English

As explained by Gerry Haskins in "Solaris 11 SRU naming convention change" the naming convention for Solaris 11 has been changed. An example: A SRU that would be called "Oracle Solaris 11.1 SRU 6.4" in the past, will carry the name "Oracle Solaris 11.1.6.4.0" now.

One of the lesser known features of useradd command is the ability to set defaults for the creation of users, nevertheless is featured prominently on the man page.

Just in case that you are thinking that data-storing dust is more reliable in a failure situation than rotating rust: "Understanding the Robustness of SSDs under Power Fault". This is one reason why creating enterprise-class flash and using it requires careful engineering and testing.

A while ago i wrote in "How to get Solaris 11 VNICs in a Virtualbox VM to work - kind of ..." about a trick to get vNICs to work in Virtualbox. For Oracle VM for SPARC there is now an offical way get a vNIC working on a vNet, something that wasn't possible before. So no need for tricks. My colleague Jeff Savit writes in his blog:

This restriction is eliminated in the latest version of Oracle VM Manager for SPARC, 3.0.0.2. In order to make use of this feature, you must run Solaris 11.1 in both the control domain and guest. The control domain must be running SRU4 or later, since the 3.0.0.2 ldomsmanager package is delivered with that SRU.

However he does not only shared the good news, but also describes how to configure it in his article "vNICs on vNets now available"

A nice explanation how to use OpenLDAP as a name service directory and enabling the administration of the content of the directory (in order to make useradd -S ldap work) in Solaris 11: "Getting Started with OpenLDAP"

Update: "Adding Users with OpenLDAP" gives some additional information in regard of adding users.

SPARC T5 and M5 had also a large impact on the work of the solaris development. Steven Sistare just started a series of article explaining the steps how to scale Solaris to a system with 1536 CPUs or 32 TB of main memory. Two blog entries found their way into his blog so far:

• Massive Solaris Scalability for the T5-8 and M5-32, Part 1 - an introduction
• Massive Solaris Scalability for the T5-8 and M5-32, Part 2 - focused on virtual memory and resource limits.

Hai-May Chao created a nice tutorial on the task how to use certificates for SSH authentication: "How to Set Up X.509 Support for SunSSH on Oracle Solaris 11"

I've got quite a number of tweets and mails with the question "But is zfs scrub" not something like fsck. And the answer is "Well ... no".

• It's zpool scrub, not zfs scrub. So it can't be a fsck. Perhaps it's a pock, but not fsck
  (Okay, that's a really lame argument. )
• Scrub is not part of the ZFS Posix layer, the entity that let you access a zpool with the semantics of a filesystem. It's done much deeper in ZFS and while it's following a tree there, this tree has nothing to do with your filesystem structure.
  (Ah, not much better reasoning.)
• You don't run zfs scrub on a unimportable pool, you run run zpool clear -F, which starts the txg rollback to make the pool importable again.
  (Don't know if this one is more convincing)
• A scrub works as well on a ZFS Emulated Volume.It can't do a filesystem check on it. Obviously, as Solaris has no idea for example how to check a ext2 file system that you are writing via iSCSI into a zvol. However the scrub has still to work.
  (Perhaps a little better.)
• I've got one tweet saying that it finds silent corruption in the data, thus it's a filesystem check. What I find interesting about this, is the point that this definition would exclude other fsck from being fsck, as they just check the validity of the metadata and not the validity of the data. zpool scrub is a data validity checker, not a filesystem checker. It checks if you are reading the data from a location that you have once written to this location. Whatever this data is. As far as i understand the source, it even doesn't understand the concept of "filesystems" at all.
• What is zpool scrub? It is not much more than reading everything. However the repair mechanism is the same as the one when you read a block and the checksum on-disk doesn't match the checksum computed. The scrub has no own repair code. In the case an error is detected , for example for RAID1 the known good copy is written in the place of the bad copy. Whereas the repair while normal reading is more or less accidental (you've stumbled over an error and reading at one location doesn't mean that other locations are correct, you have to check all locations to be sure). Scrub is the forced search for such incorrectnesses on all copies of a block stored in a pool. With a scrub you ensure that all redundancies are correct. At end scrub checks if the data on-disk is still the data you have written once by other means (ZPL or ZVOL) on it. It simply doesn't care about the structure, as it doesn't know about the structure. It's like memory scrubbing or RAID scrubbing. When your trigger a scrubbing in your RAID array the array gives nothing what's on it.

So, no zfs scrub is no fsck, it has a different job. It might look like a fsck, but it isn't. Forget everything how you expect filesystems internals from your pre-ZFS knowledge. I can give just one important advice in regard of understanding ZFS. An advice that was already used on the first presentations about ZFS: Free your mind!

Friday was a day that i called once 10k day. More 10.000 visitors to my blog in one day. Saturday was similar. This surge was create by an link on news.ycombinator.com article i wrote roughly four years ago about ZFS: No, ZFS really doesn't need a fsck.

Just wanted to express that four years later and a lot more experience with ZFS later, 12 years after ZFS saw the light of the word, i'm more of the opinion that ZFS doesn't need a fsck than ever.

I would like to add a comment to the SPARC T5 launch. There are some news outlets that are buying into this per core performance thing that was introduced by a certain blogger working at IBM.

In the very same blog i've read the best argument, why this is total nonsense. Insisting that you computer is better or faster because of the per-core performance is like insisting that a 300hp V6 motor in your car is more powerful than a 550hp V12 motor in another car.

One of the features introduced with 11.1 is the Address Space Layout Randomization (ASLR) . And when you work with 11.1 you are already using it. So it's a less known, but frequently used feature: less known in the point that it exists, less known in the point of the methods to control it, frequently used as it's activated per default for selected binaries (and many were selected)

With the announcement of SPARC T5 and SPARC M5 a lot of benchmarks were mentioned. I won't repeat all of them here, however i would like to point you to the BestPerf blog, which has a long lists of benchmarks related to the announcement.

T5

• SPARC T5-8 Produces TPC-C Benchmark Single-System World Record Performance
• SPARC T5-8 Delivers SPECjEnterprise2010 Benchmark World Record Performance
• SPARC T5-2 Achieves SPECjbb2013 Benchmark World Record Result
• SPARC T5-8 Realizes SAP SD Two-Tier Benchmark World Record for 8 Chip Systems
• SPARC T5 Systems Deliver SPEC CPU2006 Rate Benchmark Multiple World Records
• SPARC T5-2 Achieves JD Edwards EnterpriseOne Benchmark World Records
• SPARC T5-2 Scores Siebel CRM Benchmark World Record
• SPARC T5 Systems Produce Oracle TimesTen Benchmark World Record
• SPARC T5-8 Delivers Oracle OLAP World Record Performance
• SPARC T5-2 Achieves ZFS File System Encryption Benchmark World Record
• SPARC T5-2 Obtains Oracle Internet Directory Benchmark World Record Performance
• SPARC T5-2 Scores Oracle FLEXCUBE Universal Banking Benchmark World Record Performance
• SPARC T5-2 Performance Running Oracle Fusion Middleware SOA
• SPARC T5-1B Performance Running Oracle Communications ASAP

M5

• SPARC M5-32 Produces SAP SD Two-Tier Benchmark World Record for SAP Enhancement Package 5 for SAP ERP 6.0

The "Oracle Processor Core Factor Table" has been updated in order to include SPARC T5 and M5: It's 0.5 for both.

Glenn Faden strikes again: In the article "Oracle Solaris Extended Policy and MySQL" he describes, how to use the Extended Policy feature to lock down the mysql service.

Glenn Faden wrote a really great article about the sandboxing of applications with privileges: Application Containment via Sandboxing. Worth a read.