English - 2

One reoccuring question from customers is „How large should i size the dump device?“. Since Solaris 11.2 there is a really comfortable way to get a number.

I thought i know a lot about Solaris, however today i found out about a feature that is in Solaris i never heard of. It was on an internal discussion alias. Or to be exact ... i think i've read that part of the man page but never connected the dots: Let’s assume you have a set of files in a directory that you shouldn’t delete. It would be nice to have some protection, that a short but fatally placed rm typed under caffeine deprivation doesn't wipe out this important file. It would be nice, that the OS protects you from deleting it except you really, really want it (and thus execute additional steps).

Let’s assume those files are in /importantfiles. You can mark this directory with the nounlink attribute.

root@aramaki:/apps/ADMIN# chmod S+vnounlink .
root@aramaki:/apps/ADMIN# touch test2
root@aramaki:/apps/ADMIN# echo „test“ >> test2
root@aramaki:/apps/ADMIN# cat test2
test
root@aramaki:/apps/ADMIN# rm test2
rm: test not removed: Not owner
root@aramaki:/apps/ADMIN# chmod S-vnounlink .
root@aramaki:/apps/ADMIN# rm test2

If you just want to do it for a single file, this is possible, too

root@aramaki:/apps/ADMIN# chmod S+vnounlink test4
root@aramaki:/apps/ADMIN# rm test4

You can still change the files in the directory. Of course you are still able to write zeros or trash into it and thus removing the content by accident. You can write into the files But even as root, i can’t delete those files without removing this attribute. So you can’t delete this files by accident. Very useful for a broad set of files, for example redo log and datafiles from your database. The obvious requirement: You application shouldn’t delete the files as a regular pattern of operation. Solaris would block you application from doing so.

By the way: Darren Moffat showed how to make a file immutable back in 2008 with the same command, just a different attribute in his blog entry "Making files on ZFS Immutable (even by root!)"

As this event is in Germany and in german language, i will proceed in the respective language:

Am 26. Juni 2015 findet in München ein Business Breakfast statt. Das Thema ist eine Einführung in die Service Management Facility. Anmelden könnt ihr euch unter diesem Link.

Die Service Management Facility (SMF) von Solaris, obschon seit Version 10 enthalten, ist für die meisten Kunden immer noch ein Feld, das recht selten betreten wird und oft mit dem Schreiben eines init.d-Scripts umgangen wird. Dadurch verliert man jedoch Funktionalität. Dieses Frühstück will noch mal die Grundlagen der SMF aufrischen, Neuheiten erläutern, die in SMF dazu gekommen sind, Tipps und Tricks zur Arbeit mit SMF geben und einige eher selten damit in Verbindung gebrachte Features erläutern. So wird auch die Frage geklärt, was es mit dem /system/contract-mountpoint auf sich hat und wie man das dahinterstehende Feature auch ausserhalb des SMF gebrauchen kann.

Insbesondere werde ich auf das neue Solaris 11.2 Feature "SMF-Stencils eingehen", das vielen noch unbekannt ist.

(The event is in german language, so i will continue in german)

Mein Kollege Detlef Drewanz wird am 20. Februar in Berlin im Rahmen der Oracle Breakfasts einen Vortrag zum Thema "Oracle Solaris 11.2 in der Praxis" halten. Themen sind:

• Solaris Virtualisierung - Native Zones, Kernel Zones und deren Positionierung
• Unified Archives für einfaches Disaster Recovery und Cloning
• Umfassendes Security Compliance Checking und Reporting
• IPS und Anderes

Das Event findet im Oracle Customer Visiting Center in der Mitte von Berlin statt. Anmelden könnt ihr euch unter diesem Link. Um zahlreiches Erscheinen wird gebeten

The registration for the "Oracle Solaris TechDay: Sharing Experiences, Engineering Insights and Outlook"-Event is now online. So you can now register for the event. I think it's really interesting in order to learn about the new stuff in Solaris and where the operating environment is heading to.

PS: The headline initially stated "February 13th". This is incorrect. It's January 13th.

I still don't have the registration page for the Solaris Tech Day in Cologne, but my colleague Franz Haberhauer already put the agenda online for the event in the "Solarium Blog", that takes place in the Maritim Hotel Köln (Heumarkt 20, 50667 Köln). The agenda is as following:

Time	Theme
09:00	Registration and Coffee
09:45	Welcome & Introduction Franz Haberhauer, Chief Technologist Markus Flierl, VP Software Development
09:55	OpenStack Eric Saxe, Director Software Development Joost Pronk van Hoogeven, Senior Principal Product Strategy Manager
11:10	Coffee
11:30	Software Defined Networking Jörg Möllenkamp, Senior Account Architect
12:15	Reduce Risk , Deliver Secure Services, and Monitor Compliance with Solaris Security Technologies Darren Moffat, Senior Principal Software Engineer
13:00	Lunch
13:50	Solaris 11.2 Server Virtualization Duncan Hardie, Principal Product Manager Bart Smalders, Senior Principal Software Engineer
14:35	Solaris Data Management – Local and in the Cloud Cindy Swearingen, Product Manager Thomas Nau, University of Ulm
15:20	Coffee
15:40	Solaris 11.2 Provisioning and SMF – Completing the Vision with Unified Archives and First Boot Services Bart Smalders, Senior Principal Software Engineer Liane Praza, Senior Principal Software Engineer
16:25	Oracle Solaris Update and Strategy Markus Flierl, VP Software Development
17:10	Q&A panel - All presenters and Solaris engineers
17:30	End of Public Event Presenters and Engineers Available for Personal Discussions

This should be really an interesting event. So please block January 13th. I will post the link to the registration as soon as the link is operational.

On January 13th, 2015 (yeah, it's really that late in this year that we are talking about schedules in the next year ... time flies like an arrow, fruit flies like a banana) there will be an Solaris Tech Day in Cologne. A number of colleagues from Solaris Engineering and Solaris Product Management are in Germany and thus the opportunity should be used. Just reserve January 13th at the moment, more information will follow. There is a blog entry with a a few additional information in german language in the Solarium Blog.

Roch Bourbonnais started a series of blog articles about changes to ZFS in oder to improve performance with his article "ZFS Performance boosts since 2010". He published a first article out of this series already, it is about reARC , a major rearchitecture of the subystem that manages ZFS in-memory cache along with its interface to the DMU.

A few days ago, Darren Moffat wrote an interesting article about the inclusion of CVE numbers in the IPS packages. You can read the article here. I just want to give a short example by citing Darren. For more information, just go to his blog post.

If we simply want to know if the fix for a given CVE-ID is installed the using 'pkg search -l' with the CVE-ID is sufficent eg:

# pkg search -l CVE-2014-7187
INDEX ACTION VALUE PACKAGE
info.cve set CVE-2014-7187 pkg:/support/critical-patch-update/solaris-11-cpu@2014.10-1

Leider musste ja das Event am 6. November abgesagt werden, weil ich krank wurde. Jetzt daher der Nachholtermin: Am Donnerstag, den 18. Dezember 2014 findet in der Oracle Geschäftsstelle in Hamburg wieder unser Business Breakfast statt. Diesmal steht die Veranstaltung unter dem Motto: "Erste Praxiserfahrungen mit Solaris 11.2". Die Veranstaltung beginnt um 9:30 Uhr und endet gegen 13:30 Uhr.

Ich werde in diesem Vortrag über folgende Bereiche berichten:

• Kernel Zones - erste Praxiserfahrungen
• Einführung in Puppet
• Optimierungen für den Oracle Stack
• Unified Archive

Anmeldungen laufen diesmal etwas anders. Bitte eine eMail an diese Mailaddresse schicken. Das ist ein Weiterleiter an den organisierenden Kollegen, damit dessen Emailaddresse nicht für Spammer spiderbar hier im Artikel steht.

The event tomorrow is canceled because of the illness of the presentator (me, i got a bad cold in my vacation). I will keep you updated about a new schedule.

I'm doing a business breakfast at beginning of November. As this is an event in german language, i will proceed in german language in this announcement.

Am Donnerstag, den 6. November 2014 findet in der Oracle Geschäftsstelle in Hamburg wieder unser Business Breakfast statt. Diesmal steht die Veranstaltung unter dem Motto: "Erste Praxiserfahrungen mit Solaris 11.2".

Ich werde in diesem Vortrag über folgende Bereiche berichten:

• Kernel Zones - erste Praxiserfahrungen
• Einführung in Puppet
• Optimierungen für den Oracle Stack
• Unified Archive

Anmeldungen laufen diesmal etwas anders. Bitte eine eMail an diese Mailaddresse schicken. Das ist ein Weiterleiter an den organisierenden Kollegen, damit dessen Emailaddresse nicht für Spammer spiderbar hier im Artikel steht.

Next week an interesting event takes place in Vienna on October 16th, 2014: "Solaris Lounge: Why Oracle DB 12c runs best on Oracle Systems". I will have two presentations there. The first one is "Why the Oracle Database runs best on SPARC and Solaris" and "LiveDemo: Solaris 11.2 features: Kernel Zones, Unified Archives, SDN, puppet"

Just to cite from the invitation:

This event follows up on the success of the TechDay Vienna event series, this time with emphasis on Oracle Platform advantages for the Oracle Database. We will focus on the practical implementations of the integration between the Database and the Systems layers, discussing the technical background, providing detailed examples as well as live demonstration of the mentioned technologies.

Learn through what methods the right systems and engineering methods can supercharge your environment, find out what unique Oracle Database 12c technologies are available while running Oracle on Oracle, consider virtualization management tools for your IaaS platform and hear customer case studies!

You can view the agenda and the link to register here.

I got quite a number of questions regarding ShellShock (also known as CVE 2014/7169 and CVE-2014-6271) from readers in the last days and what they could do about it. To answer this i would like to point to the official blog entry "Security Alert CVE-2014-7169 Released", which in turn points to the advisory. To highlight the urgency of this alert i would just cite a single sentence of the advisory:

Due to the severity, public disclosure, and reports of active exploitation of CVE-2014-7169, Oracle strongly recommends that customers apply the fixes provided by this Security Alert as soon as they are released by Oracle.

For any further question please contact Oracle Support.