by runing a script that updates Oracle Linux to the latest available packages from Oracle Linux yum server performs Database pre-installation checks and installs required packages unzips the Database installion files, installs the Oracle Database 12c software creates a database and pluggable database container   After the installation has completed, you can either log in to the guest VM itself and interact with the Database there or, you can leave the VM running —headless— and connect from the host operating system to the Database using tools such as SQL Developer.   For step by step instructions on how to run an automated installation of Oracle Database 12c in a VirtualBox VM, connect to the Database and save and restore snapshots of the VM, read on...

In a previous blog post, I described the steps to streamline the pre-installation steps on Oracle Linux for Oracle Database 12c using the Database preinstallation package. In this post you will...

Announcements

Announcing the release of Oracle Linux 7 Update 5

Oracle is pleased to announce the general availability of Oracle Linux 7 Update 5 for the x86_64 architecture. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images will soon be available for download from the Oracle Software Delivery Cloud and Docker images will soon be available via Oracle Container Registry and Docker Hub. Oracle Linux 7 Update 5 ships with the following kernel packages: Unbreakable Enterprise Kernel (UEK) Release 4 (kernel-uek-4.1.12-112.16.4.el7uek) for x86-64 Red Hat Compatible Kernel (kernel-3.10.0-862.el7) for x86-64 Application Compatibility Oracle Linux maintains user space compatibility with Red Hat Enterprise Linux (RHEL), which is independent of the kernel version that underlies the operating system. Existing applications in user space will continue to run unmodified on Oracle Linux 7 Update 5 with the UEK Release 4 and no re-certifications are needed for applications already certified with Red Hat Enterprise Linux 7 or Oracle Linux 7. Notable security-related features in this release: Support for Memory Protection Keys on recent Intel processors. This update includes support for the Memory Protection Keys hardware feature on recent Intel processors. CPUs provide this support through a new user-accessible register (PKRU) that contains two separate bits (Access Disable and Write Disable) for each key. Ability to unlock encrypted devices connected to a network during the boot process. Previously, block devices that were connected to a network could not be unlocked during the boot process because it was not possible to connect and decrypt these devices prior to starting any network services. SSLv3 disabled in mod_ssl. To improve security for SSL/TLS connections, support for SSLv3 in the default configuration for the httpd mod_ssl module has been disabled. This change also restricts the use of certain cryptographic cipher suites. KASLR for KVM guests added. Capability for Kernel address-space layout randomization (KASLR) for KVM guests has been added. Btrfs continues to be fully supported in Oracle Linux 7.5 with UEK. Btrfs support is deprecated in the Red Hat Compatible Kernel. For more details on these and other new features and changes, please consult the Oracle Linux 7 Update 5 Release Notes in the Oracle Linux Documentation Library. Oracle Linux can be downloaded, used and distributed free of charge and all updates and errata are freely available. Customers decide which of their systems require a support subscription. This makes Oracle Linux an ideal choice for development, testing and production systems. The customer decides which support coverage is the best for each individual systems, while keeping all of the systems up-to-date and secure. Customers with Oracle Linux Premier Support also receive support for additional Linux programs, including Ceph Storage, Oracle Linux software collections, Oracle OpenStack and zero-downtime kernel updates using Oracle Ksplice. For more information about Oracle Linux, please visit www.oracle.com/linux.

Oracle is pleased to announce the general availability of Oracle Linux 7 Update 5 for the x86_64 architecture. You can find the individual RPM packages on the Unbreakable Linux Network (ULN) and the Or...

Technologies

Deployment of OpenStack Looks Hard, but it isn't

  Need a simple and reliable way to deploy OpenStack? Read this... Authors: Corey Leong and Dilip Modi OpenStack project Kolla packages OpenStack services in Docker containers and provides a deployment tool using Ansible. Kolla takes away a lot of the pain of installing, configuring, and running the various OpenStack services. Oracle OpenStack is the first commercial OpenStack distribution to offer this capability. For more than two years, beginning with the Kilo release, Oracle OpenStack has included the OpenStack control plane in Docker containers, enabling simple and reliable deployment, updates and upgrades of OpenStack. As part of its OpenStack work, Oracle also developed and contributed upstream a command line interface (CLI) called kollacli to Kolla. Kollacli provides a simple, common, intuitive and consistent user interface, further simplifying OpenStack Kolla deployments. This alleviates the need for users to know various command syntax and complexities of Ansible or Docker Containers. Kollacli starts the CLI shell or runs CLI commands from the operating system prompt. Some of the kollacli commands include: kollacli host add: adds a host to the deployment kollacli group add/remove  <group_name>  (control, compute, network, storage, database,.) kollacli group add/remove host  <group_name> <host_name> kollacli host list: lists hosts and deployment groups kollacli property set: to configure OpenStack services kollacli host check: check host configuration kollacli deploy: performs deployment on all configured hosts kollacli host destroy: stops and removes Kolla containers on one or all hosts This  demo video walks you through an Oracle OpenStack deployment using the kollacli. In less than 20 minutes, you can learn how to: Prepare a master node for a deployment Setup target nodes and the kolla user Enable and set up OpenStack services Configure network properties Deploy services Verify a successful deployment Oracle provides you an easy, simple and reliable way to deploy OpenStack, as explained in this install guide. Give Oracle OpenStack a try with a free download.

  Need a simple and reliable way to deploy OpenStack? Read this... Authors: Corey Leong and Dilip Modi OpenStack project Kollapackages OpenStack services in Docker containers and provides a deployment...

You are Invited: Docker Government Summit - April 11, Washington D.C.

Join us for Docker Government Summit, to visualize your journey containers. Faster, more agile development is luring federal, state and local government and education to containers. We have real-world advice from container thought leaders who have helped agencies and universities successfully and smoothly make this transition. Date & Location APRIL 11, 2018 NEWSEUM 555 Pennsylvania Ave. NW Washington, DC 20001 Register now!   Program begins at 9am and ends at 4pm. (Registration & Networking Breakfast starts at 8:00 am)   Docker Government Summit brings together industry leaders and the ecosystem to help you build your strategy for IT modernization.   You are invited to attend the Oracle Breakout session :   April 11, 1:50-2:30pm Rapid Oracle Deployments with Docker Containers Speaker: Phil Morano, Oracle   Other featured sessions are: Lockheed Martin: The migration to cloud and implementation of a containerization strategy presented by Arjuna Rivera, IT Leader at Lockheed Martin   FDA: Business case for containerization, challenges it addresses and implementation best practices, presented by Aurotech and Docker   Virginia Tech case study: Dino apps need love too, the business case for modernizing traditional apps   Docker keynote featuring the modern app platform by Enterprise Edition to deliver agility, portability and security for all apps while optimizing costs   Docker Security Best Practices provides pragmatic guidance and reference architecture for secure infrastructure and apps - presented by Andy Clemenko, Docker Solutions Architect   Learning Labs features guided tutorials to try Docker Orchestration, Modernizing .NET apps, Deploying with Docker Enterprise Edition and Getting Started with Docker on Windows Server   View the full event agenda here.   Register using this link to receive your complimentary pass to attend .  

Join us for Docker Government Summit, to visualize your journey containers. Faster, more agile development is luring federal, state and local government and education to containers. We have real-world...

Oracle Linux Storage Appliance Now Supports Block Volumes

We are pleased to announce the release of Oracle Linux Storage Appliance 1.6.  Oracle Linux Storage Appliance is an Oracle Linux file server that provides a fast and easy way to build shared file systems on Oracle Cloud Infrastructure.  The appliance enables you to export files using multiple protocols including NFS version 3 and 4, and SMB version 3 (Samba). With this new release, you can use block volumes to set up the storage pool to create shared file systems on Oracle Cloud Infrastructure.  In addition, the appliance can now be deployed on any of the available Oracle Cloud Infrastructure compute shapes, including those without NVMe disks attached.   To use block volumes to create shared storage, deploy your appliance on an Oracle Cloud Infrastructure compute shape with no attached NVMe disks (ie. a Standard shape).  You will need to create the block volumes and attach them to the appliance instance. After you have deployed the appliance, you will be prompted to create the appliance storage pool at initial login to the web interface. You can then create your shares in a few easy steps. Simply navigate to the Storage page, select the Add button, and configure your share using NFS and/or SMB export protocols and settings.  Click on the ‘Create’ button and you’re done! Navigate to the Storage page to view storage status and utilization, and manage your shares. If you'd like to use NVMe storage to create your shares instead, deploy the appliance on a compute shape that has attached local NVMe disks (ie. a DenseIO shape). Oracle Linux Storage Appliance is available at no additional cost for Oracle Cloud Infrastructure subscribers. If you aren't subscribed already to Oracle Cloud, you can get started with $300 worth of free credits, so why not try it out Oracle Linux and Oracle Linux Storage Appliance today? For more information, visit the following links: Oracle Linux Storage Appliance Oracle Linux Storage Appliance Deployment and User’s Guide Oracle Linux Storage Appliance 1.6 Custom Image Download for Oracle Cloud Infrastructure  Oracle Linux 7 Administrator's Guide - Shared File System Administration Oracle Linux Blog Oracle Cloud Infrastructure Blog  

We are pleased to announce the release of Oracle Linux Storage Appliance 1.6.  Oracle Linux Storage Appliance is an Oracle Linux file server that provides a fast and easy way to build shared file ...

Linux

Oracle Linux 7 Administration Training Now Even Better

The popular Oracle Linux 7: System Administration course has just gotten even better. This course, which covers a range of topics including installation and configuration, has been updated with additional information on using Oracle Ksplice in different contexts and with tips for those using Oracle Linux on Oracle Cloud Infrastructure. You can take this core course in the following formats: Training-on-Demand: Start training straight away, following lecture delivery by an expert instructor, at your own pace, through streaming video and booking time to get hands-on experience when suits your schedule. Live-Virtual Event: Attend a live event from your own desk, no travel required. Events are added to the schedule to suit different time-zones. Events currently on the schedule include 2 and 23 April and 4 and 11 June 2018. In-Class Event: Travel to an education center to attend an event. You can influence the schedule by requesting a date and location that suits your needs. Common locations include Brazil, Canada, Colombia, Germany, Italy, Korea, Malaysia, Mexico, New Zealand, Philippines, Portugal, South Africa, Spain, Switzerland, Thailand, Turkey, United States and many more. Resources: Oracle Linux curriculum Oracle Linux Product Documentation Oracle Ksplice Oracle Cloud Infrastructure Products

The popular Oracle Linux 7: System Administration course has just gotten even better. This course, which covers a range of topics including installation and configuration, has been updated with...

Linux

New Task Based Learning for Oracle Linux on Oracle Cloud Infrastructure

We are very excited to announce the release of the all new course - Use Oracle Linux on Oracle Cloud Infrastructure. This course is part of Oracle University's digital learning subscription. By purchasing the Oracle University Cloud learning subscription, under Oracle Cloud Infrastructure Services, you access to a selection of learning paths to help you implement, administer, optimize and use Oracle Cloud. The Use Oracle Linux on Oracle Cloud Infrastructure course provides you with a series of short, easy to consume, instructor-led videos which guide you through steps that embark you on a journey of administering Oracle Linux on Oracle Cloud Infrastructure. You will begin by exploring the basic configurations of Oracle Linux and learning how to create Oracle Linux instances on a variety of available VM shapes. You will learn how to configure additional virtual network interfaces on public and private networks in the infrastructure and coordinate network security between Oracle Linux and Oracle Cloud Infrastructure. The content of the Oracle Cloud learning subscription teaches you tasks that are specific to the cloud. Additional content and assets on Oracle Linux tasks you can perform on Oracle Cloud Infrastructure will be added on an ongoing basis. This will permit you to continue learning. For many cloud administration tasks, you will draw on administration knowledge that applies equally well on or off cloud. Resources: Oracle Linux curriculum Oracle Cloud Infrastructure Products Oracle Cloud Infrastructure Product Documentation Oracle Linux Product Documentation

We are very excited to announce the release of the all new course - Use Oracle Linux on Oracle Cloud Infrastructure. This course is part of Oracle University's digital learning subscription. By...

Technologies

Need to Improve Your ROI for OpenStack? Read This…

Currently, many OpenStack deployments are for Dev/Ops, IT services, Test, QA and web services. However, the majority of mission critical business applications have remained on bare metal or virtualized environments as they were designed and built before the ‘cloud era’. And, many of these business applications use Oracle Database. Enterprises are looking to support these mission critical business applications with OpenStack to increase ROI. This is why you’ll want to know more about Oracle OpenStack. Broaden your OpenStack use by easily supporting enterprise applications Many customers that adopt database cloud report greater autonomy and agility for application developers, enabling faster time to market for enterprise applications and business innovation. Oracle OpenStack is the First in the industry to support automated deployment of Oracle Database to enable enterprise applications in OpenStack. Automated deployment of Oracle Database simplifies deployment of these enterprise applications. This guide answers common questions related to planning, designing, and deploying a private database cloud in an Oracle OpenStack environment. Drive costs out of the operations The biggest cost of operating OpenStack is deployment, updates and upgrades. Oracle OpenStack is the First in the industry to deploy the OpenStack control plane in Docker containers, enabling simple and reliable deployment, update and upgrade of OpenStack. Substantially reduce your support costs You can download and use Oracle OpenStack and Oracle Linux for an unlimited time without incurring cost. When you need support for Oracle OpenStack, it is available at no additional cost with a premier support subscription for Oracle Linux, Oracle VM, or Oracle Systems. Customers building from upstream and “rolling their own” OpenStack environments have realized that this can be a time and resource intensive endeavor. By using Oracle OpenStack you get a fully tested, hardened, and supported distribution that can be deployed in hours and not days or months, providing a jump start to developers. This can free up IT staff for more value-added contributions and innovation versus dealing with operational and support issues. Oracle offers significantly lower support costs for Oracle Linux and Oracle OpenStack compared to other commercial distributions. For these reasons, Oracle can help you increase ROI on your OpenStack environment. Give Oracle OpenStack a try with a free download.

Currently, many OpenStack deployments are for Dev/Ops, IT services, Test, QA and web services. However, the majority of mission critical business applications have remained on bare metal or...

Announcements

Oracle Container Runtime for Docker on Oracle Linux for ARM

We are pleased to announce the availability of the Oracle Container Runtime for Docker for the ARM64 architecture. To install, simply run the following command: # yum install docker-engine We are also pleased to announce that the official Oracle Linux image on the Docker Hub has been updated to support both the x86_64 and ARM64 architectures. To pull the latest Oracle Linux 7 base image from the Docker Hub, you can run: # docker pull oraclelinux:7-slim And Docker will automatically pull the correct image for your architecture. We recommend using the 7-slim tag as it provides the smallest possible Oracle Linux 7 base image and is used by all of the Oracle product images published in our Docker Images repository on GitHub, however we also provide the latest, 7 and 7.4 tags if you prefer: REPOSITORY TAG IMAGE ID CREATED SIZE oraclelinux 7 b5e0e6470f16 2 hours ago 279MB oraclelinux 7.4 b5e0e6470f16 2 hours ago 279MB oraclelinux latest b5e0e6470f16 2 hours ago 279MB oraclelinux 7-slim fdaeac435bbd 2 hours ago 146MB Note that there are no Oracle product images available for the ARM64 architecture yet. Support Oracle Linux for ARM is provided as a developer preview and is not covered by Oracle Linux support. If you have any issues, community support is available on in the Oracle Linux for ARM space on the Oracle Technology Network.

We are pleased to announce the availability of the Oracle Container Runtime for Docker for the ARM64 architecture. To install, simply run the following command: # yum install docker-engine We are also...

Linux Kernel Development

An Update on Retpoline-enabled Kernels for Oracle Linux

In January, researchers disclosed flaws in speculative execution known as Meltdown and Spectre. Oracle published official guidance in this support note: Responding to the Spectre and Meltdown vulnerabilities (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) in Oracle Linux and Oracle VM on Oracle X86 Servers (Doc ID 2370398.1) At that time, we shipped mitigations for these security issues which depended on special Intel microcode. We're excited to announce that our latest kernel release kernel-uek-4.1.12-112.16.4 contains faster, retpoline-based mitigations for Spectre Variant 2 (CVE-2017-5715). This kernel is available for both Oracle Linux 7 and Oracle Linux 6. Along with the existing patches for UEK Release 2, UEK Release 3 and the Red Hat Compatible Kernel for Oracle Linux 6 and 7, this provides a full complement of the latest software mitigations for the Spectre and Meltdown vulnerabilities in Oracle Linux. And we've published all the source on github.com here. Oracle also ported the Spectre Variant 2 mitigations into Xen, using IBRS/IBPB mitigations in January. We're about to release retpoline mitigations for Xen on Oracle VM 3.4. This will ensure full protection from Meltdown/Spectre-type attacks for all our supported hypervisors: Oracle VM 3.2, Oracle VM 3.3 and Oracle VM 3.4 and kvm. A discussion of the advantages of Retpolines can be found in this intel.com white paper and in this google.com support article. Retpolines are a software mitigation performed by the compiler which isolates indirect branches from speculative execution. Derived of "return trampoline", retpoline mitigations have significantly less performance overhead than microcode-based mitigation, and under some workloads can bring performance to near pre-patched levels. Retpolines are enabled by recompiling the kernel (and kernel modules) with a retpoline-aware gcc compiler, which is available in Oracle Linux 7 (and also Oracle Linux 6). Our compiler experts ported this support into the gcc-4.8 and gcc-4.4 compilers, and the compilers are available on yum.oracle.com for public download. This was a prerequisite to making retpoline-enabled kernels available on Oracle Linux, which could use the compiler features to self-protect the kernel against the Spectre Variant 2 attacks. Recompilation of applications is not required. The alternative to using retpoline is IBRS, Indirect Branch Restricted Speculation, and calls a special SPEC_CTRL MSR (model-specific register) defined in the latest microcode updates from Intel. IBRS uses microcode to mitigate the security vulnerabilities. IBRS causes a significant drop in performance under some workloads. A second MSR, IBPB (Indirect Branch Predictor Barrier) is still used for some specific use cases even when retpoline is available. There are a number of caveats to using retpolines as a mitigation: first, the hardware has to support retpoline: some modern hardware can ignore the retpoline mitigation and continue speculating instructions. Second, any loadable kernel modules must also be compiled with a retpoline-aware compiler, otherwise the kernel can still be vulnerable. The latest kernel-uek will automatically detect each of these conditions and enable microcode-based IBRS mitigation. The fallback, IBRS mitigation, requires updated microcode on the system. Therefore we always recommend updating system microcode to the latest-available from your hardware vendor. The updated Intel microcode introduces the SPEC_CTRL MSR but does not invoke it -- the kernel has to invoke the MSR. This kernel behavior can be enabled or disabled by the user, so loading the updated microcode on a system where you plan to disable IBRS will not have a performance impact. Microcode does not need to be updated in guest (virtual machine) systems: as long as the host system has the correct microcode and updated software (Xen or qemu), the hypervisor will pass through the MSRs necessary for the guest to protect itself. Third Party Kernel Modules: Any third-party kernel modules must be recompiled with a retpoline-aware compiler. While the kABI guarantees in UEK ensure that previously-compiled modules will load, if those modules are not retpoline aware then the whole kernel will re-enable IBRS protections and the performance advantage of retpolines will be lost.  This includes customers running Oracle Grid Infrastructure software: please update your kernel modules to retpoline-compiled versions! There's a tracking bug (Bug 27463879) for recompiling usm drivers with latest gcc and several MOS notes to help you with this process: ACFS -  MOS Note 1369107.1 and ASMFD - MOS Note 203468.1 as well as specific notes for Exadata (Note 2356385.1) and ODA (Note 2377658.1). Repolines are not required. Retpoline-enabled kernels provide a performance enhancement, but if you have a security-patched kernel without retpolines, it is not critical to pull in these patches immediately. Microcode updates are required: Many scenarios exist where the system may have to fall back to IBRS (microcode-based) mitigations, which will fail if the microcode has not been updated on the system. It's imperative, even if you are able to take advantage of retpolines, to have the microcode available as a fallback.  There are numerous edge cases (kvm, hardened GPG, Xen, hardware limitations, ..) where retpoline mitigations are not sufficient. You don't want to see the following message, which will appear in your 'dmesg' output if the microcode is out-of-date. [ 358.742211] kmod: loading module not compiled with retpoline compiler. [ 358.742214] Spectre V2 : Disabling Spectre v2 mitigation retpoline. [ 358.749417] Spectre V2 : Could not enable IBRS. [ 358.754569] Spectre V2 : No Spectre v2 mitigation to fall back to. [ 358.761587] Spectre V2 : system may be vulnerable to spectre Boot-time logs if retpolines are not possible and IBRS-capable microcode is not available. No application recompile: There is no need to recompile applications to allow the kernel to use retpoline; only loadable kernel modules must be recompiled. In summary: Oracle Linux 6 and 7  with UEK 2, 3 and 4 as well as RHCK address Spectre variants 1, 2, and 3 Our latest Unbreakable Enterprise Kernel release 4 include retpoline-based mitigations for Spectre variant 2 The retpoline-enabled UEK4 offers a significant performance boost over previous releases with microcode-basd Spectre mitigations UEK4 with retpoline mitigations will only work on certain hardware and requires all kernel modules to be compiled with a retpoline-aware compiler UEK4 with retpoline mitigations will fall back on microcode-based protections automatically if conditions necessary for retpoline support are not met All this and more in the My Oracle Support document: Doc ID 2370398.1

In January, researchers disclosed flaws in speculative execution known as Meltdown and Spectre. Oracle published official guidance in this support note: Responding to the Spectre and Meltdown...

Linux Kernel Development

Tips and Tricks for IPsec on Intel 10 Gbe NICs

Shannon Nelson is a Linux kernel driver expert and kernel developer who has been looking at accelerating IPsec performance. In this blog blog post, he shows how to reduce the overhead of running with IPsec enabled.  IPsec has been gaining in popularity, but is quite a hit against network throughput, making multi-Gigabit network connections slow to Megabit speeds.  With support for IPsec hardware offload recently added to the Linux kernel's network stack, Oracle has added IPsec offload support to the kernel driver for Intel's 10 GbE family of NICs, bringing throughput back into the multi-Gigabit range. IPsec Offload In Linux IPsec (Internet Protocol Security), for encrypting network traffic, has been gaining in popularity as the cloud supported networks have grown.  However, it becomes quite a hit against network data throughput. Enabling full message encryption can easily take a 10 GbE link down to the 200 Mbps range, and suck down a lot of server CPU cycles in the process. While other operating systems have supported for some time the offloading of IPsec encryption to hardware, the Linux kernel has only recently added it.  The initial patches to expand the XFRM framework were accepted into the 4.11 kernel in Spring of 2017 [1], and was first used by the Mellanox mlx5e network driver.  Some background for this work can be found in the IPsec presentations at the recent Netdevcon conferences [2] [3] .  Similar work has also been done in DPDK implementations, but these bypass the Linux kernel and are not useful for normal applications [4]. Intel's current family of 10 GbE network devices originally came out in 2007 with the 82598, but hardware support for IPsec offload didn't appear until the 82599 (aka x540) was released in 2009.  Support for this hardware offload was added into the Microsoft Windows mini-driver at that time, but it was left unimplemented in the Linux driver. The NICs are capable of offloading the AES-128-GMAC and AES-128-GCM, and can offload 1024 Security Associatsions (SAs) for each of Tx and Rx directions.  Only 128 incoming IP addresses can be specified, but several Rx SAs can share an IP address.  To make the Rx decode faster, special Content Addressable Memory is used for the Rx SA tables. Oracle Activity Oracle provides platforms that use Intel's 10 GbE device, so it is in our best interest to be sure that our customers have access to the security and performance they need to be successful.  Given the recent Linux kernel support, we embarked on adding support for the IPsec hardware offload in ixgbe, the driver for Intel's 10 GbE NICs.  Intel had done some early work to add this feature to their driver as the kernel support was being developed in 2016, with encouragement from Oracle developers, but their effort got sidetracked by other priorities.  We were able to build from this work as a head-start to a working implementation. Theory of Operations When the ixgbe driver is loaded and sets up its network data structures, it sets the NETIF_F_HW_ESP netdev feature flag to signal support for the IPsec offload, and initializes the xfrmdev_ops callbacks.  It also clears the hardware tables and sets up the software shadow tables, but leaves the offload engine disabled until the first Security Association is added in order to save on the chip's power requirements.  The software shadow tables track the hardware table contents for faster searches and for table reloads on hardware resets. As the user adds and removes the SAs and their encryption keys, the driver's xdo_dev_state_add and xdo_dev_state_delete functions are called to update the hardware tables.  When the last SA is removed, the offload engine is disabled, again to save on power requirements.  SAs can be managed on the Linux command line via the 'ip' command, or through use of 3rd party applications such as StrongSwan, LibreSwan, and others. A "simple" pair of 'ip' commands to encrypt TCP traffic to and from a server through network port eth4 might look something like this: ip xfrm policy add dir out src 14.0.0.52/24 dst 14.0.0.70/24 \     proto tcp tmpl proto esp src 14.0.0.52 dst 14.0.0.70 \     spi 0x07 mode transport reqid 0x07 ip xfrm policy add dir in src 14.0.0.70/24 dst 14.0.0.52/24 \     proto tcp tmpl proto esp dst 14.0.0.52 src 14.0.0.70 \     spi 0x07 mode transport reqid 0x07 ip xfrm state add proto esp src 14.0.0.52 dst 14.0.0.70 \     spi 0x07 mode transport reqid 0x07 replay-window 32 \     aead 'rfc4106(gcm(aes))' 0x44434241343332312423222114131211f4f3f2f1 128 \     sel src 14.0.0.52/24 dst 14.0.0.70/24 proto tcp \     offload dev eth4 dir out ip xfrm state add proto esp dst 14.0.0.52 src 14.0.0.70 \     spi 0x07 mode transport reqid 0x07 replay-window 32 \     aead 'rfc4106(gcm(aes))' 0x44434241343332312423222114131211f4f3f2f1 128 \     sel src 14.0.0.70/24 dst 14.0.0.52/24 proto tcp \     offload dev eth4 dir in   A similar set of commands would be required on the remote host, but with this src and dst parameters swapped.  Both sides need to have the hardware offload enabled in order to get the throughput benefit. When a network packet is to be encrypted before sending, the packet's skb (socket data buffer) is given to the driver and has a pointer to the SA information.  The network stack has already inserted the encryption headers into the data packet, but without filling in the final encryption information.  The driver sets up the hardware to do the encryption using the specific SA - in the ixgbe case, the driver sets up a special Tx Context Descriptor that contains the encryption information - and the driver hands the packets to the NIC hardware.  The encryption engine uses the indicated encryption key to encode the packet data, fills in the rest of the header data, and sends the packet on its way. On receipt of a packet, the decryption engine looks at the packet header to see if it matches any of the Rx SAs that have been loaded.  If so, the key is used to decode the packet and the driver is informed there was a decryption.  The driver fills out a new packet skb with with decryption information and hands it up the kernel stack.  The XFRM receive code then strips off the extra headers before routing the packet to the destination user program. Current Status At this writing, the driver's offload feature has been submitted to Intel's driver code tree and is expected to be pushed to the upstream net-next tree soon, targeting release in the v4.16 kernel.  The feature should be supported in the up-coming UEK5 distribution from Oracle. In a simple TCP stream test on a pair of Oracle x5-2 systems over the 10 GbE NICs, the data throughput goes from around 330 Mbps using the default software IPsec to around 7 Gbps with the hardware offload enabled on both ends.  Currently the checksum and TSO offloads in conjunction with IPsec offload are not yet implemented.  The throughput should get near to line rate once these are completed. Many thanks go to the Intel folks, especially Jesse Brandeburg, for their support in better understanding the hardware operations, and to Steffen Klassert and the XFRM folks for their help with using the XFRM framework. References 1. xfrm: Add an IPsec hardware offloading API  https://patchwork.ozlabs.org/patch/752710/ 2. Netdevconf 1.2 IPsec workshop https://netdevconf.org/1.2/session.html?steffen-klassert 3. Netdevconf 2.2 IPsec workshop https://netdevconf.org/2.2/session.html?klassert-ipsec-workshop 4. Efficient serving of VPN endpoints on COTS server hardware https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/CloudNet2016.pdf

Shannon Nelson is a Linux kernel driver expert and kernel developer who has been looking at accelerating IPsec performance. In this blog blog post, he shows how to reduce the overhead of running with...

Announcements

Oracle Linux for ARM Developer Preview being Demo’d by Ampere and Cavium at OCP

Tomorrow is the start of the 2018 Open Compute Project (OCP) US Summit, being held March 20 – 21, at the San Jose Convention Center. If you are at the show, don’t miss the Oracle Linux for ARM64 developer preview being demo’d by Ampere (booth #A32) and Cavium (booth #37). The ARM64 architecture and ecosystem is growing and customers are interested in the value ARM offers, as it delivers strong performance and scalability for the growing demands of enterprise and cloud computing workloads. These Oracle Linux demos highlight Oracle’s commitment to building and optimizing an enterprise-class Linux operating system for ARM-based processors and providing access to a modern Linux kernel and development environment to help partners and customers start building next-generation solutions. Oracle Linux for ARM is available as a developer preview release from the Oracle Technology Network and is free to download, distribute and use. We encourage developers, ISVs and IHVs to utilize this as their test and development platform, however, keep in mind this release is a preview and is not covered by Oracle Linux support subscriptions.   More about Oracle Linux for ARM: Download Oracle Linux for ARM developer preview Developer Community Oracle Linux Wim Coekaerts blog

Tomorrow is the start of the 2018 Open Compute Project (OCP) US Summit, being held March 20 – 21, at the San Jose Convention Center. If you are at the show, don’t miss the Oracle Linux for ARM64...

Oracle

Integrated Cloud Applications & Platform Services