从orale网站找到的一个介绍dtrace的资料

Main | Next page »

Monday Aug 29, 2011

Running GNOME Terminal From a Zone

By bleonard on Aug 29, 2011

As I've mentioned before,I VPN into the Oracle Intranet from within a zone. Once I establish theVPN connection, I'm no longer able to SSH into the zone, which is aslight drag if I'd like to open a new terminal window. The solution isto launch a new GNOME terminal window from within the zone. However,this wasn't without some minor hurdles to clear, so I'm documenting theprocess for future reference.

I'm assuming your zone alreadyhas a user account and the X authority file utility installed so youcan launch X applications. If not, follow Steps 2 and 3 from the entry Running Firefox From a Zone.

Of course, GNOME Terminal needs to be installed:

bleonard@myzone:~$ sudo pkg install gnome-terminal
               Packages to install:     1
           Create boot environment:    No
               Services to restart:     2
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1       80/80      2.1/2.1

PHASE                                        ACTIONS
Install Phase                                160/160 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2  

At this point, you'd like to think you could just launch gnome-terminal, but alas:

bleonard@myzone:~$ gnome-terminal
**
ERROR:terminal-app.c:1450:terminal_app_init: assertion failed: (app->default_profile_id != NULL)
Abort (core dumped)

It turns out you also need to install theSMF services responsible for updating the GNOME desktop caches (I'vealready filed an issue for this):

bleonard@myzone:~$ sudo pkg install desktop-cache
               Packages to install:     8
           Create boot environment:    No
               Services to restart:     5
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  8/8   3125/3125    13.5/13.5

PHASE                                        ACTIONS
Install Phase                              3566/3566 

PHASE                                          ITEMS
Package State Update Phase                       8/8 
Image State Update Phase                         2/2 

After installing the package, wait a fewseconds while the cache is built. You can verify it's complete when theGNOME Gconf Cache Builder service state changes to online:

bleonard@myzone:~$ svcs -l gconf-cache
fmri         svc:/application/desktop-cache/gconf-cache:default
name         GNOME Gconf Cache Builder
enabled      true
state        online
next_state   none
state_time   August 29, 2011 04:50:45 PM EDT
logfile      /var/svc/log/application-desktop-cache-gconf-cache:default.log
restarter    svc:/system/svc/restarter:default
dependency   require_all/none svc:/system/filesystem/local (online)

After which, gnome-terminal should start successfully:

bleonard@myzone:~$ gnome-terminal &

If for some reason you still run into a problem, try refreshing the GNOME Gconf Cache Service:

bleonard@myzone:~$ sudo svcadm refresh gconf-cache

Category: Solaris

Tags: gconf-cache gconfd gnome-terminal solaris zone

Permanent link to this entry | Comments [0]

Friday Aug 19, 2011

Replacing the system HDD by a larger one on Solaris 11 X86

By cpauliat on Aug 19, 2011

A feedback on replacing the internal disk drive on a Solaris 11 Expresslabtop by a larger one, using ZFS mirrorring and ZFS split.
[ Read More]

Category: Solaris

Tags: 11 solaris zfs

Permanent link to this entry | Comments [2]

Thursday Jul 28, 2011

Installing WebLogic in a Zone

By bleonard on Jul 28, 2011

Sadly, the download pagefor WebLogic 10.3.5 doesn't yet include an installer for Solaris onx86. So, here for you, I outline the steps I took to successfullyinstall WebLogic on Solaris - in a zone, of course.

Step 1: Create the Zone

The Web Logic installer requires 1.2 GB of swap space. Follow these steps to ensure you have enough.

Create a VNIC for the zone:

bleonard@solaris:~$ sudo dladm create-vnic -l e1000g0 wls_zone0

Create the zone:

bleonard@solaris:~$ sudo zonecfg -z wls_zone
wls_zone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:wls_zone> create
zonecfg:wls_zone> set zonepath=/zones/wls_zone
zonecfg:wls_zone> set ip-type=exclusive
zonecfg:wls_zone> add net
zonecfg:wls_zone:net> set physical=wls_zone0
zonecfg:wls_zone:net> end
zonecfg:wls_zone> verify
zonecfg:wls_zone> exit 

Install the zone:

bleonard@solaris:~$ sudo zoneadm -z wls_zone install
...

Here's the sysidcfg file I used for the zone:

bleonard@solaris:~$ sudo cat /zones/wls_zone/root/etc/sysidcfg
system_locale=C
terminal=xterms
network_interface=PRIMARY {
	hostname=wls_zone
	ip_address=10.0.1.70
        default_route=10.0.1.1
	netmask=255.255.255.0
 	protocol_ipv6=no}
security_policy=none
name_service=NONE
nfs4_domain=dynamic
timezone=US/Eastern
root_password=fto/dU8MKwQRI

Boot and configure the zone:

bleonard@solaris:~$ sudo zoneadm -z wls_zone boot
bleonard@solaris:~$ sudo zlogin -C wls_zone
[Connected to zone 'wls_zone' console]
100/100
Hostname: wls_zone
Loading smf(5) service descriptions: 3/3
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses:.

wls_zone console login: root
Password: abc123 

Configure DNS name resolution:

bleonard@solaris:~$ sudo cp /etc/nsswitch.conf /zones/wls_zone/root/etc/.
bleonard@solaris:~$ sudo cp /etc/resolv.conf /zones/wls_zone/root/etc/.

Step 2: Install the Supporting Software

The JDK:

root@wls_zone:~# pkg install jdk
               Packages to install:     3
           Create boot environment:    No
               Services to restart:     1
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  3/3   1252/1252    71.7/71.7

PHASE                                        ACTIONS
Install Phase                              1633/1633 

PHASE                                          ITEMS
Package State Update Phase                       3/3 
Image State Update Phase                         2/2 

Include 64-bit support:

root@wls_zone:~# pkg install jdk64
               Packages to install:     1
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1       32/32      0.7/0.7

PHASE                                        ACTIONS
Install Phase                                  59/59

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

The X authority file utility. This will allow us to forward the display to the zone so we can run the graphical installer:

root@wls_zone:~# pkg install xauth
               Packages to install:     1
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1         6/6      0.0/0.0

PHASE                                        ACTIONS
Install Phase                                  37/37 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

Install the X Test and Record extensions client library. This library is also required to start the graphical installer:

root@wls_zone:~# pkg install libxtst
               Packages to install:     2
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  2/2       96/96      0.2/0.2

PHASE                                        ACTIONS
Install Phase                                176/176 

PHASE                                          ITEMS
Package State Update Phase                       2/2 
Image State Update Phase                         2/2 

Step 3:  Create a User Account

For this exercise I'm going to create a user 'weblogic'.

root@wls_zone:~# useradd -m -d /weblogic -s /usr/bin/bash weblogic
root@wls_zone:~# passwd weblogic 
New Password: weblogic
Re-enter new Password: weblogic 
passwd: password successfully changed for weblogic

Step 4: Download WebLogic and Copy to the Zone

Downloading the Oracle WebLogic Server 11gR1 (10.3.5) + Coherence Package Installer File 1 for Additional Platforms. You may also want to download the Supplemental ZIP distribution File 1 that contains sample applications.

Copy those files into the zone:

bleonard@solaris:~$ sudo cp Download/wls1035_generic.jar /zones/wls_zone/root/weblogic/.
bleonard@solaris:~$ sudo cp Download/wls1035_dev_supplemental.zip /zones/wls_zone/root/weblogic/.

Step 5: Start the Installer

SSH into the zone. Be sure to forward the X11 display:

bleonard@solaris:~$ ssh -X weblogic@10.0.1.70
The authenticity of host '10.0.1.70 (10.0.1.70)' can't be established.
RSA key fingerprint is c4:73:8b:ea:db:c5:1e:fd:76:35:61:26:92:8e:4e:4b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.1.70' (RSA) to the list of known hosts.
Password: 
Last login: Thu Jul 28 07:55:41 2011 from 10.0.1.3
Oracle Corporation      SunOS 5.11      snv_151a        June 2011

Here's the official documentation to Starting the Installation Program on UNIX Using .jar Installers. Note, I'm also adding the option -Dspace.detection=false, because I can't figure out how to get past this error:

I certainly have more then 1MB of space in my home directory. So basically:

weblogic@wls_zone:~$ java -d64 -Dspace.detection=false -jar wls1035_generic.jar 
Extracting 0%....................................................................................................100%

Working through the installer, I select most of the defaults except where noted:

Enter your My Oracle Support credentials if you have them. You're allowed to continue if you them them blank, as I did:

Select the Custom Install Type. I like to include the Server Examples, but this is optional.

Select Server Examples:

I recommend running Quickstart to create an initial domain. To run Quickstart later, you'll find it at Oracle/Middleware/wlserver_10.3/common/quickstart/quickstart.sh.

Step 6:  Start the Server

weblogic@wls_zone:~$ ./Oracle/Middleware/user_projects/domains/base_domain/startWebLogic.sh &
..
<Jul 28, 2011 8:54:10 AM PDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode> 

Step 7:  Browse to the Console

http://10.0.1.70:7001/console:

Category: Solaris

Tags: solaris weblogic wls zone

Permanent link to this entry | Comments [0]

Monday Jul 25, 2011

Zone Swap Space

By bleonard on Jul 25, 2011

A non-global zone inherits its swap space setting from the global zone. For example, in my global zone:

bleonard@solaris:~$ swap -sh
total: 604M allocated + 122M reserved = 724M used, 836M available

And in my local zone:

bleonard@myzone:~$ swap -sh
total: 604M allocated + 122M reserved = 724M used, 836M available 

If I need to increase swap space in a particular zone, I need to add swap to the entire system. As covered in Adjusting the Sizes of Your ZFS Swap and Dump Devices, first add another swap volume:

bleonard@solaris:~$ sudo zfs create -V 1G rpool/swap2
Password: 

Then add the new volume to the swap:

bleonard@solaris:~$ sudo swap -a /dev/zvol/dsk/rpool/swap2

bleonard@solaris:~$ swap -sh
total: 612M allocated + 133M reserved = 748M used, 1.8G available

The new swap is also immediately recognized by the zone:

bleonard@myzone:~$ swap -sh
total: 612M allocated + 133M reserved = 748M used, 1.8G available

To permanently add the swap to the system, you need to add the device to the /etc/vfstab file:

bleonard@solaris:~$ cat /etc/vfstab 
#device		device		mount		FS	fsck	mount	mount
#to mount	to fsck		point		type	pass	at boot	options
#
/devices	-		/devices	devfs	-	no	-
/proc		-		/proc		proc	-	no	-
ctfs		-		/system/contract ctfs	-	no	-
objfs		-		/system/object	objfs	-	no	-
sharefs		-		/etc/dfs/sharetab	sharefs	-	no	-
fd		-		/dev/fd		fd	-	no	-
swap		-		/tmp		tmpfs	-	yes	-

/dev/zvol/dsk/rpool/swap	-		-		swap	-	no	-
/dev/zvol/dsk/rpool/swap2	-		-		swap	-	no	-

You can also control the amount of swap space used by zones with resource caps, for example:

bleonard@solaris:~$ sudo zonecfg -z myzoney  
zonecfg:myzone> add capped-memory
zonecfg:myzone:capped-memory> set swap=1G
zonecfg:myzone:capped-memory> end
zonecfg:myzone> verify
zonecfg:myzone> exit

This change will require a zone reboot:

bleonard@solaris:~$ sudo zoneadm -z myzone reboot

After which the swap cap will be in place:

bleonard@myzone:~$ swap -sh
total: 33M allocated + 0K reserved = 33M used, 988M available

Category: Solaris

Tags: swap zone

Permanent link to this entry | Comments [0]

Tuesday Jul 19, 2011

Integrated Load Balancer

By bleonard on Jul 19, 2011

I'm not sure how well known it is that Solaris 11 contains a load balancer. The official documentation, starting with the Integrated Load Balancer Overview, does a great job of explaining this feature. In this blog entry my goal is to provide an implementation example.

Forstarters, I will be using the HALF-NAT operation mode. Basically,HALF-NAT means that the client's IP address is not mapped so that theservers know the real client address. This is usually preferred forserver logging (see ILB Operation Modes for more). 

I will load balance traffic across 2 zones, each running the ApacheTomcat server. The load balancer itself will be configured as amulti-homed zone. The configuration will look as follows:

Step 1: Create the VNICs

The first step is to create VNICs for all of these interfaces:

bleonard@solaris:~$ sudo dladm create-vnic -l e1000g0 ilb0
bleonard@solaris:~$ sudo dladm create-vnic -l e1000g0 ilb1
bleonard@solaris:~$ sudo dladm create-vnic -l e1000g0 server1
bleonard@solaris:~$ sudo dladm create-vnic -l e1000g0 server2

Step 2: Create the Zones:

If you don't already have a file system for your zones:

bleonard@solaris:~$ sudo zfs create -o mountpoint=/zones rpool/zones

Then create the ILB zones:

bleonard@solaris:~$ sudo zonecfg -z ilb-zone
ilb-zone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:ilb-zone> create
zonecfg:ilb-zone> set zonepath=/zones/ilb-zone
zonecfg:ilb-zone> set ip-type=exclusive
zonecfg:ilb-zone> add net
zonecfg:ilb-zone:net> set physical=ilb0
zonecfg:ilb-zone:net> end
zonecfg:ilb-zone> add net
zonecfg:ilb-zone:net> set physical=ilb1
zonecfg:ilb-zone:net> end
zonecfg:ilb-zone> verify
zonecfg:ilb-zone> exit 

And the server zones (repeat this step for server 2 - changing values where appropriate):

bleonard@solaris:~$ sudo zonecfg -z server1-zone
server1-zone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:server1-zone> create
zonecfg:server1-zone> set zonepath=/zones/server1-zone
zonecfg:server1-zone> set ip-type=exclusive
zonecfg:server1-zone> add net
zonecfg:server1-zone:net> set physical=server1
zonecfg:server1-zone:net> end
zonecfg:server1-zone> verify
zonecfg:server1-zone> exit

Step 3: Install the ILB Zone

Then install the ilb-zone (wait to install the server zones as we will just clone this zone):

bleonard@solaris:~$ sudo zoneadm -z ilb-zone install
A ZFS file system has been created for this zone.
   Publisher: Using solaris (http://pkg.oracle.com/solaris/release/ ).
       Image: Preparing at /zones/ilb-zone/root.
       Cache: Using /var/pkg/download.
Sanity Check: Looking for 'entire' incorporation.
  Installing: Core System (output follows)
------------------------------------------------------------
Package: pkg://solaris/consolidation/osnet/osnet-incorporation@0.5.11,5.11-0.151.0.1:20101104T230646Z
License: usr/src/pkg/license_files/lic_OTN

Oracle Technology Network Developer License Agreement

...

               Packages to install:     1
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1         1/1      0.0/0.0

PHASE                                        ACTIONS
Install Phase                                  11/11

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 
               Packages to install:    45
           Create boot environment:    No
               Services to restart:     3
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                45/45 12511/12511    89.1/89.1

PHASE                                        ACTIONS
Install Phase                            17953/17953 

PHASE                                          ITEMS
Package State Update Phase                     45/45 
Image State Update Phase                         2/2 
  Installing: Additional Packages (output follows)
               Packages to install:    46
           Create boot environment:    No
               Services to restart:     2
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                46/46   4498/4498    26.5/26.5

PHASE                                        ACTIONS
Install Phase                              6139/6139 

PHASE                                          ITEMS
Package State Update Phase                     46/46 
Image State Update Phase                         2/2 

        Note: Man pages can be obtained by installing SUNWman
 Postinstall: Copying SMF seed repository ... done.
 Postinstall: Applying workarounds.
        Done: Installation completed in 499.617 seconds.

  Next Steps: Boot the zone, then log into the zone console (zlogin -C)
              to complete the configuration process.

I will be using the following sysidcfg file to automate the zone's system configuration. Adjust your values accordingly. The root password is "abc123":

bleonard@solaris:~$ sudo cat /zones/ilb-zone/root/etc/sysidcfg 
system_locale=C
terminal=xterms
network_interface=ilb0 {
    primary
    hostname=ilb-ext
    ip_address=10.0.2.21
    netmask=255.255.255.0
    default_route=10.0.2.2
    protocol_ipv6=no}
network_interface=ilb1 {
    hostname=ilb-int
    ip_address=192.168.1.21
        default_route=NONE
    netmask=255.255.255.0
     protocol_ipv6=no}
security_policy=none
name_service=NONE
nfs4_domain=dynamic
timezone=US/Eastern
root_password=fto/dU8MKwQRI

Boot and log into the zone:

bleonard@solaris:~$ sudo zoneadm -z ilb-zone boot
bleonard@solaris:~$ sudo zlogin -C ilb-zone
[Connected to zone 'ilb-zone' console]
100/100
Hostname: ilb-zone
Loading smf(5) service descriptions: 3/3
 network_interface=ilb0 {
ilb0 is not a valid network interface  line 3 position 19
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: ilb0 ilb1.

ilb-ext console login: root
Password: abc123
Jul  1 10:54:37 ilb-ext login: ROOT LOGIN /dev/console
Oracle Corporation      SunOS 5.11      snv_151a        November 2010
root@ilb-ext:~# 

Since our ilb-zone has 2 network interfaces, we also want to make sure a packet arriving on one network interface and addressed to a host on a different network is forwarded to the appropriate interface.

 root@ilb-ext:~# svcadm enable ipv4-forwarding

Step 4: Install the Serve 1 Zone

We'll create the first server zone as a clone of the ilb-zone. We'll then configure the server 1 zone and clone it to server 2.

Shut down ilb-zone so that it can be cloned:

bleonard@solaris:~$ sudo zoneadm -z ilb-zone halt

Then clone ilb-zone:

bleonard@solaris:~$ sudo zoneadm -z server1-zone clone ilb-zone

Here's a sysidcfg file to use with server1-zone:

bleonard@solaris:~$ sudo cat /zones/server1-zone/root/etc/sysidcfg
system_locale=C
terminal=xterms
network_interface=PRIMARY {
	hostname=server1-zone
	ip_address=192.168.1.50
	netmask=255.255.255.0
	default_route=none
	protocol_ipv6=no}
security_policy=none
name_service=NONE
nfs4_domain=dynamic
timezone=US/Eastern
root_password=fto/dU8MKwQRI

Then boot and log in to server1-zone:

bleonard@solaris:~$ sudo zoneadm -z server1-zone boot
Password: 
bleonard@solaris:~$ sudo zlogin -C server1-zone
[Connected to zone 'server1-zone' console]
Hostname: server1-zone
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: server1.

server1-zone console login: root
Password: abc123
Jul  1 14:53:20 server1-zone login: ROOT LOGIN /dev/console
Last login: Fri Jul  1 13:54:37 on console
Oracle Corporation      SunOS 5.11      snv_151a        November 2010

Also boot back up the ilb zone:

bleonard@solaris:~$ sudo zoneadm -z ilb-zone boot
Password: 

Step 5: Configure Internet Access

Test if you can ping the outside world from within the ilb zone:

root@ilb-ext:~# ping www.oracle.com
ping: unknown host www.oracle.com

Open another terminal window. The new terminal window should have you in the global zone. Copy the /etc/resolve.conf and /etc/[nsswitch.conf files from the global zone to ilb-zone and server1-zone:

bleonard@solaris:~$ sudo cp /etc/resolv.conf /zones/ilb-zone/root/etc/.
Password: 
bleonard@solaris:~$ sudo cp /etc/nsswitch.conf /zones/ilb-zone/root/etc/.
bleonard@solaris:~$ sudo cp /etc/resolv.conf /zones/server1-zone/root/etc/.
bleonard@solaris:~$ sudo cp /etc/nsswitch.conf /zones/server1-zone/root/etc/. 

Return to the ilb-zone. You should not be able to reach the outside world:

root@ilb-ext:~# ping www.oracle.com
www.oracle.com is alive 

However, server1-zone needs some routing set up before it can reach out as it will route its traffic through the ilb-zone:

root@server1-zone:~# route -p add  default 192.168.1.21
add net default: gateway 192.168.1.21
add persistent net default: gateway 192.168.1.21

root@server1-zone:~# ping www.oracle.com
www.oracle.com is alive 

Step 6: Install Tomcat

Apache Tomcat will be the service we load balance to:

root@server1-zone:~# pkg install tomcat tomcat-examples runtime/java
               Packages to install:     3
           Create boot environment:    No
               Services to restart:     2
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  3/3   1166/1166    38.9/38.9

PHASE                                        ACTIONS
Install Phase                              1504/1504 

PHASE                                          ITEMS
Package State Update Phase                       3/3 
Image State Update Phase                         2/2 
Loading smf(5) service descriptions: 1/1

root@server1-zone:~# svcadm enable http:tomcat6

Step 7: Configure Routing to the Server Zone

From the global zone we need to be able to reach the server. Add the following route (the -p option makes the changes persistent across network restarts):

bleonard@solaris:~$ sudo route -p add 192.168.1.0 10.0.2.21
Password: 
add net 192.168.1.0: gateway 10.0.2.21
add persistent net 192.168.1.0: gateway 10.0.2.21

And now you should be able to reach Tomcat from the global zone (or any client on that subnet):

Step 8: Cloning the Tomcat Server Zone

Now that we have the Tomcat server running in a zone, we can quickly create another instance. First, we need to shut down the server1-zone:

bleonard@solaris:~$ sudo zoneadm -z server1-zone halt

Then clone it:

bleonard@solaris:~$ sudo zoneadm -z server2-zone clone server1-zone

Copy the sysidcfg file you created for server 1 to server 2:

bleonard@solaris:~$ sudo cp /zones/server1-zone/root/etc/sysidcfg /zones/server2-zone/root/etc/sysidcfg

Then change the hostname and ip_address. This time around we'll also set the default router. Once editing is complete, the file should look as follows:

bleonard@solaris:~$ sudo cat /zones/server2-zone/root/etc/sysidcfg
system_locale=C
terminal=xterms
network_interface=PRIMARY {
	hostname=server2-zone
	ip_address=192.168.1.60
	netmask=255.255.255.0
	default_route=192.168.1.21
	protocol_ipv6=no}
security_policy=none
name_service=NONE
nfs4_domain=dynamic
timezone=US/Eastern
root_password=fto/dU8MKwQRI

Then boot and log into the server 2 zone:

bleonard@solaris:~$ sudo zoneadm -z server2-zone boot
bleonard@solaris:~$ sudo zlogin -C server2-zone
[Connected to zone 'server2-zone' console]
Hostname: server2-zone
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: server2.

server2-zone console login: root
Password: abc123
Jul  6 10:39:54 server2-zone login: ROOT LOGIN /dev/console
Last login: Fri Jul  1 16:19:45 on console
Oracle Corporation      SunOS 5.11      snv_151a        November 2010
root@server2-zone:~# 

Not only does this 2nd zone install much, much quicker, but Tomcat is already up and running:

It really gives you a feel for how easy it can be to scale using Solaris in a cloud type environment.

Don't forget to boot server1-zone:

bleonard@solaris:~$ sudo zoneadm -z server1-zone boot

Step 9: Configure Load Balancing

OK,that was a lot of setup just to get to the point of this blog. But nowthat we have 2 servers running at 2 IP address, let's set up a loadbalancer to scale traffic between them.

In the ILB zone, install the ILB:

root@ilb-ext:~# pkg install ilb
               Packages to install:     1
           Create boot environment:    No
               Services to restart:     1
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1       11/11      0.2/0.2

PHASE                                        ACTIONS
Install Phase                                  38/38 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 
Loading smf(5) service descriptions: 1/1

Then enable the ILB service:

root@ilb-ext:~# svcadm enable ilb

Then define a server group:

root@ilb-ext:~# ilbadm create-servergroup -s servers=192.168.1.50:8080,192.168.1.60:8080 tomcatgroup
root@ilb-ext:~# ilbadm show-servergroup 
SGNAME         SERVERID            MINPORT MAXPORT IP_ADDRESS
tomcatgroup    _tomcatgroup.0      8080    8080    192.168.1.50
tomcatgroup    _tomcatgroup.1      8080    8080    192.168.1.60

Thendefine a load balancing rule. This is the most complicated part of theprocess. For starters, I'll try to keep the rule as simple as possible.The rule is enabled (-e), will persist (-p), incoming packets (-i) are matched against destination virtual IP address (vip) and port 10.0.2.20:80. The packet is handled (-m) using round robin (rr). The destination for the packets (-o) is server group tomcatgroup. The rule is called tomcatrule_rr.

root@ilb-ext:~# ilbadm create-rule -e -p -i vip=10.0.2.20,port=80 -m lbalg=rr,type=HALF-NAT -o servergroup=tomcatgroup tomcatrule_rr

You can view the rule as follows:

root@ilb-ext:~# ilbadm show-rule
RULENAME            STATUS LBALG       TYPE    PROTOCOL VIP         PORT
tomcatrule_rr       E      roundrobin  HALF-NAT TCP 10.0.2.20       80
root@ilb-ext:~# ilbadm show-rule -f
       RULENAME: tomcatrule_rr
         STATUS: E
           PORT: 80
       PROTOCOL: TCP
          LBALG: roundrobin
           TYPE: HALF-NAT
      PROXY-SRC: --
          PMASK: /32
        HC-NAME: --
        HC-PORT: --
     CONN-DRAIN: 0
    NAT-TIMEOUT: 120
PERSIST-TIMEOUT: 60
    SERVERGROUP: tomcatgroup
            VIP: 10.0.2.20
        SERVERS: _tomcatgroup.0,_tomcatgroup.1

Finally, we need to tell the outside world that packets destined for our VIP, 10.0.2.20, should be sent to ilb0. First, find the MAC address of ilb0:

root@ilb-ext:~# dladm show-vnic ilb0
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
ilb0         ?            1000   2:8:20:bf:2a:d9   random              0

Then resolve the address to interface ilb0 using arp:

root@ilb-ext:~# arp -s 10.0.2.20 2:8:20:bf:2a:d9 pub permanent

You should then be able to ping the VIP:

root@ilb-ext:~# ping 10.0.2.20
10.0.2.20 is alive

Step 10: Load Balance!

You can now point your browser to the virtual IP address and get a result back from one of the Tomcat servers:

Verycool! But from which server was I served? I modified the examplesnoop.jsp to return the server's hostname and IP Address. Save the snoop.jsp to the /var/tomcat6/webapps/examples/jsp/snp directory in each of your zones.

bleonard@solaris:~$ sudo cp Downloads/snoop.jsp /zones/server1-zone/root/var/tomcat6/webapps/examples/jsp/snp/.
bleonard@solaris:~$ sudo cp Downloads/snoop.jsp /zones/server2-zone/root/var/tomcat6/webapps/examples/jsp/snp/.

I've appended the Server Side IP Address section to the bottom of the page, http://10.0.2.20/examples/jsp/snp/snoop.jsp:

Step 11: Health Checks

To keep things simple on the first go-around, I avoided health checks. However, it's pointless to have a load balancer that continues to feed requests to a dead server.

Healthcheck options include ping probes, TCP probes, UDP probes and auser-defined script. Since I'm concerned about the health of Tomcat,I've created a simple script:

root@ilb-ext:~# cat /var/hc-tomcat 
#!/bin/bash
result=`curl -s http://$2:8080`
if [ ${result:0:5} = "<meta" ]; then
        echo 0
else
        echo -1 
fi

The load balancer provides the following variables to use with your script, of which I'm only using $2:

$1 - VIP (literal IPv4 or IPv6 address)
$2 - Server IP (literal IPv4 or IPv6 address)
$3 - Protocol (UDP, TCP as a string)
$4 - Numeric port range (the user-specified value for hc-port)
$5- maximum time (in seconds) that the test should wait before returninga failure. If the test runs beyond the specified time, it might bestopped, and the test would be considered failed. This value isuser-defined and specified in hc-timeout.

Ensure the script has execute permissions (the ilbd deamon, which runs the health check, is not run as root):

root@ilb-ext:~# chmod +x /var/hc-tomcat

Giving the script a quick test:

root@ilb-ext:~# /var/hc-tomcat n/a 192.168.1.50
0

You then create a health check rule as follows:

root@ilb-ext:~# ilbadm create-healthcheck -h hc-test=/var/hc-tomcat,hc-timeout=2,hc-count=1,hc-interval=10 hc-tomcat

The hc-timeout is how many seconds the health check will wait for a response before giving up. The hc-count is how many times the script will attempt to succeed before claiming the server to be dead. The hc-interval is how often the health-check is performed.

Once created you can view the configured health-checks as follows:

root@ilb-ext:~# ilbadm show-hc
HCNAME        TIMEOUT COUNT   INTERVAL DEF_PING TEST
hc-tomcat     2       1       10       Y        /var/hc-script

Nowthat we have a health check, we need to add it to our load balancingrule. Unfortunately, ilbadm doesn't have a command to modify anexisting load balancing rule, so we have to delete it and create itagain:

root@ilb-ext:~# ilbadm delete-rule tomcatrule_rr

We'll create the same rule as before, this time including the health check:

root@ilb-ext:~# ilbadm create-rule -e -p -i vip=10.0.2.20,port=80 -m lbalg=rr,type=HALF-NAT -h hc-name=hc-tomcat -o servergroup=tomcatgroup tomcatrule_rr

Once the new rule is created, the health check goes into effect. You can see the status as follows:

root@ilb-ext:~# ilbadm show-hc-result
RULENAME      HCNAME        SERVERID      STATUS   FAIL LAST     NEXT     RTT
tomcatrule_rr hc-tomcat     _tomcatgroup.0 alive   0    10:39:51 10:40:02 2509
tomcatrule_rr hc-tomcat     _tomcatgroup.1 alive   0    10:39:57 10:40:09 1869

So now, if probe.jsp is showing that you're hitting server 2 and we then disable Tomcat on Server 1:

root@server1-zone:~# svcadm disable tomcat6

Whenyou refresh your browser you will be directed to Server 2. Of course,any state they you may have been maintaining on Server 1 will be lost.You can also see the status as dead using ilbadm show-hc-result:

root@ilb-ext:~# ilbadm show-hc-result
RULENAME      HCNAME        SERVERID      STATUS   FAIL LAST     NEXT     RTT
tomcatrule_rr hc-tomcat     _tomcatgroup.0 dead    4    10:43:36 10:43:45 1102
tomcatrule_rr hc-tomcat     _tomcatgroup.1 alive   0    10:43:42 10:43:53 5919

See Administering Health Checks in ILB for the official documentation.

Thatwas a fair amount of work to configure this environment. Would it beworth providing a VM pre-configured with load balancing for download?

Category: Solaris

Tags: arp ilb ilbadm solaris tomcat zone

Permanent link to this entry | Comments [13]

Wednesday Jul 06, 2011

Two Part Series on Live Upgrade

By bleonard on Jul 06, 2011

What prompted me to write my previous entry, recommended reading, was Bob Netherton's recently published 2 part series on Live Upgrade. Part 1 covers common problems while part 2 introduces survival tips:

• Live Upgrade Part 1: Common Problems
• Live Upgrade Part 2: Survival Tips

Bobplans to update these entries as the topic evolves. However, he mayalso convert them over to a wiki if that makes more sense. Let him know.

Category: Solaris

Tags: live lu upgrade

Permanent link to this entry | Comments [0]

Recommended Reading

By bleonard on Jul 06, 2011

If you're a user of Solaris, there's probably a handful of Solarisblogs that you follow. There's one group of guys that I want to bringyour attention to - the Solaris sales consultants and architects. WhileI sit in my lush corporate office, these guys are out in the fielddealing with customers on a daily basis. Their experience is valuable,and lucky for us, most of them take the time to share what they know.They are:

Bob Netherton
Jeff Savit
Jeff Victor
Jim Laurent
Scott Dickson
Steffen Weiberle

Add these guys to your favorite reader now (just click the  icon) - you'll be a better Solaris user for it.

Category: Solaris

Tags: blogs solaris

Permanent link to this entry | Comments [2]

Monday Jul 04, 2011

Making yourself indispensible with DTrace

By philipto on Jul 04, 2011

DTrace technology and tools appeared in 2005, and despite this, it is still not very well known among majority of developers and system administrators. It is especially surprising given that for five and a half years since the release of Solaris 10, where DTrace was first implemented, it was no better technology made for analyzinig of operating systems and applications.

DTrace was developed by Sun Microsystems, and all of its components were open sourced in 2005. Later DTrace has been ported to Mac OS X, QNX, and FreeBSD, and remained available in all the distributions that have inherited from Solaris: Belenix, Korona, Nexenta, OpenIndiana and Milax. DTrace is a core part of Solaris, and new DTrace probes were introduced in Solaris 11 Express, announced in November 2010.

DTrace is an instrument for system administrators as well as for developers, and DTrace providers enable probes for many languages, including scripting ones such as PHP.

DTrace has several unique features, which can not be found being together in other tools, and in particular DTrace:
1. allows to collect information in the system operating under maximum load in production - with low overhead;
2. collects any information from any part of the system, allowing you to observe applications and the kernel as well;
3. can show which arguments are passed from one function to another, even if one does not have source code for the functions;
4. harvests function calls execution time info, calculates a percentage of time spent to execute each of them, shows how many times each of the functions was called, etc.;
5. filters information in a specified way - for example, lets you restrict the observation scope by an application, a thread, a particular system call, or another specified execution unit;
6. may react to certain events (I/O, call of the given function, the completion of programs, starting a new thread, etc.).
7. has high-level and low-level observation scopes - from observing an internal functioning of a device driver to monitoring certain events in PHP scripts execution or method calls in Java applications.
8. allows call trace, with tracking any of options - a run-time arguments passed, etc.

The main component of DTrace is a kernel module, servicing the whole DTrace sybsystem, and the main tool is dtrace, which accepts scripts written in D, DTrace-specific language with C-like syntax. Actually, the syntax is something between AWK and C syntaxes, and those who like both languages will enjoy most.

In this short article we are not going to dig into details of DTrace implementation; those who are interested in them, can google more details, or read DTrace User Guide at http://download.oracle.com/docs/cd/E19253-01/819-5488/index.html. If you read Russian, you may wish to download Chapter 27 and 28 of the book "Operating System Solaris" (second edition), written by Yevgeny Ilyin and me in 2009. The chapters are available in .pdf in the Internet.

Let's look at some DTrace usage practices. We'll see how the desire to simplify one's life and indulge the laziness influences the system administrator or developer to learn and apply new tools, and how it improves their productivity in times, and applications preformance exponentially.

Once upon a time at OSDevCon conference in Dresden, Chad Mynhier led amaster class on DTrace. He has worked for Forsythe, and the company hasearned a lot doing banking applications optimization. He told us astory of a customer he triumphantly tuned applications for, speedingthem up in one thousand times, and breaking the record of fastestearning a honorarium.

The bank was satisfied with an important application before, but it significantly slowed down with load growth. Bank was planning bigger increase of the load, and situation started to be dangerous, as losses were unacceptable. An analysis of the application with DTrace did not reveal anything special initially, but function calls frequency distribution looked suspicious: gettimeofday() call, returning the current system time, was the most demanded call. Databases often call this function, because they often record a time at which the transaction occurred, but this function is somehow dominated the calls ... Chad located a particular portion of the code in the application using DTrace, where the function was called exteremely often, and it turned out that it was called by developer's mistake in a cycle, which, in turn, was involved in almost every application's transaction.

Probably, gettimeofday() call remained from some sort of debug output, or has been put in a loop by mistake, but anyway, the error was not revealed in the testing phase and it affected the performance when the application's load exceeded a certain level only. Before that, a powerful server was able to handle tens of thousands of gettimeofday() calls in a second.

DTrace is necessary not only to find problems or monitor performance, and I often use DTrace when I'm too lazy to search and read the documentation, or when the documentation is not complete, or documentation and source code are not available, or I need to understand how the application works.

In D scripting language threre is always following syntax:

provider:module:function:probe
/ predicate /
{
actions
}

Provider is a kernel module or an application module, which registers its DTrace probes in the system. For example, the syscall provider registers the probes located in system calls, mysql<mysql-server-PID> provider - do it for probes embedded into MySQL server.
Module is a name of the module or library, for example, libc.
Function is function name, a where probe is located, for example, fopen.

Probe is a probe name (in many cases, the probe is called "entry" or "return").

If the predicate evaluates to true, DTrace performs actions. For example, if it is necessary to do it when the probe was reached while running an application "top" only, the predicate would be

/execname == top /

Actions are the list of statements used to harvest information, display/print it, or do aggregations.

A simple example of how I use DTrace in everyday life: after moving user settings from one computer to another one, a printer stopped working. It was clear that a configuration file has wrong settings for some reason. But which file exactly? There are many of them. I started to look for a suspicious file in  /etc/printers and /etc/lp/*, but it did not give any clue. Then I moved to DTrace. Simple script allows you to look inside of lpstat (the most innocuous of programs working with a printer) and see which files it tries to open:

#lpstat-s
scheduler is running
system default printer: eaqvap21
aqvap21: unknown printer
aqvap21: unknown printer

To run the program and give its PID to a DTrace script one should use -c:

# dtrace-n 'pid $ target:: fopen: entry {printf ("% s", copyinstr (arg0 ));}'-c "lpstat-s"
dtrace: description 'pid$target::fopen:entry ' matched 1 probe
scheduler is running
system default printer: eaqvap21
aqvap21: unknown printer
aqvap21: unknown printer
dtrace: pid 11156 has exited
CPU ID FUNCTION:NAME
0 59882 fopen:entry /etc/default/init
0 59882 fopen:entry /etc/lp/ppd/eaqvap21.ppd
0 59882 fopen:entry /export/home/filip/.printers
0 59882 fopen:entry /export/home/filip/.printers
0 59882 fopen:entry /export/home/filip/.printers
0 59882 fopen:entry /etc/printers.conf
0 59882 fopen:entry /export/home/filip/.printers
0 59882 fopen:entry /etc/printers.conf
1 59882 fopen:entry /etc/nsswitch.conf
1 59882 fopen:entry /export/home/filip/.printers
1 59882 fopen:entry /export/home/filip/.printers
1 59882 fopen:entry /etc/printers.conf

That's all: I forgot that I had to remove .printers file in my home directory:

rm /export/home/filip/.printers

done! Everything works now!

Note: you have to give lpstat's PID to the script because pid provider requires PID of the process we examine, and fopen function can be checked with pid provider only.


Sometimes I use another modification of the script:

pfexec dtrace -n 'syscall:: open *: entry {printf ("% s \ n", copyinstr (arg0 ));}'

This script brings a bunch of data from all system calls that begin with "open", which is inconvenient, but it is easier to remember it and simply to use with already running applications, and information received may be sufficient for analysis.

Finally, for those who debugs Web applications, a script catching SQL-operators before the server executes them can be useful. It allows us to find out exactly which operators are to be executed; it helps if it appears that the script presumably works with the database correctly, but the database returns an unexpected result: it may be that either incorrect SQL expression, or connection is made with wrong database, or a parameter is passed to a DB server with improper syntax (for example, without quotes or with extra quotation marks).

Here is the script:

#!/usr/sbin/dtrace -s
#pragma D option quiet
dtrace:::BEGIN
{
printf("%-20s %-20s %-40s %-9s\n", "Who", "Database", "Query", "Time(ms)");
}
mysql*:::query-start
{
self->query = copyinstr(arg0);
self->connid = arg1;
self->db = copyinstr(arg2);
self->who = strjoin(copyinstr(arg3),strjoin("@",copyinstr(arg4)));
self->querystart = timestamp;
}

mysql*:::query-done
{
printf("%-20s %-20s %-40s %-9d\n",self->who,self->db,self->query,
(timestamp - self->querystart) / 1000000);
}

Running it, we can observe what the server is doing (be careful! There can be a lot of information if the server is heavily loaded with requests!):

$ pfexec ./mysql.d
Who Database Query Time(ms)
root@localhost data SELECT DATABASE() 0
root@localhost test show tables 0
root@localhost test SELECT DATABASE() 0
root@localhost mysql select * from users 0
root@localhost mysql select * from host 0


A time taken for a SQL statement execution can be measured as a difference between triggering query-start and query-done, and DTrace allows to plot the distribution of time among statements. One can find the database calls that take a lot of time, affecting performance of an application. The great advantage of DTrace is that all these measurements can be performed in production, because the overhead of DTrace is minimal and will not interfere with the server.

These examples show that DTrace probes can be put in Solaris applications everywhere. Please, refer to manual for operating system (man) and the documentation for specific applications (such as MySQL server on site mysql.com) to learn which arguments associated with probes can be used as shown above.

In case you wish to familarize with more examples of D-scripts please take a look at:
/opt/DTT/ (scripts are there by default in Solaris 11 Express)
http://blogs.sun.com/brendan/category/DTrace
http://www.brendangregg.com/DTrace/dtrace_oneliners.txt

Before you start playing with dtrace please note that you must have one or more DTrace privileges in the operating system in order to run dtrace, regular users can not use dtrace for security reasons. A system administrator can give a right to use dtrace to a particular user, but it is not done by default. Root has administrative privileges, which is enough to run dtrace.