Author: Jem Matzan
Solaris is both the oldest and most modern Unix operating environment, but the previous few releases have been somewhat lacking in innovation. Solaris 10 makes up for that by introducing a wealth of new and innovative features that catapult it out of the traditional proprietary Unix market — where HP, IBM, and SGI live — and into the mainstream server and workstation market — the realm of Microsoft, Novell, and Red Hat.
While I was talking to him about some historical Solaris bugs and if they’ve been fixed in version 10 or before (see below), Bryan Cantrill, one of the engineers responsible for the much acclaimed but seldom properly explained DTrace technology, happened to see a question I had written in my notebook: “Why is Solaris 10 ‘the most advanced operating system ever built’ as claimed by various Sun representatives?”
Upon seeing that, Bryan started talking about DTrace and ZFS, and before he got to Containers, I stopped him. “A couple of good features don’t make a whole OS. What’s the big picture with Solaris 10?” I asked.
“Solaris 10 isn’t just a couple of new things, it’s a collection of great, new, unique features,” he began. Jared Jenson, a consultant who works with Sun products, was also participating in the conversation and took over for Bryan. “For me, as a system administrator, Solaris 10 gives me a lot of what I call ‘quality of life features.’ By that I mean that Solaris makes life a lot better for the guys who have to wear the pagers — you do your work more quickly, more efficiently, you find problems and fix them faster, and then you can go home to your family.”
Here are some of the “quality of life features” in Solaris 10:
- Dynamic Tracing (DTrace), a program and framework with an Awk-like command syntax that allows a sysadmin to quickly examine the behavior of the software environment from userland applications down to the most basic level
- ZFS (formerly known as the Zettabyte File System; the term “zettabyte” has nothing to do with this file system, so its official yet meaningless name is now simply ZFS), which was written from the ground up to accommodate modern storage devices and redundancy solutions
- Solaris Fault Management (also called Predictive Self-Healing), which is an integrated framework and analysis system that monitors data for abnormalities, then can isolate the malfunctioning device that is causing the corrupted data and route around it if possible. Since hardware failures are rarely instantaneous, Solaris Fault Management can detect failing hardware before the results become apparent to users.
- Upgraded security: Instead of offering a separate distribution of Solaris for the Trusted Solaris product, Sun has added 80% of the integrated security features of Trusted Solaris to Solaris 10. Trusted Solaris 10 will still be available as a group of add-on packages to the standard Solaris operating environment.
- Vendor-neutral support offerings: This means that, on the high end of its service plans, Sun will support Solaris, all software written for Solaris natively, and all LSB-compliant Linux binaries that users might run on Solaris 10 through the Linux Application Environment (formerly known as Project Janus).
- Process Rights Management: This is a revised and updated permissions structure that allows specific users to have specific root permissions, so if several admins are controlling individual services on the same server, they can be given complete control over their processes and programs without having full root access to the system.
Let’s look at some of the above features in more detail.
DTrace: More valuable than it may seem
I spoke with the core DTrace developers — Bryan Cantrill, Adam Leventhal, and Mike Shapiro — for about an hour at the Sun launch event, and they gave me a personal demonstration.
Cantrill had given a presentation in which the example situation was a serious network performance problem caused by a couple of users that were running inefficiently written stock ticker programs — which were installed with GNOME by default. While this was an actual real-world example of how DTrace tracked down the problem, a top-notch sysadmin would never allow superfluous and potentially insecure programs in a critical production environment. So how would DTrace help on a more tightly controlled network?
Cantrill opened up his laptop computer, booted a recent development build of the AMD64 edition of Solaris Express, and proceeded with a high-energy demonstration of DTrace. First he showed me some broad DTrace output from the command line; it printed output from the more than 32,000 points of instrumentation (also called probes) that give feedback useful for tracking down problems. A traditional
ps -a command would have shown only userland processes, which were related to the terminal.
“D, the language that DTrace uses, is a lot like Awk,” he said as he opened up vi and created a short script to execute more complex DTrace commands. He then started the FVWM window manager and showed me everything the system does to open an instance of Xterm by adding a few lines to the aforementioned shell script to give DTrace the proper parameters and switches related to finding only Xterm-related activities. Cantrill noticed from the list of processes that data was being written to the disk upon starting Xterm. “That’s unusual,” he said, noting that there should be no reason to write to the disk at all. So he opened up the shell script again and modified it to find out why Xterm was behaving that way and what files it was writing to. The list that DTrace produced showed that the Bash history file was being written to upon launching Xterm — so it turned out to be something perfectly normal. There were a few things that could have caused the disk write operation, and I’m sure if we’d had time to think about it we could have investigated it in the traditional way and found the answer, but DTrace produced specific results in seconds. This was a rather innocuous example because there was no problem to solve, but with some kind of mysterious performance-related problem, someone who knows DTrace could walk into a strange Solaris 10-based environment with machines and configurations he had never seen before and use it to track the problem down.
Granted, if you have to stop and read the manual and learn how to use D first, you’re not going to track anything down quickly. If you already know Awk and are familiar with Solaris, DTrace shouldn’t be very difficult to learn. Once you have even a moderate understanding of DTrace, on a large network with a lot of machines filled with various programs for various purposes, even if nothing seems wrong, you can fine-tune your Solaris environment by identifying inefficiencies.
More information about DTrace can be found at these addresses:
- Solaris Dynamic Tracing Manual, the official, heavily detailed and easy to follow documentation, written by the people who wrote DTrace
- BigAdmin’s DTrace page, a collection of useful DTrace resources
- “Baby’s first DTrace”, Adam Leventhal’s quick DTrace introduction for sysadmins
- Sun’s DTrace discussion forum
Some visualization tools are also in development that use DTrace as a foundation.
Previously, SunOS employed the traditional and reliable but not quite top-performing Unix File System (UFS) as its one and only file system. Every Unix vendor and BSD variant has its own unique implementation of UFS, and few of them are fully compatible with one another. The trouble with UFS is that it is not terribly scalable; you can’t add a hard drive to a RAID array and expect to easily expand your file system’s capacity without losing data.
Rather than attempt to rework UFS to update it (as FreeBSD has, with UFS2), Sun’s engineers designed a completely new file system technology that took into account modern computer hardware.
ZFS combines the functionality of a file system and a volume manager into one package, so it can control multiple disks without any additional software. It can also do more than just read and write blocks, which is the limit of a traditional file system’s control. ZFS creates a “pool” of storage — disks, presumably — and then that storage is used for a dynamic file system when needed. So there is the underlying pool of storage, then on top of that are as many dynamic file systems as you want to create. If you need more space, just add a disk to the pool and you can grow the file system — safely, with only a few commands in the terminal.
ZFS is also 128-bit, which is exponentially more spacious than most modern file systems, which are 64-bit. While it may seem unlikely that your storage needs will exceed the 64-bit limit of 16 exabytes, computer history is replete with examples of people underestimating growth.
The third primary feature of ZFS is its error-correction capabilities. Each write operation writes to a new block before changing the pointers to commit the write, making it possible to “roll back” data to a previous state. ZFS integrates checksums into the file system structure, which means that data corruption is detected immediately. If the file system is mirrored, ZFS can repair the corrupted data by using the mirrored copy without any user intervention.
While not specifically mentioned as a “quality of life feature” in Solaris 10, Containers are still an impressive and useful addition. Like ZFS, Solaris Containers have undergone a name revision; previously they were known alternately as “Zones” and “N1 Grid Containers,” but due to changes in marketing strategy, the feature has been renamed Solaris Containers.
Like BSD jails, Solaris Containers isolate applications and processes from the rest of the system. You can do this for a number of reasons, including security, convenience, and server consolidation. Containers also have superior performance and resource efficiency over a more common alternative, virtual machines, which require an entirely separate instance of the operating system for each virtual unit. Containers use the same kernel and memory that the underlying OS does, and do not reserve any part of these resources. This means that every Container on a system has a single point of failure because they are all using the same kernel. Sun claims that a system can have more than 8,000 Containers, but it’s hard to imagine a scenario in which a number that high would be useful, or a system on which they could run without a significant loss in performance.
Realistically, Solaris Containers are most useful for creating virtual hosts and servers that can perform a variety of separate network tasks in one machine instead of several. You could have your DNS, LDAP, and DHCP servers running in separate Containers, all acting as independent systems. Since each Container can have its own IP address, you could also use Containers for separate hosting accounts on a shared Web server.
New and improved?
Prior to the launch event I got some suggestions from Solaris sysadmins who had specific problems with previous versions of Solaris and had switched to other operating systems where they could. I took the issues mentioned in this SysAdmin to SysAdmin column and the comment attached to it, plus some other notes, and compiled the following list of issues, which several Solaris engineers addressed point by point:
- Solaris is too complex. This was described by the Solaris hackers as being an engineering problem that has been solved by introducing better technology — namely, DTrace to replace other less specific command-line tools, X.org to replace the aging Xsun server, a more streamlined installation procedure, and better documentation. “Documentation is never an afterthought for us,” Cantrill told me.
- If a user belongs to more than 15 groups, the system dies. Cantrill told me that this has long been a tunable parameter in Solaris. “Such that it exists at all, the limitation is due to a protocol restriction in NFS. By default, Solaris is configured to cooperate with other vendors’ NFS implementations — which means setting the number of supplementary groups to 15.”
- NIS netgroups have a size limitation; this forces messy netgroups. This is due to an underlying DBM database issue; the database has a size limit of 1,024 bytes. The best solution is to use LDAP instead.
- If one machine is in two netgroups and both groups have mount privileges, the NFS server crashes. The Solaris engineers tested this and didn’t find the problem; furthermore they had no record of this ever being a bug or problem with any previous editions of Solaris.
- GNOME is poorly implemented. GNOME support has been greatly improved in Solaris 10. The version that ships with the initial release is 2.6.1, and it now uses the Java Desktop System theme by default.
- The version of Netscape included with Solaris is old. Sun has abandoned Netscape in favor of Mozilla.
- Solaris has a poor LDAP implementation. A great deal of work has gone into improving LDAP in Solaris 10. The new implementation is of a much higher quality and has expanded features over previous Solaris implementations.
- If you set up the system to authenticate to NIS, then start LDAP, the system crashes. This bug has been fixed in Solaris 10.
- Solaris is slow. Solaris 10 includes an optimized TCP/IP stack, which now scales much better on multi-CPU systems. Additionally, Solaris 10 has specific performance enhancements for UltraSPARC IIIi and IV systems that can increase performance by as much as 20%.
Solaris 10’s unique features are only useful if the operating system will install and run on your computer. Sun is not known for supporting a lot of x86 hardware, and Solaris 10 does not alter that reputation. You’re pretty much limited to the hardware in the hardware compatibility list; I’ve tried to get several different custom-built systems to work with Solaris Express over the past few months, and none of them has functioned fully, with the usual suspects being ATI video cards and integrated LAN chips. Unlike previous releases, Solaris 10 supports a fairly wide range of UltraSPARC hardware — especially systems that use the newer IIIi and IV processors. The 64-bit AMD64 edition of Solaris 10 will not be available for another few months.
Solaris 10 will not tolerate Linux partitions on the same drive, so if you want to dual boot, you’ll need a separate hard drive. Speaking of hard drives, I was not able to get an SATA hard drive to be recognized by Solaris Express 10/04 on any of my test systems. Sun told me that Solaris 10 would eventually have SATA support, but didn’t have specific dates or details on which SATA controllers would be supported.
While Solaris 10’s official release is January 2005, it will not initially ship with ZFS functionality. ZFS instead will be included in the first update.
If you’re using a previous edition of Solaris — especially if you’re using a SPARC-based infrastructure — it makes a lot of sense to upgrade to Solaris 10 if your hardware supports it. To begin with, it’s free of charge to download and use it, so the initial cost is nothing. Considering the potential performance increase and such advanced features as ZFS and DTrace, your benefits could include better data reliability and storage scalability, and the ability to track down and eliminate software problems immediately.
If you’re considering a new operating system for your business, Solaris is definitely a candidate. I’d recommend sticking to the hardware compatibility list, and specifically buying only systems that have been certified to work with Solaris 10.
Many people will wonder, “Is Solaris 10 better than Red Hat Enterprise Server 3, Windows Server 2003, and SUSE Linux Enterprise Server 9?” Under most conditions the answer is yes, thanks to the above-mentioned features that are unique to Solaris 10. While SLES9 has Usermode Linux to do operating system virtualization, it requires assigned system resources and doesn’t offer optimal performance. Solaris Containers require only storage (hard drive) space to work and don’t suck up as much system resources, making this feature more efficient while providing similar functionality. ReiserFS v4 may be a significant step forward for Linux file systems, but looking through the feature list on its Web site, I don’t see anything like the ability to add storage space dynamically or integrated checksums to protect against data corruption. ReiserFS v4 is also not 128-bit, so its ceiling is much lower than that of ZFS. DTrace has no equivalent anywhere, as far as I can tell.
It seems that Solaris 10 is a superior operating environment for servers and some kinds of workstations, and Sun’s support options for it are quite ambitious. The only things that hold it back are restrictive licensing and horrible hardware support, but the licensing will soon change as Solaris goes open source, and hardware support is bound to increase as time goes on.
Originally published on The Jem Report, edited and reprinted with permission.